hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

9108 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
46af77c1af Python: Include all assignments in data flow paths 
Like Ruby did in https://github.com/github/codeql/pull/12566
 2023-08-10 11:45:29 +02:00
Rasmus Wriedt Larsen
9bd5694c3f Python: Add tests of path-graph for dataflow/taint-tracking 
Although this is actually using taint-tracking (so we can use the +=
statement), I would personally forget to check under the
dataflow/tainttracking folder to look for such a test, so I'm opting to
keep it under the dataflow/ folder.
 2023-08-10 11:44:17 +02:00
Rasmus Lerchedahl Petersen
dbc60140e0 Python: move tests to data extensions 
For these tests, we cannot use the same mechanism, as we want the
data extensions to be available for both tests.

Instead, we create a ql-pack for the test directory and point to
the data entensions from there. This makes the extensions
available for all tests in the directory.
 2023-08-10 09:17:34 +02:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Rasmus Lerchedahl Petersen
885e25ff2d Python: use file-name-convention of *.model.yml 2023-08-09 14:25:33 +02:00
Rasmus Lerchedahl Petersen
e47e77c438 Python: add change note 2023-08-08 12:17:23 +02:00
Rasmus Lerchedahl Petersen
f33aff42ad Python: missing result was fixed 2023-08-08 12:14:57 +02:00
Rasmus Lerchedahl Petersen
f865fa3050 Python: simplify using getSubscript 2023-08-08 11:16:35 +02:00
Rasmus Wriedt Larsen
4f47461f60 Python: Add requested test 2023-08-08 10:44:48 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Rasmus Lerchedahl Petersen
957c0d6387 Python: move change note 2023-08-07 14:28:53 +02:00
Rasmus Lerchedahl Petersen
2f9172046b Python: change-note 2023-08-07 11:50:13 +02:00
Tom Hvitved
6c989b9c6b Python: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Rasmus Lerchedahl Petersen
4dbaed9ec2 Python: add qldoc 2023-08-07 11:31:22 +02:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
b27a3a81bc Python: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Maiky
6274dfafdc typo 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-07-27 23:43:48 +02:00
Maiky
49aa3eb92b Update change note 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-07-27 23:43:39 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
amammad
bee8e6ff0d remove unused saniter 2023-07-27 01:41:31 +10:00
amammad
591d81b5f9 remove saniter which was responsible for a defensive technique 2023-07-26 02:39:10 +10:00
Rasmus Lerchedahl Petersen
b2688bba7d Python: Relax module resolution 
Do not require modules to reside in a package
 2023-07-25 17:24:04 +02:00
jorgectf
8f8c064632 Modify test 2023-07-24 17:50:22 +02:00
amammad
1e1d42fa35 fix a mistake :( 2023-07-25 00:11:23 +10:00
amammad
7aff0079f5 better safe Flask example 2023-07-25 00:08:51 +10:00
amammad
0e8f83460c a little bit change on flask example 2023-07-24 21:41:54 +10:00
amammad
bbba906ff1 a little bit change on flask example 2023-07-24 21:41:44 +10:00
amammad
6f8ec118df fix qlhelp and qldoc bugs 2023-07-24 17:15:43 +10:00
amammad
c704158150 remove sources which are contained from environment variables, fix some bugs thanks to @yoff 2023-07-24 17:06:27 +10:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
jorgectf
3ac94c33b2 Add change note 2023-07-20 15:47:18 +02:00
jorgectf
55648ac4de Add shlex.quote as sanitizer 2023-07-20 15:34:54 +02:00
Geoffrey White
a0b784e7b1 Python: QLDoc. 2023-07-20 11:56:13 +01:00
Maiky
6d6a243776 Update Change Note 2023-07-20 12:33:26 +02:00
Geoffrey White
aaf9907a27 Python: Change note. 2023-07-20 11:23:15 +01:00
Geoffrey White
bb16731b86 Python: Fix for multiple parse mode flags. 2023-07-20 11:16:14 +01:00
Geoffrey White
dbde99df91 Python: Add test cases. 2023-07-20 11:06:00 +01:00
Maiky
1a1fee3088 Doc change 2023-07-20 03:28:13 +02:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
Geoffrey White
cb6276e5e2 Python: Test layout. 2023-07-19 18:44:15 +01:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00