hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

2986 Commits

Author SHA1 Message Date
Arthur Baars
af1d949d06 Merge pull request #8489 from aibaars/regex-refactor 
Ruby: refactor regex libraries
 2022-03-28 12:17:00 +02:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef 
Python: Add def nodes to API graphs
 2022-03-28 08:09:14 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Rasmus Lerchedahl Petersen
1e9840d779 python: broaden local protection concept 2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen
179f77b123 python: clearer comment 2022-03-25 11:51:24 +01:00
yoff
85f1d92a0d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-25 11:42:32 +01:00
Rasmus Wriedt Larsen
d51aaf2f91 Python: Import framework-modeling in regex.qll 2022-03-24 14:28:44 +01:00
Arthur Baars
1a9aaf4543 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-24 11:37:03 +01:00
Arthur Baars
74aea81fe3 Ruby: refactor regex libraries 2022-03-24 11:37:02 +01:00
Rasmus Lerchedahl Petersen
93336bcb16 python: allow alternative middleware 
(observed [on LGTM](9d6a7ee180/files/mozillians/settings.py (L96)))
 2022-03-23 12:27:51 +01:00
Rasmus Lerchedahl Petersen
441e206cfa python: CSRF -> Csrf 2022-03-23 11:29:27 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding 
Python/JS/Ruby: Shared concepts scaffolding
 2022-03-23 10:22:42 +01:00
yoff
47e062cfb9 Merge pull request #8486 from aibaars/incomplete-hostname-python 
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
 2022-03-22 15:06:14 +01:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent 
for CSRF to be likely
 2022-03-22 13:42:52 +01:00
Rasmus Wriedt Larsen
6bd9d82610 Merge pull request #8061 from RasmusWL/orm 
Python: Add data-flow through Django ORM models
 2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc 
As suggested by @hmac
 2022-03-22 10:33:58 +01:00
Rasmus Lerchedahl Petersen
f5b53083ae python: require authentication middleware 
for CSRF to be relevant
 2022-03-22 08:44:19 +01:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
Rasmus Wriedt Larsen
758a81cc0f Python: Remove import of Concepts in DataFlowPrivate 
As discussed in PR review
 2022-03-21 16:22:15 +01:00
Rasmus Wriedt Larsen
978ef05571 Python: Add change-note 2022-03-21 16:18:40 +01:00
Rasmus Wriedt Larsen
b8dee25cce Python: ReflectedXSS -> ReflectedXss for new Query file 
So we stick to the naming conventions.

This rename is OK, since the new file was only just introduced in this
PR.
 2022-03-21 16:12:38 +01:00
Arthur Baars
79cd7bf8ed Python: create semmle/python/dataflow/new/Regex.qll 2022-03-21 15:57:19 +01:00
Rasmus Wriedt Larsen
695553ba9f Python: Deprecate old non-Query.qll dataflow defs 2022-03-21 15:03:22 +01:00
Rasmus Wriedt Larsen
db86a18791 Python: Autoformat 2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
0125aea91b Python: Re-introduce old dataflow configs .qll files 
and move all the old deprecated aliases to that file. We now have a
situation where all queries should work as they did before, and we just
have these new Query.qll files that contain the implementation.

(deprecation comes later)
 2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
1bf8fa6a3b Python: Adopt Query.qll suffix for dataflow config defs 
This commit in itself makes everything break, but should make it easy to
follow the overall changes being made.
 2022-03-21 14:53:53 +01:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage 
Ruby: add `rb/clear-text-storage-sensitive-data` query
 2022-03-21 10:05:39 +00:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" 
This reverts commit 6d24591416.
 2022-03-18 16:31:22 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Rasmus Wriedt Larsen
ae1ba11d57 Merge branch 'main' into orm 2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen
f1e6271d20 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-16 10:53:19 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-14 16:03:45 +01:00
Erik Krogh Kristensen
689f3c0478 update some references to deprecated module names 2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen
a4525bbb29 add change-note 2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen
ad2ab5602e PY: rename remaining private python modules 2022-03-14 12:22:33 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00