hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,787 Commits 1,673 Branches 157 Tags
fef5a49fcba99cfbfb5075a756eba990b5375971
Commit Graph

4183 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
cd5973764b Merge pull request #14112 from erik-krogh/pyAllowedHosts 
Py: add sanitizer guard for `url_has_allowed_host_and_scheme`
 2023-09-13 12:59:38 +02:00
Rasmus Wriedt Larsen
7292730391 Python: Add change-note 2023-09-13 11:55:48 +02:00
erik-krogh
bf3fe3cd66 add new qhelp for clear-text-logging 2023-09-07 12:39:13 +02:00
Rasmus Wriedt Larsen
ec0529d68c Merge pull request #14145 from p-/p--asyncio-cmdi-exec 
Python: Support for command injection sinks found in the `asyncio` module
 2023-09-07 11:27:50 +02:00
Rasmus Wriedt Larsen
c85ea9a0c0 Python: Fix typo in SSRF example 2023-09-07 09:45:02 +02:00
Peter Stöckli
9027eac312 Python: add change notes for asyncio CMDi sinks 2023-09-05 16:14:56 +02:00
Rasmus Wriedt Larsen
49f5d38956 Merge pull request #14068 from RasmusWL/dataflow-config-refactor 
Python: Use new dataflow API
 2023-09-04 21:04:10 +02:00
Rasmus Wriedt Larsen
49d510018d Python: Add change-note 2023-08-29 11:11:32 +02:00
Dave Bartolomeo
3343b78015 Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 
Post-release preparation for codeql-cli-2.14.3
 2023-08-28 13:34:10 -04:00
github-actions[bot]
3eba77421a Post-release preparation for codeql-cli-2.14.3 2023-08-28 15:53:49 +00:00
Rasmus Wriedt Larsen
ce6335866b Python: Move ModificationOfParameterWithDefault to new dataflow API 2023-08-28 16:19:47 +02:00
Rasmus Wriedt Larsen
e8e8d975e3 Python: Remove all usage of DataFlow2+TaintTracking2 
(and any higher number as well)
 2023-08-28 15:34:19 +02:00
Rasmus Wriedt Larsen
c665c21d83 Python: More style-guide renaming 
Split it into multiple commits to make it easier to review.
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
996364d6ee Python: Fix naming style guide violations 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
98538d237e Python: Autoformat 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6961ca5234 Python: Rename to EmailXss 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6d4491e0a9 Python: Modernize WebAppConstantSecretKey 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
852b01c65d Python: Move SmtpMessageConfig to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d5e2a30e5b Python: Modernize py/azure-storage/unsafe-client-side-encryption-in-use a bit 
To use consistent naming
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
bfcc194b85 Python: Move experimental paramiko to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
acd0f2a8fb Python: Move experimental LDAPInsecureAuth to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c6911c2ae0 Python: Move experimental UnicodeBypassValidation to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c06394bf3 Python: Move experimental CookieInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c412707ab Python: Move experimental CsvInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ace1e23c21 Python: Move experimental ClientSuppliedIpUsedInSecurityCheck to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d948e103fa Python: Move experimental HeaderInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
53e57dad5c Python: Move experimental InsecureRandomness to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
3bf2705668 Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c88a0ccb7c Python: Move experimental TimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a779547515 Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
8abd3430a2 Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
1a4e8d9464 Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5fd3594f5f Python: Move TimingAttack.qll to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5d8329d9c8 Python: Move experimental ZipSlip to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935 Python: Move experimental ReflectedXSS to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0 Python: Move experimental TarSlipImprov to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f Python: Move experimental UnsafeUnpack to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3edb9d1011 Python: Move experimental TokenBuiltFromUUID to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
acde1920e7 Python: Move UntrustedDataToExternalAPI to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
657b1997cc Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dbfe517555 Python: Move HardcodedCredentials to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
46322b717a Python: Move XmlBomb to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
add1077532 Python: Move RegexInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c6caf83dfe Python: Move PolynomialReDoS to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c336990e5 Python: Move XpathInjection to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
60e45335dd Python: Move Xxe to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c76ca6127 Python: Move UrlRedirect to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
6f08e73dbc Python: Move UnsafeDeserialization to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dd074173d2 Python: Move WeakSensitiveDataHashing to new dataflow API 
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
 2023-08-28 15:27:50 +02:00