hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

9547 Commits

Author SHA1 Message Date
Sim4n6
16ef50401b Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-02-09 14:59:28 +01:00
Sim4n6
4196230a8a use if-then-else rather than nested exists 2023-02-08 21:46:50 +01:00
Sim4n6
9e285020a1 Comment modif + remove redundant cast 2023-02-08 21:14:53 +01:00
Rasmus Wriedt Larsen
5c23b47ef4 Python: Fix typo in QLDoc 
Co-authored-by: Taus <tausbn@github.com>
 2023-02-08 16:27:06 +01:00
Rasmus Wriedt Larsen
8bb1d8631a Python: Add call-graph hotfix for sympy 2023-02-08 16:19:29 +01:00
Rasmus Wriedt Larsen
23144f584a Merge branch 'main' into call-graph-code 2023-02-08 16:17:34 +01:00
Taus
080ce09bd7 Python: Update six test expectations 2023-02-07 16:21:15 +00:00
Taus
8dea993f41 Python: Update failing test 
Seems the name for the codec changed between Python 2 and 3. :)
 2023-02-07 16:21:15 +00:00
Taus
49a3dd6131 Python: Clean up version handling 
Depends on an internal PR.
 2023-02-07 16:21:15 +00:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Erik Krogh Kristensen
9360ae9638 Merge pull request #12076 from erik-krogh/poly-sink-track 
PY: add tracking of strings to compile-sites for poly-redos
 2023-02-06 14:21:04 +01:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
Sim4n6
ec82d61991 Add another frequently used step 2023-02-05 14:36:17 +01:00
Alex Ford
7768026e70 Merge branch 'main' into js-use-shared-cryptography 2023-02-03 15:18:30 +00:00
Alex Ford
6c35feaa98 ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code 2023-02-03 14:39:32 +00:00
Alex Ford
b968b59afc CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match 2023-02-03 14:15:32 +00:00
erik-krogh
8e05fdb369 make more imports private 2023-02-03 15:00:31 +01:00
erik-krogh
c5350ca6a0 add change-note 2023-02-03 14:47:58 +01:00
erik-krogh
cf094c2f4f adjust which folders are seen as exported to remove an FP 2023-02-03 14:47:55 +01:00
erik-krogh
848b24cfe4 adjust concept tests after changing subprocess model 2023-02-03 14:47:55 +01:00
erik-krogh
ef44cb86c2 remove FPs related to parameters that are meant to be commands 2023-02-03 14:47:55 +01:00
erik-krogh
e9ebba3350 assume shell=False for subprocess calls, fixes FPs in e.g. youtube-dl 2023-02-03 14:47:55 +01:00
erik-krogh
d228cf0e7b use more API-nodes to model subprocess.run (and friends) 2023-02-03 14:47:55 +01:00
erik-krogh
bce83bfc4e add failing test for indirectly setting the shell=true flag for subprocess.run 2023-02-03 14:47:55 +01:00
erik-krogh
0a2c7d062c add Fabric test, and add tracking of the shell flag in Fabric 2023-02-03 14:47:55 +01:00
erik-krogh
6bbc4f4a48 add more tests 2023-02-03 14:47:55 +01:00
erik-krogh
33c506d7fe add minimal test for Array join as a sink, and learn that the order is flipped compared to JS. Thanks Copilot! 2023-02-03 14:47:55 +01:00
erik-krogh
5bddfc0d79 add test for f-strings as sink 2023-02-03 14:47:55 +01:00
erik-krogh
47a06d2824 add library inputs as a source, and get minimal test to work 2023-02-03 14:47:55 +01:00
erik-krogh
7fcc548665 add py/shell-command-constructed-from-input, but without a source. 
It's a very direct port from Ruby, with only minor adjustments to fit the Python APIs
 2023-02-03 14:47:55 +01:00
erik-krogh
187cfd7be7 add isShellInterpreted to the SystemCommandExecution concept 2023-02-03 14:47:54 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
erik-krogh
6e712b293a add tracking of strings to compile-sites for poly-redos, in the style of Ruby 2023-02-02 22:56:20 +01:00
Sim4n6
a0150849cb Updated the expected test file 2023-02-02 21:42:47 +01:00
Alex Ford
1435ef1862 CryptoAlgorithms: make CryptographicAlgorithm#matchesName split on underscores 2023-02-02 20:30:30 +00:00
Alex Ford
e5dfbe2c8d ConceptsShared: Add BlockMode#matchesString(string) predicate 2023-02-02 20:27:52 +00:00
Alex Ford
61095b3c58 ConceptsShared: Add deprecated DataFlow::Node CryptographicOperation#getInput() predicate 2023-02-02 20:27:05 +00:00
Sim4n6
1a8c9abee2 Incorporate Sink & Source as steps from TarSlipQry 2023-02-02 21:09:40 +01:00
erik-krogh
52959d7c0a add failing test for not tracking strings to re.compile 2023-02-02 19:10:32 +01:00
Anders Schack-Mulligen
67d4ed53b9 Dataflow: Sync. 2023-02-02 16:33:00 +01:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Rasmus Wriedt Larsen
db114bb104 Merge branch 'main' into call-graph-code 2023-02-02 11:56:55 +01:00
Rasmus Wriedt Larsen
fdb33ff48e Python: Fix grammar in change-note 
Co-authored-by: Taus <tausbn@github.com>
 2023-02-01 14:01:20 +01:00
erik-krogh
77e014c5a4 sync added dataflow config 2023-02-01 11:46:57 +01:00
Erik Krogh Kristensen
01f6862965 Merge pull request #11833 from erik-krogh/trackPyReg 
PY: track string-constants to regular expression uses
 2023-02-01 11:40:42 +01:00
Rasmus Wriedt Larsen
c7e552b343 Python: Fix grammar in qldoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-30 09:45:45 +01:00
Rasmus Wriedt Larsen
a1c2f4c138 Python: Small rewrite of **kwargs getParameter logic 2023-01-30 09:42:43 +01:00
Sim4n6
7079def7ce Add an S3 source with Session or download_fileobj 2023-01-30 00:49:23 +01:00
Sim4n6
0707064ab5 Constrain the save/path step 2023-01-28 10:14:24 +01:00
Sim4n6
a4aaf0ec6f Remove a write step & update the builtin open step 2023-01-28 09:53:54 +01:00