hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 09:40:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,076 Commits 1,673 Branches 157 Tags
a8c64443e81bb70eaef79b53ecaaf77ea7425e4e
Commit Graph

1613 Commits

Author SHA1 Message Date
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
yoff
a1aa16f901 Merge pull request #13745 from GeekMasher/py-mad-xss 
Python - Add Models as Data support for Reflected XSS Query
 2023-07-18 13:39:17 +02:00
Mathew Payne
6ef55aa14f Update python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-07-17 15:44:38 +01:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Mathew Payne
e3d75c488e Merge branch 'main' into py-mad-xss 2023-07-17 11:08:09 +01:00
Mathew Payne
cf65ab834d fix: formatting issue 2023-07-14 12:31:40 +01:00
Mathew Payne
c292984338 feat: add MaD to XSS query 2023-07-14 12:25:54 +01:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Ed Minnix
3db2644008 Python: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
43f870e395 Python: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Rasmus Wriedt Larsen
98ed5cf522 Python: Move not this instanceof ParameterDefinition logic 2023-07-12 11:31:27 +02:00
Rasmus Wriedt Larsen
a1225674ee Python: Add implementation note about why not targeting ESSA node 2023-07-11 11:32:26 +02:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Asger F
d88f557dbe Merge pull request #13683 from asgerf/rb/api-graph-noobject 
Ruby: exclude Object class from API graph
 2023-07-10 12:51:15 +02:00
Rasmus Wriedt Larsen
44c67171f2 Python: Fix default parameter value flow 
Somehow the previous fix didn't work :O
 2023-07-07 16:17:07 +02:00
Rasmus Wriedt Larsen
a850a481d0 Merge pull request #13676 from RasmusWL/aiohttp-ssrf-sink 
Python: Relax restriction of flow through `async with`
 2023-07-07 14:55:57 +02:00
Rasmus Wriedt Larsen
43b025015d Python: Avoid overlap between AssignmentDefinition and ParameterDefinition 2023-07-07 14:26:28 +02:00
Rasmus Wriedt Larsen
4e8a1144f2 Python: Remove explicit jumpStep for default parameter values 
tests added in https://github.com/github/codeql/pull/5238
functionality added in https://github.com/github/codeql/pull/6640
 2023-07-07 14:24:51 +02:00
Rasmus Wriedt Larsen
c5e8e232e5 Python: Fix dataflow consistencies for default parameter values 2023-07-07 11:55:07 +02:00
Rasmus Wriedt Larsen
6f3cb67050 Python: Model parameter with default value as DefinitionNode 2023-07-07 11:54:50 +02:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Rasmus Wriedt Larsen
a0dfbfd96f Python: Fix grammar in qldoc 
Co-authored-by: Taus <tausbn@github.com>
 2023-07-06 15:04:21 +02:00
Mathias Vorreiter Pedersen
83d0dec0fb DataFlow: Sync identical files. 2023-07-06 14:00:00 +01:00
Rasmus Wriedt Larsen
1f93e5b58d Python: Relax restriction of flow through async with 2023-07-06 11:51:58 +02:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Michael Nebel
238f390738 Merge pull request #13452 from michaelnebel/refactorstackprinting 
Re-factor printing of summary component stacks.
 2023-07-04 08:29:10 +02:00
Michael Nebel
243c592447 Address review comments. 2023-07-03 17:01:08 +02:00
Michael Nebel
bddd22f522 Sync files and make language specific adjustments. 2023-07-03 14:36:07 +02:00
Michael Nebel
d62a5524f8 Python: Improve AccessPath printing. 2023-07-03 14:36:06 +02:00
Michael Nebel
c18f4b1604 Sync files and make language specific rename. 2023-07-03 14:36:06 +02:00
Chuan-kai Lin
ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
Tom Hvitved
9a26fc3178 Merge pull request #13573 from hvitved/ruby/inline-late-members 
Ruby/Python: Use `inline_late` on member predicates
 2023-06-29 09:07:14 +02:00
Asger F
f0517028b9 Merge pull request #13496 from asgerf/rb/tracking-on-demand 
Ruby: overhaul API graphs
 2023-06-28 15:01:37 +02:00
Tom Hvitved
fa92e79bea Ruby/Python: Use inline_late on member predicates 2023-06-28 09:04:06 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
Asger F
0039cb141e Merge branch 'main' into rb/tracking-on-demand 2023-06-23 12:55:54 +02:00
yoff
26856a82a6 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-23 10:15:20 +02:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Erik Krogh Kristensen
2341c82450 Merge pull request #13342 from erik-krogh/once-again-deps 
Py: delete more old deprecations
 2023-06-20 15:29:17 +02:00
Owen Mansel-Chan
d7c97f8759 Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific 
Dataflow: add language-specific hook for breaking up big step relation
 2023-06-20 13:24:26 +01:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Asger F
0110610c6a Ruby: overhaul API graphs 2023-06-19 12:01:42 +02:00
Rasmus Lerchedahl Petersen
eb3c33dfe2 python: remove erronous getACall() 
`base` is already the `CallNode` we want.
 2023-06-19 11:41:06 +02:00
Rasmus Lerchedahl Petersen
18f4b75f8b python: enable summaries from model 
This requires a change to the shared interface:
Making `getNodeFromPath` public.

This because Python is doing its own thing and identifying call-backs.
 2023-06-18 21:52:49 +02:00
Rasmus Wriedt Larsen
afafaac0d7 Python: Fix typo 2023-06-16 14:41:36 +02:00
Rasmus Lerchedahl Petersen
4fded84a49 python: implement missing predicates 2023-06-14 21:30:58 +02:00
Rasmus Lerchedahl Petersen
2491fda58e python: update comment 2023-06-14 21:16:39 +02:00
Rasmus Lerchedahl Petersen
0e713e6fc1 ruby/python: more consistent naming of parameters 2023-06-14 21:02:42 +02:00