hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

2350 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
112e7c95fa Python: all dict constructor args are relevant 2024-09-24 20:58:59 +02:00
yoff
e7f9b5bbbc Merge branch 'main' into stdlib-optparse 2024-09-24 20:24:00 +02:00
Taus
8c015b0784 Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette 
Python: Add Support for CORS Middlewares
 2024-09-24 15:51:49 +02:00
Kevin Stubbings
02a664319a formatting 2024-09-23 15:10:25 -07:00
Kevin Stubbings
e6b775422d Remove redundant imports 2024-09-23 15:08:24 -07:00
Kevin Stubbings
05765c4284 Formatting 2024-09-23 14:51:50 -07:00
Kevin Stubbings
5d12f7bd30 Pre formatting Bottle tests 2024-09-23 14:37:22 -07:00
Chuan-kai Lin
1cd8af54f2 Merge pull request #17190 from github/cklin/diff-informed-java-queries 
Java: add support for alert location restrictions
 2024-09-23 08:39:24 -07:00
Joe Farebrother
48f9e0efe5 Adress review comments: Add missing deprecation + additional test case 2024-09-23 10:57:04 +01:00
Rasmus Wriedt Larsen
535db98823 Python: Minor simplification of ActiveThreatModelSource 
Co-authored-by: Taus <tausbn@github.com>
 2024-09-23 11:21:55 +02:00
Rasmus Wriedt Larsen
4a21a85e73 Merge branch 'main' into threat-models 2024-09-23 11:19:58 +02:00
Anders Schack-Mulligen
3a1e50dcf9 Dataflow: Simplify diff-informed implementation and tweak flag name. 2024-09-20 07:07:10 -07:00
Joe Farebrother
3001a570b2 Replace uses of StringConstCompare 2024-09-20 14:47:22 +01:00
Joe Farebrother
164cf27e67 Add additional constant checks to constant barrier gaurd 2024-09-20 12:46:10 +01:00
Kevin Stubbings
c30332818f Reorder and rename 2024-09-13 00:41:55 -07:00
Kevin Stubbings
03f375e436 missed some 2024-09-13 00:21:33 -07:00
Kevin Stubbings
831d522025 First round feedback 2024-09-12 20:49:10 -07:00
Chuan-kai Lin
ff78bebf19 Shared support for alert filtering 2024-09-11 13:18:26 -07:00
Rasmus Wriedt Larsen
5ff7b6557f Python: Add links to threat-model docs 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
333367c07d Python: Add threat-modeling of raw_input 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
8d8cd05b94 Python: Add basic support for database threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get() 
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
528f08fb83 Python: Make queries use ActiveThreatModelSource 2024-09-10 14:32:35 +02:00
Joe Farebrother
d1cca13563 Merge pull request #17314 from joefarebrother/python-x509-cert 
Python: Exclude certificate classification fo sensitive data queries
 2024-09-09 10:48:36 +01:00
Kevin Stubbings
6efb3c69ef QLformatting 2024-09-03 15:54:06 -07:00
Kevin Stubbings
bd2564ee44 Formatting 2024-09-03 14:34:25 -07:00
Kevin Stubbings
581e7f5d3c Bottle 2024-09-03 14:00:27 -07:00
erik-krogh
20dfdc9661 delete some deprecated files 2024-09-03 20:30:59 +02:00
erik-krogh
0fdd06fff5 use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Porcupiney Hairs
e2dd126962 Python: Pycurl SSL Disabled 2024-09-03 03:41:23 +05:30
Kevin Stubbings
326eb6946e Added 2024-08-30 18:17:38 -07:00
Kevin Stubbings
5c8c99d31f Add header support for bottle and tornado 2024-08-30 18:16:01 -07:00
Joe Farebrother
ec7ad84cd1 Update formatting 2024-08-30 13:51:33 +01:00
Joe Farebrother
5360192a58 Apply review suggestions - change = to in 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-08-30 13:25:59 +01:00
Joe Farebrother
1cb23e7e86 Exclude certificates from being cinsidered sensitive data by cleartext-storage and cleartext-logging queries 2024-08-27 14:18:39 +01:00
Kevin Stubbings
812abea0de change-notes 2024-08-26 22:25:00 -07:00
Kevin Stubbings
0420d25c13 refactor 2024-08-26 22:09:24 -07:00
Kevin Stubbings
1db7865d49 Corrections 2024-08-26 22:06:12 -07:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
Anders Schack-Mulligen
8470e91c16 Legacy Dataflow: Sync. 2024-08-20 10:07:57 +02:00
Rasmus Wriedt Larsen
5ec8e5dd30 Python: Setup support for threat-models 
Naming in other languages:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and instead I came up with new names.
 2024-08-19 10:54:47 +02:00
Tom Hvitved
0fcfb47423 Sync shared files 2024-08-13 13:34:45 +02:00
Joe Farebrother
62c2fe6b17 Merge pull request #16933 from joefarebrother/python-cookie-concept-promote 
Python: Promote the insecure cookie query from experimental
 2024-08-07 09:06:05 +01:00
Joe Farebrother
24df54804a Review suggestion - Add link to qldoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-08-06 22:59:14 +01:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00