9260 Commits

Author	SHA1	Message	Date
Jeroen Ketema	3b8ad087eb	Make imports of codeql.util.Unit private	2023-03-28 14:14:13 +02:00
Anders Schack-Mulligen	47e7aa9566	Dataflow: Add change note.	2023-03-28 13:17:48 +02:00
Rasmus Wriedt Larsen	8ea6b6f256	Python: Update py/azure-storage/unsafe-client-side-encryption-in-use to use datafow	2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen	7a17cd2a9e	Python: Rewrite azure query to more idiomatic ql	2023-03-28 10:06:00 +02:00
Rasmus Wriedt Larsen	691ffcd3a4	Python: Add tests of py/azure-storage/unsafe-client-side-encryption-in-use ... Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.	2023-03-28 10:05:09 +02:00
Anders Schack-Mulligen	d406b051fc	Dataflow: Remove accidentally exposed predicates.	2023-03-28 10:04:21 +02:00
yoff	a1a2eb356c	Merge pull request #11515 from yoff/py/port-comparison-using-is ... python: port `py/comparison-using-is`	2023-03-28 09:42:34 +02:00
Taus	df192383b2	Merge pull request #9722 from ahmed-farid-dev/timing-attack-py	2023-03-27 18:09:35 +02:00
Taus	a3c40a3ae4	Python: Add experimental tags	2023-03-27 14:23:36 +00:00
Rasmus Wriedt Larsen	0b9d16a43e	Merge pull request #12636 from RasmusWL/sql-modeling ... Python: Some more SQL modeling	2023-03-27 15:52:30 +02:00
Taus	af060e8c6b	Merge branch 'main' into timing-attack-py	2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen	d3c3f2dc90	Merge pull request #12628 from erik-krogh/betterReDoS ... ReDoS: better super-linear algorithm	2023-03-27 15:26:49 +02:00
Taus	700eb04487	Python: Lower precision of non-header queries ... cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014	2023-03-27 12:22:17 +00:00
Taus	eaf2930205	Python: Accept test changes ... (These look like they were the result of changes elsewhere in the analysis.)	2023-03-27 12:17:13 +00:00
Taus	0b4c85f8d2	Python: Autoformat and fix broken module reference	2023-03-27 12:16:44 +00:00
yoff	2121ed784f	Merge branch 'main' into python/rewrite-InsecureContextConfiguration	2023-03-27 10:20:53 +02:00
Jeroen Ketema	977f15f8a4	Merge pull request #12649 from jketema/unit ... Replace all definitions of `Unit` by `import codeql.util.Unit`	2023-03-27 08:49:50 +02:00
Raul Garcia	4ba1740c45	Merge branch 'main' into main	2023-03-24 14:56:07 -07:00
Taus	11c89adbe3	Merge branch 'main' into timing-attack-py	2023-03-24 15:40:33 +01:00
Anders Schack-Mulligen	6db8c8b19f	Merge pull request #12656 from aschackmull/dataflow/qldoc ... Dataflow: Minor qldoc fix	2023-03-24 14:57:39 +01:00
Rasmus Lerchedahl Petersen	3c407eaa23	python: rewrite comment	2023-03-24 13:32:25 +01:00
Rasmus Lerchedahl Petersen	8ea4878f7a	python: move comment	2023-03-24 13:24:49 +01:00
Taus	c0eb611dae	Merge pull request #12244 from RasmusWL/import-refined ... Python: Fix import of refined variable	2023-03-24 13:22:19 +01:00
yoff	cf4eac6fa1	Update python/ql/src/Security/CWE-327/PyOpenSSL.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-03-24 13:18:03 +01:00
Anders Schack-Mulligen	85511ba19d	Dataflow: Sync	2023-03-24 12:42:06 +01:00
Jeroen Ketema	a87a9438c7	Replace all definitions of Unit by import codeql.util.Unit	2023-03-24 10:39:34 +01:00
Anders Schack-Mulligen	9d88f01c82	Merge pull request #12645 from aschackmull/dataflow/renaming ... Dataflow: Rename Make to Global and hasFlow to flow	2023-03-24 08:48:31 +01:00
Anders Schack-Mulligen	d440bc2d0c	Dataflow: Sync.	2023-03-23 13:40:23 +01:00
Anders Schack-Mulligen	1c1aa7ecdd	Dataflow: Add change notes.	2023-03-23 13:17:36 +01:00
Anders Schack-Mulligen	d0b7ffda70	Python/Ruby/Swift: Rename references.	2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen	2761aa73ca	Dataflow: Sync.	2023-03-23 13:06:19 +01:00
erik-krogh	e189b36e3f	materialize less strings when ranking states	2023-03-23 10:35:58 +01:00
Kasper Svendsen	ce6be1f636	Dataflow: Instantiate stage 1 access paths with proper unit type	2023-03-23 08:32:16 +01:00
Rasmus Wriedt Larsen	77f1539e71	Python: Add change-note	2023-03-22 15:57:09 +01:00
Rasmus Wriedt Larsen	7b3f710e91	Python: Model aiosqlite	2023-03-22 15:51:47 +01:00
Rasmus Wriedt Larsen	9975facf9d	Python: Make asyncio version of PEP249 modeling library ... so it's also easy to modeling asyncio libraries Also ports aiomysql/aiopg to use this new modeling	2023-03-22 15:51:33 +01:00
Rasmus Wriedt Larsen	2b4ebf7377	Python: Add support for .executescript	2023-03-22 15:20:06 +01:00
Rasmus Wriedt Larsen	eb43fa2644	Python: Make API graph version of PEP249 modeling ... This will allow us to more easily handle the executescript method, which we'll do in next commit.	2023-03-22 15:07:03 +01:00
Rasmus Wriedt Larsen	5930499f1d	Python: Add test for missing .executescript SQL method	2023-03-22 14:57:08 +01:00
Rasmus Wriedt Larsen	170a93cc4f	Python: Model cassandra-driver PyPI package	2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen	e4db5f9a64	Python: Model asyncpg.connection.connect()	2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen	4f9117963d	Python: Model sqlite3.dbapi2	2023-03-22 10:28:04 +01:00
erik-krogh	b071d3557e	JS/PY/RB: add a worst-case test, that now performs OK	2023-03-22 10:13:18 +01:00
yoff	a328d8c93b	Merge pull request #12594 from yoff/python/add-test-to-valid ... python: add test to validation (and fix it)	2023-03-22 09:07:27 +01:00
Raul Garcia	afd89809b2	Merge branch 'main' into main	2023-03-21 08:06:14 -07:00
Raul Garcia	8b4826c0b4	Singleton set literal fix ... Fixing auto-code scanning recommendation	2023-03-21 08:02:30 -07:00
Rasmus Wriedt Larsen	b2f34ef4b1	Merge branch 'main' into import-refined	2023-03-21 15:12:11 +01:00
yoff	e21e630316	Merge branch 'main' into python/add-test-to-valid	2023-03-21 14:47:17 +01:00
Anders Schack-Mulligen	0d6dd7d25a	DataFlow: Sync.	2023-03-21 14:27:25 +01:00
Rasmus Wriedt Larsen	caa25f78d9	Merge pull request #12607 from RasmusWL/fix-dataflow-consistency-output ... Python: Accept dataflow-consistency test changes	2023-03-21 13:20:29 +01:00