hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
53,431 Commits 1,741 Branches 166 Tags
1a9956354e64240846ce2ea8ed419617e8788fe7
Commit Graph

53431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
4c6711d007 JS: Clarify the difference between context and input sources 2023-05-03 10:30:04 +02:00
Asger F
bdcda7ffe6 JS: Move change note to right location 2023-05-03 10:22:40 +02:00
Asger F
04e393fcf8 JS: Change note 2023-05-02 11:02:58 +02:00
Asger F
5eaaa7e074 JS: Add qldoc 2023-05-01 11:42:55 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
cb95dbfa14 JS: Add tests 2023-05-01 11:42:17 +02:00
Asger F
0497e60ce2 JS: Model actions/exec 2023-05-01 11:05:59 +02:00
Asger F
cb9b01cbb7 JS: Port new sources based on comment from JarLob 2023-05-01 11:04:54 +02:00
Asger F
3d208c0a62 JS: Port Actions sources based on PR from R3x 2023-05-01 10:48:43 +02:00
Paolo Tranquilli
fdd975b992 Merge pull request #12842 from github/redsun82/swift-qlgen-qldoc 
Swift: add QLdoc for generated `Raw` and `Synth` modules
 2023-04-17 10:57:54 +02:00
Paolo Tranquilli
edb355b47f Swift: add QLdoc for generated Raw and Synth modules 2023-04-17 09:38:26 +02:00
Erik Krogh Kristensen
4e49df1615 Merge pull request #12839 from jcogs33/jcogs33/update-QueryDoc-regex 
QL: update regexes used in `QueryDoc.getQueryName()` and in `QueryDoc.getQueryId()/getQueryLanguage()`
 2023-04-17 09:03:03 +02:00
Mathias Vorreiter Pedersen
7eee589304 Merge pull request #12569 from andersfugmann/andersfugmann/use_after_free 
C++: Implement use-after-free and double-free queries using the new IR use-use dataflow
 2023-04-17 08:01:58 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00
Mathias Vorreiter Pedersen
dba46bd324 Update cpp/ql/src/Critical/DoubleFree.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:38:30 +01:00
Asger F
ccb57f2a84 Merge pull request #12804 from asgerf/rb/api-graphs-cached 
Ruby: restrict join order of API graph predicates
 2023-04-17 08:24:07 +02:00
Jami Cogswell
06bf246afe QL: update regexes 2023-04-16 16:10:23 -04:00
Geoffrey White
d94ed1b4a3 Merge pull request #12824 from geoffw0/modernsec4 
Swift: Add CryptoSwift sinks in swift/weak-sensitive-data-hashing
 2023-04-14 19:56:37 +01:00
Edward Minnix III
38826c98f1 Merge pull request #12751 from egregius313/egregius313/dataflow-refactor-cleanup 
Java: Finish dataflow refactor
 2023-04-14 10:35:11 -04:00
Geoffrey White
ba982e2f85 Merge pull request #12752 from gsingh93/buffer-access-array-expr 
C++: Consider ArrayExpr with non-constant size expressions as a BufferAccess
 2023-04-14 15:31:20 +01:00
Michael Nebel
4bca9511cd Merge pull request #12803 from michaelnebel/csharp/refactordataflow3 
C#: Re-factor dataflow queries to use the new API.
 2023-04-14 16:30:55 +02:00
Owen Mansel-Chan
8a4ca7fb84 Merge pull request #10026 from pwntester/patch-2 
Go: Partial URLs should not sanitize against SSRF
 2023-04-14 13:52:11 +01:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
Asger F
f4e8656c17 Ruby: move internal methods to API::Node::Internal 2023-04-14 13:35:13 +02:00
Alex Ford
9169ddb9c1 Merge pull request #12823 from alexet/alexet/bump-version 
Bump all qlpacks major versions
 2023-04-14 12:18:27 +01:00
Owen Mansel-Chan
352866b52d Add change note 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
a42dbc5bab Fix formatting again 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
d407a689fa Fix formatting by deleting spaces no blank line 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
169bde8671 Fix formatting by deleting blank line 2023-04-14 12:00:38 +01:00
Alvaro Muñoz
8bf4b55309 Partial URLs should not sanitize against SSRF 
As an example:

```go
	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)
```
 2023-04-14 12:00:38 +01:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00
Ed Minnix
0a26916245 Re-Add SensitiveResultReceiverConf as deprecated 2023-04-13 23:06:16 -04:00
Edward Minnix III
77b67cbf2e Fix typo 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-04-13 23:06:16 -04:00
Ed Minnix
0fc775027f Fix SensitiveResultReceiver test case 2023-04-13 23:06:16 -04:00
Ed Minnix
3826b9be6c Re-add allowImplicitRead 2023-04-13 23:06:16 -04:00
Ed Minnix
74b71ff7e3 Replace allowImplicitRead with default implementation 2023-04-13 23:06:16 -04:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Edward Minnix III
3e55c47e3e flow(_, sink) to flowTo(sink) 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-04-13 23:06:16 -04:00
Ed Minnix
5ed1868324 Refactor ratpack framework test 2023-04-13 23:06:16 -04:00
Ed Minnix
88eb0231c1 Refactor taintedString.ql test 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
Mathias Vorreiter Pedersen
15d5ad7a66 Merge pull request #12822 from MathiasVP/promote-redundant-null-check-simple 
C++: Promote `cpp/redundant-null-check-simple` to Code Scanning
 2023-04-13 22:01:28 +01:00
Geoffrey White
3f8ac1a12b Merge pull request #12794 from geoffw0/modernsec2 
Swift: Add CSV extension points to the encryption queries.
 2023-04-13 19:43:05 +01:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Mathias Vorreiter Pedersen
b7bbdb76ba Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-13 18:42:12 +01:00
Geoffrey White
8c415f3988 Swift: getName() -> getFullName(). 2023-04-13 17:56:07 +01:00