hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4008 Commits

Author SHA1 Message Date
Ahmed Farid
ecbe663c2f Update TimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:34:24 +01:00
Ahmed Farid
1dd4400c67 Update PossibleTimingAttackAgainstHash.qlref 2022-08-16 13:33:17 +01:00
Ahmed Farid
44f054bede Update PossibleTimingAttackAgainstHash.expected 2022-08-16 12:31:33 +01:00
Ahmed Farid
abc49bd62b Update TimingAttackAgainstHeader.py 2022-08-16 12:06:34 +01:00
Ahmed Farid
68cf084b8f Update TimingAttackAgainstSensitiveInfo.expected 2022-08-16 12:03:14 +01:00
Ahmed Farid
c85ad1b2c0 Update TimingAttackAgainstHash.py 2022-08-16 11:50:37 +01:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Ahmed Farid
5ecadd06ae Update TimingAttackAgainstHash.py 2022-08-15 15:21:10 +01:00
Ahmed Farid
f2bf58bdb6 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 15:16:30 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Ahmed Farid
18b103dbd5 Update TimingAttackAgainstHash.py 2022-08-15 11:29:29 +01:00
Ahmed Farid
7d23b80582 Update TimingAttackAgainstHash.py 2022-08-15 11:29:09 +01:00
Ahmed Farid
521dbd0e82 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:28:51 +01:00
Ahmed Farid
5de103303d Update TimingAttackAgainstHeader.py 2022-08-15 11:26:34 +01:00
Ahmed Farid
7cb1683f5b Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:21:40 +01:00
Ahmed Farid
01490414e8 Update TimingAttackAgainstHeader.py 2022-08-12 12:25:31 +01:00
yoff
b8931d36ca python: give InterpretNode empty charpred 
InterpreNode is going away, but we need a dummy implementation.
However, we do not need any instances, and some tests get confused.
 2022-08-10 10:57:30 +00:00
yoff
75ac24a847 Merge branch 'main' into python-dataflow/flow-summaries-from-scratch 2022-08-10 10:57:59 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Rasmus Wriedt Larsen
f89b32183f Merge branch 'main' into typetracker-decorators 2022-08-08 11:52:09 +02:00
Ahmed Farid
ae4ded08fa Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref 2022-08-04 12:42:52 +01:00
Rasmus Wriedt Larsen
3d0c23e441 Python: Accept .expected for TarSlip 
Changed after merging https://github.com/github/codeql/pull/9579,
which improved our handling of `not` for guards.
 2022-08-03 09:52:11 +02:00
Rasmus Wriedt Larsen
1737d08145 Merge pull request #9579 from yoff/python/more-logic-tests 
Python: Improve `BarrierGuard`
 2022-08-01 11:36:11 +02:00
Ahmed Farid
813e2394f7 Merge branch 'main' into timing-attack-py 2022-07-27 14:40:55 +01:00
Ahmed Farid
e3340c9345 Update TimingAttackAgainstSensitiveInfo.py 2022-07-27 00:25:42 +01:00
Ahmed Farid
ad57ff4def Rename PossibleTimingAttackAgainstSignature.qlref to PossibleTimingAttackAgainstHash.qlref 2022-07-26 23:56:24 +01:00
Ahmed Farid
f35985097d Update and rename PossibleTimingAttackAgainstSignature.expected to PossibleTimingAttackAgainstHash.expected 2022-07-26 23:50:44 +01:00
Ahmed Farid
4f082e28e5 Update and rename TimingAttackAgainstSignature.py to TimingAttackAgainstHash.py 2022-07-20 12:26:57 +01:00
Ahmed Farid
b3925ae988 Update PossibleTimingAttackAgainstSignature.qlref 2022-07-20 00:57:26 +01:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
yoff
f52d792b36 Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 2022-07-01 12:01:07 +00:00
yoff
61523bd330 python: better names 
- "Normal" instead of "NonSpecial"
- "NonLibrary" instead of "2"

I could not find a good replacement for "NonLibrary", nor for "Source",
but I added QLDocs in a few places to help the reading.
 2022-07-01 11:55:20 +00:00
yoff
71583bf6be python: fix import of AccessPathSyntax 2022-07-01 08:48:55 +00:00
yoff
1105cd569b Merge branch 'main' into python/port-tarslip 2022-06-28 22:17:28 +02:00
yoff
6087bc6888 Merge branch 'main' into python/more-logic-tests 2022-06-28 22:16:38 +02:00
Asger F
a522562f93 Merge pull request #9369 from asgerf/python/api-graph-api 
Python: API graph renaming and documentation
 2022-06-28 14:48:12 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Rasmus Lerchedahl Petersen
a1fe8a5b2b python: handle not in BarrierGuard 
in the program
```python
if not is_safe(path):
  return
```
the last node in the `ConditionBlock` is `not is_safe(path)`,
so it would never match "a call to is_safe".
Thus, guards inside `not` would not be part of `GuardNode`
(nor `BarrierGuard`). Now they can.
 2022-06-27 20:10:47 +00:00
Rasmus Lerchedahl Petersen
882000afb3 python: not is confusing our logic 
- added `is_unsafe`
- added "negated version" of two tests.
These versions do not use `not` and the analysis gets the taint right.
 2022-06-27 20:10:47 +00:00
root
655b9d4262 Python: Timing attack 2022-06-27 12:18:45 -04:00
Rasmus Wriedt Larsen
9e154ff4bd Merge branch 'main' into python/port-tarslip 2022-06-27 14:36:15 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
yoff
140dc1a61e merge in main 2022-06-23 09:05:32 +00:00
yoff
8bf60301da python: we have hidden isParameterOf 
but now allow a clear alternative
 2022-06-23 08:57:50 +00:00
yoff
fe0c5d8ee5 python: make ArgumentNode publicly usable 
- add `getCall`
 2022-06-23 08:48:55 +00:00
yoff
cedf9ef538 python: make DataFlowCall "publicly usable" 
- add `getCallable`, `getArg` and `getNode`
- these are `none` for summary calls
- revert "external" uses (they had been changed to `DataFlowSourceCall`)
 2022-06-23 08:32:23 +00:00
Rasmus Wriedt Larsen
4be375521f Python: Handle _ in sensitive-data-sources 2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen
4a844312f4 Python: _ in var name not handled by sensitive-data-sources 2022-06-22 11:05:14 +02:00