2826 Commits

Author	SHA1	Message	Date
erik-krogh	14d88eb3ce	add change-notes	2024-04-26 12:56:28 +02:00
erik-krogh	baa31e1469	delete outdated deprecations	2024-04-25 22:19:28 +02:00
Joe Farebrother	2a0459838b	Add models for responses	2024-04-25 15:55:59 +01:00
Joe Farebrother	86d1e5b646	Add additional type tracking for request attributes	2024-04-25 13:58:36 +01:00
Rasmus Wriedt Larsen	13ff9412a4	Merge pull request #16252 from RasmusWL/move-dataflow-tests ... Python: Move dataflow tests out of experimental	2024-04-25 10:05:06 +02:00
Joe Farebrother	2b935e575a	Add concept tests + fix typo	2024-04-24 14:05:41 +01:00
Joe Farebrother	ec4c820391	Fix deprecation	2024-04-24 14:05:41 +01:00
Joe Farebrother	f3b27d611a	Add test case for validated wsgiref servers + fix typo	2024-04-24 14:05:40 +01:00
Joe Farebrother	d4a072818f	Add more tests	2024-04-24 14:05:40 +01:00
Joe Farebrother	eeef062f7c	Implement sinks for wsgiref + allow lists in bulk header updates + local flow	2024-04-24 14:05:39 +01:00
Joe Farebrother	8636a50190	Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query)	2024-04-24 14:05:38 +01:00
Joe Farebrother	fa28d94363	Added a sanitizer for replacing newlines.	2024-04-24 14:05:38 +01:00
Joe Farebrother	dbbc944f32	Correct spelling	2024-04-24 14:05:38 +01:00
Joe Farebrother	a88ad62c00	Implemented sinks for bulk header updates, and added corresponding tests.	2024-04-24 14:05:38 +01:00
Joe Farebrother	3e9341ff8a	Model class instantiation for werkzueg headers	2024-04-24 14:05:37 +01:00
Joe Farebrother	b9984beb16	Add test cases	2024-04-24 14:05:37 +01:00
Joe Farebrother	68d90918cf	Add to header write concept a specification of whether the name or value arg allows newlines. ... Ported sink defenitions from Flask and Werzeug from experimental to main. Removed experimental sink definitions for Django, as neither name nor value are vulnerable.	2024-04-24 14:05:37 +01:00
Joe Farebrother	25ffcb2fde	Split into customizations file	2024-04-24 14:05:37 +01:00
Joe Farebrother	6021d9238c	Move headers injection query and concept from experimental to main	2024-04-24 14:05:37 +01:00
Nick Rolfe	af72c0848e	Merge pull request #16306 from github/nickrolfe/js-sensitive ... JS: do fewer regexp matches in SensitiveActions	2024-04-24 09:49:44 +01:00
Nick Rolfe	003d208574	JS: do fewer regexp matches in SensitiveActions	2024-04-23 15:31:38 +01:00
Anders Schack-Mulligen	b2f09949df	Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 ... Dataflow: update fieldFlowBranchLimit semantics	2024-04-23 10:08:05 +02:00
Rasmus Wriedt Larsen	e0e405bb31	Python: replace dataflow-test location in files	2024-04-23 09:40:59 +02:00
Joe Farebrother	f85ee38e04	Add instance taint steps for requests	2024-04-22 16:03:39 +01:00
Joe Farebrother	88e3227ed0	Add pyramid models	2024-04-22 13:27:18 +01:00
Taus	81246cd41a	Python: Add missing QLDoc for isUnicode	2024-04-22 12:08:53 +00:00
Taus	bab461ffd1	Python: Add change note	2024-04-22 12:00:09 +00:00
Taus	d51fcd4f2a	Python: Change Str to StringLiteral ... As far as I can tell, this was the only occurrence of `Str` as a type throughout the entire library.	2024-04-22 12:00:09 +00:00
Taus	b484aee39e	Python: Autoformat everything ... Of course, `StringLiteral` being much longer than `StrConst` meant a bunch of files changed formatting.	2024-04-22 12:00:09 +00:00
Taus	1c68c987b0	Python: Change all remaining occurrences of StrConst ... Done using ``` git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g' ```	2024-04-22 12:00:09 +00:00
Taus	f6487d7b13	Python: Rename StrConst to StringLiteral ... Does a few things: - Renames `StrConst` to `StringLiteral`, and deprecates the former. - Also deprecates `Str`. - Adds an override of `StringLiteral::toString` making it output `"StringLiteral"` rather than the inherited `"Str"`. This ensures that the AST viewer shows these nodes as the former type, not the latter. There are a large number of uses of `StrConst` in the codebase. These will be fixed in a later commit.	2024-04-22 12:00:09 +00:00
Asger F	decd576a6b	Merge pull request #15386 from asgerf/js/graph-export ... JS: Add library for exporting graphs as type models	2024-04-18 11:56:17 +02:00
Alexander Eyers-Taylor	da3fa22cbd	Merge pull request #16228 from github/post-release-prep/codeql-cli-2.17.1 ... Post-release preparation for codeql-cli-2.17.1	2024-04-17 11:24:34 +01:00
Asger F	3335d48154	Sync files	2024-04-16 20:26:41 +02:00
Asger F	be64daf265	Merge branch 'main' into js/graph-export	2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider	6ba27dc863	Upgrade rules_pkg to 0.10.1.	2024-04-16 16:29:56 +02:00
github-actions[bot]	622e176a16	Post-release preparation for codeql-cli-2.17.1	2024-04-16 14:21:32 +00:00
github-actions[bot]	9bfe4ea90a	Release preparation for version 2.17.1	2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen	2f0987e980	Dataflow: Add dummy DataFlowSecondLevelScope implementations. ... These could be an empty type, but Unit was available and it probably doesn't matter.	2024-04-15 15:16:30 +02:00
Tom Hvitved	e7dc120456	Add deprecation comments	2024-04-12 13:40:15 +02:00
Tom Hvitved	ceb5b4c56e	Python: No longer use models-as-data CSV interface	2024-04-12 13:40:15 +02:00
Tom Hvitved	fdb77457b3	Sync files	2024-04-12 13:40:14 +02:00
Anders Schack-Mulligen	a8fc100108	Python: Add alert provenance plumbing.	2024-04-12 09:20:08 +02:00
Anders Schack-Mulligen	eafc0075fd	Legacy dataflow: Sync.	2024-04-12 09:19:54 +02:00
Rasmus Wriedt Larsen	3db560158a	Merge pull request #16169 from RasmusWL/mad-remoteflowsource ... Python: Fix `RemoteFlowSourceFromCsv`	2024-04-10 13:06:42 +02:00
Rasmus Wriedt Larsen	4fed3cf12d	Python: Fix RemoteFlowSourceFromCsv	2024-04-10 11:31:34 +02:00
Asger F	f5355cfa98	Dynamic: Sync ApiGraphModels.qll	2024-04-09 14:37:20 +02:00
yoff	1048cf7c5e	Merge pull request #15711 from RasmusWL/tt-content ... Python: Add type tracking for content	2024-04-09 10:37:43 +02:00
Sylwia Budzynska	112992585a	Add change note	2024-04-05 14:56:06 +02:00
Sylwia Budzynska	84d69566c9	Fix decorator QLdoc	2024-04-05 14:51:30 +02:00