hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 03:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,692 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
a908f2fe86 Merge pull request #121 from github/aibaars/dataflow-2 
Dataflow: identify ReturnNodes
 2021-02-11 15:10:27 +01:00
Jonathan Leitschuh
35e2ceba13 Update java/ql/src/semmle/code/xml/MavenPom.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-02-11 08:59:02 -05:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Arthur Baars
426bf30822 AST: ensure and else blocks 2021-02-11 14:27:23 +01:00
Arthur Baars
4f3412fff9 Address comments 2021-02-11 13:46:34 +01:00
Nick Rolfe
23998e5f99 Accept CFG test changes 
Some generated ScopeResolution nodes are no longer represented in the
user-facing AST. These should go away when we port the CFG to the
user-facing AST.
 2021-02-11 12:38:13 +00:00
Erik Krogh Kristensen
f12c38425f add change-note 2021-02-11 13:36:53 +01:00
Erik Krogh Kristensen
3ee0029cd8 Update javascript/change-notes/2021-02-08-xml-parser-taint.md 
Co-authored-by: Asger F <asgerf@github.com>
 2021-02-11 13:33:42 +01:00
CodeQL CI
02578cfff2 Merge pull request #5112 from erik-krogh/forms 
Approved by asgerf
 2021-02-11 04:32:14 -08:00
Nick Rolfe
6ff0ebb94a Add ConstantAccess class 2021-02-11 12:29:25 +00:00
Erik Krogh Kristensen
044f80215e add change note 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
haby0
a6a0fa28c4 *)add XQExpression.executeQuery(0) sink 2021-02-11 16:05:48 +08:00
luchua-bc
f1788ed04e Revamp the query to handle more cases 2021-02-11 04:33:42 +00:00
Marcono1234
2a1c11b517 Improve MavenPom documentation, rename inconsistent predicates 2021-02-10 23:56:45 +01:00
Raul Garcia (MSFT)
ef0d3720a1 Addressing a few comments 2021-02-10 13:39:24 -08:00
Raul Garcia
190164c182 Update csharp/ql/src/experimental/Security Features/campaign/Solorigate/Solorigate.qhelp 
Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com>
 2021-02-10 13:30:40 -08:00
Artem Smotrakov
af0f361ac8 Updated JexlInjection.ql to check for sandboxes 
- Added a dataflow config to track setting a sandbox
  on JexlBuilder
- Added SandboxedJexl3.java test
 2021-02-10 22:19:45 +01:00
Nick Rolfe
452a343e86 Remove ScopeResolution from AST 
Now we handle it specially in calls and class/module names, so they have
predicate to get the scope expr.
 2021-02-10 17:53:25 +00:00
Arthur Baars
0f6854301e Dataflow: identify ReturnNodes 2021-02-10 18:26:11 +01:00
Arthur Baars
d69aa96f23 More tests 2021-02-10 18:26:11 +01:00
Arthur Baars
6c63bd2586 Merge pull request #120 from github/aibaars/ast 
AST: lambda and block bodies
 2021-02-10 18:25:37 +01:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Rasmus Wriedt Larsen
c57a4df819 Python: Model taint of self.request on django view class 2021-02-10 17:48:48 +01:00
Rasmus Wriedt Larsen
9ca738d921 Python: Add taint test for self.request on django view class 2021-02-10 17:48:41 +01:00
Jonathan Leitschuh
3b92f97967 Refactor DeclaredRepository to library 2021-02-10 11:41:50 -05:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Anders Schack-Mulligen
e9bfbb677d Java: Connect the external sources and steps to the defaults. 2021-02-10 17:06:21 +01:00
Anders Schack-Mulligen
5a391ab6c0 Java: Add qldoc. 2021-02-10 16:54:48 +01:00
Jonathan Leitschuh
21b6f35ddc Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 2021-02-10 10:52:27 -05:00
Jonathan Leitschuh
49985a77e3 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-10 10:51:37 -05:00
Rasmus Wriedt Larsen
ca0d345987 Django: Model any class used in django route setup as view class 2021-02-10 16:26:25 +01:00
Rasmus Wriedt Larsen
b428945bc2 Django: Fix DjangoRouteHandler char-pred 
Before it the class would contain _all_ functions xD
 2021-02-10 16:21:51 +01:00
Rasmus Wriedt Larsen
78a3206fce Python: Add test with unkown view class in django 2021-02-10 15:56:33 +01:00
Anders Schack-Mulligen
b74911204a Merge pull request #4945 from intrigus-lgtm/java/insecure-jxbrowser 
Java: Insecure JXBrowser
 2021-02-10 15:48:17 +01:00
Rasmus Wriedt Larsen
42eceb80bd Python: Handle view functions with decorators 2021-02-10 15:47:55 +01:00
Erik Krogh Kristensen
f76018c039 add taint step for the markdown-table library 2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen
b4704f7016 add taint-step for the marked library 2021-02-10 14:51:08 +01:00
Arthur Baars
635b6fb45b AST: lambda and brace block bodies 2021-02-10 14:45:14 +01:00
Erik Krogh Kristensen
91f7d33044 add change note 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
d1087d4e41 move sources from XssThroughDom into a customizations file 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
4969a1ef4f add change note 2021-02-10 14:16:31 +01:00