hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9673 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
6ae5ef9f3b Revert "move most of asyncpg test into SqlInjection after moving MaD sql-injection sink" 
This reverts commit 4b9c9b0c8d.
 2022-05-05 10:20:41 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
Joe Farebrother
c1290d9e2b Sync shared redos library files. 2022-05-04 15:41:38 +01:00
Joe Farebrother
0a5268aeb4 Sync shared library changes across languages. 2022-05-04 15:41:38 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Erik Krogh Kristensen
4b9c9b0c8d move most of asyncpg test into SqlInjection after moving MaD sql-injection sink 2022-05-04 10:59:02 +02:00
Erik Krogh Kristensen
a812d4dd34 move the MaD sql-injection sink to SqlInjectionCustomizations.qll 2022-05-04 10:59:02 +02:00
Erik Krogh Kristensen
571fc3e73b Revert "deprecate SqlConstruction" 
This reverts commit c0eca0d09a.
 2022-05-04 10:59:02 +02:00
Erik Krogh Kristensen
1062aae21c add test that the foo.bar package syntax works 2022-05-04 10:58:59 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Erik Krogh Kristensen
ead978187d adjust the source-type for remote-flow from MaD 2022-05-03 22:53:41 +02:00
Erik Krogh Kristensen
8ffc05c84b count both named and positional arguments in the WithArity filter 2022-05-03 21:21:57 +02:00
Rasmus Wriedt Larsen
d012eaa892 Python: Clarify getArg is about positional arguments 2022-05-03 14:26:23 +02:00
yoff
56ed68b3eb Merge pull request #9001 from RasmusWL/files-refactoring 
Python: Flask: Improve `request.files` modeing
 2022-05-03 12:19:55 +02:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Rasmus Wriedt Larsen
7e1be3172e Python: Add change-note 2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen
de4390cdf6 Python: Improve Flask request.files handling even more 2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen
fb0133d276 Python: Fix Flask request.files modeling 2022-05-02 14:14:58 +02:00
Rasmus Wriedt Larsen
0c62916af5 Python: Highlight problem with Flask request.files modeling 2022-05-02 14:14:53 +02:00
Erik Krogh Kristensen
c0eca0d09a deprecate SqlConstruction 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
6c67e51ec3 add test for the .Call token 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
9c3d45a16a last test of taint steps 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
894252dfa7 third test of taint steps 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
0f1e070d82 second test of taint steps 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
649df1dd31 simple taint-flow test 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
a8790412dd add support for the Argument[any] and Argument[any-named] tokens 2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen
b1fa7f86a8 add support for the any argument tokens 2022-05-02 12:58:15 +02:00
Erik Krogh Kristensen
413d182bcf add support for named parameters 2022-05-02 12:56:44 +02:00
Erik Krogh Kristensen
c1d3738fb8 fix API-graphs such that the first parameter is the first non-self parameter 2022-05-02 12:52:02 +02:00
Erik Krogh Kristensen
547047ef19 add self parameters to API-graphs, and add support for self parameters in MaD 2022-05-02 12:50:31 +02:00
Erik Krogh Kristensen
dc38aa8a96 add support for the Method[name] token 2022-05-02 12:50:29 +02:00
Erik Krogh Kristensen
ea01bcf5ec have the Instance token be an alias for Subclass.ReturnValue 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
46acce0ad4 add support for the Subclass token 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
a02e812de8 add test for the Instance token 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
682cab3737 add test for awaited 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
48408ca45d Add TODO list 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
8d60336396 add tests for callsite filters 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
20992af037 add test for parameter syntax 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
35b143a1a5 add tests for argument syntax 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
86a9bc6aca add test for keyword arguments 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
d4b882519a convert most of the asyncpg model to MaD 2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen
1c2c9159a9 initial MaD implementation for Python 2022-05-02 12:45:19 +02:00
yoff
1d44694280 Merge pull request #8732 from RasmusWL/dataflow-imports 
Python: Don't re-export `python` under `DataFlow::`
 2022-05-02 12:08:28 +02:00
Taus
231def026f Merge pull request #8890 from tausbn/python-add-global-attribute-writes 
Python: Add support for global attribute writes
 2022-05-02 12:03:41 +02:00
yoff
c67b06b1fd Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen
714465bf39 Python: Refactor SaxParserSetFeatureCall 
Originally made by @erik-krogh in
https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398

Could not be applied directly to this PR, since this PR deletes the file.
 2022-05-02 11:29:54 +02:00
Rasmus Wriedt Larsen
5f01fc24e4 Merge branch 'main' into promote-xxe 2022-05-02 11:25:55 +02:00