hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
72,020 Commits 1,741 Branches 165 Tags
22287be5d16493e1c0b197ac56cb5b38bcea205c
Commit Graph

768 Commits

Author SHA1 Message Date
Joe Farebrother
2db1fbc713 Merge branch 'main' into python-flask-session-interface 2024-05-22 21:48:01 +01:00
Asger F
14c71a351e Sync shared files 2024-05-21 14:38:55 +02:00
Joe Farebrother
7727e465f4 Model Flask SessionInterface request parameter 2024-05-20 09:46:54 +01:00
Rasmus Lerchedahl Petersen
9534e56d1b Python: address review comments 2024-05-17 16:25:22 +02:00
Rasmus Lerchedahl Petersen
a88c007c05 python: Allow dotted paths in type column 2024-05-17 00:03:00 +02:00
yoff
5076b1a214 Merge pull request #16135 from sylwia-budzynska/gradio-model 
Python: Add Gradio models
 2024-05-16 09:00:50 +02:00
Sylwia Budzynska
72493a6bd1 Change classes to private 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-05-15 15:08:27 +02:00
yoff
04c0475251 Merge pull request #16483 from yoff/python/MaD-instance-follow-subclass 
Python: The MaD token `Instance` now follows subclasses
 2024-05-14 21:30:43 +02:00
Joe Farebrother
027e5e7291 Merge pull request #16300 from joefarebrother/python-pyramid 
Python: Model the Pyramid framework
 2024-05-14 13:24:19 +01:00
Sylwia Budzynska
f72afdc7cb Merge branch 'main' into gradio-model 2024-05-14 12:41:00 +02:00
am0o0
c7adb32bc4 simply replace duplicate class references with classRef() in Fabric.qll 2024-05-14 09:51:47 +02:00
Rasmus Lerchedahl Petersen
52717f8500 python: The MaD token Instance now follows subclasses 2024-05-14 08:40:19 +02:00
am0o0
37d33186e5 revert classRef deletion, fix secondaryserverCmdInjection expected test results 2024-05-13 15:02:04 +02:00
am0o0
fb3d34ce11 format Torch.qll 2024-05-13 14:43:43 +02:00
Sylwia Budzynska
d6acea1d0c Fix tests 2024-05-10 12:41:47 +02:00
Sylwia Budzynska
52ceb7fb89 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-05-10 12:07:32 +02:00
am0o0
0e80e867af fix actions reviews 2024-05-10 08:32:45 +02:00
am0o0
f93d4a0dd5 fix Fabric query library 2024-05-10 01:27:31 +02:00
Joe Farebrother
ab23d0ad23 Merge branch 'main' into python-promote-header-injection 2024-05-08 13:49:00 +01:00
Sylwia Budzynska
944f8842b7 Change getASuccessor() to getASubscript() 2024-05-08 14:44:06 +02:00
Sylwia Budzynska
8bb4193704 Put GradioInterface models into GradioInput 2024-05-08 14:36:42 +02:00
Sylwia Budzynska
eaba798e34 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-05-08 14:26:34 +02:00
am0o0
4a2ab49efb better structure for pandas DataFrame, it is now much better readable and also we can find much more DataFrame objects 2024-05-06 14:36:10 +02:00
amammad
0a765cc94a add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
4df73f9975 continue to convert paramiko query to a more general query, 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
 2024-05-06 14:36:10 +02:00
amammad
6520e2fdfb update Fabric models, add new sink to Fabric, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
2708e57e4b add pyTorch :) code execution sinks, add proper tests 2024-05-06 14:36:10 +02:00
amammad
cffdc5b452 add panas code execution sinks, add proper tests 2024-05-06 14:36:10 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Joe Farebrother
c6372d5822 Fix qldoc and remove PotentialViewCallable class 2024-04-30 18:13:06 +01:00
Joe Farebrother
ba054bd428 Manually specify subclasses for redirect models 2024-04-30 14:33:46 +01:00
Joe Farebrother
7df8b1ba51 Don't rely on specific parameter names, add qldoc 2024-04-30 09:45:11 +01:00
Joe Farebrother
2a0459838b Add models for responses 2024-04-25 15:55:59 +01:00
Joe Farebrother
86d1e5b646 Add additional type tracking for request attributes 2024-04-25 13:58:36 +01:00
Joe Farebrother
f3b27d611a Add test case for validated wsgiref servers + fix typo 2024-04-24 14:05:40 +01:00
Joe Farebrother
d4a072818f Add more tests 2024-04-24 14:05:40 +01:00
Joe Farebrother
eeef062f7c Implement sinks for wsgiref + allow lists in bulk header updates + local flow 2024-04-24 14:05:39 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
3e9341ff8a Model class instantiation for werkzueg headers 2024-04-24 14:05:37 +01:00
Joe Farebrother
b9984beb16 Add test cases 2024-04-24 14:05:37 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
f85ee38e04 Add instance taint steps for requests 2024-04-22 16:03:39 +01:00
Joe Farebrother
88e3227ed0 Add pyramid models 2024-04-22 13:27:18 +01:00
Taus
b484aee39e Python: Autoformat everything 
Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Asger F
3335d48154 Sync files 2024-04-16 20:26:41 +02:00
Asger F
be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Tom Hvitved
e7dc120456 Add deprecation comments 2024-04-12 13:40:15 +02:00
Tom Hvitved
ceb5b4c56e Python: No longer use models-as-data CSV interface 2024-04-12 13:40:15 +02:00