hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move new change notes to appropriate packs

Browse Source
This commit is contained in:
Dave Bartolomeo
2021-12-14 12:05:15 -05:00
parent de4458346f
commit a62f181d42
33 changed files with 82 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

5
python/ql/lib/change-notes/2021-11-16-posixpath.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks.

5
python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized.

5
python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`.

5
python/ql/lib/change-notes/2021-11-26-os-file-access.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on.

5
python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`.

5
python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

5
python/ql/src/change-notes/2021-11-16-posixpath.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-26-os-file-access.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-26-tempfile-file-access.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.