hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 23:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
04325abfa5 Add test 2022-03-31 12:26:38 +01:00
Chris Smowton
c2d461bcee Format 2022-03-31 12:19:53 +01:00
Chris Smowton
0d9c353c37 Represent switch statement and switch expression results alike 2022-03-31 12:19:11 +01:00
Chris Smowton
96bf754f01 Accept intrigus suggested doc clarifications 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-31 12:09:45 +01:00
Tom Hvitved
46d69cf544 Regex: Further tweaks to concretise computations 2022-03-31 12:52:43 +02:00
Tom Hvitved
5181544790 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
5052452ef9 SuperlinearBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Tom Hvitved
7efe698e56 Address review comment 2022-03-31 12:52:42 +02:00
Tom Hvitved
0fb28f4bc9 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
20f4d5a584 ExponentialBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Tom Hvitved
9c90385846 Merge pull request #8624 from hvitved/ruby/fix-import 
Ruby: Fix broken import
 2022-03-31 12:51:50 +02:00
Anders Schack-Mulligen
f28da00ec4 Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323 2022-03-31 12:50:36 +02:00
Stephan Brandauer
8f1a3597a7 autoformat 2022-03-31 12:32:29 +02:00
Tom Hvitved
40986bfcb1 Ruby: Fix broken import 2022-03-31 12:32:03 +02:00
Geoffrey White
fbd71cd050 C++: Update to regexpMatch. 2022-03-31 11:27:20 +01:00
Rasmus Wriedt Larsen
db43d043c4 Python: Add test showing misalignment of xml.etree modeling 2022-03-31 11:55:46 +02:00
Rasmus Wriedt Larsen
543454eff2 Python: Model file access from XML parsing 2022-03-31 11:47:29 +02:00
Michael Nebel
27b1d1e1e0 Merge pull request #8348 from michaelnebel/csharp/externalapi-telemetry 
C#: ExternalAPI implementation for Telemetry.
 2022-03-31 11:36:07 +02:00
Mathias Vorreiter Pedersen
dc88f715f8 C++: Fix join order. 2022-03-31 10:35:36 +01:00
Mathias Vorreiter Pedersen
da39c9f5ef C++: Fix bad magic. 2022-03-31 10:35:29 +01:00
Rasmus Wriedt Larsen
386ff53614 Python: Model lxml.iterparse 2022-03-31 11:32:22 +02:00
Geoffrey White
9035ca236e C++: Change note. 2022-03-31 10:24:18 +01:00
Geoffrey White
b296b0150a C++: Some enhancements to SensitiveExprs.qll as well, inspired by csharp. 2022-03-31 10:24:17 +01:00
Rasmus Wriedt Larsen
12cbdcde28 Python: Model lxml.etree.XMLID 2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen
6774085e7a Python: Add note about parseid/XMLID 2022-03-31 11:19:25 +02:00
Rasmus Wriedt Larsen
a315aa84b2 Python: Add some links in QLDocs 2022-03-31 11:16:50 +02:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
Rasmus Wriedt Larsen
64aa503cc3 Python: Promote xml.etree modeling 2022-03-31 11:12:02 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Stephan Brandauer
a6d2ecdc4d review comments 2022-03-31 10:49:33 +02:00
Rasmus Wriedt Larsen
7f5f7679f8 Python: Promote xmltodict modeling 2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen
80b5cde3a2 Python: Promote lxml parsing modeling 2022-03-31 10:19:08 +02:00
Jeroen Ketema
85e2367769 CLI docs: make the running text match the example 2022-03-31 10:14:30 +02:00
Rasmus Wriedt Larsen
3040adfd9b Python: Handle XMLParser().close() for XPath 2022-03-31 10:08:26 +02:00
Rasmus Wriedt Larsen
c4473c5f65 Python: Rename lxml XPath tests 2022-03-31 10:08:02 +02:00
Arthur Baars
7e866ed376 Merge pull request #8617 from cklin/qldoc-coverage-new-language 
QLdoc check: handle new languages gracefully
 2022-03-31 10:00:36 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
35ccba2ec1 Python: Promote XMLParsing concept test 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45288e812 Python: => XMLParsingVulnerabilityKind 
Since there are other XML vulnerabilities that are not about parsing,
this is more correct.
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e005a5c0ab Python: Promote XMLParsing concept 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
9caf4be21b Python: Add PortSwigger link to Xxe.qhelp 
I found this resource quite good myself at least :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
56b9c891d8 Python: Adjust XmlBomb.qhelp from JS 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
b00766b054 Python: Adjust XXE qhelp 
and remove the old copy, we don't need it anymore :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql 
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
769f5691d0 Python: Add taint for StringIO and BytesIO 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
57b9780428 Python: XXE: Add example of exfiltrating data through dtd-retrival 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
a1d88e39a7 Python: Adjust XXE PoC for newer lxml versions 
Which doesn't raise that syntax error (at least not on my laptop)
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
91795b8577 Python: Add simple test of Xxe/XmlBomb 
Note that most of the testing happens in the framework specific tests,
with an inline-expectation test
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
e45f9d69cc Python: Adjust Xxe/XmlBomb for Python 
I changed a few QLdocs so they fit the style we have used in Python...
although I surely do regret having introduced a new style for how these
QLDocs look :D
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
65907c9762 Python: Copy Xxe/XmlBomb queries from JS 
After internal discussion, these will replace the `XmlEntityInjection`
query, so we can have separate severities on DoS and the other (more
serious) attacks.

Note: These clearly don't work, since they are verbatim copies of the JS
code, but I split it into multiple commits to clearly highlight what
changes were made.
 2022-03-31 09:52:54 +02:00