hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
79039dc7b8 Python: Wrap aiohttp client request in async def 
And I added `await` before all the `resp` assignments
 2023-07-06 11:29:14 +02:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Jeroen Ketema
5d855594ba Python: Use correct class in inline expectation test 
These were missed earlier, and still referred to the classes from the legacy
interface and not the parameterized module.
 2023-07-03 10:23:26 +02:00
Jeroen Ketema
abe06e5b95 Python: Update remaining inline expectation tests to use the paramterized module 2023-07-03 10:22:35 +02:00
amammad
816799c4ba upgrade query to detect redash CVE too 2023-06-30 22:14:50 +10:00
amammad
7aa002fa2a fix an accident :) 2023-06-29 22:20:46 +10:00
amammad
7a17b99c17 V2 2023-06-29 20:55:51 +10:00
Rasmus Wriedt Larsen
257f9912dd Python: Remove one more unnecessary taint test 2023-06-26 12:00:55 +02:00
Rasmus Wriedt Larsen
6cb03190fa Python: Updates from inline test being parameterized 2023-06-26 11:43:51 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
amammad
e3e0307db7 V1 2023-06-25 20:36:28 +10:00
Rasmus Lerchedahl Petersen
86dfc7b66e python: format 2023-06-23 08:18:06 +02:00
Rasmus Lerchedahl Petersen
2264b119a6 python: more consistent tests 
- do not test taint flow whne dataflow is established
- test taint of both the collection and the expected element
 2023-06-22 11:52:25 +02:00
yoff
0f8ebd1519 Update python/ql/test/experimental/dataflow/model-summaries/model_summaries.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-22 11:31:21 +02:00
amammad
748e96d852 V1 Bombs 2023-06-22 19:28:27 +10:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Rasmus Lerchedahl Petersen
cb2de69f5a python: consolidate tests 
also change `Foo` -> `foo`
 2023-06-20 16:13:38 +02:00
Erik Krogh Kristensen
2341c82450 Merge pull request #13342 from erik-krogh/once-again-deps 
Py: delete more old deprecations
 2023-06-20 15:29:17 +02:00
Rasmus Wriedt Larsen
47d0a6d2e3 Python: Restore rest of experimental files 2023-06-20 14:30:43 +02:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Rasmus Lerchedahl Petersen
e111a19524 python: split tests into taint and value 
and add summaries
 2023-06-20 10:46:27 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Rasmus Lerchedahl Petersen
229641070f python: rename summaries 2023-06-18 22:01:47 +02:00
Rasmus Lerchedahl Petersen
6554e804dd python: add test for model summaries 
(but no summaries yet)
 2023-06-18 21:52:49 +02:00
Rasmus Wriedt Larsen
fb6955edf9 Python: Add tests of methods in summaries 2023-06-16 14:43:45 +02:00
Rasmus Lerchedahl Petersen
b7bf750174 python: use updated names in test 2023-06-14 22:23:21 +02:00
Rasmus Lerchedahl Petersen
6521a51d93 python: unique strings in tests 2023-06-14 21:14:50 +02:00
erik-krogh
df61c4dd62 reintroduce the experiemental queries that use deprecated features 2023-06-14 08:31:57 +02:00
erik-krogh
bfe7e62f35 update some expected outputs - some tests no longer have an edges relation - and XsltSinks lost a result 2023-06-14 08:31:57 +02:00
erik-krogh
e463819bc2 get ParamSource.ql to compile by deleting import that got deleted - I have no if this is a good change 2023-06-14 08:31:57 +02:00
erik-krogh
3a436d1f84 do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library 2023-06-14 08:31:56 +02:00
erik-krogh
ae8bf5ed3c delete old deprecations 2023-06-14 08:31:51 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
yoff
4056358863 Merge pull request #13438 from RasmusWL/flask-render-string 
Python: Add modeling of `flask.render_template_string`
 2023-06-13 14:56:43 +02:00
Rasmus Wriedt Larsen
2b7fc94aef Python: Fix validTest.py expectation 2023-06-13 12:11:28 +02:00
yoff
8cae151883 Update python/ql/test/experimental/dataflow/typetracking-summaries/TestSummaries.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-13 11:22:54 +02:00
Rasmus Lerchedahl Petersen
b709ed47e1 python: add test 2023-06-13 11:20:15 +02:00
Jeroen Ketema
c3ba206b6a Merge pull request #13346 from jketema/inline-2 
Update inline expectation tests to use parameterized module
 2023-06-13 10:10:55 +02:00
Rasmus Wriedt Larsen
6526364045 Python: Add modeling of flask.render_template_string 2023-06-12 21:18:31 +02:00
erik-krogh
6dfeb2536b delete old deprecations 2023-06-09 15:12:23 +02:00
Rasmus Lerchedahl Petersen
b294f48dbe Merge branch 'main' of https://github.com/github/codeql into python-ruby/track-through-summaries-pm 2023-06-09 14:16:34 +02:00
Jeroen Ketema
8f599faf85 Python: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:29 +02:00
Taus
19e1bab102 Python: Update expected output for syntax error queries 2023-06-07 15:26:52 +00:00
Nick Rolfe
02395867c8 Python: avoid selecting getLocation() in py/truncated-division 2023-06-05 13:42:46 +01:00
Nick Rolfe
c67a350e36 Python: avoid selecting getLocation() in py/unnecessary-delete 2023-06-05 11:16:13 +01:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
Rasmus Lerchedahl Petersen
2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Rasmus Lerchedahl Petersen
47b2d48da2 python: add tests 
- add `getACallSimple` to `SummarizedCallable`
  (by adding it to `LibraryCallable`)
 2023-05-30 13:16:04 +02:00