hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-25 14:47:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,788 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ed Minnix
157b7ceaff Refactor TimingAttackAgainstHeader 2023-04-12 20:37:36 -04:00
Ed Minnix
a186b771ba Refactor JxBrowserWithoutCertValidation 2023-04-12 20:37:35 -04:00
Ed Minnix
ccdd9bce33 Refactor Revocation checking 2023-04-12 20:37:35 -04:00
Ed Minnix
380888e446 Refactor ClientSuppliedIpUsedInSecurityCheck 2023-04-12 20:37:35 -04:00
Ed Minnix
3c85ca9740 Refactor ThreadResourceAbuse 2023-04-12 20:37:35 -04:00
Ed Minnix
da5a719ffc Refactor UnsafeUsageOfClientSideEncryptionVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e880a5f187 Refactor UnsafeTlsVersion 2023-04-12 20:37:35 -04:00
Ed Minnix
e3f6bc043d Refactor InsecureWebResourceResponse 2023-04-12 20:37:35 -04:00
Ed Minnix
074745315c Refactor SensitiveAndroidFileLeak 2023-04-12 20:37:35 -04:00
Ed Minnix
685a2043a8 Refactor UnsafeReflection 2023-04-12 20:37:35 -04:00
Ed Minnix
13e1cc50c8 Add SpringUrlRedirect 2023-04-12 20:37:35 -04:00
Ed Minnix
30cfbb83b3 Add UncaughtServletException 2023-04-12 20:37:35 -04:00
Ed Minnix
5594e7f6d2 Add SensitiveGetQuery 2023-04-12 20:37:35 -04:00
Ed Minnix
478309c90b Add UnsafeDeserializationRmi 2023-04-12 20:37:35 -04:00
Ed Minnix
e2cfea19b5 Add UnsafeUrlForward 2023-04-12 20:37:35 -04:00
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00
Ed Minnix
6e4e1e52c0 Refactor NFEAndroidDoS 2023-04-12 20:37:35 -04:00
Ed Minnix
94768f425f Refactor HashWithoutSalt 2023-04-12 20:37:35 -04:00
Ed Minnix
cb7391177d Refactor MyBatis queries 2023-04-12 20:37:35 -04:00
Ed Minnix
d528c8461f Refactor XQueryInjection.ql 2023-04-12 20:37:35 -04:00
Ed Minnix
e7cbd493d7 Refactor FilePathInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
47c5db03ab Refactor OpenStream.ql 2023-04-12 20:37:34 -04:00
Ed Minnix
5bd9aae072 Refactor Log4jJndiInjection.ql 2023-04-12 20:37:34 -04:00
Asger F
2f82f4338a QL: Dont ask me to inline cached predicates 2023-04-12 20:33:21 +02:00
Mathias Vorreiter Pedersen
184cb74cd0 Swift: Accept test changes. 2023-04-12 17:38:34 +01:00
Mathias Vorreiter Pedersen
f46ea325e8 Swift: Add dataflow through key-path expressios by modeling them as lambdas that perform a sequence of read steps. 2023-04-12 17:38:34 +01:00
Mathias Vorreiter Pedersen
21b03927c5 Swift: Add failing tests. 2023-04-12 17:38:29 +01:00
Chris Smowton
d049b112a9 Merge pull request #12750 from smowton/smowton/admin/add-dataflow-viableParamArgSpecific-hook 
Go: mass-convert taint-flow models to models-as-data format (with `viableParamArgSpecific` hook)
 2023-04-12 17:11:18 +01:00
Mathias Vorreiter Pedersen
ba4e3ae949 Update cpp/ql/src/Critical/FlowAfterFree.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-12 16:50:57 +01:00
Mathew Payne
824ff8ad88 Add function signature to model 2023-04-12 14:54:06 +00:00
Mathew Payne
ffec22a5d2 Add change log notes 2023-04-12 14:48:28 +00:00
Mathew Payne
d0529bba2b Add missing models for Java IO 
- java.io.OutputStream
- java.nio.file.Files
 2023-04-12 14:43:11 +00:00
Chris Smowton
d648b34037 Accept test changes 
These are caused by nodes being hidden by https://github.com/github/codeql/pull/12783
 2023-04-12 15:05:04 +01:00
Mathias Vorreiter Pedersen
566513e927 Merge pull request #12800 from MathiasVP/fix-joins-in-constant-array-overflow 
C++: Fix joins in `cpp/constant-array-overflow`
 2023-04-12 14:57:17 +01:00
Asger F
69cb138912 Ruby: Tweak caching/inlining or API graph predicates 2023-04-12 15:56:58 +02:00
Chris Smowton
7eefa43f5a Rename and document viableArgParamSpecific to make clear it is a temporary hook. 2023-04-12 14:33:46 +01:00
Asger F
7e23bf3938 Ruby: remove some redundant getASubclass() calls 2023-04-12 15:32:01 +02:00
Chris Smowton
1706367b34 Document DataFlowCallable 2023-04-12 14:24:21 +01:00
Chris Smowton
9f4b77e851 Accept test changes 2023-04-12 14:19:06 +01:00
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
Chris Smowton
7ffe863ba6 Remove addressed FIXME 
This was addressed by adding `getAPackageWithSummarizedCallables`
 2023-04-12 14:19:06 +01:00
Chris Smowton
985e07d902 pragma[nomagic] hasQualifiedName 
These are cheap and frequently-used, and magicking them with respect to `interpretPackage` was yielding expensive, unnecessary regex operations.
 2023-04-12 14:19:06 +01:00
Chris Smowton
0129167cc4 Convert Beego's MapGet method to MaD 2023-04-12 14:19:06 +01:00
Chris Smowton
b86f0cf268 Sort models 2023-04-12 14:19:06 +01:00
Chris Smowton
12527e406b Remove unnecessary model 
This referred to a private type
 2023-04-12 14:19:05 +01:00
Chris Smowton
2abffccded Accept test changes 2023-04-12 14:19:05 +01:00