hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

9118 Commits

Author SHA1 Message Date
jorgectf
55648ac4de Add shlex.quote as sanitizer 2023-07-20 15:34:54 +02:00
Geoffrey White
a0b784e7b1 Python: QLDoc. 2023-07-20 11:56:13 +01:00
Maiky
6d6a243776 Update Change Note 2023-07-20 12:33:26 +02:00
Geoffrey White
aaf9907a27 Python: Change note. 2023-07-20 11:23:15 +01:00
Geoffrey White
bb16731b86 Python: Fix for multiple parse mode flags. 2023-07-20 11:16:14 +01:00
Geoffrey White
dbde99df91 Python: Add test cases. 2023-07-20 11:06:00 +01:00
Maiky
1a1fee3088 Doc change 2023-07-20 03:28:13 +02:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
Geoffrey White
cb6276e5e2 Python: Test layout. 2023-07-19 18:44:15 +01:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Rasmus Wriedt Larsen
13fa08a90a Python: Move source modeling to shared file 2023-07-14 14:47:50 +02:00
Rasmus Wriedt Larsen
aa8ed91993 Python: Accept .expected changes 
but it's kinda bad, since it has paths to stdlib in there :(
 2023-07-14 14:47:27 +02:00
Rasmus Wriedt Larsen
9e0f985e23 Python: Fix qlref 2023-07-14 14:33:17 +02:00
Rasmus Wriedt Larsen
8279cf7c9c Merge branch 'main' into amammad-python-WebAppsConstatntSecretKeys 2023-07-14 14:32:43 +02:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
4c1612f2dd feat: add change log notes 2023-07-14 12:28:51 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Rasmus Wriedt Larsen
0db535bdd7 Python: Minor naming update 2023-07-14 12:54:54 +02:00
Asger F
eb5c600a6b Python: fix some whitespace 2023-07-13 15:42:34 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Asger F
919cb07c1e Sync ApiGraphModels.qll 2023-07-13 15:42:33 +02:00
Rasmus Wriedt Larsen
991d5cc54b Python: Fix test of HttpResponse.getBody() 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
15269c9166 Python: Add StreamResponse test 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
0f9ab8f53e Python: Fixup tests 
But notice that keyword argument is not handled yet
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
ee1ba71e5d add tests 2023-07-13 13:07:12 +02:00
Alvaro Muñoz
10cd649ba7 address code review feedback 2023-07-13 12:24:19 +02:00
Alvaro Muñoz
69efddbaef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-07-13 12:23:00 +02:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
3db2644008 Python: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
43f870e395 Python: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Alvaro Muñoz
7a717555aa fix qldocs 2023-07-12 17:27:17 +02:00
Alvaro Muñoz
733e625080 fix change note 2023-07-12 17:26:12 +02:00
Alvaro Muñoz
f2cc2af276 aiohttp improvements 2023-07-12 17:19:56 +02:00
yoff
76455d628e Update python/ql/lib/semmle/python/frameworks/ServerLess.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-07-12 16:50:13 +02:00
Rasmus Lerchedahl Petersen
4d2ce6b2e0 python: create shared serverless module and use it 
Modelled on the javascript serverless module, but
- The predicate that reports YAML files is now public
  so languages can implement their own file conventions.
- It also reports framework and runtime.
- The conveninece predicates with files still exist,
  but they only report the path.
- Handler mapping conventions are now documented.
- Use parameterised serverless module in Python,
  tests now pass.
 2023-07-12 16:42:01 +02:00
Rasmus Lerchedahl Petersen
a892e83c8e python: add simple test for AWS lambda 
made space for other serverless frameworks in the directory `serverless`
 2023-07-12 16:42:00 +02:00
Rasmus Wriedt Larsen
98ed5cf522 Python: Move not this instanceof ParameterDefinition logic 2023-07-12 11:31:27 +02:00
Rasmus Wriedt Larsen
83ca47f32c Python: Add change-note 2023-07-11 11:33:06 +02:00
Rasmus Wriedt Larsen
a1225674ee Python: Add implementation note about why not targeting ESSA node 2023-07-11 11:32:26 +02:00
Jeroen Ketema
92ee31849c Merge pull request #13643 from jketema/inline-5 
Rework the remaining inline expectation tests to use the parameterized module
 2023-07-11 11:29:14 +02:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Jeroen Ketema
8cee4f37a4 Merge branch 'main' into inline-5 2023-07-11 10:30:11 +02:00