hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00
ihsinme
e1c1f80f28 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 19:58:16 +03:00
ihsinme
b32be69e0a Update DangerousUseOfTransformationAfterOperation.expected 2022-03-03 19:55:30 +03:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Arthur Baars
b79d08523c Merge pull request #8293 from aibaars/regex-pattern-source 
Ruby: parse more string literals as regular expressions
 2022-03-03 17:35:40 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Arthur Baars
22b0697371 Update ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-03-03 17:13:19 +01:00
Ahmed Farid
5e14d89714 Update ZipSlip.qll 2022-03-03 17:12:06 +01:00
tombolton
bd9e845aea update column names and remove encoding value 2022-03-03 15:59:10 +00:00
tombolton
f1f1526237 add query-sink mapping query 2022-03-03 15:20:06 +00:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Mathias Vorreiter Pedersen
bf10456bf5 C++: Add a path explanation to the 'cpp/using-expired-stack-address' query. 2022-03-03 13:55:00 +00:00
Mathias Vorreiter Pedersen
9df923a7c8 C++: Catch more true positives by stepping into calls in the 'cpp/using-expired-stack-address' query. 2022-03-03 13:53:09 +00:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests 
And add annotations, see PoC.py for reference

Some of these needs fixing though
 2022-03-03 14:40:45 +01:00
Tom Hvitved
0c2551079a C#: Add change note about recursive codeql test run extraction 2022-03-03 14:32:55 +01:00
Tom Hvitved
9d6d479fba Add missing QL doc 2022-03-03 14:17:41 +01:00
Geoffrey White
6848b6095b C++: Autoformat. 2022-03-03 12:51:54 +00:00
Rasmus Wriedt Larsen
3c321dd98d Python: Model lxml.etree.get_default_parser in own class 2022-03-03 13:49:17 +01:00
Rasmus Wriedt Larsen
52891cb476 Python: Add PoC for XML vulns 2022-03-03 13:48:46 +01:00
Joe Farebrother
4ad402f33f Move from experimental to main 2022-03-03 12:13:14 +00:00
Tom Hvitved
ba6ff88d05 Sync files 2022-03-03 12:30:50 +01:00
Tom Hvitved
b23ab8089a Ruby: Clear call contexts after jump steps in type tracking 2022-03-03 12:29:47 +01:00
Geoffrey White
5c6923c099 C++: Improve and differentiate the qhelp. 2022-03-03 11:04:55 +00:00
Geoffrey White
88b7a085b0 C++: Make the bulk of test cases in tests.cpp more relevant. 2022-03-03 10:40:17 +00:00
Geoffrey White
07b4bf7023 C++: Use the same trick as in ExposedSystemData to catch a few more results. 2022-03-03 10:33:39 +00:00
Geoffrey White
6e5729c924 C++: Fix typo and adjust violation message wording. 2022-03-03 10:28:53 +00:00
Geoffrey White
9e193f624c C++: Change note. 2022-03-03 09:55:02 +00:00
Rasmus Wriedt Larsen
661d8bf553 Python: Better handling of resolve_entities arg in lxml 2022-03-03 10:05:57 +01:00
Rasmus Wriedt Larsen
515b824b3c Python: Add lxml positive test 2022-03-03 09:42:19 +01:00
Jeroen Ketema
f80372b837 C++: Update the DB scheme stats file 2022-03-03 09:02:37 +01:00
Jeroen Ketema
3fc2f2f3dc Merge pull request #8309 from jketema/taint-join-order 
C++: Fix join order in the IR dataflow library
 2022-03-03 09:00:42 +01:00
ihsinme
01f9114a80 Update test.cpp 2022-03-03 10:57:11 +03:00
ihsinme
bec4170bdf Update ImproperCheckReturnValueScanf.expected 2022-03-03 10:39:19 +03:00
ihsinme
8e0c0ad200 Update test.cpp 2022-03-03 10:37:31 +03:00
ihsinme
25b3aba823 Update test.cpp 2022-03-03 10:21:38 +03:00
ihsinme
2dc85e183c Update test.cpp 2022-03-03 10:20:41 +03:00
ihsinme
547342cd61 Update test.cpp 2022-03-03 10:16:00 +03:00
ihsinme
1a30b8d467 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-03 10:14:22 +03:00
Jeroen Ketema
2fd950caad C++: Fix join order in the IR dataflow library 
Not having this fixed caused problems when updating the database
scheme stats file.
 2022-03-03 07:42:52 +01:00
jorgectf
3159d8e211 Correlate SendGridMail declaration with its predicates 2022-03-03 04:33:10 +01:00
Jonathan Leitschuh
fea50065f5 Fix duplicated comment 2022-03-02 19:54:04 -05:00
Jonathan Leitschuh
85de9f305e Fix naming of OSCheck method 2022-03-02 19:41:46 -05:00
Jonathan Leitschuh
a7adbb7291 Refactor more system property access logic 2022-03-02 19:33:05 -05:00
Harry Maclean
4a43731b83 Ruby: Use SimpleSummarizedCallable 
This simplifies some String flow summaries.
 2022-03-03 10:49:44 +13:00