Rasmus Lerchedahl Petersen
4a5f70e6c8
Python: Reclassify defaultValueFlowStep
...
as a `jumpStep`.
2021-09-08 10:05:31 +02:00
Taus Brock-Nannestad
bea8a457a2
Merge branch 'main' into python-make-annotated-assignment-a-definitionnode
2021-09-07 15:01:01 +02:00
Taus Brock-Nannestad
1ab86892a0
Merge branch 'main' into python-deprecate-importnode
2021-09-07 14:59:12 +02:00
Taus Brock-Nannestad
5ac32f145f
Merge branch 'main' into python-fix-exceptstmt-gettype
2021-09-07 14:21:13 +02:00
Taus Brock-Nannestad
5f5285955b
Merge branch 'main' into python-api-graphs-import-star
2021-09-07 14:13:56 +02:00
Taus
b99c075282
Merge pull request #6460 from yoff/python-regex-parsing-consistency-checks
...
Python: Add regex parsing consistency checks
2021-09-07 13:33:59 +02:00
Anders Schack-Mulligen
7ec1fa2ebe
Dataflow: Sync.
2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
3c3d71d4a0
Dataflow: Sync
2021-09-07 12:51:42 +02:00
Rasmus Lerchedahl Petersen
fcd346c2af
Python: Add flow from default values
...
to their parameters.
This creates data-flow inconsistencies,
probably because the default values have incorrect enclosing callables
2021-09-07 11:33:09 +02:00
yoff
138a7ae67f
Merge pull request #6349 from RasmusWL/more-modeling
...
Python: Improve various library modeling
2021-09-06 17:01:45 +02:00
Andrew Eisenberg
6a47fcaf1f
Packaging: Normalize all qlpack.yml files for all languages
...
This commit ensures consistency among all of our qlpacks. Here are the
changes:
1. Ensure only modern references are used (codeql-{lang} is converted to
codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
constraints
4. Dependencies from query packs to other packs are always `"*"` since
these dependencies are always from source and we should get the
latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
be strict since there is a tight connection between the libary
and its relevant upgrades.
2021-09-03 11:53:28 -07:00
Rasmus Wriedt Larsen
414bf12f86
Python: Fix DefaultTextClauseConstruction
2021-09-02 16:03:25 +02:00
Rasmus Wriedt Larsen
065075056b
Python: Highlight how await taint-step works
2021-09-02 15:45:59 +02:00
Rasmus Wriedt Larsen
ad102e2746
Python: Minor cleanup to snippets
...
As pointed out in review, we don't need this override any more!
2021-09-02 15:40:32 +02:00
Rasmus Wriedt Larsen
d55f18f8e3
Python: Add modeling of Flask-SQLAlchemy
2021-09-02 10:48:24 +02:00
Rasmus Wriedt Larsen
c34d6d1162
Python: Add query to handle SQLAlchemy TextClause Injection
...
instead of doing this via taint-steps. See description in code/tests.
2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
81dbe36e99
Python: Promote SQLAlchemy modeling
...
Due to the split between `src/` and `lib/`, I was not really able to do
the next step without having moved the SQLAlchemy modeling over to be in
`lib/` as well.
2021-09-02 10:19:57 +02:00
Erik Krogh Kristensen
1ad204d89e
make after and TState private in ReDoSUtil
2021-09-02 09:15:43 +02:00
Erik Krogh Kristensen
df04c5044c
use concat instead of strictconcat in RegexTreeView.qll
2021-09-02 08:54:39 +02:00
Tom Hvitved
c3ecae503b
Data flow: Sync files
2021-09-01 19:58:47 +02:00
Erik Krogh Kristensen
a3289fabe1
sync ReDoSUtil with python
2021-09-01 12:47:06 +02:00
Rasmus Lerchedahl Petersen
a01fca5d48
Merge branch 'main' of github.com:github/codeql into python-regex-parsing-consistency-checks
...
To fix conflicts
2021-08-30 18:40:12 +02:00
Erik Krogh Kristensen
f5a1a12435
support case insensitive regexps in the ReDoS queries
2021-08-30 09:59:33 +02:00
Rasmus Wriedt Larsen
47377c7197
Merge branch 'main' into more-modeling
2021-08-26 13:40:17 +02:00
Erik Krogh Kristensen
0cc19d914e
use toUnicode in ReDoSUtil.qll
2021-08-25 22:21:43 +02:00
Andrew Eisenberg
3660c64328
Packaging: Rafactor Python core libraries
...
Extract the external facing `qll` files into the codeql/python-all
query pack.
2021-08-24 13:23:45 -07:00
