hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 17:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,278 Commits 1,689 Branches 160 Tags
32d52c023eab39902701dbeba7553115c170bf89
Commit Graph

52278 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
32d52c023e Python: Allow any order for azure blob query 
By only allowing the sink in the state where encryption v1 is used, we
can handle the new case where the order of attribute assignment is
flipped.

However, we get a few too many paths because we can have multiple
sources reaching the same sink... let's fix in next commit.
 2023-03-29 11:42:01 +02:00
Rasmus Wriedt Larsen
480f171d9b Python: Add azure blob tests with swapped order 
Just shows we need to use some state in the query to get the correct
behavior.
 2023-03-29 11:25:37 +02:00
Rasmus Wriedt Larsen
683985a00a Python: Expand azure blob modeling 
Now we can differentiate between the classes
 2023-03-29 11:24:36 +02:00
Rasmus Wriedt Larsen
8ea6b6f256 Python: Update py/azure-storage/unsafe-client-side-encryption-in-use to use datafow 2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen
7a17cd2a9e Python: Rewrite azure query to more idiomatic ql 2023-03-28 10:06:00 +02:00
Rasmus Wriedt Larsen
691ffcd3a4 Python: Add tests of py/azure-storage/unsafe-client-side-encryption-in-use 
Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.
 2023-03-28 10:05:09 +02:00
Raul Garcia
4ba1740c45 Merge branch 'main' into main 2023-03-24 14:56:07 -07:00
Henry Mercer
c68c83c516 Merge pull request #12659 from github/henrymercer/merge-back-3.9 
Merge `rc/3.9` back to `main`
 2023-03-24 17:38:07 +00:00
Henry Mercer
fc105ffa4b Merge branch 'rc/3.9' into henrymercer/merge-back-3.9 2023-03-24 17:21:27 +00:00
Mathias Vorreiter Pedersen
86cc59e7db Merge pull request #12650 from gsingh93/strlen-literal-range-expr 
C++: Add StrlenLiteralRangeExpr
 2023-03-24 16:58:16 +00:00
Gulshan Singh
b87f12d5b2 C++: Add StrlenLiteralRangeExpr 2023-03-24 08:51:35 -07:00
Edward Minnix III
bb27ba7d3c Merge pull request #12632 from egregius313/egregius313/java/android/refactor-android-query-libraries 
Java: Refactor Android `Query.qll` libraries to new dataflow api
 2023-03-24 11:18:57 -04:00
Henry Mercer
f1fe7af4fb Merge pull request #12651 from github/dependabot/github_actions/actions/stale-8 
Bump actions/stale from 7 to 8
 2023-03-24 14:27:58 +00:00
Anders Schack-Mulligen
6db8c8b19f Merge pull request #12656 from aschackmull/dataflow/qldoc 
Dataflow: Minor qldoc fix
 2023-03-24 14:57:39 +01:00
Ed Minnix
1bf4dd9649 Update to DataFlow::Global 2023-03-24 09:54:53 -04:00
Ed Minnix
2eea34dc4a Apply suggestions from code review 2023-03-24 09:47:50 -04:00
Edward Minnix III
c62eaba601 Simulate deprecated import 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-03-24 09:47:50 -04:00
Ed Minnix
8cc2a7329e Fix test to use new InlineFlowTest 2023-03-24 09:47:50 -04:00
Ed Minnix
58bd2f7fa2 Address code review comments 2023-03-24 09:47:50 -04:00
Ed Minnix
e7f6d53907 Deprecate WebViewDubuggingQuery.qll 2023-03-24 09:47:50 -04:00
Ed Minnix
ef08a91340 Refactor ImproperIntentVerificationQuery.qll 2023-03-24 09:47:50 -04:00
Ed Minnix
413a6cbc4f Refactor SensitiveKeyboardCacheQuery 2023-03-24 09:47:50 -04:00
Ed Minnix
d68bec98bc Refactor CWE-940/AndroidIntentRedirection 2023-03-24 09:47:50 -04:00
Ed Minnix
1e0c6811a4 Refactor UnsafeAndroidAccess 2023-03-24 09:47:50 -04:00
Ed Minnix
807588a031 Refactor AndroidCertificatePinningQuery 2023-03-24 09:47:50 -04:00
Ed Minnix
768102ee92 Refactor java/android/webview-debugging-enabled 2023-03-24 09:47:50 -04:00
Jeroen Ketema
559f6a5f20 Merge pull request #12652 from jketema/global-rename 
C++: Rename `SslContextCallMake` to `SslContextCallGlobal`
 2023-03-24 14:15:22 +01:00
Taus
c0eb611dae Merge pull request #12244 from RasmusWL/import-refined 
Python: Fix import of refined variable
 2023-03-24 13:22:19 +01:00
Jami
49d5149857 Merge pull request #11968 from jcogs33/jcogs33/model-more-top-jdk-apis-300-500 
Java: model remaining top-500 JDK APIs
 2023-03-24 07:54:17 -04:00
Henry Mercer
605ddec04b Merge branch 'main' into dependabot/github_actions/actions/stale-8 2023-03-24 11:49:31 +00:00
Anders Schack-Mulligen
85511ba19d Dataflow: Sync 2023-03-24 12:42:06 +01:00
Anders Schack-Mulligen
b45c274f33 Dataflow: Adjust qldoc 2023-03-24 12:41:53 +01:00
Tom Hvitved
a5b7a0fe16 Merge pull request #12566 from hvitved/ruby/dataflow-assignments-in-paths 2023-03-24 12:31:59 +01:00
Jeroen Ketema
8b5393661b C++: Address review comments 2023-03-24 10:34:10 +01:00
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Jeroen Ketema
3e4f35151a C++: Rename SslContextCallMake to SslContextCallGlobal 
This is in line with changes made to the dataflow library
 2023-03-24 09:05:06 +01:00
Tony Torralba
c395779b85 Merge pull request #12643 from chmodxxx/sbaddou/jndisanitizer 
Java : Add JndiInjection Sanitizer Class
 2023-03-24 09:04:54 +01:00
Anders Schack-Mulligen
9d88f01c82 Merge pull request #12645 from aschackmull/dataflow/renaming 
Dataflow: Rename Make to Global and hasFlow to flow
 2023-03-24 08:48:31 +01:00
dependabot[bot]
fbda6dc5c6 Bump actions/stale from 7 to 8 
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-24 04:01:51 +00:00
Jami Cogswell
b8ceb7112d Java: update ordering of Path.getFileName model 2023-03-23 18:07:06 -04:00
Jami Cogswell
222e6f0b82 Java: undo temp revert of neutral filtering 2023-03-23 18:01:33 -04:00
Jami Cogswell
128a6a3951 Java: temp revert of neutral filtering 2023-03-23 18:01:33 -04:00
Jami Cogswell
8046ec2f78 Java: update -1 to this 2023-03-23 18:01:28 -04:00
Jami Cogswell
3d0d4111c0 Java: add test for ResourceBundle.getString 2023-03-23 18:00:21 -04:00
Jami Cogswell
0f3a0a1e81 Java: remove ArrayElement from listFiles 2023-03-23 18:00:21 -04:00
Jami Cogswell
29999d7bc8 Java: add WithoutElement comment 2023-03-23 18:00:21 -04:00
Jami Cogswell
62d64d5828 Java: add comments for reflection-related models 2023-03-23 18:00:21 -04:00
Jami Cogswell
e0c0c973a7 Java: remove Format and MessageFormat 2023-03-23 18:00:21 -04:00
Jami Cogswell
702ca19c3c Java: added comment about second order sql injection 2023-03-23 18:00:20 -04:00
Jami Cogswell
a7da6c8029 Java: update cast and delete tests 2023-03-23 18:00:20 -04:00