Rasmus Lerchedahl Petersen a063d7d510 Python: sinks -> decodings ...

Query operators that interpret JavaScript
are no longer considered sinks.
Instead they are considered decodings
and the output is the tainted dictionary.
The state changes to `DictInput` to reflect
that the user now controls a dangerous dictionary.

This fixes the spurious result and moves the error reporting
to a more logical place.

2023-09-11 16:33:20 +02:00

..

analysis

Python: nice locations for import aliases

2023-08-10 20:27:06 +02:00

change-notes

Merge pull request #13782 from jorgectf/jorgectf/shlex-quote

2023-08-31 21:08:58 +02:00

semmle

Python: sinks -> decodings

2023-09-11 16:33:20 +02:00

upgrades

Python: add upgrade/downgrade scripts

2023-05-22 19:37:58 +02:00

CHANGELOG.md

Release preparation for version 2.14.3

2023-08-18 14:48:15 +00:00

codeql-pack.release.yml

Release preparation for version 2.14.3

2023-08-18 14:48:15 +00:00

Customizations.qll

Packaging: Rafactor Python core libraries

2021-08-24 13:23:45 -07:00

default.qll

Packaging: Rafactor Python core libraries

2021-08-24 13:23:45 -07:00

design.md

spelling: which

2022-10-13 11:21:10 -04:00

printAst.ql

Move contextual queries from src to lib

2022-06-29 07:51:26 -07:00

python.qll

python: Wrappers for database classes

2022-01-19 14:29:58 +01:00

qlpack.lock.yml

Packaging: Rafactor Python core libraries

2021-08-24 13:23:45 -07:00

qlpack.yml

Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3

2023-08-28 13:34:10 -04:00

semmlecode.python.dbscheme

Python: sync shared dbscheme fragments

2023-05-22 19:37:58 +02:00

semmlecode.python.dbscheme.stats

Python: sync shared dbscheme fragments

2023-05-22 19:37:58 +02:00

site.qll

Packaging: Rafactor Python core libraries

2021-08-24 13:23:45 -07:00