hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

4694 Commits

Author SHA1 Message Date
Raul Garcia
4ba1740c45 Merge branch 'main' into main 2023-03-24 14:56:07 -07:00
Taus
11c89adbe3 Merge branch 'main' into timing-attack-py 2023-03-24 15:40:33 +01:00
Rasmus Lerchedahl Petersen
3c407eaa23 python: rewrite comment 2023-03-24 13:32:25 +01:00
Rasmus Lerchedahl Petersen
8ea4878f7a python: move comment 2023-03-24 13:24:49 +01:00
yoff
cf4eac6fa1 Update python/ql/src/Security/CWE-327/PyOpenSSL.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-03-24 13:18:03 +01:00
Anders Schack-Mulligen
d0b7ffda70 Python/Ruby/Swift: Rename references. 2023-03-23 13:06:19 +01:00
Raul Garcia
afd89809b2 Merge branch 'main' into main 2023-03-21 08:06:14 -07:00
Raul Garcia
8b4826c0b4 Singleton set literal fix 
Fixing auto-code scanning recommendation
 2023-03-21 08:02:30 -07:00
Asger F
6d665da4dc Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Raul Garcia
1400b4b520 Update UnsafeUsageOfClientSideEncryptionVersion.ql 
*  predicate `isUnsafeClientSideAzureStorageEncryptionViaObjectCreation` was not useful (it was meant to detect the SDK code, not its usage)
* fixed & simplified `isUnsafeClientSideAzureStorageEncryptionViaAttributes`, the original query was not finding the right code.
NOTE: tested with a real project: https://github.com/wastore/azure-storage-samples-for-python/tree/master/ClientSideEncryptionToServerSideEncryptionMigrationSamples/ClientSideEncryptionV1ToV2
 2023-03-20 18:52:58 -07:00
Erik Krogh Kristensen
a9d40d39d9 Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Rasmus Lerchedahl Petersen
ed15cce31f python: add change note 2023-03-20 14:22:58 +01:00
Rasmus Lerchedahl Petersen
72e97918e9 python: format 2023-03-20 14:11:10 +01:00
Rasmus Lerchedahl Petersen
5f438e433d python: exclude nonlocals from query 2023-03-20 13:34:39 +01:00
erik-krogh
ef498020c2 PY: dont depend on codeql/util in src/ now that its added to lib/ 2023-03-20 12:11:06 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
erik-krogh
6a5d6eb5c2 lower precision of py/shell-command-constructed-from-input to medium 2023-03-13 14:56:42 +01:00
erik-krogh
d001cc40d3 Merge branch 'main' into py-shell 2023-03-13 14:56:04 +01:00
Anders Schack-Mulligen
21d5fa836b Python: Autoformat 2023-03-10 09:41:17 +01:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Rasmus Lerchedahl Petersen
072df5dbc0 python: remove protocol family 
this concept was due to my confusion between
TLS and SSL23, but they are aliases.

We might want to bring back the concept if we model DTLS.

Also, model what exactly creations allow,
bring this back from the unrestrictions they used to be.

We accept the changes regarding sources being reported differently.
 2023-03-07 14:41:13 +01:00
Rasmus Lerchedahl Petersen
8160f742a5 Python: small clean-up 
- no need for th 2-suffix
- context creations are no longer unrestrictions
 2023-03-06 19:47:53 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Anders Schack-Mulligen
34cc93846b Python: Adjust InsecureProtocol query. 2023-03-01 13:36:10 +01:00
Ahmed Farid
6a578c62b0 Update TimingAttack.qll 2023-02-27 22:16:09 +01:00
Taus
25043f51a4 Merge pull request #11376 from RasmusWL/call-graph-code 
Python: New type-tracking based call-graph
 2023-02-27 14:51:21 +01:00
Rasmus Lerchedahl Petersen
9e97877938 python: lower precision as discussed 2023-02-20 12:06:19 +01:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00
Calum Grant
35a53fa990 Merge pull request #12183 from RasmusWL/example-update 
Python: Update a few examples so queries work on them
 2023-02-17 14:21:38 +00:00
yoff
2f8dddabb6 Merge pull request #11570 from Sim4n6/UnsafeUnpack 
Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests
 2023-02-17 09:48:05 +01:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
amammad
54582031d8 v1 2023-02-16 17:14:32 +01:00
Ahmed Farid
ccbb58966f Update TimingAttack.qll 2023-02-16 14:15:04 +01:00
Ahmed Farid
a421e3a3a3 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 14:14:43 +01:00
Ahmed Farid
f57861b6a3 Update TimingAttack.qll 2023-02-16 14:14:13 +01:00
Ahmed Farid
f70f5c7935 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 14:03:26 +01:00
Ahmed Farid
4b3efa87dc Update TimingAttack.qll 2023-02-16 14:01:29 +01:00
Ahmed Farid
005839b462 Update TimingAttack.qll 2023-02-16 12:49:40 +01:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Ahmed Farid
01b865f75b Update TimingAttack.qll 2023-02-16 01:36:06 +01:00
Ahmed Farid
fbfe23b7c4 Update TimingAttack.qll 2023-02-16 01:21:50 +01:00
Ahmed Farid
b8f9b2b424 Update TimingAttackAgainstHeaderValue.ql 2023-02-16 01:11:41 +01:00
Ahmed Farid
016136a2e3 Update TimingAttack.qll 2023-02-16 01:10:36 +01:00
erik-krogh
759854991a fix various nits based on feedback 2023-02-15 11:10:43 +01:00
Rasmus Wriedt Larsen
dc5bb4fb77 Python: Update a few examples so queries work on them 
Fixes problem highlighted in https://github.com/github/codeql/issues/12156
 2023-02-14 11:54:18 +01:00
Sim4n6
eed19a3e15 Fix autoformatting issues 2023-02-10 21:58:29 +01:00
Sim4n6
09df055d86 Fix the exists cast warning 2023-02-09 15:25:54 +01:00