hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

96 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
15c90adec5 remove redundant cast where the type is enforced by an equality comparison 2021-10-28 18:08:20 +02:00
CodeQL CI
565af1a879 Merge pull request #6071 from RasmusWL/fix-input-cwe 
Approved by calumgrant, tausbn
 2021-06-21 06:23:18 -07:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Rasmus Wriedt Larsen
4eed94a262 Python: Fix CWE tag for py/use-of-input 
So it better matches what is in `py/code-injection`. I had my doubts
about CWE-95, but after reading
https://owasp.org/www-community/attacks/Direct_Dynamic_Code_Evaluation_Eval%20Injection
I think it's fine to add CWE-95 as well 👍

Definitions are:

CWE-78: Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
Code ('Eval Injection')
 2021-06-14 14:08:34 +02:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Taus
79cfe5aca2 Python: Limit py/use-of-input to Python 2 2021-05-12 21:23:16 +00:00
Taus
fad55b3635 Python: Reimplement py/use-of-input 2021-05-12 21:09:51 +00:00
Rasmus Wriedt Larsen
3fe715abb6 Python: Fix query names that inclde __ (dunder) 
Without backticks, the text UNDERSCORE UNDERSCORE eq UNDERSCORE UNDERSCORE would
be considered to make things bold in our markdown output, making the query info
look strange.

Example https://codeql.github.com/codeql-query-help/python/py-slots-in-old-style-class/
 2021-02-04 15:49:37 +01:00
Alexey Tereshenkov
7840dfce3b Put the closing tag back 2020-07-22 20:51:29 +01:00
Alexey Tereshenkov
e2939377e9 Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-22 20:07:34 +01:00
Alexey Tereshenkov
a6eb3caa5f Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-07-22 20:07:27 +01:00
Alexey Tereshenkov
a5f566b563 Fix typo 2020-07-22 15:39:50 +01:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Taus
1608758219 Python: Apply suggestions from documentation review. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-06-25 14:16:44 +02:00
Taus Brock-Nannestad
f86011fb51 Python: Document RedundantComparison.qll. 2020-06-23 14:30:42 +02:00
Taus Brock-Nannestad
2f93b1458e Python: Document IsComparisons.qll. 2020-06-23 14:30:17 +02:00
Taus Brock-Nannestad
d6e5a5cb01 Python: Document AdvancedFormatting.qll. 2020-06-23 14:29:34 +02:00
Taus Brock-Nannestad
513ead66d3 Python: Document CallArgs.qll. 2020-06-23 14:28:40 +02:00
Rebecca Valentine
7615452b31 Python: ObjAPI to ValAPI: WrongNumArgsInCall: Autoformat CallArgs.qll 2020-04-03 20:28:19 -07:00
Rebecca Valentine
1e76720a92 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-03 20:25:53 -07:00
Rebecca Valentine
c6fbbb1cd1 Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall: CallArgs.qll: Fixes too_*_args refs to getA*Call 2020-04-03 20:06:43 -07:00
Rebecca Valentine
0256eb15bf Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-03-31 22:58:11 -07:00
Rebecca Valentine
741317bd05 Python: ObjectAPI to ValueAPI: Makes isAbstract a predicate in CallArgs 2020-03-31 22:56:44 -07:00
Rasmus Wriedt Larsen
0b4bfed726 Merge pull request #3156 from tausbn/python-autoformat-all-ql-files 
Python: Autoformat all `.ql` files.
 2020-03-30 16:24:18 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
Taus Brock-Nannestad
6904898a8b Python: Autoformat query-local libs. 2020-03-20 16:42:46 +01:00
Taus Brock-Nannestad
57af7b84aa Python: Prepare for autoformatting. 
Mostly fixes up a bunch of comments that were made wonky by the autoformatter.
 2020-03-18 13:59:38 +01:00
Rasmus Wriedt Larsen
f5a8084a33 Merge pull request #2827 from BekaValentine/objectapi-to-valueapi-expectedmappingforformatstring 
Python: ObjectAPI to ValueAPI: ExpectedMappingForFormatString
 2020-03-11 10:52:48 +01:00
Rebecca Valentine
85eb43de7d Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-03-10 08:26:52 -07:00
semmle-qlci
4c1d76ee9a Merge pull request #2937 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsforformat 
Approved by tausbn
 2020-03-10 15:04:05 +00:00
Rebecca Valentine
b7bcf6c3d0 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:51:48 -07:00
Rasmus Wriedt Larsen
1b8154c139 Merge pull request #2925 from BekaValentine/python-objectapi-to-valueapi-callargs 
Python: ObjectAPI to ValueAPI: CallArgs
 2020-03-10 10:26:21 +01:00
Rasmus Wriedt Larsen
fb1e993c0f Merge pull request #2963 from BekaValentine/python-objectapi-to-valueapi-advancedformatting 
Python: ObjectAPI to ValueAPI: AdvancedFormatting
 2020-03-05 13:40:02 +01:00
Rebecca Valentine
ce204ac949 Python: Moves statement out of quantifier that it didnt need to be in 2020-03-03 14:57:30 -08:00
Rebecca Valentine
8e1c089ff3 Python: Removes unused import 2020-03-03 14:38:26 -08:00
Taus
8bd4f6d136 Merge pull request #2945 from BekaValentine/python-objectapi-to-valueapi-calltosuperwrongclass 
Python: ObjectAPI to ValueAPI: CallToSuperWrongClass
 2020-03-03 18:38:58 +01:00
Calum Grant
464a034c7d Merge pull request #2894 from BekaValentine/python-objectapi-to-valueapi-iscomparisons 
Python: ObjectAPI to ValueAPI: IsComparisons
 2020-03-03 17:25:24 +00:00
Rebecca Valentine
31fc0f2240 Python: Moves library and queries over to the new predicates, removes old ones 2020-03-02 18:08:10 -08:00
Rebecca Valentine
7930037bb6 Python: Move AdvancedFormatting dependents over to suffixed API 2020-03-02 16:39:02 -08:00
Rebecca Valentine
de6ea63fae Python: Adds preliminary modernization. 2020-03-02 15:43:57 -08:00
Taus
f3b62e106d Merge pull request #2840 from BekaValentine/python-objectapi-to-valueapi-useofapply 
Python: ObjectAPI to ValueAPI: UseofApply
 2020-03-02 21:40:35 +01:00
Rebecca Valentine
d5f689e041 Adds preliminary modernization 2020-02-28 10:42:27 -08:00
Rebecca Valentine
19c1ee5427 Adds preliminary modernization 2020-02-27 15:46:51 -08:00
Rebecca Valentine
9601c41fe5 Update python/ql/src/Expressions/IsComparisons.qll 
Co-Authored-By: Taus <tausbn@github.com>
 2020-02-27 10:46:07 -08:00
Taus
d9383d0e86 Merge pull request #2902 from RasmusWL/python-use-of-input 
Python: Highlight py/use-of-input is for Python 2
 2020-02-27 13:15:32 +01:00
Taus
e09907894d Merge pull request #2817 from BekaValentine/objectapi-to-valueapi-truncateddivision 
Python: ObjectAPI to ValueAPI: TruncatedDivision
 2020-02-27 12:52:26 +01:00
Rebecca Valentine
fe2bb8fb4b Adds preliminary modernization 2020-02-26 22:01:31 -08:00
Rebecca Valentine
057fed2cb8 Fixes erroneus naming 2020-02-26 21:55:02 -08:00
Rebecca Valentine
84875d70ff Adds preliminary modernization 
This will overlapp with/depend on changes to CallArgs and ObjectAPI that are already in the WrongNamedArgumentInCall PR
 2020-02-26 21:42:52 -08:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00