hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,929 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.3
Commit Graph

60929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
3121949123 Java: automodel application mode: test case for overridden method candidate 2023-09-07 15:49:58 +02:00
Stephan Brandauer
1e1b59ed52 Java: automodel: additionally consider sources for alreadyAiModeled property 2023-09-07 15:49:58 +02:00
Stephan Brandauer
6f7d78183f Java: add endpoints for parameters of overridden methods in automodel application mode 2023-09-07 15:49:57 +02:00
Stephan Brandauer
dff8259e78 Java: support remote sources in automodel positive example extraction 2023-09-07 15:49:57 +02:00
Stephan Brandauer
fcabca4581 Java: Export MaD output in application mode extraction queries 2023-09-07 15:49:57 +02:00
Stephan Brandauer
8d133f86c7 Java: replace getArgIndex by getMaDInput 2023-09-07 15:49:57 +02:00
Stephan Brandauer
902a585b47 Java: remove isArgOf predicate 2023-09-07 15:49:57 +02:00
Stephan Brandauer
caaf2f83d7 Java: enable model exclusion characteristic also for source candidates 2023-09-07 15:49:57 +02:00
Stephan Brandauer
344aa9cb6b Java: enable local call characteristic also for source candidates 2023-09-07 15:49:57 +02:00
Stephan Brandauer
afc5aedd0a Java: enable exception characteristic also for source candidates 2023-09-07 15:49:57 +02:00
Stephan Brandauer
a526b79211 Java: enable unexploitable is/exists characteristics also for source candidates 2023-09-07 15:49:57 +02:00
Stephan Brandauer
f55d950be3 Java: update application mode extraction test expectations after adding source candidates 2023-09-07 15:49:57 +02:00
Stephan Brandauer
937e452ce0 Java: add extensibleType to sampling keys 2023-09-07 15:49:57 +02:00
Stephan Brandauer
eb1e29d284 Java: add new endpoint class for source candidates in application mode 2023-09-07 15:49:57 +02:00
Stephan Brandauer
7cfcbf6b71 Java: add extensible type to endpoint class in application mode 2023-09-07 15:49:56 +02:00
Alex Ford
0aee7f6ac6 Ruby: qlformat 2023-09-07 14:47:02 +01:00
Alex Ford
13300a2e2f Ruby: un-private PathGraph imports 2023-09-07 14:24:46 +01:00
Alex Ford
a893911dba Ruby: Use a newtype instead of DataFlow::FlowState for insecure-download 2023-09-07 14:22:18 +01:00
Alex Ford
75fdde543f Ruby: Use a newtype instead of DataFlow::FlowState for hardcoded-data 2023-09-07 14:13:26 +01:00
Rasmus Lerchedahl Petersen
b07d085157 Python: make test PoC a proper package 2023-09-07 15:04:27 +02:00
Rasmus Lerchedahl Petersen
970e881697 Python: Follow naming convention 2023-09-07 15:03:51 +02:00
Alexander Eyers-Taylor
df2b313c5e Merge pull request #14155 from alexet/reach-end-of-function-return 
CPP: Make functions that reach the end return.
 2023-09-07 13:58:43 +01:00
Alex Eyers-Taylor
43a72f2a8e CPP:Add tests for the aliased IR. 2023-09-07 13:42:31 +01:00
Alex Eyers-Taylor
404145dd1b CPP: Update tests 2023-09-07 13:42:31 +01:00
Alex Ford
0d7d5a35c9 Ruby: Use a newtype instead of DataFlow::FlowState for code-injection 2023-09-07 13:39:10 +01:00
Alex Eyers-Taylor
b44c4587a4 CPP: Remove sucessors of non-returning IR calls. 2023-09-07 12:58:20 +01:00
Alex Eyers-Taylor
e8dfecc4a4 CPP: Fix test result 2023-09-07 12:49:13 +01:00
Alex Eyers-Taylor
d603b7ac3c CPP: Make functions that reach the end return. 
This is UB in C++ but not C where it is only bad if the result is used.
 2023-09-07 12:39:48 +01:00
Alex Ford
dfc3b33910 Ruby: Use a newtype instead of DataFlow::FlowState for unicode-bypass-validation 2023-09-07 12:09:47 +01:00
Michael B. Gale
3b708993c7 Go: Add diagnostic for 1.21 toolchain error 2023-09-07 11:51:20 +01:00
erik-krogh
bf3fe3cd66 add new qhelp for clear-text-logging 2023-09-07 12:39:13 +02:00
Michael B. Gale
38892bb51b Merge pull request #13999 from github/mbg/csharp/standalone/dotnet-version 
C# Standalone: Install .NET SDK specified in `global.json`
 2023-09-07 11:30:53 +01:00
Rasmus Wriedt Larsen
ec0529d68c Merge pull request #14145 from p-/p--asyncio-cmdi-exec 
Python: Support for command injection sinks found in the `asyncio` module
 2023-09-07 11:27:50 +02:00
Rasmus Wriedt Larsen
bfb4be26c2 Python: Autoformat 2023-09-07 10:31:39 +02:00
Rasmus Wriedt Larsen
54c456d95d Python: Apply suggestions from code review 2023-09-07 10:28:46 +02:00
Rasmus Lerchedahl Petersen
f253f9797f Python: update test expectations 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
7edebbeaff Python: Add QLDocs 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
c0b3245a53 Python: Enrich the NoSql concept 
This allows us to make more precise modelling
The query tests now pass.
I do wonder, if there is a cleaner approach, similar to
`TaintedObject` in JavaScript. I want the option to
get this query in the hands of the custumors before
such an investigation, though.
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
114984bd8c Python: Added tests based on security analysis 
currently we do not:
- recognize the pattern
   `{'author': {"$eq": author}}` as protected
- recognize arguements to `$where` (and friends)
   as vulnerable
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
bf8bfd91cd Python: Add inline query test 2023-09-07 10:22:30 +02:00
Rasmus Wriedt Larsen
d4c3dfffec Merge pull request #14158 from RasmusWL/fix-ssrf-example 
Python: Fix typo in SSRF example
 2023-09-07 10:22:21 +02:00
Max Schaefer
46d7165885 Explain about redirects to example.com. 2023-09-07 09:12:07 +01:00
Rasmus Wriedt Larsen
c85ea9a0c0 Python: Fix typo in SSRF example 2023-09-07 09:45:02 +02:00
Rasmus Lerchedahl Petersen
19046ea417 Python: more renames 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
087961d179 Python: Refactor to allow customizations 
Also use new DataFlow API
 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
db0459739f Python: rename file 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
55707d395e Python: Make things compile in their new location 
- Move NoSQL concepts to the non-experimental concepts file
- fix references
 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
60dc1afbc0 Python: prepare to promote NoSqlInjection 
Mostly move files, preserving authourship.
This will not compile.
 2023-09-07 09:28:29 +02:00
Michael B. Gale
ccbc6f446a Use git ls-files to find DLLs to index 2023-09-06 22:17:08 +01:00
Tom Hvitved
718e491800 C#: Clear TRAP stack when calling PopulateGenerics 2023-09-06 21:12:01 +02:00