hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

4384 Commits

Author SHA1 Message Date
Surya Prakash Sahu
2871bdb206 Python SignatureOverriddenMethod: Rmv duplicate condition 2021-10-17 18:04:20 +05:30
jorgectf
271e2e4c49 Update .expected 2021-10-16 13:12:33 +02:00
jorgectf
14c50e993b Add django GET.get RFS 2021-10-16 13:10:48 +02:00
jorgectf
45146bc798 Merge branch 'main' into jorgectf/python/headerInjection 2021-10-16 12:46:57 +02:00
jorgectf
bf76d9cd8b Fix django test 2021-10-16 10:45:25 +02:00
jorgectf
2db1ffef1e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-10-16 10:40:52 +02:00
Taus
b2e4276bc8 Merge pull request #6886 from aschackmull/java-python/perffix-transitive-step-x3 
Java/Python: Fix some potential performance problems due to transitive deltas.
 2021-10-15 11:06:35 +02:00
Geoffrey White
8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Anders Schack-Mulligen
f6a517c998 Merge pull request #6882 from MathiasVP/fix-unnecessary-exists 
C++/Python: Remove unnecessary `exists`
 2021-10-14 16:44:05 +02:00
Anders Schack-Mulligen
310eec07c1 Java/Python: Fix some potential performance problems due to transitive deltas. 2021-10-14 16:10:00 +02:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White
9d63efe495 Python: Set literals. 2021-10-14 14:22:44 +01:00
Anders Schack-Mulligen
8b6baa250c Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen
7cd5e681dd Merge pull request #6693 from yoff/python/promote-regex-injection 
Python: Promote `py/regex-injection`
 2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Rasmus Wriedt Larsen
a5ab0b9100 Merge pull request #6871 from tausbn/python-fix-uses-of-implicit-this 
Python: Fix uses of "implicit `this`"
 2021-10-14 14:38:13 +02:00
Mathias Vorreiter Pedersen
8049d3f738 Python: Remove unnecessary 'exists'. 2021-10-14 12:02:57 +01:00
Tom Hvitved
f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Tom Hvitved
c14dcfbfe4 Data flow: Sync 2021-10-13 20:13:28 +02:00
CodeQL CI
2b0415e238 Merge pull request #6741 from yoff/python/model-os-path-file-accesses 
Approved by RasmusWL
 2021-10-13 11:11:41 -07:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Taus
a6115687aa Python: More implicit this 2021-10-13 13:43:37 +00:00
Taus
a9c8163ab3 Python: Fix uses of implicit this 
Quoting the style guide:

"14. _Always_ qualify _calls_ to predicates of the same class with
`this`."
 2021-10-13 13:43:36 +00:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
Mathias Vorreiter Pedersen
bdc54bcda7 Python: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
yoff
c40b3a9533 Update python/ql/lib/semmle/python/frameworks/Asyncpg.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-12 15:19:07 +02:00
Rasmus Lerchedahl Petersen
6c108e43d9 Python: address review 2021-10-12 15:16:48 +02:00
Rasmus Lerchedahl Petersen
cf92e1eee7 Python: move getStringArgIndex 2021-10-12 15:11:00 +02:00
Taus
75c4d6a8a0 Merge pull request #6650 from yoff/python-dataflow/init-time 
Python: Import time dataflow
 2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
Rasmus Lerchedahl Petersen
b093aaaf27 Python: switch to type tracking 
for tracking compiled regexes
 2021-10-12 11:23:27 +02:00
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
yoff
c007c9460c Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
Rasmus Lerchedahl Petersen
f34d1ee997 Python: Update test expectation following rename 2021-10-12 10:36:18 +02:00
haby0
d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
Owen Mansel-Chan
058a04f756 Merge pull request #6795 from owen-mc/inline-expectation-test-trivial-change 
Change class name in InlineExpectationTest to avoid clash
 2021-10-11 15:35:17 +01:00
Rasmus Lerchedahl Petersen
19f6cc00c8 Python: rewrite import time test 2021-10-11 14:28:25 +02:00
yoff
5aee715931 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
haby0
c2d0fcfbe6 Update python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:46:02 +08:00
haby0
29ddc76e2f Update python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:43:30 +08:00
Rasmus Wriedt Larsen
8444388ec7 Python: Update .expected 2021-10-11 09:48:56 +02:00
Rasmus Lerchedahl Petersen
64b1aeaecd Python: Shorten toString for module vars 2021-10-10 15:59:31 +02:00
Rasmus Lerchedahl Petersen
0aa632d149 Python: Move writing of module vars 
into runtime jump steps.
 2021-10-10 15:49:33 +02:00
yoff
9c9c5c09ff Merge pull request #6837 from RasmusWL/more-unsafe-deserialization-sinks 
Python: More unsafe deserialization sinks
 2021-10-10 14:33:53 +02:00
yoff
f6122c8a6c Merge pull request #6734 from erik-krogh/regBehind 
JS/PY: do not filter away regular expressions with lookbehinds
 2021-10-10 13:54:26 +02:00
Rasmus Wriedt Larsen
a50b193c40 Python: Model data-flow for x or y and x and y 2021-10-08 18:32:30 +02:00
Rasmus Wriedt Larsen
15476c2513 Python: Add data-flow tests for BoolExp 
> 6.11. Boolean operations

> The expression x and y first evaluates x; if x is false, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.

> The expression x or y first evaluates x; if x is true, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.
 2021-10-08 18:29:06 +02:00