hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
5d73566859 C#: Add tests for PersistentCookie.ql 2020-12-04 17:14:00 +01:00
Tamás Vajk
4226467556 Merge pull request #4678 from tamasvajk/feature/external-api-untrusted-data 
C#: Add queries to check untrusted data flow to external APIs
 2020-12-04 15:03:09 +01:00
Rasmus Wriedt Larsen
608ce50399 Python: Expose HTTP verbs in HTTP concept 
Let's discuss whether doing it this way is reasonable, since I'm not 100% sure
whether this fits into "concepts" or not.
 2020-12-04 14:04:56 +01:00
Rasmus Wriedt Larsen
c7ab78f8c2 Python: Add modeling of django class based view handlers 
BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and
Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important
question about how to do MRO without points-to :S
 2020-12-04 14:03:59 +01:00
Cornelius Riemenschneider
2ea9b4a62b Merge pull request #4719 from geoffw0/issue84 
C++: Create tests readme.
 2020-12-04 13:49:56 +01:00
Tamas Vajk
aa3ae0f567 Remove calls to deprecated predicates 2020-12-04 13:28:14 +01:00
Jonas Jensen
9cf318b72c C++: Autoformat the new query 
Tweak whitespace, also in the alert message.
 2020-12-04 13:27:07 +01:00
Rasmus Wriedt Larsen
4ead118a31 Python: Add class based route handler in django tests 
Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(
 2020-12-04 13:27:01 +01:00
Tamas Vajk
d55fbc8a05 Add test cases for safe API calls 2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Tom Hvitved
9afce31e92 C#: Add one more CFG test for nested finally blocks 2020-12-04 13:26:00 +01:00
Jonas Jensen
bf88df8134 C++: CRLF -> LF line endings 2020-12-04 13:25:32 +01:00
Tom Hvitved
37f32f4014 C#: Improve join-order in DefaultToString.qll 2020-12-04 13:05:53 +01:00
Rasmus Wriedt Larsen
ffdbecfbb7 Python: Simplify getARouteHandler for Django 2020-12-04 11:29:52 +01:00
CodeQL CI
0f5f0ed99e Merge pull request #4776 from asgerf/js/electron-openshell 
Approved by erik-krogh
 2020-12-04 09:12:44 +00:00
Asger F
22dbaf28ab Merge pull request #4709 from asgerf/js/typescript-4.1 
JS: Support for TypeScript 4.1
 2020-12-04 09:10:14 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Jonas Jensen
b4be72268d Merge pull request #4722 from rdmarsh2/rdmarsh2/cpp/range-analysis-overflow-perf 
C++: Filter out lower bounds on overflowing exprs
 2020-12-04 08:29:21 +01:00
ihsinme
69ed608a11 Update UnsignedDifferenceExpressionComparedZero.ql 2020-12-04 09:47:11 +03:00
Robert Marsh
b45f7846db C++: autoformat 2020-12-03 15:48:42 -08:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Geoffrey White
13d9d5dc45 C++: Use [,] more in general. 2020-12-03 18:50:43 +00:00
Geoffrey White
2a4fba0ff9 C++: Use [,] more in models. 2020-12-03 17:27:31 +00:00
Erik Krogh Kristensen
47488f86b5 update test 2020-12-03 16:58:08 +01:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Asger Feldthaus
20d9848f07 JS: Add test case 2020-12-03 15:08:43 +00:00
Asger Feldthaus
68d2bc861d JS: Update test expectations 2020-12-03 15:01:50 +00:00
Asger Feldthaus
e66a49bea6 JS: Change note 2020-12-03 13:58:40 +00:00
Asger Feldthaus
ec6b8d6d3a JS: Remove old workaround for template literals in import 2020-12-03 13:58:40 +00:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792 JS: Autoformat 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger Feldthaus
9da5c5cc70 JS: Update to TypeScript 4.1.2 2020-12-03 13:58:39 +00:00
Asger F
254072dd6d Merge pull request #4546 from toufik-airane/main 
JS: Add ElectronShellOpenExternalSink class for Electron framework security
 2020-12-03 13:20:46 +00:00
Rasmus Wriedt Larsen
a9ce067e15 Python: Add examples of Path Injection FPs seen 
Not quite sure how to deal with these cases of safe if UNIX-only, otherwise not
safe.

If/when we actually try to deal with these, we also need to figure that
out. We _could_ split this queyr into 3: (1) for path injection on any
platform, (2) path injection on windows, (3) path injection on UNIX. Then
UNIX-only projects could disable the path-injection on windows query. -- that's
my best idea, if you have better ideas, DO tell 👍
 2020-12-03 13:41:55 +01:00
Rasmus Wriedt Larsen
e8f63311ac Python: Model abspath and realpath (for Path Injection) 2020-12-03 13:41:54 +01:00
Rasmus Wriedt Larsen
bd5cf80352 Python: Add Path Injection tests for realpath and abspath 
Not supported currently
 2020-12-03 13:41:53 +01:00
Rasmus Wriedt Larsen
e53ed478ab Python: Highlight os.path.join behavior with absolute paths 2020-12-03 13:41:52 +01:00
Rasmus Wriedt Larsen
4d9f24a24c Python: Rewrite path injection tests 
To match how you would normally structure your application code. In itself not
that important, but makes it easier to add more tests :)
 2020-12-03 13:41:26 +01:00
Tamás Vajk
3eb55ddc0b Merge pull request #4704 from tamasvajk/feature/stats2 
C#: Update DB stats file
 2020-12-03 13:13:43 +01:00
Mathias Vorreiter Pedersen
1142a79ad5 Merge pull request #4766 from criemen/cleanup-flow-tests 
C++: Cleanup data/taint flow tests
 2020-12-03 10:10:39 +01:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Tamás Vajk
04bacf4347 Merge pull request #4760 from tamasvajk/feature/cil-debug-build 
C#: Fix CIL trap file writing in debug mode
 2020-12-02 22:08:22 +01:00
Aditya Sharad
2484941330 Merge pull request #4770 from github/adityasharad/rc/pin-sphinx-version 
Actions: Pin to fixed version of Sphinx Action
 2020-12-02 10:41:36 -08:00
Aditya Sharad
771425e860 Actions: Run query help workflow on PRs that modify it 2020-12-02 10:00:55 -08:00
Aditya Sharad
38ab87e5b1 Actions: Pin to fixed version of Sphinx Action 
Better for security to fix the commit SHA of the external Action, rather than specifying a branch or tag.
 2020-12-02 09:56:25 -08:00
James Fletcher
91c96ada4f Merge pull request #4550 from github/query-help-tests 
[docs] Add new process to generate query help for help site
 2020-12-02 17:46:39 +00:00
CodeQL CI
e266cedc84 Merge pull request #4700 from RasmusWL/python-add-code-injection-FP 
Approved by tausbn
 2020-12-02 16:29:21 +00:00
CodeQL CI
6017f25106 Merge pull request #4740 from RasmusWL/fix-json-modeling 
Approved by tausbn
 2020-12-02 16:29:00 +00:00