hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

3069 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
14e9bda5de Python: Refactor PyYAML tests a bit 2021-03-18 11:39:47 +01:00
Rasmus Wriedt Larsen
45a1fc6a96 Python: Add link to better PyYAML docs 
I found this randomly
 2021-03-18 11:20:22 +01:00
Rasmus Wriedt Larsen
7b92012edf Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-03-18 10:58:49 +01:00
CodeQL CI
1d9f8c2d37 Merge pull request #5427 from RasmusWL/use-new-builtin-modeling 
Approved by yoff
 2021-03-17 09:07:36 -07:00
Rasmus Wriedt Larsen
27032af2eb Python: Use API graphs for io.open 2021-03-17 15:50:02 +01:00
Rasmus Wriedt Larsen
d52d328587 Python: Use new API::builtin in stdlib modeling 2021-03-17 15:50:01 +01:00
Rasmus Wriedt Larsen
315127d888 Python: Also test py/insecure-default-protocol on Python 3 2021-03-17 14:53:36 +01:00
Rasmus Wriedt Larsen
1ecee2da0d Merge pull request #5357 from yoff/python-rework-documentation 
Python: rework documentation
 2021-03-17 14:25:23 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Anders Schack-Mulligen
46bae88181 Merge pull request #5375 from aschackmull/dataflow/unbind 
Dataflow: Switch from unbind to pragma[only_bind_into].
 2021-03-16 14:03:54 +01:00
Tom Hvitved
b11e15154f Data flow: Sync files and add stubs 2021-03-16 13:49:32 +01:00
Anders Schack-Mulligen
2d8d967060 Dataflow: Address review comment. 2021-03-16 11:07:33 +01:00
yoff
a760ed8c55 Merge pull request #5388 from tausbn/python-api-graph-builtins 
Python: Support built-ins in API graphs
 2021-03-12 17:45:59 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Anders Schack-Mulligen
5aa9c2bd19 Dataflow: One more pragma. 2021-03-12 15:59:19 +01:00
Taus
c6d6d07720 Apply suggestions from code review 2021-03-12 14:28:59 +01:00
Taus
ffe5d30c2b Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-12 14:27:07 +01:00
Taus Brock-Nannestad
978200e2ad Python: Distinguish between Python 2 and 3 
Also moves the filtering on `name` to before the big disjunction in
`MkModuleImport`.
 2021-03-12 12:35:23 +01:00
Taus Brock-Nannestad
c7b2b719cf Python: Support builtins in API graphs 2021-03-11 23:03:18 +01:00
Anders Schack-Mulligen
674886a17d Dataflow: Sync. 2021-03-10 16:53:51 +01:00
Rasmus Lerchedahl Petersen
fe975f25f9 Merge branch 'python-port-insecure-default-protocol' of github.com:yoff/codeql into python-port-insecure-default-protocol 2021-03-10 15:59:13 +01:00
Rasmus Lerchedahl Petersen
e726ff425c Python: simplify query code as suggested by review 2021-03-10 15:58:44 +01:00
Tom Hvitved
fc5158c41c Merge pull request #5338 from hvitved/dataflow/performance-tweaks 
Data flow: Performance tweaks
 2021-03-10 13:56:57 +01:00
Rasmus Lerchedahl Petersen
91c0066b8b Python: Make the documentation not lie 2021-03-09 18:17:51 +01:00
yoff
dfdf0344de Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 16:44:08 +01:00
Tom Hvitved
fe6efde449 Address review comments 2021-03-09 14:30:12 +01:00
Rasmus Lerchedahl Petersen
8b25806a2c Python: Attempt to clarify help 2021-03-09 13:29:33 +01:00
Rasmus Lerchedahl Petersen
a16de26799 Python: add linebreak to qhelp file 
hopefully this will generate better markdown
 2021-03-09 13:27:44 +01:00
yoff
fd5ac13828 Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:23:44 +01:00
yoff
88784fbd31 Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:23:35 +01:00
yoff
b6257edc9e Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:20:19 +01:00
yoff
d5b304ce75 Update python/change-notes/2021-02-23-port-insecure-default-protocol.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-03-09 13:19:48 +01:00
Anders Schack-Mulligen
aeb13146d2 Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files 
Use `.inc.qhelp` extension for included help files
 2021-03-08 16:26:32 +01:00
Rasmus Lerchedahl Petersen
cc9a938054 InlineExpectationTest: clarify the nedd for an 
empty `.expected` file
 2021-03-08 09:18:47 +01:00
Rasmus Lerchedahl Petersen
4a9023b989 Python: add comment with ref 2021-03-08 08:17:23 +01:00
Rasmus Lerchedahl Petersen
7142ddcb25 Python: add taint step for __traceback__ 2021-03-08 08:13:07 +01:00
Rasmus Lerchedahl Petersen
b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
 2021-03-08 08:04:42 +01:00
Rasmus Lerchedahl Petersen
296297915c Python: add test for __traceback__ 2021-03-07 17:50:28 +01:00
Rasmus Wriedt Larsen
99c1b2039c Pyhton: Extract vulnerable hostnames into own predicate 
Which makes the code a bit cleaner (and made testing out back-tracking easier).
 2021-03-05 17:14:32 +01:00
Rasmus Wriedt Larsen
4804a0a9f8 Python: Minor refactor addressArg 2021-03-05 17:12:45 +01:00
Rasmus Wriedt Larsen
024a586a7d Python: Remove tags for old query copy 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:55 +01:00
Rasmus Wriedt Larsen
66c9cfad85 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:37 +01:00
Rasmus Wriedt Larsen
83539928e6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:20 +01:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
CodeQL CI
a55246c9f4 Merge pull request #5330 from RasmusWL/fix-flask-taint-prop-to-methods 
Approved by yoff
 2021-03-05 03:17:41 -08:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
Taus
d2ed216670 Merge pull request #5280 from RasmusWL/highlight-tornado-uri 
Python: Highlight how request.uri works in Tornado
 2021-03-04 23:31:02 +01:00
Taus
0b446258f5 Merge pull request #5279 from RasmusWL/ensure-old-queries-not-used 
Python: Ensure old dataflow queries are not used
 2021-03-04 23:29:35 +01:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00