hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 19:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
faad466aa8 JS: Add ScopeKind enum 2021-01-18 12:19:08 +00:00
Asger Feldthaus
07cfceee19 JS: TRAP test for angular templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
3c0867125b JS: Remove FP in TargetBlank 2021-01-18 12:19:08 +00:00
Asger Feldthaus
97f7cb4dc1 JS: Track location information using SourceMaps 2021-01-18 12:19:08 +00:00
Asger Feldthaus
898d22d2f4 JS: Simplify HTML element access 2021-01-18 12:19:08 +00:00
Asger Feldthaus
f24af58a60 JS: Extract mapping from HTML node to parent Expression 2021-01-18 12:19:08 +00:00
Asger Feldthaus
3b666a5646 JS: Extract mapping from TopLevel to parent HTML node 2021-01-18 12:19:08 +00:00
Asger Feldthaus
8848ee2d10 JS: Extract HTML from inline templates 2021-01-18 12:19:08 +00:00
Asger Feldthaus
6bf9345258 JS: Add test for class with locally-unused field 2021-01-18 12:19:08 +00:00
Asger Feldthaus
cc952bd2a4 JS: Reorganize test a bit 2021-01-18 12:19:08 +00:00
Asger Feldthaus
1ab36dc81f JS: Flow through *ngFor loops 2021-01-18 12:19:08 +00:00
Asger Feldthaus
29dd8470d5 JS: Fix offset of *ngFor snippet 2021-01-18 12:18:27 +00:00
Asger Feldthaus
0da207a5f9 JS: Update test with pipes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
d80313be4f JS: Model pipe classes 2021-01-18 12:18:27 +00:00
Asger Feldthaus
debb5691a1 JS: Make PipeRefExpr a SourceNode 2021-01-18 12:18:27 +00:00
Asger Feldthaus
fcb8124376 JS: Expose data flow node for field declaration 2021-01-18 12:18:26 +00:00
Asger Feldthaus
9ee893c9c1 JS: Add data flow steps in Angular2 model 2021-01-18 12:16:13 +00:00
Asger Feldthaus
77fcf3d8a2 JS: Support postfix "!" operator in templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
c08ba1416d JS: Add new SourceType for angular templates 2021-01-18 12:16:13 +00:00
Asger Feldthaus
b1d45a6773 JS: Mark angular pipe refs as incomplete 2021-01-18 12:16:13 +00:00
Asger Feldthaus
4b5a861ee6 JS: Add TopLevelKind enum 2021-01-18 12:16:13 +00:00
Asger Feldthaus
9b99f56d44 JS: isAngularTemplateAttributeName 2021-01-18 12:16:13 +00:00
Asger Feldthaus
ed27c8b13f JS: Add test and fix bug in pipe parser 2021-01-18 12:16:13 +00:00
Asger Feldthaus
16a2a60b9a JS: Add AngularPipeRef 2021-01-18 12:16:13 +00:00
Asger Feldthaus
928a382ad5 JS: Add parser for angular expressions 2021-01-18 12:16:13 +00:00
Asger Feldthaus
3db6069372 JS: Add test for new sink 2021-01-18 10:55:34 +00:00
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00
Asger Feldthaus
ff1d0cc4c7 JS: Recognize DomSanitizer from @angular/core 2021-01-18 10:54:27 +00:00
Rasmus Lerchedahl Petersen
66426bf0cc Python: Add tests for iterable unpacking 
in for-iterations and comprehensions.
 2021-01-18 09:36:13 +01:00
Tamas Vajk
8400a3862b Add DB upgrade folder 2021-01-18 09:19:27 +01:00
Tamas Vajk
ce58514453 Change release note date 2021-01-18 09:19:27 +01:00
Tamas Vajk
c0b31cbfe7 Add new stats file 2021-01-18 09:19:27 +01:00
Tamas Vajk
f235a28295 C# Add relational patterns extraction 2021-01-18 09:19:27 +01:00
Rasmus Lerchedahl Petersen
175e43d6f2 Python: Slight refactor 2021-01-18 09:12:05 +01:00
luchua-bc
048167d39a Revamp the query to reduce FPs introduced by wrapper calls 2021-01-18 04:23:30 +00:00
Artem Smotrakov
7d2d27394b Java: Added a source and a taint step for JexlInjectionConfig 
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
 2021-01-17 22:28:42 +01:00
Artem Smotrakov
99401f6e84 Java: Query for detecting JEXL injections 2021-01-17 14:19:26 +01:00
Rasmus Lerchedahl Petersen
5f189a7e43 Python: Address reviews 2021-01-15 20:18:37 +01:00
Mathias Vorreiter Pedersen
dcbae8b22b Fix code tag. 2021-01-15 19:47:09 +01:00
yoff
1edad03622 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-15 18:50:04 +01:00
Erik Krogh Kristensen
401e516654 update expected output, and update PackageExports test 2021-01-15 17:40:47 +01:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
luchua-bc
3af8773dd6 Add more cases 2021-01-15 16:20:31 +00:00
Erik Krogh Kristensen
26783b6ab0 make getTopmostPackageJSON public again, and update PackageExports test 2021-01-15 16:05:49 +01:00
Tom Hvitved
9a9a57716c C#: Improved extraction of type nullability 2021-01-15 16:01:14 +01:00
Asger Feldthaus
5fa3b17956 JS: Tolerate Angular-specific HTML attribute names 2021-01-15 14:51:10 +00:00
Asger Feldthaus
f33630aab6 JS: Reformat HTMLExtractor 2021-01-15 14:51:10 +00:00
yoff
48910d0597 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-15 14:02:27 +01:00
Erik Krogh Kristensen
1506ac09e5 limit the number of characters produced by getAThreewayIntersect 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
0117a0fac1 specialize the getAValueExportedBy predicate to only topmost package.jsons 2021-01-15 13:54:16 +01:00