github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
58 132 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

58132 Коммитов

Автор SHA1 Сообщение Дата
Rasmus Wriedt Larsen c6911c2ae0
Python: Move experimental `UnicodeBypassValidation` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen 2c06394bf3
Python: Move experimental `CookieInjection` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen 2c412707ab
Python: Move experimental `CsvInjection` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen ace1e23c21
Python: Move experimental `ClientSuppliedIpUsedInSecurityCheck` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen d948e103fa
Python: Move experimental `HeaderInjection` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen 53e57dad5c
Python: Move experimental `InsecureRandomness` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen 3bf2705668
Python: Move experimental `TimingAttackAgainstHeaderValue` to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen c88a0ccb7c
Python: Move experimental `TimingAttackAgainstHash` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen a779547515
Python: Move experimental `PossibleTimingAttackAgainstHash` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 8abd3430a2
Python: Move experimental `TimingAttackAgainstSensitiveInfo` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 1a4e8d9464
Python: Move experimental `PossibleTimingAttackAgainstSensitiveInfo` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 5fd3594f5f
Python: Move TimingAttack.qll to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 5d8329d9c8
Python: Move experimental `ZipSlip` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 67cc3a3935
Python: Move experimental `ReflectedXSS` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen a0d26741d0
Python: Move experimental `TarSlipImprov` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 3cdd875e9f
Python: Move experimental `UnsafeUnpack` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen 3edb9d1011
Python: Move experimental `TokenBuiltFromUUID` to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen acde1920e7
Python: Move `UntrustedDataToExternalAPI` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 657b1997cc
Python: Move `FullServerSideRequestForgery` and `PartialServerSideRequestForgery` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen dbfe517555
Python: Move `HardcodedCredentials` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 46322b717a
Python: Move `XmlBomb` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen add1077532
Python: Move `RegexInjection` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen c6caf83dfe
Python: Move `PolynomialReDoS` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 4c336990e5
Python: Move `XpathInjection` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 60e45335dd
Python: Move `Xxe` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 4c76ca6127
Python: Move `UrlRedirect` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 6f08e73dbc
Python: Move `UnsafeDeserialization` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen dd074173d2
Python: Move `WeakSensitiveDataHashing` to new dataflow API 
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 9d6b96dfd2
Python: Move `CleartextStorage` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 70095446b6
Python: Move `CleartextLogging` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen cca78f31ff
Python: Move `PamAuthorization` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen dcd96083e8
Python: Move `StackTraceExposure` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen f75e65c67d
Python: Move `LogInjection` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 88cf9c99b0
Python: Move `CodeInjection` to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen 05573904a5
Python: Move `LdapInjection` to new dataflow API 
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen c360346e9e
Python: Move `ReflectedXss` to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen b30142c1d7
Python: Move `CommandInjection` to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen 700841e9b0
Python: Move `UnsafeShellCommandConstruction` to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen d4e4e2d426
Python: Move `TarSlip` to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen e97032909a
Python: Move `PathInjection` to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen 245c24077d
Python: Move `SqlInjection` to new dataflow API 2023-08-28 15:27:49 +02:00
yoff 2e981e330b
Merge pull request #14059 from RasmusWL/fix-loginjection-tests 
Python: Fix stdlib sinks in LogInjection query
 2023-08-28 14:44:51 +02:00
yoff 6e05246daa
Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Wriedt Larsen c807ab4216
Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-28 14:04:22 +02:00
yoff 826b8e6aa5
Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
Michael Nebel e7dbe9f289
Merge pull request #14028 from michaelnebel/csharp/dependencygetfiles 
C#: Improve GetFiles in the Dependency Manager.
 2023-08-28 12:53:28 +02:00
Rasmus Wriedt Larsen 38b78128c0
Merge pull request #13990 from RasmusWL/experimental-cleanup 
Python: Port old experimental points-to based queries
 2023-08-28 12:11:17 +02:00
Rasmus Wriedt Larsen 889cb7a95b
Python: Adopt tests to new `DataflowQueryTest` 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen 9c44235782
Python: Modernize DataflowQueryTest.qll 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:40:41 +02:00
Rasmus Wriedt Larsen 7cba6cd1d8
Python: Update `.expected` files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00