codeql

mirror of https://github.com/github/codeql.git synced 2026-02-15 14:33:40 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	78e1879c9e	Use more flowTo.	2025-12-03 14:12:08 +01:00
Nora Dimitrijević	37fff48dcd	Python/ServerSideRequestForgeryQuery python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql	2025-10-28 09:40:24 +01:00
Nora Dimitrijević	baccdcc07f	Python/PolynomialReDoSQuery python/ql/src/Security/CWE-730/PolynomialReDoS.ql	2025-10-28 09:40:21 +01:00
Jeroen Ketema	c582a9ccd6	Remove duplicate copies of `SensitiveDataHeuristics`	2025-07-14 11:38:52 +02:00
Asger F	4a2d795076	Shared: Make approximate location filtering the default behaviour	2025-07-02 14:41:02 +02:00
Asger F	a46b5f9529	Python: enable diff-informedness for poly redos using approximate related locations	2025-07-02 14:39:42 +02:00
Kasper Svendsen	2da8d61984	Run config/sync-files.py	2025-06-24 10:25:06 +02:00
Chuan-kai Lin	6c1e80df3a	Python: disable diff-informed PolynomialReDoS.ql This commit disabled diff-informed for PolynomialReDoS.ql because it could miss some alerts within diff ranges.	2025-04-24 14:57:06 -07:00
Asger F	d3b9d1d89d	JS: Partial SSRF does not select the sink location	2025-02-06 11:30:32 +01:00
Asger F	7d6abb4e0a	JS: Disable diff-informedness for full SSRF Partial SSRF uses its result in a way that prevents diff-informedness	2025-02-06 11:30:18 +01:00
Asger F	d3ee658399	Python: resolve remaining TODOs	2025-02-06 10:27:56 +01:00
Asger F	975ce064fc	Python: implement for polynomial redos	2025-02-06 10:27:45 +01:00
Asger F	e4a1847dad	Python: mass enable diff-informed data flow	2025-02-06 10:27:19 +01:00
Geoffrey White	f8659c0a4e	Sync identical files.	2025-01-10 10:26:13 +00:00
Joe Farebrother	71ab82dee0	Fix qldoc, formatting, and redundant import warnings	2024-12-09 19:55:21 +00:00
Joe Farebrother	8647073433	Copy template injection to standard pack + add jinja sinks	2024-12-09 19:47:06 +00:00
Anders Schack-Mulligen	8a5fc97b06	Python: Remove deprecated configuration classes referencing deleted api.	2024-12-03 20:08:45 +01:00
yoff	7816f34d75	Merge branch 'main' into stdlib-optparse	2024-10-01 12:48:09 +02:00
Rasmus Wriedt Larsen	431a1af628	Merge branch 'main' into threat-models	2024-09-26 11:44:24 +02:00
yoff	e7f9b5bbbc	Merge branch 'main' into stdlib-optparse	2024-09-24 20:24:00 +02:00
Joe Farebrother	48f9e0efe5	Adress review comments: Add missing deprecation + additional test case	2024-09-23 10:57:04 +01:00
Rasmus Wriedt Larsen	4a21a85e73	Merge branch 'main' into threat-models	2024-09-23 11:19:58 +02:00
Joe Farebrother	3001a570b2	Replace uses of StringConstCompare	2024-09-20 14:47:22 +01:00
Rasmus Wriedt Larsen	528f08fb83	Python: Make queries use ActiveThreatModelSource	2024-09-10 14:32:35 +02:00
Joe Farebrother	d1cca13563	Merge pull request #17314 from joefarebrother/python-x509-cert Python: Exclude certificate classification fo sensitive data queries	2024-09-09 10:48:36 +01:00
erik-krogh	20dfdc9661	delete some deprecated files	2024-09-03 20:30:59 +02:00
erik-krogh	0fdd06fff5	use my script to delete outdated deprecations	2024-09-03 20:30:58 +02:00
Joe Farebrother	ec7ad84cd1	Update formatting	2024-08-30 13:51:33 +01:00
Joe Farebrother	5360192a58	Apply review suggestions - change = to in Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2024-08-30 13:25:59 +01:00
Joe Farebrother	1cb23e7e86	Exclude certificates from being cinsidered sensitive data by cleartext-storage and cleartext-logging queries	2024-08-27 14:18:39 +01:00
Joe Farebrother	123214cb2b	Promoto cookie injection query	2024-07-16 16:49:56 +01:00
Joe Farebrother	8152ec7472	Merge pull request #16696 from joefarebrother/python-cookie-write-headers Python: Model CookieWrites from HeaderWrites	2024-07-11 14:25:54 +01:00
Rasmus Lerchedahl Petersen	a3076f4f72	Python: fix test expectations, add missing sanitizer	2024-06-26 13:27:32 +02:00
Joe Farebrother	b71ba7c30f	Move Header Write derrived concepts to Concepts	2024-06-24 17:26:51 +01:00
Rasmus Lerchedahl Petersen	f0e68887d4	Python: autoformat	2024-06-20 10:59:39 +02:00
Rasmus Lerchedahl Petersen	5cb37f5c4c	python: Document MaD format - add a few tests reflecting the documentation - make the mentioned sink-kinds have an effect on relevant queries	2024-06-19 17:00:15 +02:00
Joe Farebrother	93f10fcf14	Add sanitizers for compiled regexes	2024-06-11 15:44:16 +01:00
Joe Farebrother	6ac46b8436	Add additional sanitizers to SSRF for methods that restrict the contents of a string.	2024-06-03 23:23:25 +01:00
Sid Shankar	859e8db5f2	Fixes typo in deprecation notice	2024-06-03 16:31:29 +00:00
Joe Farebrother	01a6c5e82f	Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics	2024-05-21 09:07:13 +01:00
Joe Farebrother	9aff22c664	Fix typos in sensitive data regex	2024-05-09 09:39:03 +01:00
Joe Farebrother	5f4bc4197b	Add private category to sensitive data heuristics	2024-05-08 10:02:00 +01:00
Joe Farebrother	2b935e575a	Add concept tests + fix typo	2024-04-24 14:05:41 +01:00
Joe Farebrother	ec4c820391	Fix deprecation	2024-04-24 14:05:41 +01:00
Joe Farebrother	eeef062f7c	Implement sinks for wsgiref + allow lists in bulk header updates + local flow	2024-04-24 14:05:39 +01:00
Joe Farebrother	fa28d94363	Added a sanitizer for replacing newlines.	2024-04-24 14:05:38 +01:00
Joe Farebrother	a88ad62c00	Implemented sinks for bulk header updates, and added corresponding tests.	2024-04-24 14:05:38 +01:00
Joe Farebrother	68d90918cf	Add to header write concept a specification of whether the name or value arg allows newlines. Ported sink defenitions from Flask and Werzeug from experimental to main. Removed experimental sink definitions for Django, as neither name nor value are vulnerable.	2024-04-24 14:05:37 +01:00
Joe Farebrother	25ffcb2fde	Split into customizations file	2024-04-24 14:05:37 +01:00
Joe Farebrother	6021d9238c	Move headers injection query and concept from experimental to main	2024-04-24 14:05:37 +01:00

1 2 3 4 5 ...

347 Commits