hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,033 Commits 1,703 Branches 162 Tags
d806fcae3d98fabb4fd093477171f196cc5ca6cc
Commit Graph

63033 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Joe Farebrother
143ce0b94a Add sensitive notification query 2024-01-23 09:51:37 +00:00
Michael Nebel
95a200453b Merge pull request #15404 from michaelnebel/csharp/inlinearraydummystats 
C#: Add dummy stats for inline_array_type.
 2024-01-23 09:17:18 +01:00
Michael Nebel
123e86e0e0 C#: Add dummy stats for inline_array_type. 2024-01-23 08:29:01 +01:00
Erik Krogh Kristensen
97071b0dc7 Merge pull request #15403 from github/dependabot/cargo/ql/chrono-0.4.32 
Bump chrono from 0.4.31 to 0.4.32 in /ql
 2024-01-23 08:20:28 +01:00
dependabot[bot]
e9a1fa9592 Bump chrono from 0.4.31 to 0.4.32 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.31 to 0.4.32.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.31...v0.4.32)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-23 03:12:14 +00:00
Taus
24b37ffd36 Merge pull request #15187 from github/max-schaefer/py-url-redirection 
Python: Add support for more URL redirect sanitisers.
 2024-01-22 23:19:36 +01:00
Max Schaefer
5c43a0b1e4 Merge pull request #15356 from github/max-schaefer/automodel-void-source-candidates 
Automodel: Switch tests to inline expectations
 2024-01-22 17:05:10 +00:00
Geoffrey White
0a8869c636 Merge pull request #15385 from geoffw0/swiftfiles 
Swift: Report any extracted file as successfully extracted
 2024-01-22 14:24:05 +00:00
Max Schaefer
a4639c7ff9 Update qhelp to mention solution using urlparse. 2024-01-22 13:36:12 +00:00
Max Schaefer
17e3a45ad7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2024-01-22 13:36:12 +00:00
Max Schaefer
98178458d0 Python: Add support for more URL redirect sanitisers. 
Since some sanitisers don't handle backslashes correctly, I updated the data-flow configuration to incorporate a flow state tracking whether or not backslashes have been eliminated or converted to forward slashes.
 2024-01-22 13:24:18 +00:00
Max Schaefer
99c99145a2 Rename {source,sink}Model to {source,sink}ModelCandidate. 2024-01-22 13:10:51 +00:00
Max Schaefer
a3816d75b3 Remove redundant imports. 2024-01-22 10:54:01 +00:00
Max Schaefer
78e5a1a546 Autoformat. 2024-01-22 10:45:33 +00:00
Erik Krogh Kristensen
6533269387 Merge pull request #15392 from github/dependabot/cargo/ql/regex-1.10.3 
Bump regex from 1.10.2 to 1.10.3 in /ql
 2024-01-22 08:29:35 +01:00
dependabot[bot]
eb1a0fece8 Bump regex from 1.10.2 to 1.10.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.2...1.10.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-22 03:54:51 +00:00
Geoffrey White
a39bb8c037 Swift: Rename the query file. 2024-01-19 17:58:58 +00:00
Geoffrey White
c515ea3f8a Swift: Change note. 2024-01-19 17:58:58 +00:00
Geoffrey White
ed602642b6 Swift: Basic test for getRelativePath. 2024-01-19 17:58:58 +00:00
Geoffrey White
8cf691a477 Swift: Add File.getRelativePath and update swift/diagnostics/successfully-extracted-files. 2024-01-19 17:58:58 +00:00
Chris Smowton
7e1dd38623 Merge pull request #15378 from github/smowton/admin/document-aws-lambda 
Note AWS Lambda support
 2024-01-19 12:11:28 +00:00
Chris Smowton
79928b9f76 Be consistent 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-01-19 10:44:36 +00:00
Chris Smowton
e999e38b43 Note AWS Lambda support 
JS/TS support is old; noting for symmetry with advertised support in Python. Golang support is new as of https://github.com/github/codeql/pull/15373
 2024-01-19 10:33:40 +00:00
Tony Torralba
7e7175f49d Merge pull request #15373 from atorralba/atorralba/go/aws-lambda-sources 
Go: Add flow sources for AWS Lambda function handlers
 2024-01-19 11:21:20 +01:00
Joe Farebrother
4de19b3ec9 Merge pull request #15039 from joefarebrother/csharp-razor-flow-page-models 
C#: Add flow steps from a PageModel to cshtml page.
 2024-01-19 10:07:25 +00:00
Tony Torralba
8d6aa281b9 Update go/ql/lib/semmle/go/frameworks/AwsLambda.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-01-19 10:48:34 +01:00
Tony Torralba
9a0fb39382 Model StartWithContext 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-01-19 09:25:35 +01:00
Tony Torralba
d3a9a5ec3f Update go/ql/lib/semmle/go/frameworks/AwsLambda.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-01-19 09:22:46 +01:00
Michael Nebel
24855ddc64 Merge pull request #15328 from michaelnebel/csharp/inlinearrays 
C# 12: Inline array support.
 2024-01-19 09:11:26 +01:00
Michael Nebel
cb53ca4e1f Merge pull request #15367 from michaelnebel/csharp/nullablesimpletypesanitizer 
C#: Consider nullable simple types as sanitizers.
 2024-01-19 09:09:36 +01:00
Aditya Sharad
a3c0425eb3 Merge pull request #15349 from github/remove-codeql-cli-docs 
Remove outdated CodeQL CLI docs
 2024-01-18 09:45:05 -08:00
Alex Ford
9536fb5cae Merge pull request #15372 from github/rb/docs-ruby-3-3 
Ruby: update supported version to 3.3
 2024-01-18 14:47:15 +00:00
Tony Torralba
1d7dbec719 Go: Add flow sources for AWS Lambda function handlers 2024-01-18 15:17:21 +01:00
Michael B. Gale
d8eef2716b Merge pull request #15360 from github/mbg/csharp/redefine-successfully-extracted-files 2024-01-18 14:09:20 +00:00
Michael Nebel
43350b0664 C#: Add change note. 2024-01-18 13:55:18 +01:00
Michael Nebel
9e9b5292f2 C#: Add change note. 2024-01-18 13:50:52 +01:00
Michael B. Gale
d0003ce7be C#: Rename query to ExtractedFiles 2024-01-18 12:47:11 +00:00
Michael Nebel
337ab611c9 C#: Update expected test output. 2024-01-18 12:53:48 +01:00
Michael Nebel
9460c91c8c C#: Also consider nullable simple types (and datetime) as simple type sanitizers. 2024-01-18 12:53:29 +01:00
Michael Nebel
559842071a C#: Add example of log forging alert for simple nullable types and updated expected test output. 2024-01-18 12:50:40 +01:00
Michael Nebel
f8f95e6a19 C#: Add models as data test for inline arrays. 2024-01-18 12:23:26 +01:00
Michael Nebel
1d88ca2388 C#: Add more InlineArray test cases. 2024-01-18 12:23:26 +01:00
Michael Nebel
70e7c92774 C#: Also check the namespace of the InlineArrayAttribute. 2024-01-18 11:09:01 +01:00