hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,510 Commits 1,673 Branches 157 Tags
5f0cde5be751dedef5f1141320ea886fa3d05e3d
Commit Graph

3736 Commits

Author SHA1 Message Date
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Henry Mercer
a3933fbf4f Bump minor versions of packs we regularly release 2022-12-13 18:59:24 +00:00
Henry Mercer
7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
github-actions[bot]
0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Henry Mercer
5674251839 Python: Disable TarSlipImprov qhelp 2022-12-08 13:03:31 +00:00
Chris Smowton
81110b19e7 Merge pull request #11612 from smowton/smowton/admin/merge-rc38-into-main 
Merge rc/3.8 into main
 2022-12-08 12:25:59 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Rasmus Wriedt Larsen
d684dbdf5c Merge pull request #10656 from porcupineyhairs/PyPamImprove 
Python: Improve the PAM authentication bypass query
 2022-12-08 11:59:10 +01:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Henry Mercer
5b040a9476 Python: Fix duplicate query IDs 2022-12-05 19:04:10 +00:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Rasmus Wriedt Larsen
315ceb57e9 Python: Add change-note 2022-12-01 11:56:44 -05:00
Jami Cogswell
4d99cd1b7a update EC key size in help file 2022-12-01 11:56:44 -05:00
Rasmus Wriedt Larsen
d47b3265c4 Python: Fix py/meta/points-to-call-graph 2022-12-01 14:56:10 +01:00
Rasmus Wriedt Larsen
607639c100 Python: restrict py/meta/points-to-call-graph to non-ignored files 2022-11-29 15:10:45 +01:00
Rasmus Wriedt Larsen
d7aea228ce Python: Add taint-sinks meta query 
Inspired by the one they have in JS:
097d5189e9/javascript/ql/src/meta/alerts/TaintSinks.ql
 2022-11-29 15:10:09 +01:00
Rasmus Wriedt Larsen
544de5232c Python: Use ' instead of ` in select text 2022-11-29 14:47:45 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Rasmus Wriedt Larsen
4e67ec19d0 Python: Adjust alert text of py/pam-auth-bypass 2022-11-28 16:14:38 +01:00
Rasmus Wriedt Larsen
3d9556e5a3 Python: Use proper Query suffix 2022-11-28 16:03:17 +01:00
Rasmus Wriedt Larsen
c310948521 Python: Remove enclosing module for PAM Auth Bypass.qll 2022-11-28 16:02:38 +01:00
Felicity Chapman
a76d47681d Replace references in Qhelp files 2022-11-28 15:25:37 +01:00
Rasmus Lerchedahl Petersen
77d98b217e Python: add import 2022-11-25 08:52:35 +01:00
yoff
d804acdef7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-25 08:50:37 +01:00
Rasmus Lerchedahl Petersen
91198524cd Python: port py/super-not-enclosing-class 2022-11-23 14:37:45 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
9195b73d84 Python: Model getpass.getpass as source of passwords 2022-11-22 14:11:52 +01:00
Porcupiney Hairs
db231a111c Python : Improve the PAM authentication bypass query 
The current PAM auth bypass query which was contributed by me a few months back, alert on a vulenrable function but does not check if the function is actually function. This leads to a lot of fasle positives.

With this PR, I add a taint-tracking configuration to check if the username parameter can actually be supplied by an attacker.

This should bring the FP's significantly down.
 2022-11-19 01:29:25 +05:30
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
erik-krogh
4f11e2d25f port the Python regex/redos queries to use the shared pack 2022-11-07 14:31:51 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Daniel Santos
feece6f7b4 Merge branch 'github:main' into main 2022-10-25 10:43:20 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
b8d60edb49 TokenBuiltFromUuid isAdditionalTaintStep refactor 2022-10-25 09:51:07 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
yoff
9d542f1be9 Merge pull request #10887 from Sim4n6/TarSlipImprov 
Python: Add TarSlip Improv query
 2022-10-25 13:02:52 +02:00
Daniel Santos
5ab068a3cc Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:55:21 -05:00
Daniel Santos
be8780742b Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
You are totally right! I just scanned the module's document and assumed it would implement it all. Pasting the documentation here for future reference https://docs.python.org/3/library/uuid.html?highlight=uuid#uuid.UUID.

Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:49:17 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00