hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,712 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d7c0671ea1 Add test using SSH host-key checker factory knownhosts.New 
This produces a secure host-key checker; we assume by default that an opaque function not otherwise specified returns an acceptable checker, but we need to particularly cope with its multiple return values to handle this factory function.
 2020-07-29 16:30:51 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Mathias Vorreiter Pedersen
978bf3aefc C++: Make QLDoc comment represent a valid C++ template 2020-07-29 15:59:19 +02:00
Rasmus Lerchedahl Petersen
d32e2772a0 Python: some doc, a generator, and a corotuine 2020-07-29 15:52:56 +02:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
99f08750f3 Polish CWE-322: detect and exclude cases where host-checking is optional 2020-07-29 14:43:47 +01:00
Max Schaefer
2831ffdad0 Merge pull request #270 from smowton/smowton/cleanup/ricterz-libraries 
Add support for Gorm, Gorestful, Sqlx and Json-iterator
 2020-07-29 14:21:41 +01:00
Tom Hvitved
f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Max Schaefer
f8b8af5ac5 Merge pull request #269 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-29 07:19:41 +01:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Rasmus Lerchedahl Petersen
488a7f4d01 Python: update test expectations 2020-07-28 21:46:45 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Arthur Baars
0db8ba881b CodeQL: complete LGTM suites 2020-07-28 20:36:53 +02:00
Rasmus Lerchedahl Petersen
eab64f125b Python: Dataflow, start on test for classes 2020-07-28 20:32:12 +02:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Chris Smowton
026dc5c97f Add changelog notes regarding added library support 2020-07-28 14:57:14 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API 
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
 2020-07-28 14:52:10 +01:00
Chris Smowton
e19f476341 Add test for Sqlx 2020-07-28 14:52:10 +01:00
Chris Smowton
f5caf7e9e2 Add test for Gorm 2020-07-28 14:52:10 +01:00
Chris Smowton
a813607a76 go-restful model: Add support for ReadEntity method 2020-07-28 14:52:10 +01:00
Chris Smowton
3c4a1b90fe Add test for Go-restful 2020-07-28 14:52:10 +01:00
Chris Smowton
b96546b0f8 Improve style of library models 2020-07-28 14:40:48 +01:00
Max Schaefer
e9ae697d0d Merge pull request #251 from gagliardetto/standard-lib-pt-1 
Add taint-tracking for archive/tar and archive/zip
 2020-07-28 14:27:02 +01:00
Shati Patel
a79f09f1de Add basic query for Go 2020-07-28 15:25:59 +02:00
Chris Smowton
88cb435843 Split security flags into more distinct categories 
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
 2020-07-28 13:54:37 +01:00
Chris Smowton
3c244e2235 Insecure-TLS: remove obsolete TODO 
The case noted works fine.
 2020-07-28 13:04:16 +01:00
Shati Patel
8e8c43a25b Add basic query for JavaScript 2020-07-28 13:54:06 +02:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
Chris Smowton
9b4e189374 Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction 2020-07-28 11:55:58 +01:00
Chris Smowton
2751552cbe Insecure-TLS: Reintroduce tests for InsecureCipherSuites() 
These stopped producing an alert because they used a variable name that acknowledges an insecure setup
 2020-07-28 11:55:58 +01:00
Chris Smowton
db9760082d Insecure-TLS: simplify warning message 2020-07-28 11:55:58 +01:00
Chris Smowton
2a0642b67b Insecure-TLS: remove is-test-file filter 2020-07-28 11:55:58 +01:00
Chris Smowton
5c8534f56e EXCUSED -> OK 2020-07-28 11:55:58 +01:00
Chris Smowton
d0c76187da Fix comment 2020-07-28 11:55:58 +01:00
Chris Smowton
a10db25b7d Remove redundant constraint 2020-07-28 11:55:58 +01:00
Chris Smowton
779901cdbd Reference Mozilla's TLS advice in qhelp 2020-07-28 11:55:58 +01:00
Chris Smowton
718c4e8531 Add change note for insecure-TLS query 2020-07-28 11:55:58 +01:00
Chris Smowton
db27f8477a Update CWE-327 test 
This now checks various carve-outs for probable feature / compatibility flags
 2020-07-28 11:55:58 +01:00
Chris Smowton
21d107e0e9 Check for suspected feature-flags more uniformly 
These are now checked of all source *and* sink nodes, and the checks are factored with similar paths for is-insecure and is-old flags.
 2020-07-28 11:55:58 +01:00
Chris Smowton
7d294c5d81 Factor and generalise InsecureFeatureFlag 
The same path is now used to classify flags relating to old/legacy versions.
 2020-07-28 11:21:51 +01:00
Chris Smowton
34c8cc5019 Improve documentation and function naming 2020-07-28 11:21:51 +01:00
Shati Patel
9edf1646c9 Add basic queries for C#, Java, and Python 2020-07-28 12:18:45 +02:00