codeql

mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00

Author	SHA1	Message	Date
Max Schaefer	b057cbee7b	Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup Polish CWE-327 (weak TLS config) query	2020-08-03 10:28:53 +01:00
Chris Smowton	2a7754af59	Factor ErrorType out of two duplicate tests	2020-07-30 17:25:53 +01:00
Chris Smowton	4b6810eefc	InsecureFeatureFlag: make getAFlag a member of FlagKind	2020-07-30 17:23:01 +01:00
Chris Smowton	7dd20107fe	Insecure-TLS query: trivial style and typo fixes	2020-07-30 17:18:54 +01:00
Chris Smowton	cce3a70412	Insecure-TLS: restrict sources to potentially interesting integers.	2020-07-29 16:46:36 +01:00
Chris Smowton	d0e86f787d	SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.	2020-07-29 16:06:38 +01:00
Chris Smowton	e89cd16cb1	Move query-specific flag definitions into their respective .ql files	2020-07-29 15:21:49 +01:00
Chris Smowton	f31ed52943	Clean up InsecureFeatureFlag Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.	2020-07-29 15:15:50 +01:00
Chris Smowton	f162a5be94	Promote CWE-322 out of experimental status	2020-07-29 14:43:47 +01:00
Chris Smowton	abfae4365f	Move CWE-327 out of experimental	2020-07-28 15:47:44 +01:00
Chris Smowton	88cb435843	Split security flags into more distinct categories There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.	2020-07-28 13:54:37 +01:00
Chris Smowton	6058c90485	Factor predicates for identifying security-related feature flags from DisabledCertificateCheck	2020-07-28 10:31:44 +01:00
Owen Mansel-Chan	2282def1e2	Merge pull request #180 from owen-mc/email-injection Move email injection query out of experimental folder	2020-06-17 15:11:31 +01:00
Owen Mansel-Chan	83697f62ac	Address review comments on qhelp	2020-06-17 14:21:37 +01:00
Owen Mansel-Chan	f926808c8a	Address review comments	2020-06-17 10:11:41 +01:00
Owen Mansel-Chan	336eba1be4	Add Hash.Write and similar as sanitizers	2020-06-16 12:48:43 +01:00
Owen Mansel-Chan	f27ecdabb8	Set precision to high	2020-06-15 17:42:19 +01:00
Owen Mansel-Chan	4f6ce61de2	Move EmailInjection query out of experimental	2020-06-15 17:42:19 +01:00
Sauyon Lee	66f733d798	Use allow or allowlist instead of whitelist	2020-06-12 09:16:41 -07:00
Sauyon Lee	9e5645fa9d	Add similar predicate to SsaWithFields	2020-05-13 03:56:55 -07:00
Sauyon Lee	cd1d699208	Improve BadRedirectCheck query We now look for a path from the variable being checked to a redirect. Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.	2020-05-01 07:13:16 +01:00
Max Schaefer	245b99dd42	Fix misformatted header comment for `DisabledCertificateCheck`.	2020-04-16 08:43:33 +01:00
Max Schaefer	be9e9720d5	Introduce class `TestFile` and use it.	2020-04-09 09:16:45 +01:00
Max Schaefer	ddf2bdb44b	Autoformat all QL.	2020-04-08 07:32:43 +01:00
Max Schaefer	8fba9a98d4	Add new query DisabledCertificateCheck.	2020-04-07 09:01:41 +01:00
Sauyon Lee	4b3982154a	Add a SafeUrlFlow configuration	2020-04-02 23:58:35 -07:00
Sauyon Lee	4bcffe2d47	RequestForgery: Add a safe URL sanitizer	2020-04-02 23:58:34 -07:00
Sauyon Lee	1c859a8991	Address review comments	2020-04-02 23:58:33 -07:00
Sauyon Lee	89a03c8b67	RequestForgery: Add high precision	2020-04-02 23:49:58 -07:00
Sauyon Lee	6876eabf54	RequestForgery: Add query help	2020-04-02 23:49:54 -07:00
Sauyon Lee	b23c75afb6	RequestForgery: move query from experimental	2020-04-02 23:49:53 -07:00
intrigus	be21d49cf2	Add precision to query	2020-04-01 16:15:24 +02:00
intrigus	26cfa93947	Ignore type incompatible sinks	2020-03-27 21:32:53 +01:00
intrigus	d609c0ca43	Shorten example code	2020-03-27 15:31:20 +01:00
intrigus	c5a1185939	Apply style suggestions	2020-03-27 15:29:21 +01:00
intrigus	be50db1cc7	Move XPath injection query to supported query The XPath injection query is moved to the supported queries. Removed unnecessary code from the go test file	2020-03-26 20:19:58 +01:00
Max Schaefer	ea36d49218	Add new query `AllocationSizeOverflow`.	2020-03-13 10:18:51 +00:00
Sauyon Lee	3e6a96d21b	IncompleteHostnameRegexp: Use a reluctant regexp This should help make results more comprehensible by including the maximal string after an unescaped dot.	2020-02-19 13:04:16 -08:00
Sauyon Lee	eb990c9de7	BadRedirectCheck: Use new rune literal string values	2020-02-12 15:14:59 -08:00
Sauyon Lee	1a21c14f2f	Remove build ignore from HardcodedCredentials example	2020-02-07 03:13:14 -08:00
Sauyon Lee	e4d228fa0f	Fix CleartextStorage tests	2020-02-07 03:13:13 -08:00
Sauyon Lee	87865afa42	ReflectedXss: Remove FPs from constant prefix Fprintfs	2020-02-03 16:00:33 -08:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Sauyon Lee	d2e5322b94	Apply review comments	2020-01-28 13:01:35 -08:00
Sauyon Lee	aa33595b0f	Address review comments	2020-01-28 08:26:37 -08:00
Sauyon Lee	497bfeee83	BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity	2020-01-27 17:33:54 -08:00
Sauyon Lee	a31ad88fc9	BadRedirectSanitizer: Transition to using data-flow API	2020-01-27 17:33:53 -08:00
Sauyon Lee	abc9438cd3	Apply suggestions from code review Co-Authored-By: Max Schaefer <max@semmle.com>	2020-01-27 17:33:52 -08:00
Sauyon Lee	3a73658a9c	BadRedirectSanitizer: Bind e to hp Address doc review comments	2020-01-27 17:33:51 -08:00

1 2

58 Commits