hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,278 Commits 1,671 Branches 157 Tags
16018e91a27a5a4aa8928ea5909cae2477dc5dc5
Commit Graph

9612 Commits

Author SHA1 Message Date
Joe Farebrother
16018e91a2 Minor test fix 2025-11-26 15:47:56 +00:00
Joe Farebrother
8d313ff85b qldoc fixes 2025-11-26 11:23:04 +00:00
Joe Farebrother
6207137ef0 Add changenote 2025-11-26 11:21:05 +00:00
Joe Farebrother
eb7fe71557 Fix namespace instances and update tests 2025-11-26 10:51:16 +00:00
Joe Farebrother
83eadbad60 Add namespace models 2025-11-25 16:56:36 +00:00
Joe Farebrother
b0be8184ac Add taint test 2025-11-24 16:54:21 +00:00
Joe Farebrother
a83c70f99d Add tests 2025-11-24 11:03:16 +00:00
Joe Farebrother
ba06990290 Add socketio models 2025-11-20 10:47:41 +00:00
Asger F
613895e0c0 Merge pull request #20424 from asgerf/js/overlay-manual-v4 
JS: Add overlay annotations
 2025-11-20 11:10:46 +01:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Asger F
ecfa94600f Sync ApiGraphModels.qll 2025-11-13 09:46:23 +01:00
Asger F
16e7dc1b8a Sync ApiGraphModelsExtensions.qll 2025-11-13 09:46:21 +01:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
Michael B. Gale
046db0419f Merge pull request #20758 from github/post-release-prep/codeql-cli-2.23.4 
Post-release preparation for codeql-cli-2.23.4
 2025-11-05 10:45:51 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Taus
e702d3bfc8 Python: Add change note 
I wasn't entirely sure if this should be classified as `deprecated` or
`breaking`, but seeing as these changes technically _could_ break
existing queries (requiring a small rewrite), I opted for the latter.
 2025-10-30 15:16:51 +00:00
Taus
820d8e76c4 Python: Remove points-to from Module 2025-10-30 13:59:30 +00:00
Taus
b93ce98612 Python: Remove points-to from Expr 2025-10-30 13:58:59 +00:00
Taus
b434ce460e Python: Get rid of getLiteralValue 
This had only two uses in our libraries, so I simply inlined the
predicate body in both places.
 2025-10-30 13:30:04 +00:00
Taus
fef08afff9 Python: Remove points-to to from ControlFlowNode 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
 2025-10-30 13:30:04 +00:00
Nora Dimitrijević
1ff24cbee8 Python/LdapInsecureAuth 
python/ql/src/experimental/Security/CWE-522/LdapInsecureAuth.ql
 2025-10-28 09:40:35 +01:00
Nora Dimitrijević
998de144ea Python/CorsBypass 2025-10-28 09:40:32 +01:00
Nora Dimitrijević
4bc9ede2e8 Python/UnsafeUsageOfClientSideEncryptionVersion 2025-10-28 09:40:30 +01:00
Nora Dimitrijević
6d57316862 Python/UnsafeUnpackQuery 
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
 2025-10-28 09:40:27 +01:00
Nora Dimitrijević
37fff48dcd Python/ServerSideRequestForgeryQuery 
python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
 2025-10-28 09:40:24 +01:00
Nora Dimitrijević
baccdcc07f Python/PolynomialReDoSQuery 
python/ql/src/Security/CWE-730/PolynomialReDoS.ql
 2025-10-28 09:40:21 +01:00
Joe Farebrother
8c277bd1d9 Merge pull request #20494 from joefarebrother/python-insecure-cookie-split 
Python: Split Insecure Cookie query into multiple queries
 2025-10-24 11:10:20 +01:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
Nora Dimitrijević
e120e5c3ba Merge pull request #20337 from d10c/d10c/python-overlay-compilation-plus-extractor 
Python: enable overlay compilation + extractor overlay support
 2025-10-16 14:49:01 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
b737bccb07 Python: Fix "be be" typos in qhelp 2025-10-14 11:33:24 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
Owen Mansel-Chan
2f22acdd06 Remove hashing example when not covered by query 2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1 Remove erroneous comma 2025-10-08 14:08:36 +01:00
Nora Dimitrijević
c749607db8 Bump python extractor version to 7.1.5 2025-10-07 11:22:16 +02:00
Nora Dimitrijević
ece121070b Add change note. 2025-10-06 12:31:21 +02:00
Nora Dimitrijević
9d7c52423a Basic python overlay tests 
The base source is in basic-overlay-eval/orig_src,
the overlay source is in basic-full-eval.

We run two tests: a full evaluation test in basic-full-eval,
and an overlay evaluation test in basic-overlay-eval.

The test source and expected results are the SAME,
due to the .qlref, meaning we expect the same results
for full and overlay evaluation.
 2025-10-06 12:30:08 +02:00
Nora Dimitrijević
20d4e429ca Add consistency query (exactly one path for every entity) 2025-10-06 11:47:56 +02:00
Nora Dimitrijević
7174d4c8ba Overlay.qll: discard predicates 
for dbscheme elements with direct or indirect location links in dbscheme.

- Unify discardable entities under one Discardable superclass.
- Two discard predicates depending on TRAP ID type.
- Future-proof the XML and Yaml discard predicates for when their
  extractors become incremental.
 2025-10-06 11:47:51 +02:00
Nora Dimitrijević
1a9683f986 Add @top database type 2025-10-06 11:47:14 +02:00
Nora Dimitrijević
6f208e9dec Write overlay metadata at end of extraction. 2025-10-06 11:47:12 +02:00
Nora Dimitrijević
49b18db044 Python extractor: in overlay mode, traverse only changed files 
- fall back to full extraction on overlay changes json read error
- we filter both root modules and (transitive) imports against the overlay-changes json.
 2025-10-06 11:47:09 +02:00
Nora Dimitrijević
e0cf719cb9 Path transformer: handle Windows-style paths 
And don't add slash to start of path patterns on Windows.
 2025-10-06 11:37:04 +02:00
Nora Dimitrijević
29b1a7403b Support CODEQL_PATH_TRANSFORMER env var in python path renamer 
The new name is required by overlay support.
 2025-10-06 11:37:02 +02:00