hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

750 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
ed5a386618 Python: add concept SqlCopnstruction 2021-10-25 12:48:24 +02:00
Rasmus Wriedt Larsen
f5464b79e4 Merge branch 'main' into fastapi 2021-10-25 09:49:42 +02:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved
a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Rasmus Wriedt Larsen
386c7e3a12 Python: Add missing pragma[noinline] 2021-10-19 11:55:51 +02:00
Geoffrey White
3f3c79f48f Merge pull request #6884 from geoffw0/setliterals 
Replace or chains with set literals.
 2021-10-18 16:46:55 +01:00
Anders Schack-Mulligen
b67032d1cc Merge pull request #6891 from erik-krogh/fix-java-this 
add explicit this qualifier on all of java
 2021-10-18 17:13:37 +02:00
Tom Hvitved
a10bde5795 Merge pull request #6872 from hvitved/dataflow/path-into-callable0-join 
Data flow: Performance tweaks
 2021-10-18 16:25:10 +02:00
Tom Hvitved
e6954292aa Address review comments 2021-10-18 14:09:44 +02:00
Anders Schack-Mulligen
91ea064980 Sync 2021-10-18 14:04:50 +02:00
Taus
b2e4276bc8 Merge pull request #6886 from aschackmull/java-python/perffix-transitive-step-x3 
Java/Python: Fix some potential performance problems due to transitive deltas.
 2021-10-15 11:06:35 +02:00
Geoffrey White
8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Anders Schack-Mulligen
f6a517c998 Merge pull request #6882 from MathiasVP/fix-unnecessary-exists 
C++/Python: Remove unnecessary `exists`
 2021-10-14 16:44:05 +02:00
Anders Schack-Mulligen
310eec07c1 Java/Python: Fix some potential performance problems due to transitive deltas. 2021-10-14 16:10:00 +02:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White
9d63efe495 Python: Set literals. 2021-10-14 14:22:44 +01:00
Anders Schack-Mulligen
8b6baa250c Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen
7cd5e681dd Merge pull request #6693 from yoff/python/promote-regex-injection 
Python: Promote `py/regex-injection`
 2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Rasmus Wriedt Larsen
a5ab0b9100 Merge pull request #6871 from tausbn/python-fix-uses-of-implicit-this 
Python: Fix uses of "implicit `this`"
 2021-10-14 14:38:13 +02:00
Mathias Vorreiter Pedersen
8049d3f738 Python: Remove unnecessary 'exists'. 2021-10-14 12:02:57 +01:00
Tom Hvitved
f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Tom Hvitved
c14dcfbfe4 Data flow: Sync 2021-10-13 20:13:28 +02:00
CodeQL CI
2b0415e238 Merge pull request #6741 from yoff/python/model-os-path-file-accesses 
Approved by RasmusWL
 2021-10-13 11:11:41 -07:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Taus
a6115687aa Python: More implicit this 2021-10-13 13:43:37 +00:00
Taus
a9c8163ab3 Python: Fix uses of implicit this 
Quoting the style guide:

"14. _Always_ qualify _calls_ to predicates of the same class with
`this`."
 2021-10-13 13:43:36 +00:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
yoff
c40b3a9533 Update python/ql/lib/semmle/python/frameworks/Asyncpg.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-12 15:19:07 +02:00
Rasmus Lerchedahl Petersen
6c108e43d9 Python: address review 2021-10-12 15:16:48 +02:00
Rasmus Lerchedahl Petersen
cf92e1eee7 Python: move getStringArgIndex 2021-10-12 15:11:00 +02:00
Taus
75c4d6a8a0 Merge pull request #6650 from yoff/python-dataflow/init-time 
Python: Import time dataflow
 2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
Rasmus Lerchedahl Petersen
b093aaaf27 Python: switch to type tracking 
for tracking compiled regexes
 2021-10-12 11:23:27 +02:00
yoff
c007c9460c Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
yoff
5aee715931 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
Rasmus Lerchedahl Petersen
64b1aeaecd Python: Shorten toString for module vars 2021-10-10 15:59:31 +02:00
Rasmus Lerchedahl Petersen
0aa632d149 Python: Move writing of module vars 
into runtime jump steps.
 2021-10-10 15:49:33 +02:00
yoff
9c9c5c09ff Merge pull request #6837 from RasmusWL/more-unsafe-deserialization-sinks 
Python: More unsafe deserialization sinks
 2021-10-10 14:33:53 +02:00
yoff
f6122c8a6c Merge pull request #6734 from erik-krogh/regBehind 
JS/PY: do not filter away regular expressions with lookbehinds
 2021-10-10 13:54:26 +02:00
Rasmus Wriedt Larsen
a50b193c40 Python: Model data-flow for x or y and x and y 2021-10-08 18:32:30 +02:00
Rasmus Lerchedahl Petersen
4807f50c00 Merge branch 'main' of github.com:github/codeql into python-dataflow/init-time 2021-10-08 14:55:01 +02:00
Rasmus Wriedt Larsen
5e6f042f6e Python: Model pickle.Unpickler 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
75b06d8a25 Python: Model dill.load 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
4820be3b10 Python: Model keyword arguments to dill.loads 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
9180257afe Python: Refactor Dill.qll 
So it matches the layout of all our other qll modules modeling a PyPI
package.
 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
42980a1ab4 Python: Model shelve.open 2021-10-08 11:55:54 +02:00
Anders Schack-Mulligen
446c738f20 Merge pull request #6790 from aschackmull/dataflow/force-precision 
Dataflow: Force high precision of certain Contents.
 2021-10-08 11:44:26 +02:00