hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 21:56:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,178 Commits 1,673 Branches 157 Tags
df915dc60c5a88e2706efe7ea68bf3c074136abe
Commit Graph

599 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
Max Schaefer
17e3a45ad7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2024-01-22 13:36:12 +00:00
Max Schaefer
98178458d0 Python: Add support for more URL redirect sanitisers. 
Since some sanitisers don't handle backslashes correctly, I updated the data-flow configuration to incorporate a flow state tracking whether or not backslashes have been eliminated or converted to forward slashes.
 2024-01-22 13:24:18 +00:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Rasmus Wriedt Larsen
72687e0368 Merge branch 'main' into automated-subclass-models 2023-12-19 17:08:25 +01:00
Rasmus Wriedt Larsen
9863309631 Python: auto subclass capture 
(locally done with split + 5 x modeling runs + join, but squashed into one commit)
 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen
de2a563a8e Python: Delete old auto subclass capture files 
In the final git history this only deletes one file, but when working
locally I deleted ALL files.
 2023-12-19 17:07:21 +01:00
Rasmus Wriedt Larsen
a78f13cb2e Python: Ignore known subclass models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
24a3a23c9c Python: Regenerate rest_framework models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
5c89c38c92 Python: Add the rest_framework models for demonstration purposes 
Although it might be hidden by github UI by default, it could be
interesting for a reviewer to notice the effect changes in the modeling
query has to the results in this file.
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
13c2378b58 Python: Update a few QLdocs 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
937af906fd Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
e050f2e998 Python: Adjust subclass finder to no ESSA nodes 
But the new test results looks very strange indeed!
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
60b784a919 Python: Don't filter subclass tests away 2023-12-19 17:07:01 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
fossilet
1cc2f073c4 Fix typo in qll. 2023-12-14 16:05:14 +08:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Rasmus Wriedt Larsen
dc90411809 Python: Don't include docs/ folder 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
004bb50ef2 Python: Disallow invalid path component 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
6ce8cd38d8 Python: Disallow examples 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
b24e565128 SubclassFinder: don't include site-packages 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
aa5eee1eac Python: Revert manual pickle modeling 
This reverts commit 62910f0cab525ca4d4901c4c27f6e6b22c3375fc.
This reverts commit 75a8197879ec47094d9b18f3dab7bcc1c1cdba28.

We don't find `kombu.serialization.pickle_load` since we respect
`__all__`. I think that was an attempt to not flood the captured
modeling with useless re-exports, but I think we've ended up doing that
anyway... we should consider to remove that restriction!

see 21d7df29c7/kombu/serialization.py (L29)
 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
f74581ad09 Revert "Python: Model owslib.etree.etree directly" 
This reverts commit 1213e786519a11142746fd3a725c874181f3a42b.

By fixing a few bugs in the SubclassFinder + manually running Find.ql on the geonode DB from DCA, I found that the installed version of owslib had both: https://github.com/geopython/OWSLib/blob/0.27.2/owslib/etree.py
 2023-12-08 11:27:53 +01:00
Rasmus Wriedt Larsen
6ef9a2b11e Python: Fix problem if import is used 
I fixed it in both predicates... I think we might still be able to remove
`newDirectAlias` -- but with it being better, it will allow us to better test if `newImportAlias` actually cover everything we need!
 2023-12-08 11:27:52 +01:00
Rasmus Wriedt Larsen
f1fd9b4c7a Python: Fix underlying problem of not using Alias 2023-12-08 11:27:52 +01:00
Taus
fa6aec7ae2 Python: Model owslib.etree.etree directly 
Somehow, this alias did not get picked up by the tooling.
 2023-12-08 11:27:52 +01:00
Taus
6d40e7e0fc Python: Add extensible modelling for lxml.etree 2023-12-08 11:27:52 +01:00
Taus
5b9d56774b Python: Refactor references to ElementTree 
This would probably be better as a module, but I wanted to verify
first that this would yield the right results.
 2023-12-08 11:27:52 +01:00
Taus
d29879a844 Python: Model kombu.serialization 
More `pickle` wrappers.
 2023-12-08 11:27:52 +01:00
Taus
a6dc6f3e42 Python: Add model for flask.restful 
Not subclass-related -- just an alias.
 2023-12-08 11:27:52 +01:00
Taus
6261a94986 Python: Add cloudpickle model 
This one didn't seem to fit into the subclass approach, so I just modeled
it manually.
 2023-12-08 11:27:52 +01:00
Taus
43fe9ca31d Python: Model rest_framework.exceptions.APIException 
Only models the subclasses of `APIException` that share the same interface as
`APIException` itself with regard to the `getBody` predicate.
 2023-12-08 11:27:52 +01:00
Taus
1f66659ff2 Python: Add Django FileField model 2023-12-08 11:27:52 +01:00
Taus
aa3f1cf3e1 Python: extend aiohttp model 2023-12-08 11:27:52 +01:00
Taus
b5bffb2220 Python: Add aioch model 2023-12-08 11:27:52 +01:00
Taus
875fa0b8f0 Python: Add Peewee model 2023-12-08 11:27:52 +01:00
Taus
5e3bdb8701 Python: Add Pydantic model 2023-12-08 11:27:51 +01:00
Taus
9d93afe128 Python: Add logging.Logger model 2023-12-08 11:27:51 +01:00
Taus
dea61e14d1 Python: Add Urllib3 model 2023-12-08 11:27:51 +01:00
Taus
1269a98d2b Python: Add Tornado models 2023-12-08 11:27:51 +01:00
Taus
6093bb9fd4 Python: add some stdlib models 2023-12-08 11:27:51 +01:00
Taus
4879a931eb Python: Add starlette.requests.URL model 2023-12-08 11:27:51 +01:00
Taus
a3f7885787 Python: Add SqlAlchemy model 2023-12-08 11:27:51 +01:00
Taus
422733f32a Python: Add rest_framework model 2023-12-08 11:27:51 +01:00
Taus
5afead5896 Python: Add Pycurl model 2023-12-08 11:27:51 +01:00
Taus
f1a72311ed Python: add MultiDict model 2023-12-08 11:27:51 +01:00
Taus
62db8cc633 Python: Add MarkupSafe model 2023-12-08 11:27:51 +01:00
Taus
cdb0ac524d Python: Add invoke model 2023-12-08 11:27:51 +01:00
Taus
699b6b8bef Python: Add httpx model 2023-12-08 11:27:51 +01:00