hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,637 Commits 1,671 Branches 157 Tags
dbartol/rc/merge
Commit Graph

4097 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
d39df18544 Python: Minor test cleanup 2021-09-24 16:11:27 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen
c9640ffdbc Python: Minor adjustments to XPath Injection 2021-09-24 15:02:39 +02:00
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
Rasmus Wriedt Larsen
f14e3f6007 Merge pull request #5445 from jorgectf/jorgectf/python/ldapinsecureauth 
Python: Add LDAP Insecure Authentication query
 2021-09-23 11:08:13 +02:00
Rasmus Wriedt Larsen
ef6e502ff0 Python: Make LDAP global options test better 
Before it didn't really showcase that we know it can make connections
secure.
 2021-09-23 10:18:18 +02:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
Rasmus Wriedt Larsen
8badba26b8 Python: Minor SQLALchemy comment fixes 2021-09-22 13:58:29 +02:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Anders Schack-Mulligen
dd1bed02e8 Merge pull request #6721 from aschackmull/dataflow/subpaths01-joinorder 
Dataflow: Fix join-order in subpaths01
 2021-09-21 16:05:41 +02:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
f8e6ba633a Python: Fix .expected for new subpaths query predicate 2021-09-21 09:40:13 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Anders Schack-Mulligen
044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00
Rasmus Wriedt Larsen
97c0f1c7b7 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-09-20 12:04:46 +02:00
Tom Hvitved
1c1c46591e Merge pull request #6708 from hvitved/python/files-folders-drop-columns 
Python: Drop redundant columns from `files` and `folders` relations
 2021-09-16 14:42:15 +02:00
Tom Hvitved
9f10018d48 Address review comment 2021-09-16 13:11:03 +02:00
Taus
783233dfe4 Merge pull request #6696 from yoff/python/copy-multiples-performance-fix-from-ruby 
Python: Copy performance fix for `multiples` from ruby
 2021-09-16 13:01:07 +02:00
Tom Hvitved
37ec83a68b Python: Upgrade script 2021-09-16 10:51:27 +02:00
Tom Hvitved
94b5c4eada Python: Drop redundant columns from files and folders relations 2021-09-16 10:51:27 +02:00
Anders Schack-Mulligen
c0fd44c909 Dataflow: Sync. 2021-09-15 16:10:54 +02:00
Rasmus Lerchedahl Petersen
8ea7a28a77 Python: Unexpose fields as suggested. 2021-09-15 12:32:21 +02:00
yoff
758b6bd4dd Update python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-15 12:25:27 +02:00
Rasmus Lerchedahl Petersen
d37c14880f Python: Copy performance fix 2021-09-14 15:15:50 +02:00
Rasmus Wriedt Larsen
8b7fad8595 Merge pull request #6283 from tausbn/python-fix-exceptstmt-gettype 
Python: Fix `ExceptStmt::getType`
 2021-09-14 13:40:33 +02:00
Rasmus Wriedt Larsen
49f5f1e2c2 Merge pull request #6336 from tausbn/python-make-annotated-assignment-a-definitionnode 
Python: Two fixes regarding annotated assignments
 2021-09-14 13:37:53 +02:00
jorgectf
b505662ef9 Fix global test and update .expected 2021-09-14 10:20:50 +02:00
jorgectf
2ccc6dc092 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-14 09:32:19 +02:00
Rasmus Wriedt Larsen
f402475dd3 Python: Fix globals() == locals() FP 2021-09-13 20:03:11 +02:00
Rasmus Wriedt Larsen
69fe2a36e5 Python: Add globals() == locals() test 2021-09-13 20:02:08 +02:00
Rasmus Wriedt Larsen
ba7cdec2ea Python: Add some lines in test file 
These are just empty now, such that it's obvious the tests didn't
change.
 2021-09-13 20:00:50 +02:00
Rasmus Wriedt Larsen
a9694bf0ef Python: Clean whitespace 2021-09-13 19:58:59 +02:00
Taus
b51ce1d2b3 Merge pull request #6640 from yoff/python-add-parameter-default-value-flow-step 
Python: add parameter default value flow step
 2021-09-13 17:05:48 +02:00
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
3cf28ad6ce Merge remote-tracking branch 'origin/main' into jorgectf/python/ldapinsecureauth 2021-09-12 20:36:25 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
Chris Smowton
38cc9bef02 ReDoS: fix unpaired surrogate test 
This actually does result in an FP, but this was previously hidden by non-interpretation of '\u' escapes within a raw string.
 2021-09-10 15:37:34 +01:00
Rasmus Lerchedahl Petersen
2eb11731e2 Python: Subpaths in test output 2021-09-10 14:04:57 +02:00
Rasmus Lerchedahl Petersen
02fd63ce20 Merge branch 'main' of github.com:github/codeql into python/port-modification-of-default-value 
To get the subpaths.
 2021-09-10 14:03:02 +02:00
Rasmus Lerchedahl Petersen
5d137ce9c5 Python: Update test expectations 2021-09-10 13:35:49 +02:00
Rasmus Wriedt Larsen
db78e3a7da Merge pull request #6274 from tausbn/python-api-graphs-import-star 
Python: Support `import *` in API graphs
 2021-09-10 13:25:41 +02:00
Rasmus Wriedt Larsen
b45743b562 Merge pull request #6312 from tausbn/python-deprecate-importnode 
Python: Deprecate `importNode`
 2021-09-10 13:12:56 +02:00
Rasmus Lerchedahl Petersen
7cfa08abc8 Python: Do not use BarrierGuards 
They are simply not right for this problem.
We should not even make them available as an extension point.
 2021-09-10 12:48:24 +02:00
Tom Hvitved
649c2ce188 Merge pull request #6586 from hvitved/dataflow/stage2-precise-call-ctx-take2 
Data flow: Add precise call contexts to stage 2
 2021-09-10 11:34:35 +02:00
Rasmus Lerchedahl Petersen
b20232db3c Python: Simplify guards as suggested 2021-09-10 10:31:48 +02:00