hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

4000 Commits

Author SHA1 Message Date
Taus
1b6e3c4ef4 Merge branch 'main' into tausbn/python-refine-location-of-flask-request-sources 2025-09-02 14:59:55 +02:00
Taus
0f4f909ded Python: Update test .expected files 
Really starting to regret our widespread use of `flask.request` as _the_
example of a remote flow source.
 2025-08-29 12:01:29 +00:00
Taus
f89fae39c5 Merge pull request #20276 from github/tausbn/python-model-psycopg2-connection-pools 
Python: Add support for Psycopg2 database connection pools
 2025-08-29 13:52:59 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Joe Farebrother
7ef2b01119 Merge pull request #20142 from joefarebrother/python-qual-subclass-shadow 
Python: Modernise Superclass attribute shadows subclass method query
 2025-08-28 13:40:26 +01:00
Tom Hvitved
fa7295f0a1 Merge pull request #20303 from hvitved/python/jump-to-def-unpack-tests 
Python: Add jump-to-def tests for unpacking assignments
 2025-08-28 12:03:55 +02:00
Tom Hvitved
bf47f66691 Python: Add jump-to-def tests for unpacking assignments 2025-08-28 10:38:21 +02:00
Joe Farebrother
bde143e4c1 Merge pull request #20038 from joefarebrother/python-qual-comparison 
Python: Modernize 3 quality queries for comparison methods
 2025-08-28 09:37:20 +01:00
Joe Farebrother
c6ababd262 Fix test output 2025-08-28 08:49:34 +01:00
Joe Farebrother
ada0b372c6 Merge pull request #20120 from joefarebrother/python-qual-unexpected-raise-special 
Python: Modernize Unexpected Raise In Special Method query
 2025-08-27 15:01:46 +01:00
Taus
1008ca9744 Python: Add psycopg2.pool tests 2025-08-25 14:14:16 +00:00
Nora Dimitrijević
4199859eaa Merge pull request #20079 from d10c/d10c/diff-informed-phase-3-python 
Python: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:33:57 +02:00
Joe Farebrother
bc60914ed7 Update test output 2025-08-01 12:37:51 +01:00
Joe Farebrother
2516f9452e Move to subfolder 2025-07-30 15:17:19 +01:00
Joe Farebrother
796a6060b2 Exclude setters and update tests 2025-07-30 13:56:05 +01:00
Joe Farebrother
af94ebe1fc Modernize attribute shadows subclass, Add cases for properties 2025-07-30 13:55:11 +01:00
Joe Farebrother
c0da9c407e Fix typo in test dir name + update examples 2025-07-25 13:15:46 +01:00
Joe Farebrother
362bfba049 Update unit tests 2025-07-24 14:50:36 +01:00
Joe Farebrother
b1ee795225 Merge pull request #20086 from joefarebrother/python-qual-raise-not-implemented 
Python: Modernise raise-not-implemented query
 2025-07-24 13:18:21 +01:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Nora Dimitrijević
20030d56a5 [DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash 2025-07-17 14:40:31 +02:00
Nora Dimitrijević
9408a96ba5 [TEST] Python: TimingAttackAgainstHash: add qlref test to existing source (TODO: add source with true positive) 2025-07-17 14:40:29 +02:00
Joe Farebrother
3a27758d85 Remove old py2-specific tests 2025-07-15 13:38:48 +01:00
Joe Farebrother
909f57261c Minor doc updates; updating python 2 references to python 3 and updating grammar 2025-07-15 13:26:46 +01:00
Napalys Klicius
638f6498f0 Removed lxml.etree.XMLParser from xml bomb sinks 2025-07-15 13:43:00 +02:00
Joe Farebrother
15115f50c1 Remove old tests 2025-07-15 09:50:21 +01:00
Joe Farebrother
f784bb0a35 Fix qldoc errors + typos 2025-07-14 14:26:49 +01:00
Joe Farebrother
083d258585 Add/update unit tests 2025-07-11 15:10:45 +01:00
Taus
c6c6a857df Python: Add tests 
Also fixes an issue with the return type annotations that caused these
to not work properly.

Currently, annotated assignments don't work properly, due to the fact
that our flow relation doesn't consider flow going to the "type" part of
an annotated assignment. This means that in `x : Foo`, we do correctly
note that `x` is annotated with `Foo`, but we have no idea what `Foo`
is, since it has no incoming flow.

To fix this we should probably just extend the flow relation, but this
may need to be done with some care, so I have left it as future work.
 2025-07-11 12:03:14 +00:00
Joe Farebrother
8fb9bdd0af move equals attr test to equals attr folder 2025-07-09 15:25:21 +01:00
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using basic block reachability
 2025-06-26 23:35:38 +01:00
Joe Farebrother
d1bd7228c3 Fix typos 2025-06-17 13:58:30 +01:00
Joe Farebrother
547c03cee6 Update tests 2025-06-17 13:58:27 +01:00
Joe Farebrother
a04fbc59f5 Update tests 2025-06-17 13:57:10 +01:00
Joe Farebrother
e04dea10c8 Merge pull request #19554 from joefarebrother/python-qual-iter-not-return-self 
Python: Modernize iter not returning self query
 2025-06-13 13:13:31 +01:00
Joe Farebrother
57a0c7a1ab Performance fix - Use basic blocks instead of full cfg reachability. 2025-06-02 14:33:52 +01:00
Joe Farebrother
73f2770acb Fix handling for some wrappers + add test case 2025-05-30 11:24:06 +01:00
Sylwia Budzynska
55c70a4cae Fix nitpicks 2025-05-27 13:44:21 +02:00
Sylwia Budzynska
84228e0ec8 Add Pandas SQLi sinks 2025-05-27 13:10:39 +02:00
Joe Farebrother
b15fec0fb9 Fix qhelp and tests 2025-05-23 14:17:21 +01:00
Joe Farebrother
06504f2cb6 Update tests 2025-05-23 13:04:56 +01:00
Taus
579cf4a65a Merge pull request #19424 from github/tausbn/python-extract-hidden-file-by-default 
Python: Extract files in hidden dirs by default
 2025-05-16 14:43:47 +02:00
Taus
2ded42c285 Python: Update extractor tests 2025-05-02 14:27:46 +00:00
Napalys Klicius
f652686607 Merge pull request #19444 from Napalys/python/hdbcli 
Python: modeling of `hdbcli`
 2025-05-01 17:58:31 +02:00
Napalys Klicius
e1fc0ca051 Added implementation hdbcli as part of PEP249::PEP249ModuleApiNode 2025-05-01 14:18:02 +02:00
Napalys Klicius
0325f368fe Added test case for hdbcli 2025-05-01 13:57:14 +02:00
yoff
531f2a15a4 python: model send_header from http.server 2025-04-30 19:58:14 +02:00
Joe Farebrother
7f7fca9e27 Merge pull request #19165 from joefarebrother/python-qual-loop-var-capture 
Python: Modernize the Loop Variable Capture query
 2025-04-10 13:07:05 +01:00
Joe Farebrother
b5805503fe Cleanups 2025-04-04 11:56:07 +01:00
Joe Farebrother
9fb1c31206 Update tests to inline expectations 2025-04-04 10:13:39 +01:00