hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

9240 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
53de8287f5 python: rule out test code for CSRF 2022-03-22 14:57:05 +01:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent 
for CSRF to be likely
 2022-03-22 13:42:52 +01:00
Rasmus Wriedt Larsen
6bd9d82610 Merge pull request #8061 from RasmusWL/orm 
Python: Add data-flow through Django ORM models
 2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc 
As suggested by @hmac
 2022-03-22 10:33:58 +01:00
Rasmus Lerchedahl Petersen
f5b53083ae python: require authentication middleware 
for CSRF to be relevant
 2022-03-22 08:44:19 +01:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
Rasmus Wriedt Larsen
88184ba9f5 Python: Update path-injection .expected 
AHA! This change happened because we are no longer importing all the old
deprecated implementation.
 2022-03-21 20:24:12 +01:00
Rasmus Wriedt Larsen
758a81cc0f Python: Remove import of Concepts in DataFlowPrivate 
As discussed in PR review
 2022-03-21 16:22:15 +01:00
Rasmus Wriedt Larsen
978ef05571 Python: Add change-note 2022-03-21 16:18:40 +01:00
Rasmus Wriedt Larsen
b8dee25cce Python: ReflectedXSS -> ReflectedXss for new Query file 
So we stick to the naming conventions.

This rename is OK, since the new file was only just introduced in this
PR.
 2022-03-21 16:12:38 +01:00
Arthur Baars
79cd7bf8ed Python: create semmle/python/dataflow/new/Regex.qll 2022-03-21 15:57:19 +01:00
Rasmus Wriedt Larsen
695553ba9f Python: Deprecate old non-Query.qll dataflow defs 2022-03-21 15:03:22 +01:00
Rasmus Wriedt Larsen
db86a18791 Python: Autoformat 2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
0125aea91b Python: Re-introduce old dataflow configs .qll files 
and move all the old deprecated aliases to that file. We now have a
situation where all queries should work as they did before, and we just
have these new Query.qll files that contain the implementation.

(deprecation comes later)
 2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
1bf8fa6a3b Python: Adopt Query.qll suffix for dataflow config defs 
This commit in itself makes everything break, but should make it easy to
follow the overall changes being made.
 2022-03-21 14:53:53 +01:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage 
Ruby: add `rb/clear-text-storage-sensitive-data` query
 2022-03-21 10:05:39 +00:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" 
This reverts commit 6d24591416.
 2022-03-18 16:31:22 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Arthur Baars
6d24591416 Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" 
This reverts commit ce50f35dda.
 2022-03-18 13:02:55 +01:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen
f3ca6bbc2e PY: update expected output after fixing bug in flask model 2022-03-17 09:42:30 +01:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Rasmus Wriedt Larsen
ae1ba11d57 Merge branch 'main' into orm 2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen
f1e6271d20 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-16 10:53:19 +01:00
Rasmus Wriedt Larsen
461e2f3663 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-16 10:43:20 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
haby0
e11c74c580 Delete redundant comments 2022-03-15 15:25:08 +08:00
haby0
4195eef9ba Add CSV injection model 2022-03-15 15:15:38 +08:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-14 16:03:45 +01:00
Erik Krogh Kristensen
689f3c0478 update some references to deprecated module names 2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen
a4525bbb29 add change-note 2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen
ad2ab5602e PY: rename remaining private python modules 2022-03-14 12:22:33 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Rasmus Wriedt Larsen
2f4a22c86c Merge pull request #6112 from jorgectf/jorgectf/python/deserialization 
Python: Port and extend XXE modeling
 2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
Jeroen Ketema
c832b21fbe Add change notes for changes to the taint tracking library 2022-03-14 10:38:48 +01:00