hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,338 Commits 1,673 Branches 157 Tags
77df65f2bc85d9c60e9b8c128b3a018e3476aa8d
Commit Graph

605 Commits

Author SHA1 Message Date
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
Joe Farebrother
8c277bd1d9 Merge pull request #20494 from joefarebrother/python-insecure-cookie-split 
Python: Split Insecure Cookie query into multiple queries
 2025-10-24 11:10:20 +01:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
2f22acdd06 Remove hashing example when not covered by query 2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1 Remove erroneous comma 2025-10-08 14:08:36 +01:00
Joe Farebrother
cb7b1efe81 Update alert message 2025-09-25 09:52:27 +01:00
Joe Farebrother
55fd7c85c6 Update documentation 2025-09-23 15:50:27 +01:00
Joe Farebrother
1208195d8a Align alert messages across languages. 2025-09-23 15:46:53 +01:00
Joe Farebrother
2cffb21604 Update and fix tests 2025-09-23 15:41:09 +01:00
Joe Farebrother
d28e8004fd Add sensitive data heuristic 2025-09-23 10:08:08 +01:00
Joe Farebrother
6eac6b7258 Rename qhelp file 2025-09-19 17:03:19 +01:00
Joe Farebrother
2e95c2b3c2 Split test cases for insecure cookie queries 2025-09-19 14:41:02 +01:00
Joe Farebrother
04316d306f Update qhelp 2025-09-19 12:42:30 +01:00
Joe Farebrother
7eabed6594 Split insecure cookies queries into 3 queries 2025-09-18 13:34:10 +01:00
Michael Nebel
90caded4fe Apply suggestion from @aschackmull 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-02 13:08:31 +02:00
Michael Nebel
dbd31259b3 Python: Fix some Ql4Ql violations. 2025-09-01 15:16:25 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Kevin Stubbings
04476ca5f4 Add more choices to SSRF remediation 2025-02-25 00:16:48 -08:00
Asger F
d3ee658399 Python: resolve remaining TODOs 2025-02-06 10:27:56 +01:00
Asger F
975ce064fc Python: implement for polynomial redos 2025-02-06 10:27:45 +01:00
Asger F
e4a1847dad Python: mass enable diff-informed data flow 2025-02-06 10:27:19 +01:00
Joe Farebrother
8a778da253 Apply suggestions from docs review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-12-09 19:58:00 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
6e16ed52e8 Reveiw suggestions: Spelling/grammar fixes 
Co-authored-by: Taus <tausbn@github.com>
 2024-12-09 19:56:59 +00:00
Joe Farebrother
f0163894b6 fix link in qhelp refs 2024-12-09 19:56:25 +00:00
Joe Farebrother
4602c5c905 Remove experimental version + qhelp fixes 2024-12-09 19:56:18 +00:00
Joe Farebrother
e4e02ec674 Add security severity + fix qhelp 2024-12-09 19:56:03 +00:00
Joe Farebrother
02f395f5f8 Add qhelp 2024-12-09 19:55:57 +00:00
Joe Farebrother
1cb01a286d Add tests for jinja 2024-12-09 19:55:36 +00:00
Anders Schack-Mulligen
8a5fc97b06 Python: Remove deprecated configuration classes referencing deleted api. 2024-12-03 20:08:45 +01:00
Chris Smowton
5f31adc1f4 Update InsecureCookie.qhelp 
Gratuitous commit to nudge CI
 2024-10-30 09:34:49 +00:00
Charmander
a97998811a Fix typo and grammar in InsecureCookie.qhelp 2024-10-30 07:29:20 +00:00
Felicity Chapman
fcb2b5730f Update CookieInjection.ql to remove period 2024-08-15 13:17:13 +01:00
Joe Farebrother
1127b08635 Merge branch 'main' into python-cookie-concept-promote 2024-07-29 10:26:03 +01:00
Joe Farebrother
8f714c631f Code reveiw suggestions. correction in changenote + style in example 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-24 21:37:12 +01:00
Joe Farebrother
93f70b3ad9 Add unit tests 2024-07-23 10:15:23 +01:00
Joe Farebrother
226e4eb8a5 Use a 3-valued newtype for hasSameSiteAttribute 2024-07-23 10:14:45 +01:00
Joe Farebrother
df5569fda9 Add documentation 2024-07-23 10:14:40 +01:00
Joe Farebrother
033dd9f8a6 Promote insecure cookie query 2024-07-23 10:14:22 +01:00
Joe Farebrother
baf51334e4 Update documentation 2024-07-19 09:13:30 +01:00
Joe Farebrother
8d93c3a852 Move to cwe-20 2024-07-16 16:50:08 +01:00
Joe Farebrother
e885f1f8c4 Add documentation 2024-07-16 16:50:05 +01:00
Joe Farebrother
983bdb92a1 Add test cases + remove redundant import 2024-07-16 16:50:00 +01:00
Joe Farebrother
123214cb2b Promoto cookie injection query 2024-07-16 16:49:56 +01:00
Mathew Payne
96048f962e Update python/ql/src/Security/CWE-798/HardcodedCredentials.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-07-01 14:29:00 +01:00
Mathew Payne
1cf9714272 feat(python): Add Hardcoded Credentials MaD support 2024-06-28 14:30:36 +01:00
Rasmus Wriedt Larsen
121ca129bc Update qhelp with https:/example.com handling 2024-06-03 10:17:10 +02:00
Joe Farebrother
ab23d0ad23 Merge branch 'main' into python-promote-header-injection 2024-05-08 13:49:00 +01:00