hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,712 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shati Patel
0f3599039f Update docs/language/learn-ql/cpp/basic-query-cpp.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-28 11:49:17 +02:00
Chris Smowton
17200a8569 Use SsaWithFields to find similar good-tls-version flows 
Note: if accepted, merge this into a previous commit before submitting the PR
 2020-07-28 10:31:45 +01:00
Chris Smowton
a7e549e771 Exclude TLS version sources accompanied by a non-nil error 
It is common to return 0 has a dummy value with an error; these are very likely not going to be used as a real TLS version.
 2020-07-28 10:31:44 +01:00
Chris Smowton
af960ed2cd Exclude more hits whose context suggests an intentionally old TLS configuration 2020-07-28 10:31:44 +01:00
Chris Smowton
8afa0c51d9 Filter out bad TLS versions where there is a converging flow supplying a good version 
I'm supposing these usually indicate something configurable, rather than a hard-coded insecure choice. The *default* being insecure is still a problem, but probably not amenable to automated analyses.
 2020-07-28 10:31:44 +01:00
Chris Smowton
b66a91bd5f Exclude InsecureTLS problems guarded by feature flags 2020-07-28 10:31:44 +01:00
Chris Smowton
6058c90485 Factor predicates for identifying security-related feature flags from DisabledCertificateCheck 2020-07-28 10:31:44 +01:00
Chris Smowton
a6ab92bbca Supress paths that extend beyond the first sink 
For this particular query it's hardly ever interesting to complain about a bad cipher suite being configured, then read from the list and re-added elsewhere. In such a case the longer path will be detected when the shorter one is fixed in any case.
 2020-07-28 10:31:44 +01:00
Chris Smowton
08ec017e4c Cleanup: disjunction -> set literal 2020-07-28 10:31:44 +01:00
Tom Hvitved
ce2368de96 C#: Add tests for null-coalescing assignment 2020-07-28 11:07:47 +02:00
luchua-bc
248628b11e Enhance basic auth string search with a recursive method 2020-07-27 20:31:07 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
Rasmus Lerchedahl Petersen
38acea633f Python: Dataflow, expand callable to classes 2020-07-27 17:58:21 +02:00
Tom Hvitved
c5a4a6be05 Merge pull request #3871 from hvitved/csharp/autobuilder/dotnet-delegate 
C#: Introduce delegate type in autobuilder
 2020-07-27 16:51:24 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea JavaScript: Model another execa function relevant for command injection. 2020-07-27 11:34:04 +01:00
Tom Hvitved
f5c1de8a17 Merge pull request #3960 from calumgrant/cs/tag-inefficient-containskey 
C#: Fix tags typo
 2020-07-27 11:44:58 +02:00
Calum Grant
09f45ac9fe Merge pull request #3877 from calumgrant/cs/autobuilder-alerts 
C#: Make fields readonly
 2020-07-27 10:43:04 +01:00
Shati Patel
db09ca7b68 Update queries + outdated note 2020-07-27 11:42:10 +02:00
Owen Mansel-Chan
6dbed5e848 Address review comments 2020-07-27 10:19:48 +01:00
Owen Mansel-Chan
4094fa9db3 Docs: Query classification and display 
Converted from Semmle wiki
 2020-07-27 10:06:16 +01:00
ubuntu
8dee3da4fe Update .qhelp 2020-07-26 23:50:22 +02:00
ubuntu
ac7c511d86 Update .qhelp 2020-07-26 23:47:53 +02:00
ubuntu
2cec8f7e9d Update .qhelp 2020-07-26 23:23:56 +02:00
ubuntu
c469f71957 Add Codeql query to detect if cookies are sent without the flag being set 2020-07-26 22:56:36 +02:00
luchua-bc
01fb51829c Unsecure basic authentication 2020-07-24 20:35:09 +00:00
Rasmus Wriedt Larsen
e0016f6c52 Python: CG trace: Mention adding projects in README 2020-07-24 20:08:39 +02:00
Rasmus Wriedt Larsen
aca703e131 Python: CG trace: Add support for flask 2020-07-24 20:06:53 +02:00
Rasmus Wriedt Larsen
bb80635dc3 Python: CG trace: Updated README 2020-07-24 19:35:06 +02:00
Rasmus Wriedt Larsen
ecafc760e8 Python: CG trace: Improved debugging queries a bit 2020-07-24 19:34:51 +02:00
Rasmus Wriedt Larsen
2407c8b07e Python: CG trace: Better handling of builtins without __module__ 
Not 100% perfect, but better
 2020-07-24 19:13:53 +02:00
Rasmus Wriedt Larsen
9c76618d8b Python: CG trace: Make ./helper.sh show help again 2020-07-24 18:59:29 +02:00
Rasmus Wriedt Larsen
8057e11fe4 Python: CG trace: Add ./helper.sh metrics command 2020-07-24 18:38:12 +02:00
Rasmus Wriedt Larsen
779a82ee07 Python: CG trace: Minor cleanup in helper.sh 2020-07-24 18:37:48 +02:00
Rasmus Wriedt Larsen
4c689434c3 Python: CG trace: Restructure QL code 2020-07-24 17:00:13 +02:00
Rasmus Wriedt Larsen
321d5104f0 Python: CG trace: Autogenerate BytecodeExpr.qll 
Some code I had lying around, just hadn't comitted.

Not that useful since most of these have been disabled in 55404ae98 for now.
 2020-07-24 16:51:14 +02:00
Rasmus Wriedt Larsen
a7bc9544b6 Python: CG trace: Metrics, number of recorded calls not ignored 
turned out to be useful after all :P
 2020-07-24 16:49:54 +02:00
Chris Smowton
75d69efb15 Merge pull request #267 from smowton/smowton/feature/print-ast-label-package-node 
PrintAst: Label File nodes' package-name children, and ensure that child comes before all declarations
 2020-07-24 13:30:12 +01:00
Chris Smowton
b4e15fb17a Merge pull request #268 from smowton/smowton/admin/downgrade-checkout-action 
Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237
 2020-07-24 13:28:06 +01:00
Chris Smowton
8aaa7c8925 Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237 2020-07-24 11:24:51 +01:00
Chris Smowton
454993fe64 PrintAst: Label File nodes' package-name children, and ensure that child comes before all declarations 2020-07-24 11:08:57 +01:00
Shati Patel
bb05db5c98 Convert C/C++ article 2020-07-24 12:07:17 +02:00
Rasmus Wriedt Larsen
367a49803b Python: CG trace: handle class instantiation properly in points-to 2020-07-24 11:19:11 +02:00
Porcupiney Hairs
7a71ca3e0f fix tests. 2020-07-24 00:57:19 +05:30
Rasmus Wriedt Larsen
3ead2e3dc7 Python: CG trace: Improve performance by only logging when needed 
Seems like a 2x performance overall

wcwidth:
  - DEBUG=True 5.78 seconds
  - DEBUG=False 2.70 seconds

youtube-dl
  - DEBUG=True 238.90 seconds
  - DEBUG=False 120.70 seconds
 2020-07-23 20:14:49 +02:00
Rasmus Wriedt Larsen
c49311e69e Python: Fix JinjaSSTISinks.expected 2020-07-23 20:11:27 +02:00
Rasmus Wriedt Larsen
fbd939133e Python: CG trace: More caching 
Improves runtime of tracing youtube-dl from 296.19 seconds to 224.50 seconds.

Better, but still not that amazing :|
 2020-07-23 18:07:55 +02:00
Rasmus Wriedt Larsen
ce42221cf7 Python: CG trace: Fix some printing in helper.sh 2020-07-23 17:57:52 +02:00