hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 15:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,693 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
336c0662ef Python: Remove pointless LocalSourceNodes 
This gets rid of a large number of nodes that seemingly have no impact.
 2021-07-01 15:02:31 +00:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Joe Farebrother
1e82c607ef Mark failing tests as missing 2021-07-01 15:29:47 +01:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Chris Smowton
e0a7f6e14f Fix URLClassLoader test 2021-07-01 15:03:38 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c Rename test labels for more clarity 2021-07-01 14:38:20 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
f4a59cc2e3 Convert tainted arrays to arrays of tainted elements in tests 2021-07-01 14:38:19 +01:00
Joe Farebrother
865477d020 Convert android tests to inline expectations 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Rasmus Lerchedahl Petersen
eee56e0156 Python/JS: Make most of the new library private 2021-07-01 15:34:06 +02:00
Chris Smowton
44e8dd9ec5 Add change note 2021-07-01 13:36:00 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors 
Add models for Spring validation.Errors
 2021-07-01 14:29:49 +02:00
Asger Feldthaus
993cc29275 JS: Autoformat 2021-07-01 14:22:44 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
Rasmus Wriedt Larsen
b0309dd321 Python: Limit SensitiveDataSources to prevent _some_ cross-talk 2021-07-01 12:08:12 +02:00
Rasmus Wriedt Larsen
f64e58a21c Python: Fix a QLDoc for SensitiveDataSources 2021-07-01 12:05:59 +02:00
Rasmus Wriedt Larsen
d7e3ebb15c Python: Add tests showing sensitive data cross-talk 2021-07-01 12:05:51 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
ihsinme
02bf800b6d Update FindIncorrectlyUsedSwitch.ql 2021-07-01 08:50:46 +03:00
yo-h
d325d2ae81 Merge pull request #6180 from tamasvajk/fix/coverage-report-search-path 
Upgrade database in coverage report jobs
 2021-06-30 21:00:09 -04:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Rasmus Wriedt Larsen
d9e2f504f8 Python: Fix clear text logging sink 
No need to restrict it to arguments that are calls
 2021-06-30 20:31:17 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00
Alex Ford
7cc6b3a7b0 Merge pull request #224 from github/sqli-override-fp 
rb/sql-injection: fix FPs stemming from not accounting for overridden methods
 2021-06-30 17:20:14 +01:00
Taus
e4af14638b Merge pull request #6175 from yoff/python-port-ReDoS 
Python: port ReDoS queries from Javascript
 2021-06-30 16:26:07 +02:00
Chris Smowton
753c878f48 Also cover jakarta version of javax.json, and some missed methods 2021-06-30 15:04:15 +01:00
yoff
6a77b890af Merge pull request #6155 from RasmusWL/port-cleartext-queries 
Python: Port cleartext queries
 2021-06-30 15:52:34 +02:00
Taus
fc71a648c0 Merge pull request #6092 from RasmusWL/markupsafe-modeling 
Python: Add `MarkupSafe` model
 2021-06-30 15:52:10 +02:00
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans 
Java: Flow summaries for Spring's Bean Properties classes
 2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
b8b6f05603 Merge pull request #6187 from aschackmull/java/perf-fix-variable-getinit 
Java: Fix bad join-order.
 2021-06-30 15:39:00 +02:00
Rasmus Lerchedahl Petersen
a176e6ac30 Python: comment out temporarily unused predicate 2021-06-30 15:28:31 +02:00
Asger Feldthaus
376efaa46c JS: Change note 2021-06-30 15:10:52 +02:00
Asger Feldthaus
780453008a JS: Drive-by fixes in ComposedFunctions.qll 2021-06-30 15:07:59 +02:00
Asger Feldthaus
7e2871bfdf JS: Propagate React components through recompose HOCs 2021-06-30 15:05:28 +02:00
Rasmus Lerchedahl Petersen
45e30b0c06 Python: comment out temporarily unused predicate 2021-06-30 15:04:37 +02:00
Rasmus Lerchedahl Petersen
c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen
651f8abba0 Python: Avoid multiple results for toString 2021-06-30 14:39:49 +02:00
Rasmus Wriedt Larsen
c2708176b1 Python: Support %-style formatting for MarkupSafe 2021-06-30 14:15:41 +02:00
Rasmus Wriedt Larsen
0a4efd0e86 Python: Add %-style formatting tests for MarkupSafe 2021-06-30 14:13:59 +02:00
Rasmus Wriedt Larsen
c84658dff1 Python: Use MethodCallNode for MarkupSafe string-format 2021-06-30 13:58:09 +02:00
Rasmus Wriedt Larsen
d6e8fafdbd Python: Proper sorting in Frameworks.qll 2021-06-30 13:55:26 +02:00