hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

4792 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
3b41c2f204 Python: Use new MethodCallNode in TaintTrackingPrivate 2021-06-22 15:12:35 +02:00
Rasmus Wriedt Larsen
0b767bb853 Merge branch 'main' into small-cleanups 2021-06-22 15:01:53 +02:00
Rasmus Wriedt Larsen
5db627042f Merge pull request #6091 from tausbn/python-exclude-main-py-files 
Python: Avoid `__main__.py` files as entry points.
 2021-06-22 11:29:02 +02:00
Rasmus Wriedt Larsen
e05d6e71b8 Merge pull request #6064 from tausbn/python-add-get-method-call 
Python: Add `getAMethodCall` to `LocalSourceNode`
 2021-06-22 11:16:39 +02:00
Taus
ba6ab8ff3d Python: Expand __main__.py comment 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-21 18:14:03 +02:00
Taus
768cab3642 Python: Address review comments 
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
 2021-06-21 14:57:19 +00:00
Rasmus Wriedt Larsen
1c48aca630 Merge branch 'main' into jmespath 2021-06-21 15:26:45 +02:00
CodeQL CI
565af1a879 Merge pull request #6071 from RasmusWL/fix-input-cwe 
Approved by calumgrant, tausbn
 2021-06-21 06:23:18 -07:00
Rasmus Wriedt Larsen
a7170bedb6 Python: Mention modeling of mysqlclient PyPI package 
Just for completeness in terms of what we claim support for.
 2021-06-21 15:20:08 +02:00
yoff
baf8d0a990 Merge pull request #6045 from RasmusWL/twisted 
Python: Model twisted
 2021-06-21 14:52:57 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Rasmus Wriedt Larsen
d6ec4d30fc Python: Twisted refactor of getRequestParamIndex 2021-06-21 10:54:28 +02:00
Rasmus Wriedt Larsen
8208aebd7e Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-06-21 10:43:25 +02:00
jorgectf
b10ade17be Update HeaderDeclaration input naming 2021-06-20 00:13:59 +02:00
jorgectf
058ade4d8e Merge remote-tracking branch 'upstream/main' into jorgectf/python/jwt-queries 2021-06-18 22:21:38 +02:00
jorgectf
6565680dd6 Finish query 2021-06-18 22:16:39 +02:00
Taus
3aea270e10 Python: Autoformat 2021-06-18 18:30:27 +00:00
jorgectf
017a778a20 Polish make_response and fix extend argument 2021-06-18 20:21:11 +02:00
Taus
aeac03663f Python: Remove old ClickHouseDriver.qll 
The merge must've gone wrong some way, as this file is not supposed to
exist in `experimental` anymore.
 2021-06-18 17:41:09 +00:00
Taus
348b20ca9d Merge branch 'main' of https://github.com/github/codeql into python-a-few-minor-cleanups 2021-06-18 17:38:43 +00:00
Taus
9351688da8 Python: asCfgNode cleanup 2021-06-18 17:22:42 +00:00
Taus
c386f4a009 Python: Clean up py/insecure-protocol 
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
 2021-06-18 17:22:42 +00:00
Taus
f24a9a46d9 Python: add getAnAttributeWrite 2021-06-18 17:22:42 +00:00
Taus
c78ba476cf Python: Clean up a few verbose casts 2021-06-18 17:22:42 +00:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
jorgectf
eac5254a88 Resolve merge conflict 2021-06-18 02:12:49 +02:00
jorgectf
dcb1da338b Extend documentation 2021-06-18 02:03:56 +02:00
jorgectf
4963caf506 Rewrite frameworks modeling 2021-06-18 02:03:27 +02:00
jorgectf
066504e79e Checkout Stdlib.qll 2021-06-18 02:02:47 +02:00
jorgectf
1d7ddce8db Update .expected 2021-06-17 18:10:43 +02:00
jorgectf
9cbb7e0899 Change query objective 2021-06-17 17:53:58 +02:00
jorgectf
5704ac36db Rework LDAP framework modeling 2021-06-17 17:44:08 +02:00
jorgectf
13cfcec968 Change qhelp explanation 2021-06-17 17:43:34 +02:00
jorgectf
d34d2ed2b1 Add .qlref 2021-06-17 17:42:38 +02:00
jorgectf
eb16018446 Update .expected 2021-06-17 15:45:05 +02:00
jorgectf
4e74003cd5 Polish Concepts documentation 2021-06-17 15:44:51 +02:00
jorgectf
7e6032f5b4 Port to Decoding 2021-06-17 15:43:54 +02:00
jorgectf
8e3d5ff3f9 Rename mongoclient tests 2021-06-17 15:43:01 +02:00
jorgectf
b8e619a60c Extend qhelp references 2021-06-17 15:42:45 +02:00
Anders Schack-Mulligen
b173b4141d Merge pull request #6096 from smowton/smowton/fix/inline-expectations-missing-prefix 
Inline expectation tests: accept // $MISSING: and // $SPURIOUS:
 2021-06-17 11:41:15 +02:00
Chris Smowton
558813acf7 Inline expectation tests: accept // $MISSING: and // $SPURIOUS: 
Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)
 2021-06-17 09:44:39 +01:00
Tom Hvitved
0febf5a592 Merge pull request #6094 from hvitved/dataflow/consistency-compiler-too-smart 
Data flow: Workaround for too clever compiler in consistency queries
 2021-06-17 10:23:31 +02:00
Tom Hvitved
ffb2350a54 Data flow: Fix getLocalCallContext join-order 2021-06-17 10:02:31 +02:00
Tom Hvitved
cc383e0f6a Data flow: Workaround for too clever compiler in consistency queries 2021-06-17 09:43:36 +02:00
jorgectf
8527ccc6d6 Update .expected 2021-06-16 23:19:14 +02:00
jorgectf
5c7229c715 Optimize Type Tracking stuff 2021-06-16 23:19:05 +02:00
jorgectf
81505fbd76 Normalize tests 2021-06-16 23:18:38 +02:00