hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 19:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
c839f35485 Python: FastAPI: Proper modeling of implicit returns 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
50147708bf Python: FastAPI: Model response classes 
Figuring out how to do the `media_type` tracking was quite difficult.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
eef946a0c8 Python: FastAPI: Add test for custom response annotation 
It really is rather contrived, but it also _does_ work.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
c9895b54fe Python: FastAPI: Add tests for direct response construction 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
c50c805f5f Python: FastAPI: Model Cookie Writes 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
d34c5fd72f Python: FastAPI: Add tests with response parameter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
285de2b4c8 Python: FastAPI: Add support for APIRouter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
b1f8b5352b Python: FastAPI: Add support for api_route 
Note that `route` did not actually work (that also comes from the
underlying web framework library Starlette)
 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
3661ff3bd8 Python: Add basic FastAPI support 2021-09-30 19:14:14 +02:00
Chris Smowton
f48c418d6d Merge pull request #5907 from x-f1v3/java/hardcoded-shiro-key 
Java: CWE-798: Query to detect hard-coded SHIRO key
 2021-09-30 17:58:12 +01:00
Chris Smowton
ec4cb7c90f Fix typo 2021-09-30 16:22:12 +01:00
Harry Maclean
f61161e66d Merge pull request #321 from github/hmac-more-eval 
Identify more instances of code injection
 2021-09-30 16:12:24 +01:00
Chris Smowton
cb4ce36d3c Update change note; drop unnecessary import 2021-09-30 15:00:13 +01:00
Chris Smowton
b0983cb726 Specifically include Base64 encode/decode as a likely intermediate step for hardcoded credentials 2021-09-30 14:57:49 +01:00
Chris Smowton
b57a58c253 Amend change note 2021-09-30 14:27:05 +01:00
f1v3
24c9bb2fb7 autoformat 2021-09-30 14:26:19 +01:00
f1v3
168fc4170d Apply suggestions from code review 2021-09-30 14:26:14 +01:00
f1v3
f3bde56de9 detects a hard-coded cipher key for shiro 2021-09-30 14:22:48 +01:00
Harry Maclean
8c0c08e887 Identify more instance of code injection 
`class_eval` and `module_eval` both take a string as argument and
execute it as Ruby code.
 2021-09-30 14:19:24 +01:00
Chris Smowton
60a023d064 Merge pull request #5852 from luchua-bc/java/hardcoded-azure-credential 
Java: CWE-798 Query to detect hard-coded Azure credentials
 2021-09-30 14:11:29 +01:00
Rasmus Lerchedahl Petersen
35d9005eae Python: typo again.. 2021-09-30 14:39:44 +02:00
Rasmus Lerchedahl Petersen
f3fc56a167 Python: typos 2021-09-30 14:39:05 +02:00
Rasmus Lerchedahl Petersen
d19d37bf9b Python: more suggestions from review 2021-09-30 14:36:26 +02:00
yoff
c1c63d0c28 Merge pull request #6738 from RasmusWL/qldoc-getArgByName 
Python: Add QLDoc to `Function.getArgByName`
 2021-09-30 14:11:18 +02:00
yoff
46e62cd963 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-30 14:00:18 +02:00
Rasmus Lerchedahl Petersen
02e91b3902 Python: Model functions that will raise 
on non-existing files.
 2021-09-30 13:36:24 +02:00
Harry Maclean
7f103b9450 Merge pull request #319 from github/hmac-activerecord-updates 
Add some more vulnerable ActiveRecord methods
 2021-09-30 12:09:09 +01:00
Arthur Baars
0419d28ba0 XXE: overapproximate feature flag values for & and | operators 2021-09-30 11:20:23 +02:00
Arthur Baars
089f9d87d4 Address comments 2021-09-30 11:20:23 +02:00
Arthur Baars
2b077595ae Also track DTDLOAD and NONET 2021-09-30 11:20:23 +02:00
Arthur Baars
4268d9c565 XXE query 2021-09-30 11:20:17 +02:00
Harry Maclean
7191e1c007 Re-add delete_all and destroy_all methods 
These methods don't take any arguments in Rails versions > 3, but
there's no harm in checking for them anyway, and some people might be
using very old Rails versions.
 2021-09-30 09:39:58 +01:00
Harry Maclean
75bbc51e73 Make room for new test cases 
This just bumps the other code down a bit so that the .expected diff is
easier to read.
 2021-09-30 09:33:39 +01:00
Rasmus Lerchedahl Petersen
fc9fb59082 Python: Add comments 2021-09-30 10:05:57 +02:00
Jonas Jensen
45cf6344cd Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted 
C++: Refactor ExecTainted.ql to only report results after string concatenation
 2021-09-29 19:21:13 +02:00
CodeQL CI
e9b4e571e1 Merge pull request #6775 from RasmusWL/fix-hasLocationInfo-url 
Approved by aschackmull, erik-krogh, hvitved, jbj, tausbn
 2021-09-29 16:51:08 +01:00
alexet
447eb23356 Java: Fix for tc magic issue with subtyping. 2021-09-29 16:01:08 +01:00
Rasmus Lerchedahl Petersen
115113888f Python: Add change note 2021-09-29 16:58:14 +02:00
Rasmus Lerchedahl Petersen
cc1c32cf0e Python: model file accesses 2021-09-29 16:53:25 +02:00
Joe Farebrother
3ae5f13c3d Generate tests and stubs 2021-09-29 15:44:21 +01:00
Tamás Vajk
089bb33113 Merge pull request #6773 from tamasvajk/fix/global-stmt-library 
C#: Handle invalid code gracefully: global statements in library
 2021-09-29 16:18:05 +02:00
Harry Maclean
0ea228e86f Merge pull request #315 from github/hmac-outgoing-http 
Model more HTTP clients
 2021-09-29 14:26:56 +01:00
Harry Maclean
a9c00a05fe HTTP -> Http 
Change the capitalisation of HTTP to Http, to conform to the QL style
guide.

Leave the HTTP module in Concepts alone, so it remains consistent with
the Concepts in other language libraries.
 2021-09-29 13:50:05 +01:00
Nick Rolfe
1d58f8cd50 Merge pull request #320 from github/rasmuswl/fix-hasLocationInfo-url 2021-09-29 13:23:08 +01:00
Tom Hvitved
c69762bc14 Merge pull request #317 from github/hvitved/disable-operation-resolution 
Temporarily disable operation call resolution
 2021-09-29 14:17:05 +02:00
Rasmus Wriedt Larsen
3a270abcdc Fix hasLocationInfo URL reference 
Port of https://github.com/github/codeql/pull/6775
 2021-09-29 14:04:25 +02:00
Rasmus Wriedt Larsen
ba990f72f2 Another hasLocationInfo URL reference fix 2021-09-29 14:00:28 +02:00
Harry Maclean
f5f79a81bc Update ActionController fixture 2021-09-29 12:51:26 +01:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
alexet
dea8dde566 Java: Improve performance of confusing overloading query. 2021-09-29 12:17:30 +01:00