hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-15 12:06:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,708 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
56af52a729 feat(tests): New tests for Command Injection 
Injections on a workflow_run triggered protected by a allow branches list should not be reported as critical
 2024-07-11 10:46:37 +02:00
Alvaro Muñoz
adbb236465 fix(query): Better identification of argument injection commands 2024-07-11 10:45:49 +02:00
Jeroen Ketema
48bf06f1aa C++: Fix getAPrimaryQlClass 2024-07-11 10:43:17 +02:00
Jeroen Ketema
0413e0e090 C++: Clean up QLDoc and add change note 2024-07-11 10:37:26 +02:00
Alvaro Muñoz
8d75250da7 Bump qlpack versions 2024-07-11 10:05:29 +02:00
Alvaro Muñoz
732f0dc29f feat(queries): Argument Injection 
Make argument injection sinks congigurable with MaD
 2024-07-11 10:04:43 +02:00
Alvaro Muñoz
73c77bc93b Initial implementation 
Pending work: complete the regular expression
 2024-07-11 10:04:43 +02:00
Owen Mansel-Chan
3417605b6d Tests: update provenance numbering 2024-07-11 06:42:58 +01:00
Jeroen Ketema
3f789bad60 C++: Support more builtin operations 2024-07-10 21:27:09 +02:00
Owen Mansel-Chan
2c7fbda2ec Accept review suggestion for QLDoc 2024-07-10 16:48:11 +01:00
Owen Mansel-Chan
32acff76c2 Make groupPrefix() private 
This could be made public in future. But I expect that we will want to
use this logic for QL models as well then we will want to move it into a
different file, which will be much easier if it's all private at the
moment.
 2024-07-10 16:48:10 +01:00
Owen Mansel-Chan
b64ef84393 Use prefix() method on string to check for group prefix 2024-07-10 16:48:10 +01:00
Owen Mansel-Chan
3e2ebf436c Move logic for dealing with groups into a predicate 2024-07-10 16:48:09 +01:00
Owen Mansel-Chan
f6b9195a61 Add validation of package groups 2024-07-10 16:48:08 +01:00
Owen Mansel-Chan
ab991af2a5 Fix package validation errors 2024-07-10 16:48:07 +01:00
Owen Mansel-Chan
f650e3f72b Update MaD documentation explain "group:" in package column 2024-07-10 16:48:06 +01:00
Owen Mansel-Chan
01afa360d7 Tests: accept model numbering changes 2024-07-10 16:48:05 +01:00
Owen Mansel-Chan
1e448d547d Rename Beego MaD files using path from current version 2024-07-10 16:48:04 +01:00
Owen Mansel-Chan
fde7d7b969 Use packageGrouping for Beego models 2024-07-10 16:48:03 +01:00
Michael Nebel
4193b7e591 Allow grouping import paths for models-as-data 2024-07-10 16:48:02 +01:00
Tamás Vajk
57efb84b98 Merge pull request #16945 from tamasvajk/feature/buildless-deterministic-file-order 
C#: Order files in buildless extraction
 2024-07-10 16:25:01 +02:00
Tom Hvitved
39b5dbfaf7 C#: Perform fewer regexpCaptures when matching version numbers 2024-07-10 14:50:39 +02:00
Alvaro Muñoz
4ad7c1fc95 Merge pull request #57 from github/workflow_run_branches 
workflow run branches
 2024-07-10 13:09:36 +02:00
Alvaro Muñoz
621ead2266 Fix branches logic 2024-07-10 13:09:23 +02:00
Alvaro Muñoz
090b3d41d1 Fix branches logic 2024-07-10 13:08:54 +02:00
Tom Hvitved
f18338259f Merge pull request #16884 from hvitved/ssa/dataflow-integration 
SSA: Add data flow integration layer
 2024-07-10 12:47:37 +02:00
Geoffrey White
0344381120 Merge remote-tracking branch 'upstream/main' into docsforautofix 2024-07-10 11:17:52 +01:00
Geoffrey White
74384625f6 C++: Autoformat. 2024-07-10 11:17:44 +01:00
Alvaro Muñoz
53b88627e5 feat(core): Exclude worflow_run#branches#default branch from externally triggerable events 2024-07-10 12:15:49 +02:00
Alvaro Muñoz
f1d1c1e55a Bump QL versions 2024-07-10 11:49:37 +02:00
Alvaro Muñoz
f4dd771d1c feat(models): Add models for ssh-action 2024-07-10 11:49:18 +02:00
Alvaro Muñoz
e23054292b feat(tests): Add new tests 
Add new tests to verify that even if a job is privileged, if the vulnerability takes place in a different one, it should be considered as non-priveleged and reported as Cache Poisoning instead of Untrusted Checkout
 2024-07-10 11:49:02 +02:00
Tom Hvitved
8979bac4d8 Update shared/ssa/codeql/ssa/Ssa.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-07-10 10:55:13 +02:00
Tamas Vajk
ccf56a21c2 C#: Order files in buildless extraction 2024-07-10 10:53:53 +02:00
Tom Hvitved
7928d751d1 Address review comment 2024-07-10 09:52:09 +02:00
aegilops
01ec7c22df Fixed test 2024-07-09 19:19:06 +01:00
am0o0
dd4bce8e30 finilize tests 2024-07-09 19:48:58 +02:00
am0o0
7a5838f1a2 MethodAccess => MethodCall 2024-07-09 19:43:22 +02:00
am0o0
e87d2fe922 remove redundent imports 2024-07-09 19:41:06 +02:00
aegilops
0aab2aef3b Formatting of QLL 2024-07-09 18:16:37 +01:00
aegilops
dae2aeb7d3 QLDoc 2024-07-09 18:16:02 +01:00
Mathias Vorreiter Pedersen
81593ece5a Merge pull request #16935 from MathiasVP/iterator-to-expired-container-fp-5 
C++: Add `cpp/iterator-to-expired-container` FP
 2024-07-09 17:07:19 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
Alvaro Muñoz
8231261ccf New poisonable steps 2024-07-09 17:28:04 +02:00
Rasmus Wriedt Larsen
60d1dc8af8 Python: Bump extractor version 2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen
6b3625e24e Python: Handle diagnostics writing for BuiltinModuleExtractable 2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen
c1da2c1d2f Python: Gracefully handle exceptions in diagnostics writing 2024-07-09 14:15:51 +02:00
Rasmus Wriedt Larsen
a8b976b389 Python: Always log errors before writing diagnostics 
So we have the info in the logs if the diagnostics processing fails
 2024-07-09 13:47:53 +02:00
Tom Hvitved
d41eae6fc3 SSA: Add data-flow integration layer 2024-07-09 12:49:22 +02:00
Mathias Vorreiter Pedersen
48edb77300 C++: Add 'cpp/iterator-to-expired-container' FP. 2024-07-09 11:24:18 +01:00