hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,712 Branches 163 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
Alvaro Muñoz
0da8f8d299 Merge pull request #36 from GitHubSecurityLab/fix_source_regexps 
fix(fn): Apply json wrappers to source regexps
 2024-03-15 14:05:29 +01:00
Alvaro Muñoz
d9e589c6e7 Remove unnecessary boundary anchors 2024-03-15 13:58:46 +01:00
Alvaro Muñoz
6cb15f06bc fix(fn): Apply json wrappers to source regexps 2024-03-15 13:54:21 +01:00
Alvaro Muñoz
27a9bc8564 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-15 13:34:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Mathias Vorreiter Pedersen
19c9ea7e20 C++: Implement alias and side effect models for iterators. 2024-03-15 12:13:43 +00:00
Mathias Vorreiter Pedersen
a51fe4a00e C++: Make the vector and iterator classes in 'ir.cpp' more realistic. This matches the one we use for dataflow tests. 2024-03-15 12:10:48 +00:00
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tom Hvitved
693c28a821 Merge pull request #15931 from hvitved/ql/remove-missing-override-query 
QL4QL: Remove `MissingOverride` query
 2024-03-15 11:28:41 +01:00
Alvaro Muñoz
ea135a60de Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 
Fix tokens
 2024-03-15 11:25:08 +01:00
Jorge
5908d6c567 Fix tokens 2024-03-15 11:23:37 +01:00
Jorge
465700b2cd Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 
Add `GITHUB_TOKEN`
 2024-03-15 11:19:41 +01:00
Alvaro Muñoz
188f9d5adc Merge pull request #34 from GitHubSecurityLab/refactor_queries 
Refactor queries
 2024-03-15 11:17:31 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Owen Mansel-Chan
8e52483beb Add df-manual models in manually modeled classes 2024-03-15 10:10:23 +00:00
Jorge
a36ae6a7e2 Add GITHUB_TOKEN 2024-03-15 11:07:01 +01:00
Tom Hvitved
80649786c3 QL4QL: Remove MissingOverride query 2024-03-15 11:06:15 +01:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Rasmus Wriedt Larsen
7eb4419342 Python: Restrict type-tracking content to only be precise 
At least for now :)
 2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen
6babb2ff90 Python: Accept .expected for typetracking-summaries 2024-03-15 10:24:33 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Rasmus Wriedt Larsen
00f2a6a65e Python: Update ssa-compute test expectations 2024-03-15 10:14:45 +01:00
Asger F
711a08b0d4 JS: Add TODO about switching to the shared library 2024-03-15 09:26:19 +01:00
Tony Torralba
171ff4d161 Merge pull request #15928 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-15 09:24:57 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
github-actions[bot]
7f05743212 Add changed framework coverage reports 2024-03-15 00:16:16 +00:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919 Model additional string attributes 2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca Model UploadedFile original_filename and read 2024-03-14 22:25:35 +00:00
Alvaro Muñoz
12af3bdf08 resolve conflicts 2024-03-14 22:42:57 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Mathias Vorreiter Pedersen
6dddae0154 Merge pull request #15925 from MathiasVP/rename-dataflowutil-class 
C++: Follow-up to #15918
 2024-03-14 18:15:14 +00:00
Jorge
4fcd68ba5a Merge pull request #31 from GitHubSecurityLab/new_sinks 
Add security sinks
 2024-03-14 19:11:27 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
70dd7fe18f Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 17:47:20 +01:00
Alvaro Muñoz
d011269bf8 Merge pull request #32 from GitHubSecurityLab/choose-suite 2024-03-14 17:42:55 +01:00
Jorge
53209a26b1 build 2024-03-14 16:22:34 +00:00
Jorge
a9aba88bc5 Add alternate value 2024-03-14 17:21:26 +01:00
Jorge
678f99b6be build 2024-03-14 16:14:33 +00:00
Jorge
a9057a7386 Add suite input 2024-03-14 17:10:35 +01:00
Tony Torralba
ee3efbadae Merge pull request #15924 from atorralba/atorralba/go/hardcoded-credentials-fix 
Go: Consider more strings as hardcoded credentials
 2024-03-14 16:52:34 +01:00