hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

469 Commits

Author SHA1 Message Date
Taus
1b6e3c4ef4 Merge branch 'main' into tausbn/python-refine-location-of-flask-request-sources 2025-09-02 14:59:55 +02:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Taus
f89fae39c5 Merge pull request #20276 from github/tausbn/python-model-psycopg2-connection-pools 
Python: Add support for Psycopg2 database connection pools
 2025-08-29 13:52:59 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Taus
f3a5d0a243 Python: Refine the location of flask.request flow sources 
The `flask.request` global object is commonly used in request handlers
to access data in the active request. In our modelling, we handled this
by treating the initial (module-local) definition of `request` as a
source of remote flow. In practice this meant a lot of alerts would act
as if `from flask import request` was the ultimate "source" of remote
flow, and to find the actual request-handler-local instance of `request`
one would have to inspect the data-flow path between source and sink.

To improve this state of affairs, I have made the following changes to
the definition of `FlaskRequestSource`:

- We no longer consider `from flask import request` to be a source.
- Instead, we look at all places where that `request` value can flow,
and include only the ones that are `LocalSourceNode`s (so that inside a
request handler, the first occurrence of the `request` object is the
source).

In practice, this leads to alerts that are much easier to decipher.
 2025-08-25 14:46:17 +00:00
Taus
d5e0298999 Python: Add support for Psycopg2 database connection pools 
Our current modelling only treated `psycopg2` insofar as it implemented
PEP 249 (which does not define any notion of connection pool), which
meant we were missing database connections that arose from such pools.

With these changes, we add support for the three classes relating to
database pools that are defined in `psycopg2`. (Note that
`getAnInstance` automatically looks at subclasses, which means this
should also handle cases where the user has defined a new subclass that
inherits from one of these three classes.)
 2025-08-25 12:35:57 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
Geoffrey White
4f6b698ca3 Merge branch 'main' into moresensitive2 2025-07-23 08:50:25 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Napalys Klicius
ea93b392f7 Added change note for python 2025-07-15 13:43:08 +02:00
Geoffrey White
918700ff6f Merge branch 'main' into moresensitive2 2025-07-14 11:58:08 +01:00
Taus
2c45550a9f Python: Add change note 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Geoffrey White
8f6f9f4359 Add change notes. 2025-07-11 11:54:59 +01:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Taus
cd0e46314c Python: Add change note 2025-06-26 15:36:02 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Taus
579cf4a65a Merge pull request #19424 from github/tausbn/python-extract-hidden-file-by-default 
Python: Extract files in hidden dirs by default
 2025-05-16 14:43:47 +02:00
Taus
9ee3e4cdf3 Python: Update change note 
Co-authored-by: yoff <yoff@github.com>
 2025-05-16 13:50:22 +02:00
Taus
72ae633a64 Python: Update change note and extractor config 
Removes the previously added extractor option and updates the change
note to explain how to use `paths-ignore` to exclude files in hidden
directories.
 2025-05-15 14:58:32 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Taus
67d04d5477 Python: Add change note 2025-05-02 14:27:46 +00:00
Napalys Klicius
f652686607 Merge pull request #19444 from Napalys/python/hdbcli 
Python: modeling of `hdbcli`
 2025-05-01 17:58:31 +02:00
Napalys Klicius
da7c0931b8 Added hdbcli to be part of supported-framework as well as change note 2025-05-01 14:18:08 +02:00
yoff
e63b38c515 python: add change note 2025-04-30 20:05:55 +02:00
github-actions[bot]
625354c46e Release preparation for version 2.21.2 2025-04-28 10:55:22 +00:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Chris Smowton
9a2a13ed55 Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc317-into-main 2025-03-19 16:01:29 +00:00
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
Taus
f30ebf1571 Merge pull request #18871 from github/tausbn/python-modernise-special-method-signature-query 
Python: Move min/maxParameter methods to `Function` class
 2025-03-13 13:03:21 +01:00
Taus
6546bb1b1d Merge branch 'main' into tausbn/python-fix-match-pruning-logic 2025-03-06 14:37:58 +01:00
Taus
f246ef764a Python: Update change note 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-03-04 18:09:54 +01:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Taus
83cdcdbb0b Python: Add change note 2025-02-26 13:53:49 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Taus
a69e3f5236 Python: Add change note 
Co-authored-by: yoff <yoff@github.com>
 2025-02-11 13:02:09 +00:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Joe Farebrother
d248fbfe57 Merge pull request #18301 from joefarebrother/python-model-missing-builtins 
Python: Add models for builtins `map`, `filter`, `zip`, and `enumerate`.
 2025-01-20 16:39:37 +00:00
Geoffrey White
90faab456d Merge pull request #18473 from geoffw0/sensitive2 
Improve shared sensitive data library handling of snake_case variable names
 2025-01-15 18:02:33 +00:00