hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,369 Commits 1,671 Branches 157 Tags
69aa099ed1e74fcbb8e6b51a9551e4df877a5737
Commit Graph

7488 Commits

Author SHA1 Message Date
Tom Hvitved
6c989b9c6b Python: Adjust to data flow refactor 2023-08-07 11:35:23 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
b27a3a81bc Python: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
4c1612f2dd feat: add change log notes 2023-07-14 12:28:51 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Asger F
eb5c600a6b Python: fix some whitespace 2023-07-13 15:42:34 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Asger F
919cb07c1e Sync ApiGraphModels.qll 2023-07-13 15:42:33 +02:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
3db2644008 Python: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
43f870e395 Python: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Rasmus Wriedt Larsen
98ed5cf522 Python: Move not this instanceof ParameterDefinition logic 2023-07-12 11:31:27 +02:00
Rasmus Wriedt Larsen
83ca47f32c Python: Add change-note 2023-07-11 11:33:06 +02:00
Rasmus Wriedt Larsen
a1225674ee Python: Add implementation note about why not targeting ESSA node 2023-07-11 11:32:26 +02:00
Jeroen Ketema
92ee31849c Merge pull request #13643 from jketema/inline-5 
Rework the remaining inline expectation tests to use the parameterized module
 2023-07-11 11:29:14 +02:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Jeroen Ketema
8cee4f37a4 Merge branch 'main' into inline-5 2023-07-11 10:30:11 +02:00
Asger F
d88f557dbe Merge pull request #13683 from asgerf/rb/api-graph-noobject 
Ruby: exclude Object class from API graph
 2023-07-10 12:51:15 +02:00
Mathias Vorreiter Pedersen
44f23bfa59 Merge pull request #13690 from github/post-release-prep/codeql-cli-2.14.0 
Post-release preparation for codeql-cli-2.14.0
 2023-07-07 23:39:38 +01:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Rasmus Wriedt Larsen
44c67171f2 Python: Fix default parameter value flow 
Somehow the previous fix didn't work :O
 2023-07-07 16:17:07 +02:00
Rasmus Wriedt Larsen
a850a481d0 Merge pull request #13676 from RasmusWL/aiohttp-ssrf-sink 
Python: Relax restriction of flow through `async with`
 2023-07-07 14:55:57 +02:00
Rasmus Wriedt Larsen
43b025015d Python: Avoid overlap between AssignmentDefinition and ParameterDefinition 2023-07-07 14:26:28 +02:00
Rasmus Wriedt Larsen
4e8a1144f2 Python: Remove explicit jumpStep for default parameter values 
tests added in https://github.com/github/codeql/pull/5238
functionality added in https://github.com/github/codeql/pull/6640
 2023-07-07 14:24:51 +02:00
Rasmus Wriedt Larsen
4920557c36 Merge pull request #13670 from jorgectf/seclab/xxe-sanitizer 
Python: Add `markupsafe` as XXE sanitizer
 2023-07-07 12:30:26 +02:00
Rasmus Wriedt Larsen
70994b9c57 Python: Accept points-to .expected changes 
They look pretty safe to me, but haven't given them a whole lot of
thought.
 2023-07-07 12:14:19 +02:00
Rasmus Wriedt Larsen
c5e8e232e5 Python: Fix dataflow consistencies for default parameter values 2023-07-07 11:55:07 +02:00
Rasmus Wriedt Larsen
6f3cb67050 Python: Model parameter with default value as DefinitionNode 2023-07-07 11:54:50 +02:00
Rasmus Wriedt Larsen
64a86e8fd7 Python: Update inline expectations 2023-07-07 11:32:05 +02:00
Rasmus Wriedt Larsen
cfd2d09a61 Python: Add test for DefinitionNode default parameter value 2023-07-07 11:00:16 +02:00
Mathias Vorreiter Pedersen
1064efa8b3 Update python/ql/lib/change-notes/released/0.10.0.md 2023-07-07 09:25:03 +01:00
Mathias Vorreiter Pedersen
82ff045315 Update python/ql/lib/CHANGELOG.md 2023-07-07 09:24:50 +01:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Rasmus Wriedt Larsen
bea07002d3 Python: Expand captured-variable test with default param 2023-07-06 17:21:29 +02:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00