hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

9108 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
13609b2888 Python: Move pathlib tests to Python 3 only tests 2021-06-23 10:50:04 +02:00
Rasmus Wriedt Larsen
e2facd0981 Python: Expand cleartext query tests 2021-06-23 10:50:04 +02:00
Rasmus Wriedt Larsen
5506365b0e Python: Split cleartext tests 2021-06-23 10:50:04 +02:00
Rasmus Wriedt Larsen
c0964617d7 Merge pull request #6111 from tausbn/python-a-few-minor-cleanups 
Python: A few minor bits of cleanup
 2021-06-23 10:42:41 +02:00
Rasmus Wriedt Larsen
c77884b8c4 Python: Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2021-06-23 10:37:06 +02:00
Rasmus Wriedt Larsen
ae841cdd9b Python: Make import python private in Concepts.qll 
Just a mistake that we have never caught on to
 2021-06-23 10:32:36 +02:00
jorgectf
4c9ecf0d9b Delete testing class-variable 2021-06-23 00:52:34 +02:00
jorgectf
7956b97ac3 Unit tests move and temporary ql 2021-06-23 00:40:05 +02:00
jorgectf
4d890ddeae Polish flask_mail tests and code 2021-06-23 00:38:58 +02:00
jorgectf
48cd5062cf Change EmailSender structure 2021-06-23 00:37:54 +02:00
thank_you
20f321e623 Remove accidental slash 2021-06-22 13:03:23 -04:00
Taus
317c6867aa Python: Fix sneaky semantic change 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-22 16:46:54 +02:00
jorgectf
78deec84fc Upload main structure and initial tests 2021-06-22 16:41:08 +02:00
Rasmus Wriedt Larsen
3b41c2f204 Python: Use new MethodCallNode in TaintTrackingPrivate 2021-06-22 15:12:35 +02:00
Rasmus Wriedt Larsen
0b767bb853 Merge branch 'main' into small-cleanups 2021-06-22 15:01:53 +02:00
Rasmus Wriedt Larsen
5db627042f Merge pull request #6091 from tausbn/python-exclude-main-py-files 
Python: Avoid `__main__.py` files as entry points.
 2021-06-22 11:29:02 +02:00
Rasmus Wriedt Larsen
e05d6e71b8 Merge pull request #6064 from tausbn/python-add-get-method-call 
Python: Add `getAMethodCall` to `LocalSourceNode`
 2021-06-22 11:16:39 +02:00
thank_you
c3eba25b0c Add query tests 
Most of these query tests need to be cleaned up. Also, some of these query tests will fail because no user-tainted data is passing into the email bodies that are generated and sent to a victim user.
 2021-06-21 19:02:20 -04:00
thank_you
24d4415457 Create EmailClients.qll 2021-06-21 19:01:04 -04:00
Taus
ba6ab8ff3d Python: Expand __main__.py comment 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-21 18:14:03 +02:00
Taus
768cab3642 Python: Address review comments 
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
 2021-06-21 14:57:19 +00:00
Rasmus Wriedt Larsen
1c48aca630 Merge branch 'main' into jmespath 2021-06-21 15:26:45 +02:00
CodeQL CI
565af1a879 Merge pull request #6071 from RasmusWL/fix-input-cwe 
Approved by calumgrant, tausbn
 2021-06-21 06:23:18 -07:00
Rasmus Wriedt Larsen
a7170bedb6 Python: Mention modeling of mysqlclient PyPI package 
Just for completeness in terms of what we claim support for.
 2021-06-21 15:20:08 +02:00
yoff
baf8d0a990 Merge pull request #6045 from RasmusWL/twisted 
Python: Model twisted
 2021-06-21 14:52:57 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Rasmus Wriedt Larsen
d6ec4d30fc Python: Twisted refactor of getRequestParamIndex 2021-06-21 10:54:28 +02:00
Rasmus Wriedt Larsen
8208aebd7e Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-06-21 10:43:25 +02:00
jorgectf
b10ade17be Update HeaderDeclaration input naming 2021-06-20 00:13:59 +02:00
jorgectf
0e61558644 Empty commit 2021-06-19 18:39:58 +02:00
jorgectf
058ade4d8e Merge remote-tracking branch 'upstream/main' into jorgectf/python/jwt-queries 2021-06-18 22:21:38 +02:00
jorgectf
6565680dd6 Finish query 2021-06-18 22:16:39 +02:00
Taus
3aea270e10 Python: Autoformat 2021-06-18 18:30:27 +00:00
jorgectf
017a778a20 Polish make_response and fix extend argument 2021-06-18 20:21:11 +02:00
Taus
aeac03663f Python: Remove old ClickHouseDriver.qll 
The merge must've gone wrong some way, as this file is not supposed to
exist in `experimental` anymore.
 2021-06-18 17:41:09 +00:00
Taus
348b20ca9d Merge branch 'main' of https://github.com/github/codeql into python-a-few-minor-cleanups 2021-06-18 17:38:43 +00:00
Taus
9351688da8 Python: asCfgNode cleanup 2021-06-18 17:22:42 +00:00
Taus
c386f4a009 Python: Clean up py/insecure-protocol 
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
 2021-06-18 17:22:42 +00:00
Taus
f24a9a46d9 Python: add getAnAttributeWrite 2021-06-18 17:22:42 +00:00
Taus
c78ba476cf Python: Clean up a few verbose casts 2021-06-18 17:22:42 +00:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
jorgectf
eac5254a88 Resolve merge conflict 2021-06-18 02:12:49 +02:00
jorgectf
dcb1da338b Extend documentation 2021-06-18 02:03:56 +02:00
jorgectf
4963caf506 Rewrite frameworks modeling 2021-06-18 02:03:27 +02:00
jorgectf
066504e79e Checkout Stdlib.qll 2021-06-18 02:02:47 +02:00
jorgectf
1d7ddce8db Update .expected 2021-06-17 18:10:43 +02:00
jorgectf
9cbb7e0899 Change query objective 2021-06-17 17:53:58 +02:00