hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4455 Commits

Author SHA1 Message Date
jorgectf
a6c285ad32 Apply getItem(_) and extend verifiesSignature readability 2021-10-28 17:40:27 +02:00
Jorge
f4d63cc5e7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-28 17:34:11 +02:00
jorgectf
ef4a27ff8c Apply code review suggestions 2021-10-28 17:31:52 +02:00
Erik Krogh Kristensen
e75448ebb0 remove redundant inline casts 2021-10-28 16:35:53 +02:00
Rasmus Lerchedahl Petersen
8536f5f5a2 Python: remember to update refs... 2021-10-28 14:32:53 +02:00
Rasmus Lerchedahl Petersen
c92249525b Python: update test expectations 2021-10-28 14:03:09 +02:00
Rasmus Wriedt Larsen
a33a8fd518 Python: Support flask.blueprints.Blueprint 
Thanks to @haby0 who originally proposed this as part of
https://github.com/github/codeql/pull/6977
 2021-10-28 14:02:03 +02:00
Rasmus Lerchedahl Petersen
3abe3e43d0 Python: autoformat 2021-10-28 13:58:01 +02:00
Rasmus Wriedt Larsen
8c3349f40f Python: Properly model flask.send_from_directory 
To not include `filename` as path-injection sink.
 2021-10-28 13:41:39 +02:00
Rasmus Wriedt Larsen
228e9e973a Python: Minor flask refactor 2021-10-28 13:36:03 +02:00
Rasmus Wriedt Larsen
6648a695eb Python: Add flask specific path-injection test 2021-10-28 13:34:18 +02:00
Rasmus Lerchedahl Petersen
b3ba75a00f Python: Fix tests by managing local sources 
`API::Node::getAwaited` is restriced to local sources
 2021-10-28 13:22:59 +02:00
jorgectf
3dec222922 Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries 2021-10-28 13:11:46 +02:00
jorgectf
7069f45864 Polish documentation 2021-10-28 13:09:28 +02:00
Rasmus Wriedt Larsen
436152a46d Python: Refactor flask file sending tests 2021-10-28 12:37:07 +02:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen
d9e5d179d2 Python: Minor fix to QLDoc 
and auto-formatting
 2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Rasmus Lerchedahl Petersen
56dab252c9 Python: remove spurious dataflow step 2021-10-28 09:47:04 +02:00
Rasmus Lerchedahl Petersen
cca675a161 Python: Add test for async taint 
(which we belive we have just broken)
 2021-10-28 09:47:04 +02:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
jorgectf
350cbb4c5d Polish qhelp and libraries 2021-10-27 18:47:19 +02:00
Anders Schack-Mulligen
699630af54 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen
034c7f3538 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Rasmus Lerchedahl Petersen
06586a13a3 Python: merge tests files 2021-10-27 11:55:04 +02:00
Rasmus Lerchedahl Petersen
826f44d98e Python: Share implementation of awaited 2021-10-27 11:41:18 +02:00
Rasmus Lerchedahl Petersen
01ad19b82b Python: correct qldoc 2021-10-27 11:40:57 +02:00
yoff
c850554467 Update python/ql/lib/semmle/python/frameworks/SqlAlchemy.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-27 11:09:37 +02:00
Rasmus Lerchedahl Petersen
fed6a97eb8 Python: Promote ReDoS queries 2021-10-27 11:03:57 +02:00
Rasmus Wriedt Larsen
89e713a25c Python: Update PyYAML comment with 6.0 release 2021-10-26 17:58:06 +02:00
Rasmus Wriedt Larsen
cd6d73d553 Python: Handle kwarg in PyYAML 
Really surprised that we didn't already :|
 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
6c0083e584 Python: Add PoC for PyYAML code execution 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
1ce09afa08 Python: Add modeling of ruamel.yaml PyPI package 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
29e3abc977 Python: FastAPI: Add HTTP header taint example 2021-10-26 15:34:16 +02:00
Erik Krogh Kristensen
62e729501c make the RegExpEscape::getUnescaped predicate public in python 2021-10-26 15:25:14 +02:00
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Erik Krogh Kristensen
834d5ec6ad add session{key,id} as sensitive info 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Rasmus Lerchedahl Petersen
8a81d42e6f Python: more logic adjustment 
Not sure why the missing result is missing. There is
and edge with label `getAwaited` from `pkg.async_func` on line 22
to `coro` on line 23.
 2021-10-26 10:57:27 +02:00
Rasmus Lerchedahl Petersen
f91e43c068 Python: Add more honest test for awaited 2021-10-26 10:43:06 +02:00
Rasmus Lerchedahl Petersen
a8a181a32f Python: adjust logic and add tests 
Due to the way paths a re printed, the tests look surprising
 2021-10-26 09:55:47 +02:00
Erik Krogh Kristensen
e117659dce revert a thing for python 2021-10-25 20:50:18 +02:00
Erik Krogh Kristensen
f4a054ea01 apply range pattern patch to python 2021-10-25 19:38:10 +02:00
CodeQL CI
3fc6e2b294 Merge pull request #6941 from RasmusWL/add-missing-noinline 
Approved by tausbn
 2021-10-25 15:23:37 +01:00
Rasmus Wriedt Larsen
7619d0fc33 Python: FastAPI: Model WebSocket usage 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
b69977b37a Python: FastAPI: Ignore scheme as tainted 
reasoning highlighted in the comment
 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
bd8eec8475 Python: FastAPI: Add websocket test 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
7e7a6464ec Python: FastAPI: Model extra-taint for pydantic models 
It feels a bit strange to add it to `frameworks.rst` since we only
support a little bit of it, but if I don't do it now, we will most
likely forget to do it later on (since it has already been added to
`frameworks.qll`).
 2021-10-25 15:22:50 +02:00