hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

9547 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
4094ec5fcc Python: Change additional dict store/read steps to not affect taint-tracking 2023-04-21 14:43:24 +02:00
Rasmus Wriedt Larsen
f80a0916ac Python: Don't report get/setdefault as unresolved calls for dict tests 2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen
e0e978bd3e Python: Fix ql4ql alerts 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
b56869551d Python: Support more dictionary read/store steps 
The `setdefault` behavior is kinda strange, but no reason not to support
it.
 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
6e31f64aaa Python: Add test for dictionary flow 2023-04-21 14:18:46 +02:00
Kasper Svendsen
603a97faf9 Prevent Python join order regression 2023-04-20 13:44:30 +02:00
Luke Cartey
a47778c22e Update SimpleXmlRpcServer.ql to avoid av detection 
This file was being flagged by McAfee as an `Exploit-Generic.src`
trojan. We have attempted to report this to Mcafee without success so
far. This commit therefore adjusts the file to avoid detection.
 2023-04-20 11:59:18 +01:00
Michael Nebel
656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Rasmus Wriedt Larsen
a168af349e Python: Expand modeling of paramiko 2023-04-18 11:57:20 +02:00
Rasmus Wriedt Larsen
a5a0861be0 Python: Expand test of py/paramiko-missing-host-key-validation 2023-04-18 11:56:07 +02:00
Tom Hvitved
f6d000eb20 Merge pull request #12805 from hvitved/remove-queries-xml 
Remove all `queries.xml` files
 2023-04-18 10:52:14 +02:00
github-actions[bot]
648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
Jeroen Ketema
0c7346707b Fix minor issues with change notes 2023-04-14 15:37:04 +02:00
github-actions[bot]
075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Michael Nebel
52bc43b22b Merge pull request #12595 from michaelnebel/enhanceprovenance 
Java/C# : Enhance provenance.
 2023-04-13 14:27:53 +02:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Taus
6968de2ccc Merge pull request #12796 from github/tausbn/python-clarify-version-data 
Python: Clarify version data
 2023-04-13 13:05:10 +02:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Michael Nebel
1d82b09ec1 Sync files. 2023-04-13 09:21:05 +02:00
Chris Smowton
7eefa43f5a Rename and document viableArgParamSpecific to make clear it is a temporary hook. 2023-04-12 14:33:46 +01:00
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
Taus
beae3e9187 Python: Clarify version data 2023-04-12 11:53:16 +00:00
yoff
9e3d57d442 Update python/ql/test/library-tests/ApiGraphs/py3/test_captured_flask.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-04-11 14:34:40 +02:00
github-actions[bot]
ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
github-actions[bot]
0a3218676c Release preparation for version 2.12.6 2023-03-30 19:25:06 +00:00
github-actions[bot]
e87ce62f95 Post-release preparation for codeql-cli-2.12.5 2023-03-30 13:48:58 +00:00
Rasmus Wriedt Larsen
f3937a4a12 Python: Update .expected from PostUpdateNode commit 2023-03-30 10:17:33 +02:00
Raul Garcia
cf8a683d7d Merge branch 'main' into main 2023-03-29 20:27:03 -07:00
Rasmus Wriedt Larsen
34cbaf10c2 Python: Use PostUpdateNode in py/azure-storage/unsafe-client-side-encryption-in-use 2023-03-29 13:22:21 +02:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Rasmus Wriedt Larsen
86333e3ba5 Python: Remove duplicate results from azure blob query 2023-03-29 11:47:29 +02:00
Rasmus Wriedt Larsen
32d52c023e Python: Allow any order for azure blob query 
By only allowing the sink in the state where encryption v1 is used, we
can handle the new case where the order of attribute assignment is
flipped.

However, we get a few too many paths because we can have multiple
sources reaching the same sink... let's fix in next commit.
 2023-03-29 11:42:01 +02:00
Rasmus Wriedt Larsen
480f171d9b Python: Add azure blob tests with swapped order 
Just shows we need to use some state in the query to get the correct
behavior.
 2023-03-29 11:25:37 +02:00
Rasmus Wriedt Larsen
683985a00a Python: Expand azure blob modeling 
Now we can differentiate between the classes
 2023-03-29 11:24:36 +02:00
Anders Schack-Mulligen
7c74fd07e9 Merge pull request #12684 from aschackmull/dataflow/remove-footgun 
Dataflow: Remove accidentally exposed predicates.
 2023-03-28 15:14:58 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Anders Schack-Mulligen
47e7aa9566 Dataflow: Add change note. 2023-03-28 13:17:48 +02:00
Rasmus Wriedt Larsen
8ea6b6f256 Python: Update py/azure-storage/unsafe-client-side-encryption-in-use to use datafow 2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen
7a17cd2a9e Python: Rewrite azure query to more idiomatic ql 2023-03-28 10:06:00 +02:00
Rasmus Wriedt Larsen
691ffcd3a4 Python: Add tests of py/azure-storage/unsafe-client-side-encryption-in-use 
Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.
 2023-03-28 10:05:09 +02:00
Anders Schack-Mulligen
d406b051fc Dataflow: Remove accidentally exposed predicates. 2023-03-28 10:04:21 +02:00
yoff
a1a2eb356c Merge pull request #11515 from yoff/py/port-comparison-using-is 
python: port `py/comparison-using-is`
 2023-03-28 09:42:34 +02:00
Taus
df192383b2 Merge pull request #9722 from ahmed-farid-dev/timing-attack-py 2023-03-27 18:09:35 +02:00
Taus
a3c40a3ae4 Python: Add experimental tags 2023-03-27 14:23:36 +00:00
Rasmus Wriedt Larsen
0b9d16a43e Merge pull request #12636 from RasmusWL/sql-modeling 
Python: Some more SQL modeling
 2023-03-27 15:52:30 +02:00
Taus
af060e8c6b Merge branch 'main' into timing-attack-py 2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Taus
700eb04487 Python: Lower precision of non-header queries 
cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014
 2023-03-27 12:22:17 +00:00