hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,200 Commits 1,671 Branches 157 Tags
18ce257fc8bea35cdbc97437fd04dd1da9957a1e
Commit Graph

3277 Commits

Author SHA1 Message Date
jorgectf
18ce257fc8 Move RegexInjectionSink to query config (qll) 2021-04-27 19:54:29 +02:00
jorgectf
53d61c4fb6 Use custom Sink 2021-04-27 19:54:29 +02:00
jorgectf
36cc7b5e3f Fix CompiledRegex 2021-04-27 19:54:28 +02:00
jorgectf
35f1c45d32 Change from Attribute to DataFlow::CallCfgNode in getRegexMethod() 2021-04-27 19:54:28 +02:00
jorgectf
c127b109d0 Create re.compile().ReMethod test 2021-04-27 19:54:27 +02:00
jorgectf
be09ffec3f Create RegexEscape Range 2021-04-27 19:54:27 +02:00
jorgectf
805f86a5cf Polish RegexEscape 2021-04-27 19:54:26 +02:00
jorgectf
3d990c5950 Get back to ApiGraphs 2021-04-27 19:54:26 +02:00
jorgectf
30554a16da Format 2021-04-27 19:54:24 +02:00
jorgectf
ee1d2b645b Delete DirectRegex and CompiledRegex 2021-04-27 19:54:24 +02:00
jorgectf
ce23db2e9c Move Sanitizer to ReEscapeCall 2021-04-27 19:54:23 +02:00
jorgectf
b5ea41fcca Fix CompiledRegex 2021-04-27 19:54:22 +02:00
jorgectf
d61adccd3c Take main Concepts.qll out of the PR 2021-04-27 19:54:22 +02:00
jorgectf
a1a3c98d92 Undo main Concepts.qll change 2021-04-27 19:54:21 +02:00
jorgectf
28fdeba4fa Structure development 2021-04-27 19:54:20 +02:00
jorgectf
444a15a461 Polish imports 2021-04-27 19:54:20 +02:00
Jorge
0f20eeb395 Apply suggestions 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:19 +02:00
Jorge
b27b77c38f Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:18 +02:00
Jorge
249e4097e3 Change query ID 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-27 19:54:17 +02:00
jorgectf
b207929e0a RegexExecution restructuring 2021-04-27 19:54:16 +02:00
jorgectf
3daec8e6a2 Enclose Sinks and ReMethods in a module 2021-04-27 19:54:15 +02:00
jorgectf
caaf5436c6 Attempt to restructuring ReMethods and RegexExecution's modules 2021-04-27 19:54:14 +02:00
jorgectf
6d5a0f2f84 Limit Sanitizer to re.escape(arg) 2021-04-27 19:54:13 +02:00
jorgectf
a1b5cc3bc6 Typo 2021-04-27 19:54:13 +02:00
jorgectf
e4736d064e Typo 2021-04-27 19:54:12 +02:00
jorgectf
f45307f990 Apply rebase 2021-04-27 19:54:12 +02:00
jorgectf
5dae920783 Edit filenames to match consistent naming 2021-04-27 19:54:11 +02:00
jorgectf
63f708dd57 Apply suggestions 2021-04-27 19:54:10 +02:00
Jorge
6cc714464c Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:09 +02:00
jorgectf
21f8135fa6 Move to experimental folder 2021-04-27 19:54:08 +02:00
jorgectf
afc4f51e9c Remove CWE references 2021-04-27 19:54:07 +02:00
jorgectf
bd3d2ec686 Update to match consistent naming across languages 2021-04-27 19:54:07 +02:00
jorgectf
7adc3c2fba Upload ReDoS query, qhelp and tests 2021-04-27 19:54:05 +02:00
yoff
0509a12790 Merge pull request #5770 from tausbn/python-small-api-graph-fix 
Python: Use only `TApiNode` in `API::Impl`
 2021-04-27 14:06:09 +02:00
Chris Smowton
64a2320be7 Merge pull request #5757 from smowton/smowton/admin/fix-dead-qhelp-links 
Fix all dead qhelp links
 2021-04-27 12:17:08 +01:00
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
Taus
3889c8afec Python: Use only TApiNode in API::Impl 
This ensures that changes to `API::Node` does not invalidate the cached
`module Impl`. At present, I don't expect this to have any effect (as
the `Node` class is also fairly static, though not explicitly cached),
but I can imagine us making some of the `Node` methods have
user-extensible behaviour, in which case we definitely do not want this
to result in reevaluation of `API::Impl`.
 2021-04-26 13:10:15 +00:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Rasmus Wriedt Larsen
5a9e27c6fc Merge branch 'main' into django-3.2 2021-04-21 17:15:47 +02:00
CodeQL CI
30d7f0dc98 Merge pull request #5687 from RasmusWL/inline-taint-tests 
Approved by yoff
 2021-04-21 06:24:12 -07:00
Rasmus Wriedt Larsen
be9cbd79d6 Python: Add change-note for Django 3.2 support 2021-04-21 13:58:34 +02:00
Rasmus Wriedt Larsen
59c6f76457 Python: Add test for new response.headers in Django 
See https://docs.djangoproject.com/en/3.2/ref/request-response/#setting-header-fields
 2021-04-21 13:55:22 +02:00
Rasmus Wriedt Larsen
2302c8d5fa Python: Model new alias method on django QuerySets 2021-04-21 13:52:38 +02:00
yoff
a19373ab54 Merge pull request #5727 from tausbn/python-use-localsource-in-stepsummary 
Python: Use `LocalSourceNode` in `StepSummary::step`
 2021-04-21 13:50:31 +02:00
Rasmus Wriedt Larsen
63a2657aef Merge branch 'main' into inline-taint-tests 2021-04-21 10:02:55 +02:00
yoff
ef0ea247c4 Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins 
Python: Fix bad points-to joins
 2021-04-20 21:19:32 +02:00
Rasmus Lerchedahl Petersen
6408ee2eaf Python: Fix bad join 2021-04-20 20:03:06 +02:00
Rasmus Lerchedahl Petersen
fc2c62350e Python: Fix bad join 
Also fixed up the QLDoc
 2021-04-20 18:54:03 +02:00
Taus
890f96d9b5 Python: Prevent bad joins in TypeBackTracker 
Perhaps unsurprisingly, the join orderer was eager and willing to find
the wrong join order in this predicate as well. Applying a similar
fix to the one used in `TypeTracker::step` fixes the problem.
 2021-04-20 15:01:04 +00:00
Taus
c0569da65c Python: Move track/backtrack to LocalSourceNode 
This is merely making explicit what was implicitly enforced. The move
to change the return type of `step` already meant that `this` and
`result` had to be `LocalSourceNode`. By moving these methods to their
rightful place, we should hopefully avoid a bit of suprising behaviour.
 2021-04-20 14:39:56 +00:00