codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
amammad	6520e2fdfb	update Fabric models, add new sink to Fabric, add proper test cases	2024-05-06 14:36:10 +02:00
amammad	2708e57e4b	add pyTorch :) code execution sinks, add proper tests	2024-05-06 14:36:10 +02:00
amammad	cffdc5b452	add panas code execution sinks, add proper tests	2024-05-06 14:36:10 +02:00
Chuan-kai Lin	535e6db40f	Python: Use entities in reorder directives	2024-05-03 11:17:41 -07:00
Owen Mansel-Chan	83249cd9c2	Fix grammar in comment	2024-05-02 09:59:48 +01:00
Owen Mansel-Chan	16dcc0969b	Standardise comment explaining why extensible predicates must be defined	2024-05-01 22:00:01 +01:00
Joe Farebrother	fd55713006	add changenote	2024-04-30 18:17:18 +01:00
Joe Farebrother	c6372d5822	Fix qldoc and remove PotentialViewCallable class	2024-04-30 18:13:06 +01:00
Joe Farebrother	ba054bd428	Manually specify subclasses for redirect models	2024-04-30 14:33:46 +01:00
github-actions[bot]	99928b82ed	Post-release preparation for codeql-cli-2.17.2	2024-04-30 12:15:35 +00:00
github-actions[bot]	5228d94d42	Release preparation for version 2.17.2	2024-04-30 10:25:51 +00:00
Joe Farebrother	7df8b1ba51	Don't rely on specific parameter names, add qldoc	2024-04-30 09:45:11 +01:00
erik-krogh	800d7546fa	change all the change-notes to breaking	2024-04-26 17:17:23 +02:00
erik-krogh	14d88eb3ce	add change-notes	2024-04-26 12:56:28 +02:00
erik-krogh	baa31e1469	delete outdated deprecations	2024-04-25 22:19:28 +02:00
Joe Farebrother	2a0459838b	Add models for responses	2024-04-25 15:55:59 +01:00
Joe Farebrother	86d1e5b646	Add additional type tracking for request attributes	2024-04-25 13:58:36 +01:00
Rasmus Wriedt Larsen	13ff9412a4	Merge pull request #16252 from RasmusWL/move-dataflow-tests Python: Move dataflow tests out of experimental	2024-04-25 10:05:06 +02:00
Joe Farebrother	2b935e575a	Add concept tests + fix typo	2024-04-24 14:05:41 +01:00
Joe Farebrother	ec4c820391	Fix deprecation	2024-04-24 14:05:41 +01:00
Joe Farebrother	f3b27d611a	Add test case for validated wsgiref servers + fix typo	2024-04-24 14:05:40 +01:00
Joe Farebrother	d4a072818f	Add more tests	2024-04-24 14:05:40 +01:00
Joe Farebrother	eeef062f7c	Implement sinks for wsgiref + allow lists in bulk header updates + local flow	2024-04-24 14:05:39 +01:00
Joe Farebrother	8636a50190	Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query)	2024-04-24 14:05:38 +01:00
Joe Farebrother	fa28d94363	Added a sanitizer for replacing newlines.	2024-04-24 14:05:38 +01:00
Joe Farebrother	dbbc944f32	Correct spelling	2024-04-24 14:05:38 +01:00
Joe Farebrother	a88ad62c00	Implemented sinks for bulk header updates, and added corresponding tests.	2024-04-24 14:05:38 +01:00
Joe Farebrother	3e9341ff8a	Model class instantiation for werkzueg headers	2024-04-24 14:05:37 +01:00
Joe Farebrother	b9984beb16	Add test cases	2024-04-24 14:05:37 +01:00
Joe Farebrother	68d90918cf	Add to header write concept a specification of whether the name or value arg allows newlines. Ported sink defenitions from Flask and Werzeug from experimental to main. Removed experimental sink definitions for Django, as neither name nor value are vulnerable.	2024-04-24 14:05:37 +01:00
Joe Farebrother	25ffcb2fde	Split into customizations file	2024-04-24 14:05:37 +01:00
Joe Farebrother	6021d9238c	Move headers injection query and concept from experimental to main	2024-04-24 14:05:37 +01:00
Nick Rolfe	af72c0848e	Merge pull request #16306 from github/nickrolfe/js-sensitive JS: do fewer regexp matches in SensitiveActions	2024-04-24 09:49:44 +01:00
Nick Rolfe	003d208574	JS: do fewer regexp matches in SensitiveActions	2024-04-23 15:31:38 +01:00
Anders Schack-Mulligen	b2f09949df	Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 Dataflow: update fieldFlowBranchLimit semantics	2024-04-23 10:08:05 +02:00
Rasmus Wriedt Larsen	e0e405bb31	Python: replace dataflow-test location in files	2024-04-23 09:40:59 +02:00
Joe Farebrother	f85ee38e04	Add instance taint steps for requests	2024-04-22 16:03:39 +01:00
Joe Farebrother	88e3227ed0	Add pyramid models	2024-04-22 13:27:18 +01:00
Taus	81246cd41a	Python: Add missing QLDoc for `isUnicode`	2024-04-22 12:08:53 +00:00
Taus	bab461ffd1	Python: Add change note	2024-04-22 12:00:09 +00:00
Taus	d51fcd4f2a	Python: Change `Str` to `StringLiteral` As far as I can tell, this was the only occurrence of `Str` as a type throughout the entire library.	2024-04-22 12:00:09 +00:00
Taus	b484aee39e	Python: Autoformat everything Of course, `StringLiteral` being much longer than `StrConst` meant a bunch of files changed formatting.	2024-04-22 12:00:09 +00:00
Taus	1c68c987b0	Python: Change all remaining occurrences of `StrConst` Done using ``` git grep StrConst \| xargs sed -i 's/StrConst/StringLiteral/g' ```	2024-04-22 12:00:09 +00:00
Taus	f6487d7b13	Python: Rename `StrConst` to `StringLiteral` Does a few things: - Renames `StrConst` to `StringLiteral`, and deprecates the former. - Also deprecates `Str`. - Adds an override of `StringLiteral::toString` making it output `"StringLiteral"` rather than the inherited `"Str"`. This ensures that the AST viewer shows these nodes as the former type, not the latter. There are a large number of uses of `StrConst` in the codebase. These will be fixed in a later commit.	2024-04-22 12:00:09 +00:00
Asger F	decd576a6b	Merge pull request #15386 from asgerf/js/graph-export JS: Add library for exporting graphs as type models	2024-04-18 11:56:17 +02:00
Alexander Eyers-Taylor	da3fa22cbd	Merge pull request #16228 from github/post-release-prep/codeql-cli-2.17.1 Post-release preparation for codeql-cli-2.17.1	2024-04-17 11:24:34 +01:00
Asger F	3335d48154	Sync files	2024-04-16 20:26:41 +02:00
Asger F	be64daf265	Merge branch 'main' into js/graph-export	2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider	6ba27dc863	Upgrade rules_pkg to 0.10.1.	2024-04-16 16:29:56 +02:00
github-actions[bot]	622e176a16	Post-release preparation for codeql-cli-2.17.1	2024-04-16 14:21:32 +00:00

... 9 10 11 12 13 ...

2989 Commits