hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:github/codeql into UnmatchableDollar

Browse Source 
to make CodeScan happy
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-06-24 11:04:07 +02:00
parent 6e9c48bba7 941177ee25
commit f6c59abcd9
1314 changed files with 43671 additions and 20522 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/query-tests/Classes/equals-hash/DefineEqualsWhenAddingFields.expected
View File

@@ -1 +1 @@
| attr_eq_test.py:21:1:21:27 | class BadColorPoint | The class 'BadColorPoint' does not override $@, but adds the new attribute $@. | attr_eq_test.py:10:5:10:28 | Function __eq__ | '__eq__' | attr_eq_test.py:25:9:25:19 | Attribute | _color |
| attr_eq_test.py:21:1:21:27 | class BadColorPoint | The class 'BadColorPoint' does not override $@, but adds the new attribute $@. | attr_eq_test.py:10:5:10:28 | Function Point.__eq__ | '__eq__' | attr_eq_test.py:25:9:25:19 | Attribute | _color |

7
python/ql/test/query-tests/Expressions/Regex/test.py
View File

@@ -144,3 +144,10 @@ re.compile(r'(?:(?P<n1>^(?:|x)))')
#Potentially mis-parsed character set
re.compile(r"\[(?P<txt>[^[]*)\]\((?P<uri>[^)]*)")
#Allow unicode in raw strings
re.compile(r"[\U00010000-\U0010FFFF]")
re.compile(r"[\u0000-\uFFFF]")
#Allow unicode names
re.compile(r"[\N{degree sign}\N{EM DASH}]")

4
python/ql/test/query-tests/Security/CWE-020/hosttest.py
View File

@@ -17,3 +17,7 @@ def safe(request):
target = request.args.get('target', '')
if SAFE_REGEX.match(target):
return redirect(target)
# FP reported in https://github.com/github/codeql/issues/3712
# This does not define a regex (but could be used by other code to do so)
escaped = re.escape("https://www.humblebundle.com/home/library")

6
python/ql/test/query-tests/Security/CWE-020/urltest.py
View File

@@ -17,16 +17,16 @@ def unsafe2(request):
#Simplest and safest approach is to use a white-list
#Simplest and safest approach is to use an allowlist
@app.route('/some/path/good1')
def safe1(request):
whitelist = [
allowlist = [
"example.com/home",
"example.com/login",
]
target = request.args.get('target', '')
if target in whitelist:
if target in allowlist:
return redirect(target)
#More complex example allowing sub-domains.

2
python/ql/test/query-tests/Security/CWE-327/TestNode.ql
View File

@@ -1,5 +1,5 @@
import python
import semmle.python.security.TaintTracking
import semmle.python.dataflow.TaintTracking
import python
import semmle.python.security.SensitiveData
import semmle.python.security.Crypto

4
python/ql/test/query-tests/Security/lib/fabric/api.py
View File

@@ -23,3 +23,7 @@ def sudo(command, shell=True, pty=True, combine_stderr=None, user=None,
quiet=False, warn_only=False, stdout=None, stderr=None, group=None,
timeout=None, shell_escape=None, capture_buffer_size=None):
pass
# https://github.com/fabric/fabric/blob/1.14/fabric/tasks.py#L281
def execute(task, *args, **kwargs):
pass

0
python/ql/test/query-tests/analysis/Sanity/Sanity.expected → python/ql/test/query-tests/analysis/Consistency/Consistency.expected
View File

1
python/ql/test/query-tests/analysis/Consistency/Consistency.qlref Normal file
View File

@@ -0,0 +1 @@
analysis/Consistency.ql

0
python/ql/test/query-tests/analysis/Sanity/package/__init__.py → python/ql/test/query-tests/analysis/Consistency/package/__init__.py
View File

0
python/ql/test/query-tests/analysis/Sanity/test.py → python/ql/test/query-tests/analysis/Consistency/test.py
View File

1
python/ql/test/query-tests/analysis/Sanity/Sanity.qlref
View File

@@ -1 +0,0 @@
analysis/Sanity.ql