hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
4d681f05bd671f8b5e31624f16a2b4d75e61c071
Commit Graph

9284 Commits

Author SHA1 Message Date
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Sylwia Budzynska
e66659276b Fix formatting 2025-05-27 13:51:03 +02:00
Sylwia Budzynska
8a1c323a98 Change naming to PascalCase 2025-05-27 13:45:40 +02:00
Sylwia Budzynska
55c70a4cae Fix nitpicks 2025-05-27 13:44:21 +02:00
Sylwia Budzynska
84228e0ec8 Add Pandas SQLi sinks 2025-05-27 13:10:39 +02:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Taus
579cf4a65a Merge pull request #19424 from github/tausbn/python-extract-hidden-file-by-default 
Python: Extract files in hidden dirs by default
 2025-05-16 14:43:47 +02:00
Taus
9ee3e4cdf3 Python: Update change note 
Co-authored-by: yoff <yoff@github.com>
 2025-05-16 13:50:22 +02:00
Taus
2158eaa34c Python: Fix a bug in glob regex creation 
The previous version was tested on a version of the code where we had
temporarily removed the `glob.strip("/")` bit, and so the bug didn't
trigger then.

We now correctly remember if the glob ends in `/`, and add an extra part
in that case. This way, if the path ends with multiple slashes, they
effectively get consolidated into a single one, which results in the
correct semantics.
 2025-05-15 15:34:11 +00:00
Taus
c8cca126a1 Python: Bump extractor version 2025-05-15 14:59:33 +00:00
Taus
72ae633a64 Python: Update change note and extractor config 
Removes the previously added extractor option and updates the change
note to explain how to use `paths-ignore` to exclude files in hidden
directories.
 2025-05-15 14:58:32 +00:00
Taus
96558b53b8 Python: Update test 
The second test case now sets the `paths-ignore` setting in the config
file in order to skip files in hidden directories.
 2025-05-15 14:53:15 +00:00
Taus
98388be25c Python: Remove special casing of hidden files 
If it is necessary to exclude hidden files, then adding
```
paths-ignore: ['**/.*/**']
```
to the relevant config file is recommended instead.
 2025-05-15 14:49:17 +00:00
Taus
61719cf448 Python: Fix a bug in glob conversion 
If you have a filter like `**/foo/**` set in the `paths-ignore` bit of
your config file, then currently the following happens:

- First, the CodeQL CLI observes that this string ends in `/**` and
  strips off the `**` leaving `**/foo/`
- Then the Python extractor strips off leading and trailing `/`
  characters and proceeds to convert `**/foo` into a regex that is
  matched against files to (potentially) extract.

The trouble with this is that it leaves us unable to distinguish
between, say, a file `foo.py` and a file `foo/bar.py`. In other words,
we have lost the ability to exclude only the _folder_ `foo` and not any
files that happen to start with `foo`.

To fix this, we instead make a note of whether the glob ends in a
forward slash or not, and adjust the regex correspondingly.
 2025-05-15 14:48:06 +00:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Taus
2ded42c285 Python: Update extractor tests 2025-05-02 14:27:46 +00:00
Taus
67d04d5477 Python: Add change note 2025-05-02 14:27:46 +00:00
Taus
605f2bff9c Python: Add integration test 2025-05-02 14:27:46 +00:00
Taus
0c1b379ac1 Python: Extract files in hidden dirs by default 
Changes the default behaviour of the Python extractor so files inside
hidden directories are extracted by default.

Also adds an extractor option, `skip_hidden_directories`, which can be
set to `true` in order to revert to the old behaviour.

Finally, I made the logic surrounding what is logged in various cases a
bit more obvious.

Technically this changes the behaviour of the extractor (in that hidden
excluded files will now be logged as `(excluded)`, but I think this
makes more sense anyway.
 2025-05-02 12:44:05 +00:00
Tamás Vajk
cb1c3736fe Merge pull request #19413 from tamasvajk/quality/query-suite-selector 
Add code quality suite selector and use that in the code quality suites
 2025-05-02 08:18:48 +02:00
Napalys Klicius
f652686607 Merge pull request #19444 from Napalys/python/hdbcli 
Python: modeling of `hdbcli`
 2025-05-01 17:58:31 +02:00
yoff
d7e6e1dd66 Merge pull request #19432 from yoff/python/model-http-server-header-write 
python: model `send_header` from `http.server`
 2025-05-01 15:34:05 +02:00
Napalys Klicius
da7c0931b8 Added hdbcli to be part of supported-framework as well as change note 2025-05-01 14:18:08 +02:00
Napalys Klicius
e1fc0ca051 Added implementation hdbcli as part of PEP249::PEP249ModuleApiNode 2025-05-01 14:18:02 +02:00
Napalys Klicius
0325f368fe Added test case for hdbcli 2025-05-01 13:57:14 +02:00
Owen Mansel-Chan
0863c87572 Add change notes 2025-05-01 10:33:24 +01:00
yoff
e63b38c515 python: add change note 2025-04-30 20:05:55 +02:00
yoff
cf45e771f3 python: remove copied comment 2025-04-30 20:01:43 +02:00
yoff
531f2a15a4 python: model send_header from http.server 2025-04-30 19:58:14 +02:00
Owen Mansel-Chan
a9132c43d0 Fix incorrect CWE tags 2025-04-30 16:47:35 +01:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Joe Farebrother
7106475033 Merge pull request #19411 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using an explicit fastTC
 2025-04-30 09:51:48 +01:00
Tamas Vajk
fdeac95714 Use code-quality-selectors in Python suite 2025-04-29 16:23:22 +02:00
Joe Farebrother
299b3f7af4 Merge pull request #19325 from joefarebrother/python-qual-loop-var-capture 
Python: Tweak LoopVariableCapture for performance
 2025-04-29 13:49:09 +01:00
Joe Farebrother
acb9c20a76 Use explicit fastTC 2025-04-29 13:22:11 +01:00
Tamas Vajk
a408e216ae Add query suite inclusion tests for cpp, python 2025-04-29 08:45:01 +02:00
github-actions[bot]
2e0699ab2b Post-release preparation for codeql-cli-2.21.2 2025-04-28 14:03:28 +00:00
github-actions[bot]
625354c46e Release preparation for version 2.21.2 2025-04-28 10:55:22 +00:00
Chuan-kai Lin
6c1e80df3a Python: disable diff-informed PolynomialReDoS.ql 
This commit disabled diff-informed for PolynomialReDoS.ql because it
could miss some alerts within diff ranges.
 2025-04-24 14:57:06 -07:00
Joe Farebrother
6431228d37 Limit size of allowImplicitRead for performance 2025-04-16 09:40:01 +01:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
Joe Farebrother
7f7fca9e27 Merge pull request #19165 from joefarebrother/python-qual-loop-var-capture 
Python: Modernize the Loop Variable Capture query
 2025-04-10 13:07:05 +01:00
Joe Farebrother
6802037c89 Update qhelp formatting 2025-04-10 09:52:18 +01:00