hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4639 Commits

Author SHA1 Message Date
Taus
d4fc096ea8 Python: Use local flow in Pythagorean.ql 
The hand-rolled notion of flow was causing some severe performance
issues (on a few databases):

```
Tuple counts for Pythagorean::square#168e234a#f#loop_invariant_prefix/2@c86989kr after 6m35s:
175000     ~5%     {2} r1 = JOIN SSA::SsaVariable::getDefinition#dispred#f0820431#ff_10#join_rhs WITH Flow::ControlFlowNode::getNode#dispred#f0820431#bf ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'arg0'
174500     ~6%     {2} r2 = JOIN r1 WITH SSA::SsaVariable::getVariable#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0'
1467782500 ~5%     {3} r3 = JOIN r2 WITH AstGenerated::Name_::getVariable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT 3, Rhs.1 'arg1', Lhs.1 'arg0'
1467553000 ~0%     {2} r4 = JOIN r3 WITH py_expr_contexts_12#join_rhs ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1'
                    return r4
```

Rewriting it to use the data flow library made all of this go away. 🎉
 2022-04-25 14:35:37 +00:00
Jeroen Ketema
79164056d1 Replace help.semmle.com links by codeql.github.com links 2022-04-22 20:42:11 +02:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Erik Krogh Kristensen
a96489b23d delete duplicate imports 2022-04-22 12:41:30 +02:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
${sleep,7}
b5734ed6a2 Merge branch 'main' into jty/python/emailInjection 2022-04-20 09:50:08 -04:00
Rasmus Wriedt Larsen
bb6969a175 Merge branch 'main' into promote-xxe 2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen
6235dc5039 Python: Handle find_library assignment to temp variable 2022-04-13 11:44:15 +02:00
Porcupiney Hairs
785dc1af3c Include changes from review 2022-04-12 21:17:39 +05:30
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll 
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
 2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Rasmus Wriedt Larsen
ec66f26ade Python: Handle get_collection on pymongo DB 2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen
89eeaf85d5 Python: Handle get_database on MongoClient instance 2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen
7ca19653df Python: mongoDBInstance refactor 2022-04-07 16:22:57 +02:00
Rasmus Wriedt Larsen
e58e9a273b Python: mongoClientInstance refactoring 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
0ce2ced1aa Python: Model pymongo.mongo_client.MongoClient 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
8191be9d75 Python: Move last XXE/XML bomb out of experimental 2022-04-07 15:37:56 +02:00
Rasmus Wriedt Larsen
405480c410 Python: Rename sink definitions for XXE/XML bomb 2022-04-07 15:37:56 +02:00
Erik Krogh Kristensen
50bfc8eaa0 refactor uses of API::Node::getAUse() that should have been something else 2022-04-07 13:52:13 +02:00
Erik Krogh Kristensen
4e5afab082 refactor more python type-trackers to API-graphs 2022-04-07 13:51:40 +02:00
Rasmus Wriedt Larsen
7728b6cf1b Python: Change XmlBomb vulnerability kind 2022-04-07 10:56:35 +02:00
Rasmus Wriedt Larsen
23637fd691 Merge branch 'main' into promote-xxe 2022-04-06 12:56:31 +02:00
Rasmus Wriedt Larsen
4d2a3b38d2 Merge pull request #8511 from RasmusWL/use-query-suffix 
Python: Use `Query.qll` suffix for dataflow configuration definitions
 2022-04-06 11:59:29 +02:00
Ahmed Farid
dfe7f532ac Update CopyFile.qll 2022-04-05 12:42:05 +00:00
Ahmed Farid
0d6d07886b Rename Zip.qll to CopyFile.qll 2022-04-05 12:37:14 +00:00
Ahmed Farid
8882bc1533 Update Frameworks.qll 2022-04-05 12:32:10 +00:00
Ahmed Farid
68bfe38529 Update Zip.qll 2022-04-05 12:31:30 +00:00
Rasmus Wriedt Larsen
a7dab53ed2 Python: Add change-note 2022-04-05 11:46:49 +02:00
Rasmus Wriedt Larsen
1f285b8983 Python: Rename to XmlParsingVulnerabilityKind 
To keep up with style guide
 2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen
ab59d5c786 Python: Rename to XmlParsing 
To follow our style guide
 2022-04-05 11:06:22 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Rasmus Wriedt Larsen
d2b03bb480 Python: Fix SimpleXmlRpcServer.ql 2022-03-31 20:37:28 +02:00
Rasmus Wriedt Larsen
4abab22066 Python: Promote XXE and XML-bomb queries 
Need to write a change-note as well, but will do that tomorrow
 2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen
b8d3c5e96f Python: Remove last bits of experimental XML modeling 2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen
e11269715d Python: Promote xml.sax and xml.dom.* modeling 2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen
64aa503cc3 Python: Promote xml.etree modeling 2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen
7f5f7679f8 Python: Promote xmltodict modeling 2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen
80b5cde3a2 Python: Promote lxml parsing modeling 2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45288e812 Python: => XMLParsingVulnerabilityKind 
Since there are other XML vulnerabilities that are not about parsing,
this is more correct.
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e005a5c0ab Python: Promote XMLParsing concept 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
9caf4be21b Python: Add PortSwigger link to Xxe.qhelp 
I found this resource quite good myself at least :)
 2022-03-31 09:52:55 +02:00