hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

9150 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
adc82b553b Python: more realistic summaries 2024-04-26 14:19:10 +02:00
Rasmus Lerchedahl Petersen
c2252e12ac python: sync files 2024-04-26 14:19:09 +02:00
Rasmus Lerchedahl Petersen
bab6ecf3bb Python: test the MaD path for constructor calls 2024-04-26 14:19:09 +02:00
erik-krogh
14d88eb3ce add change-notes 2024-04-26 12:56:28 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Joe Farebrother
2a0459838b Add models for responses 2024-04-25 15:55:59 +01:00
Joe Farebrother
86d1e5b646 Add additional type tracking for request attributes 2024-04-25 13:58:36 +01:00
Paolo Tranquilli
332d118d93 Merge pull request #16315 from github/redsun82/buildifier 
Bazel: introduce buildifier formatting
 2024-04-25 10:48:18 +02:00
Rasmus Wriedt Larsen
13ff9412a4 Merge pull request #16252 from RasmusWL/move-dataflow-tests 
Python: Move dataflow tests out of experimental
 2024-04-25 10:05:06 +02:00
Ben Ahmady
8cba276b87 Deprecate the CodeQL for VS Code docs in favour of docs.github.com version 2024-04-25 07:59:33 +00:00
Paolo Tranquilli
9f5782b67b Bazel: introduce buildifier formatting 
This introduces tooling and enforcement for formatting bazel files.

The tooling is provided as a bazel run target from
[keith/buildifier-prebuilt](https://github.com/keith/buildifier-prebuilt).

This is used in a [`pre-commit`](https://pre-commit.com/) hook for those
having that installed. In turn this is used in a CI check. Relying on a
`pre-commit` action gives us easy checking that buildifying did not
change anything in the files and printing the diff, without having to
hand-roll the check ourselves.

This enforcement will make usage of gazelle easier, as gazelle itself
might reformat files, even outside of `go`. Having them properly
formatted will allow gazelle to leave them unchanged, without needing
to configure awkward exclude directives.
 2024-04-24 15:49:48 +02:00
Joe Farebrother
53f69d9966 Reduce query tests with cases covered by concept tests 2024-04-24 14:05:42 +01:00
Joe Farebrother
8fb2faa89b Add additional info to concept tests 2024-04-24 14:05:41 +01:00
Joe Farebrother
2b935e575a Add concept tests + fix typo 2024-04-24 14:05:41 +01:00
Joe Farebrother
ec4c820391 Fix deprecation 2024-04-24 14:05:41 +01:00
Joe Farebrother
1dce2eb325 Rename to response splitting 2024-04-24 14:05:40 +01:00
Joe Farebrother
49e5f8a1a5 Add tests for instances of the header write concept 2024-04-24 14:05:40 +01:00
Joe Farebrother
f3b27d611a Add test case for validated wsgiref servers + fix typo 2024-04-24 14:05:40 +01:00
Joe Farebrother
f57ba3e642 Add change note 2024-04-24 14:05:40 +01:00
Joe Farebrother
d4a072818f Add more tests 2024-04-24 14:05:40 +01:00
Joe Farebrother
eeef062f7c Implement sinks for wsgiref + allow lists in bulk header updates + local flow 2024-04-24 14:05:39 +01:00
Joe Farebrother
9d56f3eb68 Fix qldoc formatting 2024-04-24 14:05:39 +01:00
Joe Farebrother
cf8db4e425 Update instances of experimental concept to the main one, and anotate missing experimental test results. 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
fa28d94363 Added a sanitizer for replacing newlines. 2024-04-24 14:05:38 +01:00
Joe Farebrother
dbbc944f32 Correct spelling 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
3e9341ff8a Model class instantiation for werkzueg headers 2024-04-24 14:05:37 +01:00
Joe Farebrother
b9984beb16 Add test cases 2024-04-24 14:05:37 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
25ffcb2fde Split into customizations file 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Nick Rolfe
af72c0848e Merge pull request #16306 from github/nickrolfe/js-sensitive 
JS: do fewer regexp matches in SensitiveActions
 2024-04-24 09:49:44 +01:00
Nick Rolfe
003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Anders Schack-Mulligen
b2f09949df Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 
Dataflow: update fieldFlowBranchLimit semantics
 2024-04-23 10:08:05 +02:00
Rasmus Wriedt Larsen
1bc085c8f7 Python: Fixup for callGraphConfig 2024-04-23 09:42:35 +02:00
Rasmus Wriedt Larsen
bb00d6919a Python: Move dataflow TestUtil to importable location 2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen
e0e405bb31 Python: replace dataflow-test location in files 2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen
ce711f7d2f Python: Move dataflow tests out of experimental 2024-04-23 09:40:44 +02:00
Joe Farebrother
f85ee38e04 Add instance taint steps for requests 2024-04-22 16:03:39 +01:00
Joe Farebrother
88e3227ed0 Add pyramid models 2024-04-22 13:27:18 +01:00
Taus
81246cd41a Python: Add missing QLDoc for isUnicode 2024-04-22 12:08:53 +00:00
Taus
bab461ffd1 Python: Add change note 2024-04-22 12:00:09 +00:00
Taus
58eaddf627 Python: Update all .expected files 
I'm beginning to realise why I didn't do the `toString` overriding way
back when. Thankfully, now that all of our tests are in the same place,
this is actually not a terrible ordeal.
 2024-04-22 12:00:09 +00:00
Taus
d51fcd4f2a Python: Change Str to StringLiteral 
As far as I can tell, this was the only occurrence of `Str` as a type
throughout the entire library.
 2024-04-22 12:00:09 +00:00
Taus
b484aee39e Python: Autoformat everything 
Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Taus
f6487d7b13 Python: Rename StrConst to StringLiteral 
Does a few things:
- Renames `StrConst` to `StringLiteral`, and deprecates the former.
- Also deprecates `Str`.
- Adds an override of `StringLiteral::toString` making it output
`"StringLiteral"` rather than the inherited `"Str"`. This ensures that
the AST viewer shows these nodes as the former type, not the latter.

There are a large number of uses of `StrConst` in the codebase. These
will be fixed in a later commit.
 2024-04-22 12:00:09 +00:00
Asger F
decd576a6b Merge pull request #15386 from asgerf/js/graph-export 
JS: Add library for exporting graphs as type models
 2024-04-18 11:56:17 +02:00