codeql

mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00

Author	SHA1	Message	Date
Artem Smotrakov	6b66323ac3	Simplified JexlInjectionLib.qll and removed LocalUserInput	2021-03-02 21:22:46 +01:00
Robert Marsh	dbd8432884	C++: autoformat	2021-03-02 12:11:12 -08:00
Andrew Eisenberg	9982112b61	Documentation: Update C/C++ Element::fromSource() docs The previous documentation was not correct. This documentation is adapted from File::fromSource().	2021-03-02 08:57:17 -08:00
Aditya Sharad	648910e974	Merge pull request #5285 from adityasharad/actions/docs-review Actions: Add workflow to request docs review	2021-03-02 08:52:32 -08:00
Joe Farebrother	81ff76814f	Remove incorrect expectaton	2021-03-02 16:35:34 +00:00
Francis Alexander	173c4b7f2f	More Play stubs improvements	2021-03-02 20:39:25 +05:30
Mathias Vorreiter Pedersen	eb4f1e1ba0	C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking.	2021-03-02 15:45:40 +01:00
Erik Krogh Kristensen	95a1edcabc	refactor FunctionStyleClass to get a better join-order	2021-03-02 15:22:38 +01:00
Anders Schack-Mulligen	0eb2c06e20	Merge pull request #3945 from porcupineyhairs/structsDevMode Java: Add query to detect Apache Struts enabled Devmode	2021-03-02 15:22:20 +01:00
Erik Krogh Kristensen	4d33407f6c	optimize getACalleeValue	2021-03-02 15:21:36 +01:00
Tamas Vajk	714e1dc686	Add change note	2021-03-02 15:08:07 +01:00
Asger F	919ee38049	Update javascript/ql/src/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-03-02 14:02:35 +00:00
Asger F	6c884f86d2	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-03-02 14:01:59 +00:00
Asger Feldthaus	6e0322dc60	JS: Add DeepResourceExhaustion test	2021-03-02 13:56:43 +00:00
Asger Feldthaus	88e5348da9	JS: Move RemotePropertyInjection test into subfolder	2021-03-02 13:56:39 +00:00
Asger Feldthaus	5d27cd934d	JS: Move Source def into customizations lib	2021-03-02 13:52:33 +00:00
Asger Feldthaus	d916118ea4	JS: Move ExceptionXss source into Xss.qll	2021-03-02 13:16:10 +00:00
Erik Krogh Kristensen	47f4faa4e2	use local dataflow instead of type-inference for `mayHaveBooleanValue`	2021-03-02 14:06:38 +01:00
Erik Krogh Kristensen	ae56285331	use callgraph instead of type-inference for array taint-steps	2021-03-02 14:06:09 +01:00
Erik Krogh Kristensen	b20ce8bfca	use callgraph instead of TypeInference in Testing.qll	2021-03-02 14:04:23 +01:00
Porcuiney Hairs	beb15e27eb	remove tests	2021-03-02 18:13:33 +05:30
Mathias Vorreiter Pedersen	23d3109071	C++: Use taintedWithPath in more tests. This is the predicate that's currently hooked up to the new IR taint tracking library.	2021-03-02 13:40:39 +01:00
Asger Feldthaus	fd9604c5ef	JS: Update expected output for poly ReDoS	2021-03-02 12:39:05 +00:00
Asger Feldthaus	31721b5fe3	JS: Fix missing qldoc	2021-03-02 12:39:05 +00:00
Asger Feldthaus	05594f2936	JS: Change note	2021-03-02 12:39:05 +00:00
Asger Feldthaus	0bd60c1989	JS: Autoformat	2021-03-02 12:39:05 +00:00
Asger Feldthaus	12079cd1e4	JS: Recognize RegExps in JSON schemas	2021-03-02 12:39:04 +00:00
Asger Feldthaus	7afa755597	JS: Add ajv error as source of ExceptionXss	2021-03-02 12:39:04 +00:00
Asger Feldthaus	24199a5499	JS: Add query for resource exhaustion from deep object handling	2021-03-02 12:39:04 +00:00
Asger Feldthaus	b978359803	JS: Add schema validation as TaintedObject sanitizer	2021-03-02 12:39:04 +00:00
Tamas Vajk	fa2f345611	Revert "Simplify MissingCallTarget for calli" This reverts commit `3b82abd7c7`.	2021-03-02 12:58:42 +01:00
Erik Krogh Kristensen	55985c969b	add change note	2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen	ecccb8a409	only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class	2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen	36049f05f8	update Next.js xss example such that the attack is viable	2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen	1f02594ccc	rename and move getAPropertyNameInterpretedAsJavaScriptUrl	2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen	5b5baced9a	add support for replace in Next.js router	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	97032f8627	add ClientSideUrlRedirect sink for Next.js routers	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	a79c30a818	support NextJS API endpoints	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	0e7e3e6178	support Next.js pages that export React components	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	1fdbbb682d	support Next.js page request/response objects	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	a5cf024c9f	add support for getServerSideProps in Next.js	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	af262a035d	add support for getInitialProps in Next.js	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	d63fcaf7f1	add step from `getStaticProps` to the component render function	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	9d7bb57d8a	add parameter values from Next as a RemoteFlowSource	2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen	41a0c0b55e	support React links in `js/client-side-unvalidated-url-redirection`	2021-03-02 12:25:49 +01:00
Francis Alexander	4384f78595	Play stubs improvements, cleanup and return values	2021-03-02 16:50:16 +05:30
CodeQL CI	79839d2304	Merge pull request #5267 from erik-krogh/httpProxy Approved by asgerf	2021-03-02 02:46:50 -08:00
Owen Mansel-Chan	6460ce3f83	Add @codeql-go as code owners for the shared data-flow library files	2021-03-02 10:39:47 +00:00
Anders Schack-Mulligen	b0fa8dfeae	Merge pull request #4214 from porcupineyhairs/springViewManipulation [Java] Add QL for detecting Spring View Manipulation Vulnerabilities.	2021-03-02 11:31:42 +01:00
Mathias Vorreiter Pedersen	6ba35f4aac	C++: Fix function renaming and accept test change.	2021-03-02 11:31:24 +01:00

... 305 306 307 308 309 ...

36554 Commits