Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor updates to SQL alchemy PR #1

Merged
merged 2,012 commits into from
Jun 29, 2021
Merged

Minor updates to SQL alchemy PR #1

merged 2,012 commits into from
Jun 29, 2021

Conversation

RasmusWL
Copy link

@RasmusWL RasmusWL commented Jun 29, 2021
edited
Loading

Since I had to merge main to get some updates, this PR might have a ton of commits shown 😞 (look at the very bottom of the huge list of commits)

The only real work is in:

smowton and others added 30 commits June 21, 2021 12:46
@smowton
Increase field flow branch limit in Jax-RS tests
c5eef7b 
This fixes apparently-missing results by allowing the dataflow library to persist even when there are many Map implementations possibly available.
@smowton @aschackmull
Increase test fieldFlowBranchLimit to 1000
e2aaae8 
Might as well head off future failures in this test

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
@MathiasVP
C++: Add false positive with multiplication.
18e5d3c
@MathiasVP
C++: Make any non-overflowing arithmetic operation a barrier.
238c483
@aschackmull
DataFlow: Add support for configuration-specific implicit reads.
b7ac329
@aschackmull
Dataflow: Sync.
8088032
@aschackmull
Java: Make Content public as DataFlow::Content.
aa82d0b
@aschackmull
C/C++: Make Content public as DataFlow::Content.
38319a4
@aschackmull
Java: Add defaultImplicitTaintRead and sync.
65ac8be
@aschackmull
Java: Remove temporary store-as-taint.
d383c0f
@aschackmull
Merge pull request github#6119 from smowton/smowton/fix/jaxrs-tests-f…
14b485e 
…ield-flow

Increase field flow branch limit in Jax-RS tests
@aschackmull
C/C++: Update qltest expected output.
810de73
@yoff
Merge pull request github#6045 from RasmusWL/twisted
baf8d0a 
Python: Model twisted
@AlonaHlobina
Merge branch 'main' into AlonaHlobina-patch-3
281a619
@geoffw0 @MathiasVP
Update cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md
05ed4ed 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
@codeql-ci
Merge pull request github#6071 from RasmusWL/fix-input-cwe
565af1a 
Approved by calumgrant, tausbn
@RasmusWL
Merge branch 'main' into jmespath
1c48aca
@MathiasVP
Merge pull request github#6099 from geoffw0/weak-crypto3
05389bb 
Further improvements to cpp/weak-cryptographic-algorithm
@aschackmull
Java: Fix some qltests.
27c973e
@aschackmull
Java: Remove outdated test.
c06e152
@MathiasVP
C++: Share the 'bounded' predicate from 'cpp/uncontrolled-arithmetic'…
3bc6b11 
… and use it in 'cpp/tainted-arithmetic'.
@tausbn
Python: Address review comments
768cab3 
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
@tausbn @RasmusWL
Python: Expand __main__.py comment
ba6ab8f 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
@erik-krogh
add model for the dayjs library
2a4570e
@erik-krogh
add model for the formatByString and formatByNumber functions in …
cdf3cdc 
…`@date-io`
@erik-krogh
add model for the luxon library
227f61b
@AlonaHlobina
Update versions-compilers.rst
2a9d000
@erik-krogh
add CWE-1333 to the JS ReDoS queries
a4303bc
@erik-krogh
add support for kew
967ccfe
@erik-krogh
add support for the promise polyfill
f095e19
intrigus and others added 21 commits June 25, 2021 16:47
@intrigus
Java: Factor out SecurityFlag library.
dc0b06a
@intrigus
Java: Fix qhelp errors.
6bfdf8d
@intrigus
Java: Add change-note.
f0d4b1d
@intrigus-lgtm @felicitymay @intrigus
Apply suggestions from code review.
f527df7 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
@intrigus
Java: Move comments to separate lines.
fe923fa 
Move comments to separate lines to improve
the rendering in the finished query help.
@intrigus
Move back to experimental.........
36575bb
@intrigus
Fix test location.
5106aec
@intrigus
Remove change-note.
be57aec
@aschackmull @intrigus
Apply suggestions from code review
a79356e
@owen-mc
Merge pull request github#6138 from owen-mc/java/model/apache-commons…
44f0411 
…-collections

Model Apache commons collections MapUtils class and keyvalue package
@intrigus
Accept test changes.
5aa711a
@hvitved
Merge pull request github#6152 from hvitved/csharp/dataflow/csv-out-ref
e624fb4
@smowton
Merge pull request github#4879 from intrigus-lgtm/java/improve-trustm…
def4a23 
…anager

Java: Add/improve insecure trustmanager query
@timoles
Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwaila…
eb0a13f 
…bs/codeql into insecureJmxRmiServerEnvironment
@timoles
Auto formatting .ql file
e5fa532
@smowton
Merge pull request github#5811 from mogwailabs/insecureJmxRmiServerEn…
8aa9cd5 
…vironment

Java: Add query - insecure environment configuration during JMX/RMI server init
@RasmusWL
Python: Fix concepts-tests for SQLAlchemy
eac1c5d
@RasmusWL
Merge branch 'main' into python-use-sqlalchemy
684f51a
@RasmusWL
Python: Fixup after merging main
cb11239
@RasmusWL
Python: Add taint-tests for SQLAlchemy
ef48734
@RasmusWL
Python: Add taint-step for sqlalchemy.text
a5a7f3e
@github-actions github-actions bot added documentation Improvements or additions to documentation C++ C# Java JS Python labels Jun 29, 2021
@mrthankyou
Copy link
Owner

There is a check change note failure in this PR. I'm going to ignore that failure. Once the Build code scanning query list / build (pull_request) check is done I'll merge this PR.

@mrthankyou mrthankyou merged commit 2a65917 into mrthankyou:python-use-sqlalchemy Jun 29, 2021
@RasmusWL RasmusWL deleted the python-use-sqlalchemy branch June 30, 2021 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C++ C# documentation Improvements or additions to documentation Java JS Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.