hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,607 Commits 1,672 Branches 157 Tags
e7d649f36dd74321f4588cfd9c3d0e69e5b00ce1
Commit Graph

4284 Commits

Author SHA1 Message Date
jorgectf
e7d649f36d Make Cookie concept extend HTTP::Server::CookieWrite 2021-11-16 13:54:25 +01:00
jorgectf
83e3de1fed Polish documentation. 2021-11-05 21:05:33 +01:00
jorgectf
ed74bd6800 Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie 2021-11-05 20:14:06 +01:00
jorgectf
86aac7c215 Add/Update .expected files. 2021-11-05 20:13:12 +01:00
jorgectf
a420e6e18d Add CookieInjection.qlref 2021-11-05 20:12:56 +01:00
jorgectf
cf47e8eb9c Fix endpoints' naming 2021-11-05 20:12:35 +01:00
jorgectf
b3258ce20f Add CookieInjection sample and .qhelp 2021-11-05 20:12:05 +01:00
jorgectf
d7a79469e6 Improve tests 2021-11-05 20:08:52 +01:00
jorgectf
4cb78ac654 Fix typo 2021-11-05 20:08:37 +01:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
d9e5d179d2 Python: Minor fix to QLDoc 
and auto-formatting
 2021-10-28 11:15:34 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
jorgectf
cf9e9f9dd4 Add cookie injection query missing proper tests 2021-10-28 10:28:45 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
jorgectf
129edd605e Update .expected 2021-10-28 09:25:56 +02:00
jorgectf
5dc1ad6f8a Polish .ql 2021-10-28 09:25:47 +02:00
jorgectf
0f2b81e0d2 Polish tests 2021-10-28 09:24:47 +02:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
jorgectf
48c3c3d8a8 Broaden scope 2021-10-27 21:00:50 +02:00
jorgectf
28ec8c9dee Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie 2021-10-27 19:00:55 +02:00
Rasmus Wriedt Larsen
89e713a25c Python: Update PyYAML comment with 6.0 release 2021-10-26 17:58:06 +02:00
Rasmus Wriedt Larsen
cd6d73d553 Python: Handle kwarg in PyYAML 
Really surprised that we didn't already :|
 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
6c0083e584 Python: Add PoC for PyYAML code execution 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
1ce09afa08 Python: Add modeling of ruamel.yaml PyPI package 2021-10-26 17:48:10 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
CodeQL CI
3fc6e2b294 Merge pull request #6941 from RasmusWL/add-missing-noinline 
Approved by tausbn
 2021-10-25 15:23:37 +01:00
Rasmus Wriedt Larsen
852e9875bd Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-21 10:24:34 +02:00
Rasmus Wriedt Larsen
8167e83ae5 Python: Fix tests 2021-10-20 17:58:03 +02:00
Rasmus Wriedt Larsen
d0fd907582 Python: Add change-note 
I reworded this slightly from what was done in C++, such that I can
completely stand behind what it says.
 2021-10-20 17:03:55 +02:00
Rasmus Wriedt Larsen
8f28684d10 Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql 2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen
605494c3d1 Python: Treat SyntaxErrors as warnings in diagnostics 
Rename going to happen in second commit, so git doesn't get too confused

I don't actually recall where to lookup that warning is 1, and error is
2, but I took this from
https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123
 2021-10-20 16:59:00 +02:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved
a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Rasmus Wriedt Larsen
386c7e3a12 Python: Add missing pragma[noinline] 2021-10-19 11:55:51 +02:00
Rasmus Wriedt Larsen
b0af805460 Merge pull request #6899 from thepurpleowl/patch-1 
Python SignatureOverriddenMethod: Rmv duplicate condition
 2021-10-19 11:24:01 +02:00
Geoffrey White
3f3c79f48f Merge pull request #6884 from geoffw0/setliterals 
Replace or chains with set literals.
 2021-10-18 16:46:55 +01:00
Anders Schack-Mulligen
b67032d1cc Merge pull request #6891 from erik-krogh/fix-java-this 
add explicit this qualifier on all of java
 2021-10-18 17:13:37 +02:00
Tom Hvitved
a10bde5795 Merge pull request #6872 from hvitved/dataflow/path-into-callable0-join 
Data flow: Performance tweaks
 2021-10-18 16:25:10 +02:00
Tom Hvitved
e6954292aa Address review comments 2021-10-18 14:09:44 +02:00
Anders Schack-Mulligen
91ea064980 Sync 2021-10-18 14:04:50 +02:00
Surya Prakash Sahu
2871bdb206 Python SignatureOverriddenMethod: Rmv duplicate condition 2021-10-17 18:04:20 +05:30
jorgectf
271e2e4c49 Update .expected 2021-10-16 13:12:33 +02:00
jorgectf
14c50e993b Add django GET.get RFS 2021-10-16 13:10:48 +02:00
jorgectf
45146bc798 Merge branch 'main' into jorgectf/python/headerInjection 2021-10-16 12:46:57 +02:00
jorgectf
bf76d9cd8b Fix django test 2021-10-16 10:45:25 +02:00
jorgectf
2db1ffef1e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-10-16 10:40:52 +02:00
Taus
b2e4276bc8 Merge pull request #6886 from aschackmull/java-python/perffix-transitive-step-x3 
Java/Python: Fix some potential performance problems due to transitive deltas.
 2021-10-15 11:06:35 +02:00
Geoffrey White
8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Anders Schack-Mulligen
f6a517c998 Merge pull request #6882 from MathiasVP/fix-unnecessary-exists 
C++/Python: Remove unnecessary `exists`
 2021-10-14 16:44:05 +02:00