5709 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Erik Krogh Kristensen	595875ff98	remove redundant not-equals check	2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen	a4262f8d91	add some more references to the overly-large-range qhelp	2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen	8e52fc97fc	changes based on review by Shack	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	220ff3cb2e	convert tabs to spaces in qhelp	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	aae3e2ddde	other changes based on Esbens review	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Erik Krogh Kristensen	a343ceaf8b	add suspicious-regexp-range query	2022-06-28 09:49:27 +02:00
Asger F	cc57cb8af5	Merge branch 'main' into post-release-prep/codeql-cli-2.10.0	2022-06-27 20:37:25 +02:00
github-actions[bot]	d506f448ef	Post-release preparation for codeql-cli-2.10.0	2022-06-24 07:36:33 +00:00
Asger F	d94010c244	Grammar: report -> reports	2022-06-23 14:17:52 +02:00
github-actions[bot]	a74051c658	Release preparation for version 2.10.0	2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen	3248f7b423	Merge pull request #9649 from RasmusWL/certificate-modeling ... Python/JS/Ruby: Ignore common words (like certain) as sensitive data source	2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen	876ba71d9b	Python/JS/Ruby: Add change-note	2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen	4be375521f	Python: Handle _ in sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	4a844312f4	Python: _ in var name not handled by sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	5dc2bb717a	Python: ignore common words (certain/concert) as sensitive source	2022-06-22 11:05:05 +02:00
Anders Schack-Mulligen	df6d68b215	Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class ... Dataflow: Deprecate BarrierGuard class	2022-06-22 10:44:08 +02:00
Rasmus Wriedt Larsen	abdcfd55c3	Python: uncertainty is treated as a certificate :O	2022-06-22 10:16:28 +02:00
Anders Schack-Mulligen	f8f9b7d3b4	Apply suggestions from code review	2022-06-21 14:11:36 +02:00
Edoardo Pirovano	70dbd92e25	Bump minor version of all regularly released packs	2022-06-21 11:22:58 +01:00
Edoardo Pirovano	ad02b85efa	Merge branch main into rc/3.6	2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen	a4796e1542	Add change notes.	2022-06-21 11:17:47 +02:00
Anders Schack-Mulligen	a6c0a9e480	Python: one more fix	2022-06-21 09:19:45 +02:00
Anders Schack-Mulligen	a7c268f804	Python: adjust test.	2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen	f473a0a961	Python: Deprecate and replace BarrierGuard class.	2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen	ae44a941f9	Merge pull request #9421 from RasmusWL/inline-brackets ... Inline Expectation Tests: Allow `tag[foo bar]`	2022-06-20 10:01:19 +02:00
Taus	3a328f6a3f	Merge pull request #6570 from yoff/python/broaden-noqa-regex ... Python: Broaden noqa regex to allow comments	2022-06-17 23:56:39 +02:00
Rasmus Wriedt Larsen	5fb41e4894	Inline Expectation Tests: Disallow tag[[[foo bar]	2022-06-17 17:36:04 +02:00
Anders Schack-Mulligen	6518a01ded	Dataflow: Sync.	2022-06-16 11:25:28 +02:00
Taus	9bf2eb55ca	Python: Allow whitespace before colon ... As suggested by @DimitriPapadopolous. Also fixes the test output to account for the `noqa` annotation (with added comment) that we're now detecting.	2022-06-16 11:16:58 +02:00
Rasmus Lerchedahl Petersen	98301332bd	Python: Broaden noqa regex	2022-06-16 11:16:58 +02:00
github-actions[bot]	1ed70d51d7	Post-release preparation for codeql-cli-2.9.4	2022-06-15 13:25:20 +00:00
yoff	f14a90ff09	Merge pull request #9200 from tausbn/python-modernise-weak-file-permissions-query ... Python: Modernise weak file permissions query	2022-06-15 14:37:17 +02:00
yoff	9dbb451f41	Merge pull request #9463 from RasmusWL/req-wo-cert-validation ... Python: Rewrite `py/request-without-cert-validation`	2022-06-15 13:00:57 +02:00
github-actions[bot]	104ac05f49	Release preparation for version 2.9.4	2022-06-15 08:22:38 +00:00
Rasmus Wriedt Larsen	cfd640b1b2	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-06-14 16:47:24 +02:00
Taus	5b9c668e10	Python: Restrict test to Python 3	2022-06-14 12:58:35 +00:00
yoff	699761889d	Merge pull request #7127 from jty-team/jty/python/emailInjection ... Python: CWE-079 - Add Email injection query	2022-06-14 10:54:16 +02:00
Alex Ford	8d195e3188	Merge pull request #9157 from alexrford/crypto-op-block-mode ... Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`	2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen	d91b92511f	Python: Add change-note	2022-06-08 17:46:51 +02:00
Rasmus Wriedt Larsen	5b2d799fde	Python: Model certificate disabling in urllib3	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	0d02ca07d7	Python: Add certificate disable test of urllib/urllib2	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	049e87201c	Python: Model certificate disabling in httpx	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	1a2a4232a8	Python: Refactor httpx tests ... and improve QLDocs a bit	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	f72a1d98bb	Python: Model certificate disabling in aiohttp.client	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	4b07a7b7be	Python: Add missing QLDoc for requests ... Also fix links	2022-06-08 17:41:42 +02:00
Rasmus Wriedt Larsen	f37d1775f1	Python: Improve requests tests	2022-06-08 17:41:11 +02:00
Rasmus Wriedt Larsen	c21e05aa44	Python: Use HTTP::Client::Request request for py/request-without-cert-validation ... This is very much like the Ruby query, except we also have the origin that does the disabling. 976daddd36/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql (L18-L20)	2022-06-08 15:42:32 +02:00
Rasmus Wriedt Larsen	9cb249fc2f	Python: Add test we don't handle for py/request-without-cert-validation	2022-06-08 15:39:37 +02:00