hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,307 Commits 1,780 Branches 169 Tags
7dee22a1302ae997d8d2ed62bb73c51ce4f1fb09
Commit Graph

32307 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
Jonathan Leitschuh
eee521e6ce Fix test failure for TempDirLocalInformationDisclosure 2022-02-10 10:40:40 -05:00
Jonathan Leitschuh
bafcce17d4 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 22:14:17 -05:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
Jonathan Leitschuh
787e3dac31 Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-09 10:07:56 -05:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
Chris Smowton
79654592d9 Apply suggestions from code review 2022-02-08 10:23:46 +00:00
Jonathan Leitschuh
c4112e6d4c Post refactor fixiup 2022-02-07 15:02:13 -05:00
Chris Smowton
de38638db6 Combine CWE-200 queries 2022-02-07 14:22:36 -05:00
Jonathan Leitschuh
1f47ea5164 Update to new change note format 2022-02-04 17:16:12 -05:00
Jonathan Leitschuh
0268dd9f0a Add file creation sanitizer 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
9299c7996d Add information disclosure test fix suggestions 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
0a621c2801 Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
79db76dcf8 Fix test failures TempDirLocalInformationDisclosureFromSystemProperty 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
d5c9af31b2 Fixup documentation/code from PR feedback 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
f7a4aac525 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a4b5573f53 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a8d25b63ac Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-04 17:10:26 -05:00
Chris Smowton
e795823d97 Autoformat TempDirUtils.qll 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
7e514e9ef9 Add QLdoc and fix Compiler Errors in Tests 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
cb30385684 Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
df716cbaa0 Revert changes to MethodAccessSystemGetProperty 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
66831989b7 Add QLdoc to TempDirUtils 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7e55c92eb4 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
c19f52cd04 Add release notes for "Temporary Directory Local information disclosure" 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f6067d28f9 Fix file names and formatting from PR feedback 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
41b5011b81 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7929faedc0 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f910fd4719 Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall' 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
e4c017e888 Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
13fed0e9b6 Temp Dir Info Disclosure: Final pass and add documentation 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
bc12e994b0 Add java.nio.file.Files API checks 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
ecad7534ae Add mkdirs check 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
cf0ed81575 Add TempDir taint tracking for Files.write 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
3a15678b1e Java: CWE-200: Temp directory local information disclosure vulnerability 2022-02-04 17:10:23 -05:00
Erik Krogh Kristensen
ab2d3a7ca0 Merge pull request #7828 from Naman-ntc/main 
JS: Adding model for `.get` function of `Map` in Unvalidated Dynamic Method Call
 2022-02-04 20:19:02 +01:00
Erik Krogh Kristensen
f00d723c49 Merge pull request #7843 from erik-krogh/CVE-2021-23484 
JS: add file sources from `jszip` to `js/zip-slip`
 2022-02-04 20:17:43 +01:00
Ian Wright
6c3daf49f9 Merge pull request #7785 from github/z80coder/impose-length-restriction 
Restrict AST nodes according to string length
 2022-02-04 16:35:04 +00:00
Henry Mercer
bb1e89d261 Merge pull request #7848 from github/henrymercer/js-ml-powered-codeowners 
JS: Add codeowners for ML-powered queries
 2022-02-04 16:08:56 +00:00
Henry Mercer
22ef35e13a JS: Add codeowners for ML-powered queries 
Create a new reviewers team @github/codeql-ml-powered-queries-reviewers
for reviewing ML-powered queries and the associated CodeQL libraries.
 2022-02-04 15:49:44 +00:00
Ian Wright
be5e8dae05 Update javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-02-04 15:41:50 +00:00
Ian Wright
e57a0e0e2f Update javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-02-04 15:21:56 +00:00
Ian Wright
b38335a6c2 add QL comment; inline a predicate; restore a comment 2022-02-04 15:21:09 +00:00
Erik Krogh Kristensen
edcb3ba902 add file sources from jszip to js/zip-slip 2022-02-04 14:39:49 +01:00
yoff
182c62f5c3 Merge pull request #7838 from tausbn/python-fix-charset-performance-problem 
Python: Fix performance issue in `charSet`
 2022-02-04 14:18:13 +01:00
Michael Nebel
567768134f Merge pull request #7792 from michaelnebel/csharp/attributes 
C#: Attribute kind and return value attributes.
 2022-02-04 14:10:51 +01:00
Taus
67be20f368 Python: Remove implied inequalities 
Also gets rid of `inner_end`, since we're already doing `end - 1 = ...`
in the other fix (and so this is more consistent).
 2022-02-04 12:46:06 +00:00
Benjamin Muskalla
eee03ebe3b Merge pull request #7767 from bmuskalla/regenerateModelScript 
Java: Regenerate framework models automatically
 2022-02-04 13:29:46 +01:00
Naman Jain
009c95774e update expected files 2022-02-04 12:28:17 +00:00