4291 Commits

Author	SHA1	Message	Date
jorgectf	356b07112a	Cover MimeType.amp as a vulnerable mimetype	2021-10-30 21:19:22 +02:00
jorgectf	3264e7be99	Merge branch 'jty/python/emailInjection' of https://github.com/jty-team/codeql into jty/python/emailInjection	2021-10-30 21:11:30 +02:00
thank_you	d9e4df7f97	Remove unnecessary comment	2021-10-30 14:00:58 -04:00
thank_you	3a4e3d5146	Remove comments from Python example tests ... Besides removing comments, I also reduced the complexity of some of the Python code examples.	2021-10-30 14:00:51 -04:00
jorgectf	4afcd9d207	[mrthankyou] smtplib partial modeling.	2021-10-28 19:18:59 +02:00
jorgectf	ba3ea700f5	Add Sendgrid dict data html body modeling	2021-10-28 18:47:54 +02:00
jorgectf	dbf5b24b86	Polish Sendgrid.qll qldoc	2021-10-28 18:26:35 +02:00
jorgectf	e8e0f0fea8	Add temporary .expected	2021-10-28 14:22:14 +02:00
jorgectf	bf68495102	Polish FlaskMail qldocs	2021-10-28 14:21:43 +02:00
jorgectf	c9634f3c6f	Fix getFlaskMailArgument()	2021-10-28 13:54:14 +02:00
jorgectf	4c2a4226ef	Merge remote-tracking branch 'origin/main' into jty/python/emailInjection	2021-10-28 13:26:57 +02:00
Rasmus Wriedt Larsen	6d09334cba	Merge pull request #6330 from porcupineyhairs/pyPathTraversal ... Python : Add Flask sinks for path injection query	2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen	d9e5d179d2	Python: Minor fix to QLDoc ... and auto-formatting	2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen	358663ffbb	Python: Fix tests	2021-10-28 11:14:41 +02:00
yoff	9478faf040	Merge pull request #6967 from RasmusWL/ruamel.yaml ... Python: Model `ruamel.yaml` PyPI package	2021-10-28 10:19:08 +02:00
Porcuiney Hairs	4fd3f212f8	Python : Add Flask sinks for path injection query	2021-10-28 02:12:11 +05:30
Rasmus Wriedt Larsen	89e713a25c	Python: Update PyYAML comment with 6.0 release	2021-10-26 17:58:06 +02:00
Rasmus Wriedt Larsen	cd6d73d553	Python: Handle kwarg in PyYAML ... Really surprised that we didn't already :|	2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen	6c0083e584	Python: Add PoC for PyYAML code execution	2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen	1ce09afa08	Python: Add modeling of ruamel.yaml PyPI package	2021-10-26 17:48:10 +02:00
Erik Krogh Kristensen	a3c55c2aec	use set literal instead of big disjunction of literals	2021-10-26 12:55:25 +02:00
CodeQL CI	3fc6e2b294	Merge pull request #6941 from RasmusWL/add-missing-noinline ... Approved by tausbn	2021-10-25 15:23:37 +01:00
Rasmus Wriedt Larsen	852e9875bd	Python: Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2021-10-21 10:24:34 +02:00
Rasmus Wriedt Larsen	8167e83ae5	Python: Fix tests	2021-10-20 17:58:03 +02:00
Rasmus Wriedt Larsen	d0fd907582	Python: Add change-note ... I reworded this slightly from what was done in C++, such that I can completely stand behind what it says.	2021-10-20 17:03:55 +02:00
Rasmus Wriedt Larsen	8f28684d10	Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql	2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen	605494c3d1	Python: Treat SyntaxErrors as warnings in diagnostics ... Rename going to happen in second commit, so git doesn't get too confused I don't actually recall where to lookup that warning is 1, and error is 2, but I took this from https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123	2021-10-20 16:59:00 +02:00
Tom Hvitved	0bf5238f39	Update QL doc for allowParameterReturnInSelf	2021-10-20 12:08:58 +02:00
Tom Hvitved	dd138b0429	Address review comments	2021-10-20 12:08:58 +02:00
Tom Hvitved	a1511e13d8	Data flow: Sync files	2021-10-20 12:08:57 +02:00
Rasmus Wriedt Larsen	386c7e3a12	Python: Add missing pragma[noinline]	2021-10-19 11:55:51 +02:00
Rasmus Wriedt Larsen	b0af805460	Merge pull request #6899 from thepurpleowl/patch-1 ... Python SignatureOverriddenMethod: Rmv duplicate condition	2021-10-19 11:24:01 +02:00
Geoffrey White	3f3c79f48f	Merge pull request #6884 from geoffw0/setliterals ... Replace or chains with set literals.	2021-10-18 16:46:55 +01:00
Anders Schack-Mulligen	b67032d1cc	Merge pull request #6891 from erik-krogh/fix-java-this ... add explicit this qualifier on all of java	2021-10-18 17:13:37 +02:00
Tom Hvitved	a10bde5795	Merge pull request #6872 from hvitved/dataflow/path-into-callable0-join ... Data flow: Performance tweaks	2021-10-18 16:25:10 +02:00
Tom Hvitved	e6954292aa	Address review comments	2021-10-18 14:09:44 +02:00
Anders Schack-Mulligen	91ea064980	Sync	2021-10-18 14:04:50 +02:00
Surya Prakash Sahu	2871bdb206	Python SignatureOverriddenMethod: Rmv duplicate condition	2021-10-17 18:04:20 +05:30
jorgectf	271e2e4c49	Update .expected	2021-10-16 13:12:33 +02:00
jorgectf	14c50e993b	Add django GET.get RFS	2021-10-16 13:10:48 +02:00
jorgectf	45146bc798	Merge branch 'main' into jorgectf/python/headerInjection	2021-10-16 12:46:57 +02:00
jorgectf	bf76d9cd8b	Fix django test	2021-10-16 10:45:25 +02:00
jorgectf	2db1ffef1e	Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection	2021-10-16 10:40:52 +02:00
Taus	b2e4276bc8	Merge pull request #6886 from aschackmull/java-python/perffix-transitive-step-x3 ... Java/Python: Fix some potential performance problems due to transitive deltas.	2021-10-15 11:06:35 +02:00
Geoffrey White	8f30b8b586	Autoformat.	2021-10-14 16:00:23 +01:00
Anders Schack-Mulligen	f6a517c998	Merge pull request #6882 from MathiasVP/fix-unnecessary-exists ... C++/Python: Remove unnecessary `exists`	2021-10-14 16:44:05 +02:00
Anders Schack-Mulligen	310eec07c1	Java/Python: Fix some potential performance problems due to transitive deltas.	2021-10-14 16:10:00 +02:00
Geoffrey White	f08d2ee759	Merge branch 'main' into setliterals	2021-10-14 14:39:39 +01:00
Geoffrey White	9d63efe495	Python: Set literals.	2021-10-14 14:22:44 +01:00
Anders Schack-Mulligen	8b6baa250c	Merge pull request #6878 from aschackmull/remove-singleton-setliteral ... C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 14:53:05 +02:00