hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,065 Commits 1,714 Branches 162 Tags
1728e5dfd56977576561e0c56d122018fc336c2c
Commit Graph

68065 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonathan Leitschuh
1728e5dfd5 Align Ruby NonConstantKernelOpen.ql Severity 
Align severity with other command injection vulnerabilities:

 - 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:27:47 -04:00
Taus
4a448f445e Merge pull request #15715 from am0o0/am0o0-python-codeExec 
Python: New command execution sinks
 2024-06-21 14:26:33 +02:00
Erik Krogh Kristensen
49f74bacf2 Merge pull request #16729 from mbaluda/main 
JS: Extract SAP XSJS file types as Javascript
 2024-06-21 14:23:55 +02:00
Mauro Baluda
b75514c990 Merge branch 'github:main' into main 2024-06-21 13:36:38 +02:00
Kasper Svendsen
988d0671bb Merge pull request #16734 from kaspersv/kaspersv/doc-intern-sets-builtin 
Document builtin InternSets module
 2024-06-21 12:06:40 +02:00
Tom Hvitved
dff3ce2a9f Merge pull request #16794 from hvitved/ruby/sinatra-flow 
Ruby: Rework `Sinatra.FilterJumpStep`
 2024-06-21 11:38:10 +02:00
Tom Hvitved
8ea4f85de3 Ruby: Rework Sinatra.FilterJumpStep 2024-06-21 08:57:59 +02:00
Tom Hvitved
95c764eff6 Fix Sinatra test to properly output pathgraph 2024-06-21 08:57:19 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
Erik Krogh Kristensen
60ed51781e Merge pull request #16790 from github/max-schaefer-patch-1 
JavaScript: Fix CodeQL alert in extractor
 2024-06-20 20:20:00 +02:00
Erik Krogh Kristensen
e84028d01e Merge pull request #14088 from am0o0/amammad-js-JWT 
JS: decoding JWT without signature verification
 2024-06-20 20:13:40 +02:00
Jeroen Ketema
0e04a59c08 Merge pull request #16795 from jketema/test-cleanup 
C++: Remove unneeded options from tests
 2024-06-20 16:24:07 +02:00
Jeroen Ketema
4c4c15b425 C++: Remove unneeded options from tests 2024-06-20 14:21:34 +02:00
Asger F
a36e39359f Merge pull request #16739 from RasmusWL/js-array-steps 
JS: Allow many Array steps to be used in type-tracking
 2024-06-20 11:39:46 +02:00
Rasmus Wriedt Larsen
596102d3fb Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-06-20 10:07:49 +02:00
Max Schaefer
2be171746b JavaScript: Fix CodeQL alert in extractor 
This doesn't make a difference in practice because we only run the method on arrays of even length, but we might as well fix it.
 2024-06-19 17:13:01 +01:00
Tom Hvitved
6dbdc9e17f Merge pull request #16784 from github/redsun82/fix-warnings-in-ql-tests 
C++/Java: Accept new warning format in ql tests
 2024-06-19 13:05:50 +02:00
Paolo Tranquilli
b7a2ea8981 CI: accept other diagnostic format related test changes 2024-06-19 11:33:50 +02:00
Paolo Tranquilli
59f8f8a394 Merge branch 'main' into redsun82/fix-warnings-in-ql-tests 2024-06-19 11:21:36 +02:00
Tamás Vajk
45ece48b6f Merge pull request #16776 from tamasvajk/fix/source-generator-folder 
C#: Make sure no file is added twice to the compilation
 2024-06-19 10:09:50 +02:00
Paolo Tranquilli
919ddccfdb C++/Java: Accept new warning format in ql tests 2024-06-19 09:13:18 +02:00
Edward Minnix III
7adfa6bbed Merge pull request #16709 from egregius313/egregius313/go/df/threat-models/refactor-queries 
Go: Refactor queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`
 2024-06-18 13:56:00 -04:00
am0o0
eb1999f8b3 revert .vscode/settings.json :(( 2024-06-18 18:43:20 +02:00
am0o0
ccb923a436 fix formatting 2024-06-18 18:31:29 +02:00
Ed Minnix
5bbd003dfc Reword change note 2024-06-18 12:27:21 -04:00
Ed Minnix
b53712cae0 Change note 2024-06-18 12:27:19 -04:00
Ed Minnix
6a0be6ad09 ExternalAPIs 2024-06-18 12:27:18 -04:00
Ed Minnix
46e16b88bb Refactor experimental queries to use ThreadModelFlowSource 2024-06-18 12:27:17 -04:00
Ed Minnix
cfd5f53eb0 Refactor Customizations libraries to use ThreatModelFlowSource 2024-06-18 12:27:15 -04:00
Edward Minnix III
8997f2cdf2 Merge pull request #16697 from egregius313/egregius313/go/dataflow/threat-modeling 
Go: Introduce Threat Modeling
 2024-06-18 12:25:33 -04:00
am0o0
1f99559e9f Revert "update id of the query file" 
This reverts commit 1f112467ce.
 2024-06-18 17:33:07 +02:00
am0o0
cb39ae7dd3 revert .vscode/settings.json 2024-06-18 17:27:15 +02:00
am0o0
8a7fdfa6fe fix conflict 2024-06-18 17:18:59 +02:00
Taus
59a77a873c Merge pull request #16754 from github/tausbn/python-disregard-unused-imports-in-pytest-tests 
Python: Disregard unused imports in `pytest` tests
 2024-06-18 15:10:31 +02:00
Owen Mansel-Chan
9403bf25d8 Merge pull request #16667 from smowton/smowton/fix/global-variable-side-effect 
Add support for flow through content of global variables
 2024-06-18 13:41:57 +01:00
Tamas Vajk
6c8e391a63 C#: Make sure no file is added twice to the compilation 2024-06-18 13:45:09 +02:00
Tamas Vajk
5170585515 C#: Add integration test with file added multiple times in the same compilation 2024-06-18 13:45:06 +02:00
Max Schaefer
2c4a95bb5e Merge pull request #16777 from github/max-schaefer-patch-1 
Swift: Add missing bracket in example
 2024-06-18 11:39:42 +01:00
Alex Ford
6c3d90e8a0 Merge pull request #16650 from alexrford/rb/routing-improvements 
Ruby: ActionDispatch - support `path => target` route format
 2024-06-18 11:17:05 +01:00
Max Schaefer
9ca74de3e9 Swift: Add missing bracket in example 2024-06-18 11:00:59 +01:00
Joe Farebrother
33704779ea Merge pull request #16503 from joefarebrother/ruby-sensitive-sources 
Ruby: Use additional sensitive data heuristics for CleartextSources
 2024-06-18 10:57:55 +01:00
Michael Nebel
cd9d58fdc8 Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel 
Java: Opt-in `java/tainted-permissions-check` to threat models.
 2024-06-18 10:54:28 +02:00
Joe Farebrother
eee7f5a896 Use a combined regex for performance 2024-06-17 22:21:33 +01:00
Cornelius Riemenschneider
0f98d9e815 Merge pull request #16774 from github/criemen/cleanup 
Remove unused bzl files.
 2024-06-17 20:04:25 +02:00
Chris Smowton
4da5d6660a Add change note 2024-06-17 16:49:09 +01:00
Chris Smowton
38ee085782 Adjust test expectation 2024-06-17 16:46:49 +01:00
Chris Smowton
822f6eebfb Add support for flow through content of global variables 2024-06-17 16:42:23 +01:00
Ed Minnix
b4ecc81145 Fix provenance numbers in tests 2024-06-17 11:33:19 -04:00
Ed Minnix
fa2c50616b Remove getSourceType definitions 2024-06-17 10:57:11 -04:00