hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,689 Branches 159 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
17cd4d86f1 Fix tests. 2022-03-04 12:27:48 +00:00
Taus
20710616c5 Python: Fix "use set literal" warnings 2022-03-04 12:26:36 +00:00
Geoffrey White
1cb104418f Update ExposureSensitiveInformationUnauthorizedActor.expected 
Fix test.
 2022-03-04 12:25:22 +00:00
Geoffrey White
a34a61c16f Update ExposureSensitiveInformationUnauthorizedActor.expected 
Fix test.
 2022-03-04 12:25:05 +00:00
Taus
821de636af Python: Remove redundant inline casts 
These are all implied by the return type of the other side of the
equality.
 2022-03-04 12:21:31 +00:00
Taus
74f0bdfc79 Python: Fix "unused disjunct" warnings 
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.

Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
 2022-03-04 12:14:57 +00:00
Mathias Vorreiter Pedersen
9a91e66714 Merge pull request #8321 from MathiasVP/improve-using-expired-address-query 
C++: More TPs from `cpp/using-expired-stack-address`
 2022-03-04 12:07:55 +00:00
tombolton
2ffa6771ff replace endpoint type name with encoding in mapping query 2022-03-04 11:00:31 +00:00
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection 
Python: promote XPath injection query
 2022-03-04 11:59:39 +01:00
Rasmus Wriedt Larsen
f620e2599d Merge branch 'main' into py/add-ssrf-sinks 2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
e47f726e74 Python: Add change-note 2022-03-04 11:48:17 +01:00
Rasmus Wriedt Larsen
d86284bf32 Python: Update frameworks.rst 2022-03-04 11:48:06 +01:00
Rasmus Wriedt Larsen
75bc532d10 Python: Avoid toString usage :O 2022-03-04 11:41:22 +01:00
Rasmus Wriedt Larsen
866e615689 Python: Add PyPI links in qldocs 2022-03-04 11:40:03 +01:00
Joe Farebrother
6c05f7a81a remove url from sensitive info regex 2022-03-04 10:37:05 +00:00
Rasmus Wriedt Larsen
02a97b08bb Python: Move urllib and urllib2 to be part of stdlib modeling 2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77 Python: improve urllib3 modeling 2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179 Python: Fix httpx modeling 2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
56901ea841 Python: Make new SSRF sink modules private 2022-03-04 11:04:18 +01:00
Rasmus Wriedt Larsen
40feb1fb8d Python: SPURIOUS results for httpx 2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1 Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-04 10:56:53 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase 
Python: Prevent magic/inlining in `getCase`
 2022-03-04 10:53:20 +01:00
Tom Hvitved
c49ed559d6 Update csharp/ql/lib/change-notes/2022-03-03-recursive-qltest-extraction.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-03-04 10:49:42 +01:00
Rasmus Wriedt Larsen
ef045a6789 Python: Fix typo in set_default_parser 2022-03-04 10:18:30 +01:00
Rasmus Wriedt Larsen
1a9620a87a Python: Add conditional assignment check for sax parser 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54 Python: Fix huge_tree modeling 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434 Python: huge_tree tests were wrong 
Nice spotted @jorgectf!
 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
3cd165d5b7 Python: Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2022-03-04 10:15:50 +01:00
Arthur Baars
cd5c71e85e Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp 2022-03-04 10:15:22 +01:00
Jonathan Leitschuh
7ab193dde2 Add System.getProperties().getProperty support 2022-03-03 20:08:38 -05:00
Jorge
683c2fa825 Apply suggestions from code review 2022-03-04 01:02:56 +01:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
Jonathan Leitschuh
31527a67e5 Refactor OS Checks & SystemProperty logic from review feedback 2022-03-03 17:15:35 -05:00
Jonathan Leitschuh
103c770ce7 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-03-03 16:39:45 -05:00
Rasmus Wriedt Larsen
3f6c55e8ae Python: Rename vulnerable predicate => vulnerableTo 2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
0d69dc854c Python: Minor qldoc improvement 2022-03-03 22:06:26 +01:00
Rasmus Wriedt Larsen
837daaae3b Python: Remove XMLParser concept 2022-03-03 22:04:48 +01:00
Rasmus Wriedt Larsen
df8e0fce68 Python: Minor fixup of qldoc 2022-03-03 22:02:48 +01:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
Rasmus Wriedt Larsen
c0a6f9f3fd Python: Restructure lxml modeling 
and handle parser being passed as positional argument
 2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a Python: Restructure modeling of xml.etree parsers 2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
a033b71eaf Python: Align QLdocs of XML modeling 2022-03-03 21:34:46 +01:00
Rasmus Wriedt Larsen
de0e67f327 Python: Restructure overall XML modeling 2022-03-03 21:31:15 +01:00
Rasmus Wriedt Larsen
46238d5ea0 Python: Add test for XMLPullParser 
But handling this in a nice way will require some restructuring
 2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437 Python: Support feed method of lxml/xml.etree Parsers 2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected 
I had forgotten about this, but better late than never... also added a
small representative test
 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972 Python: Handle more functions and kw-args 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00