hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

3955 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
c8a6e837b5 Python: Model QuerySet chains in django 2021-03-22 14:38:54 +01:00
Rasmus Wriedt Larsen
3a83ecf067 Python: Add test for taint in django forms/fields 2021-03-22 10:03:32 +01:00
Rasmus Wriedt Larsen
f800bf243f Python: Better text for getSourceType in Django 2021-03-22 01:39:19 +01:00
Rasmus Wriedt Larsen
701b935564 Python: Add example of QuerySet chain (django) 2021-03-22 00:57:43 +01:00
Dilan
1385b22642 pr fixes, typo in qhelp file and helper method for queries 2021-03-19 16:43:29 -07:00
yoff
164b383fda Update python/ql/test/query-tests/Security/CWE-327/pyOpenSSL_fluent.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-19 19:12:13 +01:00
Rasmus Wriedt Larsen
d9079e34e3 Python: Move framework tests out of experimental 
Since they are not experimental anymore 😄
 2021-03-19 15:51:54 +01:00
Tom Hvitved
09a49e4580 Merge pull request #5311 from hvitved/dataflow/lambda 
Data flow: Move C# lambda flow logic into shared library
 2021-03-19 11:44:15 +01:00
yoff
37036b5e76 Merge pull request #5437 from RasmusWL/small-pyyaml-improvements 
Python: Small PyYAML improvements
 2021-03-19 11:15:49 +01:00
Rasmus Wriedt Larsen
7543f10593 Python: Reorganize PyYAML tests a bit 2021-03-19 09:53:25 +01:00
Rasmus Lerchedahl Petersen
e0e6d5724e Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-18 23:34:53 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
jorgectf
957b3e1e85 Precision warn 2021-03-18 20:39:53 +01:00
jorgectf
3ce0a9c8c0 Move to experimental folder 2021-03-18 20:20:04 +01:00
jorgectf
7de9214c99 Upload LDAP Insecure authentication query and tests 2021-03-18 17:41:34 +01:00
Rasmus Wriedt Larsen
42b2c3ed52 Python: Model C-based loaders for PyYAML 
Not really that important. But easy to do while I was working on this library.
 2021-03-18 11:55:01 +01:00
Rasmus Wriedt Larsen
54e6f51512 Python: Add example of C-based PyYAML loaders 
```
In [6]: yaml.load("!!python/object/new:os.system [echo EXPLOIT!]", yaml.CLoader)
EXPLOIT!
Out[6]: 0
```
 2021-03-18 11:50:59 +01:00
Rasmus Wriedt Larsen
25b15d7470 Python: Move PyYAML modeling classes within module 
For now, this is how we're trying to structure things -- all in all it doesn't
matter too much, since everything is still marked as private.
 2021-03-18 11:48:30 +01:00
Rasmus Wriedt Larsen
5ec8511d50 Python: Port PyYAML model to API graphs 2021-03-18 11:47:46 +01:00
Rasmus Wriedt Larsen
14e9bda5de Python: Refactor PyYAML tests a bit 2021-03-18 11:39:47 +01:00
Rasmus Wriedt Larsen
45a1fc6a96 Python: Add link to better PyYAML docs 
I found this randomly
 2021-03-18 11:20:22 +01:00
Rasmus Wriedt Larsen
7b92012edf Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-03-18 10:58:49 +01:00
CodeQL CI
1d9f8c2d37 Merge pull request #5427 from RasmusWL/use-new-builtin-modeling 
Approved by yoff
 2021-03-17 09:07:36 -07:00
Rasmus Wriedt Larsen
27032af2eb Python: Use API graphs for io.open 2021-03-17 15:50:02 +01:00
Rasmus Wriedt Larsen
d52d328587 Python: Use new API::builtin in stdlib modeling 2021-03-17 15:50:01 +01:00
Rasmus Lerchedahl Petersen
b3ff3f7ee7 PythonÆ adjust test expectations 
I suspect it has to do with ParameterNode being a LocalSourceNode,
but I really have no idea...
 2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
8f467003d2 Python: More review suggestions 2021-03-17 15:11:17 +01:00
yoff
63b732ce1f Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
4d856d4461 Python: Add small api enhancements 
determined useful during documentation work.
 2021-03-17 15:11:17 +01:00
Rasmus Wriedt Larsen
315127d888 Python: Also test py/insecure-default-protocol on Python 3 2021-03-17 14:53:36 +01:00
Rasmus Wriedt Larsen
1ecee2da0d Merge pull request #5357 from yoff/python-rework-documentation 
Python: rework documentation
 2021-03-17 14:25:23 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Anders Schack-Mulligen
46bae88181 Merge pull request #5375 from aschackmull/dataflow/unbind 
Dataflow: Switch from unbind to pragma[only_bind_into].
 2021-03-16 14:03:54 +01:00
Tom Hvitved
b11e15154f Data flow: Sync files and add stubs 2021-03-16 13:49:32 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
514a69c47a Python: Support ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684 Python: add tests for ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:24:39 +01:00
Rasmus Lerchedahl Petersen
731f4559b4 Python: update test expectations 2021-03-15 17:23:58 +01:00
Rasmus Lerchedahl Petersen
4094b18407 Python: Clean up tests 2021-03-15 16:28:08 +01:00
Rasmus Lerchedahl Petersen
41c9394b4b Python: update qhelp and example 2021-03-14 09:22:47 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Anders Schack-Mulligen
5aa9c2bd19 Dataflow: One more pragma. 2021-03-12 15:59:19 +01:00
Taus
c6d6d07720 Apply suggestions from code review 2021-03-12 14:28:59 +01:00
Taus
ffe5d30c2b Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-12 14:27:07 +01:00
Taus Brock-Nannestad
f05313435d Python: Move typePreservingStep into Private 2021-03-12 14:06:39 +01:00
Taus Brock-Nannestad
9b8056371f Python: Make the type tracking implementation shareable 2021-03-12 13:51:24 +01:00
Taus Brock-Nannestad
978200e2ad Python: Distinguish between Python 2 and 3 
Also moves the filtering on `name` to before the big disjunction in
`MkModuleImport`.
 2021-03-12 12:35:23 +01:00