github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
52 352 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

6915 Коммитов

Автор SHA1 Сообщение Дата
Rasmus Wriedt Larsen 0b9d16a43e
Merge pull request #12636 from RasmusWL/sql-modeling 
Python: Some more SQL modeling
 2023-03-27 15:52:30 +02:00
Erik Krogh Kristensen d3c3f2dc90
Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
yoff 2121ed784f
Merge branch 'main' into python/rewrite-InsecureContextConfiguration 2023-03-27 10:20:53 +02:00
Jeroen Ketema 977f15f8a4
Merge pull request #12649 from jketema/unit 
Replace all definitions of `Unit` by `import codeql.util.Unit`
 2023-03-27 08:49:50 +02:00
Anders Schack-Mulligen 6db8c8b19f
Merge pull request #12656 from aschackmull/dataflow/qldoc 
Dataflow: Minor qldoc fix
 2023-03-24 14:57:39 +01:00
Rasmus Lerchedahl Petersen 3c407eaa23 python: rewrite comment 2023-03-24 13:32:25 +01:00
Rasmus Lerchedahl Petersen 8ea4878f7a python: move comment 2023-03-24 13:24:49 +01:00
Taus c0eb611dae
Merge pull request #12244 from RasmusWL/import-refined 
Python: Fix import of refined variable
 2023-03-24 13:22:19 +01:00
yoff cf4eac6fa1
Update python/ql/src/Security/CWE-327/PyOpenSSL.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-03-24 13:18:03 +01:00
Anders Schack-Mulligen 85511ba19d Dataflow: Sync 2023-03-24 12:42:06 +01:00
Jeroen Ketema a87a9438c7
Replace all definitions of `Unit` by `import codeql.util.Unit` 2023-03-24 10:39:34 +01:00
Anders Schack-Mulligen 9d88f01c82
Merge pull request #12645 from aschackmull/dataflow/renaming 
Dataflow: Rename Make to Global and hasFlow to flow
 2023-03-24 08:48:31 +01:00
Anders Schack-Mulligen d440bc2d0c Dataflow: Sync. 2023-03-23 13:40:23 +01:00
Anders Schack-Mulligen 1c1aa7ecdd Dataflow: Add change notes. 2023-03-23 13:17:36 +01:00
Anders Schack-Mulligen d0b7ffda70 Python/Ruby/Swift: Rename references. 2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen 2761aa73ca Dataflow: Sync. 2023-03-23 13:06:19 +01:00
erik-krogh e189b36e3f
materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
Kasper Svendsen ce6be1f636 Dataflow: Instantiate stage 1 access paths with proper unit type 2023-03-23 08:32:16 +01:00
Rasmus Wriedt Larsen 77f1539e71
Python: Add change-note 2023-03-22 15:57:09 +01:00
Rasmus Wriedt Larsen 7b3f710e91
Python: Model `aiosqlite` 2023-03-22 15:51:47 +01:00
Rasmus Wriedt Larsen 9975facf9d
Python: Make asyncio version of PEP249 modeling library 
so it's also easy to modeling asyncio libraries

Also ports aiomysql/aiopg to use this new modeling
 2023-03-22 15:51:33 +01:00
Rasmus Wriedt Larsen 2b4ebf7377
Python: Add support for `.executescript` 2023-03-22 15:20:06 +01:00
Rasmus Wriedt Larsen eb43fa2644
Python: Make API graph version of PEP249 modeling 
This will allow us to more easily handle the executescript method, which
we'll do in next commit.
 2023-03-22 15:07:03 +01:00
Rasmus Wriedt Larsen 5930499f1d
Python: Add test for missing `.executescript` SQL method 2023-03-22 14:57:08 +01:00
Rasmus Wriedt Larsen 170a93cc4f
Python: Model `cassandra-driver` PyPI package 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen e4db5f9a64
Python: Model `asyncpg.connection.connect()` 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen 4f9117963d
Python: Model `sqlite3.dbapi2` 2023-03-22 10:28:04 +01:00
erik-krogh b071d3557e
JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
yoff a328d8c93b
Merge pull request #12594 from yoff/python/add-test-to-valid 
python: add test to validation (and fix it)
 2023-03-22 09:07:27 +01:00
Rasmus Wriedt Larsen b2f34ef4b1
Merge branch 'main' into import-refined 2023-03-21 15:12:11 +01:00
yoff e21e630316
Merge branch 'main' into python/add-test-to-valid 2023-03-21 14:47:17 +01:00
Anders Schack-Mulligen 0d6dd7d25a DataFlow: Sync. 2023-03-21 14:27:25 +01:00
Rasmus Wriedt Larsen caa25f78d9
Merge pull request #12607 from RasmusWL/fix-dataflow-consistency-output 
Python: Accept dataflow-consistency test changes
 2023-03-21 13:20:29 +01:00
Asger F 6d665da4dc
Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Rasmus Wriedt Larsen e90559b86d
Python: Add missing `options` files 
I could not for the life of me figure out why the tests were failing,
when they were working for me locally 🤦
 2023-03-21 10:24:28 +01:00
Rasmus Wriedt Larsen 346086524b
Python: Accept dataflow-consistency test changes 
To PRs must have had a conflict when merged separately
 2023-03-21 10:09:01 +01:00
Anders Schack-Mulligen 3876e4335f
Merge pull request #12420 from kaspersv/kaspersv/dataflow-remove-alias-preds 
Dataflow: Remove revFlowAlias and revFlowApAlias predicates
 2023-03-20 16:30:15 +01:00
Michael Nebel 17b3383043
Merge pull request #12556 from michaelnebel/java/argumentthis 
Java: Argument[-1] -> Argument[this]
 2023-03-20 15:59:59 +01:00
Erik Krogh Kristensen a9d40d39d9
Merge pull request #12550 from erik-krogh/useNumberUtil 
Java/Python: use Number.qll to parse hex numbers in regex parsing
 2023-03-20 15:50:31 +01:00
Erik Krogh Kristensen 0f813ce2e8
Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Rasmus Wriedt Larsen 2ee09cc5d1
Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00
Rasmus Wriedt Larsen 93c9f59e86
Python: Extract version specific coverage/classes.py tests 
Since we can analyze operator.py from Python3, but not in Python 2
(since it's implemented in C), we get a difference for the index tests.

note: `operator.length_hint` is only available in Python 3.4 and later,
so would always fail under Python 2.
 2023-03-20 15:39:20 +01:00
yoff 6639e5a97b
Merge pull request #12590 from yoff/python/patch-uninitialized-local 
Python: Patch uninitialized local query
 2023-03-20 15:11:14 +01:00
Rasmus Lerchedahl Petersen 6a5db750c4 python: add test to validation (and fix it) 2023-03-20 15:07:46 +01:00
yoff 17c9ba9872
Merge pull request #12464 from yoff/python/add-test-captured-in-collection 
python: add test for captured variables in lists
 2023-03-20 15:01:58 +01:00
Rasmus Lerchedahl Petersen ed15cce31f python: add change note 2023-03-20 14:22:58 +01:00
Rasmus Lerchedahl Petersen b042c60ca3 python: remove outdated comment 2023-03-20 14:13:48 +01:00
Rasmus Lerchedahl Petersen 72e97918e9 python: format 2023-03-20 14:11:10 +01:00
Rasmus Lerchedahl Petersen 5f438e433d python: exclude nonlocals from query 2023-03-20 13:34:39 +01:00
Kasper Svendsen 1d2f1b6ae6 Address comments 2023-03-20 13:34:14 +01:00