codeql

mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00

Author	SHA1	Message	Date
Joe Farebrother	df5569fda9	Add documentation	2024-07-23 10:14:40 +01:00
Joe Farebrother	6a7bdaf284	Fix experimental query compilation	2024-07-23 10:14:29 +01:00
Joe Farebrother	033dd9f8a6	Promote insecure cookie query	2024-07-23 10:14:22 +01:00
Joe Farebrother	9ad6c8c5eb	Implement cookie attributes for cases in which a raw header is set	2024-07-23 10:14:16 +01:00
Joe Farebrother	2df09f6194	Change flag predicates to boolean parameters rather than boolean results	2024-07-23 10:14:08 +01:00
Joe Farebrother	6f7b2a2d20	Add cookie flags to cookie write concept, and alter experimental queries to use them	2024-07-23 10:14:00 +01:00
github-actions[bot]	49cc8f8ff8	Post-release preparation for codeql-cli-2.18.1	2024-07-22 22:00:48 +00:00
github-actions[bot]	368bcb684a	Release preparation for version 2.18.1	2024-07-22 21:30:50 +00:00
Chuan-kai Lin	23320b6e5e	Revert "Release preparation for version 2.18.1"	2024-07-22 13:22:49 -07:00
github-actions[bot]	55935fc123	Release preparation for version 2.18.1	2024-07-22 14:56:15 +00:00
Joe Farebrother	661a4126ac	Add change note	2024-07-19 09:23:33 +01:00
Joe Farebrother	baf51334e4	Update documentation	2024-07-19 09:13:30 +01:00
Joe Farebrother	070d67816d	Remove experimental version	2024-07-16 16:50:10 +01:00
Joe Farebrother	8d93c3a852	Move to cwe-20	2024-07-16 16:50:08 +01:00
Joe Farebrother	e885f1f8c4	Add documentation	2024-07-16 16:50:05 +01:00
Joe Farebrother	983bdb92a1	Add test cases + remove redundant import	2024-07-16 16:50:00 +01:00
Joe Farebrother	123214cb2b	Promoto cookie injection query	2024-07-16 16:49:56 +01:00
Rasmus Wriedt Larsen	f41d2a896c	Merge pull request #16771 from porcupineyhairs/js2py Python : Arbitrary code execution due to Js2Py	2024-07-11 15:31:57 +02:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Rasmus Wriedt Larsen	0a32f9fed6	Python: Update query metadata	2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen	8d1113cdaf	Python: Fixup qhelp	2024-07-04 14:01:30 +02:00
Porcupiney Hairs	808af28618	Python : Arbitrary codde execution due to Js2Py Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly. This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call. This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix. The databases can be downloaded from the links bellow. ``` https://file.io/qrMEjSJJoTq1 https://filetransfer.io/data-package/a02eab7V#link ```	2024-07-03 19:06:34 +05:30
Rasmus Wriedt Larsen	ce177c3450	Merge pull request #15655 from yoff/python/support-model-editor Python: Support model editor	2024-07-02 16:28:58 +02:00
Rasmus Wriedt Larsen	2b2c381bf0	Merge pull request #16876 from GeekMasher/py-hardcoded-creds-mad Python: Add Hardcoded Credentials MaD support	2024-07-01 17:25:13 +02:00
Mathew Payne	96048f962e	Update python/ql/src/Security/CWE-798/HardcodedCredentials.ql Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2024-07-01 14:29:00 +01:00
Arthur Baars	b12b33c8f9	Merge remote-tracking branch 'upstream/main' into 'rc/3.14'	2024-06-28 19:50:35 +02:00
Mathew Payne	ed314b1799	docs: Add Change Notes	2024-06-28 14:42:35 +01:00
Mathew Payne	1cf9714272	feat(python): Add Hardcoded Credentials MaD support	2024-06-28 14:30:36 +01:00
Rasmus Lerchedahl Petersen	27301edc28	Python: address more review comments	2024-06-27 16:05:21 +02:00
Rasmus Lerchedahl Petersen	b261145f43	Python: fix compilation	2024-06-26 10:46:38 +02:00
github-actions[bot]	fd385736e6	Post-release preparation for codeql-cli-2.17.6	2024-06-25 06:39:45 +00:00
github-actions[bot]	e32a587078	Release preparation for version 2.17.6	2024-06-24 14:33:10 +00:00
Rasmus Lerchedahl Petersen	280a9b4408	Python: Support Model Editor	2024-06-21 11:47:51 +02:00
am0o0	ccb923a436	fix formatting	2024-06-18 18:31:29 +02:00
am0o0	1f99559e9f	Revert "update id of the query file" This reverts commit `1f112467ce`.	2024-06-18 17:33:07 +02:00
am0o0	8a7fdfa6fe	fix conflict	2024-06-18 17:18:59 +02:00
Taus	b7b0f84e8b	Python: Handle `@pytest.fixture` decorations with arguments as well Not the prettiest of solutions, but it seems to work well enough.	2024-06-14 15:11:25 +00:00
Taus	78729180ad	Python: Fix pytest fixture unused import FPs	2024-06-14 12:05:55 +00:00
Joe Farebrother	f441c68f7e	Merge pull request #16657 from joefarebrother/python-partial-ssrf-fp Python: Add additional sanitizers to SSRF	2024-06-11 23:20:50 +01:00
github-actions[bot]	8a25081a0e	Post-release preparation for codeql-cli-2.17.5	2024-06-10 15:33:08 +00:00
github-actions[bot]	877bfa2468	Release preparation for version 2.17.5	2024-06-10 13:40:39 +00:00
Joe Farebrother	6ff7fb2a70	Add change note	2024-06-04 09:52:57 +01:00
Rasmus Wriedt Larsen	839171e557	Merge pull request #16646 from RasmusWL/url-redirect-qhelp Python: Update url-redirect qhelp with `https:/example.com` handling	2024-06-04 10:17:37 +02:00
Rasmus Wriedt Larsen	dd8b65130e	Merge pull request #16598 from jorgectf/jorgectf/opml-models Python: Add models for `opml`	2024-06-04 10:16:26 +02:00
Rasmus Wriedt Larsen	121ca129bc	Update qhelp with `https:/example.com` handling	2024-06-03 10:17:10 +02:00
am0o0	1f112467ce	update id of the query file	2024-05-29 16:48:35 +02:00
am0o0	b9edcb7943	rename secondary to remote :), complete the previous commit changes	2024-05-29 16:47:37 +02:00
am0o0	52a809145e	SecondaryCommandInjection to RemoteCommandExecution, change RemoteCommandExecution to module like SystemCommandExecution module	2024-05-29 16:18:55 +02:00
am0o0	fd9e6f48d7	fix the docs of secondary server cmd injection	2024-05-29 16:01:43 +02:00

1 2 3 4 5 ...

4527 Commits