codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	8d8cd05b94	Python: Add basic support for `database` threat-model	2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen	7483075b7e	Python: Fixup modeling of `os.open`	2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen	d245db54a1	Python: Model `file` threat-model	2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen	66f389a4b6	Python: Model stdin thread-model	2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen	e1801f3a29	Python: Proper threat-model handling for argparse	2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen	56c85ffe54	Python: Fixup threat-models for `os.environ.get()` Since using `.DictionaryElementAny` doesn't actually do a store on the source, (so we can later follow any dict read-steps). I added the ensure_tainted steps to highlight that the result of the WHOLE expression ends up "tainted", and that we don't just mark `os.environ` as the source without further flow.	2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen	b9239d7101	Python: Add basic support for environment/commandargs threat-models	2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen	528f08fb83	Python: Make queries use ActiveThreatModelSource	2024-09-10 14:32:35 +02:00
github-actions[bot]	97edff3f70	Post-release preparation for codeql-cli-2.18.4	2024-09-09 18:45:46 +00:00
github-actions[bot]	91537cdf9a	Release preparation for version 2.18.4	2024-09-09 16:08:48 +00:00
Joe Farebrother	d1cca13563	Merge pull request #17314 from joefarebrother/python-x509-cert Python: Exclude certificate classification fo sensitive data queries	2024-09-09 10:48:36 +01:00
Erik Krogh Kristensen	49aaf65f3f	fix mistake in the Python change-note Co-authored-by: Taus <tausbn@github.com>	2024-09-04 12:43:01 +02:00
Kevin Stubbings	6efb3c69ef	QLformatting	2024-09-03 15:54:06 -07:00
Kevin Stubbings	bd2564ee44	Formatting	2024-09-03 14:34:25 -07:00
Kevin Stubbings	581e7f5d3c	Bottle	2024-09-03 14:00:27 -07:00
erik-krogh	e2b16bd8f9	add some change-notes	2024-09-03 22:06:07 +02:00
erik-krogh	20dfdc9661	delete some deprecated files	2024-09-03 20:30:59 +02:00
erik-krogh	0fdd06fff5	use my script to delete outdated deprecations	2024-09-03 20:30:58 +02:00
Porcupiney Hairs	e2dd126962	Python: Pycurl SSL Disabled	2024-09-03 03:41:23 +05:30
Kevin Stubbings	326eb6946e	Added	2024-08-30 18:17:38 -07:00
Kevin Stubbings	5c8c99d31f	Add header support for bottle and tornado	2024-08-30 18:16:01 -07:00
Joe Farebrother	ec7ad84cd1	Update formatting	2024-08-30 13:51:33 +01:00
Joe Farebrother	5360192a58	Apply review suggestions - change = to in Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2024-08-30 13:25:59 +01:00
Joe Farebrother	1cb23e7e86	Exclude certificates from being cinsidered sensitive data by cleartext-storage and cleartext-logging queries	2024-08-27 14:18:39 +01:00
Kevin Stubbings	812abea0de	change-notes	2024-08-26 22:25:00 -07:00
Kevin Stubbings	0420d25c13	refactor	2024-08-26 22:09:24 -07:00
Kevin Stubbings	1db7865d49	Corrections	2024-08-26 22:06:12 -07:00
Kevin Stubbings	8bf8893307	Add support for vulnerable CORS middlewares	2024-08-26 21:30:48 -07:00
github-actions[bot]	0724fd7ce2	Post-release preparation for codeql-cli-2.18.3	2024-08-21 18:25:54 +00:00
github-actions[bot]	17cd9624fb	Release preparation for version 2.18.3	2024-08-21 17:13:52 +00:00
Anders Schack-Mulligen	8470e91c16	Legacy Dataflow: Sync.	2024-08-20 10:07:57 +02:00
Rasmus Wriedt Larsen	8f7dec07b8	Python: Remove 'response' from default threat-models I didn't want to put the configuration file in `semmle/python/frameworks/*/.model.yml`, so created `ext/` as in other languages	2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen	5ec8e5dd30	Python: Setup support for threat-models Naming in other languages: - `SourceNode` (for QL only modeling) - `ThreatModelFlowSource` (for active sources from QL or data-extensions) However, since we use `LocalSourceNode` in Python, and `SourceNode` in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and instead I came up with new names.	2024-08-19 10:54:47 +02:00
Tom Hvitved	0fcfb47423	Sync shared files	2024-08-13 13:34:45 +02:00
Alexander Eyers-Taylor	ffd811a55d	Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 Post-release preparation for codeql-cli-2.18.2	2024-08-08 16:28:03 +01:00
github-actions[bot]	cc6d87c276	Post-release preparation for codeql-cli-2.18.2	2024-08-08 12:56:21 +00:00
github-actions[bot]	019da8c287	Release preparation for version 2.18.2	2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor	46577b585e	Revert "Release preparation for version 2.18.2"	2024-08-07 14:24:37 +01:00
Joe Farebrother	62c2fe6b17	Merge pull request #16933 from joefarebrother/python-cookie-concept-promote Python: Promote the insecure cookie query from experimental	2024-08-07 09:06:05 +01:00
Joe Farebrother	24df54804a	Review suggestion - Add link to qldoc Co-authored-by: yoff <lerchedahl@gmail.com>	2024-08-06 22:59:14 +01:00
github-actions[bot]	c14ba0e4bd	Release preparation for version 2.18.2	2024-08-06 12:46:15 +00:00
yoff	251036c6b4	Merge pull request #17080 from sylwia-budzynska/streamlit Python: Add Streamlit models	2024-07-31 18:20:11 +02:00
yoff	123dcc75d1	Merge pull request #16971 from RasmusWL/mad-dict-source Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources	2024-07-31 13:40:07 +02:00
Sylwia Budzynska	2a6ad00a2f	Fix typo	2024-07-31 13:22:27 +02:00
Sylwia Budzynska	72e7b6c872	Update python/ql/lib/semmle/python/frameworks/Streamlit.qll Co-authored-by: yoff <lerchedahl@gmail.com>	2024-07-31 13:20:01 +02:00
Sylwia Budzynska	81f3609c4b	Formatting	2024-07-30 17:49:20 +02:00
Sylwia Budzynska	dfc51922ba	Change regex	2024-07-30 17:39:34 +02:00
Sylwia Budzynska	ef2b225144	Fix PascalCase	2024-07-30 17:36:55 +02:00
Sylwia Budzynska	f796efe470	Add Streamlit SQLAlchemy models	2024-07-30 17:20:52 +02:00
Sylwia Budzynska	bfd2e4350b	Add StreamlitConnection model Co-authored-by: yoff <lerchedahl@gmail.com>	2024-07-30 12:58:49 +02:00

... 5 6 7 8 9 ...

2989 Commits