Henry Mercer
da92da2204
Bump minor versions of packs we regularly release
2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51
Merge branch 'main' into henrymercer/rc-3.11-mergeback
2023-10-03 16:30:23 +01:00
Mathew Payne
a23904ca39
Add taint tests
2023-10-02 15:09:11 +01:00
Mathew Payne
3ab5fd5ca4
Add RestFramework handler kwargs
2023-10-02 14:58:21 +01:00
Rasmus Wriedt Larsen
3162033d56
Python: Make tests run for django rest framework
2023-09-29 16:21:04 +02:00
Mathew Payne
41bb8377d9
Add change notes
2023-09-29 14:44:36 +01:00
Mathew Payne
19c93b0228
Add RestFramework tests
2023-09-29 14:41:57 +01:00
Rasmus Lerchedahl Petersen
177db998c7
Python: add change note
2023-09-29 15:28:08 +02:00
Mathew Payne
eb9b32473e
Add support for ModelViewSet functions
2023-09-29 14:26:39 +01:00
Rasmus Lerchedahl Petersen
ed3ffde5e6
Python: modules are now possibly non-unique
...
We should consider if this is the right way..
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
be506c64ba
Python: update test-expectations
...
These are semantic differences.
They generally look good, except perhaps
we should exclude illegal package names?
(It passes `legalShortName`, though).
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
4f35a62583
Python: broaden search for imports
...
This now finds vulnerabilities in
https://github.com/github/field-security-codeql/issues/100
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
d9854eb409
Python: Add QLDoc
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
1d4832cbfe
python: allow namespace packages as packages
...
remove the logic around isPotentialPackage
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
362cf107a4
python: add tests for module import
...
- `--max-import-depth=3` to give points-to a chance
- `not_root` dir to force namespace package logic
- add usage in `example.py` to get files extracted
2023-09-29 15:10:19 +02:00
yoff
dbecb1bd0f
Merge pull request #14070 from yoff/python/promote-nosql-query
...
Python: promote nosql query
2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen
9b73bbfc31
Python: Add keyword argument support
...
and a fair bit of refactoring
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d6d13f84a9
Python: -> NoSQL in QLDocs
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
3676262313
Python: Clean trailing whitespace
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d7ad5a0f23
Python: List NoSQL injection sinks
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
16e1a00e88
Python: NoSQLInjection -> NoSqlInjection
2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen
97696680e6
Python: require dict sinks be dangerous.
2023-09-29 13:45:23 +02:00
Rasmus Lerchedahl Petersen
f3a01612e8
Python: rename flow states
...
Close to being a revert of
3043633d9c
2023-09-29 13:23:36 +02:00
Rasmus Lerchedahl Petersen
e1708054a4
Python: fix QL alert
2023-09-29 12:06:51 +02:00
Rasmus Lerchedahl Petersen
2d845e3e55
Python: nicer paths
...
turn "the long jump" that would end up
straight at the argument into a short jump
that ends up at the dictionary being written to.
Dataflow takes care of the rest of the path.
2023-09-29 12:02:16 +02:00
Rasmus Lerchedahl Petersen
74d6f37467
Python: update meta query TaintSinks
2023-09-29 12:02:16 +02:00
yoff
2e028a41ee
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-09-29 11:32:51 +02:00
erik-krogh
5d4b542995
escape unicode chars in overly-large-range
2023-09-28 20:16:09 +02:00
yoff
bc17bf69f4
Merge pull request #14317 from yoff/python/fix-regex-string-part-locations
...
Python: Improve computation of regex fragments inside string parts
2023-09-28 14:35:27 +02:00
Rasmus Lerchedahl Petersen
3043633d9c
Python: Some renaming of flow states
2023-09-28 14:24:49 +02:00
Rasmus Lerchedahl Petersen
d5b64c5ff2
Python: update test expectations
2023-09-28 14:20:30 +02:00
Rasmus Lerchedahl Petersen
a8e0023f39
Python: forgot to list framework
2023-09-28 13:42:33 +02:00
Rasmus Lerchedahl Petersen
2a7b593285
Python: Fix QL alerts
2023-09-28 13:35:29 +02:00
Rasmus Lerchedahl Petersen
eb1be08bce
Python: split modelling
2023-09-28 12:54:06 +02:00
Rasmus Lerchedahl Petersen
2a739b3b7a
Python: rename module
2023-09-28 12:54:05 +02:00
Rasmus Lerchedahl Petersen
9682c8218a
Python: rename file
2023-09-28 12:54:05 +02:00
yoff
c2b63830f1
Apply suggestions from code review
...
Claim conversions do not execute inputs in order to remove interaction with `py/unsafe-deserialization`.
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-09-28 12:40:37 +02:00
Rasmus Lerchedahl Petersen
d90630aa66
Python: fix query file
2023-09-28 12:34:10 +02:00
Rasmus Lerchedahl Petersen
3fb579eaff
Python: add test for type tracking
2023-09-28 12:14:12 +02:00
Rasmus Lerchedahl Petersen
37a4f35650
Python: further rename
2023-09-28 11:49:42 +02:00
yoff
8156fa9a4d
Apply naming suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-09-28 11:47:10 +02:00
Asger F
0d96ed8aee
Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers
...
Shared: add in/out barriers with flow state
2023-09-28 11:07:23 +02:00
Rasmus Wriedt Larsen
f3acc89900
Python: Accept .expected
2023-09-28 10:41:16 +02:00
Anders Schack-Mulligen
73521ca16b
Python: Use shared FileSystem library.
2023-09-28 08:58:55 +02:00
Benjamin Rodes
25203db4e7
Removing 'security' tags from all queries.
2023-09-27 12:43:51 -04:00
Rasmus Lerchedahl Petersen
8ade9ed164
Python: fix inconsistency
...
Since we calculate the end column by offset,
we must believ that the end line is the same
as the start line.
2023-09-26 21:02:14 +02:00
Rasmus Lerchedahl Petersen
db95eade64
Python: accept improved test output
2023-09-26 20:58:51 +02:00
Rasmus Lerchedahl Petersen
35f28c832a
Python: small refactor (reviewer suggestion)
2023-09-26 20:55:35 +02:00
Rasmus Lerchedahl Petersen
f5059a6918
Python: fix computation at part boundaries
2023-09-26 20:51:15 +02:00
Rasmus Lerchedahl Petersen
cdf1db09bd
Python: add test for part boundaries
2023-09-26 20:50:08 +02:00
