hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 09:40:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,444 Commits 1,673 Branches 157 Tags
01577dac3221a205ec4e82084fc25c4ec20f4de7
Commit Graph

1628 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Rasmus Lerchedahl Petersen
f865fa3050 Python: simplify using getSubscript 2023-08-08 11:16:35 +02:00
Tom Hvitved
6c989b9c6b Python: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
b27a3a81bc Python: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Rasmus Wriedt Larsen
0db535bdd7 Python: Minor naming update 2023-07-14 12:54:54 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Asger F
919cb07c1e Sync ApiGraphModels.qll 2023-07-13 15:42:33 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
10cd649ba7 address code review feedback 2023-07-13 12:24:19 +02:00
Alvaro Muñoz
69efddbaef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-07-13 12:23:00 +02:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Ed Minnix
3db2644008 Python: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
43f870e395 Python: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Alvaro Muñoz
7a717555aa fix qldocs 2023-07-12 17:27:17 +02:00
Alvaro Muñoz
f2cc2af276 aiohttp improvements 2023-07-12 17:19:56 +02:00
Rasmus Wriedt Larsen
98ed5cf522 Python: Move not this instanceof ParameterDefinition logic 2023-07-12 11:31:27 +02:00
Rasmus Wriedt Larsen
a1225674ee Python: Add implementation note about why not targeting ESSA node 2023-07-11 11:32:26 +02:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Asger F
d88f557dbe Merge pull request #13683 from asgerf/rb/api-graph-noobject 
Ruby: exclude Object class from API graph
 2023-07-10 12:51:15 +02:00
Rasmus Wriedt Larsen
44c67171f2 Python: Fix default parameter value flow 
Somehow the previous fix didn't work :O
 2023-07-07 16:17:07 +02:00
Rasmus Wriedt Larsen
a850a481d0 Merge pull request #13676 from RasmusWL/aiohttp-ssrf-sink 
Python: Relax restriction of flow through `async with`
 2023-07-07 14:55:57 +02:00
Rasmus Wriedt Larsen
43b025015d Python: Avoid overlap between AssignmentDefinition and ParameterDefinition 2023-07-07 14:26:28 +02:00
Rasmus Wriedt Larsen
4e8a1144f2 Python: Remove explicit jumpStep for default parameter values 
tests added in https://github.com/github/codeql/pull/5238
functionality added in https://github.com/github/codeql/pull/6640
 2023-07-07 14:24:51 +02:00
Rasmus Wriedt Larsen
c5e8e232e5 Python: Fix dataflow consistencies for default parameter values 2023-07-07 11:55:07 +02:00
Rasmus Wriedt Larsen
6f3cb67050 Python: Model parameter with default value as DefinitionNode 2023-07-07 11:54:50 +02:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Rasmus Wriedt Larsen
a0dfbfd96f Python: Fix grammar in qldoc 
Co-authored-by: Taus <tausbn@github.com>
 2023-07-06 15:04:21 +02:00
Mathias Vorreiter Pedersen
83d0dec0fb DataFlow: Sync identical files. 2023-07-06 14:00:00 +01:00
Rasmus Wriedt Larsen
1f93e5b58d Python: Relax restriction of flow through async with 2023-07-06 11:51:58 +02:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Michael Nebel
238f390738 Merge pull request #13452 from michaelnebel/refactorstackprinting 
Re-factor printing of summary component stacks.
 2023-07-04 08:29:10 +02:00
Michael Nebel
243c592447 Address review comments. 2023-07-03 17:01:08 +02:00
Michael Nebel
bddd22f522 Sync files and make language specific adjustments. 2023-07-03 14:36:07 +02:00
Michael Nebel
d62a5524f8 Python: Improve AccessPath printing. 2023-07-03 14:36:06 +02:00
Michael Nebel
c18f4b1604 Sync files and make language specific rename. 2023-07-03 14:36:06 +02:00
Chuan-kai Lin
ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
Tom Hvitved
9a26fc3178 Merge pull request #13573 from hvitved/ruby/inline-late-members 
Ruby/Python: Use `inline_late` on member predicates
 2023-06-29 09:07:14 +02:00
Asger F
f0517028b9 Merge pull request #13496 from asgerf/rb/tracking-on-demand 
Ruby: overhaul API graphs
 2023-06-28 15:01:37 +02:00