codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	d85844bb89	python: type tracking uses source nodes	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	81ca479ca9	Python: local flow for type tracking summary flow is excluded from the local flow relation used for typetracking, but included in the one used for global data flow.	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	177dea5307	python: use new syntax for flow summaries also convert to inline tests	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	4024ce4777	python: some summary flows	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	8c263b349f	python: add summary flow steps	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	828db3a392	python: Add summary nodes allowing more `OutNode`s (not restricting to `CallNode`s), gives more flow in the `classesCallGraph` test	2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen	80175a9af5	Python: Compiles and mostly pass tests - add flowsummaries shared files - register in indentical files - fix initial non-monotonic recursions - add DataFlowSourceCall - add resolvedCall - add SourceParameterNode failing tests: - 3/library-tests/with/test.ql	2022-05-10 12:48:42 +00:00
Tom Hvitved	712fe002b9	Data flow: Sync files	2022-05-10 12:41:10 +02:00
yoff	6c3e2db7fd	Merge branch 'main' into python/simple-csrf	2022-05-10 10:55:28 +02:00
Anders Schack-Mulligen	f85e06c2e4	Dataflow: Sync.	2022-05-10 10:12:39 +02:00
yoff	b6605bc330	Merge pull request #8634 from RasmusWL/promote-xxe Python: Promote XXE and XML-bomb queries	2022-05-09 21:54:55 +02:00
Rasmus Wriedt Larsen	4a6789182d	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2022-05-09 16:37:12 +02:00
Anders Schack-Mulligen	f24364d951	Merge pull request #9045 from hvitved/dataflow/subpaths-perf-take2 Data flow: Speedup `subpaths` predicate (take 2)	2022-05-09 15:39:11 +02:00
Rasmus Wriedt Larsen	36349222a9	Python: Fix casing of `XMLDomParsing`	2022-05-09 11:00:25 +02:00
Rasmus Wriedt Larsen	f22bd039f3	Python: Slight refactor of `LxmlParsing`	2022-05-09 10:56:39 +02:00
Mathias Vorreiter Pedersen	176e40f139	Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 Post-release preparation for codeql-cli-2.9.1	2022-05-06 13:15:17 +01:00
github-actions[bot]	1a25457178	Post-release preparation for codeql-cli-2.9.1	2022-05-05 19:05:50 +00:00
Erik Krogh Kristensen	efe306733e	move path-injection MaD to PathInjectionCustomizations.qll	2022-05-05 16:51:39 +02:00
yoff	6169ac6122	Merge pull request #7776 from RasmusWL/django-filefield-uploadto Python: Support Django FileField.upload_to	2022-05-05 14:25:08 +02:00
Tom Hvitved	d9d5372f28	Data flow: Sync files	2022-05-05 13:36:26 +02:00
yoff	0c7184952b	Merge pull request #9023 from RasmusWL/positional-docs Python: Clarify `getArg` is about positional arguments	2022-05-05 11:28:17 +02:00
Tom Hvitved	66a9759329	Merge pull request #8870 from hvitved/dataflow/expect-content Data flow: Introduce `expectsContent`	2022-05-05 09:01:40 +02:00
Joe Farebrother	c1290d9e2b	Sync shared redos library files.	2022-05-04 15:41:38 +01:00
Joe Farebrother	0a5268aeb4	Sync shared library changes across languages.	2022-05-04 15:41:38 +01:00
Tom Hvitved	8e33653d25	Merge pull request #9017 from hvitved/dataflow/subpaths-perf Data flow: Speedup `subpaths` predicate	2022-05-04 16:37:52 +02:00
Tom Hvitved	9cb63c0a5e	Data flow: Sync files	2022-05-04 14:49:26 +02:00
Erik Krogh Kristensen	a812d4dd34	move the MaD sql-injection sink to SqlInjectionCustomizations.qll	2022-05-04 10:59:02 +02:00
Erik Krogh Kristensen	571fc3e73b	Revert "deprecate SqlConstruction" This reverts commit `c0eca0d09a`.	2022-05-04 10:59:02 +02:00
Tom Hvitved	74e99302d6	Address review comments	2022-05-04 09:57:59 +02:00
Tom Hvitved	da72ba46d4	Data flow: Add stub `expectsContent` for all languages	2022-05-04 09:57:59 +02:00
Tom Hvitved	6e2e8440eb	Data flow: Sync files	2022-05-04 09:57:59 +02:00
Erik Krogh Kristensen	ead978187d	adjust the source-type for remote-flow from MaD	2022-05-03 22:53:41 +02:00
Erik Krogh Kristensen	8ffc05c84b	count both named and positional arguments in the `WithArity` filter	2022-05-03 21:21:57 +02:00
Rasmus Wriedt Larsen	d012eaa892	Python: Clarify `getArg` is about positional arguments	2022-05-03 14:26:23 +02:00
yoff	56ed68b3eb	Merge pull request #9001 from RasmusWL/files-refactoring Python: Flask: Improve `request.files` modeing	2022-05-03 12:19:55 +02:00
Tom Hvitved	e9c8f979f9	Data flow: Sync files	2022-05-03 11:46:51 +02:00
Rasmus Wriedt Larsen	7e1be3172e	Python: Add change-note	2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen	de4390cdf6	Python: Improve Flask `request.files` handling even more	2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen	fb0133d276	Python: Fix Flask `request.files` modeling	2022-05-02 14:14:58 +02:00
Erik Krogh Kristensen	c0eca0d09a	deprecate SqlConstruction	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	a8790412dd	add support for the Argument[any] and Argument[any-named] tokens	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	b1fa7f86a8	add support for the any argument tokens	2022-05-02 12:58:15 +02:00
Erik Krogh Kristensen	413d182bcf	add support for named parameters	2022-05-02 12:56:44 +02:00
Erik Krogh Kristensen	c1d3738fb8	fix API-graphs such that the first parameter is the first non-self parameter	2022-05-02 12:52:02 +02:00
Erik Krogh Kristensen	547047ef19	add self parameters to API-graphs, and add support for self parameters in MaD	2022-05-02 12:50:31 +02:00
Erik Krogh Kristensen	dc38aa8a96	add support for the Method[name] token	2022-05-02 12:50:29 +02:00
Erik Krogh Kristensen	ea01bcf5ec	have the Instance token be an alias for Subclass.ReturnValue	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	46acce0ad4	add support for the Subclass token	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	d4b882519a	convert most of the asyncpg model to MaD	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	1c2c9159a9	initial MaD implementation for Python	2022-05-02 12:45:19 +02:00

... 43 44 45 46 47 ...

3023 Commits