4694 Commits

Author	SHA1	Message	Date
jorgectf	dbf5b24b86	Polish Sendgrid.qll qldoc	2021-10-28 18:26:35 +02:00
Erik Krogh Kristensen	15c90adec5	remove redundant cast where the type is enforced by an equality comparison	2021-10-28 18:08:20 +02:00
jorgectf	47b14f1adc	Polish Concepts.qll qldocs	2021-10-28 17:55:34 +02:00
jorgectf	b3ec82cd36	Merge branch 'jorgectf/python/jwt-queries' of https://github.com/jorgectf/codeql into jorgectf/python/jwt-queries	2021-10-28 17:40:33 +02:00
jorgectf	a6c285ad32	Apply getItem(_) and extend verifiesSignature readability	2021-10-28 17:40:27 +02:00
Jorge	f4d63cc5e7	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2021-10-28 17:34:11 +02:00
jorgectf	ef4a27ff8c	Apply code review suggestions	2021-10-28 17:31:52 +02:00
jorgectf	e8e0f0fea8	Add temporary .expected	2021-10-28 14:22:14 +02:00
jorgectf	bf68495102	Polish FlaskMail qldocs	2021-10-28 14:21:43 +02:00
jorgectf	c9634f3c6f	Fix getFlaskMailArgument()	2021-10-28 13:54:14 +02:00
jorgectf	4c2a4226ef	Merge remote-tracking branch 'origin/main' into jty/python/emailInjection	2021-10-28 13:26:57 +02:00
jorgectf	3dec222922	Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries	2021-10-28 13:11:46 +02:00
jorgectf	7069f45864	Polish documentation	2021-10-28 13:09:28 +02:00
Rasmus Wriedt Larsen	58bc1102e5	Merge branch 'main' into jorgectf/python/deserialization	2021-10-28 12:31:34 +02:00
jorgectf	cf9e9f9dd4	Add cookie injection query missing proper tests	2021-10-28 10:28:45 +02:00
jorgectf	5dc1ad6f8a	Polish .ql	2021-10-28 09:25:47 +02:00
jorgectf	48c3c3d8a8	Broaden scope	2021-10-27 21:00:50 +02:00
jorgectf	28ec8c9dee	Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie	2021-10-27 19:00:55 +02:00
jorgectf	350cbb4c5d	Polish qhelp and libraries	2021-10-27 18:47:19 +02:00
Rasmus Lerchedahl Petersen	fed6a97eb8	Python: Promote ReDoS queries	2021-10-27 11:03:57 +02:00
Erik Krogh Kristensen	44afa34e37	Merge branch 'main' of github.com:github/codeql into htmlReg	2021-10-26 14:46:27 +02:00
Erik Krogh Kristensen	a3c55c2aec	use set literal instead of big disjunction of literals	2021-10-26 12:55:25 +02:00
Rasmus Wriedt Larsen	852e9875bd	Python: Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2021-10-21 10:24:34 +02:00
Rasmus Wriedt Larsen	8f28684d10	Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql	2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen	605494c3d1	Python: Treat SyntaxErrors as warnings in diagnostics ... Rename going to happen in second commit, so git doesn't get too confused I don't actually recall where to lookup that warning is 1, and error is 2, but I took this from https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123	2021-10-20 16:59:00 +02:00
Rasmus Wriedt Larsen	b0af805460	Merge pull request #6899 from thepurpleowl/patch-1 ... Python SignatureOverriddenMethod: Rmv duplicate condition	2021-10-19 11:24:01 +02:00
Surya Prakash Sahu	2871bdb206	Python SignatureOverriddenMethod: Rmv duplicate condition	2021-10-17 18:04:20 +05:30
jorgectf	14c50e993b	Add django GET.get RFS	2021-10-16 13:10:48 +02:00
jorgectf	45146bc798	Merge branch 'main' into jorgectf/python/headerInjection	2021-10-16 12:46:57 +02:00
jorgectf	2db1ffef1e	Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection	2021-10-16 10:40:52 +02:00
jorgectf	f1a73e3009	Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization	2021-10-16 10:07:13 +02:00
jorgectf	c2046f1777	Improve readability for xmlDom()	2021-10-16 10:07:11 +02:00
Jorge	be424704a6	Apply suggestions from code review ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-10-16 10:04:50 +02:00
jorgectf	320a00be31	Delete simple API::Nodes	2021-10-16 10:02:43 +02:00
jorgectf	5b66a15de3	Extend mayBeDangerous() QLDoc	2021-10-16 09:57:28 +02:00
Rasmus Wriedt Larsen	7cd5e681dd	Merge pull request #6693 from yoff/python/promote-regex-injection ... Python: Promote `py/regex-injection`	2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen	47a85bbb1d	Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality ... Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'	2021-10-14 13:47:03 +01:00
Mathias Vorreiter Pedersen	a2371370ff	Merge pull request #6865 from MathiasVP/fix-if-none ... C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction	2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen	a80860cdc6	Python: Replace '.prefix'/'.suffix' with '.matches'.	2021-10-13 13:23:12 +01:00
Mathias Vorreiter Pedersen	bdc54bcda7	Python: Replace 'if p() then q() else none()' with a conjunction.	2021-10-13 12:13:55 +01:00
Rasmus Lerchedahl Petersen	61008fd3d0	Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection	2021-10-12 11:28:12 +02:00
yoff	43f7eede0b	Merge pull request #6182 from haby0/python/LogInjection ... Python: CWE-117 Log injection	2021-10-12 10:54:45 +02:00
haby0	d52f95d24d	Auto Formatting	2021-10-12 09:36:44 +08:00
yoff	0629ce00de	Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck ... [Python] CWE-348: Client supplied ip used in security check	2021-10-11 16:38:04 +02:00
haby0	538bf7c321	Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql ... Co-authored-by: yoff <lerchedahl@gmail.com>	2021-10-07 19:44:25 +08:00
haby0	a17b0d4e5c	Modify Sanitizer	2021-10-05 17:12:04 +08:00
Erik Krogh Kristensen	8d6cac76cc	apply suggestions from asgerf	2021-10-04 12:45:02 +02:00
Rasmus Wriedt Larsen	987b573709	Fix hasLocationInfo URL reference ... Follow up to https://github.com/github/codeql/pull/5830	2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen	aafae24ef2	update qhelp	2021-09-28 23:11:02 +02:00
Rasmus Wriedt Larsen	e472814ddd	Python: Fix XXE qhelp	2021-09-28 17:02:39 +02:00