636 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	5083023aa8	Python: Move XML parsing PoC ... Since the folder where it used to live is now empty otherwise :O	2022-03-31 18:37:47 +02:00
Rasmus Wriedt Larsen	b4c0065aeb	Python: Extend FileSystemAccess for xml.sax and xml.dom.* parsing	2022-03-31 18:08:47 +02:00
Rasmus Wriedt Larsen	1d7cec60ae	Python: xml.sax.parse is not a method call ... And it's not possible to provide a parser argument either	2022-03-31 17:50:23 +02:00
Rasmus Wriedt Larsen	e11269715d	Python: Promote xml.sax and xml.dom.* modeling	2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen	05bb0ef976	Python: Align xml.etree.ElementTree modeling ... I didn't find a good way to actually share the stuff, so we kinda just have 2 things that look very similar :|	2022-03-31 17:24:16 +02:00
Rasmus Wriedt Larsen	70b3eecdd5	Python: Merge xml.etree.ElementTree models ... I forgot about the existing ones when I promoted it	2022-03-31 17:13:11 +02:00
Rasmus Wriedt Larsen	543454eff2	Python: Model file access from XML parsing	2022-03-31 11:47:29 +02:00
Rasmus Wriedt Larsen	386ff53614	Python: Model lxml.iterparse	2022-03-31 11:32:22 +02:00
Rasmus Wriedt Larsen	12cbdcde28	Python: Model lxml.etree.XMLID	2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen	6774085e7a	Python: Add note about parseid/XMLID	2022-03-31 11:19:25 +02:00
Rasmus Wriedt Larsen	a315aa84b2	Python: Add some links in QLDocs	2022-03-31 11:16:50 +02:00
Rasmus Wriedt Larsen	64aa503cc3	Python: Promote xml.etree modeling	2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen	7f5f7679f8	Python: Promote xmltodict modeling	2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen	80b5cde3a2	Python: Promote lxml parsing modeling	2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen	3040adfd9b	Python: Handle XMLParser().close() for XPath	2022-03-31 10:08:26 +02:00
Rasmus Wriedt Larsen	1ea4bcc59f	Python: Make XMLParsing a Decoding subclass	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e45288e812	Python: => XMLParsingVulnerabilityKind ... Since there are other XML vulnerabilities that are not about parsing, this is more correct.	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e005a5c0ab	Python: Promote XMLParsing concept	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	769f5691d0	Python: Add taint for StringIO and BytesIO	2022-03-31 09:52:54 +02:00
Arthur Baars	b103679d8a	JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll	2022-03-28 12:17:26 +02:00
Arthur Baars	af1d949d06	Merge pull request #8489 from aibaars/regex-refactor ... Ruby: refactor regex libraries	2022-03-28 12:17:00 +02:00
yoff	5efc19c39d	Merge pull request #7806 from erik-krogh/pyDef ... Python: Add def nodes to API graphs	2022-03-28 08:09:14 +02:00
Rasmus Wriedt Larsen	d51aaf2f91	Python: Import framework-modeling in regex.qll	2022-03-24 14:28:44 +01:00
Arthur Baars	1a9aaf4543	Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-03-24 11:37:03 +01:00
Arthur Baars	74aea81fe3	Ruby: refactor regex libraries	2022-03-24 11:37:02 +01:00
Rasmus Wriedt Larsen	bbf60b875e	Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding ... Python/JS/Ruby: Shared concepts scaffolding	2022-03-23 10:22:42 +01:00
yoff	47e062cfb9	Merge pull request #8486 from aibaars/incomplete-hostname-python ... Python: switch to shared implementation of IncompleteHostnameRegExp.ql	2022-03-22 15:06:14 +01:00
Rasmus Wriedt Larsen	6bd9d82610	Merge pull request #8061 from RasmusWL/orm ... Python: Add data-flow through Django ORM models	2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen	311cbb4e13	Merge branch 'main' into shared-concepts-scaffolding	2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen	414764ccee	Concepts: Minor rewrite in qldoc ... As suggested by @hmac	2022-03-22 10:33:58 +01:00
Rasmus Wriedt Larsen	758a81cc0f	Python: Remove import of Concepts in DataFlowPrivate ... As discussed in PR review	2022-03-21 16:22:15 +01:00
Arthur Baars	79cd7bf8ed	Python: create semmle/python/dataflow/new/Regex.qll	2022-03-21 15:57:19 +01:00
Alex Ford	c891c53835	Merge pull request #8395 from alexrford/ruby/clear-text-storage ... Ruby: add `rb/clear-text-storage-sensitive-data` query	2022-03-21 10:05:39 +00:00
Arthur Baars	9412b331db	Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" ... This reverts commit 6d24591416.	2022-03-18 16:31:22 +01:00
Tom Hvitved	79ea2a3a9c	Data flow: Sync files	2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen	2b9408b0c3	Concepts: Add some architecture documentation	2022-03-17 13:49:10 +01:00
Harry Maclean	36c421346b	Introduce ConceptsShared.qll	2022-03-17 13:49:10 +01:00
Jeroen Ketema	7a9a9d833a	Merge pull request #8435 from jketema/all-the-barriers ... Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-16 15:50:19 +01:00
Rasmus Wriedt Larsen	ae1ba11d57	Merge branch 'main' into orm	2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen	f1e6271d20	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-03-16 10:53:19 +01:00
Jeroen Ketema	157a36bc4f	Use node variable in all disjuncts	2022-03-15 11:55:35 +01:00
Jeroen Ketema	9a0e94f389	Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper ... Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 ... Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen	c93f29b1a1	fix typo in change note ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-03-14 16:03:45 +01:00
Erik Krogh Kristensen	689f3c0478	update some references to deprecated module names	2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen	a4525bbb29	add change-note	2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen	ad2ab5602e	PY: rename remaining private python modules	2022-03-14 12:22:33 +01:00