hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

4694 Commits

Author SHA1 Message Date
yoff
0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 
synced files have changed
 2022-08-25 09:24:05 +00:00
Ian Lynagh
3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
erik-krogh
014dcd1454 fixup a Python query, it didn't select something with a location 2022-08-24 16:23:20 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Ahmed Farid
93257be913 Add Werkzeug source 2022-08-23 12:51:48 +01:00
Ahmed Farid
ee05e2ca76 add x-gitlab-token to sensitive headers 2022-08-23 12:27:20 +01:00
erik-krogh
d96d6721ba change the alert message of unused-local-variable 2022-08-23 11:15:11 +02:00
Erik Krogh Kristensen
7704a9eeac apply suggestions from Python review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-08-23 10:38:10 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
ca299b9dc1 update py/unreachable-statement to match javascript/go 2022-08-22 21:41:47 +02:00
erik-krogh
31e15e27fc update py/unsafe-deserialization to match ruby/javascript/java 2022-08-22 21:41:47 +02:00
erik-krogh
20625ae60d update {js/go/py}/xpath-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh
9395f156de update {js/py}/command-line-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh
2d0a4c3d83 update {go/py}/stack-trace-exposure to match javascript 2022-08-22 21:41:46 +02:00
erik-krogh
3553f3d9b8 update {rb/py/js/go}/path-injection to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
cc41a83a8d update {py/cpp}/commented-out-code to match csharp/java/javascript 2022-08-22 21:41:45 +02:00
erik-krogh
28083ebe09 run the implicit-this patch 2022-08-22 21:23:31 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen
61bf2154cd Merge branch 'main' into shared-http-client-request 2022-08-22 12:05:37 +02:00
Taus
bd45ea94d0 Python: Fix TimingAttackAgainstHash.ql select 2022-08-19 12:31:12 +00:00
Rasmus Wriedt Larsen
47c9c5bddd Ruby: Update RequestWithoutValidation.ql to match Python version 
No library modeling currently has support for the new disablesCertificateValidation/2, so only the alert text has changed

(removed an import from Python so the queries would ACTUALLY match)
 2022-08-18 14:32:41 +02:00
Taus
3d17989107 Python: Fix broken select statement 
Based on the alert description, "message" seemed like a suitable word to
use here.
 2022-08-17 17:09:18 +00:00
Taus
76de2f4203 Python: Remove trailing newlines 
These were causing the autoformatting check to fail. I'm not really sure
how these newlines got introduced. Possibly some editor option or
`git-commit` hook?
 2022-08-17 15:12:51 +00:00
Ahmed Farid
313dbc9120 Autoformat PossibleTimingAttackAgainstSensitiveInfo.ql 2022-08-17 12:59:09 +01:00
Ahmed Farid
9f3de035c7 Autoformat PossibleTimingAttackAgainstHash.ql 2022-08-17 12:57:57 +01:00
Ahmed Farid
cb5331bdd8 Autoformat TimingAttackAgainstHeaderValue.ql 2022-08-17 12:54:34 +01:00
Ahmed Farid
a7dcf96f55 Autoformat TimingAttackAgainstSensitiveInfo.ql 2022-08-17 12:53:07 +01:00
erik-krogh
8066e39d07 delete some redundant imports 2022-08-17 13:50:04 +02:00
Ahmed Farid
9b4d1789b1 Autoformat TimingAttackAgainstHash.ql 2022-08-17 12:49:58 +01:00
Ahmed Farid
b29ca57ce1 Autoformat TimingAttack.qll 2022-08-17 12:46:57 +01:00
Ahmed Farid
5daeea7aeb Adjust the @id property 2022-08-17 12:24:40 +01:00
Ahmed Farid
01828936e2 fix qhelp 2022-08-17 12:19:44 +01:00
Ahmed Farid
10d5ab20f5 fix qhelp 2022-08-17 12:19:02 +01:00
Sid Shankar
1e1e2318b7 Merge pull request #10052 from github/task/fix-broken-links 
Docs: Replace HTTP broken links to equivalent HTTPS resources
 2022-08-16 08:45:08 -04:00
Ahmed Farid
abcfb1cd63 Update TimingAttack.qll 2022-08-16 12:33:19 +01:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Sid Shankar
68d1c2d3e8 Fix link to python requests documentation 
docs.python-requests.org seems to be a suspended domain. The replacement link is to the same Python requests library on readthedocs.io, and points to the ssl-cert-verification section.
 2022-08-15 14:43:28 -04:00
Ahmed Farid
169d27951a Update UnSafeComparisonOfSensitiveInfo.py 2022-08-15 15:19:13 +01:00
Ahmed Farid
dbd6076725 Update SafeComparisonOfSensitiveInfo.py 2022-08-15 15:18:09 +01:00
Ahmed Farid
8ebf428078 Update SafeComparisonOfSensitiveInfo.py 2022-08-15 15:15:24 +01:00
Ahmed Farid
054e0726b0 Update UnsafeComparisonOfHeaderValue.py 2022-08-15 15:13:17 +01:00
Ahmed Farid
c578a34892 Update SafeComparisonOfHeaderValue.py 2022-08-15 15:12:38 +01:00
Ahmed Farid
773bb5fffd Update SafeComparisonOfHeaderValue.py 2022-08-15 14:43:32 +01:00
Ahmed Farid
a724bd1e32 Update UnSafeComparisonOfSensitiveInfo.py 2022-08-15 14:42:17 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Ahmed Farid
0e0c6e08b5 Update TimingAttack.qll 2022-08-15 11:18:31 +01:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00