hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,740 Commits 1,672 Branches 157 Tags
dba5e9e9e271f107bfb7aaddc042bc23af85a827
Commit Graph

9193 Commits

Author SHA1 Message Date
Ed Minnix
dba5e9e9e2 Updates to imports 
Make some imports private
Remove unnecessary imports
 2023-03-30 11:03:48 -04:00
Edward Minnix III
c7a049a867 Mark things which can be private as private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 11:00:00 -04:00
Edward Minnix III
8250e4393c Typos and rewording 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-30 10:59:12 -04:00
Ed Minnix
58ad8e4292 ExternallyControlledFormatString change note 2023-03-29 22:43:26 -04:00
Ed Minnix
9afa051621 Move ExternallyControlledFormatStringFlow to Query.qll 2023-03-29 17:59:34 -04:00
Ed Minnix
7d9fad5733 Add change note 2023-03-29 17:59:33 -04:00
Ed Minnix
3eaa94a5d2 Move ResponseSplitting configuration to ResponseSplittingQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
e3af8b2c7f Move LdapInjectionLib to LdapInjectionQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
1add692643 Move XssConfig to XssQuery.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
19a94a5c13 Move InsecureBeanValidation configuration to Query.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
367042bcff Move ZipSlip configurations to Query.qll library 2023-03-29 17:59:33 -04:00
Ed Minnix
ce2cab0d2e Move TaintedPath configurations to Query.qll 2023-03-29 17:59:33 -04:00
Ed Minnix
744f2653f0 Add QLdoc for RemoteUserInputToArgumentToExecFlow 2023-03-29 11:45:09 -04:00
Ed Minnix
a3c1d08a59 Fix ExecUnescaped 2023-03-29 11:45:09 -04:00
Ed Minnix
25359d2218 Deprecate execTainted 2023-03-29 11:45:09 -04:00
Ed Minnix
dcd703f1a9 Update to the TaintTracking::Global api 2023-03-29 11:45:09 -04:00
Ed Minnix
bbf7c67f9b Remove unnecessary private markers (CommandLine and Request forgery) 2023-03-29 11:45:09 -04:00
Ed Minnix
0249890747 Refactor CommandLineQuery.qll 2023-03-29 11:45:09 -04:00
Edward Minnix III
117a983423 Merge pull request #12639 from egregius313/egregius313/java/refactor-injection-queries 
Java: Refactor injection queries to new dataflow API
 2023-03-29 11:02:18 -04:00
Anders Schack-Mulligen
d0fa7c7ff8 Merge pull request #12683 from aschackmull/java/rangeanalysis-add 
Java: Support double-recursive range analysis bounds for addition.
 2023-03-29 13:39:59 +02:00
Ed Minnix
c8579d8c26 RegexInjection docs 2023-03-29 07:24:32 -04:00
Ed Minnix
17cdd16c19 Fix miscopied isBarrier in JndiInjectionQuery 2023-03-29 07:23:13 -04:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Anders Schack-Mulligen
7844384768 Java: Add change note. 2023-03-29 11:39:07 +02:00
Tony Torralba
ce191e1f9f Fix InsecureLdapAuth tags 2023-03-28 17:10:33 +02:00
Edward Minnix III
b00104ebe3 Merge pull request #12458 from egregius313/egregius313/promote-insecure-ldap-authentication 
Java: Promote LDAP Authentication Query
 2023-03-28 10:39:17 -04:00
Edward Minnix III
97ec808a6f Make configuration public 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-28 10:28:15 -04:00
Anders Schack-Mulligen
7c74fd07e9 Merge pull request #12684 from aschackmull/dataflow/remove-footgun 
Dataflow: Remove accidentally exposed predicates.
 2023-03-28 15:14:58 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Anders Schack-Mulligen
3b0095725c Java: Adjust test expectation. 2023-03-28 14:00:25 +02:00
Anders Schack-Mulligen
47e7aa9566 Dataflow: Add change note. 2023-03-28 13:17:48 +02:00
Anders Schack-Mulligen
d406b051fc Dataflow: Remove accidentally exposed predicates. 2023-03-28 10:04:21 +02:00
Anders Schack-Mulligen
b5c66c514e Java: Support double-recursive range analysis bounds for addition. 2023-03-28 09:52:05 +02:00
github-actions[bot]
2573efa358 Add changed framework coverage reports 2023-03-28 00:17:02 +00:00
Ed Minnix
3d033fd727 Fix SqlConcatenated 2023-03-27 13:06:31 -04:00
Ed Minnix
9bfb13b942 Update to the Global/flow* api 2023-03-27 12:26:18 -04:00
Edward Minnix III
106e5e7145 Docs review suggestion 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Edward Minnix III
43d79dc5b8 Apply docs review suggestions 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Ed Minnix
0eaf222b54 Move public classes/predicates to top of library file 2023-03-27 12:16:44 -04:00
Ed Minnix
f28f1af5a4 Add InsecureLdapUrlSink 2023-03-27 12:16:44 -04:00
Edward Minnix III
24d4859149 Import changes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Edward Minnix III
151357d02d Make classes/predicates not used outside of query private 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-27 12:16:44 -04:00
Ed Minnix
658c54a18f Change names of configuration to fit new naming convention 2023-03-27 12:16:44 -04:00
Ed Minnix
cb58936c08 Documentation changes 2023-03-27 12:16:44 -04:00
Ed Minnix
752620a34d Rename SSL configuration and fix PathGraph 2023-03-27 12:16:44 -04:00
Ed Minnix
efdfc2d0c3 Change version of PathNode used to appropriate module 2023-03-27 12:16:44 -04:00
Ed Minnix
59ce0d7682 Documentation changes 2023-03-27 12:16:44 -04:00
Ed Minnix
0f4709e769 Add change note 2023-03-27 12:16:44 -04:00
Ed Minnix
db60c08de7 Add security severity 2023-03-27 12:16:44 -04:00
Ed Minnix
6a0167fa7f Convert to using the new DataFlow modules 2023-03-27 12:16:44 -04:00