hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

2942 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
efec4e7ebf Python: Add missing qldocs 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
657b1997cc Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
46322b717a Python: Move XmlBomb to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
add1077532 Python: Move RegexInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c6caf83dfe Python: Move PolynomialReDoS to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c336990e5 Python: Move XpathInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
60e45335dd Python: Move Xxe to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c76ca6127 Python: Move UrlRedirect to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
6f08e73dbc Python: Move UnsafeDeserialization to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dd074173d2 Python: Move WeakSensitiveDataHashing to new dataflow API 
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
9d6b96dfd2 Python: Move CleartextStorage to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
70095446b6 Python: Move CleartextLogging to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
cca78f31ff Python: Move PamAuthorization to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dcd96083e8 Python: Move StackTraceExposure to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
f75e65c67d Python: Move LogInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
88cf9c99b0 Python: Move CodeInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
05573904a5 Python: Move LdapInjection to new dataflow API 
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c360346e9e Python: Move ReflectedXss to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
b30142c1d7 Python: Move CommandInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
700841e9b0 Python: Move UnsafeShellCommandConstruction to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
d4e4e2d426 Python: Move TarSlip to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
e97032909a Python: Move PathInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
245c24077d Python: Move SqlInjection to new dataflow API 2023-08-28 15:27:49 +02:00
yoff
2e981e330b Merge pull request #14059 from RasmusWL/fix-loginjection-tests 
Python: Fix stdlib sinks in LogInjection query
 2023-08-28 14:44:51 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Wriedt Larsen
c807ab4216 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-28 14:04:22 +02:00
Rasmus Wriedt Larsen
bf9a0dab2a Python: Fix stdlib sinks in LogInjection query 2023-08-25 17:04:48 +02:00
Rasmus Lerchedahl Petersen
137f9e7234 Python: Adress review comments 
- make qldoc accurate
- fix ql4ql alert
 2023-08-24 21:28:07 +02:00
Rasmus Lerchedahl Petersen
7ad1a21c2d Python: make mode characters not be characters 
They are simply considered part of the group start.
 2023-08-24 21:21:49 +02:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Rasmus Wriedt Larsen
c8c69aac9b Merge pull request #13561 from amammad/amammad-python-WebAppsConstatntSecretKeys 
Python: Flask & Django Constant Secret Key initialization
 2023-08-21 11:39:19 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
42c7006378 Python: Sync files and make manual changes. 2023-08-21 09:59:01 +02:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Rasmus Wriedt Larsen
0443057608 Merge branch 'main' into amammad-python-WebAppsConstatntSecretKeys 2023-08-16 15:06:08 +02:00
yoff
b2988e5516 Update python/ql/lib/change-notes/2023-08-07-serverless-sources.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-08-16 12:56:39 +02:00
Rasmus Wriedt Larsen
c55b0982f7 Merge pull request #13819 from yoff/python/relax-module-resolution 
Python: Relax module resolution
 2023-08-16 12:04:49 +02:00
Rasmus Lerchedahl Petersen
6614e037ae Python: format 2023-08-15 21:40:20 +02:00
yoff
7eb41140ab Update python/ql/lib/semmle/python/Module.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-08-15 15:47:00 +02:00
Rasmus Lerchedahl Petersen
8f70c9f950 Python: add comment about namespace packages 2023-08-15 12:02:02 +02:00
Rasmus Wriedt Larsen
d12743d7c3 Merge pull request #13941 from yoff/python/test-nice-location 
Python: fix nice locations for import aliases
 2023-08-14 21:37:23 +02:00
Rasmus Wriedt Larsen
794d04e4c0 Python: Model os.getenv[b] 2023-08-14 11:55:00 +02:00
yoff
d2a0b9a66c Update python/ql/lib/change-notes/2023-08-10-fix-alias-locations.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-08-14 10:55:00 +02:00