hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
956507b5fa C#: Add guards stress test 2021-04-23 10:25:31 +02:00
yoff
1954c0ba84 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-23 10:20:18 +02:00
Tom Hvitved
4c597dd467 C#: Improve performance of guards library 2021-04-23 10:09:43 +02:00
Jonas Jensen
6de5b3021e C++: Replace Jira ticket reference with GH issue 2021-04-23 09:58:39 +02:00
Jonas Jensen
6e059ea002 C++: Remove reference to obsolete issue CPP-383 2021-04-23 09:58:15 +02:00
Shati Patel
96a4d91a6c Merge pull request #5731 from shati-patel/docs/unbind-pragmas 
Docs: New "directional binding" pragmas
 2021-04-23 08:37:02 +01:00
intrigus
98dcd4e52b Java: Tighten definition of sink. 2021-04-23 00:14:48 +02:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
intrigus
a385b30c29 Java: Factor common expr into class. 2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 23:36:17 +02:00
Dave Bartolomeo
3b04bedee0 Stub out additional bits of Alias model for C# 2021-04-22 17:19:00 -04:00
Dave Bartolomeo
5d0a4cae90 C++: Add {AllAliased} side effects for smart pointers 
Smart pointer constructors, assignments, and `reset()` can actually have fairly large side effects, especially with custom deleters, destructors for objects being destroyed, and so on. I've re-introduced `{AllAliased}` side effects for these functions. There was no immediate effect on analysis results.
 2021-04-22 16:51:36 -04:00
Taus
3e4ff9e472 Merge pull request #5742 from RasmusWL/django-3.2 
Python: Add support for new features in Django 3.2
 2021-04-22 17:39:02 +02:00
Rasmus Wriedt Larsen
f9383a31bf Python: Fix BrokenCryptoAlgorithm.qhelp 2021-04-22 15:58:28 +02:00
Rasmus Wriedt Larsen
222c087e8c Python: Remove type-tracking performance workaround 
Since we shouldn't need it anymore (yay)
 2021-04-22 15:31:49 +02:00
Rasmus Wriedt Larsen
b82209964a Python: Add change-note for new weak crypto queries 2021-04-22 15:23:42 +02:00
Rasmus Wriedt Larsen
fc1a6d0e32 Python: Say salting is not part of py/weak-sensitive-data-hashing 2021-04-22 15:23:41 +02:00
Rasmus Wriedt Larsen
ac83c695ad Python: Add py/weak-sensitive-data-hashing query 2021-04-22 15:23:41 +02:00
Rasmus Wriedt Larsen
499adc26a3 Python: Extend SensitiveDataSource tests 
Now it contains all the sort of things we actually support 👍
 2021-04-22 15:23:40 +02:00
Rasmus Wriedt Larsen
794a86a6b0 Python: Add SensitiveDataSource 2021-04-22 15:23:39 +02:00
Rasmus Wriedt Larsen
56c409737d Python: Port py/weak-cryptographic-algorithm 
The other query (py/weak-sensitive-data-hashing) is added in future commit
 2021-04-22 15:23:38 +02:00
Rasmus Wriedt Larsen
59edd18c34 Python: Move framework test-files out of experimental 
This PR was rebased on newest main, but was written a long time ago when all the
framework test-files were still in experimental. I have not re-written my local
git-history, since there are MANY updates to those files (and I dare not risk
it).
 2021-04-22 15:23:37 +02:00
Rasmus Wriedt Larsen
1616975e06 Python: Model hashlib from standard library 2021-04-22 15:23:37 +02:00
Rasmus Lerchedahl Petersen
5a4e661e60 Merge branch 'main' of github.com:github/codeql into python-support-pathlib 2021-04-22 15:04:21 +02:00
CodeQL CI
bdb41423e2 Merge pull request #5748 from asgerf/js/rate-limiting-fixes 
Approved by erik-krogh
 2021-04-22 05:56:50 -07:00
Rasmus Wriedt Larsen
7ffbfa8043 Python: Expand stdlib md5 tests with keyword-arguments 2021-04-22 14:51:20 +02:00
Rasmus Wriedt Larsen
fa88f22453 Python: Model hashing operations in cryptography package 2021-04-22 14:51:20 +02:00
Rasmus Wriedt Larsen
c5f826580b Python: Model encrypt/decrypt in cryptography package 
I introduced a InternalTypeTracking module, since the type-tracking code got so
verbose, that it was impossible to get an overview of the relevant predicates.
(this means the "first" type-tracking predicate that is usually private, cannot
be marked private anymore, since it needs to be exposed in the private module.
 2021-04-22 14:51:19 +02:00
Rasmus Wriedt Larsen
bf6f5074c2 Python: Port cryptodome tests to crypto 
I don't know if this is really a smart test-setup... I feel a bit stupid when
doing this xD
 2021-04-22 14:51:19 +02:00
Rasmus Wriedt Larsen
f8254381f3 Python: Add MISSING: CryptographicOperationAlgorithm annotations 
For RSA it's unclear what the algorithm name should even be. Signatures based on
RSA private keys with PSS scheme is ok, but with pkcs#1 v1.5 they are
weak/vulnerable. So clearly just putting RSA as the algorithm name is not enough
information...

and that problem is also why I wanted to do this commit separetely (to call
extra atten to this).
 2021-04-22 14:51:18 +02:00
Rasmus Wriedt Larsen
23140dfb76 Python: Add CryptographicOperation modeling for Cryptodome 2021-04-22 14:51:17 +02:00
Rasmus Wriedt Larsen
1b2ed9d99a Python: Align cryptodome tests 2021-04-22 14:51:16 +02:00
Rasmus Wriedt Larsen
2c0df8e656 Python: Add MD5 tests 2021-04-22 14:51:16 +02:00
Rasmus Wriedt Larsen
a8de2aba3b Python: Move CryptoAlgorithms implementation 2021-04-22 14:51:15 +02:00
Rasmus Wriedt Larsen
65c8d9605e Python: Add CryptographicOperation Concept 
I considered using `getInput` like in JS, but things like signature verification
has multiple inputs (message and signature).

Using getAnInput also aligns better with Decoding/Encoding.
 2021-04-22 14:51:14 +02:00
Rasmus Wriedt Larsen
d18fbb7f07 Python: Add working tests of AES and RC4 2021-04-22 14:51:14 +02:00
Rasmus Wriedt Larsen
cf64701bcb Python: Move weak-crypto-algorithm tests to own folder 2021-04-22 14:51:13 +02:00
Tamas Vajk
ed42c878b0 Adjust 'fromSource' to hold only on '.cs' files 2021-04-22 14:17:16 +02:00
Tamas Vajk
b36d35bf1e Revert "C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file" 
This reverts commit 1dab1590ea.
 2021-04-22 14:16:10 +02:00
haby0
407dcea751 add String type startsWith 2021-04-22 19:20:54 +08:00
haby0
1712d01b74 Merge branch 'UseOfLessTrustedSource' of https://github.com/haby0/codeql into UseOfLessTrustedSource 2021-04-22 19:02:23 +08:00
haby0
9b4442be8b Fix some errors 2021-04-22 19:01:55 +08:00
haby0
aaef4ef22b Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-22 18:52:55 +08:00
Tamás Vajk
cb28bc80b7 Merge branch 'main' into feature/java-sinks-csv 2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079 Improve documentation of csv sink models 2021-04-22 11:37:41 +02:00
Mathias Vorreiter Pedersen
2b8afe55e8 Merge pull request #5747 from rdmarsh2/rdmarsh2/cpp/deprecate-return-stack-allocated-object 
C++: deprecate cpp/return-stack-allocated-object
 2021-04-22 11:37:07 +02:00
edvraa
c9c9758e01 Make similarly named files in tests and qhelp in sync 2021-04-22 12:23:46 +03:00
Tamas Vajk
1caa5c4780 Adjust hostname verifier sink identifier name 2021-04-22 11:22:18 +02:00
Tamas Vajk
6c78a247f2 Revert erroneous refactoring in header splitting sink base class 2021-04-22 11:20:39 +02:00
Tamas Vajk
9b1c54e81b Add argument indices to HTTP header splitting sinks 2021-04-22 11:17:25 +02:00