hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

4539 Commits

Author SHA1 Message Date
jorgectf
d4a89b2fd8 Fix qhelp typo while converting to python's regex injection 2021-04-27 19:54:34 +02:00
jorgectf
d49c23fe67 Improve tests' readability 2021-04-27 19:54:34 +02:00
jorgectf
0e169ba10e Format qhelp 2021-04-27 19:54:33 +02:00
jorgectf
c54f08f33a Improve qhelp 2021-04-27 19:54:33 +02:00
jorgectf
66ee67a781 Polished select statement 2021-04-27 19:54:32 +02:00
jorgectf
f75110365f Fix Sink utilization in select 2021-04-27 19:54:32 +02:00
jorgectf
a5850f4a99 Use getRegexModule to know used lib 2021-04-27 19:54:31 +02:00
jorgectf
e78e2ac266 Get rid of (get)regexMethod 2021-04-27 19:54:30 +02:00
jorgectf
18ce257fc8 Move RegexInjectionSink to query config (qll) 2021-04-27 19:54:29 +02:00
jorgectf
53d61c4fb6 Use custom Sink 2021-04-27 19:54:29 +02:00
jorgectf
36cc7b5e3f Fix CompiledRegex 2021-04-27 19:54:28 +02:00
jorgectf
35f1c45d32 Change from Attribute to DataFlow::CallCfgNode in getRegexMethod() 2021-04-27 19:54:28 +02:00
jorgectf
c127b109d0 Create re.compile().ReMethod test 2021-04-27 19:54:27 +02:00
jorgectf
be09ffec3f Create RegexEscape Range 2021-04-27 19:54:27 +02:00
jorgectf
805f86a5cf Polish RegexEscape 2021-04-27 19:54:26 +02:00
jorgectf
3d990c5950 Get back to ApiGraphs 2021-04-27 19:54:26 +02:00
jorgectf
30554a16da Format 2021-04-27 19:54:24 +02:00
jorgectf
ee1d2b645b Delete DirectRegex and CompiledRegex 2021-04-27 19:54:24 +02:00
jorgectf
ce23db2e9c Move Sanitizer to ReEscapeCall 2021-04-27 19:54:23 +02:00
jorgectf
b5ea41fcca Fix CompiledRegex 2021-04-27 19:54:22 +02:00
jorgectf
d61adccd3c Take main Concepts.qll out of the PR 2021-04-27 19:54:22 +02:00
jorgectf
a1a3c98d92 Undo main Concepts.qll change 2021-04-27 19:54:21 +02:00
jorgectf
28fdeba4fa Structure development 2021-04-27 19:54:20 +02:00
jorgectf
444a15a461 Polish imports 2021-04-27 19:54:20 +02:00
Jorge
0f20eeb395 Apply suggestions 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:19 +02:00
Jorge
b27b77c38f Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:18 +02:00
Jorge
249e4097e3 Change query ID 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-27 19:54:17 +02:00
jorgectf
b207929e0a RegexExecution restructuring 2021-04-27 19:54:16 +02:00
jorgectf
3daec8e6a2 Enclose Sinks and ReMethods in a module 2021-04-27 19:54:15 +02:00
jorgectf
caaf5436c6 Attempt to restructuring ReMethods and RegexExecution's modules 2021-04-27 19:54:14 +02:00
jorgectf
6d5a0f2f84 Limit Sanitizer to re.escape(arg) 2021-04-27 19:54:13 +02:00
jorgectf
a1b5cc3bc6 Typo 2021-04-27 19:54:13 +02:00
jorgectf
e4736d064e Typo 2021-04-27 19:54:12 +02:00
jorgectf
f45307f990 Apply rebase 2021-04-27 19:54:12 +02:00
jorgectf
5dae920783 Edit filenames to match consistent naming 2021-04-27 19:54:11 +02:00
jorgectf
63f708dd57 Apply suggestions 2021-04-27 19:54:10 +02:00
Jorge
6cc714464c Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:09 +02:00
jorgectf
21f8135fa6 Move to experimental folder 2021-04-27 19:54:08 +02:00
jorgectf
afc4f51e9c Remove CWE references 2021-04-27 19:54:07 +02:00
jorgectf
bd3d2ec686 Update to match consistent naming across languages 2021-04-27 19:54:07 +02:00
jorgectf
7adc3c2fba Upload ReDoS query, qhelp and tests 2021-04-27 19:54:05 +02:00
Tom Hvitved
914184f3dd Data flow: Sync files 2021-04-27 19:06:39 +02:00
Rasmus Wriedt Larsen
523ed8272d Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-27 14:42:05 +02:00
yoff
0509a12790 Merge pull request #5770 from tausbn/python-small-api-graph-fix 
Python: Use only `TApiNode` in `API::Impl`
 2021-04-27 14:06:09 +02:00
Chris Smowton
64a2320be7 Merge pull request #5757 from smowton/smowton/admin/fix-dead-qhelp-links 
Fix all dead qhelp links
 2021-04-27 12:17:08 +01:00
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
thank_you
62f3e8d64a Add sanitizer for ObjectId 
ObjectId is a sanitizer used to sanitize strings into valid MongoDB ids. During research we've found that this method is used.

ObjectId returns a string representing an id. If at any time ObjectId can't parse it's input (like when a tainted dict in passed in), then ObjectId will throw an error preventing the query from running.
 2021-04-26 15:35:42 -04:00
Taus
3889c8afec Python: Use only TApiNode in API::Impl 
This ensures that changes to `API::Node` does not invalidate the cached
`module Impl`. At present, I don't expect this to have any effect (as
the `Node` class is also fairly static, though not explicitly cached),
but I can imagine us making some of the `Node` methods have
user-extensible behaviour, in which case we definitely do not want this
to result in reevaluation of `API::Impl`.
 2021-04-26 13:10:15 +00:00
Rasmus Lerchedahl Petersen
7cc97836a9 Python: More cleanup from reviewer suggestions 2021-04-23 20:26:13 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00