File tree
819 files changed
+65082
-48489
lines changed- cpp
- downgrades
- a01d8f91b8d49259e509b574962dec90719f69a6
- dd32242a870867a532bb0b2a88a6a917a5b4c26f
- ql
- lib
- change-notes
- semmle/code/cpp
- controlflow
- internal
- ir
- dataflow/internal
- implementation/aliased_ssa/internal
- rangeanalysis
- upgrades
- 1a4bbe5ded083b9de87911c155fc99ca22ecb0ce
- dd32242a870867a532bb0b2a88a6a917a5b4c26f
- src
- Architecture/Refactoring Opportunities
- Critical
- Security/CWE/CWE-120
- test/library-tests
- dataflow/ir-barrier-guards
- functions/functions
- ir/ir
- proxy_class
- rangeanalysis/SimpleRangeAnalysis
- csharp
- extractor
- Semmle.Extraction.CSharp
- CodeAnalysisExtensions
- Entities
- Expressions
- Types
- Semmle.Extraction.CSharp.DependencyFetching
- ql
- examples/snippets
- lib
- change-notes
- ext
- semmle/code/csharp
- commons
- dataflow
- internal
- dispatch
- exprs
- src
- Bad Practices
- Likely Bugs
- Dynamic
- test
- library-tests
- async
- conversion/boxing
- csharp11
- csharp7.2
- dataflow
- global
- implicittostring
- library
- dispatch
- implements
- implicittostring
- iterators
- security/dataflow/flowsources
- typeparameterconstraints
- unification
- query-tests
- Bad Practices/VirtualCallInConstructorOrDestructor
- Nullness
- Useless Code/RedundantToStringCall
- docs/codeql
- codeql-language-guides
- reusables
- go/ql
- lib
- change-notes
- ext
- test/library-tests/semmle/go
- dataflow/flowsources/local/database
- vendor/github.com
- astaxie/beego/orm
- beego/beego/v2/client/orm
- frameworks/BeegoOrm
- java
- kotlin-extractor/src/main/java/com/semmle/util
- process
- trap/pathtransformers
- ql
- integration-tests/java/javac-tool-custom-file
- lib
- change-notes
- semmle/code/java
- dispatch
- security
- src
- Likely Bugs/Serialization
- Security/CWE/CWE-327
- change-notes
- test
- library-tests/Encryption
- query-tests/security/CWE-327/semmle/tests
- javascript/ql
- examples/queries/dataflow
- BackendIdor
- DecodingAfterSanitization
- EvalTaint
- InformationDisclosure
- StoredXss
- TemplateInjection
- lib
- change-notes
- semmle/javascript
- dataflow
- internal
- explore
- filters
- frameworks
- data/internal
- internal
- flow_summaries
- security
- dataflow
- internal
- regexp
- utils/test
- src
- Performance
- Security
- CWE-020
- CWE-022
- CWE-073
- CWE-078
- CWE-079
- CWE-089
- CWE-094
- CWE-116
- CWE-117
- CWE-134
- CWE-200
- CWE-201
- CWE-209
- CWE-312
- CWE-327
- CWE-338
- CWE-346
- CWE-377
- CWE-400
- CWE-502
- CWE-506
- CWE-601
- CWE-611
- CWE-640
- CWE-643
- CWE-730
- CWE-754
- CWE-770
- CWE-776
- CWE-798
- CWE-807
- CWE-829
- CWE-834
- CWE-843
- CWE-912
- CWE-915
- CWE-916
- CWE-918
- experimental
- Security
- CWE-094-dataURL
- CWE-099
- CWE-340
- CWE-347
- CWE-522-DecompressionBombs
- CWE-918
- CWE-942
- heuristics/ql/src/Security
- CWE-020
- CWE-078
- CWE-079
- CWE-089
- CWE-094
- CWE-117
- CWE-134
- CWE-346
- CWE-400
- CWE-502
- CWE-611
- CWE-643
- CWE-730
- CWE-770
- CWE-776
- CWE-807
- CWE-915
- poi
- meta
- alerts
- analysis-quality
- test
- experimental
- FormParsers
- PoI
- Security
- CWE-094-dataURL
- CWE-099
- EnvValueAndKeyInjection
- EnvValueInjection
- CWE-347
- localsource
- remotesource
- CWE-918
- CWE-942
- library-tests
- Arrays
- Barriers
- Classes
- CustomLoadStoreSteps
- DataFlow
- FlowLabels
- FlowSummary
- Generators
- InterProceduralFlow
- LabelledBarrierGuards
- Promises
- PropWrite
- Routing
- Security/heuristics
- TaintBarriers
- TaintTracking
- TaintedUrlSuffix
- TripleDot
- TypeScript/ImportEquals
- TypeTracking2
- frameworks
- Angular2
- AsyncPackage
- Collections
- ComposedFunctions
- Immutable
- Nest
- Next
- PropertyProjection
- ReactJS
- Redux
- Restify2
- Spife
- Templating
- Vuex
- data
- threat-models/sources
- query-tests
- Security
- CWE-020/UntrustedDataToExternalAPI
- CWE-022
- TaintedPath
- ZipSlip
- CWE-073
- CWE-078
- CommandInjection
- IndirectCommandInjection
- SecondOrderCommandInjection
- ShellCommandInjectionFromEnvironment
- UnsafeShellCommandConstruction
- lib
- CWE-079
- DomBasedXss
- ExceptionXss
- ReflectedXss
- StoredXss
- UnsafeHtmlConstruction
- UnsafeJQueryPlugin
- XssThroughDom
- CWE-089
- local-threat-source
- typed
- untyped
- CWE-094
- CodeInjection
- UnsafeDynamicMethodAccess
- CWE-116/IncompleteSanitization
- CWE-117
- CWE-134
- CWE-200
- CWE-201
- CWE-209
- CWE-312
- CWE-327
- CWE-338
- CWE-346
- CWE-377
- CWE-400
- DeepObjectResourceExhaustion
- ReDoS
- RemovePropertyInjection
- CWE-502
- CWE-506
- CWE-522-DecompressionBombs
- CWE-601
- ClientSideUrlRedirect
- ServerSideUrlRedirect
- CWE-611
- CWE-640
- CWE-643
- CWE-730
- CWE-754
- CWE-770/ResourceExhaustion
- CWE-776
- CWE-798
- CWE-807
- CWE-829
- CWE-834
- CWE-843
- CWE-912
- CWE-915
- PrototypePollutingAssignment
- PrototypePollutingFunction
- PrototypePollutingMergeCall
- CWE-916
- CWE-918
- filters/ClassifyFiles
- tutorials
- Analyzing data flow in JavaScript/Global data flow
- Introducing the JavaScript libraries
- misc/bazel/3rdparty/tree_sitter_extractors_deps
- python/ql
- lib
- change-notes
- semmle/python
- dataflow/new
- internal
- frameworks
- security/internal
- test/library-tests/frameworks/lxml
- ruby/ql/lib
- change-notes
- codeql/ruby
- security/internal
- typetracking
- internal
- rust
- ast-generator
- extractor
- macros
- src
- ql
- lib/codeql/rust
- controlflow
- elements/internal
- generated
- frameworks/rustcrypto
- security
- internal
- src/queries/security/CWE-328
- test
- extractor-tests
- File
- nested
- generated
- FormatArgsExpr
- library-tests
- dataflow
- strings
- taint
- sensitivedata
- variables
- query-tests
- diagnostics
- security/CWE-328
- unusedentities
- schema
- swift/ql/lib
- change-notes
- codeql/swift/security
- internal
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
819 files changed
+65082
-48489
lines changed+72-72
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
+18-18
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
86 | 86 | | |
87 | 87 | | |
88 | 88 | | |
89 | | - | |
| 89 | + | |
90 | 90 | | |
91 | 91 | | |
92 | 92 | | |
| |||
100 | 100 | | |
101 | 101 | | |
102 | 102 | | |
103 | | - | |
| 103 | + | |
104 | 104 | | |
105 | | - | |
106 | | - | |
107 | | - | |
108 | | - | |
109 | | - | |
110 | | - | |
111 | | - | |
112 | | - | |
113 | | - | |
114 | | - | |
115 | | - | |
116 | | - | |
117 | | - | |
118 | | - | |
119 | | - | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
120 | 120 | | |
121 | 121 | | |
122 | 122 | | |
123 | 123 | | |
124 | 124 | | |
125 | 125 | | |
126 | 126 | | |
127 | | - | |
| 127 | + | |
128 | 128 | | |
129 | 129 | | |
130 | 130 | | |
| |||
0 commit comments