hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
44,892 Commits 1,741 Branches 165 Tags
6eb58d832c32d240a4a3ad811b16fd999c571f21
Commit Graph

381 Commits

Author SHA1 Message Date
Joe Farebrother
fe5a61bdde Fix typos in docs and comments 2022-08-17 10:35:48 +01:00
Joe Farebrother
c77b17574a Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance 2022-08-17 10:35:47 +01:00
Joe Farebrother
41bdd6d4cc Add RSA without OEAP query and qhelp 2022-08-17 10:35:46 +01:00
Joe Farebrother
7989ba3391 Replace a tainttracking instance with local flow 2022-08-17 10:35:16 +01:00
Joe Farebrother
bf32b5a8fd Reiview suggestions - add doc comment, reword description, simplify a part 2022-08-17 10:35:15 +01:00
Joe Farebrother
4d0957711b Reduce FPs from empty arrays 2022-08-17 10:35:14 +01:00
Joe Farebrother
c0a1300955 Improve initializedWthConstants to no longer need a workaround 2022-08-17 10:35:13 +01:00
Joe Farebrother
f8f21c7ee6 Move static init vector query and tests from experimental to main 2022-08-17 10:35:13 +01:00
erik-krogh
8e6a36256c import the non-deprecated NfaUtils in the overly-large-range query 2022-08-16 11:21:43 +02:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Chris Smowton
774e379eb1 Merge pull request #9742 from smehta23/feat/SM/java_partial_path_traversal_vulnerability 
[JAVA] Partial Path Traversal Vuln Query
 2022-08-15 12:56:16 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Chris Smowton
e27d62b0b4 Fix qldoc wording 2022-08-15 12:08:14 +01:00
Chris Smowton
ca4ef6578d Spelling 2022-08-13 14:37:08 +01:00
Chris Smowton
8bea2a5f6c Add missing qldoc 2022-08-13 14:20:48 +01:00
Chris Smowton
b62e9dc92c Convert tests to inline expectations and fix one bug revealed doing so 
Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.
 2022-08-13 14:02:05 +01:00
Chris Smowton
ddb0846e06 Split up hardcoded creds queries, ready for conversion to inline expectations 2022-08-13 12:39:16 +01:00
erik-krogh
3a4a3437b5 fix some QL-for-QL warnings 2022-08-12 20:38:50 +02:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
erik-krogh
b9e96fb078 sync changes to other languages 2022-08-12 20:28:12 +02:00
Chris Smowton
e9df675f88 Autoformat ql 2022-08-11 09:55:46 +01:00
Anders Schack-Mulligen
ecc15a1f95 Java: Remove SensitiveLoggingQuery results that flow through a source. 2022-08-10 14:28:07 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Joe Farebrother
dd83c17144 Use more precise control flow logic 2022-08-05 12:56:21 +01:00
Joe Farebrother
abf894a64c Fix typos 2022-08-05 12:56:20 +01:00
Joe Farebrother
03c2a0e818 Add missing qldoc 2022-08-05 12:56:20 +01:00
Joe Farebrother
a2245bb858 Fix test 2022-08-05 12:56:19 +01:00
Joe Farebrother
16e16f08dc Add webview cert validation query 2022-08-05 12:56:18 +01:00
Shyam Mehta
76cecc170e Fix documentation 2022-08-03 14:30:17 -04:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr 
Java: Add Expr::getUnderlyingExpr predicate
 2022-07-27 11:42:28 +02:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
Erik Krogh Kristensen
595875ff98 remove redundant not-equals check 2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Joe Farebrother
55e78e3e25 Minor doc fixes + making directFileRead private 2022-06-28 10:10:28 +02:00
Joe Farebrother
a41f28ebe5 Use more file openning methods 2022-06-28 10:10:28 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen
9bc12ed8fd sync review changes to other languages 2022-06-24 13:12:15 +02:00
Erik Krogh Kristensen
724721c5c8 fix typo 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
22871138c6 simplify the recursion between TTrace and isReachableFromStartTuple 
similar to the fix made by Shack in `ExponentialBackTracking.qll`
 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
be37763125 improve performance of process() by pruning accept states early 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
Tamas Vajk
579bfc22f3 Fix performance change in SecurityFlag 2022-06-23 08:46:33 +02:00