hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,169 Commits 1,672 Branches 157 Tags
46238d5ea049e5b51f99f4b66366957852a649c8
Commit Graph

3199 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Rasmus Wriedt Larsen
852e9875bd Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-21 10:24:34 +02:00
Rasmus Wriedt Larsen
8f28684d10 Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql 2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen
605494c3d1 Python: Treat SyntaxErrors as warnings in diagnostics 
Rename going to happen in second commit, so git doesn't get too confused

I don't actually recall where to lookup that warning is 1, and error is
2, but I took this from
https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123
 2021-10-20 16:59:00 +02:00
Rasmus Wriedt Larsen
b0af805460 Merge pull request #6899 from thepurpleowl/patch-1 
Python SignatureOverriddenMethod: Rmv duplicate condition
 2021-10-19 11:24:01 +02:00
Surya Prakash Sahu
2871bdb206 Python SignatureOverriddenMethod: Rmv duplicate condition 2021-10-17 18:04:20 +05:30
jorgectf
14c50e993b Add django GET.get RFS 2021-10-16 13:10:48 +02:00
jorgectf
45146bc798 Merge branch 'main' into jorgectf/python/headerInjection 2021-10-16 12:46:57 +02:00
jorgectf
2db1ffef1e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-10-16 10:40:52 +02:00
jorgectf
f1a73e3009 Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization 2021-10-16 10:07:13 +02:00
jorgectf
c2046f1777 Improve readability for xmlDom() 2021-10-16 10:07:11 +02:00
Jorge
be424704a6 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-16 10:04:50 +02:00
jorgectf
320a00be31 Delete simple API::Nodes 2021-10-16 10:02:43 +02:00
jorgectf
5b66a15de3 Extend mayBeDangerous() QLDoc 2021-10-16 09:57:28 +02:00
Rasmus Wriedt Larsen
7cd5e681dd Merge pull request #6693 from yoff/python/promote-regex-injection 
Python: Promote `py/regex-injection`
 2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
Mathias Vorreiter Pedersen
bdc54bcda7 Python: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
haby0
d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
haby0
a17b0d4e5c Modify Sanitizer 2021-10-05 17:12:04 +08:00
Erik Krogh Kristensen
8d6cac76cc apply suggestions from asgerf 2021-10-04 12:45:02 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Rasmus Wriedt Larsen
e472814ddd Python: Fix XXE qhelp 2021-09-28 17:02:39 +02:00
Rasmus Wriedt Larsen
9c286a1b50 Python: fix name of .qhelp file 2021-09-28 16:57:46 +02:00
Rasmus Wriedt Larsen
67fddda6d2 Merge branch 'main' into jorgectf/python/deserialization 2021-09-28 16:49:33 +02:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen
c9640ffdbc Python: Minor adjustments to XPath Injection 2021-09-24 15:02:39 +02:00
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
haby0
9b969e15fc Modify according to @yoff suggestion 2021-09-24 12:56:10 +08:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
haby0
6c07a3e260 Apply @yoff's suggestion 2021-09-22 18:50:58 +08:00
Rasmus Wriedt Larsen
d44f279339 Python: Fix .qhelp 2021-09-21 20:35:03 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
yoff
4adb0c75bd Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen
4a16be2cba Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen
c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00
Rasmus Wriedt Larsen
97c0f1c7b7 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-09-20 12:04:46 +02:00
haby0
99167539fb Modify sinks 2021-09-17 17:29:40 +08:00
haby0
0277601705 Eliminate false positives caused by . 2021-09-16 20:59:34 +08:00
Rasmus Lerchedahl Petersen
72bf390ec5 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-09-16 14:50:17 +02:00