hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
78744a0182 add additional tests 2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab change example passwords in test 2022-02-16 08:56:00 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
Geoffrey White
703f18b82f C++: Better deduplication. 2022-02-15 17:52:27 +00:00
Jeroen Ketema
1209bbd9b4 Add version of prepare-db-upgrade.sh supporting multiple languages 2022-02-15 18:39:21 +01:00
luchua-bc
40bf093d34 Move shared code to the lib folder and update qldoc 2022-02-15 17:28:13 +00:00
Tony Torralba
5f0ab522f3 Merge pull request #7988 from Marcono1234/marcono1234/sealed-types-predicates 
Java: Add predicates for sealed classes
 2022-02-15 15:11:56 +01:00
yo-h
cfcb06cad9 Merge pull request #8035 from tamasvajk/feature/hardcoded-cred-medium-prec 
C#: Downgrade hardcoded credentials queries to medium precision
 2022-02-15 08:09:27 -05:00
Chris Smowton
2f82a46528 Elaborate change note 2022-02-15 12:56:57 +00:00
luchua-bc
fd533f2ba8 Remove the same callable constraint 2022-02-15 12:44:23 +00:00
Mathias Vorreiter Pedersen
c48e49650a Merge pull request #8039 from jketema/downgrades 
C++: Add initial DB scheme and qlpack file to downgrades directory
 2022-02-15 11:30:33 +00:00
Jeroen Ketema
d59422be41 Add qlpack file to downgrades directory 2022-02-15 12:18:46 +01:00
Jeroen Ketema
0bcb5cb380 Add initial cpp DB scheme to downgrades directory 2022-02-15 11:59:46 +01:00
Mathias Vorreiter Pedersen
38e44924e7 Merge pull request #8036 from jketema/remove-legacy-relations-2 
C++: Remove some unused legacy relations from the DB scheme - Take 2
 2022-02-15 10:56:25 +00:00
Jeroen Ketema
3b2584a5d1 Add change note 2022-02-15 11:18:44 +01:00
Jeroen Ketema
9d7784e12d C++: Add DB downgrade script 2022-02-15 11:18:44 +01:00
Jeroen Ketema
f791c63780 C++: Add DB upgrade script 2022-02-15 11:18:44 +01:00
Jeroen Ketema
68fd953d9b C++: Mark classes depending on removed relations as deprecated 
Also ensure they no longer depend on the removed relations.
 2022-02-15 11:18:36 +01:00
Rasmus Wriedt Larsen
62d4bb50a5 Python: Autoformat 
Trailing whitespace is a bit too easy with the ```suggestions through
the UI :|
 2022-02-15 10:38:52 +01:00
Tony Torralba
bfa14fa066 Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers 
Java: Add HTTP Request Splitting to Netty Query
 2022-02-15 10:24:36 +01:00
Rasmus Wriedt Larsen
5a90214ece Merge pull request #7783 from yoff/python/promote-ldap-injection 
Python: promote LDAP injection query
 2022-02-15 10:24:18 +01:00
Jeroen Ketema
bf6ca7a7be C++: Remove some unused legacy relations from the DB scheme 2022-02-15 10:16:35 +01:00
Tamas Vajk
0c667fa544 Move change note from lib to src folder 2022-02-15 09:58:12 +01:00
Tamas Vajk
c386ab5e51 Add change note 2022-02-15 09:55:18 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs 
Approved by esbena
 2022-02-15 09:34:21 +01:00
Tamas Vajk
e8bf94faf9 C#: Downgrade hardcoded credentials queries to medium precision 2022-02-15 09:34:20 +01:00
Marcono1234
a496b1d1a1 Java: Add predicates for sealed classes 2022-02-14 21:04:38 +01:00
Robert Marsh
0e50c4b186 C++: Add openssl low-level API 2022-02-14 14:47:55 -05:00
Chris Smowton
0bf6c83ef2 Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure 
Java: CWE-200: Temp directory local information disclosure vulnerability
 2022-02-14 18:58:44 +00:00
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier 
Java: An experimental query for ignored hostname verification
 2022-02-14 18:56:27 +00:00
yoff
de5b3a272d Merge pull request #7660 from RasmusWL/deprecate-old-modeling 
Python: Deprecate old points-to based modeling
 2022-02-14 19:48:03 +01:00
Chris Smowton
f2bc5849ce format 2022-02-14 17:00:14 +00:00
Nick Rolfe
9c79a171ae Merge pull request #8017 from github/nickrolfe/csharp_externalData 
C#: add externalData back to dbscheme
 2022-02-14 16:54:32 +00:00
Jonathan Leitschuh
2048aed0a9 Review feedback and improve temp dir vulnerable/safe code sugestion 2022-02-14 11:29:16 -05:00
Chris Smowton
a62eae5a1e Remove redundant conditions from HostnameVerificationCall.isIgnored 2022-02-14 16:26:41 +00:00
Jonathan Leitschuh
76964d58f2 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
luchua-bc
2b5982fd9d Remove specified value step from additional taint step 2022-02-14 15:42:54 +00:00
yoff
3a995ec1b1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:08:44 +01:00
yoff
62598c0fd1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:07:40 +01:00
yoff
86786d3368 Update docs/codeql/support/reusables/frameworks.rst 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:05:59 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
Asger Feldthaus
f7108506f2 JS: Raise precision tag of js/request-forgery 2022-02-14 14:20:41 +01:00
Nick Rolfe
2633f9d02e C#: delete externalData.rel in downgrade script 2022-02-14 12:25:32 +00:00
Nick Rolfe
6e7f5f8c12 C#: add DB upgrade and downgrade scripts 2022-02-14 12:16:39 +00:00
Nick Rolfe
d43a62a09f C#: add externalData back to dbscheme 
That table is still used, and is populated by the CSV extractor.
 2022-02-14 12:09:00 +00:00
Rasmus Lerchedahl Petersen
d1200d0cd5 python: fix change-note formatting 2022-02-14 12:22:29 +01:00
Rasmus Lerchedahl Petersen
84447e4710 python: more detailed alert message 2022-02-14 11:55:07 +01:00