hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
69dee154f3 Fix PR feedback 2020-10-31 09:03:51 -04:00
luchua-bc
756db4c03a Simplify the query and add more test cases 2020-10-31 01:33:24 +00:00
Taus
ce00d58329 Merge pull request #4584 from yoff/python-subclass-pattern 
Python: Use subclass pattern for Models
 2020-10-31 00:16:22 +01:00
Rasmus Lerchedahl Petersen
ae3227fc33 Python: initial sketch 2020-10-31 00:10:49 +01:00
Rasmus Lerchedahl Petersen
63cbc01c32 Python: Use subclass pattern for Models 2020-10-30 22:29:38 +01:00
CodeQL CI
4a59e69722 Merge pull request #4564 from asgerf/js/react-hooks 
Approved by esbena
 2020-10-30 21:00:31 +00:00
Taus Brock-Nannestad
f903e4ffbe Python: Promote experimental queries 
DO NOT MERGE

Also adds performance fix to `python.qll`.
 2020-10-30 19:40:56 +01:00
Taus
ecc52a1bb9 Merge pull request #4541 from RasmusWL/python-port-reflected-xss 
Python: Port reflected XSS query
 2020-10-30 19:17:33 +01:00
luchua-bc
67af9b0f3e Add comments and update JavaDocs of GenericServlet using the source JAR 2020-10-30 17:05:53 +00:00
Rasmus Lerchedahl Petersen
80360450de Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 17:56:36 +01:00
Dave Bartolomeo
be180aac25 Fixup after merge 2020-10-30 12:52:58 -04:00
Taus
146787bb55 Merge pull request #4539 from yoff/python-port-path-injection 
Python: port path injection
 2020-10-30 17:46:51 +01:00
luchua-bc
93d1393ded Add error-page check 2020-10-30 16:45:56 +00:00
Rasmus Lerchedahl Petersen
ef9999a4a1 Python: fix test annotation 2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen
37ad59a92a Python: subclas of known subclasses 2020-10-30 17:37:54 +01:00
Dave Bartolomeo
ec398b2a67 Merge remote-tracking branch 'upstream/main' into work 2020-10-30 12:36:33 -04:00
yoff
a3cc9b6982 Update python/ql/src/experimental/semmle/python/frameworks/Flask.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-30 17:29:35 +01:00
Cornelius Riemenschneider
310975bf8d Merge pull request #4581 from criemen/printast-stmtpexpr 
C++: Add support for StmtExpr to Print AST.
 2020-10-30 17:29:23 +01:00
Asger Feldthaus
c7667d372e JS: Address review comments 2020-10-30 16:25:30 +00:00
Dave Bartolomeo
42373417e2 Merge from main 2020-10-30 12:02:56 -04:00
Mathias Vorreiter Pedersen
45b24a9bc8 Python: Update inline-expectation tests 2020-10-30 16:53:33 +01:00
Mathias Vorreiter Pedersen
6ac740a490 Python: Sync identical file 2020-10-30 16:53:17 +01:00
Mathias Vorreiter Pedersen
ee77e988b2 C++: Allow strings in inline-expectation tests 2020-10-30 16:49:14 +01:00
Cornelius Riemenschneider
e7d995313e C++: Address review. 2020-10-30 16:30:57 +01:00
Mathias Vorreiter Pedersen
177f94368e C++: Respond to review comments and accept test changes. 2020-10-30 15:59:39 +01:00
Cornelius Riemenschneider
84fe7ba199 C++: Add support for StmtExpr to Print AST. 2020-10-30 15:53:54 +01:00
Cornelius Riemenschneider
d3631d8f2e Merge pull request #4562 from criemen/printast-labels 
C++: Change PrintAST to provide the predicates that can be used to traverse the AST.
 2020-10-30 15:48:46 +01:00
Dave Bartolomeo
36b27add24 Simplify ordering of children with conversions using rank 
In `getChild(int childIndex)`, the actual values of `childIndex` don't matter, as long as they are in the correct order. Rather than doing complicated math to compute the indices for the synthesized `.getFullyConverted()` children, just use the `rank` aggregate to order all children first by whether or not the child is a conversion, then by the original child index.
 2020-10-30 10:00:23 -04:00
Rasmus Lerchedahl Petersen
e7c9bc388b Python: support some custom subclasses 2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen
e69349791a Python: django.http.response.HttpRequest.write 2020-10-30 12:51:23 +01:00
Cornelius Riemenschneider
cf8f802310 C++: Rename predicate. 2020-10-30 12:51:19 +01:00
Cornelius Riemenschneider
ab42ddb0dc C++: Adjust code for the conversions PR, provide correct childIndexes for the new nodes. 2020-10-30 12:48:53 +01:00
Rasmus Lerchedahl Petersen
ffe10d1b7c Python: test HttpResponse.write 2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen
fa3a7e6686 Python: Known subclasses of HttpResponse 2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen
c962377ef4 Python: test for subclasses 2020-10-30 10:37:40 +01:00
Erik Krogh Kristensen
39028f62a3 add test for outDir 2020-10-30 10:37:10 +01:00
Asger Feldthaus
6ab7846e81 JS: Restrict getAContextInput 2020-10-30 09:28:06 +00:00
Jonas Jensen
ba41417d61 Merge pull request #4553 from geoffw0/samateregtests 
C++: Additional pointer tests for DefaultTaintTracking.
 2020-10-30 10:02:11 +01:00
Erik Krogh Kristensen
ebc4856456 detect more expensive regexps in js/polynomial-redos 2020-10-30 09:52:13 +01:00
Tom Hvitved
54e2741064 Merge pull request #4580 from hvitved/csharp/1.26-change-notes 
C#: Convert 1.26 change notes
 2020-10-30 09:17:52 +01:00
Tom Hvitved
6723e5b31c C#: Restrict post-dominance to normal execution 2020-10-30 09:14:12 +01:00
Tom Hvitved
ade8ff9593 C#: Add more CFG tests 2020-10-30 09:14:12 +01:00
Tom Hvitved
91d72945d7 Merge pull request #4568 from hvitved/csharp/cfg/multi-asserts 
C#: Fix CFG for assertions with multiple assertion arguments
 2020-10-30 09:13:38 +01:00
Rasmus Lerchedahl Petersen
08af839757 Python: django.http.response.HttpResponseRedirect 2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen
52be896666 Python: django.http.response.JsonResponse 
It s possible this class is not relevant to XSS
 2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen
0f9b8595d1 Python: rename functions by vulnerability 2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen
97153b56ad Python: add false negatives to test 2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen
262b249e10 Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 00:40:39 +01:00
Rasmus Lerchedahl Petersen
2ca86f5ea7 Python: django.http.response.HttpResponse 2020-10-30 00:22:53 +01:00
Robert Marsh
7e8770d731 C#: Remove reference to InitializeNonLocal in IR 2020-10-29 16:08:23 -07:00