hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,785 Branches 169 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
083f56921c update to 5.4.1-rc 2024-02-25 21:20:41 +01:00
am0o0
a636c47c84 minor test cases change: remove unused dict 2024-02-25 23:57:58 +04:00
amammad
4321c5c2da update Twisted document link 2024-02-25 17:53:19 +04:00
amammad
7dd1389b9e add twisted SSH client as secondary server command injection sinks, add proper test cases 2024-02-25 17:52:24 +04:00
amammad
ab219902a9 add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases 2024-02-25 17:15:35 +04:00
amammad
3e6b4a161b finalize Secondary server command injection queries and tests. 2024-02-25 14:24:42 +04:00
amammad
95c9a3fc9a add ssh client libraries, add SecondaryServerCmdInjectionCustomizations 2024-02-25 12:50:12 +04:00
amammad
385c3ba7ff continue to convert paramiko query to a more general query, 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
 2024-02-25 01:18:34 +04:00
amammad
70282f9ebe convert paramiko query to SecondaryServerCmdInjection query, Add inline tests 2024-02-24 18:10:13 +04:00
amammad
d234a53c50 update Fabric models, add new sink to Fabric, add proper test cases 2024-02-24 17:43:51 +04:00
amammad
076faa3a4e add pyTorch :) code execution sinks, add proper tests 2024-02-24 15:55:33 +04:00
amammad
3d7db0e46b add panas code execution sinks, add proper tests 2024-02-24 14:44:06 +04:00
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Chris Smowton
12213a0a08 Add test 2024-02-23 18:39:16 +00:00
Ian Lynagh
bfea40fca0 Kotlin 2: Accept some PrintAst changes in library-tests/exprs 2024-02-23 18:39:06 +00:00
Chris Smowton
d57160db5c Direct map stores via a post-update node 2024-02-23 16:37:26 +00:00
Robert Marsh
da5e3d64ac C++: autoformat 2024-02-23 16:20:42 +00:00
Robert Marsh
dd97584eff C++: fix for duplicated parent of ReturnVoid statements 2024-02-23 16:19:34 +00:00
Ian Lynagh
1abd81ec34 Kotlin 2: Accept loc changes in library-tests/reflection 2024-02-23 13:52:05 +00:00
Ian Lynagh
f43e929d1a Kotlin: More generated elements in Kotlin 2 in library-tests/reflection 2024-02-23 13:45:58 +00:00
Paolo Tranquilli
6b63492d6b Merge pull request #15699 from github/criemen/bazel7-2 
Upgrade to bazel 7.0.2.
 2024-02-23 14:15:00 +01:00
Tamás Vajk
72f73553ca Merge pull request #15692 from tamasvajk/buildless/no-dotnet-sdk 
C#: Download latest dotnet SDK when missing
 2024-02-23 13:24:46 +01:00
Tony Torralba
759b74791c Java: Re-enable Widget.qll flow steps 
The library Widget.qll was accidentally removed from the global context when its sources were migrated to models-as-data in #13136. This re-adds it so that its flow steps are enabled again.
 2024-02-23 13:07:35 +01:00
Harry Maclean
f5be407989 Ruby: deprecate old ProtectFromForgeryCall class 2024-02-23 12:02:26 +00:00
Ian Lynagh
047a8b400e Merge pull request #15703 from igfoo/igfoo/k2mf 
Kotlin: Accept changes in library-tests/multiple_files
 2024-02-23 11:49:05 +00:00
Ian Lynagh
ee967e62e1 Merge pull request #15704 from igfoo/igfoo/k2ministdlib 
Kotlin: Remove the Kotlin 2 ministdlib test
 2024-02-23 11:48:55 +00:00
Owen Mansel-Chan
3dc6918356 Merge pull request #15648 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-02-23 11:48:17 +00:00
Harry Maclean
7b3f1a0982 Ruby: fix comment 2024-02-23 11:14:52 +00:00
Harry Maclean
081c1201ed Ruby: Make csrf query more specific 
CSRF protection only needs to be explicitly enabled on Rails
applications < 5.2 _or_ those that don't include a `load_defaults` call
with a version >= 5.2.
 2024-02-23 11:13:17 +00:00
Harry Maclean
3ee425cc47 Ruby: Identify ActionController::API 
`ActionController::API < ActionController::Base` is a base controller
class, so we should recognise it as such.
 2024-02-23 11:13:17 +00:00
Harry Maclean
32b775fdc3 Ruby: reduce duplicate alerts for csrf query 
Only generate an alert on the top-most vulnerable Rails controller in
the controller tree.
 2024-02-23 11:13:17 +00:00
Harry Maclean
1fbf177b54 Ruby: QLDoc fix 2024-02-23 11:13:16 +00:00
Harry Maclean
3499d169f9 Ruby: Add missing QLDoc 2024-02-23 11:13:16 +00:00
Harry Maclean
0597b2ed1b Ruby: recognise csrf_meta_tag 
csrf_meta_tag is an alias for csrf_meta_tags, retained for backwards
compatibility.
 2024-02-23 11:13:16 +00:00
Harry Maclean
f19a5a9837 Ruby: Add tests for Gemfile modeling 2024-02-23 11:13:16 +00:00
Harry Maclean
3c69ab10f2 Ruby: Restrict rb/csrf-protection-not-enabled 
This query only applies to codebases using Ruby on Rails < 5.2, or where
there is no call to `csrf_meta_tags` in the base ERb template.
 2024-02-23 11:13:15 +00:00
Harry Maclean
581072721c Ruby: Add change note 2024-02-23 11:13:15 +00:00
Harry Maclean
6d6f8ba512 Ruby: Make CSRF query more sensitive 
Generate an alert for every controller class that doesn't have or
inherity a `protect_from_forgery` setting.
 2024-02-23 11:13:15 +00:00
Harry Maclean
49d826f667 Ruby: Add a query for CSRF protection not enabled 
Specifically in Rails apps, we look for root ActionController classes
without a call to `protect_from_forgery`.
 2024-02-23 11:13:14 +00:00
Erik Krogh Kristensen
a0f91fbc15 Merge pull request #15706 from erik-krogh/pol-reg 
ReDoS: Restrict some edges related to upper/lower-case when constructing possible attack strings for polynomial-redos.
 2024-02-23 12:06:17 +01:00
Alvaro Muñoz
1458434504 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-02-23 11:54:41 +01:00
Alvaro Muñoz
f513a19c24 fix: restrict EnvCtxAccessExpr to Env decarlations on the same file 2024-02-23 11:53:47 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Tamas Vajk
20f795c03a Code quality improvements 2024-02-23 11:20:15 +01:00
Michael Nebel
1a155b3a30 Merge pull request #15667 from michaelnebel/csharp/syntheticconstructorbody 
C#: Add synthetic bodies and inititializers for default constuctors.
 2024-02-23 11:14:00 +01:00
Tom Hvitved
94113521d1 Merge pull request #15689 from hvitved/ruby/no-field-branch-limit-summarized-callable 
Ruby: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-02-23 10:47:22 +01:00
Tom Hvitved
d8645cc960 Merge pull request #15694 from hvitved/csharp/assignable-definition-node 
C#: Use separate `newtype` branch for `AssignableDefinitionNode`
 2024-02-23 10:45:04 +01:00
github-actions[bot]
b2b5aa18b2 Add changed framework coverage reports 2024-02-23 00:16:49 +00:00
Tom Hvitved
303a2bb63a C#: Update expected test output 2024-02-22 21:04:55 +01:00
Tom Hvitved
ea7d9c97fd C#: Use separate newtype branch for AssignableDefinitionNode 2024-02-22 21:04:55 +01:00