9380 Commits

Author	SHA1	Message	Date
Arthur Baars	9d9abaf1f9	Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-02-25 12:27:20 +01:00
github-actions[bot]	20fe22c8c8	Release preparation for version 2.8.2	2022-02-24 14:57:08 +00:00
Rasmus Wriedt Larsen	abe4d8da62	Python: Accept global field-flow inconsistencies ... Yikes	2022-02-24 15:07:18 +01:00
Rasmus Wriedt Larsen	94d23f3817	Python: Also do all field-flow tests in global scope ... Notice that these tests don't pass, to show how they differ in the next commit!	2022-02-24 15:06:40 +01:00
Rasmus Wriedt Larsen	2da4b39844	Python: Add global field-flow tests ... I thought it was interesting that it did not propagate flow to the uses inside the functions :O	2022-02-24 13:15:48 +01:00
Rasmus Wriedt Larsen	aeba497832	Merge pull request #7735 from yoff/python/promote-log-injection ... Python: promote log injection	2022-02-23 16:21:12 +01:00
Taus	3ce7d47b5b	Merge pull request #7452 from jorgectf/python_jwt ... Python: Add Python_JWT to JWT security query	2022-02-23 15:23:20 +01:00
Rasmus Wriedt Larsen	b17c769257	Python: Remove accidental "foo" snippet	2022-02-23 13:30:56 +01:00
Rasmus Wriedt Larsen	5626427ea5	Python: Add "debug partial flow" snippet	2022-02-23 13:30:56 +01:00
jorgectf	4aa1c0a11e	Update .expected	2022-02-23 00:55:39 +01:00
jorgectf	7c108c7892	Polish test	2022-02-22 20:57:20 +01:00
Jorge	0216798cb9	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2022-02-22 20:55:51 +01:00
Arthur Baars	69ed121ecb	Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-22 16:15:33 +01:00
Rasmus Wriedt Larsen	d2cd77aefb	Merge branch 'main' into dataflow-improvements	2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen	b59ab7f5f3	Merge branch 'main' into python/promote-log-injection	2022-02-21 09:59:31 +01:00
jorgectf	c5f30d99d5	Create an extendable AdditionalTaintStep class in customizations	2022-02-20 17:34:12 +01:00
Rasmus Wriedt Larsen	9d81fd3b95	Python: Improve sanitizer/guards tests ... Based on review conversation	2022-02-18 14:12:41 +01:00
Rasmus Wriedt Larsen	7aa559f4aa	Python: Restore dataflow consistency queries	2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen	c5b6fb37b7	Python: Clean up NormalDataflowTest.qll	2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen	67ca14876a	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-02-18 13:47:07 +01:00
Nick Rolfe	17450a5b27	Python/Ruby: rm old prepare-db-upgrade.sh files	2022-02-16 12:21:52 +00:00
Nick Rolfe	ee5068d843	Python/Ruby: forward to generic prepare-db-upgrade.sh	2022-02-16 11:03:28 +00:00
Arthur Baars	ebb87c4b36	Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 ... Post-release preparation for codeql-cli-2.8.1	2022-02-15 20:17:35 +01:00
Rasmus Wriedt Larsen	62d4bb50a5	Python: Autoformat ... Trailing whitespace is a bit too easy with the ```suggestions through the UI :|	2022-02-15 10:38:52 +01:00
Rasmus Wriedt Larsen	5a90214ece	Merge pull request #7783 from yoff/python/promote-ldap-injection ... Python: promote LDAP injection query	2022-02-15 10:24:18 +01:00
yoff	de5b3a272d	Merge pull request #7660 from RasmusWL/deprecate-old-modeling ... Python: Deprecate old points-to based modeling	2022-02-14 19:48:03 +01:00
yoff	3a995ec1b1	Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-02-14 16:08:44 +01:00
yoff	62598c0fd1	Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-02-14 16:07:40 +01:00
Rasmus Lerchedahl Petersen	d1200d0cd5	python: fix change-note formatting	2022-02-14 12:22:29 +01:00
Rasmus Lerchedahl Petersen	84447e4710	python: more detailed alert message	2022-02-14 11:55:07 +01:00
Rasmus Lerchedahl Petersen	bd14adefa0	python: add apologetic comment	2022-02-14 11:37:46 +01:00
root	5ed5e0b105	Add query to detect ZipSlip	2022-02-13 16:44:27 -05:00
Chuan-kai Lin	9b4dbb9dd8	Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme ... Upgrade scripts testing: set initial dbschemes	2022-02-11 11:06:12 -08:00
Taus	d7f30de5b0	Merge pull request #7874 from RasmusWL/set-store-step ... Python: Fix setStoreStep to use `SetElementContent`	2022-02-11 12:50:02 +01:00
github-actions[bot]	21bf29353f	Post-release preparation for codeql-cli-2.8.1	2022-02-11 11:07:31 +00:00
github-actions[bot]	f25fc70b7c	Release preparation for version 2.8.1	2022-02-10 22:08:24 +00:00
Taus Brock-Nannestad	be323bafaf	Merge remote-tracking branch 'upstream/main' into python-normalise-prefixes	2022-02-10 12:55:49 +01:00
Tom Hvitved	58d90c7f8d	Python: More points-to performance improvements	2022-02-10 10:29:30 +01:00
Tom Hvitved	7fd8d6dd30	Address review comments	2022-02-10 10:29:30 +01:00
Tom Hvitved	2de892bfd8	Python: Points-to performance improvements	2022-02-10 10:29:30 +01:00
Rasmus Wriedt Larsen	94f9656e8e	Python: Solve deprecation warnings for old experimental queries	2022-02-10 00:09:43 +01:00
Tamás Vajk	6483a92587	Merge pull request #7865 from github/post-release-prep/codeql-cli-2.8.0 ... Post-release preparation for codeql-cli-2.8.0	2022-02-09 16:42:38 +01:00
Rasmus Lerchedahl Petersen	aa010e420b	python: update qhelp	2022-02-09 15:27:39 +01:00
Rasmus Lerchedahl Petersen	75a2f92ce4	pthon: add change note	2022-02-09 15:23:36 +01:00
Rasmus Lerchedahl Petersen	313f9f056c	python: switch to using concepts	2022-02-09 14:36:48 +01:00
Rasmus Lerchedahl Petersen	17aa2898f9	python: model (xpathEval from) libxml2	2022-02-09 14:25:43 +01:00
Rasmus Lerchedahl Petersen	e8649d8947	python: model (etree from) lxml	2022-02-09 14:15:17 +01:00
Rasmus Wriedt Larsen	9d5e8d5bd8	Merge pull request #7842 from RasmusWL/consistency-queires ... Misc: Streamline `consistency-queries/qlpack.yml`	2022-02-09 13:42:18 +01:00
jorgectf	85b5ef36ae	XmlInjection -> XmlEntityInjection	2022-02-09 13:28:56 +01:00
Tom Hvitved	9440a45015	Merge branch 'main' into post-release-prep/codeql-cli-2.8.0	2022-02-09 09:40:33 +01:00