hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,482 Commits 1,671 Branches 157 Tags
move-cors-query-from-experimental2
Commit Graph

588 Commits

Author SHA1 Message Date
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Kevin Stubbings
04476ca5f4 Add more choices to SSRF remediation 2025-02-25 00:16:48 -08:00
Asger F
d3ee658399 Python: resolve remaining TODOs 2025-02-06 10:27:56 +01:00
Asger F
975ce064fc Python: implement for polynomial redos 2025-02-06 10:27:45 +01:00
Asger F
e4a1847dad Python: mass enable diff-informed data flow 2025-02-06 10:27:19 +01:00
Joe Farebrother
8a778da253 Apply suggestions from docs review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-12-09 19:58:00 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
6e16ed52e8 Reveiw suggestions: Spelling/grammar fixes 
Co-authored-by: Taus <tausbn@github.com>
 2024-12-09 19:56:59 +00:00
Joe Farebrother
f0163894b6 fix link in qhelp refs 2024-12-09 19:56:25 +00:00
Joe Farebrother
4602c5c905 Remove experimental version + qhelp fixes 2024-12-09 19:56:18 +00:00
Joe Farebrother
e4e02ec674 Add security severity + fix qhelp 2024-12-09 19:56:03 +00:00
Joe Farebrother
02f395f5f8 Add qhelp 2024-12-09 19:55:57 +00:00
Joe Farebrother
1cb01a286d Add tests for jinja 2024-12-09 19:55:36 +00:00
Anders Schack-Mulligen
8a5fc97b06 Python: Remove deprecated configuration classes referencing deleted api. 2024-12-03 20:08:45 +01:00
Chris Smowton
5f31adc1f4 Update InsecureCookie.qhelp 
Gratuitous commit to nudge CI
 2024-10-30 09:34:49 +00:00
Charmander
a97998811a Fix typo and grammar in InsecureCookie.qhelp 2024-10-30 07:29:20 +00:00
Felicity Chapman
fcb2b5730f Update CookieInjection.ql to remove period 2024-08-15 13:17:13 +01:00
Joe Farebrother
1127b08635 Merge branch 'main' into python-cookie-concept-promote 2024-07-29 10:26:03 +01:00
Joe Farebrother
8f714c631f Code reveiw suggestions. correction in changenote + style in example 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-24 21:37:12 +01:00
Joe Farebrother
93f70b3ad9 Add unit tests 2024-07-23 10:15:23 +01:00
Joe Farebrother
226e4eb8a5 Use a 3-valued newtype for hasSameSiteAttribute 2024-07-23 10:14:45 +01:00
Joe Farebrother
df5569fda9 Add documentation 2024-07-23 10:14:40 +01:00
Joe Farebrother
033dd9f8a6 Promote insecure cookie query 2024-07-23 10:14:22 +01:00
Joe Farebrother
baf51334e4 Update documentation 2024-07-19 09:13:30 +01:00
Joe Farebrother
8d93c3a852 Move to cwe-20 2024-07-16 16:50:08 +01:00
Joe Farebrother
e885f1f8c4 Add documentation 2024-07-16 16:50:05 +01:00
Joe Farebrother
983bdb92a1 Add test cases + remove redundant import 2024-07-16 16:50:00 +01:00
Joe Farebrother
123214cb2b Promoto cookie injection query 2024-07-16 16:49:56 +01:00
Mathew Payne
96048f962e Update python/ql/src/Security/CWE-798/HardcodedCredentials.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-07-01 14:29:00 +01:00
Mathew Payne
1cf9714272 feat(python): Add Hardcoded Credentials MaD support 2024-06-28 14:30:36 +01:00
Rasmus Wriedt Larsen
121ca129bc Update qhelp with https:/example.com handling 2024-06-03 10:17:10 +02:00
Joe Farebrother
ab23d0ad23 Merge branch 'main' into python-promote-header-injection 2024-05-08 13:49:00 +01:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Joe Farebrother
1dce2eb325 Rename to response splitting 2024-04-24 14:05:40 +01:00
Joe Farebrother
9d56f3eb68 Fix qldoc formatting 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Anders Schack-Mulligen
a8fc100108 Python: Add alert provenance plumbing. 2024-04-12 09:20:08 +02:00
yoff
44ab36f238 Merge pull request #15729 from yoff/python/hardcoded-credentials-without-pointsto 
python: Rewrite `HardcodedCredentials` away from `PointsTo`
 2024-03-18 20:48:30 +01:00
Rasmus Lerchedahl Petersen
3eb9491cb4 python: rewrite HardcodedCredentials away from PointsTo 
- `ModuleValue.attr` and `ClassValue.lookup` are approximated by `Function.getName`
- `ClassValue.getName` is apprximated by `Class.getName`
- `Module::named` is approximated by `Module.getName`
- `Value::named` is approximated by `Builtins::likelyBuiltin`
- `FunctionValue.getNamedArgumentForCall` is approximated by `ArgumentNode.argumentOf`
 2024-02-26 17:18:40 +01:00
Rasmus Wriedt Larsen
1cfac50749 Python: Add precision to NoSQL query 
Due to this, it was not part of any query suite :O
 2024-02-26 11:23:43 +01:00
Max Schaefer
a4639c7ff9 Update qhelp to mention solution using urlparse. 2024-01-22 13:36:12 +00:00
Max Schaefer
66fe32ab82 Python: Mention more sanitisation options in py/url-redirection qhelp. 2023-12-20 11:31:07 +00:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
Max Schaefer
3939167ba2 Include more details in the message for py/weak-cryptographic-algorithm. 
Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.
 2023-10-26 11:28:09 +01:00