hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 06:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
e03fe0fcd4 Add ClassifyFiles.ql 2021-09-14 16:30:34 +02:00
Mathias Vorreiter Pedersen
44dca68463 Merge branch 'main' into promote-sql-pqxx 2021-09-14 15:29:37 +01:00
Chris Smowton
406466de9a Simplify specifiesContentType predicate 2021-09-14 15:24:46 +01:00
Mathias Vorreiter Pedersen
adbeba291b Merge pull request #6687 from MathiasVP/fix-fp-in-av-rule-114 
C++: Exclude uninstantiated templates from AV Rule 114.
 2021-09-14 15:24:18 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Anders Fugmann
bc22e0d9aa C++: Update comments on memberMayBeVarSize 2021-09-14 16:04:39 +02:00
Tony Torralba
4e93330cb9 Improved tests 
Note that a FN test case was added
 2021-09-14 15:51:08 +02:00
Benjamin Muskalla
abd770a027 Avoid empty template in test generator 2021-09-14 15:32:12 +02:00
Chris Smowton
a1ad1ddc10 Deprecated and replace uses of old name ServletWriterSource 2021-09-14 14:21:29 +01:00
Rasmus Lerchedahl Petersen
d37c14880f Python: Copy performance fix 2021-09-14 15:15:50 +02:00
haby0
9e63aa9d84 Update query 2021-09-14 21:12:49 +08:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Ethan Palm
c62a21e04f Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-09-14 08:55:46 -04:00
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Tom Hvitved
f4e2c30d86 Merge pull request #291 from github/hvitved/regexp-multiples 
Speedup `RegExp::multiples`
 2021-09-14 14:22:20 +02:00
Tom Hvitved
8ac3dc29e0 Speedup RegExp::multiples 
Use regexps to perform matching to avoid constructing sub strings.
 2021-09-14 13:58:24 +02:00
Rasmus Lerchedahl Petersen
c2d2037726 Python: Add change note and set precision 2021-09-14 13:45:51 +02:00
Tony Torralba
0640b41f00 Adjust tests 2021-09-14 13:44:53 +02:00
Rasmus Wriedt Larsen
8b7fad8595 Merge pull request #6283 from tausbn/python-fix-exceptstmt-gettype 
Python: Fix `ExceptStmt::getType`
 2021-09-14 13:40:33 +02:00
Rasmus Wriedt Larsen
49f5f1e2c2 Merge pull request #6336 from tausbn/python-make-annotated-assignment-a-definitionnode 
Python: Two fixes regarding annotated assignments
 2021-09-14 13:37:53 +02:00
Chris Smowton
6af5c5fc86 Add change note 2021-09-14 12:36:38 +01:00
Chris Smowton
26dbf058c8 Add reverse import from ExternalFlow.qll 2021-09-14 12:35:33 +01:00
Rasmus Lerchedahl Petersen
1c7982b319 Python: Move query tests over 2021-09-14 13:29:21 +02:00
Chris Smowton
fcc0f1d5a7 Expand test to exercise all sinks 2021-09-14 12:27:33 +01:00
Chris Smowton
e439b7d7f8 Remove resource-related sources 
These access application-owned resources AFAICT
 2021-09-14 12:24:27 +01:00
Tony Torralba
b740cf9664 Add change note 2021-09-14 13:16:47 +02:00
Tony Torralba
097927226b Improved heuristics to increase precision 2021-09-14 13:16:47 +02:00
Tony Torralba
f8d1e2ac11 Refactor tests to use InlineExpectationsTest 2021-09-14 13:16:45 +02:00
Tony Torralba
1f7990d6bb Refactor to use ConditionalBypassQuery.qll 2021-09-14 13:16:09 +02:00
Tony Torralba
a484e9fb06 Use RemoteFlowSource instead of UserInput 2021-09-14 13:16:09 +02:00
Rasmus Lerchedahl Petersen
36e27f2aa4 Python: Remove promoted code: 
- queries (`py/regex-injection`)
- concepts (RegexExecution, RegexEscape)
- library models (Stdlib::Re)
 2021-09-14 13:14:16 +02:00
Tom Hvitved
b69033f4ff C++: Upgrade script 2021-09-14 13:14:04 +02:00
Tom Hvitved
6c32b92929 C++: Drop redundant columns from files and folders relations 2021-09-14 13:14:04 +02:00
Tom Hvitved
98a12cef26 Merge pull request #6690 from hvitved/js/files-folders-drop-columns 
JavaScript: Drop redundant columns from `files` and `folders` relations
 2021-09-14 13:13:37 +02:00
Rasmus Lerchedahl Petersen
abbd1d1dc5 Python: Fix errors introduced during port 
testing on a database helps..
 2021-09-14 13:08:21 +02:00
Chris Smowton
104873e8ee Autoformat 2021-09-14 12:07:59 +01:00
Chris Smowton
6811441459 Factor JSF source definitions 2021-09-14 12:07:48 +01:00
Chris Smowton
b7fc068cee Move JSFRenderer.qll to lib 2021-09-14 11:49:01 +01:00
Chris Smowton
023c533745 Combine Servlet and JSF vulnerable writer flow-tracking 
JSP and Servlet already shared this logic; might as well add JSF into the same mechanism.
 2021-09-14 11:48:34 +01:00
Chris Smowton
cb8096f636 Remove JSF XSS Example 
Per previous commit, no need for a top-level JSF example
 2021-09-14 11:47:37 +01:00
Chris Smowton
cca9ad06b4 Remove JSF example 
I don't think we need this: there are lots of possible XSS vectors; we don't need to enumerate every one in the qhelp file.
 2021-09-14 11:47:36 +01:00
Chris Smowton
76e4077b56 Delete unused classes 2021-09-14 11:47:35 +01:00
luchua-bc
24addd5c10 Query to detect XSS with JavaServer Faces (JSF) 2021-09-14 11:47:32 +01:00
Chris Smowton
e92b9cbe99 Improve getAProducesExpr documentation 2021-09-14 11:16:45 +01:00
Harry Maclean
4763312e55 Merge ConditionBlock and BarrierGuard 2021-09-14 11:11:12 +01:00
Benjamin Muskalla
f9918cc63c Test generator uses InlineFlowTest 2021-09-14 11:58:56 +02:00
Rasmus Lerchedahl Petersen
6c82daef3d Python: Move Regexinjection out of experimental 
and fix up structure
 2021-09-14 11:54:59 +02:00
Rasmus Lerchedahl Petersen
3d5192d6d3 Python: Fix typos 2021-09-14 11:54:11 +02:00
Arthur Baars
c2ec6407f5 Add AlertSuppression.ql 2021-09-14 11:53:53 +02:00