hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

9261 Commits

Author SHA1 Message Date
Henry Mercer
3490067316 Merge branch 'main' into henrymercer/rc-3.15-mergeback 2024-08-29 19:48:01 +01:00
Joe Farebrother
5494389c4b Update changenote 
Co-authored-by: Sid Shankar <sidshank@github.com>
 2024-08-29 09:44:23 +01:00
Joe Farebrother
a8591c79c5 Update test 2024-08-28 09:11:34 +01:00
Joe Farebrother
f3dea1d647 Add changenote 2024-08-28 09:04:01 +01:00
Joe Farebrother
fc24ca304d Update tests 2024-08-27 14:18:50 +01:00
Joe Farebrother
1cb23e7e86 Exclude certificates from being cinsidered sensitive data by cleartext-storage and cleartext-logging queries 2024-08-27 14:18:39 +01:00
Kevin Stubbings
c60f459530 Grammar 2024-08-26 23:57:19 -07:00
Kevin Stubbings
812abea0de change-notes 2024-08-26 22:25:00 -07:00
Kevin Stubbings
0420d25c13 refactor 2024-08-26 22:09:24 -07:00
Kevin Stubbings
1db7865d49 Corrections 2024-08-26 22:06:12 -07:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
Tom Hvitved
c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
github-actions[bot]
0724fd7ce2 Post-release preparation for codeql-cli-2.18.3 2024-08-21 18:25:54 +00:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Anders Schack-Mulligen
993bfee096 Merge pull request #17259 from aschackmull/dataflow/remove-srcsink-grouping 
Dataflow: Remove src/sink grouping feature
 2024-08-20 14:42:33 +02:00
Anders Schack-Mulligen
8470e91c16 Legacy Dataflow: Sync. 2024-08-20 10:07:57 +02:00
Rasmus Wriedt Larsen
8f7dec07b8 Python: Remove 'response' from default threat-models 
I didn't want to put the configuration file in
`semmle/python/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
 2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen
617ab27c75 Python: Add test showing default active threat-models 2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen
5ec8e5dd30 Python: Setup support for threat-models 
Naming in other languages:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and instead I came up with new names.
 2024-08-19 10:54:47 +02:00
Felicity Chapman
fcb2b5730f Update CookieInjection.ql to remove period 2024-08-15 13:17:13 +01:00
Tom Hvitved
51077ce2e7 Merge pull request #17173 from hvitved/shared/inline-flow-provenance 
Shared: Apply `ShowProvenance` in `InlineFlowTest.qll`
 2024-08-13 14:15:08 +02:00
Tom Hvitved
0fcfb47423 Sync shared files 2024-08-13 13:34:45 +02:00
Rasmus Wriedt Larsen
6dd52e45e4 Merge pull request #17154 from RasmusWL/poetry-update 
Python: Upgrade lockfile for extractor tests
 2024-08-13 11:54:15 +02:00
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
Joe Farebrother
62c2fe6b17 Merge pull request #16933 from joefarebrother/python-cookie-concept-promote 
Python: Promote the insecure cookie query from experimental
 2024-08-07 09:06:05 +01:00
Joe Farebrother
24df54804a Review suggestion - Add link to qldoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-08-06 22:59:14 +01:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Rasmus Wriedt Larsen
d50898e114 Python: Downgrade packaging for Python 3.7 support 2024-08-06 11:15:48 +02:00
Rasmus Wriedt Larsen
4eb6afa880 Python: Update poetry.lock 2024-08-05 14:14:41 +02:00
Anders Schack-Mulligen
377301a55a Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
yoff
123dcc75d1 Merge pull request #16971 from RasmusWL/mad-dict-source 
Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources
 2024-07-31 13:40:07 +02:00
Sylwia Budzynska
9bd00c9e1e Change Gradio rfs test to use shared rfs test module 2024-07-31 13:25:32 +02:00
Sylwia Budzynska
2a6ad00a2f Fix typo 2024-07-31 13:22:27 +02:00
Sylwia Budzynska
72e7b6c872 Update python/ql/lib/semmle/python/frameworks/Streamlit.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-31 13:20:01 +02:00
Sylwia Budzynska
81f3609c4b Formatting 2024-07-30 17:49:20 +02:00
Sylwia Budzynska
dfc51922ba Change regex 2024-07-30 17:39:34 +02:00
Sylwia Budzynska
ef2b225144 Fix PascalCase 2024-07-30 17:36:55 +02:00
Sylwia Budzynska
f796efe470 Add Streamlit SQLAlchemy models 2024-07-30 17:20:52 +02:00
Sylwia Budzynska
9741ddb926 Add remoteflowsoucre test 2024-07-30 17:20:14 +02:00
Sylwia Budzynska
bfd2e4350b Add StreamlitConnection model 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-30 12:58:49 +02:00
Joe Farebrother
e68ef87662 update inline tests for rest_framework tests 2024-07-29 23:35:36 +01:00
Joe Farebrother
82da8b95a7 Fix typo 2024-07-29 23:29:19 +01:00
Joe Farebrother
f10d007496 Add additional test for kwargs case 2024-07-29 23:27:22 +01:00
Joe Farebrother
68512eea14 Remove remaining files from experimental tests 2024-07-29 11:19:33 +01:00
Joe Farebrother
ef3bbeacd6 Add check for kwargs in cookie attribute predicates 2024-07-29 11:17:42 +01:00