hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 159 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
8a4ca7fb84 Merge pull request #10026 from pwntester/patch-2 
Go: Partial URLs should not sanitize against SSRF
 2023-04-14 13:52:11 +01:00
jarlob
e9dee3a185 Move actions/github-script out of Actions.qll 2023-04-14 14:26:23 +02:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
Asger F
f4e8656c17 Ruby: move internal methods to API::Node::Internal 2023-04-14 13:35:13 +02:00
Alex Ford
9169ddb9c1 Merge pull request #12823 from alexet/alexet/bump-version 
Bump all qlpacks major versions
 2023-04-14 12:18:27 +01:00
Owen Mansel-Chan
352866b52d Add change note 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
a42dbc5bab Fix formatting again 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
d407a689fa Fix formatting by deleting spaces no blank line 2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
169bde8671 Fix formatting by deleting blank line 2023-04-14 12:00:38 +01:00
Alvaro Muñoz
8bf4b55309 Partial URLs should not sanitize against SSRF 
As an example:

```go
	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)
```
 2023-04-14 12:00:38 +01:00
jarlob
599ec5a3b4 Add comment 2023-04-14 10:52:11 +02:00
jarlob
3724ea1a7b Extract where parts into predicates 2023-04-14 10:49:56 +02:00
jarlob
ac1c20673d Encapsulate github-script 2023-04-14 10:23:49 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00
Tony Torralba
f106783c39 SensitiveResultReceiverFlow needs to be public 2023-04-14 09:04:56 +02:00
smiddy007
ec97cdc8a0 Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS library. 2023-04-13 23:16:20 -04:00
Ed Minnix
7b56383b52 Make SensitiveResultReceiver modules private 2023-04-13 23:08:46 -04:00
Ed Minnix
0a26916245 Re-Add SensitiveResultReceiverConf as deprecated 2023-04-13 23:06:16 -04:00
Edward Minnix III
77b67cbf2e Fix typo 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-04-13 23:06:16 -04:00
Ed Minnix
0fc775027f Fix SensitiveResultReceiver test case 2023-04-13 23:06:16 -04:00
Ed Minnix
3826b9be6c Re-add allowImplicitRead 2023-04-13 23:06:16 -04:00
Ed Minnix
74b71ff7e3 Replace allowImplicitRead with default implementation 2023-04-13 23:06:16 -04:00
Ed Minnix
ea54ea47b1 Deprecate sensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Edward Minnix III
3e55c47e3e flow(_, sink) to flowTo(sink) 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-04-13 23:06:16 -04:00
Ed Minnix
5ed1868324 Refactor ratpack framework test 2023-04-13 23:06:16 -04:00
Ed Minnix
88eb0231c1 Refactor taintedString.ql test 2023-04-13 23:06:16 -04:00
Ed Minnix
cd661f1d9f Refactor SensitiveResultReceiver 2023-04-13 23:06:16 -04:00
Ed Minnix
735a7383c6 Refactor HardcodedCredentialsSourceCall 2023-04-13 23:06:16 -04:00
jarlob
94065764d5 Make predicate name clearer 2023-04-14 01:05:21 +02:00
jarlob
79218a3946 Use YamlMapping for modeling Env 2023-04-14 00:56:51 +02:00
jarlob
dd52ef85cd Rename Env 2023-04-13 23:41:31 +02:00
jarlob
76834cbe53 Rename GlobalEnv 2023-04-13 23:13:56 +02:00
jarlob
a8a6913512 Simplify exists according to the warning 2023-04-13 23:10:16 +02:00
jarlob
8234ea33f0 More details in the changes file. 2023-04-13 23:05:32 +02:00
Mathias Vorreiter Pedersen
15d5ad7a66 Merge pull request #12822 from MathiasVP/promote-redundant-null-check-simple 
C++: Promote `cpp/redundant-null-check-simple` to Code Scanning
 2023-04-13 22:01:28 +01:00
jarlob
6790318769 Added the composite word 2023-04-13 22:58:32 +02:00
Jaroslav Lobačevski
8f1bccbb4d Apply suggestions from code review (comments) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-04-13 22:55:53 +02:00
Geoffrey White
3f8ac1a12b Merge pull request #12794 from geoffw0/modernsec2 
Swift: Add CSV extension points to the encryption queries.
 2023-04-13 19:43:05 +01:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Mathias Vorreiter Pedersen
b7bbdb76ba Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-13 18:42:12 +01:00
Geoffrey White
8c415f3988 Swift: getName() -> getFullName(). 2023-04-13 17:56:07 +01:00
Mathias Vorreiter Pedersen
f1a7b1a853 C++: Add change note. 2023-04-13 17:35:28 +01:00
Mathias Vorreiter Pedersen
c230de86b4 C++: Accept test changes. 2023-04-13 17:28:07 +01:00
Mathias Vorreiter Pedersen
b8d2896d5d C++: Convert 'cpp/redundant-null-check-simple' to a path-problem query and assigned it precision high. 2023-04-13 17:28:07 +01:00
Jami
0442072a59 Merge pull request #12820 from jcogs33/jcogs33/update-hq-manual-provenance 
Java: update provenance of `Connection#nativeSQL` sink to "hq-manual"
 2023-04-13 11:59:39 -04:00
Jami Cogswell
1b1838b5a8 Java: update Netty test case 2023-04-13 11:29:47 -04:00
Maiky
64cf3adfd4 Update examples 2023-04-13 17:29:14 +02:00
Maiky
820db43945 Add ERB Template Injection Sink 2023-04-13 17:21:31 +02:00
Robert Marsh
fddbffee6f C++: autoformat 2023-04-13 11:13:27 -04:00
Edward Minnix III
aeff6d3b85 Merge pull request #12808 from egregius313/egregius313/java/dataflow/refactor-experimental 
Java: Refactor experimental queries to new DataFlow API
 2023-04-13 10:58:34 -04:00