hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

2905 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Rasmus Wriedt Larsen
35bd809baf Merge branch 'main' into import-refined 2023-03-06 11:22:56 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Jeroen Ketema
549fb0324b Apply suggestions from code review 2023-03-03 15:26:38 +01:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Rasmus Wriedt Larsen
be7d6689b8 Merge branch 'main' into import-refined 2023-02-27 17:00:48 +01:00
Taus
25043f51a4 Merge pull request #11376 from RasmusWL/call-graph-code 
Python: New type-tracking based call-graph
 2023-02-27 14:51:21 +01:00
Anders Schack-Mulligen
bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
Rasmus Wriedt Larsen
13ae98ea76 Python: Fix submodule exported under wrong name (when attribute clash) 2023-02-23 00:55:30 +01:00
Rasmus Wriedt Larsen
373907265b Python: Fixed most problems from last commit 
That one line was an afterthought, and certainly did not work as
intended.
 2023-02-23 00:39:45 +01:00
Rasmus Wriedt Larsen
97fefd2545 Python: Attempt to fix import flow 
It's nice that it fixes the `InsecureProtocol` test-case (which maybe
should have been a test-case for the import resolution library in the
first place?)

But it's not quite right:

1. it adds spurious flow for `clashing_attr`
2. it runs into huge problems for typetracking_imports/tracked.expected
3. it runs into the problem for
   https://github.com/github/codeql/pull/10176 with an `from <pkg>
   import *` blocking flow from previously defined variable, that is NOT
   overridden. (simplistic_reexport.bar_attr)
 2023-02-23 00:36:30 +01:00
Rasmus Wriedt Larsen
c8a76246d8 Python: Take __all__ into consideration for re-export of from <pkg> import * 
However, we can see that `from <pkg> import *` and `import pkg` are
handled differently. Would have liked `has_defined_all_indirection` to
behave in the same way no matter how the import was made.
 2023-02-22 15:39:57 +01:00
Rasmus Wriedt Larsen
d77ce4f3d7 Python: minor rewrite of from <pkg> import * handling 2023-02-22 15:00:55 +01:00
Rasmus Wriedt Larsen
4df7dfbff6 Python: Don't import module as module_attr 
For `from <pkg> import <attr>` we would use to treat the `<pkg>`
(ImportExpr) as a definition of the name `<attr>`.

Since this removes bad import-flow, and nothing broke, I'm guessing this
was never intentional.
 2023-02-22 14:52:35 +01:00
Rasmus Wriedt Larsen
4a66e48dc5 Python: Allow import resolution with recursive phi/refine steps 2023-02-21 17:46:39 +01:00
Rasmus Wriedt Larsen
00eec6986c Python: Allow import of refined variable 
However, as illustrated by the `CWE-327-InsecureProtocol` test, this fix
is NOT good enough, since now even the `secure_context` is considered to
be insecure (for both versions). Ouch.

Will fix this in a later commit, since it was only discoverd late on.
 2023-02-21 17:45:58 +01:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Rasmus Wriedt Larsen
efc75e02cc Merge pull request #12168 from RasmusWL/crypto-stdlib-modeling 
Python: Add modeling of `hmac`
 2023-02-20 09:26:53 +01:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Rasmus Wriedt Larsen
766e6c400e Python: Handle if-then-else definitions in import resolution 2023-02-16 11:18:30 +01:00
Rasmus Wriedt Larsen
c4fbfb0d07 Merge branch 'main' into call-graph-code 2023-02-15 20:15:04 +01:00
Rasmus Wriedt Larsen
ee5382d8a6 Merge pull request #12193 from RasmusWL/import-resolution-fixup 
Python: Fix `from <pkg> import *` import resolution
 2023-02-15 20:13:24 +01:00
Alex Ford
1556b1a728 Merge branch 'main' into js-use-shared-cryptography 2023-02-15 17:13:53 +00:00
Alex Ford
43af306d60 dynamic: more detailed qldoc for CryptographicOperation#getBlockMode() 2023-02-15 16:55:18 +00:00
Alex Ford
d4d0b91085 dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate 2023-02-15 16:23:46 +00:00
Alex Ford
c7aaad9ed0 JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby 2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen
c72dbc49fc Merge pull request #12165 from RasmusWL/crypto-updates 
Python/Ruby/JS Crypto: Add a few algorithms + block modes
 2023-02-15 14:35:40 +01:00
Rasmus Wriedt Larsen
7e16fa9cbe Python: Add change-note 2023-02-15 14:25:33 +01:00
Rasmus Wriedt Larsen
220f227707 Python: Add wrapper for isPreferredModuleForName 
We talked about how it's annoying that we in 4 places have the same fix
`isPreferredModuleForName(<module>.getFile(), <name> + ["", ".__init__"])`
, and that it would be nice to have a simple wrapper predicate that
ensures we never forget to do the `+ ["", ".__init__"]` dance...

I had trouble coming up with a name for this (ironically), but
I think `getModuleFromName` is good enough.
 2023-02-15 14:23:39 +01:00
Rasmus Wriedt Larsen
66c3529465 Python: Fix import * from __init__.py files 2023-02-15 14:10:37 +01:00
erik-krogh
759854991a fix various nits based on feedback 2023-02-15 11:10:43 +01:00
Rasmus Wriedt Larsen
9e2eb56032 Python: Remove support for late *args arguments 
I found this to cause bad performance, so the implementation of this has
to be thought out more carefully.
 2023-02-15 09:42:11 +01:00
Taus
1b30043422 Python: Move change note to correct directory 2023-02-14 13:48:55 +00:00
Taus
4f7c598ffc Python: Add change note 2023-02-14 13:22:48 +00:00
Taus
39516862c1 Merge remote-tracking branch 'origin/main' into tausbn/python-clean-up-version-handling 2023-02-14 13:07:40 +00:00
Rasmus Wriedt Larsen
1c7fe97427 Python: Add modeling of hmac 2023-02-13 15:39:43 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Rasmus Wriedt Larsen
b2e79e2948 Python/Ruby/JS Crypto: Add a few algorithms + block modes 
I have tried to add a few links to support the claim that these
algorithms are strong/safe. It wasn't always super easy, so in some
cases I have ended up just linking to the documentation of the
`cryptography` Python package.

Co-authored-by: REDMOND\brodes <brodes@microsoft.com>
 2023-02-13 10:40:47 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Rasmus Wriedt Larsen
5c23b47ef4 Python: Fix typo in QLDoc 
Co-authored-by: Taus <tausbn@github.com>
 2023-02-08 16:27:06 +01:00
Rasmus Wriedt Larsen
8bb1d8631a Python: Add call-graph hotfix for sympy 2023-02-08 16:19:29 +01:00