hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
004147a22f add change note 2021-02-11 17:54:53 +01:00
Arthur Baars
f9e9dc2304 Address comment 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-02-11 17:53:28 +01:00
Erik Krogh Kristensen
6f405635ef add ClientRequest model for apollo-client 2021-02-11 17:49:44 +01:00
Mathias Vorreiter Pedersen
91627cbd88 C++: Add models for BSD-style send and recv functions. 2021-02-11 17:21:32 +01:00
Arthur Baars
c4e2c87d82 AST: some statement tests 2021-02-11 17:20:11 +01:00
Arthur Baars
d42b6b651e AST: rename ExprSequence to StmtSequence 2021-02-11 17:20:10 +01:00
Arthur Baars
fd6aeba9f5 AST: make Expr extend Stmt 2021-02-11 17:20:10 +01:00
Arthur Baars
f02d4a977d AST: some statement tests 2021-02-11 17:20:10 +01:00
Arthur Baars
d02d359c51 Merge pull request #122 from github/constants_scopes 
Rework handling of scope resolution nodes, and add `ConstantAccess` class
 2021-02-11 17:19:47 +01:00
Geoffrey White
21b2999722 C++: Update StdSet.qll. 2021-02-11 16:01:55 +00:00
Geoffrey White
33b5802ff6 C++: Update StdPair.qll (just for consistency). 2021-02-11 16:01:44 +00:00
Arthur Baars
ada652b6f0 Merge branch 'main' into constants_scopes 2021-02-11 17:00:50 +01:00
Nick Rolfe
885137dca2 Simplify representation of calls that use scope resolution operator. 
Now, `Foo::bar` is a call where the receiver expr is `Foo`.
 2021-02-11 15:29:42 +00:00
Erik Krogh Kristensen
fd46b7a7bc fix type in change-note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-11 16:17:26 +01:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Taus Brock-Nannestad
4c66071f5f Python: Revert "Python: Support moduleImport("dotted.name") in API graphs" 
This reverts commit 2c4a477a4e.

It's probably best _not_ to do this, as any `getMember` cycle in the
API graph will lead to nontermination.
 2021-02-11 16:08:28 +01:00
Taus Brock-Nannestad
ea30598a08 Python: Split dotted names more efficiently 2021-02-11 16:07:39 +01:00
Arthur Baars
f8ce7276a3 Merge pull request #123 from github/aibaars/ast-ensure 
AST: ensure and else blocks
 2021-02-11 15:17:30 +01:00
Arthur Baars
a908f2fe86 Merge pull request #121 from github/aibaars/dataflow-2 
Dataflow: identify ReturnNodes
 2021-02-11 15:10:27 +01:00
Jonathan Leitschuh
35e2ceba13 Update java/ql/src/semmle/code/xml/MavenPom.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-02-11 08:59:02 -05:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Arthur Baars
426bf30822 AST: ensure and else blocks 2021-02-11 14:27:23 +01:00
Arthur Baars
4f3412fff9 Address comments 2021-02-11 13:46:34 +01:00
Nick Rolfe
23998e5f99 Accept CFG test changes 
Some generated ScopeResolution nodes are no longer represented in the
user-facing AST. These should go away when we port the CFG to the
user-facing AST.
 2021-02-11 12:38:13 +00:00
Erik Krogh Kristensen
f12c38425f add change-note 2021-02-11 13:36:53 +01:00
Erik Krogh Kristensen
3ee0029cd8 Update javascript/change-notes/2021-02-08-xml-parser-taint.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-11 13:33:42 +01:00
CodeQL CI
02578cfff2 Merge pull request #5112 from erik-krogh/forms 
Approved by asgerf
 2021-02-11 04:32:14 -08:00
Nick Rolfe
6ff0ebb94a Add ConstantAccess class 2021-02-11 12:29:25 +00:00
Erik Krogh Kristensen
044f80215e add change note 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
haby0
a6a0fa28c4 *)add XQExpression.executeQuery(0) sink 2021-02-11 16:05:48 +08:00
luchua-bc
f1788ed04e Revamp the query to handle more cases 2021-02-11 04:33:42 +00:00
Marcono1234
2a1c11b517 Improve MavenPom documentation, rename inconsistent predicates 2021-02-10 23:56:45 +01:00
Raul Garcia (MSFT)
ef0d3720a1 Addressing a few comments 2021-02-10 13:39:24 -08:00
Raul Garcia
190164c182 Update csharp/ql/src/experimental/Security Features/campaign/Solorigate/Solorigate.qhelp 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-02-10 13:30:40 -08:00
Artem Smotrakov
af0f361ac8 Updated JexlInjection.ql to check for sandboxes 
- Added a dataflow config to track setting a sandbox
  on JexlBuilder
- Added SandboxedJexl3.java test
 2021-02-10 22:19:45 +01:00
Nick Rolfe
452a343e86 Remove ScopeResolution from AST 
Now we handle it specially in calls and class/module names, so they have
predicate to get the scope expr.
 2021-02-10 17:53:25 +00:00
Arthur Baars
0f6854301e Dataflow: identify ReturnNodes 2021-02-10 18:26:11 +01:00
Arthur Baars
d69aa96f23 More tests 2021-02-10 18:26:11 +01:00
Arthur Baars
6c63bd2586 Merge pull request #120 from github/aibaars/ast 
AST: lambda and block bodies
 2021-02-10 18:25:37 +01:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Rasmus Wriedt Larsen
c57a4df819 Python: Model taint of self.request on django view class 2021-02-10 17:48:48 +01:00
Rasmus Wriedt Larsen
9ca738d921 Python: Add taint test for self.request on django view class 2021-02-10 17:48:41 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Anders Schack-Mulligen
e9bfbb677d Java: Connect the external sources and steps to the defaults. 2021-02-10 17:06:21 +01:00
Anders Schack-Mulligen
5a391ab6c0 Java: Add qldoc. 2021-02-10 16:54:48 +01:00