hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,347 Commits 1,671 Branches 157 Tags
idrissrio/java-implicit
Commit Graph

2965 Commits

Author SHA1 Message Date
Joe Farebrother
e6794a9af1 Add change note 2024-12-11 14:27:57 +00:00
Joe Farebrother
2019ddfa7f Qldoc improvements + add a few extra tests 2024-12-11 12:25:40 +00:00
Joe Farebrother
5c8ef28d12 Add missing qldoc and revert accidentilly commited threat model change 2024-12-11 12:04:16 +00:00
Joe Farebrother
29a90235e8 Improve tests and use API graphs 2024-12-10 19:09:45 +00:00
Joe Farebrother
d2b0d7a743 Add missing qldoc 2024-12-10 19:07:53 +00:00
Joe Farebrother
89167da177 Model flow steps for lxml 2024-12-10 19:01:14 +00:00
Joe Farebrother
ef1d898b0d Add qldoc 2024-12-09 19:57:39 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
55557f8dd3 Use API graohs directly 2024-12-09 19:57:07 +00:00
Joe Farebrother
cea196ec61 Add concepts tests + some fixes 2024-12-09 19:55:42 +00:00
Joe Farebrother
71ab82dee0 Fix qldoc, formatting, and redundant import warnings 2024-12-09 19:55:21 +00:00
Joe Farebrother
b2c13fe351 Promote template injection sinks for each framework covered 
`Cheetah` was excluded as it was last updated 15 years ago and its documentation links are dead.
 2024-12-09 19:55:17 +00:00
Joe Farebrother
60d8a85a9c Promote jinja sinks 2024-12-09 19:54:57 +00:00
Joe Farebrother
8647073433 Copy template injection to standard pack + add jinja sinks 2024-12-09 19:47:06 +00:00
yoff
81c8a702ff Merge pull request #18112 from github/tausbn/add-api-graph-support-for-parameter-annotations 2024-12-05 15:05:27 +01:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Anders Schack-Mulligen
8a5fc97b06 Python: Remove deprecated configuration classes referencing deleted api. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Anders Schack-Mulligen
acc260cc3c Python: Delete deprecated data flow api. 2024-12-03 14:41:49 +01:00
Taus
d779ae5c3e Python: Add change note for CFG pruning fix 
... And also bump the extractor version.
 2024-11-26 15:39:15 +00:00
Taus
2734377e5d Python: Add API graph support for parameter annotations 
Adds API graph support for observing that in
```python
def foo(x : Bar): ...
```
The variable `x` is likely to be an instance of the type `Bar` inside
this function.
In particular, we add `getInstanceFromAnnotation` as a predicate on API
graph nodes that tracks this step (corresponding to a new edge type
labeled with "annotation" in the API graph), and extend the existing
`getAnInstance` predicate to also include instances arising from type
annotations.

A more complete solution would also add support for annotated
assignments (`x : Foo = ...` or just `x : Foo`) as well as track types
through type aliases (`type Foo = Bar`). This turns out to be
non-trivial, however, as these type constructs don't have any CFG nodes
(and so no data-flow nodes by default either). In order to not have
perfect be the enemy of good, this commit is only targeting the type
parameter case (which is also likely to be the most common use case
anyway).

The tests for API graphs have been extended accordingly, including tests
for the kinds of type ascriptions that we _don't_ currently model in API
graphs (marked with `MISSING:` in the inline tests).
 2024-11-26 13:03:06 +00:00
Alexander Eyers-Taylor
c0474c4e45 Revert "Revert "Post-release preparation for codeql-cli-2.19.4"" 2024-11-21 15:37:52 +00:00
Alexander Eyers-Taylor
4effe9e364 Revert "Post-release preparation for codeql-cli-2.19.4" 2024-11-21 14:43:15 +00:00
github-actions[bot]
3909df75dc Post-release preparation for codeql-cli-2.19.4 2024-11-19 17:54:03 +00:00
github-actions[bot]
9783a11565 Release preparation for version 2.19.4 2024-11-19 16:21:37 +00:00
yoff
22287be5d1 Merge pull request #17370 from Kwstubbs/Bottle/Tornado-HeaderSupport 
Python: Bottle Framework Support
 2024-11-19 15:34:26 +01:00
github-actions[bot]
f107d16b4e Post-release preparation for codeql-cli-2.19.3 2024-11-04 17:20:08 +00:00
github-actions[bot]
cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
Anders Schack-Mulligen
b556590ef8 Merge pull request #17663 from aschackmull/dataflow/speculative-flow 
Dataflow: Add support for speculative taint flow.
 2024-10-31 08:12:43 +01:00
Kevin Stubbings
ac411f1254 Second round feedback 2024-10-30 13:52:38 -07:00
Kevin Stubbings
0483b8004c Feedback 2024-10-29 15:45:11 -07:00
yoff
c78aeec2ec Update python/ql/lib/semmle/python/frameworks/Pycurl.qll 2024-10-24 11:44:16 +02:00
Porcupiney Hairs
c74f6f587f Merge branch 'main' into pyloadSsl 2024-10-21 20:09:05 +05:30
Porcupiney Hairs
f6369a6ed7 Include changes from review 2024-10-21 20:01:44 +05:30
Porcupiney Hairs
7ef2d79b3f Include changes from review 2024-10-21 03:28:19 +05:30
Arthur Baars
08af7d0007 Merge pull request #17810 from github/post-release-prep/codeql-cli-2.19.2 
Post-release preparation for codeql-cli-2.19.2
 2024-10-18 18:28:07 +02:00
github-actions[bot]
272f6c2541 Post-release preparation for codeql-cli-2.19.2 2024-10-18 15:56:02 +00:00
Arthur Baars
aaf220d41e Fix typos in changelogs 2024-10-18 15:28:05 +00:00
github-actions[bot]
ca0345324e Release preparation for version 2.19.2 2024-10-18 15:16:21 +00:00
Arthur Baars
eb515f884b Revert "Release preparation for version 2.19.2" 2024-10-18 17:06:20 +02:00
Rasmus Lerchedahl Petersen
30053da70d Python: extra modelling of stdlib 
as a reaction to the latest QA run
 2024-10-18 13:49:33 +02:00
yoff
e46722f3be Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll 2024-10-17 17:23:00 +02:00
Anders Schack-Mulligen
4153a83a4f Python: Add workaround. 2024-10-16 16:14:51 +02:00
Rasmus Lerchedahl Petersen
22d621c625 shared: add locations to typetracking nodes 2024-10-16 15:16:18 +02:00
Anders Schack-Mulligen
c20f12fa6c Add qldoc. 2024-10-16 14:35:23 +02:00
Anders Schack-Mulligen
7497d9530d Python: Add tentative support for speculative taint flow. 2024-10-16 14:35:20 +02:00
Anders Schack-Mulligen
c80627a3d3 Dataflow: add plumbing for adding provenance to state-steps. 2024-10-16 14:35:18 +02:00
Taus
28f8874243 Merge pull request #17688 from github/tausbn/python-3.13-default-type-parser-support 
Python: Add support for type parameter defaults
 2024-10-15 18:01:51 +02:00