codeql

mirror of https://github.com/github/codeql.git synced 2026-02-07 18:51:06 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	45753e519f	C++: Fully lock down the join order correctly.	2021-12-17 13:43:56 +00:00
Rasmus Wriedt Larsen	626009ea60	Python: Fix typo	2021-12-17 14:29:38 +01:00
yoff	9866214ebe	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py	2021-12-17 14:26:43 +01:00
Arthur Baars	46144fe0a3	Ruby: InClause and WhenClause are no longer Expr	2021-12-17 14:04:25 +01:00
Arthur Baars	974ad070d1	Revert "Ruby: CFG make in-clause post-order" This reverts commit 1343ed58a21eec2954876d8d42e877a382ba89c8.	2021-12-17 14:04:25 +01:00
Arthur Baars	560413f94a	Address comments	2021-12-17 14:04:25 +01:00
CodeQL CI	39ec7132af	Merge pull request #7049 from asgerf/js/routing-trees Approved by erik-krogh	2021-12-17 12:26:38 +00:00
Tony Torralba	f3819e7b06	Merge pull request #7435 from github/atorralba/log4j-CVE-2021-45046 Java: New sinks for Log4j CloseableThreadContext	2021-12-17 13:19:51 +01:00
Tom Hvitved	77fcb8a18f	C#: Remove unused predicate	2021-12-17 13:14:11 +01:00
Tom Hvitved	e4d9f5f29e	Fix QL doc	2021-12-17 13:14:11 +01:00
Tom Hvitved	a0311609d0	C#: Add missing post-update nodes for reverse array stores `a[i].f = x`	2021-12-17 13:14:11 +01:00
Tom Hvitved	e47e824e16	C#: Restrict `ExplicitParameterNode` to those that belong to unbound callables	2021-12-17 13:14:11 +01:00
Tom Hvitved	4a331814a2	C#: Avoid overlap in `getCSharpType`	2021-12-17 13:14:11 +01:00
Tom Hvitved	f5a47126b1	C#: Fix `DataFlow::Node::getEnclosingCallable` for field initializer expressions	2021-12-17 13:14:11 +01:00
Tom Hvitved	5bdfcc8436	C#: Update QL doc	2021-12-17 13:14:11 +01:00
Tom Hvitved	c13d83ce40	C#: Restrict some call-back flow summaries	2021-12-17 13:14:08 +01:00
Tom Hvitved	0c9ca4546c	C#: Avoid overlap for `()` and `System.ValueTuple` in unification library	2021-12-17 13:13:36 +01:00
Tom Hvitved	7af9d75abc	C#: Add locations for more CIL methods	2021-12-17 13:13:36 +01:00
Tom Hvitved	ab2e0fdb18	Data flow: Sync files	2021-12-17 13:13:36 +01:00
Tom Hvitved	40043f13c6	C#: Enable data-flow consistency queries	2021-12-17 13:13:36 +01:00
Erik Krogh Kristensen	c70a2bebda	Merge pull request #7410 from erik-krogh/erik-krogh/publish-ql-for-ql Add QL for QL	2021-12-17 12:55:25 +01:00
Mathias Vorreiter Pedersen	c1af8b93c2	C++: Better join-order fix.	2021-12-17 11:50:53 +00:00
Arthur Baars	83a8a60676	Ruby: CFG: consistency query to check that Expr nodes are post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	ba89653dff	Ruby: CFG: make RescueClause post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	db4b781fef	Ruby: CFG: make RescueModifier post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	cff63fa7d7	Ruby: CFG: make WhenExpr post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	a9286e897b	Ruby: CFG make in-clause post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	f49605569b	Ruby: CFG make more expressions post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	a4ea7129c2	Ruby: CFG: make 'case' a PostOrder node	2021-12-17 12:21:18 +01:00
Rasmus Wriedt Larsen	83f1b2ca5d	Python: Add SSRF qhelp I included examples of both types in the qhelp of both queries, to provide context of what each of them actually are.	2021-12-17 11:48:26 +01:00
Anders Schack-Mulligen	3adc0b57ed	Merge pull request #7426 from MathiasVP/fix-join-order-in-http-string-literal-charpred C++: Fix join-order in `HttpStringLiteral` charpred	2021-12-17 11:21:38 +01:00
Arthur Baars	96aef9f63f	Merge pull request #7393 from aibaars/ruby-simple-parameter-not-expr Ruby: SimpleParameter should not be an Expr	2021-12-17 10:41:43 +01:00
Asger Feldthaus	89775428b4	JS: Autoformat	2021-12-17 10:32:02 +01:00
Asger Feldthaus	3e6389cad6	JS: Bump extractor version string	2021-12-17 10:32:00 +01:00
Asger Feldthaus	95a93fe033	JS: Change note	2021-12-17 10:31:50 +01:00
Asger Feldthaus	e2c6dd7d56	JS: Recognize {{& ... }} as an XSS sink	2021-12-17 10:31:50 +01:00
Asger Feldthaus	61cc84ba69	JS: Recognize leading/trailing ~ and & in mustache-tags	2021-12-17 10:31:50 +01:00
Asger Feldthaus	ce68a6d1c5	JS: Remove unneeded qualifier in static field access	2021-12-17 10:31:50 +01:00
Rasmus Wriedt Larsen	e7abe43e3e	Python: Add SSRF change-note	2021-12-17 10:04:55 +01:00
Tom Hvitved	734bfbd7ae	Merge pull request #7433 from github/workflow/coverage/update Update CSV framework coverage reports	2021-12-17 09:52:36 +01:00
Rasmus Wriedt Larsen	e309d8227c	Python: Remove debug predicate Accidentally committed :\|	2021-12-17 09:44:35 +01:00
Tony Torralba	6f2d91a8ad	Sinks for CloseableThreadContext	2021-12-17 09:17:04 +01:00
Mathias Vorreiter Pedersen	d840796494	C++: Fix join-order in 'phi_node' predicate.	2021-12-17 07:50:04 +00:00
github-actions[bot]	6c57cbba2b	Add changed framework coverage reports	2021-12-17 00:09:41 +00:00
Andrew Eisenberg	50ee4ab330	Solorigate: Extract to separate qlpack Extracts solorigate to separate qlpacks in preparation for publishing them to the registry.	2021-12-16 16:09:20 -08:00
Rasmus Wriedt Larsen	1d00730753	Python: Allow `http[s]://` prefix for SSRF	2021-12-17 00:27:18 +01:00
Rasmus Wriedt Larsen	8d9a797b75	Python: Add tricky .format SSRF tests	2021-12-17 00:24:51 +01:00
Rasmus Wriedt Larsen	6f297f4e9c	Python: Fix SSRF sanitizer tests They were very misleading before, because a sanitizer that happened early, would remove taint from the rest of the cases by use-use flow :\|	2021-12-16 23:24:08 +01:00
Rasmus Wriedt Larsen	4b5599fe17	Python: Improve full/partial SSRF split Now full-ssrf will only alert if all URL parts are fully user-controlled.	2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen	cb934e17b1	Python: Adjust SSRF location to request call Since that might not be the same place where the vulnerable URL part is.	2021-12-16 22:48:51 +01:00

... 70 71 72 73 74 ...

34755 Commits