hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,900 Commits 1,675 Branches 157 Tags
fac17384c3271a9bb038365fa38693262bffacd4
Commit Graph

508 Commits

Author SHA1 Message Date
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage 
Ruby: add `rb/clear-text-storage-sensitive-data` query
 2022-03-21 10:05:39 +00:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
Erik Krogh Kristensen
689f3c0478 update some references to deprecated module names 2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen
ad2ab5602e PY: rename remaining private python modules 2022-03-14 12:22:33 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field 
Ruby: resolve `ql/field-only-used-in-charpred` alerts
 2022-03-11 15:48:05 +00:00
Jeroen Ketema
93a0da75b6 Fix taint tracking configurations that broke due to interface change 2022-03-11 12:18:04 +01:00
Jeroen Ketema
cd28f09ae0 Extend taint tracking interface with flow states 2022-03-11 11:50:35 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen
ddf93b555e PY: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Alex Ford
305a51754c Run python config/sync-files.py 2022-03-10 18:34:16 +00:00
Alex Ford
2b25765156 Format QL 2022-03-10 17:55:42 +00:00
Alex Ford
0f3cf47ca9 Ruby/JS/Py: Add "random" to the notSensitiveRegexp() heuristic 2022-03-10 17:38:52 +00:00
Erik Krogh Kristensen
a96223c9c1 PY: remove leftover comments 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
b45d06df9a PY: remove leftover comment 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
309e376c6d PY: convert test to not use deleted deprecations 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
a1769f8036 Python: add default implementation of getName() and deprecate it 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
e721094182 Python: remove old deprecation that was recently updated by an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
b8d632810e Python: remove deprecation that were recently updated from an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Rasmus Wriedt Larsen
cbe3964a87 Merge pull request #8275 from haby0/py/add-ssrf-sinks 
Python: Add Server-side Request Forgery sinks
 2022-03-08 11:06:52 +01:00
Taus
d2603884ca Python: Fix a bunch of class QLDoc 2022-03-07 18:59:49 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step 
Ruby/Python: Clear call contexts after jump steps in type tracking
 2022-03-07 11:38:51 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Taus
b35718e0d5 Python: Remove uses of getAQlClass 2022-03-04 15:39:27 +00:00
Taus
095f27f294 Python: Remove deprecated annotations 2022-03-04 12:30:26 +00:00
Taus
20710616c5 Python: Fix "use set literal" warnings 2022-03-04 12:26:36 +00:00
Taus
821de636af Python: Remove redundant inline casts 
These are all implied by the return type of the other side of the
equality.
 2022-03-04 12:21:31 +00:00
Taus
74f0bdfc79 Python: Fix "unused disjunct" warnings 
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.

Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
 2022-03-04 12:14:57 +00:00
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection 
Python: promote XPath injection query
 2022-03-04 11:59:39 +01:00
Rasmus Wriedt Larsen
f620e2599d Merge branch 'main' into py/add-ssrf-sinks 2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
75bc532d10 Python: Avoid toString usage :O 2022-03-04 11:41:22 +01:00
Rasmus Wriedt Larsen
866e615689 Python: Add PyPI links in qldocs 2022-03-04 11:40:03 +01:00
Rasmus Wriedt Larsen
02a97b08bb Python: Move urllib and urllib2 to be part of stdlib modeling 2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77 Python: improve urllib3 modeling 2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179 Python: Fix httpx modeling 2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
56901ea841 Python: Make new SSRF sink modules private 2022-03-04 11:04:18 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00