hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,706 Commits 1,672 Branches 157 Tags
adityasharad/atm/perf-debugging
Commit Graph

3062 Commits

Author SHA1 Message Date
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
haby0
d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
haby0
a17b0d4e5c Modify Sanitizer 2021-10-05 17:12:04 +08:00
Erik Krogh Kristensen
8d6cac76cc apply suggestions from asgerf 2021-10-04 12:45:02 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen
c9640ffdbc Python: Minor adjustments to XPath Injection 2021-09-24 15:02:39 +02:00
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
haby0
9b969e15fc Modify according to @yoff suggestion 2021-09-24 12:56:10 +08:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
haby0
6c07a3e260 Apply @yoff's suggestion 2021-09-22 18:50:58 +08:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Rasmus Wriedt Larsen
97c0f1c7b7 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-09-20 12:04:46 +02:00
haby0
99167539fb Modify sinks 2021-09-17 17:29:40 +08:00
haby0
0277601705 Eliminate false positives caused by . 2021-09-16 20:59:34 +08:00
Rasmus Lerchedahl Petersen
72bf390ec5 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-09-16 14:50:17 +02:00
Rasmus Lerchedahl Petersen
8ea7a28a77 Python: Unexpose fields as suggested. 2021-09-15 12:32:21 +02:00
yoff
758b6bd4dd Update python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-15 12:25:27 +02:00
haby0
c60eded2de Fix conflicting 2021-09-15 11:07:43 +08:00
haby0
9e63aa9d84 Update query 2021-09-14 21:12:49 +08:00
Rasmus Lerchedahl Petersen
c2d2037726 Python: Add change note and set precision 2021-09-14 13:45:51 +02:00
Rasmus Wriedt Larsen
49f5f1e2c2 Merge pull request #6336 from tausbn/python-make-annotated-assignment-a-definitionnode 
Python: Two fixes regarding annotated assignments
 2021-09-14 13:37:53 +02:00
Rasmus Lerchedahl Petersen
36e27f2aa4 Python: Remove promoted code: 
- queries (`py/regex-injection`)
- concepts (RegexExecution, RegexEscape)
- library models (Stdlib::Re)
 2021-09-14 13:14:16 +02:00
Rasmus Lerchedahl Petersen
abbd1d1dc5 Python: Fix errors introduced during port 
testing on a database helps..
 2021-09-14 13:08:21 +02:00
Rasmus Lerchedahl Petersen
6c82daef3d Python: Move Regexinjection out of experimental 
and fix up structure
 2021-09-14 11:54:59 +02:00
jorgectf
2ccc6dc092 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-14 09:32:19 +02:00
Rasmus Wriedt Larsen
f402475dd3 Python: Fix globals() == locals() FP 2021-09-13 20:03:11 +02:00
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
3cf28ad6ce Merge remote-tracking branch 'origin/main' into jorgectf/python/ldapinsecureauth 2021-09-12 20:36:25 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
Rasmus Lerchedahl Petersen
7cfa08abc8 Python: Do not use BarrierGuards 
They are simply not right for this problem.
We should not even make them available as an extension point.
 2021-09-10 12:48:24 +02:00
Rasmus Lerchedahl Petersen
b20232db3c Python: Simplify guards as suggested 2021-09-10 10:31:48 +02:00
jorgectf
eee9b3f39e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-09-07 19:54:58 +02:00
jorgectf
352eab0eca Fix HeaderDeclaration class' comment 2021-09-07 19:44:25 +02:00
Jorge
190bc2f0da Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-09-07 19:42:37 +02:00
jorgectf
4e261c61ae Optimize concatAndCompareAgainstFullHostRegex 2021-09-07 19:05:03 +02:00
jorgectf
800801177d Fix taint tracking comment 2021-09-07 19:02:32 +02:00
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587 Add start_tls_s() comment and use DataFlow::MethodCallNode instead 2021-09-07 19:00:14 +02:00