hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
f80372b837 C++: Update the DB scheme stats file 2022-03-03 09:02:37 +01:00
Jeroen Ketema
3fc2f2f3dc Merge pull request #8309 from jketema/taint-join-order 
C++: Fix join order in the IR dataflow library
 2022-03-03 09:00:42 +01:00
ihsinme
01f9114a80 Update test.cpp 2022-03-03 10:57:11 +03:00
ihsinme
bec4170bdf Update ImproperCheckReturnValueScanf.expected 2022-03-03 10:39:19 +03:00
ihsinme
8e0c0ad200 Update test.cpp 2022-03-03 10:37:31 +03:00
ihsinme
25b3aba823 Update test.cpp 2022-03-03 10:21:38 +03:00
ihsinme
2dc85e183c Update test.cpp 2022-03-03 10:20:41 +03:00
ihsinme
547342cd61 Update test.cpp 2022-03-03 10:16:00 +03:00
ihsinme
1a30b8d467 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-03 10:14:22 +03:00
Jeroen Ketema
2fd950caad C++: Fix join order in the IR dataflow library 
Not having this fixed caused problems when updating the database
scheme stats file.
 2022-03-03 07:42:52 +01:00
jorgectf
3159d8e211 Correlate SendGridMail declaration with its predicates 2022-03-03 04:33:10 +01:00
Jonathan Leitschuh
fea50065f5 Fix duplicated comment 2022-03-02 19:54:04 -05:00
Jonathan Leitschuh
85de9f305e Fix naming of OSCheck method 2022-03-02 19:41:46 -05:00
Jonathan Leitschuh
a7adbb7291 Refactor more system property access logic 2022-03-02 19:33:05 -05:00
Harry Maclean
4a43731b83 Ruby: Use SimpleSummarizedCallable 
This simplifies some String flow summaries.
 2022-03-03 10:49:44 +13:00
Robert Marsh
9fb94d85b4 C++: performance tweaks for InsufficientKeySize 2022-03-02 15:59:42 -05:00
Arthur Baars
692fc4cb02 Update ruby/ql/lib/change-notes/2022-02-28-regex-string-literals.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-02 21:13:23 +01:00
Jonathan Leitschuh
3c53a05e16 Add OS Checks based upon separator or path separator 2022-03-02 14:15:56 -05:00
Geoffrey White
2a14a4f14e C++: Fill in metadata. 2022-03-02 18:52:52 +00:00
Geoffrey White
66b9356eb9 C++: There is no overlap between OutputWrite and RemoteFlowSinkFunction. 2022-03-02 18:16:39 +00:00
Geoffrey White
a1ace7122d C++: Move SystemData class into a library. 2022-03-02 18:01:06 +00:00
Geoffrey White
70e4a409fd C++: Add the new query to tests. 2022-03-02 17:56:53 +00:00
Geoffrey White
d95b56fca0 C++: Create prototype query. 2022-03-02 17:56:49 +00:00
Jonathan Leitschuh
82d3cd8924 Improve system property lookup 2022-03-02 12:51:15 -05:00
Jonathan Leitschuh
dad9a02fbd Update TempDirInfoDisclosure with new OS Guards 2022-03-02 12:51:15 -05:00
Jonathan Leitschuh
5913c9acad Refactor OS Guard Checks 2022-03-02 12:51:14 -05:00
Jonathan Leitschuh
fd63107edf Update OS Check from Review Feedback 2022-03-02 12:51:12 -05:00
Jonathan Leitschuh
9f5022ee95 Review fixup and add test for apache SystemUtils 2022-03-02 12:50:38 -05:00
Jonathan Leitschuh
49513443f2 Update java/ql/lib/semmle/code/java/os/OSCheck.qll 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
3cdfc00542 Cleanup from review feedback 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
39828fd596 Apply OS guard checks to TempDirLocalInformationDisclosure 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
cd073a2173 Java: Add Guard Classes for checking OS 2022-03-02 12:50:35 -05:00
Geoffrey White
67aa1449ce C++: Add some more test cases (moved from the private repo). 2022-03-02 17:23:07 +00:00
Ahmed Farid
c45b67c316 Create zipslip_good.py 2022-03-02 18:10:24 +01:00
Ahmed Farid
aef1df122b Create zipslip_bad.py 2022-03-02 18:09:45 +01:00
Ahmed Farid
c8f73ec845 Create ZipSlip.qlref 2022-03-02 18:08:32 +01:00
Rasmus Lerchedahl Petersen
6946ae931a python: missed a spot.. 2022-03-02 17:12:48 +01:00
Geoffrey White
19718fa280 C++: Add a couple of new test cases. 2022-03-02 15:18:04 +00:00
Geoffrey White
da740cfa05 C++: Test layout. 2022-03-02 15:18:04 +00:00
Michael Nebel
b39f383d45 Merge pull request #8230 from michaelnebel/csharp/autobuilder-buildless 
C#: Buildless extractor option.
 2022-03-02 15:53:02 +01:00
Rasmus Wriedt Larsen
7f7758b83d Python: rewrite xml sax modeling 2022-03-02 15:22:11 +01:00
Rasmus Wriedt Larsen
6dd776b2de Python: Only produce one alert per vulnerable XML sink 
This made it much easier to debug the current alerts on tests at least.

Notice that it's important that we have `strictconcat` and not just
`concat`, since `concat` will also allow flow to sinks that are not
vulnerable to any kind of XML vulnerability :|
 2022-03-02 15:22:11 +01:00
Michael Nebel
938902dc89 C#: Include example fragment in the release note on, how to invoke the extractor with the optional parameter. 2022-03-02 14:28:25 +01:00
Michael Nebel
fc89888c74 C#: Add pattern that only accepts 'true' and 'false' as the buildless option. 2022-03-02 14:28:21 +01:00
Michael Nebel
c5ddf6110f C#: Address review comments (change description to use true/false instead of yes/no). 2022-03-02 14:27:45 +01:00
Rasmus Wriedt Larsen
16e482bf6f Python: Improve QLDoc for XML parsing/parsers 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
aaf55b21c4 Python: Add XMLVulnerabilityKind 
This gives some freedom in changing the name presented, and not worrying about whether you have made a typo that makes everything break :|
 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
ee23c05489 Python: XML: Expose vuln kind on sink 2022-03-02 14:25:12 +01:00
Michael Nebel
8d9999a8c4 C#: Change note describing the buildless extractor option. 2022-03-02 14:25:11 +01:00
Michael Nebel
3859b62554 C#: Autobuilder should use standalone in case buildless options is provided. 2022-03-02 14:25:11 +01:00