hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,693 Branches 161 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ahmed Farid
a6af455eae Create UnsafeComparisonOfHeaderValue.py 2022-08-04 12:50:55 +01:00
Ahmed Farid
a98a77ad40 Create SafeComparisonOfHeaderValue.py 2022-08-04 12:48:19 +01:00
Ahmed Farid
e1435afea9 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qhelp 2022-08-04 12:45:01 +01:00
Ahmed Farid
76c8e7d2e8 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql 2022-08-04 12:44:45 +01:00
Ahmed Farid
428132a58e Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:44:10 +01:00
Ahmed Farid
a34478d58f Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:43:53 +01:00
Ahmed Farid
59f05b4d62 Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:43:35 +01:00
Ahmed Farid
fe51a917ec Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:43:21 +01:00
Ahmed Farid
ae4ded08fa Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref 2022-08-04 12:42:52 +01:00
Ahmed Farid
a747bacbe5 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql 2022-08-04 12:42:08 +01:00
Ahmed Farid
cf36a30909 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.qhelp 2022-08-04 12:41:51 +01:00
Ahmed Farid
4b0c42951f Rename python/ql/src/experimental/Security/CWE-208/UnSafeComparisonOfHash.py to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/UnSafeComparisonOfHash.py 2022-08-04 12:41:27 +01:00
Ahmed Farid
cf47104f62 Update TimingAttackAgainstHeaderValue.ql 2022-08-04 12:39:31 +01:00
Ahmed Farid
8490a54af5 Update TimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:38:31 +01:00
Ahmed Farid
31692f523f Update PossibleTimingAttackAgainstHash.ql 2022-08-04 12:37:57 +01:00
Ahmed Farid
61b7d89813 Update TimingAttackAgainstHash.ql 2022-08-04 12:36:58 +01:00
Ahmed Farid
b5ff606b41 Update PossibleTimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:36:36 +01:00
Ahmed Farid
ad53176546 Rename python/ql/src/experimental/Security/CWE-208/TimingAttack.qll to python/ql/src/experimental/semmle/python/security/TimingAttack.qll 2022-08-04 12:35:24 +01:00
Ahmed Farid
028ac19259 Rename python/ql/src/experimental/Security/CWE-208/SafeComparisonOfHash.py to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/SafeComparisonOfHash.py 2022-08-04 12:30:56 +01:00
Ahmed Farid
5afc0a7773 Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstHash.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql 2022-08-04 12:30:38 +01:00
Ahmed Farid
035de1fffe Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstHash.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.qhelp 2022-08-04 12:30:12 +01:00
Ahmed Farid
e28cf7ebe2 Create UnSafeComparisonOfHash.py 2022-08-04 12:28:46 +01:00
Ahmed Farid
9c0a71d880 Update SafeComparisonOfHash.py 2022-08-04 12:27:35 +01:00
Ahmed Farid
1fed6074e9 Create SafeComparisonOfHash.py 2022-08-04 12:25:47 +01:00
Ahmed Farid
c59a8b0c57 Create PossibleTimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:17:43 +01:00
Ahmed Farid
c13477c14f Update and rename TimingAttack.qhelp to TimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:16:06 +01:00
Ahmed Farid
10df8e6c02 Rename TimingAttackAgainstHeader.ql to TimingAttackAgainstHeaderValue.ql 2022-08-04 12:12:44 +01:00
Ahmed Farid
399972071c Rename TimingAttackAgainstHeaderValue.ql to TimingAttackAgainstHeaderValue.qhelp 2022-08-04 12:11:28 +01:00
Tom Hvitved
bc6a74b4dd C#: Disable CLR tracer 
Also remove old tracer configs, as we now use the Lua tracer.
 2022-08-04 13:11:07 +02:00
Ahmed Farid
89e1ad40f2 Create TimingAttackAgainstHeaderValue.ql 2022-08-04 12:10:06 +01:00
Ahmed Farid
2bb9448c9f Create PossibleTimingAttackAgainstHash.qhelp 2022-08-04 12:03:48 +01:00
Ahmed Farid
473ff0ef59 Create TimingAttackAgainstHash.qhelp 2022-08-04 12:02:50 +01:00
mc
935def739c Merge pull request #9955 from securingdev/patch-1 
Update Other section with example exit code details
 2022-08-04 10:26:45 +01:00
mc
df1633a838 Merge branch 'main' into patch-1 2022-08-04 10:13:23 +01:00
Anders Schack-Mulligen
a5a58f46eb Merge pull request #9945 from aschackmull/java/wrappedinvocation-joinorder 
Java: Improve join-order.
 2022-08-04 11:12:23 +02:00
mc
360cff9c24 Merge branch 'main' into patch-1 2022-08-04 10:08:55 +01:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
mc
8905df9abb Merge branch 'main' into patch-1 2022-08-04 10:06:01 +01:00
mc
e4c9f8a9a2 Update docs/codeql/codeql-cli/exit-codes.rst 2022-08-04 10:05:52 +01:00
Chris Smowton
96091e4fa0 Merge pull request #9947 from github/smowton/fix/golang-path-injection-numeric-sanitizer 
Go: note that numeric-typed nodes can't cause path traversal
 2022-08-04 09:00:34 +01:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Harry Maclean
ee9e6b1f2e Ruby: Add change note 2022-08-04 17:27:34 +12:00
Harry Maclean
452811dbf2 Ruby: move change note 2022-08-04 17:25:55 +12:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00
Harry Maclean
21b4918904 Ruby: Add getPositionalArgument 
This gets positional arguments from a call. These are arguments which
are not keyword arguments.
 2022-08-04 17:22:46 +12:00
Harry Maclean
d4f7f2b75e Ruby: Add test for AR PersistentWriteAccesses 2022-08-04 17:22:46 +12:00
Harry Maclean
7ed81db32d Ruby: Move ActiveRecord tests to new directory 2022-08-04 17:22:46 +12:00
Harry Maclean
def1b3c3b3 Ruby: QLDoc fix 2022-08-04 17:21:29 +12:00
Harry Maclean
fdbe16945f Ruby: Add change note 2022-08-04 17:19:05 +12:00
Ahmed Farid
9b2ff70332 format document 2022-08-04 00:56:30 +01:00