hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

9240 Commits

Author SHA1 Message Date
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Rasmus Wriedt Larsen
3231ae77ef Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-08-17 15:17:10 +02:00
Erik Krogh Kristensen
3f7f5d2418 performance improvements in ReDoSUtil 2021-08-17 15:10:33 +02:00
Erik Krogh Kristensen
49e47641e4 sync ReDoSUtil.qll with python 2021-08-17 15:10:33 +02:00
Rasmus Wriedt Larsen
15d483d56c Python: Use TypeTrackingNode in new PEP249 modeling 2021-08-17 12:03:40 +02:00
Rasmus Wriedt Larsen
b649f5f38c Merge branch 'main' into peewee-modeling 2021-08-17 12:03:18 +02:00
Rasmus Lerchedahl Petersen
dee5535fbb Python: condense tests 
This also avoids potential licensing issues.
 2021-08-17 11:24:39 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Erik Krogh Kristensen
46959234b7 Merge pull request #6288 from erik-krogh/emptyRedos 
JS/Python: Fix FP in redos related to empty lookaheads
 2021-08-16 13:48:22 +02:00
Erik Krogh Kristensen
e962a7c77c Update python/ql/src/semmle/python/RegexTreeView.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-08-16 11:24:05 +02:00
Rasmus Lerchedahl Petersen
6be78d442c Python: fix compilation 2021-08-16 10:35:33 +02:00
Rasmus Lerchedahl Petersen
2df846ee4b Merge branch 'python-regex-parsing-consistency-checks' of github.com:yoff/codeql into python-regex-parsing-consistency-checks 2021-08-12 13:34:11 +02:00
Rasmus Lerchedahl Petersen
54e65ce765 Python: Add consistency tests 
for all the projects that went out of disk as a result of ReDoS
 2021-08-12 13:33:44 +02:00
yoff
61bbddeb0c Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-12 09:39:04 +02:00
Rasmus Lerchedahl Petersen
c08f94ec04 Python: Fix parsing of octal escapes 2021-08-11 15:01:26 +02:00
Rasmus Lerchedahl Petersen
34b054ff53 Python: Add consistency checks 2021-08-11 14:58:27 +02:00
jorgectf
e6ce10b5c5 Merge remote-tracking branch 'origin/main' into jty/python/nosqlInjection 2021-08-10 20:01:08 +02:00
Tom Hvitved
ea6d51f123 Python: Avoid bad join in AstExtended::AstNode::containsInScope 2021-08-09 11:20:57 +02:00
jorgectf
54ed25a925 Change False and None scopes 2021-07-25 18:21:16 +02:00
jorgectf
c8a7f48d6e Add .expected 2021-07-25 18:18:38 +02:00
jorgectf
983465963a Polish CookieWrite 2021-07-25 18:18:29 +02:00
jorgectf
65044293dd Add CookieWrite concept 2021-07-25 17:53:58 +02:00
jorgectf
66fdd530e3 Merge branch 'jorgectf/python/headerInjection' into jorgectf/python/insecure-cookie 2021-07-25 04:35:51 +02:00
jorgectf
8d0386b049 Split into getNameArg and getValueArg 2021-07-25 04:35:22 +02:00
jorgectf
4f68a1777c Write documentation and example 2021-07-25 04:07:05 +02:00
jorgectf
c8983be947 Add query 2021-07-25 04:06:44 +02:00
jorgectf
8a3e4f14d1 Add tests and .qlref 2021-07-25 04:06:02 +02:00
jorgectf
0aaa9c13bd Merge remote-tracking branch 'origin/jorgectf/python/headerInjection' into jorgectf/python/insecure-cookie 2021-07-25 03:22:16 +02:00
jorgectf
93c8529fc9 Add .expected 2021-07-25 01:53:21 +02:00
jorgectf
1dd77f167a Fix undetected tests 2021-07-25 01:51:52 +02:00
jorgectf
b83b31cc7a Write qldocs 2021-07-24 02:33:57 +02:00
jorgectf
61e873d725 Polish tests 2021-07-24 02:09:23 +02:00
jorgectf
0d2646fd3d Polish documentation 2021-07-24 01:23:51 +02:00
jorgectf
f9b244ecad Polish documentation 2021-07-24 01:06:05 +02:00
Taus
74f1992aaf Merge pull request #6352 from tausbn/mergeback-rc/3.2-to-main 
Mergeback `rc/3.2` to `main`
 2021-07-22 19:58:29 +02:00
jorgectf
068150b1ab Finish modeling 2021-07-22 19:34:23 +02:00
jorgectf
b5e10b6c42 Write (String|Bytes)IO additional taint step 2021-07-22 19:15:30 +02:00
jorgectf
11f4c1cc8e Format tests 2021-07-22 19:04:35 +02:00
Jorge
f02b6d60a5 Merge branch 'github:main' into jorgectf/python/ldapinsecureauth 2021-07-22 18:49:51 +02:00
jorgectf
b03e75e3d1 Extend ldap3's start_tls and fix tests 2021-07-22 18:42:41 +02:00
jorgectf
a34d6d390e Port to ApiGraphs and finish the query 2021-07-22 18:34:57 +02:00
Rasmus Wriedt Larsen
42a997cbcb Python: Fix deprecation warning 2021-07-22 15:59:13 +02:00
Rasmus Wriedt Larsen
71e6db8a01 Merge branch 'main' into jorgectf/python/ldapimproperauth 2021-07-22 15:57:43 +02:00
Taus
6ea8ef5d16 Merge branch 'rc/3.2' into mergeback-rc/3.2-to-main 2021-07-22 13:52:56 +00:00
Rasmus Wriedt Larsen
802d9bda83 Merge pull request #5680 from mrthankyou/python-use-sqlalchemy 
Python: Add SqlAlchemy model
 2021-07-22 15:31:39 +02:00
Taus
020c6e3b3b Python: Update change note 2021-07-22 13:11:29 +00:00
Taus
badf6311c9 Python: Remove flow between globals... 
... in a local scope. Or rather, remove these from the `hasLocalSource`
relation.

This prevents a quadratic blowup when the same global is mentioned
_a lot_ of times within a single function scope.
 2021-07-22 13:10:40 +00:00
Taus
ed794f42b5 Python: Soft revert TypeTrackingNode 
Temporarily instates `TypeTrackingNode` as an alias of `LocalSourceNode`
as having it as a separate class lead to performance regressions.

In the hopes that this will be resolved in the near future, I have left
the current `TypeTrackingNode` implementation in situ, but hidden inside
a `FutureWork` private module.
 2021-07-22 13:10:07 +00:00
Mathias Vorreiter Pedersen
e34261accf Merge branch 'rc/3.2' into mergeback-2021-07-22 2021-07-22 14:40:22 +02:00
Rasmus Wriedt Larsen
38875ca0c7 Python: Improve handling of async methods 2021-07-22 14:17:07 +02:00