hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,179 Commits 1,684 Branches 159 Tags
2ca61578369be8ae74889adeecd9a14873ea5ff6
Commit Graph

80 Commits

Author SHA1 Message Date
Chris Smowton
b487799f69 Oauth2 state query: avoid duplicate paths by excluding variable references as sources 2020-09-02 17:40:53 +01:00
Chris Smowton
6fea8abd82 Oauth2 state query: improve code style 
No behavioural changes intended.
 2020-09-02 15:06:23 +01:00
Chris Smowton
2f175e365e Oauth2 state query: remove unnecessary isSource overload 2020-09-02 15:05:22 +01:00
Chris Smowton
8f99972833 OAuth2 CSRF query: improve documentation 2020-09-02 15:05:22 +01:00
Chris Smowton
0ba42f7f87 OAuth2 state query: set precision 2020-09-02 15:05:22 +01:00
Chris Smowton
406ea741f4 Improve comment style 2020-09-02 15:05:22 +01:00
Chris Smowton
faf43efb60 Promote OAuth2 constant-state query to mainline 2020-09-02 15:05:22 +01:00
Chris Smowton
6fee4f382f Constant-oauth2-state: exclude strings returned alongside an error value 
For example, getState() { ... return "", someError } is commonly seen in the wild.
 2020-09-02 15:05:21 +01:00
Max Schaefer
031a48ecd3 Merge pull request #296 from owen-mc/allocation-size-overflow-improve-sanitizers-easy 
Add new sanitizer guard to Allocation size overflow query
 2020-08-28 07:44:45 +01:00
Sauyon Lee
402b239520 Merge pull request #300 from srt32/patch-1 
Update bad / good message for CWE 079
 2020-08-24 08:57:26 -07:00
Simon Taranto
bd9100eb4e Update other file too 2020-08-24 09:00:26 -06:00
Max Schaefer
111d2a745b Fix qhelp for incorrect integer-conversion query. 
It seems qhelp doesn't like `<code>` inside `<a>`.
 2020-08-24 09:55:43 +01:00
Owen Mansel-Chan
17b3d56195 Remove unnecessary string concat 2020-08-19 15:36:48 +01:00
Owen Mansel-Chan
951d59752a Address review comments 7 2020-08-13 18:22:58 +01:00
Owen Mansel-Chan
2e60d40ccd Address review comments 6 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
69212b9ad9 Deal with build constraints 
Note that build constraints can be explicit (comments at the top of the
file) or implicit (part of the file name)
 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
1e0b9cc6a3 Address review comments 5 2020-08-11 10:57:02 +01:00
Owen Mansel-Chan
4907f6529e Address review comments 4 2020-08-11 07:24:58 +01:00
Owen Mansel-Chan
30f176246a Address review comments 3 2020-08-10 15:21:20 +01:00
Owen Mansel-Chan
89eae10d96 Address review comments 2 2020-08-10 11:07:44 +01:00
Owen Mansel-Chan
4bfb2b4138 Address review comments 1 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
329888e62c Add query for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Max Schaefer
b057cbee7b Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup 
Polish CWE-327 (weak TLS config) query
 2020-08-03 10:28:53 +01:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Chris Smowton
88cb435843 Split security flags into more distinct categories 
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
 2020-07-28 13:54:37 +01:00
Chris Smowton
6058c90485 Factor predicates for identifying security-related feature flags from DisabledCertificateCheck 2020-07-28 10:31:44 +01:00
Owen Mansel-Chan
2282def1e2 Merge pull request #180 from owen-mc/email-injection 
Move email injection query out of experimental folder
 2020-06-17 15:11:31 +01:00
Owen Mansel-Chan
83697f62ac Address review comments on qhelp 2020-06-17 14:21:37 +01:00
Owen Mansel-Chan
f926808c8a Address review comments 2020-06-17 10:11:41 +01:00
Owen Mansel-Chan
336eba1be4 Add Hash.Write and similar as sanitizers 2020-06-16 12:48:43 +01:00
Owen Mansel-Chan
f27ecdabb8 Set precision to high 2020-06-15 17:42:19 +01:00
Owen Mansel-Chan
4f6ce61de2 Move EmailInjection query out of experimental 2020-06-15 17:42:19 +01:00
Sauyon Lee
66f733d798 Use allow or allowlist instead of whitelist 2020-06-12 09:16:41 -07:00
Sauyon Lee
9e5645fa9d Add similar predicate to SsaWithFields 2020-05-13 03:56:55 -07:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query 
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
 2020-05-01 07:13:16 +01:00
Max Schaefer
245b99dd42 Fix misformatted header comment for DisabledCertificateCheck. 2020-04-16 08:43:33 +01:00
Max Schaefer
be9e9720d5 Introduce class TestFile and use it. 2020-04-09 09:16:45 +01:00
Max Schaefer
ddf2bdb44b Autoformat all QL. 2020-04-08 07:32:43 +01:00
Max Schaefer
8fba9a98d4 Add new query DisabledCertificateCheck. 2020-04-07 09:01:41 +01:00
Sauyon Lee
4b3982154a Add a SafeUrlFlow configuration 2020-04-02 23:58:35 -07:00
Sauyon Lee
4bcffe2d47 RequestForgery: Add a safe URL sanitizer 2020-04-02 23:58:34 -07:00
Sauyon Lee
1c859a8991 Address review comments 2020-04-02 23:58:33 -07:00