Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph

2026-04-28 10:15:14 +02:00 · 2023-12-04 14:05:40 +01:00
parent 4785048076 d630773575
commit e091ae84ab
2263 changed files with 98539 additions and 5331 deletions
--- a/python/ql/lib/change-notes/2023-11-08-re-modeling.md
+++ b/python/ql/lib/change-notes/2023-11-08-re-modeling.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added taint-flow modeling for regular expressions with `re` module from the standard library.
--- a/python/ql/lib/change-notes/2023-11-21-request-handler-args-kwargs.md
+++ b/python/ql/lib/change-notes/2023-11-21-request-handler-args-kwargs.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added modeling of `*args` and `**kwargs` as routed-parameters in request handlers for django/flask/FastAPI/tornado.
--- a/python/ql/lib/change-notes/2023-11-27-tarfile-extraction-filters.md
+++ b/python/ql/lib/change-notes/2023-11-27-tarfile-extraction-filters.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+
+- Added support for tarfile extraction filters as defined in [PEP-706](https://peps.python.org/pep-0706). In particular, calls to `TarFile.extract`, and `TarFile.extractall` are no longer considered to be sinks for the `py/tarslip` query if a sufficiently safe filter is provided.