hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,280 Commits 1,672 Branches 157 Tags
oscarsj/test-cpp-internal-checks
Commit Graph

9236 Commits

Author SHA1 Message Date
Andrew Eisenberg
b897a40228 Move python contextual queries to lib folders 
This will ensure that python projects can use jump to ref/def in
vscode when the core libraries are not installed.
 2022-07-15 13:12:17 -07:00
Ahmed Farid
7406273346 Update TimingAttack.qhelp 2022-07-14 17:56:58 +01:00
Ahmed Farid
f4654136d6 Update TimingAttack.qhelp 2022-07-14 17:56:13 +01:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Raul Garcia
f7c47b6c75 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-13 08:34:48 -07:00
Erik Krogh Kristensen
595875ff98 remove redundant not-equals check 2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen
c4f44bb67f sync files 2022-07-13 10:01:26 +02:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
d929b1338b Addressing API::Node feedback for all predicates 2022-07-12 11:55:06 -07:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
e5702d0e15 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:37 -07:00
Raul Garcia
7fc9ae6c49 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 13:07:20 -07:00
Taus
ec363166ba Python: Make UserInputMsgConfig public 2022-07-11 15:24:31 +02:00
Raul Garcia
dd1a9a22e3 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:38 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
yoff
f52d792b36 Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 2022-07-01 12:01:07 +00:00
CodeQL CI
5b5a52fa25 Merge pull request #9551 from yoff/python/port-tarslip 
Approved by RasmusWL
 2022-07-01 12:58:25 +01:00
yoff
61523bd330 python: better names 
- "Normal" instead of "NonSpecial"
- "NonLibrary" instead of "2"

I could not find a good replacement for "NonLibrary", nor for "Source",
but I added QLDocs in a few places to help the reading.
 2022-07-01 11:55:20 +00:00
yoff
a0db438799 python: rename getACall2 -> getANonLibraryCall 2022-07-01 10:29:03 +00:00
yoff
f6af24894d python: recover isPackageUsed 
- add `unknownAttribute` to pre-compute negation
- add `Node`-less formulation of "is imported"
 2022-07-01 09:39:07 +00:00
yoff
71583bf6be python: fix import of AccessPathSyntax 2022-07-01 08:48:55 +00:00
yoff
3a80baf39c python: concession to get the code to compile 
`isPackageUsed` now does no filtering
 2022-07-01 07:06:09 +00:00
yoff
e54ada175d python: rewrite not away 
A `LocalSourceNode` is either a `ModuleVariableNode`
or an `ExprNode`.
 2022-07-01 07:03:14 +00:00
yoff
cf9b69b5f2 python: More helpful comment 2022-06-30 13:07:13 +00:00
yoff
b0a29b146a Update python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-30 14:54:01 +02:00
yoff
df7ffb2880 Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-30 14:53:49 +02:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
7864a7580e Fix import statements 2022-06-29 10:22:45 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
yoff
8988a02806 Merge pull request #9733 from tausbn/python-fix-bad-mro-flatten-list-join 
Python: Fix bad join in MRO `flatten_list`
 2022-06-29 13:29:48 +02:00
yoff
f122af81ea Merge pull request #9741 from tausbn/python-fix-bad-join-in-regexpbackref-getgroup 
Python: Fix bad join in `RegExpBackRef::getGroup`
 2022-06-29 13:23:07 +02:00
yoff
731f866242 Merge pull request #9717 from tausbn/python-fix-bad-mro-linearization-of-bases-join 
Python: Fix bad join in MRO
 2022-06-29 13:08:18 +02:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Ahmed Farid
f5d0791b4f Update TimingAttack.qll 2022-06-29 00:56:15 +01:00
Ahmed Farid
98909c2069 Update TimingAttackAgainstSensitiveInfo.ql 2022-06-29 00:55:21 +01:00
Ahmed Farid
41b4c06f2d Update TimingAttackAgainstSignature.ql 2022-06-29 00:54:44 +01:00
Ahmed Farid
e20fefc3ad Update TimingAttackAgainstHeader.ql 2022-06-29 00:54:03 +01:00
Ahmed Farid
5742046edf Update PossibleTimingAttackAgainstSignature.ql 2022-06-29 00:51:51 +01:00
Ahmed Farid
acbb4042df Update TimingAttack.qhelp 2022-06-29 00:51:12 +01:00
yoff
1105cd569b Merge branch 'main' into python/port-tarslip 2022-06-28 22:17:28 +02:00
yoff
6087bc6888 Merge branch 'main' into python/more-logic-tests 2022-06-28 22:16:38 +02:00