hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

470 Commits

Author SHA1 Message Date
erik-krogh
944ca4a0da fix some more style-guide violations in the alert-messages 2022-10-07 11:23:34 +02:00
Rasmus Wriedt Larsen
d7be27a1c0 Python: Fix experimental py/ip-address-spoofing 
I realized the modeling was done in a non-recommended way, so I changed
the modeling. It was very nice that I could use API graphs for the flask
part, and a little sad when I couldn't for Django/Tornado.
 2022-10-03 21:19:30 +02:00
Rasmus Wriedt Larsen
b01a0ae696 Python: Adjust .expected after flask source change 
It's really hard to audit that this is all good.. I tried my best with
`icdiff` though -- and there is a problem with
ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
that needs to be fixed in the next commit
 2022-10-03 20:35:49 +02:00
Taus
0b8bdc0f85 Python: Fix broken test 2022-09-06 16:37:43 +00:00
Ahmed Farid
8153b790ad Update test result 2022-08-31 16:01:09 +01:00
Ahmed Farid
56d48e6264 Add more tests 2022-08-31 15:59:51 +01:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Taus
687cd92903 Python: Update .expected file 2022-08-19 11:43:57 +00:00
Ahmed Farid
9cb7a0ac2e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 16:29:05 +01:00
Ahmed Farid
685cd97b8e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 16:28:51 +01:00
Ahmed Farid
2377880d0c Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.py 2022-08-16 16:28:36 +01:00
Ahmed Farid
f956fe12d5 Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qlref 2022-08-16 16:28:17 +01:00
Ahmed Farid
6536b602df Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.expected 2022-08-16 16:28:00 +01:00
Ahmed Farid
b8fe0e2eee Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeader.py 2022-08-16 16:27:45 +01:00
Ahmed Farid
87b67ed64f Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py 2022-08-16 16:27:19 +01:00
Ahmed Farid
fa3940f69a Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.qlref 2022-08-16 16:27:02 +01:00
Ahmed Farid
6a94d45643 Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected 2022-08-16 16:26:45 +01:00
Ahmed Farid
31ecb0727f Rename TimingAttackAgainstHeader.expected to TimingAttackAgainstHeaderValue.expected 2022-08-16 14:50:54 +01:00
Ahmed Farid
d8719f3b1f Rename TimingAttackAgainstSensitiveInfo.expected to PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 14:50:21 +01:00
Ahmed Farid
67476d0a36 Rename TimingAttackAgainstSensitiveInfo.qlref to PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:36:59 +01:00
Ahmed Farid
e8376a522c Update TimingAttackAgainstHeaderValue.qlref 2022-08-16 13:35:20 +01:00
Ahmed Farid
ecbe663c2f Update TimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:34:24 +01:00
Ahmed Farid
1dd4400c67 Update PossibleTimingAttackAgainstHash.qlref 2022-08-16 13:33:17 +01:00
Ahmed Farid
44f054bede Update PossibleTimingAttackAgainstHash.expected 2022-08-16 12:31:33 +01:00
Ahmed Farid
abc49bd62b Update TimingAttackAgainstHeader.py 2022-08-16 12:06:34 +01:00
Ahmed Farid
68cf084b8f Update TimingAttackAgainstSensitiveInfo.expected 2022-08-16 12:03:14 +01:00
Ahmed Farid
c85ad1b2c0 Update TimingAttackAgainstHash.py 2022-08-16 11:50:37 +01:00
Ahmed Farid
5ecadd06ae Update TimingAttackAgainstHash.py 2022-08-15 15:21:10 +01:00
Ahmed Farid
f2bf58bdb6 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 15:16:30 +01:00
Ahmed Farid
18b103dbd5 Update TimingAttackAgainstHash.py 2022-08-15 11:29:29 +01:00
Ahmed Farid
7d23b80582 Update TimingAttackAgainstHash.py 2022-08-15 11:29:09 +01:00
Ahmed Farid
521dbd0e82 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:28:51 +01:00
Ahmed Farid
5de103303d Update TimingAttackAgainstHeader.py 2022-08-15 11:26:34 +01:00
Ahmed Farid
7cb1683f5b Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:21:40 +01:00
Ahmed Farid
01490414e8 Update TimingAttackAgainstHeader.py 2022-08-12 12:25:31 +01:00
Ahmed Farid
ae4ded08fa Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref 2022-08-04 12:42:52 +01:00
Ahmed Farid
e3340c9345 Update TimingAttackAgainstSensitiveInfo.py 2022-07-27 00:25:42 +01:00
Ahmed Farid
ad57ff4def Rename PossibleTimingAttackAgainstSignature.qlref to PossibleTimingAttackAgainstHash.qlref 2022-07-26 23:56:24 +01:00
Ahmed Farid
f35985097d Update and rename PossibleTimingAttackAgainstSignature.expected to PossibleTimingAttackAgainstHash.expected 2022-07-26 23:50:44 +01:00
Ahmed Farid
4f082e28e5 Update and rename TimingAttackAgainstSignature.py to TimingAttackAgainstHash.py 2022-07-20 12:26:57 +01:00
Ahmed Farid
b3925ae988 Update PossibleTimingAttackAgainstSignature.qlref 2022-07-20 00:57:26 +01:00
root
655b9d4262 Python: Timing attack 2022-06-27 12:18:45 -04:00
yoff
699761889d Merge pull request #7127 from jty-team/jty/python/emailInjection 
Python: CWE-079 - Add Email injection query
 2022-06-14 10:54:16 +02:00
jorgectf
e577a0e836 Update .expected tests 2022-05-27 00:13:40 +02:00
${sleep,7}
76c27c685f Merge branch 'main' into jty/python/emailInjection 2022-05-26 16:27:57 -04:00
yoff
aadfa8eacd Merge branch 'main' into py/CsvInjection 2022-05-25 10:43:08 +02:00
Rasmus Wriedt Larsen
6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen
0956d506de Python: Actually promote py/pam-auth-bypass 
🤦
 2022-05-11 13:44:47 +02:00