codeql

mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00

Author	SHA1	Message	Date
Arthur Baars	6d24591416	Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" This reverts commit `ce50f35dda`.	2022-03-18 13:02:55 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen	ad2ab5602e	PY: rename remaining private python modules	2022-03-14 12:22:33 +01:00
Jeroen Ketema	4c2081b7fc	Merge pull request #8401 from jketema/taint-flow Extend taint tracking interface with flow states	2022-03-14 12:06:10 +01:00
Rasmus Wriedt Larsen	2f4a22c86c	Merge pull request #6112 from jorgectf/jorgectf/python/deserialization Python: Port and extend XXE modeling	2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen	bbb2847ec1	Merge pull request #8323 from erik-krogh/acronyms Enforcing consistent casing of acronyms	2022-03-14 11:38:25 +01:00
Arthur Baars	cf4b834536	Address comments	2022-03-11 14:25:34 +01:00
Jeroen Ketema	93a0da75b6	Fix taint tracking configurations that broke due to interface change	2022-03-11 12:18:04 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen	ddf93b555e	PY: fix some ql/non-doc-block warnings	2022-03-11 11:02:58 +01:00
github-actions[bot]	3a5ebbb861	Post-release preparation for codeql-cli-2.8.3	2022-03-11 09:23:34 +00:00
github-actions[bot]	6b194bc55f	Release preparation for version 2.8.3	2022-03-10 19:43:58 +00:00
Erik Krogh Kristensen	a1769f8036	Python: add default implementation of getName() and deprecate it	2022-03-09 18:28:12 +01:00
Taus	7b877fb317	Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings Python: Fix a bunch of QL warnings	2022-03-09 16:31:28 +01:00
Rasmus Wriedt Larsen	0e9da4aadb	Python: Resolve name conflict over `XML` module Not the prettiest solution... but it works ¯\_(ツ)_/¯	2022-03-09 11:02:28 +01:00
Taus	063a8bbc43	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2022-03-08 15:20:35 +01:00
Rasmus Wriedt Larsen	6b14c1d6b9	Merge branch 'main' into jorgectf/python/deserialization	2022-03-08 11:15:03 +01:00
Taus	d2603884ca	Python: Fix a bunch of class QLDoc	2022-03-07 18:59:49 +00:00
Taus	af7f532212	Python: Fix up a bunch of function QLDoc	2022-03-07 18:59:49 +00:00
Arthur Baars	ce50f35dda	Python: switch to shared implementation of IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00
Arthur Baars	9e8930c192	Ruby: IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00
Taus	095f27f294	Python: Remove deprecated annotations	2022-03-04 12:30:26 +00:00
Taus	20710616c5	Python: Fix "use set literal" warnings	2022-03-04 12:26:36 +00:00
Rasmus Wriedt Larsen	ef045a6789	Python: Fix typo in set_default_parser	2022-03-04 10:18:30 +01:00
Rasmus Wriedt Larsen	f0131afc54	Python: Fix `huge_tree` modeling	2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen	3cd165d5b7	Python: Apply suggestions from code review Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>	2022-03-04 10:15:50 +01:00
Jorge	683c2fa825	Apply suggestions from code review	2022-03-04 01:02:56 +01:00
Rasmus Wriedt Larsen	3f6c55e8ae	Python: Rename `vulnerable` predicate => `vulnerableTo`	2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen	0d69dc854c	Python: Minor qldoc improvement	2022-03-03 22:06:26 +01:00
Rasmus Wriedt Larsen	837daaae3b	Python: Remove XMLParser concept	2022-03-03 22:04:48 +01:00
Rasmus Wriedt Larsen	df8e0fce68	Python: Minor fixup of qldoc	2022-03-03 22:02:48 +01:00
Rasmus Wriedt Larsen	c0a6f9f3fd	Python: Restructure lxml modeling and handle parser being passed as positional argument	2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen	c0a2c25f5a	Python: Restructure modeling of `xml.etree` parsers	2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen	a033b71eaf	Python: Align QLdocs of XML modeling	2022-03-03 21:34:46 +01:00
Rasmus Wriedt Larsen	de0e67f327	Python: Restructure overall XML modeling	2022-03-03 21:31:15 +01:00
Rasmus Wriedt Larsen	33ebcdf437	Python: Support feed method of lxml/xml.etree Parsers	2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen	3278793972	Python: Handle more functions and kw-args	2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen	7cda901da2	Python: Add separate query for SimpleXMLRPCServer This was a rough quick-n-dirty query, and should get some qhelp as well at some point.	2022-03-03 19:35:33 +01:00
Rasmus Wriedt Larsen	9406a972cd	Python: Fix vuln detection for xml.minidom with parser arg	2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen	61291936bf	Python: Properly model `xml.etree`	2022-03-03 15:06:55 +01:00
Rasmus Wriedt Larsen	703e3e8a0f	Python: Handle DTD retrieval vuln in lxml	2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen	e295399f70	Python: Properly handle `huge_tree` in lxml	2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen	3c321dd98d	Python: Model `lxml.etree.get_default_parser` in own class	2022-03-03 13:49:17 +01:00
Rasmus Wriedt Larsen	661d8bf553	Python: Better handling of `resolve_entities` arg in lxml	2022-03-03 10:05:57 +01:00
Rasmus Wriedt Larsen	7f7758b83d	Python: rewrite xml sax modeling	2022-03-02 15:22:11 +01:00
Rasmus Wriedt Larsen	6dd776b2de	Python: Only produce one alert per vulnerable XML sink This made it much easier to debug the current alerts on tests at least. Notice that it's important that we have `strictconcat` and not just `concat`, since `concat` will also allow flow to sinks that are not vulnerable to any kind of XML vulnerability :\|	2022-03-02 15:22:11 +01:00

1 2 3 4 5 ...

3245 Commits