hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,327 Commits 1,691 Branches 159 Tags
820db43945feb799928fbae4ed5253d030833dc7
Commit Graph

53327 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maiky
820db43945 Add ERB Template Injection Sink 2023-04-13 17:21:31 +02:00
Edward Minnix III
aeff6d3b85 Merge pull request #12808 from egregius313/egregius313/java/dataflow/refactor-experimental 
Java: Refactor experimental queries to new DataFlow API
 2023-04-13 10:58:34 -04:00
Michael Nebel
52bc43b22b Merge pull request #12595 from michaelnebel/enhanceprovenance 
Java/C# : Enhance provenance.
 2023-04-13 14:27:53 +02:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Tony Torralba
4c6df3fdb9 Merge pull request #12813 from atorralba/atorralba/java/sensitive-expr-fix-and-tests 
Java: Add tests for SensitiveActions and fix getCommonSensitiveInfoRegex
 2023-04-13 13:13:37 +02:00
Taus
6968de2ccc Merge pull request #12796 from github/tausbn/python-clarify-version-data 
Python: Clarify version data
 2023-04-13 13:05:10 +02:00
Michael Nebel
72e0235718 Merge pull request #12723 from michaelnebel/csharp/refactordataflow2 
C#: Re-factor queries to use the new API.
 2023-04-13 12:32:22 +02:00
Tony Torralba
7d0680a280 Update JsonpInjection test expectations 2023-04-13 12:06:54 +02:00
Tony Torralba
d7feaf4098 Merge pull request #12685 from atorralba/atorralba/java/command-injection-mad 
Java: Add command-injection sink kind and refactor command injection queries
 2023-04-13 11:38:14 +02:00
Michael Nebel
2d2d32a3f6 Merge pull request #12732 from michaelnebel/csharp/refactorunittests 
C#: Re-factor data flow unit tests to use the new API.
 2023-04-13 11:30:44 +02:00
Henry Mercer
afd577ca9d Merge pull request #12814 from github/henrymercer/remove-legacy-atm-checks 
ATM: Remove legacy model integration PR checks
 2023-04-13 10:17:28 +01:00
Tony Torralba
4f2ffccc20 Improve change note 2023-04-13 11:14:57 +02:00
Henry Mercer
94f996f23f ATM: Remove legacy model integration PR checks 2023-04-13 10:00:52 +01:00
Tony Torralba
99b0624e8b Add change note 2023-04-13 10:35:59 +02:00
Tony Torralba
485709a133 Fix getCommonSensitiveInfoRegex 2023-04-13 10:33:03 +02:00
Tony Torralba
84971c8687 Add SensitiveActions tests 2023-04-13 10:32:23 +02:00
Erik Krogh Kristensen
9853241425 Merge pull request #12810 from asgerf/ql/missing-noinline-cached 
QL: Don't warn about cached predicates possibly being inlined
 2023-04-13 10:16:15 +02:00
Michael Nebel
3a316f17cc C#: Re-factor SqlInjection to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
60a0917ced C#: Re-factor ResourceInjection to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
80e8b6928d C#: Re-factor RegexInjection to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
377b2d7515 C#: Re-factor ReDoS to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
8d17a45dd0 C#: Re-factor MissingXmlValidation to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
8e3bfda7be C#: Re-factor LogForging to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
8284487407 C#: Explicitly add QL Doc for the LdapInjectionConfig predicates. 2023-04-13 10:08:40 +02:00
Michael Nebel
73cd7519a2 C#: Re-factor LdapInjection to use the new API. 2023-04-13 10:08:40 +02:00
Michael Nebel
91150af11e C#: Re-factor HardcodedConnectionString to use the new API. 2023-04-13 10:08:39 +02:00
Michael Nebel
3bda0b9e8c C#: Re-factor HardcodedCredentials to use the new API. 2023-04-13 10:08:39 +02:00
Michael Nebel
d94b11b001 C#: Re-factor ExtertalApisQuery to use the new API. 2023-04-13 10:08:39 +02:00
Michael Nebel
169d8d5cf9 Java: All ai-generated models have been manually verified. 2023-04-13 09:21:06 +02:00
Michael Nebel
dc8a31f2c5 C#/Java: Update dataflow model generator related comments to include provenance. 2023-04-13 09:21:06 +02:00
Michael Nebel
de7f486cb1 C#/Java: Update model converter queries. 2023-04-13 09:21:06 +02:00
Michael Nebel
574f568c26 Java: Update model generator expected output. 2023-04-13 09:21:06 +02:00
Michael Nebel
24c525935f C#: Update model generator expected output. 2023-04-13 09:21:06 +02:00
Michael Nebel
df7d58d101 Java: Adjust model generator printing to the new provenance. 2023-04-13 09:21:06 +02:00
Michael Nebel
df6d9e1e64 Java: Add printing param module to sync files. 2023-04-13 09:21:05 +02:00
Michael Nebel
6a7092dc63 C#: Make a parameterized module for model printing and adjust the model generator printing to the new provenance. 2023-04-13 09:21:05 +02:00
Michael Nebel
dab4a61159 C#: Update flowsummaries expected test output. 2023-04-13 09:21:05 +02:00
Michael Nebel
6593991c13 Java/C#: Update generated models to have provenance df-generated. 2023-04-13 09:21:05 +02:00
Michael Nebel
03482e5e59 Java/C#: Update the internal documentation. 2023-04-13 09:21:05 +02:00
Michael Nebel
917cf7bfee Go: Update provenance validation. 2023-04-13 09:21:05 +02:00
Michael Nebel
37abdc7a51 C#: Adjust the implementation to use the new predicates and Provenance. 2023-04-13 09:21:05 +02:00
Michael Nebel
1d82b09ec1 Sync files. 2023-04-13 09:21:05 +02:00
Michael Nebel
54e55e2262 Java: Introduce more provenance values. 2023-04-13 09:21:04 +02:00
Michael Nebel
efc0650b86 Java: Set the provenance default to manual. 2023-04-13 09:21:04 +02:00
Ed Minnix
2edad6ec71 Remove unused import 2023-04-12 20:42:26 -04:00
Ed Minnix
c756bdbc30 Fix naming in SensitiveCookieNotHttpOnly 2023-04-12 20:39:18 -04:00
Ed Minnix
c49bf01dc8 Refactor PermissiveDotRegex.ql 2023-04-12 20:37:36 -04:00
Ed Minnix
5164c2480f Refactor SensitiveCookieNotHttpOnly 2023-04-12 20:37:36 -04:00
Ed Minnix
8f7d8cbcea Refactor timing attack queries 2023-04-12 20:37:36 -04:00
Ed Minnix
597949dbfe Refactor PermissiveDotRegexQuery 2023-04-12 20:37:36 -04:00