hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
81,817 Commits 1,758 Branches 168 Tags
6d496ee07337edd19d831736a33d13829e5edbae
Commit Graph

461 Commits

Author SHA1 Message Date
Josh Brown
3606679eee Terminate p tag 2025-07-10 10:35:09 -07:00
Mathias Vorreiter Pedersen
d1988774a3 PS: Add more flow sources and accept test changes. 2025-07-09 12:22:33 +01:00
Mathias Vorreiter Pedersen
1816356515 PS: Add test with missing remote flow. 2025-07-09 12:20:41 +01:00
Mathias Vorreiter Pedersen
3101cc81e6 Merge pull request #253 from microsoft/add-set-execution-policy-bypass-query 
PS: Add query for insecure uses of `Set-ExecutionPolicy`
 2025-07-07 19:33:06 +01:00
Mathias Vorreiter Pedersen
398d27b779 PS: Fix missing AST child. 2025-07-07 19:15:18 +01:00
Mathias Vorreiter Pedersen
28de6ede04 PS: Also require '-Force' with a truthy value. Note the 'NOT DETECTED' test. We will fix that in the next commit. 2025-07-07 19:14:01 +01:00
Mathias Vorreiter Pedersen
1d64a7949b Merge pull request #252 from microsoft/add-more-remote-flow-sources 
PS: Add flow sources from `System.Net.WebClient`
 2025-07-07 14:50:03 +01:00
Mathias Vorreiter Pedersen
b6b4df5ce0 PS: Implement 'localExprTaint' instead of leaving it as 'none()'. 2025-07-04 20:24:22 +01:00
Mathias Vorreiter Pedersen
4e524a189d PS: Add tests. 2025-07-04 19:44:49 +01:00
Mathias Vorreiter Pedersen
f7c9899450 PS: Add documentation. 2025-07-04 19:44:39 +01:00
Mathias Vorreiter Pedersen
2731983fbe PS: Add query for insecure uses of 'Set-ExecutionPolicy'. 2025-07-04 19:44:15 +01:00
Chanel Young
654bf2f42f random newline to reset git latest pusher 2025-07-04 10:07:57 -07:00
Mathias Vorreiter Pedersen
766cf826bb PS: Add more models and accept test changes. 2025-07-04 18:01:45 +01:00
Mathias Vorreiter Pedersen
bd9043576d PS: Add test with missing remote flow source. 2025-07-04 18:00:19 +01:00
Chanel
8aa8dde439 Merge branch 'main' into powershell-commandinjection-invokesinkfix 2025-07-04 09:59:15 -07:00
Mathias Vorreiter Pedersen
2a26c43c19 PS: Cleanup a few manually generated models. 2025-07-04 17:01:25 +01:00
Mathias Vorreiter Pedersen
eec092c4c4 PS: Mark the BAD results in the test appropriately. 2025-07-04 11:13:15 +01:00
Mathias Vorreiter Pedersen
7d07773a33 PS: Accept test changes. 2025-07-04 11:12:55 +01:00
Mathias Vorreiter Pedersen
0585c2f9e5 PS: Gets back the previously-lost false negative by making the variable property name expression the sink when there is a call to 'Invoke'. 2025-07-04 11:12:31 +01:00
Lindsay Simpkins
52f5ac528c Merge branch 'main' into fix-ps-performance 2025-06-20 23:01:38 -04:00
Mathias Vorreiter Pedersen
cb89695c1d PS: Improve alert message. 2025-06-20 20:40:53 +01:00
Mathias Vorreiter Pedersen
9032d863bd PS: Accept test changes. 2025-06-20 16:40:44 +01:00
Mathias Vorreiter Pedersen
1486200146 PS: Allow for implicit reads at sinks in 'ps/sql-injection'. 2025-06-20 16:34:16 +01:00
Mathias Vorreiter Pedersen
1ff04d9f94 PS: Add new false negative. 2025-06-20 16:30:49 +01:00
Mathias Vorreiter Pedersen
72178f0a36 PS: Accept test changes. 2025-06-20 14:54:39 +01:00
Mathias Vorreiter Pedersen
05a7cfd264 PS: Don't implicitly read any element. Instead, only read positional contents. 2025-06-20 14:54:15 +01:00
Mathias Vorreiter Pedersen
25d94fabcc PS: Add false positive to 'ps/sql-injection'. 2025-06-20 14:51:17 +01:00
Mathias Vorreiter Pedersen
0912cc337f PS: Accept test changes. 2025-06-20 14:25:58 +01:00
Mathias Vorreiter Pedersen
c18db919c9 PS: Model 'inputfile' as a sink for SQL injections. 2025-06-20 14:25:45 +01:00
Mathias Vorreiter Pedersen
b82bd2cd2f PS: Add false positive to 'ps/sql-injection'. 2025-06-20 14:23:55 +01:00
Mathias Vorreiter Pedersen
86cc09b622 PS: Start with a SCAN of 'getProcessBlock' as this ensures we start with a small pipeline. 2025-06-19 22:11:26 +01:00
Mathias Vorreiter Pedersen
31fbb6fd55 PS: Prevent bad magic by calling a HOP to compute the transitive closure. 2025-06-19 22:11:25 +01:00
Mathias Vorreiter Pedersen
2d045ea345 PS: Prevent join on integer. 2025-06-19 22:11:24 +01:00
Mathias Vorreiter Pedersen
c50b0c6323 PS: Prevent join on boolean. 2025-06-19 22:11:22 +01:00
Mathias Vorreiter Pedersen
a38d57f080 PS: Fix cartesian product. 2025-06-19 22:11:20 +01:00
Mathias Vorreiter Pedersen
f513259f24 PS: Format, add a helper predicate and add an explicit 'this' to silence a warning. 2025-06-19 22:11:19 +01:00
Mathias Vorreiter Pedersen
9be1f2d1d1 PS: Replace another 'forex' with explicit recursion. 2025-06-19 22:11:17 +01:00
Mathias Vorreiter Pedersen
8664842f91 PS: Remove two more 'forex's. 2025-06-19 22:11:16 +01:00
Mathias Vorreiter Pedersen
b79f3666a9 PS: Replace a 'forex' with explicit recursion. 2025-06-19 22:11:14 +01:00
Mathias Vorreiter Pedersen
ebc167c529 PS: Fix join in 'count'. 2025-06-19 22:11:13 +01:00
Mathias Vorreiter Pedersen
ae83d56df1 PS: Rename predicate. 2025-06-19 22:11:00 +01:00
Mathias Vorreiter Pedersen
f69cfdcd5a PS: Autoformat. 2025-06-19 22:03:40 +01:00
Mathias Vorreiter Pedersen
9ed32b14a2 PS: Add some QLDoc. 2025-06-19 22:02:45 +01:00
Mathias Vorreiter Pedersen
3ba3b11207 PS: Prevent magic on 'getParent'. 2025-06-19 22:02:22 +01:00
Mathias Vorreiter Pedersen
229914f7f3 PS: Add 'Node.getCallee' predicate on DataFlow::CallNode. 2025-06-16 15:24:26 +01:00
Chanel Young
f882af95d8 update to invokesink 2025-06-12 14:30:46 -07:00
Mathias Vorreiter Pedersen
b88ed68499 PS: Remove unnecessary data extension pattern. All the models are matched by the other two patterns. 2025-06-12 11:41:25 +01:00
Lindsay Simpkins
25fb1aabd2 fix powershell qhelp files 2025-06-09 14:01:54 -04:00
Chanel Young
0d11efc5cb added hasbranchedge 2025-06-03 11:53:29 -07:00
Chanel
a17f10d4a9 Merge branch 'main' into update-typegen-2 2025-05-21 09:27:44 -07:00