hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-25 14:47:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,788 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
3f139bd93b Swift: address logging review comments 2023-04-17 10:27:01 +02:00
Paolo Tranquilli
edb355b47f Swift: add QLdoc for generated Raw and Synth modules 2023-04-17 09:38:26 +02:00
Tony Torralba
f5702f5c69 Address review comment 
Handle more regex cases that cover line breaks
 2023-04-17 09:33:44 +02:00
Tony Torralba
e167d3ce00 Add line break sanitizers 2023-04-17 09:33:44 +02:00
Erik Krogh Kristensen
4e49df1615 Merge pull request #12839 from jcogs33/jcogs33/update-QueryDoc-regex 
QL: update regexes used in `QueryDoc.getQueryName()` and in `QueryDoc.getQueryId()/getQueryLanguage()`
 2023-04-17 09:03:03 +02:00
Mathias Vorreiter Pedersen
7eee589304 Merge pull request #12569 from andersfugmann/andersfugmann/use_after_free 
C++: Implement use-after-free and double-free queries using the new IR use-use dataflow
 2023-04-17 08:01:58 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00
Mathias Vorreiter Pedersen
dba46bd324 Update cpp/ql/src/Critical/DoubleFree.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:38:30 +01:00
Asger F
ccb57f2a84 Merge pull request #12804 from asgerf/rb/api-graphs-cached 
Ruby: restrict join order of API graph predicates
 2023-04-17 08:24:07 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
Asger F
c250ba7f27 JS: Undo sanitization of path.normalize() 2023-04-17 08:23:04 +02:00
Asger F
9db63c3a6a JS: Change note 2023-04-17 08:23:04 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
Asger F
0d598c437d JS: Fix observed FPs in UnsafeJQueryPlugin 2023-04-17 08:20:18 +02:00
Asger F
b321151a28 JS: Restrict ExtendCall flow in proto pollution query 2023-04-17 08:20:18 +02:00
Asger F
efb582b661 JS: Drive-by fix to newly gained FPs 2023-04-17 08:20:18 +02:00
Asger F
869c6d27fe JS: Add implied receiver steps 2023-04-17 08:20:18 +02:00
Asger F
74dbc71535 JS: Change Extend steps to PreCallGraphStep 2023-04-17 08:20:18 +02:00
Jami Cogswell
06bf246afe QL: update regexes 2023-04-16 16:10:23 -04:00
Geoffrey White
d94ed1b4a3 Merge pull request #12824 from geoffw0/modernsec4 
Swift: Add CryptoSwift sinks in swift/weak-sensitive-data-hashing
 2023-04-14 19:56:37 +01:00
Geoffrey White
706fdce527 Swift: Downgrade swift/unsafe-js-eval to precision medium. 2023-04-14 18:16:16 +01:00
Geoffrey White
2adc4c0feb Swift: PredicatUpgrade predicate injection sources from RemoteFlowSource to FlowSource. Even local input should be in parameters rather than concatenated into the predicate. 2023-04-14 17:50:57 +01:00
Geoffrey White
7b8606d411 Swift: Delete unnecessary import. 2023-04-14 16:36:22 +01:00
Edward Minnix III
38826c98f1 Merge pull request #12751 from egregius313/egregius313/dataflow-refactor-cleanup 
Java: Finish dataflow refactor
 2023-04-14 10:35:11 -04:00
Geoffrey White
ba982e2f85 Merge pull request #12752 from gsingh93/buffer-access-array-expr 
C++: Consider ArrayExpr with non-constant size expressions as a BufferAccess
 2023-04-14 15:31:20 +01:00
Michael Nebel
4bca9511cd Merge pull request #12803 from michaelnebel/csharp/refactordataflow3 
C#: Re-factor dataflow queries to use the new API.
 2023-04-14 16:30:55 +02:00
Alex Ford
2aba24da0c Merge pull request #12831 from github/release-prep/2.13.0 
Release preparation for version 2.13.0
codeql-cli/v2.13.0 		2023-04-14 14:59:39 +01:00
Geoffrey White
9ecba6a94d Swift: Add missing imports in ExternalFlow.qll. 2023-04-14 14:58:24 +01:00
Geoffrey White
619d572d50 Swift: Add RNCryptor hmacKey encryption-key sinks. 2023-04-14 14:58:15 +01:00
Geoffrey White
46da73cc11 Swift: Add realm path-injection sinks. 2023-04-14 14:50:50 +01:00
Geoffrey White
feccd307da Swift: Add realm encryption-key sinks. 2023-04-14 14:47:24 +01:00
Geoffrey White
bfdaf6951d Swift: Add some test cases. 2023-04-14 14:39:45 +01:00
Geoffrey White
21414089ee Swift: Test renaming and layout changes. 2023-04-14 14:39:32 +01:00
Jeroen Ketema
0c7346707b Fix minor issues with change notes 2023-04-14 15:37:04 +02:00
github-actions[bot]
075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
Owen Mansel-Chan
8a4ca7fb84 Merge pull request #10026 from pwntester/patch-2 
Go: Partial URLs should not sanitize against SSRF
 2023-04-14 13:52:11 +01:00
jarlob
e9dee3a185 Move actions/github-script out of Actions.qll 2023-04-14 14:26:23 +02:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
Asger F
f4e8656c17 Ruby: move internal methods to API::Node::Internal 2023-04-14 13:35:13 +02:00
Alex Ford
9169ddb9c1 Merge pull request #12823 from alexet/alexet/bump-version 
Bump all qlpacks major versions
 2023-04-14 12:18:27 +01:00
Owen Mansel-Chan
352866b52d Add change note 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
a42dbc5bab Fix formatting again 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
d407a689fa Fix formatting by deleting spaces no blank line 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
169bde8671 Fix formatting by deleting blank line 2023-04-14 12:00:38 +01:00
Alvaro Muñoz
8bf4b55309 Partial URLs should not sanitize against SSRF 
As an example:

```go
	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)
```
 2023-04-14 12:00:38 +01:00
jarlob
599ec5a3b4 Add comment 2023-04-14 10:52:11 +02:00
jarlob
3724ea1a7b Extract where parts into predicates 2023-04-14 10:49:56 +02:00
jarlob
ac1c20673d Encapsulate github-script 2023-04-14 10:23:49 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00