hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

2826 Commits

Author SHA1 Message Date
Taus
6093bb9fd4 Python: add some stdlib models 2023-12-08 11:27:51 +01:00
Taus
4879a931eb Python: Add starlette.requests.URL model 2023-12-08 11:27:51 +01:00
Taus
a3f7885787 Python: Add SqlAlchemy model 2023-12-08 11:27:51 +01:00
Taus
422733f32a Python: Add rest_framework model 2023-12-08 11:27:51 +01:00
Taus
5afead5896 Python: Add Pycurl model 2023-12-08 11:27:51 +01:00
Taus
f1a72311ed Python: add MultiDict model 2023-12-08 11:27:51 +01:00
Taus
62db8cc633 Python: Add MarkupSafe model 2023-12-08 11:27:51 +01:00
Taus
cdb0ac524d Python: Add invoke model 2023-12-08 11:27:51 +01:00
Taus
699b6b8bef Python: Add httpx model 2023-12-08 11:27:51 +01:00
Taus
6128c89518 Python: Add Flask app and blueprint models 2023-12-08 11:27:51 +01:00
Taus
a81f8ea54d Python: Add Django RawSQL and HttpRequest models 2023-12-08 11:27:51 +01:00
Taus
ff9482f81b Python: Add fabric connection model 2023-12-08 11:27:51 +01:00
Taus
947aa099e0 Python: Add aiohttp.ClientSession model 2023-12-08 11:27:51 +01:00
Taus
f5bed2d955 Python: Add clickhouse_driver model 2023-12-08 11:27:51 +01:00
Taus
83e6e51e95 Python: Add starlette.websocket model 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
f19b672656 Python: Also capture alias with new name 2023-12-08 11:27:50 +01:00
Taus
750f14f859 Python: Add http.client.HTTPResponse model 2023-12-08 11:27:50 +01:00
Taus
1d4b4ee740 Python: Add Requests response model 
This required making some of the relevant bits public, but they are marked as internal anyway.
 2023-12-08 11:27:50 +01:00
Taus
cb1efa915e Python: Add Flask response model 2023-12-08 11:27:50 +01:00
Taus
7b1c6b0dd6 Python: Add Django response models 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
d622d873d9 Python: Enable auto-model for Django Model 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
bff7ae20e1 Python: Enable auto-model for cgi.FieldStorage 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
1e69762242 Python: More import fixes 
:thinkies: turns out that .getASubclass*() had to be applied everywhere...
 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
af6c5ccead Python: Enable auto-model BaseHttpRequestHandler 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
ba19f95d3e Python: Improve SelfRefMixin 
This is important to model mixins correctly, for example when they help
handle incoming requests, and therefore need to know that `self.kwargs`
contains data controlled by a user.
 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
77a4d81a08 Python: Improve import * handling 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
ec384649e8 Python: Automodel for WSGIServer 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
eb97a7989f Python: Automodel for tornado 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
d6fec9e4a7 Python: Make Django use auto-modeling 
Ooops
 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
5e98ff48ff Python: Add script to process results from MRVA (bqrs files) 
Also makes `empty.model.yml` empty once again
 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
451a210916 Python: Remove query predicate annotation 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
b66dd23a68 Python: Streamline what modules to allow for now 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
ba0a5b1c23 Python: Adjust test-code predicate 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
bb3ced02e3 Python: Improve docs/names around already modeled classes 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
f06bbd2263 WIP rest of modeling done so far 2023-12-08 11:27:49 +01:00
Rasmus Wriedt Larsen
2f17d2f3ac WIP: Flask View class modeling for restplus 
Based on some DBs I had that contained dependencies
 2023-12-08 11:27:49 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Rasmus Lerchedahl Petersen
8c5ca3f564 Python: remove control flow nodes 
for module entry definitions from the dataflow graph.
 2023-12-06 21:47:03 +01:00
Rasmus Lerchedahl Petersen
e091ae84ab Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph 2023-12-04 14:05:40 +01:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Taus
6e279183d9 Python: Remove unused unsafeFilter predicates 2023-11-28 13:54:17 +00:00
Taus
91643ad08f Python: Update hasUnsafeFilter to use API graph 
This will probably break the tests in the short run. I'll fix the remaining issues in a follow-up commit.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2023-11-28 14:48:26 +01:00
Taus
ad1a86879e Python: Add change note 2023-11-27 14:39:32 +00:00
Taus
95e9284d08 Python: Add support for extraction filters 
Adds support for extraction filters as defined in
https://peps.python.org/pep-0706/
and implemented in Python 3.12.

By my reading, setting the filter to `'data'` or `'tar'` is probably
safe, whereas `'fully_trusted'` or the default (which is the same as
`None`) is not.

For now, I have just added this modelling to the tarslip query. We could
also share it with the modelling of `shutil.unpack_archive` (which has also
gained a `filter` argument), but it was unclear to me where we should put
this modelling in that case. Perhaps the best solution would be to merge
the experimental `py/tarslip-extended` query into the existing query (in
which case the current location is perhaps not too bad).
 2023-11-27 14:11:17 +00:00
Rasmus Wriedt Larsen
4e0cca9a41 Merge pull request #14353 from GeekMasher/py-restframework 
Python: support `*args` and `**kwargs` in request handlers
 2023-11-23 14:04:36 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
63fcaca82f Python: add change-note 2023-11-21 16:02:41 +01:00
Rasmus Wriedt Larsen
a0867b4f66 Python: More HTTP request handler *args/**kwargs modeling 
I looked through all `override Parameter getARoutedParameter() {` in our
codebase, and we now modeling *args/**kwargs for all of them 👍
 2023-11-21 16:02:40 +01:00
Rasmus Wriedt Larsen
1bc8a6de61 Python: Fixup mistaken modelling 2023-11-21 13:46:23 +01:00