codeql

mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	c69b857662	Python: Add self.request as RemoteFlowSource for aiohttp View Just like we do for Django in `7393443f8c/python/ql/src/semmle/python/frameworks/Django.qll (L1786-L1804)`	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	c4b618dcf5	Python: Model view-classes in aiohttp.web No taint modeling of them yet though	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	8c039d5688	Python: Add more aiohttp view routing tests	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	1aa222d7cc	Python: Add taint-test for class-based view	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	fb21bc04fa	Python: Add taint-steps for `yarl.URL`	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	72e6a1489c	Python: Add taint-steps for MultiDictProxy	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	e76f02b016	Python: Minor refactor to use LocalSourceNode This just more correctly reflects the reality, since the type-tracking predicate just below only holds for LocalSourceNode anyway.	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	dd131e6bf7	Python: Add taint-step for methods on aiohttp.web.Request	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	63c7fa0c2c	Python: aiohttp match_info should be tainted Whoops	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	597a9dfc80	Python: Don't consider has_body tainted Although it technically is, I think it belong in the section of things that are unlikely to be exploitable	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	d953ea47d4	Python: Basic handling of tainted attributes in aiohttp	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	88158e7414	Python: Add basic model setup for aiohttp.web.Request	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	2b992a635a	Python: Add aiohttp taint tests	2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen	3cbb909a3a	Python: Add modeling of coroutine routes in aiohttp.web	2021-06-03 10:55:33 +02:00
Rasmus Wriedt Larsen	fa1d4e6de7	Python: Extract poor mans function resolution (from django) Since I also want to use this for aiohttp.web modeling	2021-06-03 10:55:33 +02:00
Rasmus Wriedt Larsen	85d9483c7b	Python: Add basic aiohttp tests	2021-06-03 10:55:33 +02:00
Tony Torralba	00836c4bac	Fix QLDocs	2021-06-03 10:52:52 +02:00
Tony Torralba	2833f8daa4	Change predicate isUnsafeEngine -> isSafeEngine to improve performance	2021-06-03 10:42:41 +02:00
CodeQL CI	ffad65be40	Merge pull request #5993 from erik-krogh/lib-debug Approved by esbena	2021-06-03 01:38:57 -07:00
CodeQL CI	60fb1a3b59	Merge pull request #5995 from erik-krogh/webpack-merge Approved by esbena	2021-06-03 01:38:08 -07:00
CodeQL CI	7663095b57	Merge pull request #5948 from erik-krogh/fixRandom Approved by esbena	2021-06-03 01:37:23 -07:00
CodeQL CI	40b6c85341	Merge pull request #5972 from erik-krogh/ts43 Approved by esbena	2021-06-03 01:35:58 -07:00
CodeQL CI	87268d57b8	Merge pull request #5994 from erik-krogh/abstractMongooseFunction Approved by esbena	2021-06-03 01:34:44 -07:00
Tony Torralba	34a8383c1a	Unused import	2021-06-03 10:22:53 +02:00
Tony Torralba	9cb0e3371c	Bidirectional import in ExternalFlow.qll	2021-06-03 10:22:42 +02:00
Tony Torralba	56d6fc951c	Fixed some QLDoc	2021-06-03 10:22:15 +02:00
Tony Torralba	ae0a00e30a	Added change note	2021-06-03 10:21:59 +02:00
AlonaHlobina	99708c33fd	Update versions-compilers.rst	2021-06-03 09:50:18 +02:00
Anders Schack-Mulligen	e86c534c48	Revert "Java: Update coverage." This reverts commit `1c081eeaed`.	2021-06-03 09:02:49 +02:00
Anders Schack-Mulligen	c86d433e2d	Merge pull request #5996 from tamasvajk/feature/csv-coverage-2 Temporarily disable CSV coverage PR file comparison step	2021-06-03 08:51:44 +02:00
Anders Schack-Mulligen	acca26f1d6	Merge pull request #5992 from hvitved/java/is-unreachable-perf Java: Improve performance of `isUnreachableInCall()`	2021-06-03 08:49:51 +02:00
Tamas Vajk	374adc8819	Temporarily disable CSV coverage PR file comparison step	2021-06-03 08:17:28 +02:00
Erik Krogh Kristensen	3bda1f2e26	update expected test output	2021-06-03 00:43:54 +02:00
Erik Krogh Kristensen	143bf9de14	add change note	2021-06-02 23:48:29 +02:00
Erik Krogh Kristensen	48ab630559	model webpack-merge as an extend call	2021-06-02 23:43:53 +02:00
Erik Krogh Kristensen	185811ee22	make MongooseFunction abstract	2021-06-02 23:23:30 +02:00
Erik Krogh Kristensen	431c995131	add support for the debug library	2021-06-02 23:11:15 +02:00
Erik Krogh Kristensen	69d6c74e7e	fix typescript version	2021-06-02 21:56:47 +02:00
Erik Krogh Kristensen	1e19da155c	move TaintedPath sink into TaintedPathCustomizations to avoid side-effects	2021-06-02 21:25:48 +02:00
AlonaHlobina	98ee763d57	Update docs/codeql/support/reusables/versions-compilers.rst Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>	2021-06-02 20:56:06 +02:00
Tom Hvitved	daf2cc3d53	Java: Improve performance of `isUnreachableInCall()`	2021-06-02 20:39:05 +02:00
Erik Krogh Kristensen	27ff256b0e	add change note	2021-06-02 15:34:01 +02:00
Erik Krogh Kristensen	788c5ba701	add support for the prettier API	2021-06-02 15:33:08 +02:00
Anders Schack-Mulligen	8e6dd51f50	Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql	2021-06-02 15:00:59 +02:00
AlonaHlobina	f9ede137f9	Update versions-compilers.rst	2021-06-02 14:19:18 +02:00
Chris Smowton	7382b349c2	Merge pull request #5987 from aschackmull/java/query-metadata Java: Add missing metadata.	2021-06-02 12:40:34 +01:00
Anders Schack-Mulligen	8a20395857	Merge pull request #5940 from pwntester/main Remove XSS sink for Java	2021-06-02 12:30:20 +02:00
Anders Schack-Mulligen	c0e562de21	Merge pull request #5979 from hvitved/java/shared-external-summaries Java: Move some CSV flow summary code into shared library	2021-06-02 12:28:45 +02:00
Tony Torralba	d476459727	Use InlineExpectationsTest	2021-06-02 12:15:26 +02:00
Tony Torralba	b30c92e69e	Refactored into MvelInjection.qll using CSV models	2021-06-02 11:33:01 +02:00

... 238 239 240 241 242 ...

36554 Commits