hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,217 Commits 1,746 Branches 166 Tags
056a7e87ff030b48dfa84e4174445a7aa79cd81e
Commit Graph

13217 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
056a7e87ff refactor into customizations module - and move curl download to a ClientRequest 2020-06-12 10:51:09 +02:00
Erik Krogh Kristensen
8225adcaea move TODOs 2020-06-12 10:28:06 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
c580ada527 Merge pull request #3643 from erik-krogh/yargs 
JS: extend support for yargs for js/indirect-command-line-injection
 2020-06-09 13:17:28 +02:00
Erik Krogh Kristensen
b04d7015ae fix test 2020-06-09 11:23:46 +02:00
Asger Feldthaus
0345036420 JS: Fix 'match' call in StringOps::RegExpTest 2020-06-09 10:07:36 +01:00
Erik Krogh Kristensen
c2fbcea96f base the chaining on yargs on the methods that are NOT chained 2020-06-09 10:22:25 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
semmle-qlci
1a7570ebbe Merge pull request #3563 from RasmusWL/python-fabric-execute 
Approved by tausbn
 2020-06-08 16:00:49 +01:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
Henning Makholm
5daf1db5e5 Merge pull request #3615 from github/fix-root-defintion 
QL Specification: Fix mistake in dispatch computation
 2020-06-08 14:34:58 +02:00
Anders Schack-Mulligen
8513c6981c Merge pull request #3329 from artem-smotrakov/mvel-injection 
Java: Add a query for MVEL injections
 2020-06-08 11:48:00 +02:00
Calum Grant
00078d14b9 Merge pull request #3601 from hvitved/csharp/overlapping-configs 
C#: Avoid multiple taint-tracking configurations
 2020-06-08 10:21:40 +01:00
Anders Schack-Mulligen
ad8647f345 Merge pull request #3547 from pwntester/issue_3139 
add support for java.io.StringWriter
 2020-06-08 10:02:23 +02:00
Pavel Avgustinov
7c0b8f5587 Merge pull request #3622 from aschackmull/mergeback-124 
Mergeback rc/1.24 -> master
 2020-06-08 08:38:12 +01:00
Anders Schack-Mulligen
e444bcc923 Merge pull request #3634 from Marcono1234/MagicConstants-code-style 
Fix Java code style of MagicConstants examples
 2020-06-08 09:34:48 +02:00
Anders Schack-Mulligen
be862280b2 Update java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Fix trailing whitespace
 2020-06-08 09:18:39 +02:00
Marcono1234
ad1146a23a Fix Java code style of MagicConstants examples 
- Use recommended ordering of modifiers
- Use recommended variable naming scheme
 2020-06-07 01:00:27 +02:00
Dave Bartolomeo
d4e1ee8aa7 Merge pull request #3629 from MathiasVP/remove-initialize-this-from-value-numbering 
C++: Remove TInitializeThisValueNumber from IR value numbering
 2020-06-05 15:55:20 -04:00
Henning Makholm
d2d235d7a4 Merge pull request #3476 from hmakholm/pr/module-res-update 
QL language specification: bring library path documentation up to date
 2020-06-05 18:12:35 +02:00
Henning Makholm
c2c70d7627 QL specification: typo fix 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-06-05 18:01:21 +02:00
Artem Smotrakov
b7c3dd666c Java: Clean up MVEL injection query 2020-06-05 17:22:45 +03:00
Artem Smotrakov
2842aeee72 Java: Simplified MvelInjectionLib 2020-06-05 17:17:43 +03:00
Artem Smotrakov
4a83fb8cc1 Java: Simplified MvelInjection test 2020-06-05 17:17:43 +03:00
Artem Smotrakov
df9d10f2ac Java: Added MVELRuntime.execute() sink for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
fa717b2d86 Java: Added template sinks for MVEL injections 2020-06-05 17:17:43 +03:00
Artem Smotrakov
8fd72659ec Java: Added JSR 223 sinks for MVEL injections 
- Updated MvelInjectionLib.qll
- Added tests and stubs for JSR 223 API
 2020-06-05 17:17:43 +03:00
Artem Smotrakov
6a6c805048 Java: Added Accessor sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
12e0234d40 Java: Added CompiledAccExpression sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
32ff5ad496 Java: Added CompiledExpression sink for MVEL injections 2020-06-05 17:13:24 +03:00
Artem Smotrakov
c6c4c2c99b Java: Add a query for MVEL injections 
- Added experimental/Security/CWE/CWE-094/MvelInjection.ql
- Added experimental/Security/CWE/CWE-094/MvelInjectionLib.qll
- Added a qhelp file with an example of vulnerable code
- Added tests and stubs for mvel2-2.4.7
 2020-06-05 17:13:24 +03:00
yoff
e5480e471a Merge pull request #3591 from RasmusWL/python-taintkind-fixup 
Python: Fix some problems in TaintKind useage
 2020-06-05 16:03:18 +02:00
Anders Schack-Mulligen
e4e51b5027 Merge pull request #3291 from artem-smotrakov/spel-injection 
Java: Add a query for SpEL injections
 2020-06-05 15:51:38 +02:00
Mathias Vorreiter Pedersen
7642680ab9 C++: Also remove TInitializeThisValueNumber from the AST wrapper 2020-06-05 15:26:09 +02:00
Mathias Vorreiter Pedersen
1a33a3b7e1 Merge branch 'master' into remove-initialize-this-from-value-numbering 2020-06-05 15:03:54 +02:00
Mathias Vorreiter Pedersen
d49c0f7b67 C++: Sync identical files 2020-06-05 15:01:18 +02:00
Mathias Vorreiter Pedersen
15fa7be09a C++: Remove TInitializeThisValueNumber case from IR value numbering 2020-06-05 15:01:11 +02:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
82cf53897f TypeOfCheck -> TypeOfUndefinedSanitizer 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen
05d7be8e23 autoformat 2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen
96ca4cf7eb add missing quote 2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Henning Makholm
269fa3a140 comments from alexet 
Put 'the query directory of the current file` back in the description.
 2020-06-04 20:41:54 +02:00
Jonas Jensen
ad2d1d531b Merge pull request #3616 from dbartol/dbartol/sync-missing 
Allow missing files in `sync-files --latest`
 2020-06-04 16:52:44 +02:00
Rasmus Wriedt Larsen
1ff369f62d Python: Update test results for fabric.api.execute 2020-06-04 16:30:03 +02:00
semmle-qlci
22a651cb5c Merge pull request #3621 from max-schaefer/js/qltest-experimental 
Approved by asgerf, erik-krogh
 2020-06-04 14:19:17 +01:00
Dave Bartolomeo
0666a2e587 Remove usage of f-string 2020-06-04 08:48:14 -04:00