hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 20:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,491 Commits 1,679 Branches 157 Tags
f3fc68352eff3e3fb9673050c1a96cf45dfd7a79
Commit Graph

6441 Commits

Author SHA1 Message Date
Jami Cogswell
4d99cd1b7a update EC key size in help file 2022-12-01 11:56:44 -05:00
Jami Cogswell
0fa05d47e3 add shared key sizes 2022-12-01 11:56:44 -05:00
Rasmus Wriedt Larsen
d47b3265c4 Python: Fix py/meta/points-to-call-graph 2022-12-01 14:56:10 +01:00
Rasmus Wriedt Larsen
e7264fb495 Merge pull request #11480 from RasmusWL/sink-meta-query 
Python: Add taint-sinks meta query
 2022-12-01 10:23:33 +01:00
Tom Hvitved
b33f5925bb Data flow: Sync files 2022-11-30 13:39:25 +01:00
Owen Mansel-Chan
55c4643b20 Dataflow: Sync. 2022-11-30 11:00:07 +00:00
porcupineyhairs
346dd864b5 Update python/ql/lib/change-notes/2022-11-17-py-pam-improve.md 
fix typo

Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-11-30 05:21:11 +05:30
Rasmus Wriedt Larsen
607639c100 Python: restrict py/meta/points-to-call-graph to non-ignored files 2022-11-29 15:10:45 +01:00
Rasmus Wriedt Larsen
d7aea228ce Python: Add taint-sinks meta query 
Inspired by the one they have in JS:
097d5189e9/javascript/ql/src/meta/alerts/TaintSinks.ql
 2022-11-29 15:10:09 +01:00
Rasmus Wriedt Larsen
544de5232c Python: Use ' instead of ` in select text 2022-11-29 14:47:45 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Rasmus Wriedt Larsen
8694119c3c Python: Update py/pam-auth-bypass change-note wording 2022-11-28 16:16:34 +01:00
Rasmus Wriedt Larsen
4e67ec19d0 Python: Adjust alert text of py/pam-auth-bypass 2022-11-28 16:14:38 +01:00
Rasmus Wriedt Larsen
f8442ccb0e Python: Adjust PAM Auth bypass test slightly 2022-11-28 16:08:44 +01:00
Rasmus Wriedt Larsen
fef06679e5 Python: Remove options file for PAM Auth Bypass 
Should not be needed
 2022-11-28 16:03:32 +01:00
Rasmus Wriedt Larsen
3d9556e5a3 Python: Use proper Query suffix 2022-11-28 16:03:17 +01:00
Rasmus Wriedt Larsen
c310948521 Python: Remove enclosing module for PAM Auth Bypass.qll 2022-11-28 16:02:38 +01:00
Rasmus Wriedt Larsen
479a9e4156 Python: Update .expected 2022-11-28 16:01:42 +01:00
Felicity Chapman
a76d47681d Replace references in Qhelp files 2022-11-28 15:25:37 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Taus
530b795eaa Merge pull request #11402 from yoff/python/port-super-not-enclosing-class 
Python: port `py/super-not-enclosing-class`
 2022-11-28 11:52:57 +01:00
Rasmus Lerchedahl Petersen
77d98b217e Python: add import 2022-11-25 08:52:35 +01:00
yoff
d804acdef7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-25 08:50:37 +01:00
Erik Krogh Kristensen
03737543d4 Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
Asger F
abf0c0f296 Python: update more comments referring to the package column 2022-11-23 15:02:08 +01:00
Rasmus Lerchedahl Petersen
91198524cd Python: port py/super-not-enclosing-class 2022-11-23 14:37:45 +01:00
Asger F
1c910550e6 Python: merge package/type columns 2022-11-23 11:17:42 +01:00
Rasmus Wriedt Larsen
5866af413f Merge pull request #11347 from tausbn/python-clean-up-import-resolution 
Python: Add change note for module resolution
 2022-11-22 15:28:38 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
9195b73d84 Python: Model getpass.getpass as source of passwords 2022-11-22 14:11:52 +01:00
Rasmus Wriedt Larsen
80e71b202a Python: Cleartext queires: Remove flow from getpass.py 2022-11-22 14:08:00 +01:00
Rasmus Wriedt Larsen
9342e3ba76 Python: Enable new test 
But look at all those elements from getpass.py implementation :(
 2022-11-22 13:59:59 +01:00
Rasmus Wriedt Larsen
e01df3ea7c Python: Prepare for new test 
.expected line changes 😠
 2022-11-22 13:52:50 +01:00
Taus
18be30d177 Python: Apply suggestion from review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-22 13:46:45 +01:00
Rasmus Wriedt Larsen
1b30cf8eca Merge branch 'main' into call-graph-tests 2022-11-22 13:39:27 +01:00
Rasmus Wriedt Larsen
84faf49bf0 Python: Add tests for compound arguments field flow 2022-11-22 11:29:00 +01:00
Rasmus Wriedt Larsen
d876acde4c Python: Fix SINK/SINK_F usage for crosstalk tests 
As discussed in PR review
https://github.com/github/codeql/pull/11208#discussion_r1022473421
 2022-11-22 11:29:00 +01:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
Taus
f12e15b46b Python: Fix implicit this warnings 2022-11-21 15:23:13 +00:00
Taus
a385e87273 Python: Add change note for module resolution 
Also adapts the version-specific tests to support results specific to
Python 2 (though at the moment there are no such tests).
 2022-11-21 14:29:39 +00:00
Taus
8f4eb7107a Merge pull request #10861 from tausbn/python-clean-up-import-resolution 
Python: Clean up import resolution
 2022-11-21 15:18:08 +01:00
Tom Hvitved
99e70e9a50 Data flow: Sync files 2022-11-20 10:19:23 +01:00
Porcupiney Hairs
db231a111c Python : Improve the PAM authentication bypass query 
The current PAM auth bypass query which was contributed by me a few months back, alert on a vulenrable function but does not check if the function is actually function. This leads to a lot of fasle positives.

With this PR, I add a taint-tracking configuration to check if the username parameter can actually be supplied by an attacker.

This should bring the FP's significantly down.
 2022-11-19 01:29:25 +05:30
Taus
d79eed533b Python: Remove unwanted recursion 
Depending on `localFlowStep` meant that this predicate ended up being
recursive with itself (by way of flow summaries which depend on API
graphs, which in turn depend on import resolution).

Changing this to use the simple local flow step predicate that we use
for type tracking should fix this issue.
 2022-11-18 13:50:50 +00:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Taus
e76ab8c78c Merge branch 'main' into python-clean-up-import-resolution 2022-11-17 22:47:50 +00:00
erik-krogh
468a879c1f Python: delete dead code. thanks QL-for-QL 2022-11-17 22:12:51 +01:00