hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,583 Commits 1,714 Branches 163 Tags
35a1c80ceb1475df06c13edcb6507ded25e12774
Commit Graph

3141 Commits

Author SHA1 Message Date
Ahmed Farid
0d9436892a Update zipslip_bad.py 2022-03-07 00:24:25 +01:00
Ahmed Farid
ce7923c8b3 Update zipslip_bad.py 2022-03-07 00:23:19 +01:00
Ahmed Farid
b9b52d4c7c Update zipslip_bad.py 2022-03-07 00:02:50 +01:00
Ahmed Farid
d7dacfc6bd Update zipslip_good.py 2022-03-07 00:01:55 +01:00
Ahmed Farid
8649375be3 Update ZipSlip.qll 2022-03-06 23:56:02 +01:00
Ahmed Farid
91b5f2ad34 Update Zip.qll 2022-03-06 23:54:46 +01:00
Ahmed Farid
466f75bad8 Update Concepts.qll 2022-03-06 23:53:00 +01:00
Ahmed Farid
5e14d89714 Update ZipSlip.qll 2022-03-03 17:12:06 +01:00
Ahmed Farid
70c0c7e461 Update zipslip_bad.py 2022-03-01 00:24:33 +01:00
Ahmed Farid
85bcaa96ce Update Concepts.qll 2022-03-01 00:23:06 +01:00
Ahmed Farid
c22b032bbe Update Zip.qll 2022-03-01 00:11:33 +01:00
Ahmed Farid
67d3498891 Update ZipSlip.ql 2022-03-01 00:07:37 +01:00
Ahmed Farid
b29936716d Update Frameworks.qll 2022-03-01 00:06:22 +01:00
Ahmed Farid
76bd3317eb Create Zip.qll 2022-03-01 00:05:30 +01:00
Ahmed Farid
abe25da3df Create ZipSlip.qll 2022-03-01 00:04:02 +01:00
Ahmed Farid
3eae13161f Delete ZipSlipCheckLib.ql 2022-03-01 00:01:34 +01:00
Ahmed Farid
21f6ad5190 Update and rename ZipSlipCheck.ql to ZipSlip.ql 2022-03-01 00:01:06 +01:00
Ahmed Farid
c207294dfc Update zipslip_good.py 2022-02-26 18:31:22 +01:00
Ahmed Farid
d0d14be693 Update ZipSlip.qhelp 2022-02-26 18:25:13 +01:00
root
5ed5e0b105 Add query to detect ZipSlip 2022-02-13 16:44:27 -05:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
Rasmus Wriedt Larsen
eb109828c0 Merge pull request #7252 from museljh/feature/cwe-338 
Python: CWE-338 insecureRandomness
 2022-02-07 19:30:06 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Rasmus Wriedt Larsen
8386b36217 Python: Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-02-03 15:00:04 +01:00
Rasmus Wriedt Larsen
cf68148316 Python: Add change-note 2022-02-03 14:29:02 +01:00
liangjinhuang
1dd15fa235 style:auto format 2022-02-02 01:30:54 +08:00
liangjinhuang
976e484c57 style:move all source files under src/experimental & feat:modify source regular matching rules 2022-02-02 01:14:51 +08:00
liangjinhuang
1885b683f7 style:formatDocument 2022-02-02 00:21:26 +08:00
museljh
012434b152 Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 19:00:06 +08:00
museljh
a6002186bd Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 18:59:12 +08:00
Rasmus Wriedt Larsen
f7a0b17ed6 Merge pull request #7687 from yoff/python/PathInjection-FlowState 
python: Rewrite path injection query to use flow state
 2022-02-01 11:33:37 +01:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
yoff
4632c14280 Merge pull request #7654 from RasmusWL/remove-old-pointsto-queries 
Python: Cleanup: Remove old points-to versions of queries
 2022-01-27 16:39:01 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Rasmus Lerchedahl Petersen
9aa4c4a6a7 python: Add missing input 
also update test expectation
 2022-01-21 13:55:33 +01:00
Rasmus Lerchedahl Petersen
35c9307baa python: rewrite NoSQLInjection to use flow state 
This allows a bit more precision. Specifically, we could
 require the sanitizer to only affect `ConvertedToDict`.
 In practice, most sanitizers woudl probably fail on raw
 input also, though.
 2022-01-21 12:12:58 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
yoff
5b9ae9cede Merge pull request #7659 from RasmusWL/move-regex-injection-files 
Python: Move regex injection configuration files
 2022-01-21 11:42:06 +01:00
yoff
4fd0ada9a8 Merge pull request #7652 from RasmusWL/cleartext-remove-fps 
Python: Remove usernames as sensitive source for cleartext queries
 2022-01-21 11:30:40 +01:00
Rasmus Lerchedahl Petersen
a5bc5373d0 python: Rewrite path injection to use flow state 
This removes the FP cause by chaining
This PR also removes `ChainedConfigs12.qll`,
as we hope to solve future problems via flow states.
 2022-01-21 09:26:48 +01:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-20 14:20:15 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Rasmus Wriedt Larsen
aa10ad6a8a Python: Fix RegexInjection query, add old deprecated versions 2022-01-19 17:22:44 +01:00
Rasmus Wriedt Larsen
93b3cd669a Python: Cleanup: Remove old points-to versions of queries 
Since we've internally agreed that we've reached the same or better set
of results.
 2022-01-19 15:30:12 +01:00
Rasmus Wriedt Larsen
e82e648ca1 Python: Remove usernames as sensitive source for cleartext queries 
Closes #6363, #6927, #6726, #7497, #7116
 2022-01-19 15:25:21 +01:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00