github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
30 111 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

182 Коммитов

Автор SHA1 Сообщение Дата
yoff 8e11c2c476
Merge pull request #7259 from RasmusWL/even-more-path-injection-sinks 
Python: Add more path-injection sinks from `os` and `tempfile` modules
 2021-12-09 14:46:41 +01:00
yoff f10f053c36
Merge pull request #7228 from RasmusWL/fastapi-improvements 
Python: FastAPI improvements
 2021-12-02 12:58:53 +01:00
Rasmus Wriedt Larsen d557f6fd2e
Merge pull request #7101 from RasmusWL/python-ids 
Python: Fix some query-ids
 2021-11-29 16:12:57 +01:00
Rasmus Wriedt Larsen cbd7434a7e Python: Add modeling of `tempfile` module 2021-11-29 15:08:36 +01:00
Rasmus Wriedt Larsen 3bcf6d68ce Python: Refactor `os` FileSystemAccess change-note 
I think it's more readable to have only one to cover all of these
changes, even though they came in through different PRs.
 2021-11-29 15:08:18 +01:00
Rasmus Wriedt Larsen 7dde52ced2
Merge pull request #7131 from RasmusWL/wsgiref.simple_server 
Python: Model `wsgiref.simple_server` applications
 2021-11-24 14:22:23 +01:00
Rasmus Wriedt Larsen 1411804e58 Python: Allow custom `fastapi.APIRouter` subclasses 2021-11-24 13:46:38 +01:00
Rasmus Wriedt Larsen d493cfdf3a Python: Model FastAPI `FileResponse` as `FileSystemAccess` 
This was an oversight from our initial FastAPI modeling work.
 2021-11-24 11:44:51 +01:00
yoff f9729bccef
Merge pull request #7143 from RasmusWL/path-improvements 
Python: Model `posixpath` and `os.stat`
 2021-11-24 11:36:06 +01:00
Taus 8cccee6eba
Merge pull request #6972 from yoff/python/promote-redos 
Python: Promote ReDoS queries
 2021-11-23 14:02:09 +01:00
Erik Krogh Kristensen 1cca377e7d
Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Rasmus Wriedt Larsen a980f26fda Python: Model `os.stat` (and friends) 2021-11-16 10:45:32 +01:00
Rasmus Wriedt Larsen 9f4107d211 Python: Model `posixpath`, `ntpath`, and `genericpath` modules 2021-11-16 10:45:14 +01:00
Rasmus Wriedt Larsen 6eb4525ab2 Python: Model `wsgiref.simple_server` applications 2021-11-15 13:34:39 +01:00
yoff 9f614b1d98
Merge pull request #7016 from RasmusWL/django-rest-framework 
Python: Model Django REST framework
 2021-11-12 14:27:56 +01:00
Rasmus Wriedt Larsen b11d11c0c9 Python: Add change-note 2021-11-12 14:27:01 +01:00
Taus 55ea715ce9
Merge pull request #7033 from RasmusWL/flask-admin 2021-11-12 12:18:56 +01:00
yoff d23a920ed4
Merge branch 'main' into python/model-aiomysql 2021-11-10 14:32:36 +01:00
Rasmus Lerchedahl Petersen 57e7bfbdba Python: model aiomysql 2021-11-10 14:29:39 +01:00
Rasmus Lerchedahl Petersen aa1541a5c3 Python: add changenote 2021-11-09 12:57:36 +01:00
Erik Krogh Kristensen 02f500b9c2 Merge branch 'main' into htmlReg 2021-11-04 12:58:42 +01:00
Rasmus Wriedt Larsen 8cd9fdebf9 Python: Model `flask_admin` 2021-11-02 15:43:13 +01:00
yoff 97625d7c2c
Merge pull request #7023 from RasmusWL/toml 
Python: Add modeling of `toml`
 2021-11-02 14:42:06 +01:00
Rasmus Wriedt Larsen cb6bcada4c Merge branch 'main' into django-rest-framework 2021-11-02 14:33:16 +01:00
yoff 0240631510
Merge pull request #6782 from RasmusWL/fastapi 
Python: Model FastAPI
 2021-11-02 14:16:12 +01:00
Rasmus Wriedt Larsen 8ee804a8c2 Python: Add `toml` modeling 2021-11-02 11:57:15 +01:00
Rasmus Wriedt Larsen fd12b144bc Python: Add change-note 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen 85f00fda19
Merge pull request #6776 from yoff/python/model-asyncpg 
Python: Model `asyncpg`
 2021-10-29 13:54:44 +02:00
Rasmus Lerchedahl Petersen 8c72cc0cdd Python: update change note 2021-10-28 14:53:46 +02:00
Rasmus Lerchedahl Petersen 7201b3e116 Python: add changenote 2021-10-28 14:48:48 +02:00
Rasmus Wriedt Larsen 0acf6aaec8 Python: Add change-note 2021-10-28 13:45:34 +02:00
Rasmus Wriedt Larsen 3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen 1ce09afa08 Python: Add modeling of `ruamel.yaml` PyPI package 2021-10-26 17:48:10 +02:00
Erik Krogh Kristensen 44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Rasmus Wriedt Larsen 54ab5d4bc8 Python: Fix date for FastAPI change-note 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen f5464b79e4 Merge branch 'main' into fastapi 2021-10-25 09:49:42 +02:00
Rasmus Wriedt Larsen d0fd907582 Python: Add change-note 
I reworded this slightly from what was done in C++, such that I can
completely stand behind what it says.
 2021-10-20 17:03:55 +02:00
Rasmus Lerchedahl Petersen 83490e9a03 Python: update change note 2021-10-12 19:27:27 +02:00
Rasmus Lerchedahl Petersen 61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
yoff c007c9460c
Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
Rasmus Wriedt Larsen 1552c108b0
Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 09:34:15 +02:00
Rasmus Wriedt Larsen a50b193c40 Python: Model data-flow for `x or y` and `x and y` 2021-10-08 18:32:30 +02:00
Rasmus Wriedt Larsen fd0c386a4c Python: Add change-note 2021-10-08 12:06:18 +02:00
Rasmus Wriedt Larsen 3661ff3bd8 Python: Add basic FastAPI support 2021-09-30 19:14:14 +02:00
Rasmus Lerchedahl Petersen 115113888f Python: Add change note 2021-09-29 16:58:14 +02:00
Rasmus Wriedt Larsen a83bb39d0f Python: Merge SQLAlchemy TextClause injection into `py/sql-injection` 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00
Erik Krogh Kristensen 99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
yoff 4adb0c75bd
Merge pull request #6589 from RasmusWL/promote-sqlalchemy 
Python: Promote modeling of SQLAlchemy
 2021-09-21 11:08:41 +02:00
Rasmus Wriedt Larsen 4a16be2cba
Merge pull request #6557 from yoff/python/port-modification-of-default-value 
Python: port modification of default value
 2021-09-21 10:12:12 +02:00
Rasmus Wriedt Larsen c7c8e2f3e3 Merge branch 'main' into promote-sqlalchemy 2021-09-21 09:36:07 +02:00