hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 05:36:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,881 Commits 1,673 Branches 157 Tags
b6a59f0885b8cff1d09003bbcc5475fa9dedb03f
Commit Graph

3713 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
d47b3265c4 Python: Fix py/meta/points-to-call-graph 2022-12-01 14:56:10 +01:00
Rasmus Wriedt Larsen
607639c100 Python: restrict py/meta/points-to-call-graph to non-ignored files 2022-11-29 15:10:45 +01:00
Rasmus Wriedt Larsen
d7aea228ce Python: Add taint-sinks meta query 
Inspired by the one they have in JS:
097d5189e9/javascript/ql/src/meta/alerts/TaintSinks.ql
 2022-11-29 15:10:09 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Felicity Chapman
a76d47681d Replace references in Qhelp files 2022-11-28 15:25:37 +01:00
Rasmus Lerchedahl Petersen
77d98b217e Python: add import 2022-11-25 08:52:35 +01:00
yoff
d804acdef7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-25 08:50:37 +01:00
Rasmus Lerchedahl Petersen
91198524cd Python: port py/super-not-enclosing-class 2022-11-23 14:37:45 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
9195b73d84 Python: Model getpass.getpass as source of passwords 2022-11-22 14:11:52 +01:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
erik-krogh
4f11e2d25f port the Python regex/redos queries to use the shared pack 2022-11-07 14:31:51 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Daniel Santos
feece6f7b4 Merge branch 'github:main' into main 2022-10-25 10:43:20 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
b8d60edb49 TokenBuiltFromUuid isAdditionalTaintStep refactor 2022-10-25 09:51:07 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
yoff
9d542f1be9 Merge pull request #10887 from Sim4n6/TarSlipImprov 
Python: Add TarSlip Improv query
 2022-10-25 13:02:52 +02:00
Daniel Santos
5ab068a3cc Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:55:21 -05:00
Daniel Santos
be8780742b Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
You are totally right! I just scanned the module's document and assumed it would implement it all. Pasting the documentation here for future reference https://docs.python.org/3/library/uuid.html?highlight=uuid#uuid.UUID.

Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:49:17 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00
ALJI Mohamed
92a3846102 Fix query to omit sinks within std lib files 2022-10-22 09:35:55 +01:00
ALJI Mohamed
7319052495 Delete the examples/ 2022-10-21 21:47:00 +01:00
Sim4n6
925f9d09e5 Update python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-10-21 21:06:51 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Arthur Baars
45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
Josh Soref
474aef438b spelling: connection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
ALJI Mohamed
9163cbec09 Restrict the reach for an additional taint step 2022-10-19 16:08:49 +01:00
ALJI Mohamed
25a7fcffc0 Add an additional taint step 2022-10-19 16:01:34 +01:00
ALJI Mohamed
d6fa745279 Add TarSlip Improv query 2022-10-19 14:01:40 +01:00
Taus
f5b2eb94a6 Merge pull request #10783 from yoff/python/subscript-nodes 
Python: API graph improvements for subscripts
 2022-10-17 15:21:56 +02:00
Taus
fa2faeb77b Merge pull request #10802 from jsoref/spelling-python 
Spelling python
 2022-10-17 11:33:27 +02:00
Sylwia Budzynska
e291d61bc7 Add oracledb model 2022-10-13 18:08:47 +02:00
Josh Soref
08f688d240 spelling: without 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
5765a71d90 spelling: whether 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
f19a5c43f0 spelling: uninitialized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
ad7dc81bdc spelling: sanitize 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00
Josh Soref
24f847a58c spelling: representing 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00
Josh Soref
7ad24f3121 spelling: recommendation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00
Josh Soref
7883263375 spelling: printing 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00
Josh Soref
b2f5bfaf74 spelling: emptiness 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:08 -04:00
Josh Soref
cce8a97545 spelling: cross 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:08 -04:00
Josh Soref
dc383007b1 spelling: credentials 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:08 -04:00