codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
yoff	2f8dddabb6	Merge pull request #11570 from Sim4n6/UnsafeUnpack Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests	2023-02-17 09:48:05 +01:00
github-actions[bot]	8eb8daa4d4	Post-release preparation for codeql-cli-2.12.3	2023-02-16 17:23:25 +00:00
amammad	54582031d8	v1	2023-02-16 17:14:32 +01:00
Ahmed Farid	ccbb58966f	Update TimingAttack.qll	2023-02-16 14:15:04 +01:00
Ahmed Farid	a421e3a3a3	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 14:14:43 +01:00
Ahmed Farid	f57861b6a3	Update TimingAttack.qll	2023-02-16 14:14:13 +01:00
Ahmed Farid	f70f5c7935	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 14:03:26 +01:00
Ahmed Farid	4b3efa87dc	Update TimingAttack.qll	2023-02-16 14:01:29 +01:00
Rasmus Wriedt Larsen	9ed021ad66	Python: Accept change to `WeakFilePermissions.expected` 💪	2023-02-16 13:27:16 +01:00
Ahmed Farid	005839b462	Update TimingAttack.qll	2023-02-16 12:49:40 +01:00
github-actions[bot]	b0315119c6	Release preparation for version 2.12.3	2023-02-16 11:49:06 +00:00
Rasmus Wriedt Larsen	766e6c400e	Python: Handle if-then-else definitions in import resolution	2023-02-16 11:18:30 +01:00
Rasmus Wriedt Larsen	80f5342a6d	Python: Add import regression for if-then-else definitions	2023-02-16 11:12:08 +01:00
Ahmed Farid	01b865f75b	Update TimingAttack.qll	2023-02-16 01:36:06 +01:00
Ahmed Farid	fbfe23b7c4	Update TimingAttack.qll	2023-02-16 01:21:50 +01:00
Ahmed Farid	b8f9b2b424	Update TimingAttackAgainstHeaderValue.ql	2023-02-16 01:11:41 +01:00
Ahmed Farid	016136a2e3	Update TimingAttack.qll	2023-02-16 01:10:36 +01:00
Rasmus Wriedt Larsen	c4fbfb0d07	Merge branch 'main' into call-graph-code	2023-02-15 20:15:04 +01:00
Rasmus Wriedt Larsen	ee5382d8a6	Merge pull request #12193 from RasmusWL/import-resolution-fixup Python: Fix `from <pkg> import *` import resolution	2023-02-15 20:13:24 +01:00
Alex Ford	1556b1a728	Merge branch 'main' into js-use-shared-cryptography	2023-02-15 17:13:53 +00:00
Alex Ford	43af306d60	dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()	2023-02-15 16:55:18 +00:00
Alex Ford	d4d0b91085	dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate	2023-02-15 16:23:46 +00:00
Alex Ford	c7aaad9ed0	JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby	2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen	c72dbc49fc	Merge pull request #12165 from RasmusWL/crypto-updates Python/Ruby/JS Crypto: Add a few algorithms + block modes	2023-02-15 14:35:40 +01:00
Rasmus Wriedt Larsen	7e16fa9cbe	Python: Add change-note	2023-02-15 14:25:33 +01:00
Rasmus Wriedt Larsen	220f227707	Python: Add wrapper for `isPreferredModuleForName` We talked about how it's annoying that we in 4 places have the same fix `isPreferredModuleForName(<module>.getFile(), <name> + ["", ".__init__"])` , and that it would be nice to have a simple wrapper predicate that ensures we never forget to do the `+ ["", ".__init__"]` dance... I had trouble coming up with a name for this (ironically), but I think `getModuleFromName` is good enough.	2023-02-15 14:23:39 +01:00
Rasmus Wriedt Larsen	66c3529465	Python: Fix import * from `__init__.py` files	2023-02-15 14:10:37 +01:00
Rasmus Wriedt Larsen	df6039d6cf	Python: Add import resolution regression	2023-02-15 13:50:27 +01:00
Rasmus Wriedt Larsen	e1ae3c3cfb	Python: sys.exit if import resolution tests fail	2023-02-15 13:44:45 +01:00
erik-krogh	759854991a	fix various nits based on feedback	2023-02-15 11:10:43 +01:00
Rasmus Wriedt Larsen	9e2eb56032	Python: Remove support for late `*args` arguments I found this to cause bad performance, so the implementation of this has to be thought out more carefully.	2023-02-15 09:42:11 +01:00
Taus	1b30043422	Python: Move change note to correct directory	2023-02-14 13:48:55 +00:00
Taus	4f7c598ffc	Python: Add change note	2023-02-14 13:22:48 +00:00
Taus	39516862c1	Merge remote-tracking branch 'origin/main' into tausbn/python-clean-up-version-handling	2023-02-14 13:07:40 +00:00
Rasmus Wriedt Larsen	dc5bb4fb77	Python: Update a few examples so queries work on them Fixes problem highlighted in https://github.com/github/codeql/issues/12156	2023-02-14 11:54:18 +01:00
Rasmus Wriedt Larsen	1c7fe97427	Python: Add modeling of `hmac`	2023-02-13 15:39:43 +01:00
Rasmus Wriedt Larsen	df22181963	Python: Add tests of `hmac`	2023-02-13 15:38:14 +01:00
Anders Schack-Mulligen	e877b161d8	Merge pull request #12124 from hvitved/dataflow/stage1-dispatch Data flow: Call context virtual dispatch pruning in stage 1	2023-02-13 13:13:43 +01:00
Rasmus Wriedt Larsen	b2e79e2948	Python/Ruby/JS Crypto: Add a few algorithms + block modes I have tried to add a few links to support the claim that these algorithms are strong/safe. It wasn't always super easy, so in some cases I have ended up just linking to the documentation of the `cryptography` Python package. Co-authored-by: REDMOND\brodes <brodes@microsoft.com>	2023-02-13 10:40:47 +01:00
Tom Hvitved	f7a5a33474	Address review comment	2023-02-13 09:01:15 +01:00
Sim4n6	d7af80136e	Fail tests when missing annotation on sink orfail	2023-02-12 21:27:20 +01:00
Sim4n6	518684b736	Put back the annotation result=BAD	2023-02-12 21:26:12 +01:00
Sim4n6	80d4fb5e33	Organisation TarSlip/UnsafeUnpack into two folders	2023-02-12 10:51:53 +01:00
Sim4n6	eed19a3e15	Fix autoformatting issues	2023-02-10 21:58:29 +01:00
Sim4n6	09df055d86	Fix the exists cast warning	2023-02-09 15:25:54 +01:00
Sim4n6	b04d5684fb	add a blank line at the end of the file	2023-02-09 15:23:58 +01:00
Sim4n6	16ef50401b	Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll Co-authored-by: yoff <lerchedahl@gmail.com>	2023-02-09 14:59:28 +01:00
Sim4n6	4196230a8a	use if-then-else rather than nested exists	2023-02-08 21:46:50 +01:00
Sim4n6	9e285020a1	Comment modif + remove redundant cast	2023-02-08 21:14:53 +01:00
Rasmus Wriedt Larsen	5c23b47ef4	Python: Fix typo in QLDoc Co-authored-by: Taus <tausbn@github.com>	2023-02-08 16:27:06 +01:00

... 52 53 54 55 56 ...

9593 Commits