hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
64b458b166 Merge pull request #8319 from hvitved/csharp/recursive-qltest-extraction-change-note 
C#: Add change note about recursive `codeql test run` extraction
 2022-03-07 11:43:11 +01:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step 
Ruby/Python: Clear call contexts after jump steps in type tracking
 2022-03-07 11:38:51 +01:00
Tom Bolton
173f45f316 Merge pull request #8334 from github/tombolton/add-mapping-query 
JS: Add query that maps queries to sink type
 2022-03-07 10:35:37 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats 
C++: Update the DB scheme stats file
 2022-03-07 09:11:53 +00:00
Tony Torralba
08ce128d64 Merge pull request #8325 from JLLeitschuh/feat/JLL/improve_compile_time_constant 
[Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
 2022-03-07 09:32:59 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Erik Krogh Kristensen
9c759a987e QL: add query detecting ordering by a constant 2022-03-06 17:02:19 +01:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf 
JS: Fix ATM timeout on NodeJS
 2022-03-04 10:41:35 -08:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement 
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
 2022-03-04 11:39:10 -05:00
Taus
b35718e0d5 Python: Remove uses of getAQlClass 2022-03-04 15:39:27 +00:00
Jonathan Leitschuh
38897f2ec1 Fixup tests from code review changes 2022-03-04 09:33:51 -05:00
Jonathan Leitschuh
17b6e66814 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-03-04 09:29:57 -05:00
ihsinme
5c801392d1 Merge pull request #2 from geoffw0/fix_tests 
Fix tests.
 2022-03-04 15:41:41 +03:00
Arthur Baars
71e393c6e1 Merge pull request #8330 from aibaars/cache-regExpSource 
Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp
 2022-03-04 13:38:11 +01:00
Taus
095f27f294 Python: Remove deprecated annotations 2022-03-04 12:30:26 +00:00
Geoffrey White
17cd4d86f1 Fix tests. 2022-03-04 12:27:48 +00:00
Taus
20710616c5 Python: Fix "use set literal" warnings 2022-03-04 12:26:36 +00:00
Geoffrey White
1cb104418f Update ExposureSensitiveInformationUnauthorizedActor.expected 
Fix test.
 2022-03-04 12:25:22 +00:00
Geoffrey White
a34a61c16f Update ExposureSensitiveInformationUnauthorizedActor.expected 
Fix test.
 2022-03-04 12:25:05 +00:00
Taus
821de636af Python: Remove redundant inline casts 
These are all implied by the return type of the other side of the
equality.
 2022-03-04 12:21:31 +00:00
Taus
74f0bdfc79 Python: Fix "unused disjunct" warnings 
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.

Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
 2022-03-04 12:14:57 +00:00
Mathias Vorreiter Pedersen
9a91e66714 Merge pull request #8321 from MathiasVP/improve-using-expired-address-query 
C++: More TPs from `cpp/using-expired-stack-address`
 2022-03-04 12:07:55 +00:00
tombolton
2ffa6771ff replace endpoint type name with encoding in mapping query 2022-03-04 11:00:31 +00:00
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection 
Python: promote XPath injection query
 2022-03-04 11:59:39 +01:00
Rasmus Wriedt Larsen
f620e2599d Merge branch 'main' into py/add-ssrf-sinks 2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
e47f726e74 Python: Add change-note 2022-03-04 11:48:17 +01:00
Rasmus Wriedt Larsen
d86284bf32 Python: Update frameworks.rst 2022-03-04 11:48:06 +01:00
Rasmus Wriedt Larsen
75bc532d10 Python: Avoid toString usage :O 2022-03-04 11:41:22 +01:00
Rasmus Wriedt Larsen
866e615689 Python: Add PyPI links in qldocs 2022-03-04 11:40:03 +01:00
Rasmus Wriedt Larsen
02a97b08bb Python: Move urllib and urllib2 to be part of stdlib modeling 2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77 Python: improve urllib3 modeling 2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179 Python: Fix httpx modeling 2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
56901ea841 Python: Make new SSRF sink modules private 2022-03-04 11:04:18 +01:00
Rasmus Wriedt Larsen
40feb1fb8d Python: SPURIOUS results for httpx 2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1 Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-04 10:56:53 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00
Tom Hvitved
c49ed559d6 Update csharp/ql/lib/change-notes/2022-03-03-recursive-qltest-extraction.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-04 10:49:42 +01:00
Arthur Baars
cd5c71e85e Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp 2022-03-04 10:15:22 +01:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
Harry Maclean
1181779c10 Merge pull request #7920 from github/hmac/string-flow-summaries 
Ruby: Add String flow summaries
 2022-03-04 09:09:19 +13:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
ihsinme
5d1dee24d4 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:54 +03:00
ihsinme
7b3546ea30 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:17 +03:00
ihsinme
625f74e9be Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/test.cpp 2022-03-03 20:01:24 +03:00
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00