hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

33347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Muskalla
25d251c24f Exclude main methods from models 2022-01-19 16:11:59 +01:00
Tony Torralba
3c9fac0c6e Sync DataFlowImplForOnActivityResult.qll 2022-01-19 16:11:51 +01:00
Tony Torralba
6a4d2ee850 Apply code review suggestions 2022-01-19 16:08:31 +01:00
Tony Torralba
57ff13dd19 Sync DataFlowImplForOnActivityResult to latest changes 2022-01-19 16:08:31 +01:00
Tony Torralba
ea4ff80cc6 Add DataFlowImplForOnActivityResult to identical-files.json 2022-01-19 16:08:31 +01:00
Tony Torralba
37916a8368 Fix previous merge 2022-01-19 16:08:31 +01:00
Tony Torralba
d9d9ad7d63 Use dedicated instance of DataFlow 2022-01-19 16:08:31 +01:00
Tony Torralba
aef63f69b0 Formatting 2022-01-19 16:08:30 +01:00
Tony Torralba
4b3029564c Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-19 16:08:29 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
9ae1f1cf85 QLDoc 2022-01-19 16:08:27 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
520d8f5ec5 Add stubs 2022-01-19 16:06:23 +01:00
Tom Hvitved
7e3f3c6e2a Merge pull request #7515 from hvitved/csharp/extraction-mode 
C#: Introduce extractor mode to identify DBs created with `codeql test run`
 2022-01-19 16:04:57 +01:00
Chris Smowton
162b3822dd Merge pull request #7613 from github/smowton/admin/tag-random-used-once 
Remove security-severity tag to java/random-used-once
 2022-01-19 14:43:08 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Rasmus Wriedt Larsen
93b3cd669a Python: Cleanup: Remove old points-to versions of queries 
Since we've internally agreed that we've reached the same or better set
of results.
 2022-01-19 15:30:12 +01:00
Felicity Chapman
51e8b4c7ed Port changes from main to rc/3.3 to avoid regression 2022-01-19 14:26:52 +00:00
Rasmus Wriedt Larsen
e82e648ca1 Python: Remove usernames as sensitive source for cleartext queries 
Closes #6363, #6927, #6726, #7497, #7116
 2022-01-19 15:25:21 +01:00
Rasmus Lerchedahl Petersen
db253e8939 python: upgrade and downgrade scripts 2022-01-19 15:22:57 +01:00
Chris Smowton
c63fcb2c69 Add change note 2022-01-19 14:13:45 +00:00
Rasmus Wriedt Larsen
f3daff4e5a Python: Add FP tests for cleartext logging 2022-01-19 15:13:06 +01:00
Chris Smowton
f0645a34b9 Remove security-severity tag instead 
This leaves the Java query in the same state as its C# cousin.
 2022-01-19 14:06:40 +00:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations 
Ruby: Resolve simple string interpolations
 2022-01-19 14:43:58 +01:00
Alex Ford
45ed5a806c Ruby: changenote for rb/csrf-protection-disabled enhancement 2022-01-19 13:41:00 +00:00
Alex Ford
b27d315ff4 Ruby: add an example of protect_from_forgery with: :exception 2022-01-19 13:30:27 +00:00
Mathias Vorreiter Pedersen
dfbde23821 Merge pull request #7627 from geoffw0/nullterm5 
C++: Fix branch related FPs in cpp/improper-null-termination.
 2022-01-19 13:30:05 +00:00
Rasmus Lerchedahl Petersen
ef9fb0873f python: tools for writing upgrades and downgrade 
adapted from [the ruby instructions](https://github.com/github/codeql/blob/main/ruby/doc/prepare-db-upgrade.md)
 2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
36e18d5d80 python: dataflow for match 
- also update `validTest.py`, but commented out for now
  otherwise CI will fail until we force it to run with Python 3.10
- added debug utility for dataflow (`dataflowTestPaths.ql`)
 2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
bb210f4172 pythos: SSA for match 
- new SSA definition `PatternCaptureDefinition`
- new SSA definition `PatternAliasDefinition`
- implement `hasDefiningNode`
 2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
de8ecb214f python: Wrappers for database classes 
- new syntactic category `Pattern` (in `Patterns.qll`)
- subpatterns available on statments
- new statements `MatchStmt` and `Case`
  (`Match` would conflict with the shared ReDoS library)
- new expression `Guard`
- support for pattern lists
 2022-01-19 14:29:58 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Tom Hvitved
dacb33d1dd C#: Adjust Roslyn workaround 2022-01-19 14:12:21 +01:00
Geoffrey White
0230494799 C++: Expand QLDoc comment. 2022-01-19 13:07:55 +00:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5 
JS: Bump ML-powered query packs to v0.0.5
 2022-01-19 13:00:41 +00:00
Geoffrey White
acfd593eb4 C++: Change note. 2022-01-19 13:00:36 +00:00
Geoffrey White
330b4c3704 C++: Generalize hasSocketInput a little to include fgets and friends. 2022-01-19 13:00:35 +00:00
Geoffrey White
9c2d961ae5 C++: Fix another expression of stdin / stdout we see in practice. 2022-01-19 13:00:34 +00:00
Michael Nebel
d7cd1cf0b9 C#: Address review comments. 2022-01-19 13:50:02 +01:00
Tom Hvitved
4f90b45dd7 C#: Address review comments 2022-01-19 13:46:22 +01:00
Tom Hvitved
c8509cc382 C#: Introduce extractor mode to identify DBs created with codeql test run 2022-01-19 13:46:22 +01:00
Geoffrey White
d77ba020f9 C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission. 2022-01-19 12:40:32 +00:00
Rasmus Lerchedahl Petersen
b17f844f35 python: New generated files 2022-01-19 13:36:32 +01:00
Geoffrey White
974a8b1a9a C++: Add a test case. 2022-01-19 12:33:21 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609 
C#: Fix false positive alert for shadowing on record types.
 2022-01-19 12:24:57 +01:00
Tom Hvitved
71ddd00a6c C#: Workaround Roslyn bug in INamedTypeSymbol.TupleElements 2022-01-19 11:33:03 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00