codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	c1b90c8f05	Python: Apply suggested change	2023-05-22 11:58:32 +02:00
Rasmus Wriedt Larsen	44d806507d	Merge branch 'main' into python-UBV	2023-05-22 11:53:56 +02:00
Sim4n6	be3f59afab	Replaced StringMethod() with a restrained String method calls	2023-05-20 12:17:33 +01:00
Sim4n6	21e99d52c7	Fix a redundant import	2023-05-20 10:23:04 +01:00
Sim4n6	b8969707c5	Delete the vulnerability flow image from the QHelp file.	2023-05-20 10:21:38 +01:00
Sim4n6	16ce024429	Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-05-20 10:13:23 +01:00
Sim4n6	8462b14b54	Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-05-20 10:12:55 +01:00
Sim4n6	2a8645c447	Fix 'Singleton set literal' warning	2023-05-20 10:11:26 +01:00
Sim4n6	58be109a70	Moved UnicodeBypassValidation Customizations & Query.qll to src/experimental	2023-05-20 10:08:56 +01:00
Kasper Svendsen	3eb5a95ee3	Python: Make implicit this receivers explicit	2023-05-03 12:16:21 +02:00
Sim4n6	1fa1a4e268	Add Unicode Bypass Validation query tests and help	2023-05-02 15:09:16 +01:00
amammad	b3669b818b	v1.3 change name according to camelCase	2023-04-28 04:56:47 +02:00
amammad	a541fdf5e5	v1.2 code quality improvements including commnets too	2023-04-27 08:30:46 +02:00
amammad	1bf159e9a9	Merge branch 'github:main' into amammad-python-paramiko	2023-04-26 23:28:29 -07:00
Luke Cartey	a47778c22e	Update SimpleXmlRpcServer.ql to avoid av detection This file was being flagged by McAfee as an `Exploit-Generic.src` trojan. We have attempted to report this to Mcafee without success so far. This commit therefore adjusts the file to avoid detection.	2023-04-20 11:59:18 +01:00
Raul Garcia	cf8a683d7d	Merge branch 'main' into main	2023-03-29 20:27:03 -07:00
Rasmus Wriedt Larsen	34cbaf10c2	Python: Use PostUpdateNode in `py/azure-storage/unsafe-client-side-encryption-in-use`	2023-03-29 13:22:21 +02:00
Rasmus Wriedt Larsen	86333e3ba5	Python: Remove duplicate results from azure blob query	2023-03-29 11:47:29 +02:00
Rasmus Wriedt Larsen	32d52c023e	Python: Allow any order for azure blob query By only allowing the sink in the state where encryption v1 is used, we can handle the new case where the order of attribute assignment is flipped. However, we get a few too many paths because we can have multiple sources reaching the same sink... let's fix in next commit.	2023-03-29 11:42:01 +02:00
Rasmus Wriedt Larsen	683985a00a	Python: Expand azure blob modeling Now we can differentiate between the classes	2023-03-29 11:24:36 +02:00
Rasmus Wriedt Larsen	8ea6b6f256	Python: Update `py/azure-storage/unsafe-client-side-encryption-in-use` to use datafow	2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen	7a17cd2a9e	Python: Rewrite azure query to more idiomatic ql	2023-03-28 10:06:00 +02:00
Taus	a3c40a3ae4	Python: Add `experimental` tags	2023-03-27 14:23:36 +00:00
Taus	700eb04487	Python: Lower precision of non-header queries cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014	2023-03-27 12:22:17 +00:00
Taus	0b4c85f8d2	Python: Autoformat and fix broken module reference	2023-03-27 12:16:44 +00:00
Taus	11c89adbe3	Merge branch 'main' into timing-attack-py	2023-03-24 15:40:33 +01:00
Raul Garcia	8b4826c0b4	Singleton set literal fix Fixing auto-code scanning recommendation	2023-03-21 08:02:30 -07:00
Raul Garcia	1400b4b520	Update UnsafeUsageOfClientSideEncryptionVersion.ql * predicate `isUnsafeClientSideAzureStorageEncryptionViaObjectCreation` was not useful (it was meant to detect the SDK code, not its usage) * fixed & simplified `isUnsafeClientSideAzureStorageEncryptionViaAttributes`, the original query was not finding the right code. NOTE: tested with a real project: https://github.com/wastore/azure-storage-samples-for-python/tree/master/ClientSideEncryptionToServerSideEncryptionMigrationSamples/ClientSideEncryptionV1ToV2	2023-03-20 18:52:58 -07:00
Anders Schack-Mulligen	21d5fa836b	Python: Autoformat	2023-03-10 09:41:17 +01:00
Ahmed Farid	6a578c62b0	Update TimingAttack.qll	2023-02-27 22:16:09 +01:00
Taus	25043f51a4	Merge pull request #11376 from RasmusWL/call-graph-code Python: New type-tracking based call-graph	2023-02-27 14:51:21 +01:00
Rasmus Lerchedahl Petersen	9e97877938	python: lower precision as discussed	2023-02-20 12:06:19 +01:00
amammad	54582031d8	v1	2023-02-16 17:14:32 +01:00
Ahmed Farid	ccbb58966f	Update TimingAttack.qll	2023-02-16 14:15:04 +01:00
Ahmed Farid	a421e3a3a3	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 14:14:43 +01:00
Ahmed Farid	f57861b6a3	Update TimingAttack.qll	2023-02-16 14:14:13 +01:00
Ahmed Farid	f70f5c7935	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 14:03:26 +01:00
Ahmed Farid	4b3efa87dc	Update TimingAttack.qll	2023-02-16 14:01:29 +01:00
Ahmed Farid	005839b462	Update TimingAttack.qll	2023-02-16 12:49:40 +01:00
Ahmed Farid	01b865f75b	Update TimingAttack.qll	2023-02-16 01:36:06 +01:00
Ahmed Farid	fbfe23b7c4	Update TimingAttack.qll	2023-02-16 01:21:50 +01:00
Ahmed Farid	b8f9b2b424	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 01:11:41 +01:00
Ahmed Farid	016136a2e3	Update TimingAttack.qll	2023-02-16 01:10:36 +01:00
Sim4n6	eed19a3e15	Fix autoformatting issues	2023-02-10 21:58:29 +01:00
Sim4n6	09df055d86	Fix the exists cast warning	2023-02-09 15:25:54 +01:00
Sim4n6	16ef50401b	Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll Co-authored-by: yoff <lerchedahl@gmail.com>	2023-02-09 14:59:28 +01:00
Sim4n6	4196230a8a	use if-then-else rather than nested exists	2023-02-08 21:46:50 +01:00
Sim4n6	9e285020a1	Comment modif + remove redundant cast	2023-02-08 21:14:53 +01:00
Sim4n6	ec82d61991	Add another frequently used step	2023-02-05 14:36:17 +01:00
Sim4n6	1a8c9abee2	Incorporate Sink & Source as steps from TarSlipQry	2023-02-02 21:09:40 +01:00

1 2 3 4 5 ...

1334 Commits