hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,361 Commits 1,673 Branches 157 Tags
codeql-cli/v2.14.6
Commit Graph

58361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
cfc4a6a6b7 Make Timing use new API 2023-08-10 15:49:32 +01:00
Owen Mansel-Chan
39762da5e0 Make DsnInjection use new API 2023-08-10 15:49:31 +01:00
Owen Mansel-Chan
a53da376d1 Make LDAPInjection use new API 2023-08-10 15:49:29 +01:00
Owen Mansel-Chan
f60ca76eb2 Make EmailInjection use new API 2023-08-10 15:49:28 +01:00
Owen Mansel-Chan
1962aa3de4 Make SSRF use new API 2023-08-10 15:49:27 +01:00
Owen Mansel-Chan
71735c86c2 Make WeakCryptoAlgorithm use new API 2023-08-10 15:49:25 +01:00
Owen Mansel-Chan
46185e3a02 Make HardcodedKeys use new API 2023-08-10 15:49:24 +01:00
Owen Mansel-Chan
b5ac0c94c6 Make ZipSlip use new API 2023-08-10 15:49:23 +01:00
Owen Mansel-Chan
7341b6156d Make XPathInjection use new API 2023-08-10 15:49:21 +01:00
Owen Mansel-Chan
a6177b3c92 Make UnsafeUnzipSymlink use new API 2023-08-10 15:49:20 +01:00
Owen Mansel-Chan
7db1daba6e Make TaintedPath use new API 2023-08-10 15:49:19 +01:00
Owen Mansel-Chan
6c91f77776 Make StringBreak use new API 2023-08-10 15:49:17 +01:00
Owen Mansel-Chan
30ae34352b Make StoredXss use new API 2023-08-10 15:49:16 +01:00
Owen Mansel-Chan
4334a51cf3 Make StoredCommand use new API 2023-08-10 15:49:15 +01:00
Owen Mansel-Chan
ac1670c0af Make SqlInjection use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:13 +01:00
Owen Mansel-Chan
646e158813 Make tests use config from InlineFlowTest 
For InterProceduralDataFlow, it's hard to get it to use InlineFlowTest
because you need to show both the source and the sink, and there are
problems with quoting when the source is already surrounded by quotes.
 2023-08-10 15:49:12 +01:00
Owen Mansel-Chan
81854279bd Make tests use InlineFlowTest 2023-08-10 15:49:11 +01:00
Owen Mansel-Chan
d385113e11 Make InsufficientKeySize use new API 2023-08-10 15:49:09 +01:00
Owen Mansel-Chan
16ef11a3c3 Make ConstantOauth2State use new API 
Removed edges were only there originally due to multiple configurations
being in scope. `DataFlow::PathNode` has union semantics for
configurations. Nodes are only generated if they are reachable from a
source, but this includes sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:08 +01:00
Owen Mansel-Chan
fbd0c4edd0 Make HostKeyCallbackAssignment use new API 2023-08-10 15:49:07 +01:00
Owen Mansel-Chan
a1a31bfd62 Make SuspiciousCharacterInRegexp use new API 2023-08-10 15:49:05 +01:00
Owen Mansel-Chan
8f644af769 Make MissingRegexpAnchor use new API 2023-08-10 15:49:04 +01:00
Owen Mansel-Chan
442f6875f5 Make IncompleteHostNameRegexp use new API 2023-08-10 15:49:03 +01:00
Owen Mansel-Chan
0e1383ddd7 Make UnhandledFileCloseWritableHandle use new API 2023-08-10 15:49:01 +01:00
Owen Mansel-Chan
00cc78dfe6 Make CookieWithoutHttpOnly use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:00 +01:00
Owen Mansel-Chan
a7382e06c2 Make ClearTextLogging use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:59 +01:00
Owen Mansel-Chan
653563fcbc Make StringsNewReplacer use new API 
We don't have to keep a deprecated copy as this is private. This allows
us to delete a copy of the DataFlow library!
 2023-08-10 15:48:57 +01:00
Owen Mansel-Chan
1f6cdc7eda Make OpenURLRedirect use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.

Removed nodes and edges were only there originally due to multiple
configurations being in scope. `DataFlow::PathNode` has union semantics
for configurations. Nodes are only generated if they are reachable from
a source, but this includes sources from other configurations.
 2023-08-10 15:48:55 +01:00
Owen Mansel-Chan
d2a5d19439 Make SafeUrlFlow use new API 2023-08-10 15:48:54 +01:00
Owen Mansel-Chan
97c32970a0 Make RequestForgery use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:53 +01:00
Owen Mansel-Chan
1c2536321c Make ReflectedXss use new API 2023-08-10 15:48:51 +01:00
Owen Mansel-Chan
3d9f8d50bc Make InsecureRandomness use new API 2023-08-10 15:48:50 +01:00
Michael B. Gale
87c089e0a8 Make CommandInjection.qll use new API 
The new `edges` and `nodes` sections in the .expected files are because
the PathGraph module was not imported in the tests before, and thus
these query predicates were not in scope.
 2023-08-10 15:48:48 +01:00
Michael B. Gale
957757c271 Make UntrustedDataToUnknownExternalAPI use new API 2023-08-10 15:48:47 +01:00
Michael B. Gale
d6919dd57b Make UntrustedDataToExternalAPI use new API 2023-08-10 15:48:46 +01:00
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
Tom Hvitved
5a6ce293cc Merge pull request #13942 from hvitved/dataflow/variable-capture-consistency-fix 2023-08-10 16:20:28 +02:00
Tom Hvitved
9b38028e25 Data flow: Fix localWriteStep consistency query 2023-08-10 15:31:04 +02:00
Mathias Vorreiter Pedersen
9aae174942 C++: Move conjunct below comment. 2023-08-10 13:58:07 +01:00
Michael Nebel
f6aca58dbb Merge pull request #13885 from michaelnebel/csharp/linqforeach 
C#: LINQ recommendation queries.
 2023-08-10 14:55:11 +02:00
Rasmus Lerchedahl Petersen
eac44e89d9 Python: test nice locations 
there are errors both on lines 2 and 3 due to
locations being computed wrongly.
 2023-08-10 14:21:16 +02:00
Mathias Vorreiter Pedersen
6d949cbd39 C++: Rename 'getAFlowStateForNode' to 'getASizeAddend'. 2023-08-10 13:19:28 +01:00
Mathias Vorreiter Pedersen
a2b8eb924e C++: Remove the '+ 1' in 'getAFlowStateForNode'. 2023-08-10 13:17:47 +01:00
Mathias Vorreiter Pedersen
f9fc79b16f Merge pull request #13930 from geoffw0/uitextinput 
Swift: Flow sources for UITextInput
 2023-08-10 13:05:47 +01:00
Tom Hvitved
f19232f800 Ruby: Fix another bug in isCapturedAccess 2023-08-10 14:02:58 +02:00
erik-krogh
5ffce86768 change the defaults in the qhelp for missing-rate-limit to something more reasonable 2023-08-10 13:40:17 +02:00
Harry Maclean
b365ff095a Ruby: Fix SynthSplatParameterElementNode 
Make this class into a proper subclass of `ParameterNodeImpl`, to
prevent some consistency test failures.
 2023-08-10 12:35:12 +01:00
Tom Hvitved
77fca277fe Ruby: Improve desugaring of for loops 2023-08-10 13:22:01 +02:00
Ian Lynagh
f377d25c23 Merge pull request #13919 from igfoo/igfoo/useFunction 
Kotlin: useFunction might return null
 2023-08-10 12:17:20 +01:00
Tom Hvitved
4e954c29a2 Merge pull request #13936 from hvitved/ruby/captured-access-fix 
Ruby: Fix bug in `isCapturedAccess`
 2023-08-10 13:15:48 +02:00