github-actions[bot]
3b3c036626
Release preparation for version 2.15.1
2023-10-16 17:49:39 +00:00
Henry Mercer
1a370bfbbe
Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0
...
Post-release preparation for codeql-cli-2.15.0
2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74
Post-release preparation for codeql-cli-2.15.0
2023-10-11 14:19:20 +00:00
Rasmus Wriedt Larsen
68d00a829e
Merge pull request #14430 from RasmusWL/api-graph-import-star
...
Python: Better allow `import *` to work with API graphs
2023-10-11 10:03:46 +02:00
Rasmus Wriedt Larsen
ee75b104eb
Python: Add change-note
2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
72d0dcdaba
Python: Workaround for module level items from import * not being LocalSourceNodes
2023-10-10 17:45:11 +02:00
yoff
f1266a3e81
Merge pull request #14417 from github/tausbn/python-add-flow-for-assignment-expressions
2023-10-10 17:09:20 +02:00
Rasmus Wriedt Larsen
2d947a4f53
Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization
...
Python: Add unsafe deserialization sinks (CWE-502)
2023-10-10 13:30:38 +02:00
Taus
e8ac258994
Python: Add missing flow for AssignmentExpr nodes
...
Also extend the tests surrounding this construct to be a bit more comprehensive.
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com >
2023-10-09 14:16:03 +00:00
erik-krogh
a7ab9fd93b
add change-notes
2023-10-09 09:43:06 +02:00
erik-krogh
194f918c0b
Python: delete various outdated deprecations
2023-10-09 09:14:55 +02:00
erik-krogh
1c9f59e491
Python:delete deprecated files modelling web frameworks
2023-10-09 09:14:54 +02:00
erik-krogh
0d992a3d1f
delete old deprecated aliases of various regex libraries
2023-10-09 09:14:54 +02:00
amammad
ad2631202d
fix comments
2023-10-08 21:32:04 +02:00
amammad
6c8cc79b4d
v1
2023-10-08 21:24:54 +02:00
erik-krogh
4bc4e0845d
delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses
2023-10-07 21:48:49 +02:00
Cornelius Riemenschneider
d3a1dbc0c7
Merge pull request #14381 from github/criemen/add-bazel-dbschemes
...
Add skeleton bazel files for accessing the dbschemes.
2023-10-05 16:53:45 +02:00
Cornelius Riemenschneider
96edc1d349
Add skeleton bazel files for accessing the dbschemes.
2023-10-05 09:00:38 +02:00
github-actions[bot]
9fe993bec3
Release preparation for version 2.15.0
2023-10-04 14:15:27 +00:00
Rasmus Wriedt Larsen
9c02b4f21c
Merge pull request #14289 from microsoft/jb1/16-cryptography-models-libraries-and-queries-migration
...
16 cryptography models libraries and queries migration
2023-10-04 12:27:59 +02:00
Josh Brown
de2e8b0b12
explicit "this" qualifiers
2023-10-03 16:13:54 -07:00
Josh Brown
ad86e576a4
autoformat
2023-10-03 13:40:17 -07:00
Josh Brown
b683a3caf8
Merge branch 'main' into jb1/16-cryptography-models-libraries-and-queries-migration
2023-10-04 07:24:29 +11:00
Henry Mercer
da92da2204
Bump minor versions of packs we regularly release
2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51
Merge branch 'main' into henrymercer/rc-3.11-mergeback
2023-10-03 16:30:23 +01:00
Mathew Payne
3ab5fd5ca4
Add RestFramework handler kwargs
2023-10-02 14:58:21 +01:00
Mathew Payne
41bb8377d9
Add change notes
2023-09-29 14:44:36 +01:00
Rasmus Lerchedahl Petersen
177db998c7
Python: add change note
2023-09-29 15:28:08 +02:00
Mathew Payne
eb9b32473e
Add support for ModelViewSet functions
2023-09-29 14:26:39 +01:00
Rasmus Lerchedahl Petersen
ed3ffde5e6
Python: modules are now possibly non-unique
...
We should consider if this is the right way..
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
4f35a62583
Python: broaden search for imports
...
This now finds vulnerabilities in
https://github.com/github/field-security-codeql/issues/100
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
d9854eb409
Python: Add QLDoc
2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
1d4832cbfe
python: allow namespace packages as packages
...
remove the logic around isPotentialPackage
2023-09-29 15:10:19 +02:00
yoff
dbecb1bd0f
Merge pull request #14070 from yoff/python/promote-nosql-query
...
Python: promote nosql query
2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen
9b73bbfc31
Python: Add keyword argument support
...
and a fair bit of refactoring
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
d6d13f84a9
Python: -> NoSQL in QLDocs
2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
16e1a00e88
Python: NoSQLInjection -> NoSqlInjection
2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen
97696680e6
Python: require dict sinks be dangerous.
2023-09-29 13:45:23 +02:00
Rasmus Lerchedahl Petersen
f3a01612e8
Python: rename flow states
...
Close to being a revert of
3043633d9c
2023-09-29 13:23:36 +02:00
Rasmus Lerchedahl Petersen
e1708054a4
Python: fix QL alert
2023-09-29 12:06:51 +02:00
Rasmus Lerchedahl Petersen
2d845e3e55
Python: nicer paths
...
turn "the long jump" that would end up
straight at the argument into a short jump
that ends up at the dictionary being written to.
Dataflow takes care of the rest of the path.
2023-09-29 12:02:16 +02:00
yoff
2e028a41ee
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-09-29 11:32:51 +02:00
yoff
bc17bf69f4
Merge pull request #14317 from yoff/python/fix-regex-string-part-locations
...
Python: Improve computation of regex fragments inside string parts
2023-09-28 14:35:27 +02:00
Rasmus Lerchedahl Petersen
3043633d9c
Python: Some renaming of flow states
2023-09-28 14:24:49 +02:00
Rasmus Lerchedahl Petersen
a8e0023f39
Python: forgot to list framework
2023-09-28 13:42:33 +02:00
Rasmus Lerchedahl Petersen
2a7b593285
Python: Fix QL alerts
2023-09-28 13:35:29 +02:00
Rasmus Lerchedahl Petersen
eb1be08bce
Python: split modelling
2023-09-28 12:54:06 +02:00
Rasmus Lerchedahl Petersen
2a739b3b7a
Python: rename module
2023-09-28 12:54:05 +02:00
Rasmus Lerchedahl Petersen
9682c8218a
Python: rename file
2023-09-28 12:54:05 +02:00
yoff
c2b63830f1
Apply suggestions from code review
...
Claim conversions do not execute inputs in order to remove interaction with `py/unsafe-deserialization`.
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-09-28 12:40:37 +02:00
