hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

9380 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
05573904a5 Python: Move LdapInjection to new dataflow API 
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c360346e9e Python: Move ReflectedXss to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
b30142c1d7 Python: Move CommandInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
700841e9b0 Python: Move UnsafeShellCommandConstruction to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
d4e4e2d426 Python: Move TarSlip to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
e97032909a Python: Move PathInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
245c24077d Python: Move SqlInjection to new dataflow API 2023-08-28 15:27:49 +02:00
yoff
2e981e330b Merge pull request #14059 from RasmusWL/fix-loginjection-tests 
Python: Fix stdlib sinks in LogInjection query
 2023-08-28 14:44:51 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Wriedt Larsen
c807ab4216 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-28 14:04:22 +02:00
yoff
826b8e6aa5 Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen
9c44235782 Python: Modernize DataflowQueryTest.qll 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:40:41 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86 Python: Remove old points-to modeling file 
Since all of this was ported already
 2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
Rasmus Wriedt Larsen
bf9a0dab2a Python: Fix stdlib sinks in LogInjection query 2023-08-25 17:04:48 +02:00
Rasmus Wriedt Larsen
7852429df2 Python: Accept LogInjection .expected changes 
I don't know how this had gone unnoticed for so long, but I realized when I tried to run this query locally
 2023-08-25 17:04:40 +02:00
Rasmus Lerchedahl Petersen
ad49eada48 Python: Do not alter codeql-workspaces.yml 
And remove the qlpack referred to therein.
Instead we rename and duplicate the extesion file
that this qlpack pointed to.
These two extension files are kept in sync by `identical-files.json`.
 2023-08-25 11:46:41 +02:00
Rasmus Lerchedahl Petersen
68cd422788 Python: Fix test expectations 2023-08-25 11:27:53 +02:00
Rasmus Lerchedahl Petersen
137f9e7234 Python: Adress review comments 
- make qldoc accurate
- fix ql4ql alert
 2023-08-24 21:28:07 +02:00
Rasmus Lerchedahl Petersen
d3c24ba110 PythonÆ fix test expectations 2023-08-24 21:21:49 +02:00
Rasmus Lerchedahl Petersen
88fc96e8d7 Python: Add test with prefix 2023-08-24 21:21:49 +02:00
Rasmus Lerchedahl Petersen
7ad1a21c2d Python: make mode characters not be characters 
They are simply considered part of the group start.
 2023-08-24 21:21:49 +02:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
Geoffrey White
f07f97a94e Python: Accept test changes. I think these reflect the 'parse mode chars should not be considered chars' issue. 2023-08-24 10:52:52 +01:00
Rasmus Wriedt Larsen
f33359bd5c Python: Fix tests 2023-08-23 15:37:55 +02:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Rasmus Wriedt Larsen
c8c69aac9b Merge pull request #13561 from amammad/amammad-python-WebAppsConstatntSecretKeys 
Python: Flask & Django Constant Secret Key initialization
 2023-08-21 11:39:19 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
42c7006378 Python: Sync files and make manual changes. 2023-08-21 09:59:01 +02:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Rasmus Wriedt Larsen
b579ab0694 Python: Accept .expected change 2023-08-18 11:12:55 +02:00
Rasmus Wriedt Larsen
38577e6a5c Python: Remove duplicated SSTI tests 
Besides the Cheetah tests, which were missing from the query tests.
 2023-08-18 10:20:16 +02:00
Rasmus Wriedt Larsen
33f8998c2e Python: Minor fix in test 2023-08-18 10:19:44 +02:00
Rasmus Wriedt Larsen
843f2681bb Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-08-18 10:09:45 +02:00
Rasmus Wriedt Larsen
cf54d3f4ca Python: Move paramiko tests to own folder 2023-08-17 15:45:28 +02:00
Rasmus Wriedt Larsen
4c693b4fc3 Python: Port py/xslt-injection to new data-flow 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
ef139f2ee9 Python: Delete XsltSinks.ql test 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c Python: Rename to XsltInjection.ql 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
0336c76871 Python: Rename template injection tests 2023-08-17 15:45:04 +02:00
Rasmus Wriedt Larsen
91edde72c4 Python: Port py/template-injection to new data-flow 
I kept all the modeling in _one_ file, since that makes it easy to work
with such an external contribution... and I would certainly propose this
file setup for the future 👍
 2023-08-17 15:44:26 +02:00
Rasmus Wriedt Larsen
4277be5819 Python: Add change-note 2023-08-17 10:46:36 +02:00
Rasmus Wriedt Larsen
24f9f13790 Python: Fix tests 2023-08-17 10:15:36 +02:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00