codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	627ee8536c	PS: Port changes from #20132 to PowerShell.	2025-08-12 14:52:12 +01:00
Mathias Vorreiter Pedersen	e96e464855	PS: Accept test changes.	2025-08-11 14:22:19 +01:00
Mathias Vorreiter Pedersen	9b5897ca3a	PS: Improve api graphs.	2025-08-11 14:22:17 +01:00
Mathias Vorreiter Pedersen	1bd93b9849	PS: Add missing dataflow predicates related to models.	2025-08-08 17:08:15 +01:00
Mathias Vorreiter Pedersen	3829528467	PS: Delete stuff we don't actually need.	2025-08-08 17:07:43 +01:00
Mathias Vorreiter Pedersen	ffc53d7764	PS: Accept test changes.	2025-07-24 20:03:59 +01:00
Mathias Vorreiter Pedersen	7b4d2a9edf	PS: Lower casing in command-line injection query.	2025-07-24 20:03:48 +01:00
Mathias Vorreiter Pedersen	b66c99ba76	PS: Lower casing in frameworks.	2025-07-24 20:03:27 +01:00
Mathias Vorreiter Pedersen	e3b3f0b343	PS: Consistent lower casing in api graphs, control-flow graph, and dataflow nodes.	2025-07-24 20:03:10 +01:00
Mathias Vorreiter Pedersen	3880d9fa8d	PS: More consistent lower casing in the AST classes.	2025-07-24 20:02:03 +01:00
Mathias Vorreiter Pedersen	71fec26542	PS: Lower case all parameter types.	2025-07-24 18:07:59 +01:00
Mathias Vorreiter Pedersen	f9c3bde6d5	PS: Fix false positive by adding a type-based sanitizer.	2025-07-24 18:06:06 +01:00
Mathias Vorreiter Pedersen	e7956301a4	PS: Add false positive.	2025-07-24 18:00:49 +01:00
Mathias Vorreiter Pedersen	7991eb4919	PS: Accept test changes.	2025-07-24 00:16:20 +01:00
Mathias Vorreiter Pedersen	3ba87996e3	PS: Unhide some dataflow nodes to make paths more explicit.	2025-07-24 00:11:45 +01:00
Mathias Vorreiter Pedersen	95926cbc70	PS: Remove environment variables as flow sources from 'powershell/microsoft/public/sql-injection'.	2025-07-24 00:11:31 +01:00
Chanel	a0dbf930a2	Update powershell/ql/src/queries/security/cwe-319/UnsafeSMBSettings.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2025-07-23 11:30:30 -07:00
Chanel Young	482fda7541	formatting	2025-07-23 11:22:12 -07:00
Chanel Young	4e0ea04d3b	add query, tests	2025-07-23 11:16:11 -07:00
Chanel	d78280ea0f	Merge branch 'main' into powershell-unsafe-deserialization	2025-07-22 10:07:10 -07:00
Chanel	3b90949d4d	Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2025-07-22 10:06:59 -07:00
Chanel	2e93ec5490	Update powershell/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2025-07-22 10:06:52 -07:00
Chanel	6d62e8717a	Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2025-07-22 10:06:46 -07:00
Chanel	9266713d19	Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2025-07-22 10:06:39 -07:00
Chanel Young	1149d33691	updated .expected test file	2025-07-17 13:19:07 -07:00
Mathias Vorreiter Pedersen	b72af27e81	PS: Add tests showing that there is no flow starting at environment variables, but we still have flow through them.	2025-07-17 20:05:21 +01:00
Mathias Vorreiter Pedersen	a95f3b3f47	PS: Accept test changes.	2025-07-17 19:01:09 +01:00
Mathias Vorreiter Pedersen	6ab627955f	PS: Implement global dataflow for environment variable write/reads.	2025-07-17 18:59:25 +01:00
Mathias Vorreiter Pedersen	2541bcdf5e	PS: Add test cases.	2025-07-17 18:59:19 +01:00
Mathias Vorreiter Pedersen	3f4a16978e	PS: Change the AST so that an 'EnvVariable' is actually a 'Variable', and make it possible for a 'VarAccess' to target a read/write of an environment variable.	2025-07-17 18:48:11 +01:00
Chanel Young	6ac935469f	move logic to qlls	2025-07-17 08:27:36 -07:00
Chanel Young	cb8496bbfe	added queries, tests, docs	2025-07-16 14:27:23 -07:00
Mathias Vorreiter Pedersen	ef3654f9cf	PS: Small cleanup.	2025-07-16 20:21:08 +01:00
Mathias Vorreiter Pedersen	72af800101	PS: Accept test changes.	2025-07-16 14:33:02 +01:00
Mathias Vorreiter Pedersen	205d2e58ff	PS: Add dot sourcing as a sink.	2025-07-16 14:33:01 +01:00
Mathias Vorreiter Pedersen	670ad745ca	PS: Add false negative.	2025-07-16 14:32:42 +01:00
Mathias Vorreiter Pedersen	5f07641bd3	PS: Fix false positive by fixing the 'getCommand' predicates in 'CallOperatorCfgNode' and 'CallOperator'. Also fix 'DotSourcingOperator::getPath' while here.	2025-07-16 14:31:51 +01:00
Mathias Vorreiter Pedersen	75d37dcead	PS: Add false positive.	2025-07-16 13:46:44 +01:00
Mathias Vorreiter Pedersen	f39d08ecfa	PS: Fix spelling.	2025-07-16 13:45:09 +01:00
Josh Brown	3606679eee	Terminate p tag	2025-07-10 10:35:09 -07:00
Mathias Vorreiter Pedersen	d1988774a3	PS: Add more flow sources and accept test changes.	2025-07-09 12:22:33 +01:00
Mathias Vorreiter Pedersen	1816356515	PS: Add test with missing remote flow.	2025-07-09 12:20:41 +01:00
Mathias Vorreiter Pedersen	3101cc81e6	Merge pull request #253 from microsoft/add-set-execution-policy-bypass-query PS: Add query for insecure uses of `Set-ExecutionPolicy`	2025-07-07 19:33:06 +01:00
Mathias Vorreiter Pedersen	398d27b779	PS: Fix missing AST child.	2025-07-07 19:15:18 +01:00
Mathias Vorreiter Pedersen	28de6ede04	PS: Also require '-Force' with a truthy value. Note the 'NOT DETECTED' test. We will fix that in the next commit.	2025-07-07 19:14:01 +01:00
Mathias Vorreiter Pedersen	1d64a7949b	Merge pull request #252 from microsoft/add-more-remote-flow-sources PS: Add flow sources from `System.Net.WebClient`	2025-07-07 14:50:03 +01:00
Mathias Vorreiter Pedersen	b6b4df5ce0	PS: Implement 'localExprTaint' instead of leaving it as 'none()'.	2025-07-04 20:24:22 +01:00
Mathias Vorreiter Pedersen	4e524a189d	PS: Add tests.	2025-07-04 19:44:49 +01:00
Mathias Vorreiter Pedersen	f7c9899450	PS: Add documentation.	2025-07-04 19:44:39 +01:00
Mathias Vorreiter Pedersen	2731983fbe	PS: Add query for insecure uses of 'Set-ExecutionPolicy'.	2025-07-04 19:44:15 +01:00

1 2 3 4 5 ...

500 Commits