9547 Commits

Author	SHA1	Message	Date
Joe Farebrother	44271813a5	Add change note	2024-07-23 10:15:28 +01:00
Joe Farebrother	93f70b3ad9	Add unit tests	2024-07-23 10:15:23 +01:00
Joe Farebrother	b28d79960b	Update ConceptsTests and make a fix	2024-07-23 10:15:09 +01:00
Joe Farebrother	be87eb50d4	Add cookie models to each framework	2024-07-23 10:15:02 +01:00
Joe Farebrother	a73d675e6e	Remove experimental query versions	2024-07-23 10:14:55 +01:00
Joe Farebrother	226e4eb8a5	Use a 3-valued newtype for hasSameSiteAttribute	2024-07-23 10:14:45 +01:00
Joe Farebrother	df5569fda9	Add documentation	2024-07-23 10:14:40 +01:00
Joe Farebrother	32fbe52f0f	Model cookie attributes for Django and Flask	2024-07-23 10:14:33 +01:00
Joe Farebrother	6a7bdaf284	Fix experimental query compilation	2024-07-23 10:14:29 +01:00
Joe Farebrother	033dd9f8a6	Promote insecure cookie query	2024-07-23 10:14:22 +01:00
Joe Farebrother	9ad6c8c5eb	Implement cookie attributes for cases in which a raw header is set	2024-07-23 10:14:16 +01:00
Joe Farebrother	2df09f6194	Change flag predicates to boolean parameters rather than boolean results	2024-07-23 10:14:08 +01:00
Joe Farebrother	6f7b2a2d20	Add cookie flags to cookie write concept, and alter experimental queries to use them	2024-07-23 10:14:00 +01:00
github-actions[bot]	49cc8f8ff8	Post-release preparation for codeql-cli-2.18.1	2024-07-22 22:00:48 +00:00
Chuan-kai Lin	a5fe3f4d9c	Minor changelog improvements	2024-07-22 14:34:56 -07:00
github-actions[bot]	368bcb684a	Release preparation for version 2.18.1	2024-07-22 21:30:50 +00:00
Chuan-kai Lin	23320b6e5e	Revert "Release preparation for version 2.18.1"	2024-07-22 13:22:49 -07:00
Chuan-kai Lin	cda4339056	Minor changelog improvements	2024-07-22 09:42:31 -07:00
Rasmus Lerchedahl Petersen	3434c38da7	Python: update test expectations ... This is MaD...	2024-07-22 17:03:29 +02:00
github-actions[bot]	55935fc123	Release preparation for version 2.18.1	2024-07-22 14:56:15 +00:00
Rasmus Lerchedahl Petersen	e30f725e71	Python: Remove questionable model for multiprocessing.connection.Listener	2024-07-22 15:43:06 +02:00
Joe Farebrother	661a4126ac	Add change note	2024-07-19 09:23:33 +01:00
Joe Farebrother	baf51334e4	Update documentation	2024-07-19 09:13:30 +01:00
Joe Farebrother	070d67816d	Remove experimental version	2024-07-16 16:50:10 +01:00
Joe Farebrother	8d93c3a852	Move to cwe-20	2024-07-16 16:50:08 +01:00
Joe Farebrother	e885f1f8c4	Add documentation	2024-07-16 16:50:05 +01:00
Joe Farebrother	983bdb92a1	Add test cases + remove redundant import	2024-07-16 16:50:00 +01:00
Joe Farebrother	123214cb2b	Promoto cookie injection query	2024-07-16 16:49:56 +01:00
Anders Schack-Mulligen	da5abc8321	Dataflow: Replace MakeSets with QlBuiltins::InternSets.	2024-07-15 13:35:57 +02:00
Rasmus Wriedt Larsen	efcd4e297e	Add change-note	2024-07-12 15:21:51 +02:00
Rasmus Wriedt Larsen	db8a5306cf	Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources	2024-07-12 15:19:40 +02:00
Rasmus Wriedt Larsen	eed8b3e87b	Python: Add more tests for MaD sources	2024-07-12 15:10:23 +02:00
Rasmus Wriedt Larsen	1de2943a9b	Merge pull request #16940 from RasmusWL/rasmuswl/BuiltinModuleExtractable ... Python: Handle diagnostics writing for `BuiltinModuleExtractable`	2024-07-12 14:46:30 +02:00
Rasmus Wriedt Larsen	354394d4c2	Python: Don't use fake locations in diagnostics ... Some of the internal tooling would not be too happy about this :D	2024-07-12 13:36:41 +02:00
Rasmus Wriedt Larsen	f41d2a896c	Merge pull request #16771 from porcupineyhairs/js2py ... Python : Arbitrary code execution due to Js2Py	2024-07-11 15:31:57 +02:00
Joe Farebrother	8152ec7472	Merge pull request #16696 from joefarebrother/python-cookie-write-headers ... Python: Model CookieWrites from HeaderWrites	2024-07-11 14:25:54 +01:00
Rasmus Wriedt Larsen	5ecde387af	Python: Fix .expected	2024-07-11 14:42:26 +02:00
Rasmus Wriedt Larsen	60d1dc8af8	Python: Bump extractor version	2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen	6b3625e24e	Python: Handle diagnostics writing for BuiltinModuleExtractable	2024-07-09 14:15:52 +02:00
Rasmus Wriedt Larsen	c1da2c1d2f	Python: Gracefully handle exceptions in diagnostics writing	2024-07-09 14:15:51 +02:00
Rasmus Wriedt Larsen	a8b976b389	Python: Always log errors before writing diagnostics ... So we have the info in the logs if the diagnostics processing fails	2024-07-09 13:47:53 +02:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
Rasmus Wriedt Larsen	173cd13ded	Python: Add test for impossible isinstance flow	2024-07-08 12:06:53 +02:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Koen Vlaswinkel	779795b421	Python: Exclude probable test files in model editor	2024-07-05 11:06:22 +02:00
Rasmus Wriedt Larsen	0a32f9fed6	Python: Update query metadata	2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen	8d1113cdaf	Python: Fixup qhelp	2024-07-04 14:01:30 +02:00
Tom Hvitved	da0909c080	Merge pull request #16896 from hvitved/ssa/dataflow-integration-prep ... SSA: Add `BasicBlock.{getNode/1,length/0}` to the input signature	2024-07-03 19:56:35 +02:00
Porcupiney Hairs	808af28618	Python : Arbitrary codde execution due to Js2Py ... Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly. This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call. This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix. The databases can be downloaded from the links bellow. ``` https://file.io/qrMEjSJJoTq1 https://filetransfer.io/data-package/a02eab7V#link ```	2024-07-03 19:06:34 +05:30
Taus	b779341ba6	Merge pull request #16885 from github/tausbn/python-fix-bad-join-in-function-resolution-type-tracker ... Python: Fix bad join in function resolution	2024-07-03 13:59:13 +02:00