hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

9547 Commits

Author SHA1 Message Date
Sim4n6
0e2f37825d Organize steps to correspond to the sample code 2023-01-27 23:58:03 +01:00
Sim4n6
ee213123ac Add builtin open as an additional step 2023-01-27 18:16:11 +01:00
Mathias Vorreiter Pedersen
95b15825f9 DataFlow: Sync identical files. 2023-01-27 16:24:31 +00:00
Sim4n6
0b27b1314a Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-27 16:12:08 +01:00
Sim4n6
8ef2aa00e7 Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-27 16:07:39 +01:00
Rasmus Wriedt Larsen
cef933f813 Python: Add comment explaining SINK3_F(kwargs["c"]) test 
Co-authored-by: yoff <yoff@github.com>
 2023-01-27 15:48:59 +01:00
Rasmus Wriedt Larsen
c099dbd04c Python: Expand notes around bound methods self argument passing 2023-01-27 15:27:45 +01:00
Sim4n6
207ed3da9c Constrain the object & the call 2023-01-27 15:07:20 +01:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Sim4n6
e41042418a Update the import relative to the dataflow config 2023-01-27 13:46:57 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Sim4n6
bca053f855 Move the config query to the parent directory 2023-01-27 13:42:14 +01:00
Rasmus Wriedt Larsen
02b3a1b515 Python: At most one **kwargs ParameterNode per callable 
Similar to the Ruby changes from
https://github.com/github/codeql/pull/11461

I feel the change to `DataFlowFunciton.getParameter` where we use
`not exists(func.getArgByName(_))` is not very great, but I was not allowed
to use `not exists(this.getParameter(any(ParameterPosition _).isKeyword(_)))`
because of negative recursion.
 2023-01-27 11:14:42 +01:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Sim4n6
1a211485a4 Restrain the source and add two steps. 2023-01-26 17:07:59 +01:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-25 19:44:28 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Wriedt Larsen
f262dc68f8 Python: Reword note about debugging getNextClassInMro 2023-01-25 10:08:43 +01:00
Rasmus Wriedt Larsen
63b2bd0871 Python: Fixup test_only_starargs addition 
validTest.py did not pass, since we use `SINK3_F`.

I initially tried swapping the order

```
args = (arg1, arg2) # $ arg1 arg2 func=starargs_only
more_args = (arg4, arg3)
starargs_only(*args, *more_args)
```

But then asked myself, what is it _actually_ we're testing here? and it
seems to be the way we handle multiple *args arguments in the same call,
so I converted the test to be that instead! (and it matches what we do
in test_stararg_mixed)
 2023-01-25 09:37:07 +01:00
Rasmus Wriedt Larsen
0879c8f8e1 Python: Expand comments on C3 MRO 2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
80324735bb Python: Fixup annotation for CWE-022-PathInjection/pathlib_use.py 2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
753192bb4d Merge branch 'main' into call-graph-code 2023-01-23 11:25:02 +01:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Rasmus Wriedt Larsen
25a68c4d71 Python: Include @yoff's suggestion on synthetic *args handling 2023-01-20 16:49:33 +01:00
Rasmus Wriedt Larsen
41ebb4fb55 Python: Add p2 in QLDoc example code for synthetic **kwargs 2023-01-20 16:40:39 +01:00
Rasmus Wriedt Larsen
d9fbe58ad5 Python: Expand starargs_only test 2023-01-20 16:34:59 +01:00
Rasmus Wriedt Larsen
0df3dd68d6 Python: Remove (now) redundant cast 2023-01-20 15:13:02 +01:00
Rasmus Wriedt Larsen
1bd969c219 Merge branch 'main' into call-graph-code 2023-01-20 15:11:49 +01:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Rasmus Wriedt Larsen
4df946b161 Python: call-graph: Don't design for special method calls yet 
The `call` arguments were not `CallNode`s before, to allow for easier
support of special method calls, such as `a + b` going to `__add__`.

However, this is not implemented yet, so for now we can keep things
simple.

Co-authored-by: Taus <tausbn@github.com>
 2023-01-18 12:30:53 +01:00
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
yoff
5a82012d03 Merge pull request #11854 from yoff/python/fix-tarslip-improv-bug 
Python: fix bug  in `py/tarslip-extended`
 2023-01-17 20:44:06 +01:00
Rasmus Wriedt Larsen
b83fc3b6eb Python: Update QLDoc for clsArgumentTracker 2023-01-17 14:38:56 +01:00
Rasmus Wriedt Larsen
24892801ec Python: clsTracker => clsArgumentTracker 
Co-authored-by: Taus <tausbn@github.com>
 2023-01-17 14:16:56 +01:00
Rasmus Wriedt Larsen
1c8cc6a32a Python: Add QLDoc for TFunction 2023-01-17 14:14:05 +01:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00