hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

659 Commits

Author SHA1 Message Date
Owen Mansel-Chan
3d9f8d50bc Make InsecureRandomness use new API 2023-08-10 15:48:50 +01:00
Michael B. Gale
87c089e0a8 Make CommandInjection.qll use new API 
The new `edges` and `nodes` sections in the .expected files are because
the PathGraph module was not imported in the tests before, and thus
these query predicates were not in scope.
 2023-08-10 15:48:48 +01:00
Michael B. Gale
957757c271 Make UntrustedDataToUnknownExternalAPI use new API 2023-08-10 15:48:47 +01:00
Michael B. Gale
d6919dd57b Make UntrustedDataToExternalAPI use new API 2023-08-10 15:48:46 +01:00
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
amammad
f79bd2a071 added remote flow sources related to multipart upload, added flag package command line source 2023-08-06 06:49:35 +10:00
amammad
7ce825c5ea convert to module based dataflow 2023-07-31 22:43:45 +10:00
amammad
ab7e797fff it seems that I must use both isSink and isSource with flow states! 2023-07-31 20:00:59 +10:00
amammad
26f1091d5f fix a mistake :( 2023-07-31 19:48:21 +10:00
amammad
56d0254d2b fix ReadAll argumrnt number 2023-07-31 19:37:28 +10:00
amammad
4ee54738fa fix a mistake :( 2023-07-31 19:36:21 +10:00
amammad
260c111932 put comment about detecting https://github.com/advisories/GHSA-jpxj-2jvg-6jv9 2023-07-31 19:32:22 +10:00
amammad
1b598c8683 v1.2 make better sinks 2023-07-31 19:26:18 +10:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
amammad
f1918fb4e0 v1.1 2023-07-31 05:11:09 +10:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Owen Mansel-Chan
374f13e0dc Revert "Go: Fix missing flow through receiver for function variable" 2023-07-20 13:31:14 +01:00
Owen Mansel-Chan
5b0d4ce7cb Merge pull request #13644 from porcupineyhairs/dsnImprove 
Go : Improvements to DSN Injection query
 2023-07-19 16:10:34 +01:00
Owen Mansel-Chan
a3ba74a6a6 Cast to MethodCallNode before calling getReceiver() 
This is not required, because getReceiver is still defined on CallNode,
but is done for consistency.
 2023-07-19 11:17:38 +01:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Maiky
08c54767f2 Correct Ldap Unauth Bind Sink 2023-07-05 17:56:49 +02:00
Porcupiney Hairs
dc0deb5e49 Go : Improvements to DSN Injection query 2023-07-02 17:38:01 +05:30
github-actions[bot]
668aaa2dc8 Post-release preparation for codeql-cli-2.13.5 2023-06-30 08:51:48 +00:00
github-actions[bot]
9d7987f822 Release preparation for version 2.13.5 2023-06-29 09:26:18 +00:00
amammad
fbfc959f82 V1 Bombs 2023-06-25 01:21:09 +10:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
Maiky
d654e98650 Add empty string as source 2023-06-18 22:21:12 +02:00
Tony Torralba
c97868f774 Add change notes 2023-06-16 09:01:02 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Jeroen Ketema
eb62df6ece Go: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:51:29 +02:00
github-actions[bot]
e4be303a23 Release preparation for version 2.13.4 2023-06-08 19:57:37 +00:00
Maiky
1a9bfb38aa Correct barrier 2023-06-05 01:25:17 +02:00
Maiky
bf9d0b93d7 Add Improper LDAP Auth Query (CWE-287) 2023-06-03 23:20:11 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Chris Smowton
99c211955b Hotfix: Go: exclude method receivers from dead-store-of-field query 2023-05-23 14:31:25 +01:00
Chris Smowton
8b28848c82 Merge pull request #13250 from smowton/smowton/hotfix/golang-field-store-varargs-function 
Hotfix: Go: count passing to a vararg function as escaping
 2023-05-23 12:03:48 +01:00
Chris Smowton
d5d56cde5a Dead store of field: count passing to a vararg function as escaping 2023-05-23 10:51:21 +01:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Chris Smowton
ee64ea59e1 Merge pull request #12901 from porcupineyhairs/goDsn 
Go: Add query to detect DSN Injection.
 2023-05-11 22:45:43 +01:00