hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
f45916efda Merge pull request #5605 from hvitved/csharp/exclude-dependency-queries 
C#: Remove mentions of `exclude-dependency-queries.yml`
 2021-04-06 14:58:49 +02:00
Mathias Vorreiter Pedersen
8382e85901 C++: Add flow into the source of read step and out of the target of a store step for smart pointers in AST dataflow. 2021-04-06 14:05:55 +02:00
Mathias Vorreiter Pedersen
f07d844362 C++: Add a test containing missing read/store dataflow steps for smart pointers. 2021-04-06 13:59:27 +02:00
Tamas Vajk
98001c494f C#: Add Dapper stub and new SqlInjection test cases 2021-04-06 13:30:31 +02:00
Erik Krogh Kristensen
41b89669a9 add joined paths as a sink to js/shell-command-constructed-from-input 2021-04-06 12:14:00 +02:00
Rasmus Wriedt Larsen
bc49bc7095 Python: Add variable with underscore to __all__ tests 2021-04-06 11:54:25 +02:00
Tom Hvitved
e0e58b24ea C#: Remove mentions of exclude-dependency-queries.yml 2021-04-06 11:50:36 +02:00
Rasmus Wriedt Larsen
224d3790b5 Python: Highlight all_indirect.py is not super important 
At least not in my mind
 2021-04-06 11:50:04 +02:00
Rasmus Wriedt Larsen
b11703cc74 Python: all_dybamic2 => all_indirect 2021-04-06 11:49:55 +02:00
Mathias Vorreiter Pedersen
5eb1f8abbd C++: Add change-note. 2021-04-06 11:47:57 +02:00
Rasmus Wriedt Larsen
0ebb24ebeb Merge pull request #5398 from yoff/python-api-enhancements 
Python: Add small api enhancements determined useful during documentation work
 2021-04-06 11:44:51 +02:00
Tom Hvitved
667b26b5d9 Merge pull request #5540 from hvitved/csharp/ssa-impl-tweaks 
C#: Performance tweaks in `SsaImplCommon.qll`
 2021-04-06 11:43:08 +02:00
Mathias Vorreiter Pedersen
a5f4d43d61 C++: Fix false positive by adding another allow-list pattern in AssignWhereCompareMeant. 2021-04-06 11:01:38 +02:00
Mathias Vorreiter Pedersen
7045597139 C++: Add testcase with false positive from #5318. 2021-04-06 10:58:15 +02:00
Erik Krogh Kristensen
c194598d37 recognize headers/url from the HTTP request to a server WebSocket. 2021-04-06 10:11:27 +02:00
Tom Hvitved
e852540254 C#: Remove unique wrappers from DataFlow::Node::get(EnclosingCallable|ControlFlowNode) 2021-04-06 09:56:09 +02:00
Rasmus Lerchedahl Petersen
c777f1d8d7 Merge branch 'main' of github.com:github/codeql into python-api-enhancements 2021-04-06 09:31:26 +02:00
Mathias Vorreiter Pedersen
32a8b9a857 C++: Move copy constructor to its own line and accept test changes. 2021-04-06 08:56:14 +02:00
yoff
a23d8deb10 Merge pull request #5483 from RasmusWL/minor-fixup-django 
Python: Better text for getSourceType in Django
 2021-04-06 08:30:58 +02:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
thank_you
3f0c758622 Add required __raw__ keyword 
This __raw__ keyword is required for the actual mongoengine vulnerability. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 19:07:13 -04:00
intrigus
885044e331 [Java] Add tests for jwt signature check query. 2021-04-06 01:01:57 +02:00
intrigus
b7e49c78fe [Java] Add stubs for jwtk-jjwt-0.11.2 2021-04-06 01:01:23 +02:00
intrigus
d1462eda1c [Java] Add "missing jwt signature check" query. 2021-04-06 00:59:31 +02:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
d22da880e7 Fix verifiesSignature() 2021-04-04 20:31:07 +02:00
jorgectf
198f8dcc1f Improve predicates 2021-04-03 23:01:50 +02:00
jorgectf
7ed7809a60 Use LocalSourceNode and flowsTo() for better performance 2021-04-02 21:17:18 +02:00
jorgectf
513055cae5 Change old comments 2021-04-01 18:45:39 +02:00
jorgectf
ee70eb709c Remove old comment 2021-04-01 18:34:54 +02:00
jorgectf
5edb3b1153 Query upload 2021-04-01 18:31:45 +02:00
Asger Feldthaus
32500c834d JS: Change note 2021-04-01 16:41:03 +01:00
Asger Feldthaus
acc28df785 JS: Bugfix in tsconfig file inclusion handling 2021-04-01 16:33:05 +01:00
Asger Feldthaus
564a6873f8 JS: Add baseUrl test 2021-04-01 16:33:05 +01:00
Asger Feldthaus
c4ab6fb7b4 JS: Add ImportGraph meta query 2021-04-01 16:33:05 +01:00
Asger Feldthaus
f07030ba97 JS: Update AdditionalFlowStep -> SharedFlowStep 2021-04-01 13:16:47 +01:00
Asger Feldthaus
a9566728b5 JS: Update an import of Unit type 2021-04-01 13:16:47 +01:00
Asger Feldthaus
7119eda009 JS: Add redux change note 2021-04-01 13:16:47 +01:00
Asger Feldthaus
86bc0eb853 JS: Autoformat 2021-04-01 13:16:47 +01:00
Asger Feldthaus
b43989e6a1 JS: Use API nodes to track dispatch/dispatched value sources 2021-04-01 13:16:47 +01:00
Asger Feldthaus
2850b8e952 JS: Fix RangeAnalysis after BasicBlock.dominates change 2021-04-01 13:16:47 +01:00
Asger Feldthaus
cbfa5ad303 JS: Change type of a parameter 2021-04-01 13:16:47 +01:00
Asger Feldthaus
cee1a12489 JS: Fix typo in qldoc 2021-04-01 13:16:47 +01:00
Asger Feldthaus
c926a47d50 JS: QLDoc and test for HeuristicConnectEntryPoint 2021-04-01 13:16:47 +01:00
Asger Feldthaus
cca38a64be JS: Add test for flow to a closure body under a type guard 2021-04-01 13:16:46 +01:00
Asger Feldthaus
53def60e4f JS: Add test for if-based type check 2021-04-01 13:16:46 +01:00
Asger Feldthaus
1ce7c3448f JS: Address some review comments 2021-04-01 13:16:46 +01:00