Joe Farebrother
Joe Farebrother
Adds a category of private information to the shared sensitive data heuristics file. This may result in new results for the following queries: - `rb/sensitive-get-query` - `py/clear-text-storage-sensitive-data` - `py/clear-text-logging-sensitive-data` -...
Depends on https://github.com/github/codeql/pull/16446. This PR expands `CleartextSources.qll` to use additional sensitive data heuristics besides passwords. Additionally, the cleartext storage and cleartext logging queries allow implicit read steps at sinks. This...
Models the `request` parameter of an override of `flask.sessions.SessionInterface.open_session` as a remote flow source.
Part of https://github.com/github/codeql-python-team/issues/792 promoting https://github.com/github/codeql/pull/6360; Depends on https://github.com/github/codeql/pull/16696 Promotes the Cookie Injection query from experimental, finding instances of user input being used to set the name or value of a...
Part of https://github.com/github/codeql-python-team/issues/792 promoting https://github.com/github/codeql/pull/6360; as well as a follow-up to https://github.com/github/codeql/pull/16105 This PR defines new instances of the `CookieWrite` concept in terms of the `HeaderWrite` concept; as is done...
A certificate, such as an SSL certificate or x509 certificate, often does not contain sensitive data, so the cleartext storage and cleartext logging queries result in false positive alerts when...