hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-06 07:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,732 Branches 164 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Mathias Vorreiter Pedersen
978bf3aefc C++: Make QLDoc comment represent a valid C++ template 2020-07-29 15:59:19 +02:00
Rasmus Lerchedahl Petersen
d32e2772a0 Python: some doc, a generator, and a corotuine 2020-07-29 15:52:56 +02:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
99f08750f3 Polish CWE-322: detect and exclude cases where host-checking is optional 2020-07-29 14:43:47 +01:00
Max Schaefer
2831ffdad0 Merge pull request #270 from smowton/smowton/cleanup/ricterz-libraries 
Add support for Gorm, Gorestful, Sqlx and Json-iterator
 2020-07-29 14:21:41 +01:00
Tom Hvitved
f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Max Schaefer
f8b8af5ac5 Merge pull request #269 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-29 07:19:41 +01:00
Marcono1234
5942bc6a43 Improve InsecureJavaMail.qhelp references 2020-07-29 01:45:27 +02:00
Rasmus Lerchedahl Petersen
488a7f4d01 Python: update test expectations 2020-07-28 21:46:45 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Arthur Baars
0db8ba881b CodeQL: complete LGTM suites 2020-07-28 20:36:53 +02:00
Rasmus Lerchedahl Petersen
eab64f125b Python: Dataflow, start on test for classes 2020-07-28 20:32:12 +02:00
luchua-bc
5520504658 Update expected results 2020-07-28 15:41:23 +00:00
luchua-bc
a91cc9b7ec Convert the query to path-problem 2020-07-28 15:36:12 +00:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Chris Smowton
026dc5c97f Add changelog notes regarding added library support 2020-07-28 14:57:14 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API 
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
 2020-07-28 14:52:10 +01:00
Chris Smowton
e19f476341 Add test for Sqlx 2020-07-28 14:52:10 +01:00
Chris Smowton
f5caf7e9e2 Add test for Gorm 2020-07-28 14:52:10 +01:00
Chris Smowton
a813607a76 go-restful model: Add support for ReadEntity method 2020-07-28 14:52:10 +01:00
Chris Smowton
3c4a1b90fe Add test for Go-restful 2020-07-28 14:52:10 +01:00
Chris Smowton
b96546b0f8 Improve style of library models 2020-07-28 14:40:48 +01:00
Max Schaefer
e9ae697d0d Merge pull request #251 from gagliardetto/standard-lib-pt-1 
Add taint-tracking for archive/tar and archive/zip
 2020-07-28 14:27:02 +01:00
Shati Patel
a79f09f1de Add basic query for Go 2020-07-28 15:25:59 +02:00
Chris Smowton
88cb435843 Split security flags into more distinct categories 
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
 2020-07-28 13:54:37 +01:00
Chris Smowton
3c244e2235 Insecure-TLS: remove obsolete TODO 
The case noted works fine.
 2020-07-28 13:04:16 +01:00
Shati Patel
8e8c43a25b Add basic query for JavaScript 2020-07-28 13:54:06 +02:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
Chris Smowton
9b4e189374 Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction 2020-07-28 11:55:58 +01:00
Chris Smowton
2751552cbe Insecure-TLS: Reintroduce tests for InsecureCipherSuites() 
These stopped producing an alert because they used a variable name that acknowledges an insecure setup
 2020-07-28 11:55:58 +01:00
Chris Smowton
db9760082d Insecure-TLS: simplify warning message 2020-07-28 11:55:58 +01:00
Chris Smowton
2a0642b67b Insecure-TLS: remove is-test-file filter 2020-07-28 11:55:58 +01:00
Chris Smowton
5c8534f56e EXCUSED -> OK 2020-07-28 11:55:58 +01:00
Chris Smowton
d0c76187da Fix comment 2020-07-28 11:55:58 +01:00
Chris Smowton
a10db25b7d Remove redundant constraint 2020-07-28 11:55:58 +01:00
Chris Smowton
779901cdbd Reference Mozilla's TLS advice in qhelp 2020-07-28 11:55:58 +01:00
Chris Smowton
718c4e8531 Add change note for insecure-TLS query 2020-07-28 11:55:58 +01:00
Chris Smowton
db27f8477a Update CWE-327 test 
This now checks various carve-outs for probable feature / compatibility flags
 2020-07-28 11:55:58 +01:00
Chris Smowton
21d107e0e9 Check for suspected feature-flags more uniformly 
These are now checked of all source *and* sink nodes, and the checks are factored with similar paths for is-insecure and is-old flags.
 2020-07-28 11:55:58 +01:00
Chris Smowton
7d294c5d81 Factor and generalise InsecureFeatureFlag 
The same path is now used to classify flags relating to old/legacy versions.
 2020-07-28 11:21:51 +01:00
Chris Smowton
34c8cc5019 Improve documentation and function naming 2020-07-28 11:21:51 +01:00
Shati Patel
9edf1646c9 Add basic queries for C#, Java, and Python 2020-07-28 12:18:45 +02:00
Shati Patel
0f3599039f Update docs/language/learn-ql/cpp/basic-query-cpp.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-28 11:49:17 +02:00
Chris Smowton
17200a8569 Use SsaWithFields to find similar good-tls-version flows 
Note: if accepted, merge this into a previous commit before submitting the PR
 2020-07-28 10:31:45 +01:00
Chris Smowton
a7e549e771 Exclude TLS version sources accompanied by a non-nil error 
It is common to return 0 has a dummy value with an error; these are very likely not going to be used as a real TLS version.
 2020-07-28 10:31:44 +01:00