Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss

2026-04-28 02:05:14 +02:00 · 2020-10-30 17:56:36 +01:00
parent ef9999a4a1 146787bb55
commit 80360450de
65 changed files with 14172 additions and 5507 deletions
--- a/python/ql/test/experimental/library-tests/frameworks/stdlib/FileSystemAccess.py
+++ b/python/ql/test/experimental/library-tests/frameworks/stdlib/FileSystemAccess.py
@@ -0,0 +1,7 @@
+open("filepath")  # $getAPathArgument="filepath"
+open(file="filepath")  # $getAPathArgument="filepath"
+
+o = open
+
+o("filepath")  # f-:$getAPathArgument="filepath"
+o(file="filepath")  # f-:$getAPathArgument="filepath"
--- a/python/ql/test/experimental/library-tests/frameworks/stdlib/PathNormalization.py
+++ b/python/ql/test/experimental/library-tests/frameworks/stdlib/PathNormalization.py
@@ -0,0 +1,19 @@
+import os.path
+
+path = "un\\normalized/path"
+
+p1 = os.path.normpath(path)  # $pathNormalization
+p2 = os.path.normpath(path=path)  # $pathNormalization
+
+np = os.path.normpath
+
+p3 = np(path)  # $pathNormalization
+p4 = np(path=path)  # $pathNormalization
+
+
+def normalize(path):
+    return os.path.normpath(path)  # $pathNormalization
+
+
+p5 = normalize(path)
+p6 = normalize(path=path)
--- a/python/ql/test/experimental/library-tests/frameworks/stdlib/SafeAccessCheck.py
+++ b/python/ql/test/experimental/library-tests/frameworks/stdlib/SafeAccessCheck.py
@@ -0,0 +1,8 @@
+s = "taintedString"
+
+if s.startswith("tainted"):  # $checks=s $branch=true
+    pass
+
+sw = s.startswith  # $f-:checks=s $f-:branch=true
+if sw("safe"):
+    pass