hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,569 Commits 1,671 Branches 157 Tags
aeisenberg/codeql-workspace
Commit Graph

143 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
7c758f5c81 Python: Add change-note for twisted 2021-06-08 16:20:29 +02:00
Rasmus Wriedt Larsen
afd35f2e21 Python: Fix wording of change-note 
`aiohttp.web` is a web _framework_, and not a web _server_.
 2021-06-08 16:19:25 +02:00
Rasmus Wriedt Larsen
7f119dd5a9 Python: Add change-note 2021-06-04 15:27:36 +02:00
Rasmus Wriedt Larsen
9372e3b284 Python: Add aiohttp.web change-note 2021-06-03 11:23:28 +02:00
Rasmus Wriedt Larsen
1b3f857a2f Python: Promote ClickHouse SQL models 2021-05-25 16:27:23 +02:00
Rasmus Wriedt Larsen
c4e244eb80 Python: Add getAwaited to API::Node 
I _really_ wanted to call this `.await()`, but that did not fit in with
the convention, or the corresponding `getPromised` in JS.

54f191cfe3/javascript/ql/src/semmle/javascript/ApiGraphs.qll (L184)
 2021-05-21 17:11:20 +02:00
CodeQL CI
17afbdf258 Merge pull request #5635 from RasmusWL/port-weak-crypto-algorithm 
Approved by yoff
 2021-05-20 01:22:32 -07:00
Rasmus Wriedt Larsen
97fadd9970 Merge branch 'main' into port-weak-crypto-algorithm 2021-05-18 14:04:18 +02:00
Rasmus Wriedt Larsen
c2a6b811fc Python: Add modeling of ujson PyPI package 
The problem with `tainted_filelike` not having taint, is that in the call

`ujson.dump(tainted_obj, tainted_filelike)`

there is no PostUpdateNote for `tainted_filelike` :( The reason is that
points-to is not able to resolve the call, so none of the clauses in
`argumentPreUpdateNode` matches

See 08731fc6cf/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll (L101-L111)

Let's deal with that issue in an other PR though
 2021-05-10 15:10:31 +02:00
Rasmus Wriedt Larsen
3fe9a3d933 Python: Add modeling of simplejson PyPI package 
I noticed that we don't handle PostUpdateNote very well in the concept tests,
for exmaple for `json.dump(...)` there _should_ have been an `encodeOutput` as
part of the inline expectations.

I'll work on fixing that up in a separate PR, to keep things clean.
 2021-05-10 15:10:27 +02:00
Rasmus Wriedt Larsen
8afdf26540 Python: Add modeling of idna PyPI package 2021-05-10 11:47:11 +02:00
CodeQL CI
95f26aadd3 Merge pull request #5681 from yoff/python-support-pathlib 
Approved by tausbn
 2021-05-04 09:20:24 -07:00
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
Rasmus Wriedt Larsen
b82209964a Python: Add change-note for new weak crypto queries 2021-04-22 15:23:42 +02:00
Rasmus Lerchedahl Petersen
5a4e661e60 Merge branch 'main' of github.com:github/codeql into python-support-pathlib 2021-04-22 15:04:21 +02:00
Rasmus Wriedt Larsen
5a9e27c6fc Merge branch 'main' into django-3.2 2021-04-21 17:15:47 +02:00
Rasmus Wriedt Larsen
be9cbd79d6 Python: Add change-note for Django 3.2 support 2021-04-21 13:58:34 +02:00
Taus
c0569da65c Python: Move track/backtrack to LocalSourceNode 
This is merely making explicit what was implicitly enforced. The move
to change the return type of `step` already meant that `this` and
`result` had to be `LocalSourceNode`. By moving these methods to their
rightful place, we should hopefully avoid a bit of suprising behaviour.
 2021-04-20 14:39:56 +00:00
Rasmus Lerchedahl Petersen
9c893cb0f4 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-04-20 16:33:03 +02:00
Taus
038bf612be Python: Add change note 2021-04-20 13:06:30 +00:00
Rasmus Lerchedahl Petersen
c9b2c7885e Python: add changenote 2021-04-15 10:14:35 +02:00
yoff
447f339857 Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers 
Python: Use API graphs in PEP249 support
 2021-04-14 15:39:49 +02:00
Taus
273e8ce4ef Python: Add change note 2021-04-13 16:04:07 +00:00
Taus
a404faa302 Python: Use American English in change note 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-13 15:05:44 +02:00
Taus
7825a2cdfc Python: Add change note 2021-04-13 12:48:45 +00:00
CodeQL CI
bc56d16c18 Merge pull request #5485 from RasmusWL/django-queryset-chains 
Approved by tausbn
 2021-04-12 08:49:31 -07:00
Rasmus Lerchedahl Petersen
c777f1d8d7 Merge branch 'main' of github.com:github/codeql into python-api-enhancements 2021-04-06 09:31:26 +02:00
Calum Grant
c26d05b1d5 Merge pull request #5532 from RasmusWL/python-cleanup 
Python: Delete filter queries, code duplication library, and precision tag from metric queries
 2021-03-29 17:16:43 +01:00
yoff
208d5157fa Merge pull request #5500 from RasmusWL/django-forms 
Python: Model RemoteFlowSources on Django forms/fields
 2021-03-25 20:43:19 +01:00
Rasmus Wriedt Larsen
203b0e3d88 Python: Add change note 2021-03-25 15:34:09 +01:00
Rasmus Lerchedahl Petersen
a9af135d7e Python: Remove getALocalTaintSource 
and `taintFlowsTo` for now..
 2021-03-24 01:22:21 +01:00
Rasmus Wriedt Larsen
8d0f6086af Python: Model django forms/fields 
I'm not feeling 100% confident about `SelfRefMixin`, but since I needed it for
both DjangoViewClass and DjangoFormClass, I wanted to avoid copy-pasting this
code around. However, I'm not so opitimistic about it that I want to add it to a
sharable utility qll file :D
 2021-03-23 13:57:38 +01:00
Taus Brock-Nannestad
4a6589d0ae Python: Make API::Node::getACall return a CallCfgNode 
This should eliminate the need for explicit casting to
`CallCfgNode` (which does not appear in our code as far as I can see,
but was observed in an external contribution).
 2021-03-22 16:37:24 +01:00
Rasmus Wriedt Larsen
c8a6e837b5 Python: Model QuerySet chains in django 2021-03-22 14:38:54 +01:00
yoff
37036b5e76 Merge pull request #5437 from RasmusWL/small-pyyaml-improvements 
Python: Small PyYAML improvements
 2021-03-19 11:15:49 +01:00
Rasmus Lerchedahl Petersen
e0e6d5724e Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-18 23:34:53 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
Rasmus Wriedt Larsen
42b2c3ed52 Python: Model C-based loaders for PyYAML 
Not really that important. But easy to do while I was working on this library.
 2021-03-18 11:55:01 +01:00
Rasmus Lerchedahl Petersen
8f467003d2 Python: More review suggestions 2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
4d856d4461 Python: Add small api enhancements 
determined useful during documentation work.
 2021-03-17 15:11:17 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
9a96230523 Python: Add changenote 2021-03-15 17:35:30 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Taus Brock-Nannestad
c7b2b719cf Python: Support builtins in API graphs 2021-03-11 23:03:18 +01:00
yoff
d5b304ce75 Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:19:48 +01:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
yoff
078fbccc9a Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-02 22:32:45 +01:00