hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
53,457 Commits 1,741 Branches 165 Tags
e4ec1ae261e99f5425ba89d671dd4ba7bbfd59eb
Commit Graph

53457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
smiddy007
e4ec1ae261 Update InsufficientPasswordHash.qhelp 
change file name to original
 2023-04-17 13:18:47 -04:00
smiddy007
88d2f65c5f Rename InsufficientPasswordHash_NodeJS_fixed.js to InsufficientPasswordHash_fixed.js 2023-04-17 13:17:13 -04:00
smiddy007
cbe45f7e55 Rename InsufficientPasswordHash_NodeJS.js to InsufficientPasswordHash.js 2023-04-17 13:16:57 -04:00
smiddy007
36d7370998 Delete InsufficientPasswordHash_CryptoJS_fixed 
file not used in qhelp
 2023-04-17 13:16:25 -04:00
smiddy007
e65daaae49 Delete InsufficientPasswordHash_CryptoJS.js 
not used in qhelp file
 2023-04-17 13:15:10 -04:00
Mathias Vorreiter Pedersen
d975ceb648 Merge pull request #12818 from MathiasVP/dataflow-for-missing-scanf-qery 
C++: Use the new dataflow library in `cpp/missing-check-scanf`
 2023-04-17 14:34:11 +01:00
Paolo Tranquilli
901db73d55 Merge pull request #12745 from github/redsun82/swift-logging 
Swift: introduce usage of binlog
 2023-04-17 15:23:29 +02:00
Asger F
5272810ad9 Merge pull request #12826 from asgerf/js/more-call-graph-steps 
JS: Improvements to type-tracking through 'extend' and 'this'
 2023-04-17 13:50:59 +02:00
Asger F
13b1e97caa JS: Fix the ExtendCall restriction 2023-04-17 12:30:08 +02:00
Asger F
eafef91dbc JS: Update test output after ExtendCall restriction 2023-04-17 12:28:23 +02:00
Asger F
024760610a JS: Add prototype pollution test 2023-04-17 12:27:34 +02:00
Asger F
2f4a181a7d JS: revert path sanitizers in proto pollution query 2023-04-17 12:21:00 +02:00
Asger F
04079752f7 JS: update test output after adding 'this' sanitizer 2023-04-17 12:15:46 +02:00
Asger F
f87f6c8556 JS: Add test to unsafe jquery plugin 2023-04-17 12:15:05 +02:00
Asger F
b728f71b4b JS: Move 'this' sanitizer to customizations 2023-04-17 12:11:18 +02:00
Paolo Tranquilli
fdd975b992 Merge pull request #12842 from github/redsun82/swift-qlgen-qldoc 
Swift: add QLdoc for generated `Raw` and `Synth` modules
 2023-04-17 10:57:54 +02:00
Paolo Tranquilli
cbe247e123 Merge branch 'main' into redsun82/swift-logging 2023-04-17 10:27:14 +02:00
Paolo Tranquilli
3f139bd93b Swift: address logging review comments 2023-04-17 10:27:01 +02:00
Paolo Tranquilli
edb355b47f Swift: add QLdoc for generated Raw and Synth modules 2023-04-17 09:38:26 +02:00
Erik Krogh Kristensen
4e49df1615 Merge pull request #12839 from jcogs33/jcogs33/update-QueryDoc-regex 
QL: update regexes used in `QueryDoc.getQueryName()` and in `QueryDoc.getQueryId()/getQueryLanguage()`
 2023-04-17 09:03:03 +02:00
Mathias Vorreiter Pedersen
7eee589304 Merge pull request #12569 from andersfugmann/andersfugmann/use_after_free 
C++: Implement use-after-free and double-free queries using the new IR use-use dataflow
 2023-04-17 08:01:58 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00
Mathias Vorreiter Pedersen
dba46bd324 Update cpp/ql/src/Critical/DoubleFree.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:38:30 +01:00
Asger F
ccb57f2a84 Merge pull request #12804 from asgerf/rb/api-graphs-cached 
Ruby: restrict join order of API graph predicates
 2023-04-17 08:24:07 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
Asger F
c250ba7f27 JS: Undo sanitization of path.normalize() 2023-04-17 08:23:04 +02:00
Asger F
9db63c3a6a JS: Change note 2023-04-17 08:23:04 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
Asger F
0d598c437d JS: Fix observed FPs in UnsafeJQueryPlugin 2023-04-17 08:20:18 +02:00
Asger F
b321151a28 JS: Restrict ExtendCall flow in proto pollution query 2023-04-17 08:20:18 +02:00
Asger F
efb582b661 JS: Drive-by fix to newly gained FPs 2023-04-17 08:20:18 +02:00
Asger F
869c6d27fe JS: Add implied receiver steps 2023-04-17 08:20:18 +02:00
Asger F
74dbc71535 JS: Change Extend steps to PreCallGraphStep 2023-04-17 08:20:18 +02:00
Jami Cogswell
06bf246afe QL: update regexes 2023-04-16 16:10:23 -04:00
Geoffrey White
d94ed1b4a3 Merge pull request #12824 from geoffw0/modernsec4 
Swift: Add CryptoSwift sinks in swift/weak-sensitive-data-hashing
 2023-04-14 19:56:37 +01:00
Edward Minnix III
38826c98f1 Merge pull request #12751 from egregius313/egregius313/dataflow-refactor-cleanup 
Java: Finish dataflow refactor
 2023-04-14 10:35:11 -04:00
Geoffrey White
ba982e2f85 Merge pull request #12752 from gsingh93/buffer-access-array-expr 
C++: Consider ArrayExpr with non-constant size expressions as a BufferAccess
 2023-04-14 15:31:20 +01:00
Michael Nebel
4bca9511cd Merge pull request #12803 from michaelnebel/csharp/refactordataflow3 
C#: Re-factor dataflow queries to use the new API.
 2023-04-14 16:30:55 +02:00
Owen Mansel-Chan
8a4ca7fb84 Merge pull request #10026 from pwntester/patch-2 
Go: Partial URLs should not sanitize against SSRF
 2023-04-14 13:52:11 +01:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
Asger F
f4e8656c17 Ruby: move internal methods to API::Node::Internal 2023-04-14 13:35:13 +02:00
Alex Ford
9169ddb9c1 Merge pull request #12823 from alexet/alexet/bump-version 
Bump all qlpacks major versions
 2023-04-14 12:18:27 +01:00
Owen Mansel-Chan
352866b52d Add change note 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
a42dbc5bab Fix formatting again 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
d407a689fa Fix formatting by deleting spaces no blank line 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
169bde8671 Fix formatting by deleting blank line 2023-04-14 12:00:38 +01:00
Alvaro Muñoz
8bf4b55309 Partial URLs should not sanitize against SSRF 
As an example:

```go
	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)
```
 2023-04-14 12:00:38 +01:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00