codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	377301a55a	Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance Dataflow: Propagate provenance correctly for flow-through wrappers.	2024-08-01 09:35:56 +02:00
yoff	251036c6b4	Merge pull request #17080 from sylwia-budzynska/streamlit Python: Add Streamlit models	2024-07-31 18:20:11 +02:00
Anders Schack-Mulligen	9724516c84	C#/Go/Java/Python/Ruby: Accept qltest .expected changes.	2024-07-31 14:45:10 +02:00
yoff	123dcc75d1	Merge pull request #16971 from RasmusWL/mad-dict-source Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources	2024-07-31 13:40:07 +02:00
Sylwia Budzynska	9bd00c9e1e	Change Gradio rfs test to use shared rfs test module	2024-07-31 13:25:32 +02:00
Sylwia Budzynska	2a6ad00a2f	Fix typo	2024-07-31 13:22:27 +02:00
Sylwia Budzynska	72e7b6c872	Update python/ql/lib/semmle/python/frameworks/Streamlit.qll Co-authored-by: yoff <lerchedahl@gmail.com>	2024-07-31 13:20:01 +02:00
Sylwia Budzynska	81f3609c4b	Formatting	2024-07-30 17:49:20 +02:00
Sylwia Budzynska	dfc51922ba	Change regex	2024-07-30 17:39:34 +02:00
Sylwia Budzynska	ef2b225144	Fix PascalCase	2024-07-30 17:36:55 +02:00
Sylwia Budzynska	f796efe470	Add Streamlit SQLAlchemy models	2024-07-30 17:20:52 +02:00
Sylwia Budzynska	9741ddb926	Add remoteflowsoucre test	2024-07-30 17:20:14 +02:00
Sylwia Budzynska	bfd2e4350b	Add StreamlitConnection model Co-authored-by: yoff <lerchedahl@gmail.com>	2024-07-30 12:58:49 +02:00
Joe Farebrother	58689c90fb	Merge pull request #16893 from joefarebrother/python-cookie-injectio-promote Python: Promote cookie injection query from experimental	2024-07-29 10:17:01 +01:00
yoff	d23d138e7d	Merge pull request #16923 from RasmusWL/impossible-isinstance Python: Add test for impossible isinstance flow	2024-07-29 09:33:30 +02:00
Sylwia Budzynska	a05266c236	Formatting	2024-07-26 14:55:58 +02:00
Sylwia Budzynska	358a1b3a20	Fix tests	2024-07-26 14:19:06 +02:00
Sylwia Budzynska	6d1c00742f	Add tests and change note	2024-07-26 14:15:43 +02:00
Sylwia Budzynska	221c18934c	Add models	2024-07-26 13:23:39 +02:00
Joe Farebrother	ebeb187fd9	Remove unneeded experimental file	2024-07-25 23:16:48 +01:00
Anders Schack-Mulligen	7a48fe1102	Dataflow: Replace ppReprType with DataFlowType.toString.	2024-07-25 13:08:47 +02:00
github-actions[bot]	49cc8f8ff8	Post-release preparation for codeql-cli-2.18.1	2024-07-22 22:00:48 +00:00
Chuan-kai Lin	a5fe3f4d9c	Minor changelog improvements	2024-07-22 14:34:56 -07:00
github-actions[bot]	368bcb684a	Release preparation for version 2.18.1	2024-07-22 21:30:50 +00:00
Chuan-kai Lin	23320b6e5e	Revert "Release preparation for version 2.18.1"	2024-07-22 13:22:49 -07:00
Chuan-kai Lin	cda4339056	Minor changelog improvements	2024-07-22 09:42:31 -07:00
github-actions[bot]	55935fc123	Release preparation for version 2.18.1	2024-07-22 14:56:15 +00:00
Joe Farebrother	661a4126ac	Add change note	2024-07-19 09:23:33 +01:00
Joe Farebrother	baf51334e4	Update documentation	2024-07-19 09:13:30 +01:00
Joe Farebrother	070d67816d	Remove experimental version	2024-07-16 16:50:10 +01:00
Joe Farebrother	8d93c3a852	Move to cwe-20	2024-07-16 16:50:08 +01:00
Joe Farebrother	e885f1f8c4	Add documentation	2024-07-16 16:50:05 +01:00
Joe Farebrother	983bdb92a1	Add test cases + remove redundant import	2024-07-16 16:50:00 +01:00
Joe Farebrother	123214cb2b	Promoto cookie injection query	2024-07-16 16:49:56 +01:00
Anders Schack-Mulligen	da5abc8321	Dataflow: Replace MakeSets with QlBuiltins::InternSets.	2024-07-15 13:35:57 +02:00
Rasmus Wriedt Larsen	efcd4e297e	Add change-note	2024-07-12 15:21:51 +02:00
Rasmus Wriedt Larsen	db8a5306cf	Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources	2024-07-12 15:19:40 +02:00
Rasmus Wriedt Larsen	eed8b3e87b	Python: Add more tests for MaD sources	2024-07-12 15:10:23 +02:00
Rasmus Wriedt Larsen	f41d2a896c	Merge pull request #16771 from porcupineyhairs/js2py Python : Arbitrary code execution due to Js2Py	2024-07-11 15:31:57 +02:00
Joe Farebrother	8152ec7472	Merge pull request #16696 from joefarebrother/python-cookie-write-headers Python: Model CookieWrites from HeaderWrites	2024-07-11 14:25:54 +01:00
Rasmus Wriedt Larsen	5ecde387af	Python: Fix `.expected`	2024-07-11 14:42:26 +02:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
Rasmus Wriedt Larsen	173cd13ded	Python: Add test for impossible isinstance flow	2024-07-08 12:06:53 +02:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Koen Vlaswinkel	779795b421	Python: Exclude probable test files in model editor	2024-07-05 11:06:22 +02:00
Rasmus Wriedt Larsen	0a32f9fed6	Python: Update query metadata	2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen	8d1113cdaf	Python: Fixup qhelp	2024-07-04 14:01:30 +02:00
Tom Hvitved	da0909c080	Merge pull request #16896 from hvitved/ssa/dataflow-integration-prep SSA: Add `BasicBlock.{getNode/1,length/0}` to the input signature	2024-07-03 19:56:35 +02:00
Porcupiney Hairs	808af28618	Python : Arbitrary codde execution due to Js2Py Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly. This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call. This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix. The databases can be downloaded from the links bellow. ``` https://file.io/qrMEjSJJoTq1 https://filetransfer.io/data-package/a02eab7V#link ```	2024-07-03 19:06:34 +05:30
Taus	b779341ba6	Merge pull request #16885 from github/tausbn/python-fix-bad-join-in-function-resolution-type-tracker Python: Fix bad join in function resolution	2024-07-03 13:59:13 +02:00

1 2 3 4 5 ...

8513 Commits