hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,864 Commits 1,673 Branches 157 Tags
e8fdff7a3bea1c12d87ae5e33958f8aaf71ef534
Commit Graph

6104 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e8fdff7a3b Python: Expand ExternalAPIs test 
We never had a showcase of how keyword arguments were handled
 2022-10-28 09:38:02 +02:00
Rasmus Wriedt Larsen
6577281bed Python: Add crosstalk fieldflow test 2022-10-28 09:31:16 +02:00
Rasmus Wriedt Larsen
c1b2561598 Python: Extend fieldflow tests with bound method call 2022-10-28 09:31:16 +02:00
Rasmus Wriedt Larsen
0f34752f8f Python: Delete classesCallGraph.ql 
I don't see the value from this, so just going to outright delete it.
(it actually stayed alive for quite some time in the original git history,
but never seemed to be that useful.)
 2022-10-28 09:31:01 +02:00
Rasmus Wriedt Larsen
7d8c0c663f Python: Remove dataflow/coverage/dataflow.ql 
The selected edges is covered by `NormalDataflowTest.ql` now... and
reading the test-output changes in `edges` is just going to make commits
larger while not providing any real value.
 2022-10-28 09:29:32 +02:00
Rasmus Wriedt Larsen
609a4cfd42 Python: validate tests in datamodel.py 
And adopt argument passing tests as well.

turns out that `C.staticmethod.__func__` doesn't actually work :O
 2022-10-28 09:29:32 +02:00
Rasmus Wriedt Larsen
39081e9c1c Python: Fix staticmethod datamodel test 2022-10-28 09:29:32 +02:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Daniel Santos
feece6f7b4 Merge branch 'github:main' into main 2022-10-25 10:43:20 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
b8d60edb49 TokenBuiltFromUuid isAdditionalTaintStep refactor 2022-10-25 09:51:07 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
yoff
9d542f1be9 Merge pull request #10887 from Sim4n6/TarSlipImprov 
Python: Add TarSlip Improv query
 2022-10-25 13:02:52 +02:00
Daniel Santos
5ab068a3cc Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:55:21 -05:00
Daniel Santos
be8780742b Update python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
You are totally right! I just scanned the module's document and assumed it would implement it all. Pasting the documentation here for future reference https://docs.python.org/3/library/uuid.html?highlight=uuid#uuid.UUID.

Co-authored-by: Taus <tausbn@github.com>
 2022-10-24 11:49:17 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00
ALJI Mohamed
92a3846102 Fix query to omit sinks within std lib files 2022-10-22 09:35:55 +01:00
ALJI Mohamed
fdbed2a019 Add expected test results without considering inStdLib files. 2022-10-22 09:34:57 +01:00
ALJI Mohamed
0f44268038 Add expected test results 2022-10-21 22:14:55 +01:00
ALJI Mohamed
7d60f1f1c8 Modified the QL ref file and add TarSlip examples 2022-10-21 22:14:00 +01:00
ALJI Mohamed
7319052495 Delete the examples/ 2022-10-21 21:47:00 +01:00
ALJI Mohamed
31a6fb4181 Add TarSlip qlref for query-tests 2022-10-21 21:28:20 +01:00
Sim4n6
925f9d09e5 Update python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-10-21 21:06:51 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Arthur Baars
45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
Josh Soref
474aef438b spelling: connection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
ALJI Mohamed
9163cbec09 Restrict the reach for an additional taint step 2022-10-19 16:08:49 +01:00
ALJI Mohamed
25a7fcffc0 Add an additional taint step 2022-10-19 16:01:34 +01:00
ALJI Mohamed
d6fa745279 Add TarSlip Improv query 2022-10-19 14:01:40 +01:00
Taus
f5b2eb94a6 Merge pull request #10783 from yoff/python/subscript-nodes 
Python: API graph improvements for subscripts
 2022-10-17 15:21:56 +02:00
Taus
fa2faeb77b Merge pull request #10802 from jsoref/spelling-python 
Spelling python
 2022-10-17 11:33:27 +02:00
Rasmus Lerchedahl Petersen
2a56fb5a21 python: expand TODO 2022-10-17 10:23:55 +02:00
Rasmus Lerchedahl Petersen
c4271c1125 Python: add TODO comments 2022-10-17 10:22:47 +02:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
yoff
40526fdedb Update python/ql/lib/change-notes/2022-10-04-api-subscript-nodes.md 
Co-authored-by: Taus <tausbn@github.com>
 2022-10-15 08:16:19 +02:00
Rasmus Wriedt Larsen
fb49babc14 Merge pull request #10778 from sylwia-budzynska/python-db-models 
Python: Add cx_Oracle, phoenixdb, pyodbc models
 2022-10-14 10:49:24 +02:00
sylwia-budzynska
0eb48969a0 Fix typo 2022-10-13 20:02:03 +02:00
Sylwia Budzynska
e291d61bc7 Add oracledb model 2022-10-13 18:08:47 +02:00
Josh Soref
08f688d240 spelling: without 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
9fef7d4130 spelling: which 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
5765a71d90 spelling: whether 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
f19a5c43f0 spelling: uninitialized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
8669de57e7 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
7ee24e5fbb spelling: synthesized 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
887b49aae4 spelling: superfluous 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:10 -04:00
Josh Soref
33bc3131f9 spelling: something 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00
Josh Soref
05e20a389e spelling: shortcuts 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 11:21:09 -04:00