hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
67,210 Commits 1,747 Branches 166 Tags
b64cb4da0937a62d50b866acdb7469b5f0304c8b
Commit Graph

9699 Commits

Author SHA1 Message Date
am0o0
b64cb4da09 remove a part of code related to debugging :) 2024-08-07 20:37:20 +02:00
am0o0
e4deb7d304 apply autoformating for HardcodedCredentials.ql 2024-08-05 14:58:37 +02:00
am0o0
fce183c7cb apply autoformat to HardcodedCredentialsCustomizations.qll 2024-08-05 14:25:15 +02:00
am0o0
354fcbe7fe apply changes from @erik-krogh 2024-08-01 20:14:36 +02:00
am0o0
b360c8adb8 Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate. 
According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
 2024-07-01 15:00:08 +02:00
am0o0
5a1877547f update test cases of __tests__/ dir 
since we want to check if a jwt related sink is in this dir or not
 2024-07-01 14:50:07 +02:00
am0o0
6ecd8b7ee8 add new default cred kind 2024-07-01 14:42:34 +02:00
am0o0
fa8c457015 move the TextEncoder and Buffer jose.base64url taint steps to a local query taint step 2024-07-01 12:11:53 +02:00
am0o0
60aa711005 implement TextEncoderStep taint step with globalVarRef predicate 2024-07-01 11:59:05 +02:00
am0o0
65fdb8ccce move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results 2024-07-01 11:38:17 +02:00
am0o0
5a69bbf6b0 use isTestFile from ClassifyFiles module file instead previous where condition, update tests accordingly 2024-06-07 06:11:48 +02:00
am0o0
e4ffdb848e add tests for new where condition, update expected test results 2024-06-06 14:30:06 +02:00
am0o0
ee05ec0386 remove sanitnzer and add a where condition instead 
use a simpler where condition(the former sanitizer) for overcoming performance problems
 2024-06-06 14:16:41 +02:00
am0o0
61a11c6512 Or to or in docs 2024-06-06 14:10:15 +02:00
am0o0
71dfdfaa92 remove the debug query 2024-05-27 09:33:10 +02:00
am0o0
c2f96a1352 fix a document 2024-05-25 19:35:20 +02:00
am0o0
5d98ec33ab stash: add debug query 2024-05-25 13:06:41 +02:00
am0o0
d77513579f update tests 2024-05-25 12:15:25 +02:00
Am
2226f5126b Merge branch 'main' into amammad-js-hardcodedJWTKey 2024-05-25 13:40:46 +03:30
am0o0
4e365e242c fix conflict 2024-05-25 12:08:05 +02:00
am0o0
20c087ce39 update tests 2024-05-25 12:06:07 +02:00
am0o0
c299b5657a Revert "stash" 
This reverts commit bdee99ae88.
 2024-05-25 12:03:00 +02:00
am0o0
1860af075d fix conflict 2024-05-25 12:01:12 +02:00
Erik Krogh Kristensen
c743abad54 Merge pull request #14294 from am0o0/amammad-js-CodeInjection_execa 
JS: provide command execution sinks for execa package
 2024-05-24 09:20:19 +02:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
erik-krogh
c80f48b23a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-23 08:02:22 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
erik-krogh
a30bac14e9 add change-note 2024-05-21 22:14:39 +02:00
erik-krogh
61c72361cd move the "isFileTooLarge" earlier in the pipeline, so we're only doing it once 2024-05-21 20:01:24 +02:00
erik-krogh
241f977488 fix that very large TypeScript files would crash the extractor 2024-05-21 19:52:43 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
Erik Krogh Kristensen
03cf9b702c Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
am0o0
42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
56dff8540f add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh
066f3b61a2 RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Chuan-kai Lin
1758a1e04b Merge pull request #16422 from github/cklin/javascript-entities-reorder 
JS: Use entities in reorder directives
 2024-05-13 10:26:41 -07:00
amammad
bdee99ae88 stash 2024-05-13 14:37:05 +02:00
Joe Farebrother
da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Chuan-kai Lin
9b51e0e0ee JS: Use entities in reorder directives 2024-05-03 11:17:13 -07:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
erik-krogh
d9e8e0e00a use some more standard values for credentials-kind for NodeJS client credentials 2024-05-03 13:58:37 +02:00
erik-krogh
ff85db36e2 exclude credentials as kind key from hardcoded-credentials when the key looks like a dummy password 2024-05-03 13:58:11 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00