codeql

mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00

Author	SHA1	Message	Date
Asger F	869c6d27fe	JS: Add implied receiver steps	2023-04-17 08:20:18 +02:00
Asger F	74dbc71535	JS: Change Extend steps to PreCallGraphStep	2023-04-17 08:20:18 +02:00
Jami Cogswell	06bf246afe	QL: update regexes	2023-04-16 16:10:23 -04:00
Geoffrey White	d94ed1b4a3	Merge pull request #12824 from geoffw0/modernsec4 Swift: Add CryptoSwift sinks in swift/weak-sensitive-data-hashing	2023-04-14 19:56:37 +01:00
Geoffrey White	706fdce527	Swift: Downgrade swift/unsafe-js-eval to precision medium.	2023-04-14 18:16:16 +01:00
Geoffrey White	2adc4c0feb	Swift: PredicatUpgrade predicate injection sources from RemoteFlowSource to FlowSource. Even local input should be in parameters rather than concatenated into the predicate.	2023-04-14 17:50:57 +01:00
Geoffrey White	7b8606d411	Swift: Delete unnecessary import.	2023-04-14 16:36:22 +01:00
Edward Minnix III	38826c98f1	Merge pull request #12751 from egregius313/egregius313/dataflow-refactor-cleanup Java: Finish dataflow refactor	2023-04-14 10:35:11 -04:00
Geoffrey White	ba982e2f85	Merge pull request #12752 from gsingh93/buffer-access-array-expr C++: Consider ArrayExpr with non-constant size expressions as a BufferAccess	2023-04-14 15:31:20 +01:00
Michael Nebel	4bca9511cd	Merge pull request #12803 from michaelnebel/csharp/refactordataflow3 C#: Re-factor dataflow queries to use the new API.	2023-04-14 16:30:55 +02:00
Alex Ford	2aba24da0c	Merge pull request #12831 from github/release-prep/2.13.0 Release preparation for version 2.13.0 codeql-cli/v2.13.0	2023-04-14 14:59:39 +01:00
Geoffrey White	9ecba6a94d	Swift: Add missing imports in ExternalFlow.qll.	2023-04-14 14:58:24 +01:00
Geoffrey White	619d572d50	Swift: Add RNCryptor hmacKey encryption-key sinks.	2023-04-14 14:58:15 +01:00
Geoffrey White	46da73cc11	Swift: Add realm path-injection sinks.	2023-04-14 14:50:50 +01:00
Geoffrey White	feccd307da	Swift: Add realm encryption-key sinks.	2023-04-14 14:47:24 +01:00
Geoffrey White	bfdaf6951d	Swift: Add some test cases.	2023-04-14 14:39:45 +01:00
Geoffrey White	21414089ee	Swift: Test renaming and layout changes.	2023-04-14 14:39:32 +01:00
Jeroen Ketema	0c7346707b	Fix minor issues with change notes	2023-04-14 15:37:04 +02:00
github-actions[bot]	075d063370	Release preparation for version 2.13.0	2023-04-14 13:31:30 +00:00
Owen Mansel-Chan	8a4ca7fb84	Merge pull request #10026 from pwntester/patch-2 Go: Partial URLs should not sanitize against SSRF	2023-04-14 13:52:11 +01:00
Erik Krogh Kristensen	cece307c60	Merge pull request #12802 from erik-krogh/history-xss JS: add browser history as XSS sink	2023-04-14 13:35:19 +02:00
Asger F	f4e8656c17	Ruby: move internal methods to API::Node::Internal	2023-04-14 13:35:13 +02:00
Alex Ford	9169ddb9c1	Merge pull request #12823 from alexet/alexet/bump-version Bump all qlpacks major versions	2023-04-14 12:18:27 +01:00
Owen Mansel-Chan	352866b52d	Add change note	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	a42dbc5bab	Fix formatting again	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	d407a689fa	Fix formatting by deleting spaces no blank line	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	169bde8671	Fix formatting by deleting blank line	2023-04-14 12:00:38 +01:00
Alvaro Muñoz	8bf4b55309	Partial URLs should not sanitize against SSRF As an example: ```go urlPath := ctx.Req.URL.Path hash := urlPath[strings.LastIndex(urlPath, "/")+1:] req, _ := http.NewRequest("GET", source+hash, nil) ```	2023-04-14 12:00:38 +01:00
Tony Torralba	f106783c39	SensitiveResultReceiverFlow needs to be public	2023-04-14 09:04:56 +02:00
Ed Minnix	7b56383b52	Make `SensitiveResultReceiver` modules private	2023-04-13 23:08:46 -04:00
Ed Minnix	0a26916245	Re-Add `SensitiveResultReceiverConf` as deprecated	2023-04-13 23:06:16 -04:00
Edward Minnix III	77b67cbf2e	Fix typo Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-04-13 23:06:16 -04:00
Ed Minnix	0fc775027f	Fix SensitiveResultReceiver test case	2023-04-13 23:06:16 -04:00
Ed Minnix	3826b9be6c	Re-add allowImplicitRead	2023-04-13 23:06:16 -04:00
Ed Minnix	74b71ff7e3	Replace `allowImplicitRead` with default implementation	2023-04-13 23:06:16 -04:00
Ed Minnix	ea54ea47b1	Deprecate `sensitiveResultReceiver`	2023-04-13 23:06:16 -04:00
Edward Minnix III	3e55c47e3e	`flow(_, sink)` to `flowTo(sink)` Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-04-13 23:06:16 -04:00
Ed Minnix	5ed1868324	Refactor ratpack framework test	2023-04-13 23:06:16 -04:00
Ed Minnix	88eb0231c1	Refactor taintedString.ql test	2023-04-13 23:06:16 -04:00
Ed Minnix	cd661f1d9f	Refactor SensitiveResultReceiver	2023-04-13 23:06:16 -04:00
Ed Minnix	735a7383c6	Refactor HardcodedCredentialsSourceCall	2023-04-13 23:06:16 -04:00
Mathias Vorreiter Pedersen	15d5ad7a66	Merge pull request #12822 from MathiasVP/promote-redundant-null-check-simple C++: Promote `cpp/redundant-null-check-simple` to Code Scanning	2023-04-13 22:01:28 +01:00
Geoffrey White	3f8ac1a12b	Merge pull request #12794 from geoffw0/modernsec2 Swift: Add CSV extension points to the encryption queries.	2023-04-13 19:43:05 +01:00
Alex Eyers-Taylor	c6a482819a	Bump all qlpacks major versions	2023-04-13 19:15:27 +01:00
Mathias Vorreiter Pedersen	b7bbdb76ba	Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2023-04-13 18:42:12 +01:00
Geoffrey White	8c415f3988	Swift: getName() -> getFullName().	2023-04-13 17:56:07 +01:00
Mathias Vorreiter Pedersen	f1a7b1a853	C++: Add change note.	2023-04-13 17:35:28 +01:00
Mathias Vorreiter Pedersen	c230de86b4	C++: Accept test changes.	2023-04-13 17:28:07 +01:00
Mathias Vorreiter Pedersen	b8d2896d5d	C++: Convert 'cpp/redundant-null-check-simple' to a path-problem query and assigned it precision high.	2023-04-13 17:28:07 +01:00
Jami	0442072a59	Merge pull request #12820 from jcogs33/jcogs33/update-hq-manual-provenance Java: update provenance of `Connection#nativeSQL` sink to "hq-manual"	2023-04-13 11:59:39 -04:00

... 6 7 8 9 10 ...

53865 Commits