hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,918 Commits 1,673 Branches 157 Tags
99e6d2a925b2e6cf7de92b4ebe42aba2ddd5bad1
Commit Graph

5570 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
b6cc438390 Merge pull request #9368 from RasmusWL/test-model-api-graphs 
Python: Port test model to API graphs
 2022-05-30 15:45:13 +02:00
Rasmus Wriedt Larsen
420dea0792 Python: Fix example TestCase 2022-05-30 14:48:06 +02:00
Rasmus Wriedt Larsen
08e64ea1b4 Python: Remove contrived test-case example 2022-05-30 14:45:34 +02:00
Rasmus Wriedt Larsen
a8b4b6a374 Python: Move test-modeling to API-graphs 
Notice that although we loose the contrived examples in `test.py`, we do
gain support for real-world test-case construction, which seems worth
the tradeoff.
 2022-05-30 14:13:06 +02:00
Rasmus Wriedt Larsen
a5dc4f430c Python: Expand test-filter tests 
With no virtual environment enabled, none of the third-party library
test case are found.
 2022-05-30 14:11:50 +02:00
yoff
cd46f31cba Merge branch 'main' into py/CsvInjection 2022-05-30 13:41:31 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Erik Krogh Kristensen
e557d8839b have the Instance token just be an alias for ReturnValue 2022-05-30 12:21:42 +02:00
yoff
aadfa8eacd Merge branch 'main' into py/CsvInjection 2022-05-25 10:43:08 +02:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Erik Krogh Kristensen
f8281b43b1 autoformat 2022-05-23 19:58:48 +02:00
Erik Krogh Kristensen
b6a4f43737 expand qldoc for getNumArgument 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-23 18:51:33 +02:00
Taus
3745526d69 Merge pull request #9108 from RasmusWL/promote-pam 
Python: Promote `py/pam-auth-bypass`
 2022-05-23 15:27:12 +02:00
yoff
23d64ffa04 Merge pull request #9135 from tausbn/python-modernise-py-jinja2-autoescape-false 
Python: Modernise py/jinja2/autoescape-false
 2022-05-23 14:18:06 +02:00
Anders Schack-Mulligen
f2218944f6 Merge pull request #9214 from hvitved/dataflow/lambda-fp-flow 
Data flow: Do not discard call context when computing reverse lambda flow through jumps
 2022-05-23 10:02:51 +02:00
Erik Krogh Kristensen
204e01fc24 change getNumArgument to only count positional arguments 2022-05-20 12:43:06 +02:00
Erik Krogh Kristensen
a5b11e88b4 update doc to make it clear that moduleImport(..) does not refer to PyPI names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 20:00:43 +02:00
Tom Hvitved
f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Tom Hvitved
2b2ac06128 Data flow: Sync files 2022-05-19 13:28:56 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen
6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Rasmus Wriedt Larsen
b54de13d97 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-18 10:30:29 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen
d5f0446940 exclude self parameter from the API-graph edge for keywordParameter 2022-05-17 22:34:38 +02:00
Erik Krogh Kristensen
6c7c9b6a4b Merge pull request #9082 from erik-krogh/countZero 
QL: add query warning about `count(...) = 0`.
 2022-05-17 21:46:58 +02:00
Taus
ea32299ab0 Python: Use API-graph flow for boolean tracking 
Introduces a false positive, but arguably that false positive should
have been there with the local flow as well.
 2022-05-17 13:14:55 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Taus
ba8d73c2be Python: Use API::CallNode 2022-05-17 12:00:17 +00:00
Erik Krogh Kristensen
03da62713c fix typo identified by QL-for-QL 2022-05-17 12:32:40 +02:00
Erik Krogh Kristensen
818975dc56 sync upstream typo fixes 2022-05-17 12:25:52 +02:00
Erik Krogh Kristensen
5d1c41c269 Merge branch 'main' into pyMaD 2022-05-17 12:23:03 +02:00
Erik Krogh Kristensen
2868eb61ea add test for Parameter[any] and Parameter[any-named] 2022-05-17 12:08:53 +02:00
Erik Krogh Kristensen
f273ccf73b add explicit test of what Parameter[0] matches 2022-05-17 11:17:15 +02:00
Erik Krogh Kristensen
ce21d7e5a8 use test-sink for sinks in the MaD test 2022-05-17 11:13:59 +02:00
Erik Krogh Kristensen
aef592fec8 make a more realistic test for self-parameter 2022-05-17 11:13:35 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Erik Krogh Kristensen
55ffdb4aa1 make most imports in ApiGraphModelsSpecific.qll private 2022-05-17 10:34:17 +02:00
Erik Krogh Kristensen
1f8e7c39f4 fix typo in comment 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-17 10:32:31 +02:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Anders Schack-Mulligen
83f817ca45 Merge pull request #9134 from aschackmull/dataflow/perf-std-order 
Dataflow: Improve standard order through easier type check elimination.
 2022-05-16 10:05:17 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
2efa38aaa6 Python: fix typos in comments 2022-05-12 16:02:20 +01:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Taus
a0f8e2f0b1 Python: Modernise py/jinja2/autoescape-false 
A simple rewrite to use API graphs instead.

The handling of falsy values is potentially a bit more restrictive now,
as it only accounts for local flow. We should probably figure out a
better way of capturing this pattern, but I felt that this was out of
scope for the present PR.
 2022-05-12 12:55:42 +00:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen
fb077bec66 sync AccessPathSyntax changes 2022-05-12 14:46:54 +02:00
Erik Krogh Kristensen
dea5596289 update MaD test to reflect that dotted module names don't work 2022-05-12 14:45:29 +02:00
Erik Krogh Kristensen
31e9876de7 Merge branch 'main' into pyMaD 2022-05-12 14:43:16 +02:00
Anders Schack-Mulligen
adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00