hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,540 Commits 1,691 Branches 160 Tags
c2e9ffab63383da4aeefb5aafaebd8a1e563542d
Commit Graph

1309 Commits

Author SHA1 Message Date
Taus
a3c40a3ae4 Python: Add experimental tags 2023-03-27 14:23:36 +00:00
Taus
700eb04487 Python: Lower precision of non-header queries 
cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014
 2023-03-27 12:22:17 +00:00
Taus
0b4c85f8d2 Python: Autoformat and fix broken module reference 2023-03-27 12:16:44 +00:00
Taus
11c89adbe3 Merge branch 'main' into timing-attack-py 2023-03-24 15:40:33 +01:00
Anders Schack-Mulligen
21d5fa836b Python: Autoformat 2023-03-10 09:41:17 +01:00
Ahmed Farid
6a578c62b0 Update TimingAttack.qll 2023-02-27 22:16:09 +01:00
Taus
25043f51a4 Merge pull request #11376 from RasmusWL/call-graph-code 
Python: New type-tracking based call-graph
 2023-02-27 14:51:21 +01:00
Rasmus Lerchedahl Petersen
9e97877938 python: lower precision as discussed 2023-02-20 12:06:19 +01:00
Ahmed Farid
ccbb58966f Update TimingAttack.qll 2023-02-16 14:15:04 +01:00
Ahmed Farid
a421e3a3a3 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 14:14:43 +01:00
Ahmed Farid
f57861b6a3 Update TimingAttack.qll 2023-02-16 14:14:13 +01:00
Ahmed Farid
f70f5c7935 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 14:03:26 +01:00
Ahmed Farid
4b3efa87dc Update TimingAttack.qll 2023-02-16 14:01:29 +01:00
Ahmed Farid
005839b462 Update TimingAttack.qll 2023-02-16 12:49:40 +01:00
Ahmed Farid
01b865f75b Update TimingAttack.qll 2023-02-16 01:36:06 +01:00
Ahmed Farid
fbfe23b7c4 Update TimingAttack.qll 2023-02-16 01:21:50 +01:00
Ahmed Farid
b8f9b2b424 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 01:11:41 +01:00
Ahmed Farid
016136a2e3 Update TimingAttack.qll 2023-02-16 01:10:36 +01:00
Sim4n6
eed19a3e15 Fix autoformatting issues 2023-02-10 21:58:29 +01:00
Sim4n6
09df055d86 Fix the exists cast warning 2023-02-09 15:25:54 +01:00
Sim4n6
16ef50401b Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-02-09 14:59:28 +01:00
Sim4n6
4196230a8a use if-then-else rather than nested exists 2023-02-08 21:46:50 +01:00
Sim4n6
9e285020a1 Comment modif + remove redundant cast 2023-02-08 21:14:53 +01:00
Sim4n6
ec82d61991 Add another frequently used step 2023-02-05 14:36:17 +01:00
Sim4n6
1a8c9abee2 Incorporate Sink & Source as steps from TarSlipQry 2023-02-02 21:09:40 +01:00
Sim4n6
7079def7ce Add an S3 source with Session or download_fileobj 2023-01-30 00:49:23 +01:00
Sim4n6
0707064ab5 Constrain the save/path step 2023-01-28 10:14:24 +01:00
Sim4n6
a4aaf0ec6f Remove a write step & update the builtin open step 2023-01-28 09:53:54 +01:00
Sim4n6
0e2f37825d Organize steps to correspond to the sample code 2023-01-27 23:58:03 +01:00
Sim4n6
ee213123ac Add builtin open as an additional step 2023-01-27 18:16:11 +01:00
Sim4n6
0b27b1314a Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-27 16:12:08 +01:00
Sim4n6
8ef2aa00e7 Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-27 16:07:39 +01:00
Sim4n6
207ed3da9c Constrain the object & the call 2023-01-27 15:07:20 +01:00
Sim4n6
e41042418a Update the import relative to the dataflow config 2023-01-27 13:46:57 +01:00
Sim4n6
bca053f855 Move the config query to the parent directory 2023-01-27 13:42:14 +01:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Sim4n6
1a211485a4 Restrain the source and add two steps. 2023-01-26 17:07:59 +01:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-25 19:44:28 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Wriedt Larsen
1bd969c219 Merge branch 'main' into call-graph-code 2023-01-20 15:11:49 +01:00
yoff
5a82012d03 Merge pull request #11854 from yoff/python/fix-tarslip-improv-bug 
Python: fix bug  in `py/tarslip-extended`
 2023-01-17 20:44:06 +01:00
Rasmus Wriedt Larsen
61151d4aa7 Merge branch 'main' into call-graph-code 2023-01-16 13:39:15 +01:00
Rasmus Lerchedahl Petersen
c142495a8b python: simplify code 2023-01-09 17:51:45 +01:00