hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 04:13:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,694 Branches 161 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
f24565738b Merge pull request #6029 from atorralba/atorralba/tainted-key-read-steps 
Java: Add Map key-read-steps as local additional taint steps
 2021-06-11 13:14:18 +02:00
Joe Farebrother
dc19d1db35 Add change note 2021-06-11 11:41:30 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Joe Farebrother
153e0c4ac3 Add modelling for more com.google.common.base methods 2021-06-11 11:40:37 +01:00
Rasmus Wriedt Larsen
df67028a1d Python: Model aiohttp.StreamReader 2021-06-11 12:06:53 +02:00
Arthur Baars
78a6ed43c3 Merge pull request #202 from github/aibaars-patch-2 
HardCodedCredentials: fix query metadata comment
 2021-06-11 12:05:44 +02:00
Tony Torralba
c828c7031f Add change note 2021-06-11 12:04:11 +02:00
Rasmus Wriedt Larsen
2d31ef7016 Python: Fix last TODOs in aiohttp tests 2021-06-11 12:00:02 +02:00
Arthur Baars
661d6e8e38 HardCodedCredentials: fix query metadata comment 2021-06-11 11:59:46 +02:00
Rasmus Wriedt Larsen
64a0e3fd0a Merge branch 'main' into aiohttp-modeling 2021-06-11 11:42:24 +02:00
Rasmus Wriedt Larsen
8b8e1334cc Python: Fix syntax error 2021-06-11 11:42:14 +02:00
Rasmus Wriedt Larsen
46f7a2b572 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-06-11 11:28:11 +02:00
Rasmus Wriedt Larsen
6f29b01abc Python: Model rsa 2021-06-11 11:23:06 +02:00
Rasmus Wriedt Larsen
40714c05b7 Python: Add tests for rsa PyPI package 2021-06-11 11:17:13 +02:00
Rasmus Wriedt Larsen
3d5f379b8c Merge branch 'main' into sensitive-improvements 2021-06-11 10:48:20 +02:00
John L. Singleton
cd61fb4753 this should be abstract 2021-06-10 19:54:58 -04:00
John L. Singleton
219dc71ae6 changlog entry 2021-06-10 17:15:06 -04:00
John L. Singleton
2a01324172 more maintainable pattern for class abstractions 2021-06-10 17:09:32 -04:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Erik Krogh Kristensen
50d574d20d add graphql injection to the sql-injection query 2021-06-10 21:01:54 +02:00
Tom Hvitved
8860b8adf0 Merge pull request #198 from github/hvitved/desugar-compound-assignment 2021-06-10 19:39:54 +02:00
John L. Singleton
bd7c416356 comment change 2021-06-10 11:21:11 -04:00
John L. Singleton
0d3f53b013 Changes to structure per feedback of @jbj 2021-06-10 11:16:58 -04:00
Alex Ford
f74dff560b Merge pull request #187 from github/hardcoded-credentials 
Add rb/hardcoded-credentials query
 2021-06-10 16:12:32 +01:00
Taus
e7b9603c5b Merge pull request #6053 from RasmusWL/fix-tests 
Python: Fix tests
 2021-06-10 16:55:45 +02:00
Alex Ford
8839d4c584 limit additional flow steps in rb/hardcoded-credentials to string concatenation 2021-06-10 14:59:28 +01:00
Rasmus Wriedt Larsen
dd457f9641 Python: Fix tests 2021-06-10 15:58:56 +02:00
Alex Ford
fe45dadd55 set precision to high for rb/hardcoded-credentials 2021-06-10 14:52:26 +01:00
John L. Singleton
f174d7a0e0 Comment changes 2021-06-10 09:52:22 -04:00
John L. Singleton
14c419a75f autoformatting 2021-06-10 09:39:43 -04:00
CodeQL CI
a241c114da Merge pull request #5836 from RasmusWL/ec-class-improvement 
Approved by tausbn
 2021-06-10 06:20:56 -07:00
Rasmus Wriedt Larsen
04db33513e Merge branch 'main' into sensitive-improvements 2021-06-10 15:11:09 +02:00
Rasmus Wriedt Larsen
ea0c1d7db3 Python: Better handling of sensitive functions 
This solution was the best I could come up with, but it _is_ a bit
brittle since you need to remember to add this additional taint step
to any configuration that relies on sensitive data sources... I don't
see an easy way around this though :|
 2021-06-10 15:08:21 +02:00
Tamas Vajk
916780a452 Fix codeql CLI path 2021-06-10 15:07:54 +02:00
Rasmus Wriedt Larsen
f167143a84 Python: Use real config in TestSensitiveDataSources 
This will enable better tests in just one second
 2021-06-10 15:01:31 +02:00
Rasmus Wriedt Larsen
c341643ec1 Python: Add more tests for sensitive function handling 2021-06-10 14:36:05 +02:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
c173b89529 Model NewCookie 2021-06-10 13:32:39 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00
Rasmus Wriedt Larsen
eb4f168dd4 Python: Clarify SensitiveAttributeAccess 
The comment about imports was placed wrong. I also realized we didn't
even have a single test-case for
`this.(DataFlow::AttrRead).getAttributeNameExpr() = sensitiveLookupStringConst(classification)`
so I added that (notice that this is only `getattr(foo, x)` and not
`getattr(foo, "password")`)
 2021-06-10 14:09:47 +02:00
Owen Mansel-Chan
d5d27d5ccf Duplicate tests for Jakarta 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
e6a6a8898b Move Jax XSS sinks to JaxWS.qll and add tests 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
d1fe62d4d5 (Minor) Update comments to match ExternalFlow docs 2021-06-10 10:43:38 +01:00
Owen Mansel-Chan
1ae9d68409 Move and convert URL redirect sinks 
Adds for them as well
 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
f2ff2aa3e1 Add flow tests for JAX-RS 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
155d63d5f7 Add tests for JAX-RS 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
f63fd68bfb Fix models to work with collection flow 
And also removal of `Argument` with indices
 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
e929de98ec Delete duplicated taint summary rows 2021-06-10 10:43:35 +01:00