hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

2989 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
e5cd3e8f64 Python: nice locations for import aliases 
These were computed wrongly before.
 2023-08-10 20:27:06 +02:00
Rasmus Wriedt Larsen
46af77c1af Python: Include all assignments in data flow paths 
Like Ruby did in https://github.com/github/codeql/pull/12566
 2023-08-10 11:45:29 +02:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Rasmus Lerchedahl Petersen
885e25ff2d Python: use file-name-convention of *.model.yml 2023-08-09 14:25:33 +02:00
Rasmus Lerchedahl Petersen
e47e77c438 Python: add change note 2023-08-08 12:17:23 +02:00
Rasmus Lerchedahl Petersen
f865fa3050 Python: simplify using getSubscript 2023-08-08 11:16:35 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Rasmus Lerchedahl Petersen
957c0d6387 Python: move change note 2023-08-07 14:28:53 +02:00
Rasmus Lerchedahl Petersen
2f9172046b Python: change-note 2023-08-07 11:50:13 +02:00
Tom Hvitved
6c989b9c6b Python: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Rasmus Lerchedahl Petersen
4dbaed9ec2 Python: add qldoc 2023-08-07 11:31:22 +02:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
b27a3a81bc Python: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Maiky
6274dfafdc typo 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-07-27 23:43:48 +02:00
Maiky
49aa3eb92b Update change note 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-07-27 23:43:39 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
Rasmus Lerchedahl Petersen
b2688bba7d Python: Relax module resolution 
Do not require modules to reside in a package
 2023-07-25 17:24:04 +02:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
jorgectf
3ac94c33b2 Add change note 2023-07-20 15:47:18 +02:00
jorgectf
55648ac4de Add shlex.quote as sanitizer 2023-07-20 15:34:54 +02:00
Geoffrey White
a0b784e7b1 Python: QLDoc. 2023-07-20 11:56:13 +01:00
Maiky
6d6a243776 Update Change Note 2023-07-20 12:33:26 +02:00
Geoffrey White
aaf9907a27 Python: Change note. 2023-07-20 11:23:15 +01:00
Geoffrey White
bb16731b86 Python: Fix for multiple parse mode flags. 2023-07-20 11:16:14 +01:00
Maiky
1a1fee3088 Doc change 2023-07-20 03:28:13 +02:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
4c1612f2dd feat: add change log notes 2023-07-14 12:28:51 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Rasmus Wriedt Larsen
0db535bdd7 Python: Minor naming update 2023-07-14 12:54:54 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Asger F
919cb07c1e Sync ApiGraphModels.qll 2023-07-13 15:42:33 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
10cd649ba7 address code review feedback 2023-07-13 12:24:19 +02:00
Alvaro Muñoz
69efddbaef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-07-13 12:23:00 +02:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00