hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,611 Commits 1,671 Branches 157 Tags
d70c596c868de99c87b3c11455acd462977fd367
Commit Graph

9628 Commits

Author SHA1 Message Date
Joe Farebrother
d70c596c86 Merge pull request #20914 from joefarebrother/python-socketio 
Python: Add models for socketio
 2025-12-04 23:14:58 +00:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
yoff
7fd4755e93 Merge pull request #20919 from yoff/python/header-splitting-experiments 
Python: detecting header splitting in synthetic app
 2025-12-03 15:48:54 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
Asger F
b8cff77cab Merge pull request #20873 from github/shared-xml-discard 
Share XML discard predicates
 2025-12-01 10:06:02 +01:00
Asger F
6257bed089 Sync OverlayXml.qll 2025-11-28 09:23:49 +01:00
Taus
0c358acc24 Merge pull request #20908 from akoeplinger/patch-1 
Fix KeyError: 'name' in python/extractor/imp.py on Python 3.14
 2025-11-27 15:29:54 +01:00
Taus
f55ff96674 Python: Bump extractor version and add change note 2025-11-27 13:52:37 +00:00
Joe Farebrother
16018e91a2 Minor test fix 2025-11-26 15:47:56 +00:00
Felicity Chapman
caf6b950ac Remove trailing periods from @name metadata in query files 
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
 2025-11-26 14:29:51 +00:00
yoff
2c835dc33c python: add changenote 2025-11-26 14:03:15 +01:00
yoff
24e55c0691 python: update MAD expectations 2025-11-26 14:00:22 +01:00
yoff
ebe29dd143 python: model urllib.ParseResult 2025-11-26 13:36:05 +01:00
yoff
a878bc61e1 python: add model for urllib.urlparse 2025-11-26 13:32:54 +01:00
yoff
d59f721341 python: add test for header injection 2025-11-26 13:32:54 +01:00
Joe Farebrother
8d313ff85b qldoc fixes 2025-11-26 11:23:04 +00:00
Joe Farebrother
6207137ef0 Add changenote 2025-11-26 11:21:05 +00:00
Joe Farebrother
eb7fe71557 Fix namespace instances and update tests 2025-11-26 10:51:16 +00:00
Asger F
dbf14c190a Factor XML discard predicates into OverlayXml.qll 2025-11-26 11:48:32 +01:00
Joe Farebrother
83eadbad60 Add namespace models 2025-11-25 16:56:36 +00:00
Alexander Köplinger
458f8570e8 Fix KeyError: 'name' in python/extractor/imp.py on Python 3.14 
Follow-up to https://github.com/github/codeql/pull/20630

The fix didn't fully work since when we raise the ImportError in `find_module` we don't pass a named argument into the format string which causes a `KeyError`.

We need to use a format string without named arguments, like Python 3.13 and earlier did.
 2025-11-25 12:38:55 +01:00
Joe Farebrother
b0be8184ac Add taint test 2025-11-24 16:54:21 +00:00
Joe Farebrother
a83c70f99d Add tests 2025-11-24 11:03:16 +00:00
Joe Farebrother
ba06990290 Add socketio models 2025-11-20 10:47:41 +00:00
Asger F
613895e0c0 Merge pull request #20424 from asgerf/js/overlay-manual-v4 
JS: Add overlay annotations
 2025-11-20 11:10:46 +01:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Asger F
ecfa94600f Sync ApiGraphModels.qll 2025-11-13 09:46:23 +01:00
Asger F
16e7dc1b8a Sync ApiGraphModelsExtensions.qll 2025-11-13 09:46:21 +01:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
Michael B. Gale
046db0419f Merge pull request #20758 from github/post-release-prep/codeql-cli-2.23.4 
Post-release preparation for codeql-cli-2.23.4
 2025-11-05 10:45:51 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Taus
e702d3bfc8 Python: Add change note 
I wasn't entirely sure if this should be classified as `deprecated` or
`breaking`, but seeing as these changes technically _could_ break
existing queries (requiring a small rewrite), I opted for the latter.
 2025-10-30 15:16:51 +00:00
Taus
820d8e76c4 Python: Remove points-to from Module 2025-10-30 13:59:30 +00:00
Taus
b93ce98612 Python: Remove points-to from Expr 2025-10-30 13:58:59 +00:00
Taus
b434ce460e Python: Get rid of getLiteralValue 
This had only two uses in our libraries, so I simply inlined the
predicate body in both places.
 2025-10-30 13:30:04 +00:00
Taus
fef08afff9 Python: Remove points-to to from ControlFlowNode 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
 2025-10-30 13:30:04 +00:00
Nora Dimitrijević
1ff24cbee8 Python/LdapInsecureAuth 
python/ql/src/experimental/Security/CWE-522/LdapInsecureAuth.ql
 2025-10-28 09:40:35 +01:00
Nora Dimitrijević
998de144ea Python/CorsBypass 2025-10-28 09:40:32 +01:00
Nora Dimitrijević
4bc9ede2e8 Python/UnsafeUsageOfClientSideEncryptionVersion 2025-10-28 09:40:30 +01:00
Nora Dimitrijević
6d57316862 Python/UnsafeUnpackQuery 
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
 2025-10-28 09:40:27 +01:00
Nora Dimitrijević
37fff48dcd Python/ServerSideRequestForgeryQuery 
python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
 2025-10-28 09:40:24 +01:00
Nora Dimitrijević
baccdcc07f Python/PolynomialReDoSQuery 
python/ql/src/Security/CWE-730/PolynomialReDoS.ql
 2025-10-28 09:40:21 +01:00
Joe Farebrother
8c277bd1d9 Merge pull request #20494 from joefarebrother/python-insecure-cookie-split 
Python: Split Insecure Cookie query into multiple queries
 2025-10-24 11:10:20 +01:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
Nora Dimitrijević
e120e5c3ba Merge pull request #20337 from d10c/d10c/python-overlay-compilation-plus-extractor 
Python: enable overlay compilation + extractor overlay support
 2025-10-16 14:49:01 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00