hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,469 Commits 1,689 Branches 160 Tags
3dbfb9fa4b41177096e74e71fdf4e6533ac42b89
Commit Graph

9381 Commits

Author SHA1 Message Date
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
yoff
699ed50432 python: remove barrier that can be expressed in MaD 2026-01-22 17:30:24 +01:00
Taus
5414bd2716 Merge pull request #21134 from yoff/python/support-ListElement-in-MaD 
Python support `ListElement` in MaD
 2026-01-20 23:38:02 +01:00
yoff
fa926456ef python: add changenote 2026-01-20 18:16:03 +01:00
Ian Lynagh
82e9ea2da0 python: Add up/downgrade scripts 2026-01-20 11:56:16 +00:00
Ian Lynagh
d2da49220b python: Regenerate dbscheme 2026-01-20 11:56:15 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
yoff
6c4a0bb52b Merge pull request #20990 from github/tausbn/python-support-relaxed-exception-groups 
Python: Add support for PEP-758 exception syntax
 2026-01-13 19:04:27 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Taus
8c90c113c2 Update change note to reflect Python 2 changes 2026-01-12 15:27:38 +00:00
Chris Smowton
44089d84a3 Merge pull request #21102 from github/smowton/admin/respect-config-paths-filters-pre-finalize 
All languages: account for paths and paths-ignore in XML and other ancillary extraction
 2026-01-09 16:23:26 +00:00
Taus
89ddd67ebe Merge pull request #21002 from github/tausbn/python-add-models-for-zstd-compression 
Python: Add modelling for `zstd.compression`
 2026-01-09 14:05:06 +01:00
yoff
1ac3706e75 Python support ListElement in MaD 2026-01-09 13:08:06 +01:00
Taus
8602a2d59b Python: Use correct first parameter name for zstd call 
Co-authored-by: yoff <yoff@github.com>
 2026-01-07 14:47:11 +01:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
Taus
4a567ad75e Python: Add change note 2026-01-06 13:40:38 +00:00
Chris Smowton
6ed24f22b5 Change notes 2026-01-06 13:01:37 +00:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
Taus
6b03130755 Python: Fix bad join in import_points_to 2025-12-18 12:03:40 +00:00
Taus
4d45b5839d Python: Add change note 2025-12-16 23:57:58 +01:00
Taus
b9616eb639 Python: Add stats 
Not actually based on any measurements, just the usual 100/1000 stuff.
 2025-12-16 23:57:58 +01:00
Taus
82c629ada8 Python: Add up-/downgrade scripts for template literals 
We do the usual thing. Downgrade scripts remove the relevant relations;
upgrade scripts do nothing.
 2025-12-16 23:57:58 +01:00
Taus
414e689291 Python: Add AST node wrappers 2025-12-16 23:57:58 +01:00
Taus
652c335d30 Python: Regenerate AST and dbscheme files 2025-12-16 23:57:58 +01:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
Taus
d2c7147480 Python: Add new test 2025-12-10 13:52:13 +00:00
Taus
6af9fd816f Python: Make space for new test 2025-12-10 13:51:20 +00:00
Taus
e6e05012c8 Python: Add change note 2025-12-09 22:55:40 +00:00
Taus
ad68a5e4e9 Python: Add modelling for zstd.compression 
See https://docs.python.org/3/library/compression.zstd.html for
information about this library.

As far as I can tell, the `zstd` library is not vulnerable to things
like ZipSlip, but it _could_ be vulnerable to a decompression bomb
attack, so I extended those models accordingly.
 2025-12-09 22:52:16 +00:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00
Joe Farebrother
d70c596c86 Merge pull request #20914 from joefarebrother/python-socketio 
Python: Add models for socketio
 2025-12-04 23:14:58 +00:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
yoff
7fd4755e93 Merge pull request #20919 from yoff/python/header-splitting-experiments 
Python: detecting header splitting in synthetic app
 2025-12-03 15:48:54 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
github-actions[bot]
085faa2bdb Post-release preparation for codeql-cli-2.23.7 2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
Joe Farebrother
7cf3964e44 Update expectations 2025-12-01 20:27:48 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
Asger F
b8cff77cab Merge pull request #20873 from github/shared-xml-discard 
Share XML discard predicates
 2025-12-01 10:06:02 +01:00
Asger F
6257bed089 Sync OverlayXml.qll 2025-11-28 09:23:49 +01:00
Taus
ec336a0334 Python: Fix list bullets in change note 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2025-11-27 17:49:13 +01:00
Taus
bc8ed286ac Python: Make some more points-to imports private 
This makes things a bit cleaner.

After this, the only non-private (and non-`LegacyPointsTo`) imports of
`semmle.python.{types,objects,pointsto}.*` are in
`semmle.python.objects.ObjectInternal`, which is reasonable, as that is
the entry point for the entire internal object API.
 2025-11-27 16:47:53 +00:00
Taus
0c358acc24 Merge pull request #20908 from akoeplinger/patch-1 
Fix KeyError: 'name' in python/extractor/imp.py on Python 3.14
 2025-11-27 15:29:54 +01:00