hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,684 Commits 1,686 Branches 158 Tags
337db6b29b44c79ff7ce4ebb1fc3758ec00af2d0
Commit Graph

4324 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d102a84e02 python: replace points-to with API graph 2022-09-01 22:58:46 +02:00
Rasmus Lerchedahl Petersen
163bfc4f71 python: replace points-to with API graph 
- values are identified via `API::builtin`
- `points-to` is approximated by `getAValueReachableFromSource`
 2022-09-01 22:47:32 +02:00
Rasmus Lerchedahl Petersen
93fcaf24c1 python: RaisingTuple.ql to not use poins-to 
Use local dataflow instead and simply check for tuple literals.
 2022-09-01 21:45:57 +02:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Ahmed Farid
0fd684cde8 Add more source of crypto call 2022-08-31 17:13:43 +01:00
Ahmed Farid
cf83b07aae Add more source of crypto call 2022-08-31 17:04:02 +01:00
Ahmed Farid
daff7775ca Update TimingAttack.qll 2022-08-31 16:09:22 +01:00
Ahmed Farid
a42cb20b86 Update TimingAttack.qll 2022-08-31 16:07:58 +01:00
Ahmed Farid
13d1a4fdc1 Update TimingAttackAgainstHeaderValue.ql 2022-08-31 12:46:17 +01:00
Ahmed Farid
12960fd00f Update TimingAttack.qll 2022-08-31 12:39:46 +01:00
Ahmed Farid
f2688c4a02 Update select statement 2022-08-31 12:39:00 +01:00
Ahmed Farid
275ed0d6e5 Update select statement 2022-08-31 12:37:36 +01:00
Ahmed Farid
740bf716cb Update TimingAttack.qll 2022-08-31 12:22:01 +01:00
Ahmed Farid
ca28d79541 Prevent crosstalk between the configurations 2022-08-31 11:15:39 +01:00
Ahmed Farid
133a3c19f0 Add more source of crypto call 2022-08-31 11:09:24 +01:00
Ahmed Farid
23f268f3b9 Import Django and Flask model 2022-08-30 16:39:40 +01:00
Ahmed Farid
de58d0f024 Update the subclasses of ClientSuppliedSecret class 2022-08-30 16:34:43 +01:00
Ahmed Farid
0177cd810e Update suspicious() 2022-08-30 13:58:54 +01:00
Ahmed Farid
9995e91bb7 Update the name of the class (and its subclasses) 2022-08-29 18:57:56 +01:00
Ahmed Farid
b2551a5581 Update the name of the class (and its subclasses) 2022-08-29 18:30:43 +01:00
Ahmed Farid
baa0fd4148 Convert %UserPass% word to lowercase 2022-08-29 18:25:26 +01:00
Ahmed Farid
141b65fea8 Fix typo 2022-08-29 18:18:19 +01:00
Ahmed Farid
199e3d9462 Rename the query ID 2022-08-29 18:13:45 +01:00
Ahmed Farid
66fb420d00 Update PossibleTimingAttackAgainstHash.ql 2022-08-29 18:08:09 +01:00
erik-krogh
f678c8a967 PY: add python change-note 2022-08-29 13:08:52 +02:00
erik-krogh
4353937bcf PY: add missing security tags on Python queries 2022-08-29 13:08:47 +02:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
yoff
0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 
synced files have changed
 2022-08-25 09:24:05 +00:00
Ian Lynagh
3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
erik-krogh
014dcd1454 fixup a Python query, it didn't select something with a location 2022-08-24 16:23:20 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Ahmed Farid
93257be913 Add Werkzeug source 2022-08-23 12:51:48 +01:00
Ahmed Farid
ee05e2ca76 add x-gitlab-token to sensitive headers 2022-08-23 12:27:20 +01:00
erik-krogh
d96d6721ba change the alert message of unused-local-variable 2022-08-23 11:15:11 +02:00
Erik Krogh Kristensen
7704a9eeac apply suggestions from Python review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-08-23 10:38:10 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
ca299b9dc1 update py/unreachable-statement to match javascript/go 2022-08-22 21:41:47 +02:00
erik-krogh
31e15e27fc update py/unsafe-deserialization to match ruby/javascript/java 2022-08-22 21:41:47 +02:00
erik-krogh
20625ae60d update {js/go/py}/xpath-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh
9395f156de update {js/py}/command-line-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh
2d0a4c3d83 update {go/py}/stack-trace-exposure to match javascript 2022-08-22 21:41:46 +02:00
erik-krogh
3553f3d9b8 update {rb/py/js/go}/path-injection to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
cc41a83a8d update {py/cpp}/commented-out-code to match csharp/java/javascript 2022-08-22 21:41:45 +02:00
erik-krogh
28083ebe09 run the implicit-this patch 2022-08-22 21:23:31 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen
61bf2154cd Merge branch 'main' into shared-http-client-request 2022-08-22 12:05:37 +02:00