hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,051 Commits 1,671 Branches 157 Tags
aeisenberg/codeql-action-main
Commit Graph

73 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
5a9e27c6fc Merge branch 'main' into django-3.2 2021-04-21 17:15:47 +02:00
Rasmus Wriedt Larsen
be9cbd79d6 Python: Add change-note for Django 3.2 support 2021-04-21 13:58:34 +02:00
Taus
c0569da65c Python: Move track/backtrack to LocalSourceNode 
This is merely making explicit what was implicitly enforced. The move
to change the return type of `step` already meant that `this` and
`result` had to be `LocalSourceNode`. By moving these methods to their
rightful place, we should hopefully avoid a bit of suprising behaviour.
 2021-04-20 14:39:56 +00:00
Taus
038bf612be Python: Add change note 2021-04-20 13:06:30 +00:00
yoff
447f339857 Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers 
Python: Use API graphs in PEP249 support
 2021-04-14 15:39:49 +02:00
Taus
273e8ce4ef Python: Add change note 2021-04-13 16:04:07 +00:00
Taus
a404faa302 Python: Use American English in change note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-13 15:05:44 +02:00
Taus
7825a2cdfc Python: Add change note 2021-04-13 12:48:45 +00:00
CodeQL CI
bc56d16c18 Merge pull request #5485 from RasmusWL/django-queryset-chains 
Approved by tausbn
 2021-04-12 08:49:31 -07:00
Rasmus Lerchedahl Petersen
c777f1d8d7 Merge branch 'main' of github.com:github/codeql into python-api-enhancements 2021-04-06 09:31:26 +02:00
Calum Grant
c26d05b1d5 Merge pull request #5532 from RasmusWL/python-cleanup 
Python: Delete filter queries, code duplication library, and precision tag from metric queries
 2021-03-29 17:16:43 +01:00
yoff
208d5157fa Merge pull request #5500 from RasmusWL/django-forms 
Python: Model RemoteFlowSources on Django forms/fields
 2021-03-25 20:43:19 +01:00
Rasmus Wriedt Larsen
203b0e3d88 Python: Add change note 2021-03-25 15:34:09 +01:00
Rasmus Lerchedahl Petersen
a9af135d7e Python: Remove getALocalTaintSource 
and `taintFlowsTo` for now..
 2021-03-24 01:22:21 +01:00
Rasmus Wriedt Larsen
8d0f6086af Python: Model django forms/fields 
I'm not feeling 100% confident about `SelfRefMixin`, but since I needed it for
both DjangoViewClass and DjangoFormClass, I wanted to avoid copy-pasting this
code around. However, I'm not so opitimistic about it that I want to add it to a
sharable utility qll file :D
 2021-03-23 13:57:38 +01:00
Taus Brock-Nannestad
4a6589d0ae Python: Make API::Node::getACall return a CallCfgNode 
This should eliminate the need for explicit casting to
`CallCfgNode` (which does not appear in our code as far as I can see,
but was observed in an external contribution).
 2021-03-22 16:37:24 +01:00
Rasmus Wriedt Larsen
c8a6e837b5 Python: Model QuerySet chains in django 2021-03-22 14:38:54 +01:00
yoff
37036b5e76 Merge pull request #5437 from RasmusWL/small-pyyaml-improvements 
Python: Small PyYAML improvements
 2021-03-19 11:15:49 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
Rasmus Wriedt Larsen
42b2c3ed52 Python: Model C-based loaders for PyYAML 
Not really that important. But easy to do while I was working on this library.
 2021-03-18 11:55:01 +01:00
Rasmus Lerchedahl Petersen
8f467003d2 Python: More review suggestions 2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
4d856d4461 Python: Add small api enhancements 
determined useful during documentation work.
 2021-03-17 15:11:17 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Taus Brock-Nannestad
c7b2b719cf Python: Support builtins in API graphs 2021-03-11 23:03:18 +01:00
yoff
d5b304ce75 Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:19:48 +01:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
yoff
078fbccc9a Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-02 22:32:45 +01:00
yoff
4196dc2291 Update python/change-notes/2021-02-25-port-stactrace-exposure-query.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-02 22:23:29 +01:00
Chris Smowton
5d2f3421d8 Add change notes 2021-03-01 16:59:20 +00:00
Rasmus Lerchedahl Petersen
38748f9e23 Python: restrict attention to ss.wrap_socket 2021-03-01 16:35:21 +01:00
yoff
1670fa0d0e Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 2021-02-26 18:39:49 +01:00
yoff
9a9bda17ed Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-26 18:38:35 +01:00
yoff
e3b3825ab0 Merge pull request #5151 from RasmusWL/django-get-redirect-url 
Python: Model get_redirect_url in django
 2021-02-25 23:07:33 +01:00
Rasmus Wriedt Larsen
27987717dc Merge branch 'main' into crypto 2021-02-25 11:30:32 +01:00
Rasmus Lerchedahl Petersen
aba22689fa Python: Add change note 2021-02-25 09:25:17 +01:00
yoff
89d0724fb4 Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-24 19:57:49 +01:00
Rasmus Wriedt Larsen
a6e5ec2e09 Python: Port py/flask-debug 2021-02-24 11:37:25 +01:00
yoff
9eed17f647 Merge pull request #5152 from RasmusWL/improve-pyyaml-support 
Python: Improve pyyaml support
 2021-02-23 19:58:04 +01:00
Rasmus Lerchedahl Petersen
6abbb5040c Python: add change note 2021-02-23 19:54:09 +01:00
Rasmus Wriedt Larsen
a09f8c4b4a Python: Port bind-to-all-interfaces to type-tracking 2021-02-23 16:01:24 +01:00
Rasmus Wriedt Larsen
fd18fd8403 Python: Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-23 15:24:52 +01:00
Rasmus Wriedt Larsen
6e2445cce6 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-23 15:19:29 +01:00
Rasmus Wriedt Larsen
0e9a54e9a9 Python: Rename WeakCrypto to WeakCryptoKey 
Since WeakCrypto always makes me think that it's about all weak crypto (like
using MD5, or completely broken ciphers such as ARC4 ro DES) and not just about
weak key generation.
 2021-02-19 15:03:44 +01:00
Rasmus Wriedt Larsen
46ad611d57 Python: Port py/weak-crypto-key to use type-tracking 
instead of points-to.

Looking at query results also made me realize I didn't supply a very good
"origin" for ECC in cryptography package, so I improved that 👍 -- maybe that
sohuld have been split into multiple commits... too late :(
 2021-02-19 15:03:43 +01:00
Taus Brock-Nannestad
880451f659 Python: Add change note 2021-02-18 15:59:34 +01:00
Rasmus Wriedt Larsen
1e1cb87436 Python: Model flask blueprints 2021-02-16 15:26:51 +01:00
Rasmus Wriedt Larsen
69e081e897 Python: Apply code-review suggestion 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-02-15 14:38:20 +01:00