codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	1ea4bcc59f	Python: Make `XMLParsing` a `Decoding` subclass	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e45288e812	Python: => `XMLParsingVulnerabilityKind` Since there are other XML vulnerabilities that are not about parsing, this is more correct.	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e005a5c0ab	Python: Promote `XMLParsing` concept	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	9caf4be21b	Python: Add PortSwigger link to `Xxe.qhelp` I found this resource quite good myself at least :)	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	56b9c891d8	Python: Adjust `XmlBomb.qhelp` from JS	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	b00766b054	Python: Adjust XXE qhelp and remove the old copy, we don't need it anymore :)	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	c365337867	Python: Delete `XmlEntityInjection.ql` Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be used to write the new qhelp files	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e45f9d69cc	Python: Adjust Xxe/XmlBomb for Python I changed a few QLdocs so they fit the style we have used in Python... although I surely do regret having introduced a new style for how these QLDocs look :D	2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen	65907c9762	Python: Copy Xxe/XmlBomb queries from JS After internal discussion, these will replace the `XmlEntityInjection` query, so we can have separate severities on DoS and the other (more serious) attacks. Note: These clearly don't work, since they are verbatim copies of the JS code, but I split it into multiple commits to clearly highlight what changes were made.	2022-03-31 09:52:54 +02:00
Erik Krogh Kristensen	758a5d7a85	few join order fixes	2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen	36db492aa2	move the polynomialbacktracking-test to the test folder	2022-03-28 13:22:26 +02:00
Arthur Baars	2ae5e8158e	Python: import RegExpTreeView correctly	2022-03-28 12:41:32 +02:00
yoff	5efc19c39d	Merge pull request #7806 from erik-krogh/pyDef Python: Add def nodes to API graphs	2022-03-28 08:09:14 +02:00
Ahmed Farid	d89ed8b98b	Update zipslip_bad.py	2022-03-28 01:40:08 +00:00
Ahmed Farid	cafbd98454	Update zipslip_bad.py	2022-03-28 01:08:39 +00:00
Ahmed Farid	ddba3b7784	Update ZipSlip.qll	2022-03-28 00:59:56 +00:00
Ahmed Farid	0fac4f195d	Update Concepts.qll	2022-03-28 00:47:27 +00:00
Ahmed Farid	413f1945ce	Update Zip.qll	2022-03-28 00:44:56 +00:00
Ahmed Farid	eab6568cda	Update zipslip_good.py	2022-03-24 00:35:24 +01:00
Ahmed Farid	b5f1e9de08	Update zipslip_bad.py	2022-03-24 00:33:28 +01:00
Ahmed Farid	1836723ecb	Merge branch 'main' into ZipSlip	2022-03-23 19:27:12 -04:00
Taus	af888f7604	Python: Add call graph meta-query	2022-03-23 16:36:28 +00:00
github-actions[bot]	a3e74efc21	Post-release preparation for codeql-cli-2.8.4	2022-03-21 19:36:47 +00:00
Rasmus Wriedt Larsen	b8dee25cce	Python: ReflectedXSS -> ReflectedXss for new Query file So we stick to the naming conventions. This rename is OK, since the new file was only just introduced in this PR.	2022-03-21 16:12:38 +01:00
Arthur Baars	79cd7bf8ed	Python: create semmle/python/dataflow/new/Regex.qll	2022-03-21 15:57:19 +01:00
Rasmus Wriedt Larsen	695553ba9f	Python: Deprecate old non-Query.qll dataflow defs	2022-03-21 15:03:22 +01:00
github-actions[bot]	dedc8c2254	Release preparation for version 2.8.4	2022-03-21 13:25:49 +00:00
Arthur Baars	9412b331db	Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" This reverts commit `6d24591416`.	2022-03-18 16:31:22 +01:00
Arthur Baars	6d24591416	Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" This reverts commit `ce50f35dda`.	2022-03-18 13:02:55 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen	ad2ab5602e	PY: rename remaining private python modules	2022-03-14 12:22:33 +01:00
Jeroen Ketema	4c2081b7fc	Merge pull request #8401 from jketema/taint-flow Extend taint tracking interface with flow states	2022-03-14 12:06:10 +01:00
Rasmus Wriedt Larsen	2f4a22c86c	Merge pull request #6112 from jorgectf/jorgectf/python/deserialization Python: Port and extend XXE modeling	2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen	bbb2847ec1	Merge pull request #8323 from erik-krogh/acronyms Enforcing consistent casing of acronyms	2022-03-14 11:38:25 +01:00
Ahmed Farid	3c9de6f488	Update Zip.qll	2022-03-11 18:50:37 +01:00
Arthur Baars	cf4b834536	Address comments	2022-03-11 14:25:34 +01:00
Ahmed Farid	f092cd8d80	Update Zip.qll	2022-03-11 14:15:05 +01:00
Ahmed Farid	eb71cdf7a2	Update ZipSlip.ql	2022-03-11 14:13:28 +01:00
Ahmed Farid	0de1cef26e	Update ZipSlip.qll	2022-03-11 14:03:17 +01:00
Jeroen Ketema	93a0da75b6	Fix taint tracking configurations that broke due to interface change	2022-03-11 12:18:04 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	ddf93b555e	PY: fix some ql/non-doc-block warnings	2022-03-11 11:02:58 +01:00
github-actions[bot]	3a5ebbb861	Post-release preparation for codeql-cli-2.8.3	2022-03-11 09:23:34 +00:00
github-actions[bot]	6b194bc55f	Release preparation for version 2.8.3	2022-03-10 19:43:58 +00:00
Taus	4ee4bba4d1	Merge branch 'main' into ZipSlip	2022-03-10 13:30:51 +01:00
Erik Krogh Kristensen	a1769f8036	Python: add default implementation of getName() and deprecate it	2022-03-09 18:28:12 +01:00

1 2 3 4 5 ...

3353 Commits