File tree
2,136 files changed
+47114
-9213
lines changed- config
- cpp
- change-notes
- ql
- examples
- lib
- experimental/semmle/code/cpp
- models/interfaces
- rangeanalysis
- extensions
- security
- external
- semmle
- code/cpp
- commons
- unix
- controlflow
- internal
- dataflow
- internal
- tainttracking1
- tainttracking2
- dispatch
- exprs
- headers
- internal
- ir
- dataflow
- internal
- tainttracking1
- tainttracking2
- tainttracking3
- implementation
- aliased_ssa
- constant
- internal
- gvn
- internal
- internal
- internal
- raw
- constant
- internal
- gvn
- internal
- internal
- reachability
- unaliased_ssa
- constant
- internal
- gvn
- internal
- internal
- reachability
- internal
- metrics
- models
- implementations
- interfaces
- padding
- pointsto
- rangeanalysis
- security
- boostorg/asio
- stmts
- valuenumbering
- files
- src
- Likely Bugs/Memory Management
- Security/CWE
- CWE-190
- CWE-570
- CWE-676
- codeql-suites
- experimental/Security/CWE
- CWE-561
- CWE-703
- CWE-758
- CWE-783
- test
- experimental/query-tests/Security/CWE
- CWE-561/semmle/tests
- CWE-703/semmle/tests
- CWE-758/semmle/tests
- CWE-783/semmle/tests
- library-tests
- clang_ms
- conditions
- dataflow/taint-tests
- specifiers2
- templates/instantiations_functions
- unnamed
- query-tests
- Critical/MemoryFreed
- Likely Bugs/Memory Management/ImproperNullTermination
- Security/CWE
- CWE-119/semmle/tests
- CWE-190/semmle
- ArithmeticUncontrolled
- ArithmeticWithExtremeValues
- tainted
- uncontrolled
- CWE-570
- csharp
- change-notes
- extractor/Semmle.Extraction.CSharp
- ql
- examples
- lib
- semmle
- code
- asp
- cil
- internal
- csharp
- commons
- controlflow
- internal
- pressa
- dataflow
- flowsources
- internal
- basessa
- rangeanalysis
- tainttracking1
- tainttracking2
- tainttracking3
- tainttracking4
- tainttracking5
- dispatch
- exprs
- frameworks
- microsoft
- system
- codedom
- collections
- data
- diagnostics
- directoryservices
- io
- linq
- net
- runtime
- security
- cryptography
- text
- threading
- web
- ui
- windows
- xml
- test
- metrics
- security
- cryptography
- dataflow
- flowsinks
- flowsources
- xml
- serialization
- dotnet
- files
- src
- Security Features
- CWE-502
- CWE-614
- codeql-suites
- experimental
- Security Features
- CWE-1004
- CWE-614
- dataflow/flowsources
- ir/implementation
- raw
- unaliased_ssa
- semmle/code/csharp
- security/dataflow
- serialization
- test
- experimental/Security Features
- CWE-1004
- CookieHttpOnlyFalseAspNetCore
- CookieBuilder
- NoPolicy
- UseCookiePolicyCallback
- CookieHttpOnlyFalseSystemWeb
- CookieWithoutHttpOnlyAspNetCore
- NoPolicy
- UseCookiePolicyAlways
- UseCookiePolicyCallback
- UseCookiePolicyNone
- CookieWithoutHttpOnlySystemWeb
- ConfigEmpty
- ConfigFalse
- HttpCookiesTrue
- CWE-614
- RequireSSLAspNetCore
- NoPolicy
- UseCookiePolicyAlways
- UseCookiePolicyCallback
- UseCookiePolicyNone
- RequireSSLFalseAspNetCore
- CookieBuilder
- NoPolicy
- UseCookiePolicyCallback
- RequireSSLFalseSystemWeb
- RequireSSLSystemWeb
- ConfigEmpty
- ConfigFalse
- FormsTrue
- HttpCookiesTrue
- library-tests
- dataflow/external-models
- generics
- query-tests/Security Features
- CWE-079
- StoredXSS
- XSS
- CWE-338
- CWE-502
- UnsafeDeserializationUntrustedInput
- UnsafeDeserialization
- resources/stubs
- tools
- upgrades/770f844243d5a2282861b33fd201d0a02e3528d9
- docs/codeql
- codeql-cli
- codeql-for-visual-studio-code
- query-help
- support/reusables
- writing-codeql-queries
- javascript
- change-notes
- extractor
- src/com/semmle/js/extractor
- tests
- es2021/output/trap
- excludes
- input
- baz
- f
- output/trap
- ng-templates/output/trap
- ql
- examples/queries/dataflow/StoredXss
- src
- DOM
- Security
- CWE-020
- CWE-022
- CWE-073
- CWE-078
- CWE-079
- CWE-089
- CWE-094
- CWE-116
- CWE-117
- CWE-134
- CWE-200
- CWE-201
- CWE-209
- CWE-312
- CWE-327
- CWE-338
- CWE-346
- CWE-400
- CWE-502
- CWE-506
- CWE-601
- CWE-611
- CWE-640
- CWE-643
- CWE-730
- CWE-754
- CWE-776
- CWE-798
- CWE-807
- CWE-829
- CWE-834
- CWE-843
- CWE-912
- CWE-915
- CWE-916
- CWE-918
- Vue
- codeql-suites
- semmle/javascript
- dataflow
- frameworks
- heuristics
- security
- dataflow
- performance
- test
- ApiGraphs/spread
- library-tests
- Security/CWE-338
- StringConcatenation
- frameworks
- Angular2
- Vuex
- Vue
- query-tests
- DOM/TargetBlank
- Performance/ReDoS
- lib/otherLib
- js/src
- Security
- CWE-022/TaintedPath
- CWE-079
- DomBasedXss
- ReflectedXss
- XssThroughDom
- CWE-094/CodeInjection
- CWE-116/IncompleteSanitization
- CWE-798
- CWE-915/PrototypePollutingAssignment
- Statements/UselessConditional
- java
- change-notes
- documentation/library-coverage
- ql
- examples
- lib
- config
- semmle
- code
- configfiles
- java
- arithmetic
- comparison
- controlflow
- internal
- unreachableblocks
- dataflow
- internal
- rangeanalysis
- tainttracking1
- tainttracking2
- deadcode
- frameworks
- dispatch
- frameworks
- android
- apache
- camel
- gigaspaces
- google
- guava
- gwt
- j2objc
- jackson
- javaee
- ejb
- jsf
- javase
- play
- spring
- metrics
- struts
- metrics
- security
- xml
- files
- src
- Security/CWE
- CWE-074
- CWE-079
- CWE-094
- CWE-347
- CWE-502
- CWE-749
- CWE-917
- CWE-918
- codeql-suites
- experimental
- Security/CWE
- CWE-074
- CWE-094
- CWE-208
- CWE-347
- CWE-522
- CWE-749
- CWE-917
- semmle/code/java/frameworks
- spring
- semmle/code/java/frameworks/apache
- utils
- test
- experimental
- query-tests/security
- CWE-074-JndiInjection
- CWE-094
- CWE-208
- NotConstantTimeCheckOnSignature
- TimingAttackAgainstSignagure
- CWE-347
- CWE-352
- CWE-522
- CWE-749
- CWE-917
- stubs/groovy-all-3.0.7/groovy
- lang
- util
- library-tests
- dataflow
- taint-jackson
- taintsources
- taint
- fields
- fields
- frameworks
- JaxWs
- apache-collections
- guava/generated/cache
- jackson
- json-java
- play
- spring/webutil
- query-tests/security
- CWE-074
- CWE-079/semmle/tests
- CWE-094
- CWE-311/CWE-319
- CWE-347
- CWE-502
- com
- example
- thirdparty
- CWE-749
- CWE-917
- stubs
- android
- android
- app
- content
- os
- util
- webkit
- com/android/internal
- apache-commons-collections4-4.4/org
- apache/commons/collections4
- bag
- bidimap
- iterators
- keyvalue
- map
- multimap
- multiset
- trie
- w3c/dom
- groovy-all-3.0.7
- groovy
- lang
- util
- org/codehaus/groovy
- ast
- control
- io
- tools/javac
- guava-30.0/com/google/common
- base
- cache
- collect
- util/concurrent
- jabsorb-1.3.2/org/jabsorb
- serializer
- jackson-core-2.12/com/fasterxml/jackson/core
- type
- jackson-databind-2.10/com/fasterxml/jackson
- core
- databind
- jackson-databind-2.12
- com/fasterxml/jackson
- annotation
- core
- databind
- cfg
- jsontype
- json
- javax-servlet-2.5/javax/servlet
- annotation
- descriptor
- http
- joddjson-6.0.3/jodd/json
- json-java-20210307/org/json
- jwtk-jjwt-0.11.2
- io/jsonwebtoken
- impl
- security
- ognl-3.2.14/ognl
- enhance
- shiro-core-1.5.2/org/apache/shiro/jndi
- spring-ldap-2.3.2/org/springframework/ldap/core
- springframework-5.3.8/org/springframework
- http
- server
- web/util
- struts2-core-2.5.22/com/opensymphony/xwork2/ognl
- upgrades
- misc
- legacy-support
- cpp
- csharp
- java
- suite-helpers
- python
- change-notes
- ql
- src
- codeql-suites
- experimental
- Security/CWE-943
- examples
- semmle/python
- frameworks
- security/injection
- semmle/python
- frameworks
- internal
- security/performance
- test
- experimental/query-tests/Security/CWE-943
- library-tests/frameworks/peewee
- query-tests/Security
- CWE-020-IncompleteHostnameRegExp
- CWE-020-IncompleteUrlSubstringSanitization
- CWE-078-CommandInjection-py2
- CWE-078-CommandInjection
- CWE-079-Jinja2WithoutEscaping
- CWE-079-ReflectedXss
- CWE-089-SqlInjection
- CWE-094-CodeInjection
- CWE-209-StackTraceExposure
- CWE-215-FlaskDebug
- CWE-326-WeakCryptoKey
- CWE-327-InsecureDefaultProtocol
- CWE-327-InsecureProtocol
- CWE-327
- CWE-377-InsecureTemporaryFile
- CWE-502-UnsafeDeserialization
- CWE-601-UrlRedirect
- CWE-730-ReDoS
- CWE-732-WeakFilePermissions
- CWE-798-HardcodedCredentials
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
2,136 files changed
+47114
-9213
lines changedLines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
2 | 3 | | |
3 | 4 | | |
4 | 5 | | |
| |||
Lines changed: 166 additions & 165 deletions
Large diffs are not rendered by default.
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
File renamed without changes.
File renamed without changes.
0 commit comments