hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,475 Commits 1,672 Branches 157 Tags
js/move-cors-query-from-experimental
Commit Graph

2941 Commits

Author SHA1 Message Date
Michael Nebel
f4f7d83349 Python: Rename Negative Summary Model to Neutral Model. 2022-12-09 15:04:43 +01:00
Michael Nebel
079d48c42a Sync files. 2022-12-09 15:04:42 +01:00
Asger F
387a673c10 Merge pull request #11567 from asgerf/js/data-extensions2 
JS: Move MaD models to data extensions
 2022-12-09 10:09:24 +01:00
Jami Cogswell
0b2f2a3f88 Java: remove predicates from NegativeSummarizedCallable 2022-12-08 23:46:55 -05:00
Chris Smowton
81110b19e7 Merge pull request #11612 from smowton/smowton/admin/merge-rc38-into-main 
Merge rc/3.8 into main
 2022-12-08 12:25:59 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Rasmus Wriedt Larsen
d684dbdf5c Merge pull request #10656 from porcupineyhairs/PyPamImprove 
Python: Improve the PAM authentication bypass query
 2022-12-08 11:59:10 +01:00
Rasmus Wriedt Larsen
a826c4f48b Merge branch 'main' into call-graph-code 2022-12-08 11:39:30 +01:00
Jami Cogswell
aa7e6d7811 Java: add negative numbers 2022-12-07 17:17:35 -05:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Asger F
5af1b367c7 Support data extensions 2022-12-07 11:35:05 +01:00
Jami Cogswell
b82f9b1911 Java: add draft of generated vs manual MaD metrics query 2022-12-06 22:15:19 -05:00
Tom Hvitved
b5e2e1e469 Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks 
Data flow: Add consistency checks for parameter positions
 2022-12-06 09:33:36 +01:00
Tom Hvitved
52f3a48638 Data flow: Sync files 2022-12-05 12:57:27 +01:00
Tom Hvitved
faca4b5b56 Merge pull request #11461 from hvitved/ruby/unique-hash-splat-param 
Ruby: At most one hash-splat `ParameterNode` per callable
 2022-12-05 11:53:28 +01:00
Alvaro Muñoz
7fe4108a0b add change note 2022-12-03 16:37:14 +01:00
Alvaro Muñoz
fc56843c04 improve predicate QLdoc 2022-12-03 16:34:14 +01:00
Alvaro Muñoz
7e0e56dadc Added two new CMDi sinks fot python's stdlib 2022-12-02 22:16:40 +01:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Jami Cogswell
1f4bd00993 split rsa/dsa/dh 2022-12-01 11:56:44 -05:00
Jami Cogswell
0fa05d47e3 add shared key sizes 2022-12-01 11:56:44 -05:00
Tom Hvitved
b33f5925bb Data flow: Sync files 2022-11-30 13:39:25 +01:00
Owen Mansel-Chan
55c4643b20 Dataflow: Sync. 2022-11-30 11:00:07 +00:00
porcupineyhairs
346dd864b5 Update python/ql/lib/change-notes/2022-11-17-py-pam-improve.md 
fix typo

Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-11-30 05:21:11 +05:30
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Rasmus Wriedt Larsen
8694119c3c Python: Update py/pam-auth-bypass change-note wording 2022-11-28 16:16:34 +01:00
Rasmus Wriedt Larsen
3d9556e5a3 Python: Use proper Query suffix 2022-11-28 16:03:17 +01:00
Rasmus Wriedt Larsen
c310948521 Python: Remove enclosing module for PAM Auth Bypass.qll 2022-11-28 16:02:38 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Erik Krogh Kristensen
03737543d4 Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Rasmus Wriedt Larsen
d151e21f15 Python: Move ControlFlowNode.toString() to AST cached stage 
This means points-to is no longer evaluated for sql injection 🎉

Thanks @asgerf 💪
 2022-11-24 10:14:39 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
Asger F
abf0c0f296 Python: update more comments referring to the package column 2022-11-23 15:02:08 +01:00
Asger F
1c910550e6 Python: merge package/type columns 2022-11-23 11:17:42 +01:00
Rasmus Wriedt Larsen
69b43f147a Python: Fix ql4ql alerts 
The rest will be ignored.
 2022-11-22 16:24:47 +01:00
Rasmus Wriedt Larsen
5866af413f Merge pull request #11347 from tausbn/python-clean-up-import-resolution 
Python: Add change note for module resolution
 2022-11-22 15:28:38 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
c0ad870949 Python: Exclude synthetic generator functions from DataFlowCallable 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
36e8b8bfb9 Python: Add call-graph to cached dataflow stage 
I didn't do any performance investigation on this, since it just seems
so much like the right approach.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
fc0545561e Python: Introduce points-to cached stage 
With points-to not being used for the call-graph any longer, it's time
to split them.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
bd46b7deaa Python: Cache a few call-graph predicates 
We DON'T want to recompute these ones for sure!
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
6646e98d20 Python: Fix results outside DB for StackTraceExposure 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
a301c93ebf Python: Fix results outside DB for CleartextLogging 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
39ce50fadc Python: Fix problems with sinks in pathlib 
This must mean that we did not have this flow with the old call-graph,
which means the new call-graph is doing a better job (yay).
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
478f5ffe96 Python: Limit self argument for PotentialLibraryCall 
Using the object from `MethodCallNode` meant that in the code below,
`lib` from the import expression would be considered a self argument

(this showed up in dataflow-consistency query results, that were not
comitted... sorry)

```
from lib import func
func()
```
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
c4122275dc Python: Bring back support for flow-summaries 
Also needed to fix up `TestUtil/UnresolvedCalls.qll` after a bad merge
conflict resolution. Since all calls are now DataFlowCall, and not JUST
the ones that can be resolved, we need to put in the restriction that
the callable can also be resolved.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
8a56b48357 Python: Support super().__new__(cls) 2022-11-22 14:46:32 +01:00