hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
a33a8fd518 Python: Support flask.blueprints.Blueprint 
Thanks to @haby0 who originally proposed this as part of
https://github.com/github/codeql/pull/6977
 2021-10-28 14:02:03 +02:00
Nick Rolfe
f3977ea3d7 Merge pull request #6987 from github/nickrolfe/cleanup-ruby-docs 
Ruby: clean up docs
 2021-10-28 13:00:02 +01:00
Rasmus Lerchedahl Petersen
3abe3e43d0 Python: autoformat 2021-10-28 13:58:01 +02:00
Rasmus Wriedt Larsen
0acf6aaec8 Python: Add change-note 2021-10-28 13:45:34 +02:00
Rasmus Wriedt Larsen
8c3349f40f Python: Properly model flask.send_from_directory 
To not include `filename` as path-injection sink.
 2021-10-28 13:41:39 +02:00
Mathias Vorreiter Pedersen
12e0185b0d C++: Sync identical files. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
7197216185 Add a copy of SsaImplCommon to the identical-files script. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
fc3ff41d65 Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
2cd23e5ee0 Accept test changes. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
8135dcefdd Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-10-28 12:36:25 +01:00
Rasmus Wriedt Larsen
228e9e973a Python: Minor flask refactor 2021-10-28 13:36:03 +02:00
Mathias Vorreiter Pedersen
521d863429 C++: Autoformat. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
2547a8d746 C++: Fix join orders in 'DataFlowDispatch.qll' and Ssa.qll. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
21a1ee7758 C++: Add annoying case in SSA.qll related to 'NewExpr' and accept test changes. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
3efe60fdd2 C++: Accept test changes. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
5dbaea8b52 C++: Add a special dataflow step from InitializeIndirection instructions. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
b1ea00fa85 C++: Remove the taintflow edges that gives performance problems. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
710d0cfc3d C++: Since we now no longer have flow from exact memory operands to LoadInstructions, we no longer have flow from PhiInstructions to LoadInstructions. We could allow flow in this particular case, but we might as well use the shared SSA library's phi edges. 2021-10-28 12:35:00 +01:00
Mathias Vorreiter Pedersen
8caff41138 C++: Throw away most of the usage of IR-computed def-use information. Instead, we rely on the shared SSA library's use-use edges. 2021-10-28 12:35:00 +01:00
Mathias Vorreiter Pedersen
3a488574e5 C++: Rewrite the PartialDefinitionNode classes to match the new StoreNodes. 2021-10-28 12:35:00 +01:00
Mathias Vorreiter Pedersen
8bef79502f C++: Similarly to the previous commit, we throw away the old memory-edges based way of doing read steps. Instead, we use the shared SSA library to transfer flow into a new ReadNode IPA branch, perform the necessary read steps, and then use the shared SSA library to transfer flow out of the ReadNode again. 2021-10-28 12:35:00 +01:00
Mathias Vorreiter Pedersen
5ebefe2d30 C++: Throw away the old way of doing store steps using memory edges. Instead, we introduce a StoreNode IPA branch that does store steps and instead use the shared SSA library to transfer flow into these nodes before a store step, and out of them following a sequence of store steps. 2021-10-28 12:35:00 +01:00
Rasmus Wriedt Larsen
6648a695eb Python: Add flask specific path-injection test 2021-10-28 13:34:18 +02:00
Rasmus Lerchedahl Petersen
b3ba75a00f Python: Fix tests by managing local sources 
`API::Node::getAwaited` is restriced to local sources
 2021-10-28 13:22:59 +02:00
jorgectf
3dec222922 Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries 2021-10-28 13:11:46 +02:00
jorgectf
7069f45864 Polish documentation 2021-10-28 13:09:28 +02:00
Nick Rolfe
2059896882 Ruby: clean up docs 2021-10-28 12:04:48 +01:00
Rasmus Wriedt Larsen
436152a46d Python: Refactor flask file sending tests 2021-10-28 12:37:07 +02:00
Geoffrey White
e8895686f8 Merge pull request #6980 from geoffw0/unusedqhelp 
C++: Remove old and unused qhelp files
 2021-10-28 10:55:31 +01:00
Mathias Vorreiter Pedersen
1842fed7a2 C++: Add shared SSA library and instantiate it with the IR. 2021-10-28 10:52:09 +01:00
Mathias Vorreiter Pedersen
13ce2569d7 C++/C#: Sync identical IR files· 2021-10-28 10:52:00 +01:00
Mathias Vorreiter Pedersen
bccd4e9e93 C++: Add 'getReturnAddress' and 'getReturnAddressOperand' predicates to 'ReturnValueInstruction'. 2021-10-28 10:51:49 +01:00
Nick Rolfe
bd92403b42 Ruby: fix qhelp 2021-10-28 10:42:56 +01:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen
d9e5d179d2 Python: Minor fix to QLDoc 
and auto-formatting
 2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Arthur Baars
3fb0139430 Protect against flag injection 2021-10-28 09:58:10 +02:00
ihsinme
2574aa8980 Update InsecureTemporaryFile.ql 2021-10-28 10:51:48 +03:00
Rasmus Lerchedahl Petersen
56dab252c9 Python: remove spurious dataflow step 2021-10-28 09:47:04 +02:00
Rasmus Lerchedahl Petersen
cca675a161 Python: Add test for async taint 
(which we belive we have just broken)
 2021-10-28 09:47:04 +02:00
ihsinme
432fc74455 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:37:01 +03:00
ihsinme
235a3ec232 Update InsecureTemporaryFile.qhelp 2021-10-28 10:34:42 +03:00
ihsinme
0addb2d1ea Update IncorrectChangingWorkingDirectory.ql 2021-10-28 10:17:48 +03:00
ihsinme
c3b1d7e5c8 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-28 10:17:13 +03:00
Tony Torralba
cee80f766f Merge pull request #6983 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-28 08:19:34 +02:00
github-actions[bot]
adfc725225 Add changed framework coverage reports 2021-10-28 00:08:41 +00:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30