File tree
2,427 files changed
+35437
-8315
lines changed- config
- cpp
- change-notes
- ql
- examples
- lib
- experimental/semmle/code/cpp
- models/interfaces
- rangeanalysis
- extensions
- security
- external
- semmle
- code/cpp
- commons
- unix
- controlflow
- internal
- dataflow
- internal
- tainttracking1
- tainttracking2
- dispatch
- exprs
- headers
- internal
- ir
- dataflow
- internal
- tainttracking1
- tainttracking2
- tainttracking3
- implementation
- aliased_ssa
- constant
- internal
- gvn
- internal
- internal
- internal
- raw
- constant
- internal
- gvn
- internal
- internal
- reachability
- unaliased_ssa
- constant
- internal
- gvn
- internal
- internal
- reachability
- internal
- metrics
- models
- implementations
- interfaces
- padding
- pointsto
- rangeanalysis
- security
- boostorg/asio
- stmts
- valuenumbering
- files
- src
- Likely Bugs/Conversion
- Security/CWE
- CWE-570
- CWE-676
- codeql-suites
- experimental/Security/CWE
- CWE-758
- CWE-783
- test
- experimental/query-tests/Security/CWE
- CWE-758/semmle/tests
- CWE-783/semmle/tests
- library-tests
- clang_ms
- conditions
- dataflow
- fields
- taint-tests
- specifiers2
- templates/instantiations_functions
- unnamed
- query-tests
- Critical/MemoryFreed
- Likely Bugs/Conversion/ImplicitDowncastFromBitfield
- Security/CWE
- CWE-119/semmle/tests
- CWE-190/semmle/tainted
- CWE-570
- csharp
- change-notes
- extractor/Semmle.Extraction.CSharp
- ql
- examples
- lib
- semmle
- code
- asp
- cil
- internal
- csharp
- commons
- controlflow
- internal
- pressa
- dataflow
- flowsources
- internal
- basessa
- rangeanalysis
- tainttracking1
- tainttracking2
- tainttracking3
- tainttracking4
- tainttracking5
- dispatch
- exprs
- frameworks
- microsoft
- system
- codedom
- collections
- data
- diagnostics
- directoryservices
- io
- linq
- net
- runtime
- security
- cryptography
- text
- threading
- web
- ui
- windows
- xml
- test
- metrics
- security
- cryptography
- dataflow
- flowsinks
- flowsources
- xml
- serialization
- dotnet
- files
- src
- Security Features
- CWE-327
- CWE-502
- codeql-suites
- experimental/ir/implementation
- raw
- unaliased_ssa
- semmle/code/csharp
- security/dataflow
- serialization
- test
- library-tests
- dataflow/call-sensitivity
- generics
- query-tests/Security Features
- CWE-327/InsecureSQLConnection
- CWE-338
- CWE-502
- UnsafeDeserializationUntrustedInput
- UnsafeDeserialization
- upgrades/770f844243d5a2282861b33fd201d0a02e3528d9
- docs/codeql
- codeql-cli
- codeql-for-visual-studio-code
- support/reusables
- writing-codeql-queries
- javascript
- change-notes
- extractor
- src/com/semmle
- jcorn
- jsx
- js
- ast
- extractor
- tests
- es2021/output/trap
- excludes
- input
- baz
- f
- output/trap
- generatedcode
- input
- output/trap
- html/output/trap
- ng-templates/output/trap
- node/output/trap
- shebang/output/trap
- ql
- examples
- queries/dataflow/StoredXss
- lib
- semmle
- files
- javascript
- dataflow
- internal
- dependencies
- explore
- frameworks
- AngularJS
- heuristics
- internal
- linters
- meta
- security
- dataflow
- internal
- performance
- src
- Declarations
- Security
- CWE-020
- CWE-022
- CWE-073
- CWE-078
- CWE-079
- CWE-089
- CWE-094
- CWE-116
- CWE-117
- CWE-134
- CWE-200
- CWE-201
- CWE-209
- CWE-312
- CWE-327
- CWE-338
- CWE-346
- CWE-400
- CWE-502
- CWE-506
- CWE-601
- CWE-611
- CWE-640
- CWE-643
- CWE-730
- CWE-754
- CWE-776
- CWE-798
- CWE-807
- CWE-829
- CWE-834
- CWE-843
- CWE-912
- CWE-915
- CWE-916
- CWE-918
- Vue
- codeql-suites
- semmle/javascript
- frameworks
- security/dataflow
- test
- library-tests
- Security/CWE-338
- StringConcatenation
- frameworks
- AngularJS/expressions
- lexing
- parsing
- Templating
- projectA
- src
- views
- subfolder
- subsub
- projectB
- src
- views
- subfolder
- views
- Vue
- query-tests
- DOM
- HTML
- TargetBlank
- Performance/ReDoS
- lib/otherLib
- js/src
- Security
- CWE-022/TaintedPath
- CWE-078
- lib
- CWE-079
- DomBasedXss
- ReflectedXss
- XssThroughDom
- CWE-094/CodeInjection
- CWE-116/IncompleteSanitization
- CWE-915/PrototypePollutingAssignment
- Statements/UselessConditional
- upgrades
- fbd45f6b3c6f79d732d0e30a92ea5cee438a1a3e
- java
- change-notes
- documentation/library-coverage
- ql
- examples
- lib
- config
- external
- semmle
- code
- configfiles
- java
- arithmetic
- comparison
- controlflow
- internal
- unreachableblocks
- dataflow
- internal
- rangeanalysis
- tainttracking1
- tainttracking2
- deadcode
- frameworks
- dispatch
- frameworks
- android
- apache
- camel
- gigaspaces
- google
- guava
- gwt
- j2objc
- jackson
- javaee
- ejb
- jsf
- javase
- play
- spring
- metrics
- struts
- metrics
- security
- xml
- files
- src
- Security/CWE
- CWE-089
- CWE-502
- codeql-suites
- experimental
- Security/CWE/CWE-1204
- semmle/code/java/security
- semmle/code/java/frameworks/apache
- utils
- test
- experimental/query-tests/security/CWE-1204
- library-tests
- fields
- fields
- frameworks
- apache-collections
- guava/generated/cache
- spring/webutil
- query-tests/security
- CWE-079/semmle/tests
- CWE-502
- stubs
- apache-commons-collections4-4.4/org
- apache/commons/collections4
- bag
- bidimap
- iterators
- keyvalue
- map
- multimap
- multiset
- trie
- w3c/dom
- guava-30.0/com/google/common
- base
- cache
- collect
- util/concurrent
- javax-servlet-2.5/javax/servlet
- annotation
- descriptor
- http
- joddjson-6.0.3/jodd/json
- springframework-5.3.8/org/springframework
- http
- server
- web/util
- upgrades
- misc
- legacy-support
- cpp
- csharp
- java
- python
- suite-helpers
- python
- change-notes
- ql
- examples
- lib
- semmle
- crypto
- dataflow
- files
- python
- concepts
- dataflow
- new
- internal
- tainttracking1
- tainttracking2
- tainttracking3
- tainttracking4
- old
- dependencies
- essa
- filters
- frameworks
- internal
- libraries
- objects
- pointsto
- security
- dataflow
- flow
- injection
- internal
- performance
- strings
- templates
- types
- values
- web
- bottle
- cherrypy
- client
- django
- falcon
- flask
- pyramid
- stdlib
- tornado
- turbogears
- twisted
- webob
- xml
- src
- codeql-suites
- experimental
- Security/CWE-943
- examples
- semmle/python
- frameworks
- security/injection
- semmle/python
- frameworks
- security/performance
- test
- experimental/query-tests/Security/CWE-943
- library-tests/frameworks/peewee
- query-tests/Security
- CWE-020-IncompleteHostnameRegExp
- CWE-020-IncompleteUrlSubstringSanitization
- CWE-078-CommandInjection-py2
- CWE-078-CommandInjection
- CWE-079-Jinja2WithoutEscaping
- CWE-079-ReflectedXss
- CWE-089-SqlInjection
- CWE-094-CodeInjection
- CWE-209-StackTraceExposure
- CWE-215-FlaskDebug
- CWE-326-WeakCryptoKey
- CWE-327-InsecureDefaultProtocol
- CWE-327-InsecureProtocol
- CWE-327
- CWE-377-InsecureTemporaryFile
- CWE-502-UnsafeDeserialization
- CWE-601-UrlRedirect
- CWE-730-ReDoS
- CWE-732-WeakFilePermissions
- CWE-798-HardcodedCredentials
- upgrades
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
2,427 files changed
+35437
-8315
lines changedLines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
2 | 3 | | |
3 | 4 | | |
4 | 5 | | |
| |||
Lines changed: 188 additions & 188 deletions
Large diffs are not rendered by default.
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 2 additions & 0 deletions
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
File renamed without changes.
File renamed without changes.
0 commit comments