hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,698 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Alvaro Muñoz
aa7b87aa33 Update java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:58:27 +01:00
Alvaro Muñoz
b284141a16 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 10:51:07 +01:00
Alvaro Muñoz
436563d914 ChangeNote for new unsafe deserialization sinks 2020-11-04 10:50:50 +01:00
Anders Schack-Mulligen
22b4df0f3c Merge pull request #4512 from luchua-bc/sensitive-broadcast 
Java: Sensitive broadcast
 2020-11-04 10:47:48 +01:00
Alvaro Muñoz
6f78b725e6 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-11-04 10:43:37 +01:00
Anders Schack-Mulligen
14c4d8d565 Java: Add change note for #3812. 2020-11-04 10:15:08 +01:00
Anders Schack-Mulligen
26495225e0 Update java/ql/src/experimental/Security/CWE/CWE-927/SensitiveBroadcast.qhelp 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2020-11-04 10:05:55 +01:00
luchua-bc
3f0cdb6a1a Update qldoc and comments 2020-11-03 19:40:28 +00:00
Tom Hvitved
c5abf29dfc C#: Update flow-summary test 2020-11-03 20:28:42 +01:00
Dave Bartolomeo
4cc9110dbd Fix test expectation 2020-11-03 13:39:33 -05:00
Arthur Baars
b92d789598 Merge pull request #25 from github/printAST 
Implement basic `printAst` query
 2020-11-03 19:13:44 +01:00
Calum Grant
4259c81061 Merge pull request #4599 from github/calumgrant/catchup-1.26 
Catchup 1.26
 2020-11-03 17:16:05 +00:00
Dave Bartolomeo
f0b9794907 Merge remote-tracking branch 'upstream/main' into work 2020-11-03 11:33:44 -05:00
luchua-bc
fa54c23a83 Handle the edge case that an exception is rethrown in a catch clause 2020-11-03 16:31:12 +00:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Tom Hvitved
438b8dd273 C#: Fix typos 2020-11-03 14:57:07 +01:00
Erik Krogh Kristensen
b02004430c prune results that end with newline, where the input cannot contain newlines 2020-11-03 14:48:39 +01:00
Nick Rolfe
41dcb19cd5 Implement basic printAst query 2020-11-03 13:47:54 +00:00
Erik Krogh Kristensen
120faf9d1a add a code injection sink for JSDOM when "runScripts" is set to "dangerously" 2020-11-03 14:29:00 +01:00
Tom Hvitved
f4d1d73bcd C#: Shared interface/implementation for flow summaries 2020-11-03 13:47:28 +01:00
Arthur Baars
65c1f2c359 Merge pull request #20 from github/aibaars/extract-extra 
Extract 'extra' nodes and their subtrees
 2020-11-03 13:45:33 +01:00
Arthur Baars
d7e9178cda Merge pull request #24 from github/gzip 
Add buffered writing and gzip compression for trap files
 2020-11-03 13:45:19 +01:00
luchua-bc
f8fd2ea821 Add qldoc and autoformat query 2020-11-03 12:23:40 +00:00
Rasmus Lerchedahl Petersen
1023b239e4 Python: Simplify doc 2020-11-03 12:10:00 +01:00
yoff
d6a33a1253 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-03 12:04:43 +01:00
yoff
104ff5d217 Merge pull request #4596 from RasmusWL/python-import-customizations 
Python: Import Customizations into python
 2020-11-03 11:49:51 +01:00
Rasmus Lerchedahl Petersen
b71ea40dbd Python: QL doc for Werkzeug 2020-11-03 11:44:48 +01:00
Rasmus Lerchedahl Petersen
1773cc3a38 Python: QL doc for MySQLdb 2020-11-03 11:39:28 +01:00
Rasmus Lerchedahl Petersen
01783acca6 Python: QL doc for RemoteFlowSources 2020-11-03 11:37:34 +01:00
Rasmus Lerchedahl Petersen
f44cbf4b6c Python: QL doc for TypeTracker 2020-11-03 11:32:57 +01:00
Rasmus Lerchedahl Petersen
50eb51b6fe Python: QL doc for StepSummary 2020-11-03 11:30:52 +01:00
Rasmus Lerchedahl Petersen
6103dbcfff Python: QL doc for Node 2020-11-03 11:13:58 +01:00
Rasmus Lerchedahl Petersen
2bb1917733 Python: QlDoc for content 2020-11-03 11:10:33 +01:00
Rasmus Wriedt Larsen
c04e96453d Update ::Range part of CodeQL design patterns 
Co-authored-by: Pavel Avgustinov <54942558+p0@users.noreply.github.com>
 2020-11-03 11:07:11 +01:00
Jonas Jensen
76fd710946 Merge pull request #4571 from MathiasVP/better-syntax-for-false-positives-and-negatives-inline-expectation 
C++/Python: Better syntax for false positives and negatives in inline expectations
 2020-11-03 11:05:21 +01:00
Rasmus Wriedt Larsen
cac336d053 Python: Import Customizations into python 
Using the pattern from JS and Java to make this the _first_ import in `<lang>.qll`
 2020-11-03 10:23:05 +01:00
Arthur Baars
bfc05539ec Update library and dbscheme 2020-11-03 10:07:05 +01:00
Arthur Baars
25205a09a3 Update tree-sitter-ruby 2020-11-03 10:06:59 +01:00
Arthur Baars
dc3459de8e Extract 'extra' nodes and their subtrees 2020-11-03 10:03:11 +01:00
Jonas Jensen
5680b2df13 Merge remote-tracking branch 'upstream/main' into better-syntax-for-false-positives-and-negatives-inline-expectation 
Required fixing up semantic conflicts in tests.

Conflicts:
	python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py
 2020-11-03 09:47:26 +01:00
Anders Schack-Mulligen
89361a3b75 Merge pull request #3812 from luchua-bc/java-android-remote-source 
Java: Add remote source of Android intent extra
 2020-11-03 09:35:40 +01:00
Anders Schack-Mulligen
2971784f9c Dataflow: Add missing qldoc and sync. 2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
1ae76a80aa Dataflow: Fix qldoc. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
Dave Bartolomeo
0d1fbd1bdc Fix annotations 2020-11-02 18:03:40 -05:00
Taus
82f37e97c8 Merge pull request #4595 from tausbn/python-promote-dataflow-libraries 
Python: Promote experimental data-flow libraries
 2020-11-02 23:55:05 +01:00
Dave Bartolomeo
e9d1f0dacf Merge remote-tracking branch 'upstream/main' into work 2020-11-02 17:31:15 -05:00
Taus Brock-Nannestad
69d2d714a2 Python: Update identical-files.json 2020-11-02 23:25:58 +01:00