hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 06:00:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,034 Commits 1,680 Branches 158 Tags
ccfbd2956c698fb2bc6617b204f088e7b969c1fa
Commit Graph

8335 Commits

Author SHA1 Message Date
yoff
f025430431 Merge pull request #15319 from Sim4n6/main 
[Python] Add Unicode DoS (qhelp, tests and the query)
 2024-03-19 10:00:30 +01:00
yoff
44ab36f238 Merge pull request #15729 from yoff/python/hardcoded-credentials-without-pointsto 
python: Rewrite `HardcodedCredentials` away from `PointsTo`
 2024-03-18 20:48:30 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
Sim4n6
1af8167354 updated the .expected file 2024-03-18 13:26:20 +00:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Sim4n6
3acdd3382c Update the expected file 2024-03-15 14:17:23 +01:00
Sim4n6
26a16b7857 use of a single var "op" of type Cmpop 2024-03-15 14:17:23 +01:00
Sim4n6
a717bf1b9d Fix p tag in UnicodeDoS.qhelp 2024-03-15 14:17:23 +01:00
Sim4n6
af19a0342e Fix UnicodeDoS vulnerability in CWE-770 code 2024-03-15 14:17:23 +01:00
Sim4n6
085d803b14 Fix UnicodeDoS vulnerability in CWE-770 2024-03-15 14:17:23 +01:00
Sim4n6
31dc542111 Update request parameter name in good_1() function 2024-03-15 14:17:23 +01:00
Sim4n6
70ebc58b4c Refactor Unicode normalization code 2024-03-15 14:17:23 +01:00
Sim4n6
3d8868a6c3 Add routes for bad_5 and bad_6, and fix routes for good_3 and good_4 2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
Tom Hvitved
6c0ed28e6b Python: Implement new data flow interface 2024-03-13 14:41:57 +01:00
yoff
b5c0fbb827 Merge pull request #15776 from RasmusWL/tt-consistency 
Python: Add type-tracking consistency query
 2024-03-13 11:11:07 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Rasmus Wriedt Larsen
800351c7b7 Merge branch 'main' into tt-consistency 2024-03-11 14:12:09 +01:00
yoff
e6e6a4e9c8 Merge pull request #15841 from RasmusWL/missing-use-use2 
Python: Add example of missing use-use flow
 2024-03-11 13:59:57 +01:00
yoff
adbcbefaa9 Merge pull request #15551 from yoff/python/avoid-duplicate-model-inclusions 
python: Remove `TaintStepFromSummary`
 2024-03-11 13:52:20 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Rasmus Wriedt Larsen
4ac8dd72a7 Merge pull request #15855 from yoff/python/add-MaD-test-tuple-output 
Python: Add test for `ReturnValue.TupleElement[n]`
 2024-03-11 12:05:31 +01:00
Rasmus Wriedt Larsen
42acd9c22c Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step 
Python: Add `.copy()` method call as copy step
 2024-03-11 09:43:34 +01:00
Rasmus Lerchedahl Petersen
3601773856 python: support encoding lower bound 2024-03-08 14:59:28 +01:00
Rasmus Wriedt Larsen
adf5a4b1e4 Python: Fix internal consistency failures 2024-03-08 14:13:47 +01:00
Rasmus Wriedt Larsen
87b6592dbc Python: Accept inconsistency for missing use-use flow 
At least until we have a proper fix
 2024-03-08 13:34:26 +01:00
Rasmus Wriedt Larsen
8fe483d9d8 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-08 13:26:01 +01:00
Rasmus Lerchedahl Petersen
6d8d106d91 Python: add test for ReturnValue.TupleElement[n] 2024-03-08 11:18:51 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Taus
5202792163 Merge pull request #15754 from github/tausbn/python-copy-extractor-to-external-repo 
Python: Copy Python extractor to `codeql` repo
 2024-03-07 15:15:28 +01:00
Taus
4b0689b6ba Python: Add warnOnImplicitThis: true to qlpack.yml 2024-03-07 13:59:16 +00:00
Taus
6dec323cfc Python: Copy Python extractor to codeql repo 2024-03-07 13:59:16 +00:00
Rasmus Wriedt Larsen
4dd8f6e618 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-07 14:25:55 +01:00
yoff
00e77a3ddb Merge pull request #15720 from RasmusWL/nosql-precision 
Python: Add precision to NoSQL query
 2024-03-04 14:44:46 +01:00
yoff
569bb991d4 Merge pull request #15775 from RasmusWL/scope-consistency 
Python: Add consistency check for `PhaseDependentFlow`
 2024-03-04 14:43:13 +01:00
Rasmus Wriedt Larsen
fbf6727809 Python: Add change-note 2024-03-04 11:46:38 +01:00
Rasmus Wriedt Larsen
16cb6c2044 Python: Fix validTest expectations 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:41:47 +01:00
Rasmus Wriedt Larsen
85a45b0155 Python: Fix comment 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:40:17 +01:00
Rasmus Wriedt Larsen
d99a763ef7 Python: add change-note 2024-03-01 15:24:33 +01:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Rasmus Wriedt Larsen
30b7fadbb8 Python: Add test 2024-03-01 15:19:56 +01:00
Rasmus Wriedt Larsen
7c60562132 Python: Ignore IterableSequenceNode inconsistencies 2024-03-01 14:22:18 +01:00
Rasmus Wriedt Larsen
7e3e5db3db Python: Add example of consistency failure 2024-03-01 14:21:16 +01:00
Rasmus Wriedt Larsen
bcd5c08ebd Python: Ignore match-related inconsistencies 2024-03-01 14:15:32 +01:00
Rasmus Wriedt Larsen
5d212514c6 Python: Add example of consistency failure 2024-03-01 14:07:08 +01:00
Rasmus Wriedt Larsen
1658a1cb80 Python: Ignore SynthDictSplatArgumentNode failures 2024-03-01 14:00:06 +01:00