Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol

python/change-notes/2021-02-12-django-get_redirect_url.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improved modeling of `django` to recognize request redirects from `get_redirect_url` on a `RedirectView` subclass.

python/change-notes/2021-02-23-port-bind-to-all-interfaces.md

@@ -0,0 +1,3 @@
+lgtm,codescanning
+* Updated _Binding a socket to all network interfaces_ (`py/bind-socket-all-network-interfaces`) query to use the new type-tracking approach instead of points-to analysis. You may see differences in the results found by the query, but overall this change should result in a more robust and accurate analysis.
+* Updated _Binding a socket to all network interfaces_ (`py/bind-socket-all-network-interfaces`) to recognize binding to all interfaces in IPv6 with hostnames `::` and `::0`

python/change-notes/2021-02-24-port-flask-debug.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Updated _Flask app is run in debug mode_ (`py/flask-debug`) query to use the new type-tracking approach instead of points-to analysis. You may see differences in the results found by the query, but overall this change should result in a more robust and accurate analysis.

python/change-notes/2021-03-01-fluent-interface-data-flow.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The data-flow library now recognises more side-effects of method chaining (e.g. `someObject.setX(clean).setY(tainted).setZ...` having a side-effect on `someObject`), as well as other related circumstances where a function input is directly passed to its output. All queries that use data-flow analysis, including most security queries, may return more results accordingly.

python/change-notes/2021-03-11-api-graph-builtins.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* API graphs now contain nodes for built-in functions and classes. For instance, `API::builtin("open")` is the API graph node corresponding to the built-in `open` function.