hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,689 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen
d9e5d179d2 Python: Minor fix to QLDoc 
and auto-formatting
 2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Arthur Baars
3fb0139430 Protect against flag injection 2021-10-28 09:58:10 +02:00
ihsinme
2574aa8980 Update InsecureTemporaryFile.ql 2021-10-28 10:51:48 +03:00
Rasmus Lerchedahl Petersen
56dab252c9 Python: remove spurious dataflow step 2021-10-28 09:47:04 +02:00
Rasmus Lerchedahl Petersen
cca675a161 Python: Add test for async taint 
(which we belive we have just broken)
 2021-10-28 09:47:04 +02:00
ihsinme
432fc74455 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:37:01 +03:00
ihsinme
235a3ec232 Update InsecureTemporaryFile.qhelp 2021-10-28 10:34:42 +03:00
ihsinme
0addb2d1ea Update IncorrectChangingWorkingDirectory.ql 2021-10-28 10:17:48 +03:00
ihsinme
c3b1d7e5c8 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:17:13 +03:00
ihsinme
1c80f26178 Update ExposureSensitiveInformationUnauthorizedActor.ql 2021-10-28 09:50:41 +03:00
ihsinme
04ee78aecf Apply suggestions from code review 
thanks

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-10-28 09:46:26 +03:00
Tony Torralba
cee80f766f Merge pull request #6983 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-28 08:19:34 +02:00
github-actions[bot]
adfc725225 Add changed framework coverage reports 2021-10-28 00:08:41 +00:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
Nick Rolfe
0d161bec7a Merge pull request #6982 from github/nickrolfe/also-revert-cargo-lock 
Ruby: also revert Cargo.lock
 2021-10-27 20:33:07 +01:00
Erik Krogh Kristensen
96b6f670d9 filter away paths that start with libary inputs and end with a fixed-property write 2021-10-27 21:01:11 +02:00
Erik Krogh Kristensen
78371894f4 update import after rebasing on main 2021-10-27 20:47:06 +02:00
Erik Krogh Kristensen
a9a9e34265 recognize delete expresssions as a sink for js/prototype-polluting-assignment 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
1243c736dd use ConcatenationNode::isCoercion 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
2dedfb302a remove paths without unmatched returns from js/prototype-polluting-assignment 2021-10-27 20:37:42 +02:00
Erik Krogh Kristensen
0c9c9bbde7 detect library input when the arguments object is converted to an array 2021-10-27 20:37:41 +02:00
Erik Krogh Kristensen
fa9e9dd847 split out predicates in ClassifyFiles to avoid unnecessary computations 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
3d124cf95e add change-note 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
d1238dfd8b update alert message to distinguish between library input and remote flow 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
6e183af383 ignore test files for the `prototypeLessObject' predicate 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
e94b0f5913 recognize inclusion based sanitizers for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2a808b2cd6 track taint through string coercions for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2d65aa17db recognize exported functions that use the arguments object 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
78774233c7 add library input as source to js/prototype-polluting-assignment 2021-10-27 20:35:36 +02:00
Erik Krogh Kristensen
0372ccce02 simplify regexp 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-10-27 20:04:24 +02:00
Erik Krogh Kristensen
af64b319ee update documentation strings 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-10-27 19:54:52 +02:00
Nick Rolfe
f557df6c4e Revert "Ruby: update Cargo.lock" 
This reverts commit 0a89028663.
 2021-10-27 18:38:22 +01:00
Nick Rolfe
f1229ff071 Revert "Ruby: update Cargo.lock" 
This reverts commit 7a5e8f1756.
 2021-10-27 18:38:08 +01:00
Arthur Baars
5e2cab4fb1 Split workflow into separate jobs 2021-10-27 19:06:22 +02:00
Erik Krogh Kristensen
71cca6d644 Merge branch 'main' into ldap 2021-10-27 19:06:06 +02:00
Erik Krogh Kristensen
2e912ee28e rename LDAP to Ldap 2021-10-27 19:05:56 +02:00
Erik Krogh Kristensen
c1ab49fe8a rename LDapFilterStep to TaintPreservingLDapFilterStep 2021-10-27 19:05:00 +02:00
jorgectf
350cbb4c5d Polish qhelp and libraries 2021-10-27 18:47:19 +02:00
Geoffrey White
e0e18c6587 C++: Drop the precision tags again, for now. 2021-10-27 17:24:46 +01:00
Shati Patel
c9b50f3c2f Merge pull request #6981 from github/aibaars/ruby-lgtm-links 
Ruby: update lgtm.com query console links
 2021-10-27 17:18:08 +01:00
Arthur Baars
f496336a0d Ruby: update lgtm.com query console links 2021-10-27 18:08:11 +02:00
Nick Rolfe
06303b103f Merge pull request #6979 from github/nickrolfe/revert-crate-updates 
Ruby: revert crate updates
 2021-10-27 16:53:19 +01:00
Nick Rolfe
7a5e8f1756 Ruby: update Cargo.lock 2021-10-27 16:21:33 +01:00
Nick Rolfe
ff7826dd96 Revert "Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator" 
This reverts commit 4cedb43a54.
 2021-10-27 16:21:33 +01:00
Nick Rolfe
fc1f874f92 Revert "Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor" 
This reverts commit e9da027539.
 2021-10-27 16:21:33 +01:00
Nick Rolfe
11154a9409 Ruby: add regex injection query 2021-10-27 15:58:12 +01:00