hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
3f6c55e8ae Python: Rename vulnerable predicate => vulnerableTo 2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
0d69dc854c Python: Minor qldoc improvement 2022-03-03 22:06:26 +01:00
Rasmus Wriedt Larsen
837daaae3b Python: Remove XMLParser concept 2022-03-03 22:04:48 +01:00
Rasmus Wriedt Larsen
df8e0fce68 Python: Minor fixup of qldoc 2022-03-03 22:02:48 +01:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
Rasmus Wriedt Larsen
c0a6f9f3fd Python: Restructure lxml modeling 
and handle parser being passed as positional argument
 2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a Python: Restructure modeling of xml.etree parsers 2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
a033b71eaf Python: Align QLdocs of XML modeling 2022-03-03 21:34:46 +01:00
Rasmus Wriedt Larsen
de0e67f327 Python: Restructure overall XML modeling 2022-03-03 21:31:15 +01:00
Rasmus Wriedt Larsen
46238d5ea0 Python: Add test for XMLPullParser 
But handling this in a nice way will require some restructuring
 2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437 Python: Support feed method of lxml/xml.etree Parsers 2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected 
I had forgotten about this, but better late than never... also added a
small representative test
 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972 Python: Handle more functions and kw-args 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817 Python: Port xml.sax tests 2022-03-03 21:18:18 +01:00
Harry Maclean
1181779c10 Merge pull request #7920 from github/hmac/string-flow-summaries 
Ruby: Add String flow summaries
 2022-03-04 09:09:19 +13:00
Rasmus Wriedt Larsen
5fb4c4d152 Python: Port xml.etree tests 2022-03-03 20:51:02 +01:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
Rasmus Wriedt Larsen
a7134cac2e Python: Port xml.dom tests 2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141 Python: Use concept tests for XML Parsing 
I was loosing my mind from looking through those .expected files

Just going to take it one file at time, to make reviewing easier
 2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer 
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
 2022-03-03 19:35:33 +01:00
ihsinme
5d1dee24d4 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:54 +03:00
ihsinme
7b3546ea30 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:17 +03:00
ihsinme
625f74e9be Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/test.cpp 2022-03-03 20:01:24 +03:00
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00
ihsinme
e1c1f80f28 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 19:58:16 +03:00
ihsinme
b32be69e0a Update DangerousUseOfTransformationAfterOperation.expected 2022-03-03 19:55:30 +03:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Arthur Baars
b79d08523c Merge pull request #8293 from aibaars/regex-pattern-source 
Ruby: parse more string literals as regular expressions
 2022-03-03 17:35:40 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Arthur Baars
22b0697371 Update ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-03-03 17:13:19 +01:00
Ahmed Farid
5e14d89714 Update ZipSlip.qll 2022-03-03 17:12:06 +01:00
tombolton
bd9e845aea update column names and remove encoding value 2022-03-03 15:59:10 +00:00
tombolton
f1f1526237 add query-sink mapping query 2022-03-03 15:20:06 +00:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Mathias Vorreiter Pedersen
bf10456bf5 C++: Add a path explanation to the 'cpp/using-expired-stack-address' query. 2022-03-03 13:55:00 +00:00
Mathias Vorreiter Pedersen
9df923a7c8 C++: Catch more true positives by stepping into calls in the 'cpp/using-expired-stack-address' query. 2022-03-03 13:53:09 +00:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests 
And add annotations, see PoC.py for reference

Some of these needs fixing though
 2022-03-03 14:40:45 +01:00
Tom Hvitved
0c2551079a C#: Add change note about recursive codeql test run extraction 2022-03-03 14:32:55 +01:00
Tom Hvitved
9d6d479fba Add missing QL doc 2022-03-03 14:17:41 +01:00
Geoffrey White
6848b6095b C++: Autoformat. 2022-03-03 12:51:54 +00:00