hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

58 Commits

Author SHA1 Message Date
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
73309fb9dd Updated modeling of aws-sdk with MaD 2025-04-28 14:00:12 +02:00
Napalys Klicius
42d5b80e81 Added support for AWS.Credentials hardcoded credentials 2025-04-28 14:00:12 +02:00
Napalys Klicius
f69037c176 Added ability to detect direct write to global AWS.config 2025-04-28 14:00:12 +02:00
Napalys Klicius
05e4677fd1 Added ability to detect new AWS.ServiceName cases with hardcoded credentials 2025-04-28 14:00:12 +02:00
Napalys Klicius
e6450a17ec Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials 2025-04-28 14:00:12 +02:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
a1796bda8a JS: Accept some new alerts in HardcodedCredentials 
I think these were just missing 'NOT OK' comments
 2025-02-28 13:28:54 +01:00
Asger F
2bed3a40bf JS: Mark some missing alerts in HardcodedCredentials 
Not sure why
 2025-02-28 13:28:52 +01:00
Asger F
9ef5a97b4e JS: Accept alerts in HardcodedCredentials and add Sink tags 
This query now uses the source as the primary alert location, and some old comments appeared at the sink.

To make the change easier to verify, this commit migrates the test to include Sink tags. (Source/Sink tags in general are added later)
 2025-02-28 13:28:51 +01:00
Asger F
7fa63fa6ee JS: Update alerts in HardcodedCredentials test 
Note that file is inside a folder named __tests__. The same code is found in another file outside the test folder, where it is flagged.
 2025-02-28 13:28:50 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
c54f5858b1 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-22 13:22:05 +02:00
am0o0
354fcbe7fe apply changes from @erik-krogh 2024-08-01 20:14:36 +02:00
am0o0
b360c8adb8 Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate. 
According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
 2024-07-01 15:00:08 +02:00
am0o0
5a1877547f update test cases of __tests__/ dir 
since we want to check if a jwt related sink is in this dir or not
 2024-07-01 14:50:07 +02:00
am0o0
6ecd8b7ee8 add new default cred kind 2024-07-01 14:42:34 +02:00
am0o0
65fdb8ccce move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results 2024-07-01 11:38:17 +02:00
Asger F
2473274681 JS: Benign test output changes 2024-06-27 09:06:45 +02:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
Asger F
bd3fccd1a8 JS: Update test output with provenance column 2024-06-25 10:30:56 +02:00
am0o0
5a69bbf6b0 use isTestFile from ClassifyFiles module file instead previous where condition, update tests accordingly 2024-06-07 06:11:48 +02:00
am0o0
e4ffdb848e add tests for new where condition, update expected test results 2024-06-06 14:30:06 +02:00
am0o0
d77513579f update tests 2024-05-25 12:15:25 +02:00
am0o0
4e365e242c fix conflict 2024-05-25 12:08:05 +02:00
am0o0
20c087ce39 update tests 2024-05-25 12:06:07 +02:00
am0o0
1860af075d fix conflict 2024-05-25 12:01:12 +02:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
amammad
e1d42fad2c move new secret key sinks to existing CredentialsNode class, 
add new additional global taint and dataflow steps
update tests of CWE-798
add a new sanitizer for `semmle.javascript.security.dataflow.HardcodedCredentialsQuery`
 2023-11-02 16:09:01 +01:00
Asger F
4bac90252c JS: Port HardcodedCredentials 2023-10-13 13:15:04 +02:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
Esben Sparre Andreasen
816d79692b ignore deliberately hardcoded password strings 2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen
78744a0182 add additional tests 2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab change example passwords in test 2022-02-16 08:56:00 +01:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
99d03bab24 only flag the secret key in JWT 2020-11-12 21:36:05 +01:00
Erik Krogh Kristensen
5ecae55e77 add keys used by jsonwebtoken as CredentialsExpr 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
d814e73023 update comment position to match alert location for CWE-798 2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
a90c8769ee update expected output 2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8 better support for browser based fetch API 2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716 support more variants of the Headers API 2020-06-03 11:50:10 +02:00
Erik Krogh Kristensen
3c802007a3 add support for string concatenations and base64-encoding of hardcoded credentials 2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen
b6dc94fccb add fetch.Headers.Authorization as a CredentialsExpr 2020-06-02 23:02:16 +02:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00