hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2 
C++: Add support for createLSParser to the CWE-611 XXE query.
 2022-04-27 16:24:27 +01:00
Geoffrey White
d04078f989 C++: Fix. 2022-04-27 15:45:23 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-27 13:06:02 +01:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00
Geoffrey White
7ce040f331 Merge pull request #8736 from geoffw0/xxe 
C++: New query for CWE-611 / XML External Entity Expansion (XXE)
 2022-04-26 17:21:06 +01:00
Geoffrey White
742949154b C++: Apply code style suggestion. 2022-04-26 16:53:24 +01:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Geoffrey White
d859a91a14 C++: Add support for createLSParser. 2022-04-22 12:24:01 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Geoffrey White
79aba67036 Merge branch 'main' into xxe 2022-04-22 11:50:41 +01:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Porcupiney Hairs
06edb3f3a1 fix formatting issues 2022-04-21 00:23:49 +05:30
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
5698638d1f Apply suggestions from code review (documentation) 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-04-19 13:38:00 +01:00
Geoffrey White
6e184f2438 C++: Rename variables 'a' and 'b'. 2022-04-19 10:57:42 +01:00
Geoffrey White
da38c9041c C++: Improvements from PR comments. 2022-04-19 10:25:00 +01:00
Geoffrey White
50c7e47dd9 C++: Improve QLDoc. 2022-04-19 10:15:12 +01:00
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-19 10:08:07 +01:00
Geoffrey White
2ac21d6932 C++: Use isBarrier rather than isBarrierOut (which is going away). 2022-04-14 09:21:57 +01:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Geoffrey White
2ad81e63a5 C++: Change note. 2022-04-13 16:11:14 +01:00
Geoffrey White
dfd846bb7b C++: Changes to the qhelp. 2022-04-13 15:53:13 +01:00
Geoffrey White
d83aea5ea3 C++: Copy the qhelp from Javascript. 2022-04-13 15:16:01 +01:00
Geoffrey White
b149666f45 C++: Query metadata (precision is provisional, might up it to 'high' later). 2022-04-13 15:15:28 +01:00
Geoffrey White
be0df1662c C++: Rename the query file. 2022-04-13 13:20:02 +01:00
Geoffrey White
ffbe724040 C++: Remove unfinished parts for now. 2022-04-13 13:18:23 +01:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Jeroen Ketema
83d35a9a96 C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection 2022-04-08 11:28:17 +02:00
Geoffrey White
3aaa058308 C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc. 2022-04-07 19:01:30 +01:00
Robert Marsh
3a35a40062 WIP: start on CWE-611 tests 2022-04-06 12:55:56 +01:00
Robert Marsh
370dd057dc C++: more WIP on Xerces XXE query 2022-04-06 12:55:54 +01:00
Robert Marsh
9b6c1bc691 WIP: Xerces XXE 2022-04-06 12:55:52 +01:00
4B5F5F4B
04538d0599 Autoformated to make CodeQL happy 2022-04-06 11:59:26 +08:00
Jeroen Ketema
d19504fca2 C++: Add cpp/unused-local-variable test case with switch initializer 
This is similar to the test case with the `if` initializer, and we should
not forget about it once we support `if` initialization.
 2022-04-05 18:27:53 +02:00
ihsinme
73de757f39 Update DangerousUseOfExceptionBlocks.ql 2022-04-04 21:38:03 +03:00
ihsinme
61860c9ae9 Update DangerousUseOfExceptionBlocks.ql 2022-04-02 13:44:40 +03:00
Jeroen Ketema
dea510ac95 C++: Add change note for cpp/unused-local-variable changes 2022-04-01 18:32:46 +02:00
Jeroen Ketema
4f49f9d6e1 C++: Remove exception from cpp/unused-local-variable that is no longer needed 2022-04-01 18:32:46 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
ihsinme
b95094235c Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-03-30 10:51:38 +03:00
4B5F5F4B
9ab773422a refactor some code, and add access_ok cases 2022-03-30 12:25:32 +08:00