hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-01 05:08:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
0b641c5ce9 Python: Update type tracking and strange-essaflow tests 2020-09-14 15:05:16 +02:00
Taus Brock-Nannestad
5fb33c90bc Python: Add ModuleVariableNode to dataflow 2020-09-14 14:57:32 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Ian Lynagh
826c40fcac C++: Deprecate Location subclasses 
The main Location class should always be used.
 2020-09-14 13:14:18 +01:00
Tamás Vajk
d21c101c0d Merge pull request #4041 from tamasvajk/feature/update-roslyn 
C#: upgrade Roslyn dependencies to version 3.7
 2020-09-14 13:57:36 +02:00
Tamás Vajk
f5f4b8e25b C#: Enable nullability of Semmle.Extraction.CSharp.Standalone (#4115) 2020-09-14 13:43:57 +02:00
Slavomir
6bbe0182ca Rename Syscall_non_windows.go to Syscall_non_win.go 2020-09-14 13:34:24 +02:00
Rasmus Wriedt Larsen
637ea4ad6f Merge pull request #4226 from RasmusWL/python-missing-1.25-change-notes 
Python: Add missing 1.25 change notes
 2020-09-14 13:18:24 +02:00
Slavomir
4c2537017f Fix TaintStep.expected: add params to json.MarshalIndent 2020-09-14 13:10:25 +02:00
Slavomir
64a61bd648 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingXml module. 2020-09-14 13:10:25 +02:00
Slavomir
947bbabf62 Extend MarshalingFunction and UnmarshalingFunction with encoding/pem 2020-09-14 13:10:25 +02:00
Slavomir
d472d5abe5 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingJson module. 2020-09-14 13:10:25 +02:00
Slavomir
ed2e5b0f92 Extend MarshalingFunction and UnmarshalingFunction with encoding/asn1 2020-09-14 13:10:25 +02:00
Slavomir
afede9bde5 Remove encoder taint-tracking for encoding/hex 2020-09-14 13:10:25 +02:00
Slavomir
96a700becb Remove encoder taint-tracking for encoding/base64 2020-09-14 13:10:25 +02:00
Slavomir
0baca5fa6c Remove encoder taint-tracking for encoding/base32 2020-09-14 13:10:25 +02:00
Slavomir
828d3863a0 Remove encoder taint-tracking for encoding/ascii85 2020-09-14 13:10:25 +02:00
Slavomir
f3a61ed65c Add MarshalFunction and UnmarshalFunction classes to EncodingXml module. 2020-09-14 13:10:25 +02:00
Slavomir
b4ff653071 Add taint-tracking for encoding/xml 2020-09-14 13:10:25 +02:00
Slavomir
e7fc3c5039 Add taint-tracking for encoding/pem 2020-09-14 13:10:25 +02:00
Slavomir
669ed91b0b Move EncodingJson to stdlib; add Escape class. 2020-09-14 13:10:25 +02:00
Slavomir
24c23ba333 Add taint-tracking for encoding/json 2020-09-14 13:10:25 +02:00
Slavomir
f5fc9494fc Remove old EncodingHex module 2020-09-14 13:10:25 +02:00
Slavomir
74fdfba85c Add taint-tracking for encoding/hex 2020-09-14 13:10:25 +02:00
Slavomir
7a42992850 Add taint-tracking for encoding/gob 2020-09-14 13:10:25 +02:00
Slavomir
57518c7e3d Add taint-tracking for encoding/csv 2020-09-14 13:10:25 +02:00
Slavomir
df55bb459f Add taint-tracking for encoding/binary 2020-09-14 13:10:25 +02:00
Slavomir
20b4826e8e Add taint-tracking for encoding/base64 2020-09-14 13:10:25 +02:00
Slavomir
7060367de5 Add taint-tracking for encoding/base32 2020-09-14 13:10:24 +02:00
Slavomir
ba78eda277 Add taint-tracking for encoding/asn1 2020-09-14 13:10:24 +02:00
Slavomir
412ba1263b Add taint-tracking for encoding/ascii85 2020-09-14 13:10:24 +02:00
Slavomir
a47842d1c3 Add taint-tracking for package encoding 2020-09-14 13:10:24 +02:00
Slavomir
27ba893ba2 Add taint-tracking for context package 2020-09-14 13:09:45 +02:00
Slavomir
eb3a18f172 Add taint-tracking for package sort 2020-09-14 13:08:54 +02:00
Slavomir
71dbb244f9 Move existing Regexp module to stdlib 2020-09-14 13:08:16 +02:00
Slavomir
7f3a911f86 Add taint-tracking for package regexp 2020-09-14 13:08:16 +02:00
Slavomir
c2fc26a96a Remove Range method on sync.Map 2020-09-14 13:04:52 +02:00
Slavomir
d51518f411 Add taint-tracking for sync/atomic package 2020-09-14 13:04:52 +02:00
Slavomir
e47715b2a9 Add taint-tracking for sync package 2020-09-14 13:04:52 +02:00
Chris Smowton
86ed037fd3 Port codeql#4238 (Dataflow: small fixes for naming in taint tracking) to Go's local copy of the dataflow libs 2020-09-14 12:01:30 +01:00
Slavomir
d929e8313a Build syscall.StringSlicePtr only on non-windows OS 2020-09-14 12:49:41 +02:00
Slavomir
702a984dc0 Comment out test for syscall.StringSlicePtr because it's not present on windows. 2020-09-14 12:49:41 +02:00
Slavomir
72ef65f257 Add taint-tracking for syscall 2020-09-14 12:49:41 +02:00
Chris Smowton
362d210bc5 Merge pull request #330 from smowton/smowton/admin/standard-lib-pt-21-with-sanitiser 
Move `strconv` and `strings` packages' taint-tracking to stdlib, and expand them + sanitise substrings of the HTTP Authorization header
 2020-09-14 11:25:57 +01:00
Tom Hvitved
0fb9dc5bac C#: Adjust caching of tuple types 2020-09-14 11:24:46 +02:00
Geoffrey White
6b035df660 C++: Repair taint flow from previous. 2020-09-14 10:21:43 +01:00
Tom Hvitved
e549377561 C#: Construct File::TransformedPathLazy lazily 
This avoids calling the path transformer for `GeneratedFile`s.
 2020-09-14 11:03:00 +02:00
Chris Smowton
b9b306aade CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar 
These can represent a username, method name or other non-sensitive component of an Authorization header. For greater precision we could split the query into one investigating Authorization headers and one investigating other sources of sensitive data that can't be sanitized by splitting this way.
 2020-09-14 09:46:14 +01:00
Slavomir
cf29f9dede Remove taint-tracking on single bytes and runes 2020-09-14 09:46:14 +01:00
Slavomir
6d3e6ded26 Fix: the Append* functions do not modify the dst slice argument. 2020-09-14 09:46:14 +01:00