codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Tom Hvitved	6f518c1996	Data flow: Sync files	2022-10-05 12:58:29 +02:00
Asger F	ab6e488efe	Python: sync	2022-10-05 11:10:35 +02:00
Asger F	28f4dff1d3	Python: sync	2022-10-04 11:15:11 +02:00
Rasmus Wriedt Larsen	d7be27a1c0	Python: Fix experimental `py/ip-address-spoofing` I realized the modeling was done in a non-recommended way, so I changed the modeling. It was very nice that I could use API graphs for the flask part, and a little sad when I couldn't for Django/Tornado.	2022-10-03 21:19:30 +02:00
Tom Hvitved	e57c3bec63	Sync files	2022-10-03 20:29:39 +02:00
Tom Hvitved	dc432c7774	Sync shared files	2022-09-30 14:56:56 +02:00
Asger F	6e1914ad01	Merge pull request #10375 from asgerf/rb/summarize-loads-v2 Ruby: type-tracking and API edges through simple library callables	2022-09-30 14:25:17 +02:00
Nick Rolfe	ef8ec0878a	Merge pull request #10641 from github/nickrolfe/a_an JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 12:17:15 +01:00
CodeQL CI	b66e5c5aee	Merge pull request #10634 from yoff/python/rewrite-typetrackers Approved by tausbn	2022-09-30 03:55:35 -07:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
yoff	8ab5617b51	Merge pull request #10539 from yoff/python/improve-API-graphs Python: add subscript to API graphs	2022-09-29 21:05:22 +02:00
Rasmus Lerchedahl Petersen	0654e39e72	python: rewrite type tracker for compiled regexes we have the option to use `regex.getAValueReachingSink` rather than `regex.asSink`, but it will likely be used as a sink for data flow.	2022-09-29 20:30:29 +02:00
Rasmus Wriedt Larsen	0cb8e121e9	Python: Fix flask request modeling This takes us part of the way. We still get multiple paths for the same alert, but that will be fixed in a different PR.	2022-09-29 17:41:21 +02:00
Asger F	ed36f1983b	Python: sync TypeTracker.qll	2022-09-29 15:57:09 +02:00
Asger F	dc03557aea	Merge branch 'main' into rb/summarize-loads-v2	2022-09-29 12:07:30 +02:00
Rasmus Lerchedahl Petersen	a11948bea0	Python: make toString follow member predicate name	2022-09-28 16:13:04 +02:00
Rasmus Lerchedahl Petersen	d122a64e74	Python: do not commit to `CfgNode`	2022-09-28 16:12:29 +02:00
Asger F	24f2a3cdff	Sync ApiGraphModels.qll	2022-09-28 12:17:44 +02:00
Rasmus Lerchedahl Petersen	05102f9007	Python: add change note	2022-09-28 12:06:05 +02:00
Rasmus Lerchedahl Petersen	b1ae3bfdb2	Python: less eager tracking of flow	2022-09-28 11:46:26 +02:00
yoff	70d47f313e	Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-09-28 11:33:00 +02:00
Asger F	9c93ad904f	Python: sync	2022-09-28 10:49:34 +02:00
Asger F	e47deaffbf	Ruby: More QLDoc police	2022-09-28 10:49:34 +02:00
Asger F	7737e75427	Update some QLDoc comments	2022-09-28 10:49:34 +02:00
Asger F	576e320bf5	Python: sync	2022-09-28 10:49:34 +02:00
Asger F	e104b65106	Python: sync TypeTracker.qll and adapt accordingly fixup python	2022-09-28 10:49:33 +02:00
Tom Hvitved	df2b586e7c	Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in Data flow: Fix bad join-order when getAReadContent has large fan-in	2022-09-27 20:04:58 +02:00
Tom Hvitved	335e1a8233	Address review comments	2022-09-27 13:36:52 +02:00
erik-krogh	7675571daa	fix RegExpEscape::getValue having multiple results for some escapes	2022-09-27 13:25:23 +02:00
Tom Hvitved	45fc62f16b	Data flow: Sync files	2022-09-26 20:39:48 +02:00
Anders Schack-Mulligen	1687d08587	Dataflow: Sync.	2022-09-26 16:10:03 +02:00
Rasmus Lerchedahl Petersen	441fc1bb28	Python: type trackers to API graph base on new subscript in the API graph There are a few more uses of type tracking through `SubscriptNode`s, but these start from an instance given by a data flow node.	2022-09-26 15:05:50 +02:00
Rasmus Lerchedahl Petersen	bc963b2386	Python: subscript on `API::Node`	2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen	6114d71d3d	Python: subscript on local source nodes and adjust comment on awaited	2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen	7f610405a0	Python: move code and harmonize comments	2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen	69640f3c20	Python: refactor awaited	2022-09-26 13:39:59 +02:00
Dave Bartolomeo	3bd456e52d	Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 Post-release preparation for codeql-cli-2.11.0	2022-09-23 18:13:59 -04:00
github-actions[bot]	6cef0af5df	Post-release preparation for codeql-cli-2.11.0	2022-09-23 21:01:40 +00:00
Rasmus Wriedt Larsen	71da217b82	Merge pull request #10535 from RasmusWL/flask-jsonify Python: Model `flask.jsonify`	2022-09-23 12:18:27 +02:00
Asger F	11ba0f0bbe	Merge pull request #10253 from asgerf/js/type-defs-squashed JS: Add generated typings to SQL models	2022-09-23 11:34:01 +02:00
Tom Hvitved	8b424d181a	Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`	2022-09-23 10:38:48 +02:00
github-actions[bot]	f5cf8cffa3	Release preparation for version 2.11.0	2022-09-22 20:14:12 +00:00
Dave Bartolomeo	cee0e8e137	Merge pull request #10532 from github/henrymercer/3.7-mergeback Final mergeback from `rc/3.7`	2022-09-22 13:42:59 -04:00
Tom Hvitved	ad6b870f94	Data flow: Sync files	2022-09-22 15:01:33 +02:00
Rasmus Wriedt Larsen	d3f811cab3	Python: Accept any arg to `flask.jsonify` Thanks @tausbn 👍	2022-09-22 14:59:06 +02:00
Rasmus Wriedt Larsen	8174120916	Python: Model `flask.jsonify`	2022-09-22 14:43:39 +02:00
Tom Hvitved	f0f4fe7286	Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update Ruby: Add post-update nodes for compound arguments	2022-09-22 13:18:51 +02:00
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Tom Hvitved	db8b6ac69a	Data flow: Sync files	2022-09-21 11:02:24 +02:00

... 34 35 36 37 38 ...

2968 Commits