hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

2942 Commits

Author SHA1 Message Date
Joe Farebrother
a7fb73a2b2 Merge pull request #18185 from joefarebrother/python-lxml 
Python: Model additional flow steps for the lxml framework
 2025-01-10 13:40:16 +00:00
Geoffrey White
5ef5b04aac Add change notes. 2025-01-10 11:16:53 +00:00
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
Geoffrey White
f8659c0a4e Sync identical files. 2025-01-10 10:26:13 +00:00
yoff
aca5a51a78 Merge branch 'main' into shared/add-location-to-typetracking-nodes 2025-01-08 12:47:05 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
Dave Bartolomeo
4c53caf021 Update python/ql/lib/change-notes/released/3.1.0.md 2025-01-07 15:58:28 -05:00
Dave Bartolomeo
45c00d6880 Update python/ql/lib/CHANGELOG.md 2025-01-07 15:58:19 -05:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
Dave Bartolomeo
cb31394729 Update python/ql/lib/CHANGELOG.md 2025-01-07 12:23:52 -05:00
Dave Bartolomeo
2e46d26eca Update python/ql/lib/change-notes/released/3.1.0.md 2025-01-07 12:22:31 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
Joe Farebrother
8b174ea07c Apply suggestions from code review - update doc comments 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2025-01-07 15:21:19 +00:00
Dave Bartolomeo
8a2398aaf0 Update python/ql/lib/CHANGELOG.md 2025-01-06 13:26:09 -05:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Tom Hvitved
1b31c90d26 Implement FlowSummaryImpl stubs 2025-01-06 13:26:51 +01:00
Rasmus Wriedt Larsen
a9704d8de0 Update change-note wording 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2024-12-19 14:08:23 +01:00
Rasmus Wriedt Larsen
2b3fc9b36c Python: Add change-note 2024-12-18 16:02:02 +01:00
Rasmus Wriedt Larsen
34631a8784 Python: Model FastAPI requests 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2024-12-18 15:58:51 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Geoffrey White
03f962ed86 Merge pull request #18226 from geoffw0/badcrypto 
Rust: Weak encryption algorithm query.
 2024-12-12 14:21:16 +00:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Geoffrey White
44a0ad2942 Update data-flow -> data flow in all versions of ConceptsShared.qll. 2024-12-12 13:36:26 +00:00
Michael Nebel
2321ca59f6 Python: Update all test util paths to point to the new location. 2024-12-12 13:54:30 +01:00
Joe Farebrother
e6794a9af1 Add change note 2024-12-11 14:27:57 +00:00
Joe Farebrother
2019ddfa7f Qldoc improvements + add a few extra tests 2024-12-11 12:25:40 +00:00
Joe Farebrother
5c8ef28d12 Add missing qldoc and revert accidentilly commited threat model change 2024-12-11 12:04:16 +00:00
Joe Farebrother
29a90235e8 Improve tests and use API graphs 2024-12-10 19:09:45 +00:00
Joe Farebrother
d2b0d7a743 Add missing qldoc 2024-12-10 19:07:53 +00:00
Joe Farebrother
89167da177 Model flow steps for lxml 2024-12-10 19:01:14 +00:00
Joe Farebrother
ef1d898b0d Add qldoc 2024-12-09 19:57:39 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
55557f8dd3 Use API graohs directly 2024-12-09 19:57:07 +00:00
Joe Farebrother
cea196ec61 Add concepts tests + some fixes 2024-12-09 19:55:42 +00:00
Joe Farebrother
71ab82dee0 Fix qldoc, formatting, and redundant import warnings 2024-12-09 19:55:21 +00:00
Joe Farebrother
b2c13fe351 Promote template injection sinks for each framework covered 
`Cheetah` was excluded as it was last updated 15 years ago and its documentation links are dead.
 2024-12-09 19:55:17 +00:00
Joe Farebrother
60d8a85a9c Promote jinja sinks 2024-12-09 19:54:57 +00:00
Joe Farebrother
8647073433 Copy template injection to standard pack + add jinja sinks 2024-12-09 19:47:06 +00:00
yoff
81c8a702ff Merge pull request #18112 from github/tausbn/add-api-graph-support-for-parameter-annotations 2024-12-05 15:05:27 +01:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Anders Schack-Mulligen
8a5fc97b06 Python: Remove deprecated configuration classes referencing deleted api. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Anders Schack-Mulligen
acc260cc3c Python: Delete deprecated data flow api. 2024-12-03 14:41:49 +01:00
Taus
d779ae5c3e Python: Add change note for CFG pruning fix 
... And also bump the extractor version.
 2024-11-26 15:39:15 +00:00
Taus
2734377e5d Python: Add API graph support for parameter annotations 
Adds API graph support for observing that in
```python
def foo(x : Bar): ...
```
The variable `x` is likely to be an instance of the type `Bar` inside
this function.
In particular, we add `getInstanceFromAnnotation` as a predicate on API
graph nodes that tracks this step (corresponding to a new edge type
labeled with "annotation" in the API graph), and extend the existing
`getAnInstance` predicate to also include instances arising from type
annotations.

A more complete solution would also add support for annotated
assignments (`x : Foo = ...` or just `x : Foo`) as well as track types
through type aliases (`type Foo = Bar`). This turns out to be
non-trivial, however, as these type constructs don't have any CFG nodes
(and so no data-flow nodes by default either). In order to not have
perfect be the enemy of good, this commit is only targeting the type
parameter case (which is also likely to be the most common use case
anyway).

The tests for API graphs have been extended accordingly, including tests
for the kinds of type ascriptions that we _don't_ currently model in API
graphs (marked with `MISSING:` in the inline tests).
 2024-11-26 13:03:06 +00:00