hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,194 Commits 1,673 Branches 157 Tags
6aacc75a49b0d08018dc6ec0749deae423f51feb
Commit Graph

507 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection 
Python: promote XPath injection query
 2022-03-04 11:59:39 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00
Rasmus Lerchedahl Petersen
6946ae931a python: missed a spot.. 2022-03-02 17:12:48 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts 
to prepare for XXE and other XML related modelling
 2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
80be767a7a python: implement stdlib xpath support 2022-03-02 12:59:34 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2 
Post-release preparation for codeql-cli-2.8.2
 2022-03-01 11:57:36 +01:00
Rasmus Lerchedahl Petersen
ce3ee65f47 python: remove getTree for now 2022-03-01 10:49:21 +01:00
yoff
853857bd7e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-01 10:26:29 +01:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Arthur Baars
5ce6b847d1 Merge pull request #8166 from aibaars/regex-char-sequence-1 
Ruby/Python: regex parser: group sequences of 'normal' characters
 2022-02-28 17:47:53 +01:00
yoff
d953382df9 Merge pull request #7807 from RasmusWL/dataflow-improvements 
Python: Dataflow improvements
 2022-02-28 16:24:00 +01:00
Arthur Baars
0c23f5815f Add change note 2022-02-25 18:43:43 +01:00
Arthur Baars
5044f89105 Ruby/Python re-introduce normalCharacterSequence 2022-02-25 18:43:43 +01:00
Taus
622b32692b Python: Prevent magic/inlining in getCase 
This is a simplified version of
https://github.com/github/codeql/pull/8028
consisting of just the `nomagic` fix.
 2022-02-25 14:32:59 +00:00
yoff
8b926f6859 Merge pull request #7873 from RasmusWL/fix-attribute-taint 
Python: Fix attribute taint
 2022-02-25 15:02:24 +01:00
Arthur Baars
9d9abaf1f9 Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-02-25 12:27:20 +01:00
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
Arthur Baars
69ed121ecb Ruby/Python: regex parser: group sequences of 'normal' characters 2022-02-22 16:15:33 +01:00
Rasmus Wriedt Larsen
d2cd77aefb Merge branch 'main' into dataflow-improvements 2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen
b59ab7f5f3 Merge branch 'main' into python/promote-log-injection 2022-02-21 09:59:31 +01:00
Rasmus Wriedt Larsen
67ca14876a Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-02-18 13:47:07 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
Rasmus Wriedt Larsen
62d4bb50a5 Python: Autoformat 
Trailing whitespace is a bit too easy with the ```suggestions through
the UI :|
 2022-02-15 10:38:52 +01:00
Rasmus Wriedt Larsen
5a90214ece Merge pull request #7783 from yoff/python/promote-ldap-injection 
Python: promote LDAP injection query
 2022-02-15 10:24:18 +01:00
yoff
de5b3a272d Merge pull request #7660 from RasmusWL/deprecate-old-modeling 
Python: Deprecate old points-to based modeling
 2022-02-14 19:48:03 +01:00
yoff
3a995ec1b1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:08:44 +01:00
yoff
62598c0fd1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-14 16:07:40 +01:00
Rasmus Lerchedahl Petersen
84447e4710 python: more detailed alert message 2022-02-14 11:55:07 +01:00
Rasmus Lerchedahl Petersen
bd14adefa0 python: add apologetic comment 2022-02-14 11:37:46 +01:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme 
Upgrade scripts testing: set initial dbschemes
 2022-02-11 11:06:12 -08:00
Taus
d7f30de5b0 Merge pull request #7874 from RasmusWL/set-store-step 
Python: Fix setStoreStep to use `SetElementContent`
 2022-02-11 12:50:02 +01:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Tom Hvitved
58d90c7f8d Python: More points-to performance improvements 2022-02-10 10:29:30 +01:00
Tom Hvitved
7fd8d6dd30 Address review comments 2022-02-10 10:29:30 +01:00
Tom Hvitved
2de892bfd8 Python: Points-to performance improvements 2022-02-10 10:29:30 +01:00
Rasmus Lerchedahl Petersen
313f9f056c python: switch to using concepts 2022-02-09 14:36:48 +01:00
Rasmus Lerchedahl Petersen
17aa2898f9 python: model (xpathEval from) libxml2 2022-02-09 14:25:43 +01:00
Rasmus Lerchedahl Petersen
e8649d8947 python: model (etree from) lxml 2022-02-09 14:15:17 +01:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
yoff
f21ac04285 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-09 09:22:31 +01:00
Chuan-kai Lin
a7f1ee574c Upgrade scripts testing: set initial dbschemes 
This commit sets initial dbschemes for cpp, csharp, java, javascript, and
python so that automated testing for upgrade scripts would also cover legacy
upgrades.
 2022-02-08 11:11:41 -08:00
Rasmus Lerchedahl Petersen
3f36ccba92 python: add name to concept 2022-02-08 12:40:13 +01:00
Rasmus Lerchedahl Petersen
8665fe4817 python: add concept for XPath construction 
also small fixup in `SqlConstruction`
 2022-02-08 12:31:37 +01:00
Rasmus Wriedt Larsen
3e01816f0c Python: Add change-note 2022-02-08 12:03:40 +01:00
Rasmus Lerchedahl Petersen
7d287f1698 python: add concept for xpath execution 2022-02-08 11:46:28 +01:00