hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,536 Commits 1,672 Branches 157 Tags
b48808778f5d208a6ab9d315bcbb33491e9a5246
Commit Graph

5960 Commits

Author SHA1 Message Date
CodeQL CI
b48808778f Merge pull request #10264 from yoff/python/port-RaisesTuple 
Approved by tausbn
 2022-09-19 00:51:29 -07:00
CodeQL CI
ed4b64b1c4 Merge pull request #10265 from yoff/python/port-UnguardedNextInGenerator 
Approved by tausbn
 2022-09-19 00:50:52 -07:00
CodeQL CI
36f8b0554d Merge pull request #10266 from yoff/python/port-CatchingBaseException 
Approved by tausbn
 2022-09-19 00:50:05 -07:00
Tom Hvitved
40e77a0c67 Merge pull request #10415 from hvitved/code-block-fix 
Change two ```codeql to ```ql
 2022-09-14 15:07:55 +02:00
Tom Hvitved
4ea1c0050b Change two ``codeql to ``ql 2022-09-14 13:53:34 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
erik-krogh
05ef76cbca add change-note 2022-09-12 15:41:28 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Wriedt Larsen
89a331f186 Merge pull request #10359 from tausbn/python-clean-up-import-resolution 
Python: Clean up module resolution
 2022-09-09 15:09:43 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Taus
5ce60d028d Python: Remove ImportStar import. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-08 22:01:58 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Taus
366c574308 Python: Move import logic into its own module 2022-09-08 14:52:08 +00:00
Taus
8b8e74cc9a Merge pull request #10314 from RasmusWL/revert-alert-msgs-change 2022-09-08 13:00:47 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00
Rasmus Lerchedahl Petersen
0cfb49102b Python: fix non-US spelling 2022-09-07 09:30:42 +02:00
erik-krogh
283c711de9 deprecate unused predicate inside the essa module 2022-09-07 07:40:04 +02:00
erik-krogh
1cbf28358c deprecate unused code inside the points-to library 2022-09-07 07:39:16 +02:00
erik-krogh
46b7aa92ae deprecate predicates in protocols.qll that were only retained for backwards compatibility 2022-09-07 07:37:51 +02:00
Taus
3bb7e28712 Merge pull request #10176 from RasmusWL/import-problem 
Python: Add testcase for import problem
 2022-09-06 18:12:37 +02:00
Asger F
95c60858d4 Export as DataFlow instead of DF 2022-09-06 15:02:48 +02:00
Rasmus Wriedt Larsen
5f6e3dcc2e Python: Revert changes to sensitive data query alert messages 
This partly reverts the changes from https://github.com/github/codeql/pull/10252

Although consistency is nice, the new messages didn't sound as natural.

New alert message would read

> Insecure hashing algorithm (md5) depends on sensitive data (password). (...)

I'm not sure what it means that a hashing algorithm depends on data. So
for me, the original text below is much easier to understand.

> Sensitive data (password) is used in a hashing algorithm (md5) that is insecure (...)

Same goes for the other sensitive data queries.
 2022-09-06 12:01:24 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Rasmus Wriedt Larsen
07457b2b5f Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
d708abfc80 Python: Accept more .expected changes 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
c9cd809ef2 Python: Add change-note 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
e979dffc08 Python: Fix variable access from extractor-change 
These changes are from internal PR.
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
985e87ccde Python: Add variable scope example with subclass 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
0e3d520712 Python: Add variables regression test 
As illustrated when running the python file, the non qualified reads in
the `use` method all refer to the global variables, whereas `ex =
func(baz)` are to the things defined on the class.

The important part of the .expected changes is that the _global_
variable `bar` is used inside the function, whereas it's the local
variable for `foo` (on class scope) that is used inside the function
(which is wrong).
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
98db1af898 Python: Also show variable access 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
fd4f60dd1b Python: Adjust variables tests 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
ebd97f4496 Python: Add type-tracking regession example 2022-09-06 10:11:36 +02:00
Asger F
c7c3ad29cd Python: sync with Python 2022-09-06 09:30:02 +02:00
Rasmus Lerchedahl Petersen
d31d763328 Python: adjust test expectations 
We now locate a `DataFlow::Node` rather than an 'AstNode`.
 2022-09-05 16:45:43 +02:00
Taus
c19574b9a4 Merge pull request #10267 from yoff/python/port-EmptyExcept 
python: Rewrite EmptyExcept from `points-to` to API graph
 2022-09-05 14:11:34 +02:00
Rasmus Lerchedahl Petersen
5fc1bbc8c5 Python: Only alert on Python 2 code 
since
- Python 3 is ok from 3.7 onwards
- support for Python 3.6 was just dropped
- we do not actually know the minor version of the analysed code
  (only of the extractor)
 2022-09-05 13:38:14 +02:00
erik-krogh
0de0325c8e change the alert-message for py/modification-of-default-value 2022-09-05 13:30:56 +02:00
erik-krogh
a86a940df7 add getRepr() and toString() on RelevantState 2022-09-05 13:27:34 +02:00
erik-krogh
3f1cb04f3e sync files 2022-09-05 11:22:34 +02:00
Rasmus Lerchedahl Petersen
afb50212a0 Python: update version check 
doc said 3.5 experience says 3.7
 2022-09-05 10:50:53 +02:00
Rasmus Lerchedahl Petersen
a8a042db57 python: remove illegal option 2022-09-03 20:33:48 +02:00
Asger F
f22de8a3b7 Python: Sync with Python 2022-09-03 13:51:02 +02:00
Asger F
296aa52ef0 Python: Add API::EntryPoint 
Python: add EntryPoint test
 2022-09-03 13:24:46 +02:00
erik-krogh
c38062ce93 convert RelevantState to a class in the PrefixConstruction module 2022-09-02 20:26:31 +02:00
erik-krogh
089ce5a8a4 change alert messages of path queries to use the same template 2022-09-02 14:45:40 +02:00
Erik Krogh Kristensen
6cee635cb5 Merge pull request #10180 from erik-krogh/fixTags 
Add missing security tags
 2022-09-02 08:04:57 +02:00
Rasmus Lerchedahl Petersen
0599e8ac35 python: add version check 
and attempt to set version for tests
 2022-09-01 23:47:07 +02:00
Rasmus Lerchedahl Petersen
1d2d28be76 python: replace points-to with API graph 2022-09-01 23:24:10 +02:00