1022 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	be37763125	improve performance of process() by pruning accept states early	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	bf20b7dfc5	add change note for the ReDoS renamings	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3bea7df45d	add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	13482fc97b	rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp"	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	6b0df9bdfb	refactor the concretize algorithm	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dbeae9aefb	make a parameterized module out of the RegexpMatching implementation	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	7fb3d81d2f	add further normalization of char classses	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3be4a86acd	make ReDoSPruning into a parameterized module	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dc06e9df02	move predicates that depend on isReDoSCandidate into a ReDoSPruning module	2022-06-23 14:36:24 +02:00
Anders Schack-Mulligen	4a317a25d3	Dataflow: Sync.	2022-06-23 14:34:52 +02:00
github-actions[bot]	a74051c658	Release preparation for version 2.10.0	2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen	3248f7b423	Merge pull request #9649 from RasmusWL/certificate-modeling ... Python/JS/Ruby: Ignore common words (like certain) as sensitive data source	2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen	876ba71d9b	Python/JS/Ruby: Add change-note	2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen	4be375521f	Python: Handle _ in sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	5dc2bb717a	Python: ignore common words (certain/concert) as sensitive source	2022-06-22 11:05:05 +02:00
Anders Schack-Mulligen	df6d68b215	Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class ... Dataflow: Deprecate BarrierGuard class	2022-06-22 10:44:08 +02:00
Anders Schack-Mulligen	f8f9b7d3b4	Apply suggestions from code review	2022-06-21 14:11:36 +02:00
Asger F	092a6a01ac	Python: Update member documentation	2022-06-21 12:44:06 +02:00
Asger F	fecbfa6ca3	Python: add deprecation	2022-06-21 12:44:06 +02:00
Asger F	3a669a8d21	Python: getAValueReachingRhs -> getAValueReachingSink	2022-06-21 12:44:06 +02:00
Asger F	b096f9ec72	Python: Rename getAUse -> getAValueReachableFromSource	2022-06-21 12:44:06 +02:00
Asger F	181a53bd03	Python: Rename getAnImmediateUse -> asSource	2022-06-21 12:44:06 +02:00
Asger F	60fde3c031	Python: Rename getARhs -> asSink	2022-06-21 12:44:06 +02:00
Asger F	8f259d4bb6	Python: port API graph doc comment	2022-06-21 12:44:06 +02:00
Edoardo Pirovano	70dbd92e25	Bump minor version of all regularly released packs	2022-06-21 11:22:58 +01:00
Edoardo Pirovano	ad02b85efa	Merge branch main into rc/3.6	2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen	a4796e1542	Add change notes.	2022-06-21 11:17:47 +02:00
Anders Schack-Mulligen	a6c0a9e480	Python: one more fix	2022-06-21 09:19:45 +02:00
Anders Schack-Mulligen	f473a0a961	Python: Deprecate and replace BarrierGuard class.	2022-06-20 15:46:38 +02:00
yoff	94145e9e74	Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll	2022-06-20 10:14:52 +02:00
Rasmus Wriedt Larsen	f1b0a814e0	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-06-17 15:04:57 +02:00
Anders Schack-Mulligen	6518a01ded	Dataflow: Sync.	2022-06-16 11:25:28 +02:00
Rasmus Wriedt Larsen	d6e68258a4	Python: API-graphs: allow class decorators in .getASubclass()	2022-06-15 17:30:34 +02:00
github-actions[bot]	1ed70d51d7	Post-release preparation for codeql-cli-2.9.4	2022-06-15 13:25:20 +00:00
Rasmus Lerchedahl Petersen	0608d4d2f9	python: fix alerts ... Also, remove the `toLowerCase` again, as I do not know what effect it will have.	2022-06-15 14:18:29 +02:00
Rasmus Lerchedahl Petersen	40b61fa85f	python: fix qldocs and clean-up dead code	2022-06-15 14:07:35 +02:00
yoff	9dbb451f41	Merge pull request #9463 from RasmusWL/req-wo-cert-validation ... Python: Rewrite `py/request-without-cert-validation`	2022-06-15 13:00:57 +02:00
github-actions[bot]	104ac05f49	Release preparation for version 2.9.4	2022-06-15 08:22:38 +00:00
Rasmus Lerchedahl Petersen	7b5d9ec7df	python: Straight port of tarslip	2022-06-14 15:01:13 +02:00
Alex Ford	8d195e3188	Merge pull request #9157 from alexrford/crypto-op-block-mode ... Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`	2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen	5b2d799fde	Python: Model certificate disabling in urllib3	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	0d02ca07d7	Python: Add certificate disable test of urllib/urllib2	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	049e87201c	Python: Model certificate disabling in httpx	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	1a2a4232a8	Python: Refactor httpx tests ... and improve QLDocs a bit	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	f72a1d98bb	Python: Model certificate disabling in aiohttp.client	2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen	4b07a7b7be	Python: Add missing QLDoc for requests ... Also fix links	2022-06-08 17:41:42 +02:00
Rasmus Wriedt Larsen	c21e05aa44	Python: Use HTTP::Client::Request request for py/request-without-cert-validation ... This is very much like the Ruby query, except we also have the origin that does the disabling. 976daddd36/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql (L18-L20)	2022-06-08 15:42:32 +02:00
Rasmus Wriedt Larsen	729cf79be7	Merge pull request #9351 from RasmusWL/django-file-read ... Python: Support `read` on Django file	2022-06-01 10:45:26 +02:00
Anders Schack-Mulligen	9abd2259d3	Merge pull request #9381 from aschackmull/redos/perf ... ReDoS: Improve performance in ExponentialBackTracking.qll.	2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen	4f3751dfea	Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency ... Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent	2022-06-01 10:38:25 +02:00