hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,414 Commits 1,673 Branches 157 Tags
46cd85c70b08bf8a57f4a797e378cbcedb30b943
Commit Graph

3167 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
a1769f8036 Python: add default implementation of getName() and deprecate it 2022-03-09 18:28:12 +01:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Taus
d2603884ca Python: Fix a bunch of class QLDoc 2022-03-07 18:59:49 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Taus
095f27f294 Python: Remove deprecated annotations 2022-03-04 12:30:26 +00:00
Taus
20710616c5 Python: Fix "use set literal" warnings 2022-03-04 12:26:36 +00:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
yoff
853857bd7e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-01 10:26:29 +01:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
Rasmus Wriedt Larsen
aeba497832 Merge pull request #7735 from yoff/python/promote-log-injection 
Python: promote log injection
 2022-02-23 16:21:12 +01:00
Taus
3ce7d47b5b Merge pull request #7452 from jorgectf/python_jwt 
Python: Add Python_JWT to JWT security query
 2022-02-23 15:23:20 +01:00
Jorge
0216798cb9 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-02-22 20:55:51 +01:00
Rasmus Wriedt Larsen
b59ab7f5f3 Merge branch 'main' into python/promote-log-injection 2022-02-21 09:59:31 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
Rasmus Wriedt Larsen
5a90214ece Merge pull request #7783 from yoff/python/promote-ldap-injection 
Python: promote LDAP injection query
 2022-02-15 10:24:18 +01:00
yoff
de5b3a272d Merge pull request #7660 from RasmusWL/deprecate-old-modeling 
Python: Deprecate old points-to based modeling
 2022-02-14 19:48:03 +01:00
Rasmus Lerchedahl Petersen
d1200d0cd5 python: fix change-note formatting 2022-02-14 12:22:29 +01:00
Rasmus Lerchedahl Petersen
84447e4710 python: more detailed alert message 2022-02-14 11:55:07 +01:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Rasmus Wriedt Larsen
94f9656e8e Python: Solve deprecation warnings for old experimental queries 2022-02-10 00:09:43 +01:00
Rasmus Lerchedahl Petersen
aa010e420b python: update qhelp 2022-02-09 15:27:39 +01:00
Rasmus Lerchedahl Petersen
75a2f92ce4 pthon: add change note 2022-02-09 15:23:36 +01:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
jorgectf
c6d8b97871 Make verifyCall() a private predicate 2022-02-08 23:37:17 +01:00
jorgectf
ed60d16367 Refactor the way to check the verifying call 2022-02-08 23:33:30 +01:00
Jorge
f1fab98ea2 Merge branch 'github:main' into python_jwt 2022-02-08 23:12:58 +01:00
Rasmus Lerchedahl Petersen
103b5761f3 python: remove superfluous configuration 
this also removes duplicated nodes and edges
in the path results
 2022-02-08 11:34:11 +01:00
Rasmus Lerchedahl Petersen
a9cfc60ea1 python: move supporting libraries 
and update reference in query
 2022-02-08 11:27:45 +01:00
Rasmus Lerchedahl Petersen
88efcff818 python: move query 
and update reference in query test
 2022-02-08 11:24:09 +01:00
Rasmus Wriedt Larsen
eb109828c0 Merge pull request #7252 from museljh/feature/cwe-338 
Python: CWE-338 insecureRandomness
 2022-02-07 19:30:06 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Rasmus Wriedt Larsen
8386b36217 Python: Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-02-03 15:00:04 +01:00
Rasmus Wriedt Larsen
cf68148316 Python: Add change-note 2022-02-03 14:29:02 +01:00
liangjinhuang
1dd15fa235 style:auto format 2022-02-02 01:30:54 +08:00
liangjinhuang
976e484c57 style:move all source files under src/experimental & feat:modify source regular matching rules 2022-02-02 01:14:51 +08:00
liangjinhuang
1885b683f7 style:formatDocument 2022-02-02 00:21:26 +08:00
Rasmus Lerchedahl Petersen
c2cd58edc4 python: rewrite to separate configurations 
source nodes get duplicated, so perhaps flow states
are actually better for performance?
 2022-02-01 14:36:11 +01:00
Rasmus Lerchedahl Petersen
bec8c0daea python: update change note 2022-02-01 13:39:03 +01:00
museljh
012434b152 Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 19:00:06 +08:00
museljh
a6002186bd Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 18:59:12 +08:00
Rasmus Wriedt Larsen
f7a0b17ed6 Merge pull request #7687 from yoff/python/PathInjection-FlowState 
python: Rewrite path injection query to use flow state
 2022-02-01 11:33:37 +01:00
yoff
b120721942 Update python/ql/src/Security/CWE-090/LdapInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 11:02:47 +01:00
Rasmus Lerchedahl Petersen
ecea392a08 python: rewrite qhelp overview 
(combining the Java version and the JS version)
 2022-02-01 10:47:18 +01:00
Rasmus Lerchedahl Petersen
26befebfc2 python: drop precision and add severity score 
Given both the original FP score and our concerns
regarding sanitizers, `@precision medium`, which
is aligned with other languages, feels appropriate.
 2022-02-01 10:34:36 +01:00
Rasmus Lerchedahl Petersen
9d416664a1 python: modern change note 
I set the category to newQuery since that is what users will see.
When we have tags, it would be nice to tag it as a query promotion.
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
8b5114d10e python: Add standard customization setup 
- modernize the sanitizer, but do not make it less specific
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
20d54543fd python: move log injection out of experimental 
- move from custom concept `LogOutput` to standard concept `Logging`
- remove `Log.qll` from experimental frameworks
  - fold models into standard models (naively for now)
    - stdlib:
      - make Logger module public
      - broaden definition of instance
      - add `extra` keyword as possible source
   - flak: add app.logger as logger instance
   - django: `add django.utils.log.request_logger` as logger instance
     (should we add the rest?)
- remove LogOutput from experimental concepts
 2022-01-31 11:27:55 +01:00