hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,276 Commits 1,671 Branches 157 Tags
adityasharad/context-experiments
Commit Graph

9236 Commits

Author SHA1 Message Date
Mark Shannon
bf692f4aad Python: Add better class support, including inheritance. 2019-04-26 16:21:45 +01:00
Mark Shannon
5a46df2132 Python: Add ADTs for ints and strings. Add some global data-flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
051683fadf Python: Break-up internal object modules. 2019-04-26 16:21:45 +01:00
Mark Shannon
c48d63f2ec Python: First draft of ADT based objects and attendant points-to. 2019-04-26 16:21:45 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Mark Shannon
d6ba729dce Python: Fix semantic merge conflict between #1206 and #1240. 2019-04-12 12:32:41 +01:00
Taus
707b73c3d0 Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests 
Python: Remove callsite refinement ESSA definition in tests
 2019-04-12 12:05:40 +02:00
Taus
607b5fb077 Merge pull request #1206 from markshannon/python-taint-flow-classless 
Python taint-tracking: Better flow for "generic" taint.
 2019-04-12 11:54:52 +02:00
Mark Shannon
ca6e03f597 Python: Remove callsite refinement ESSA definition when call in a test defining a pi-node. 2019-04-11 16:08:29 +01:00
Mark Shannon
97a9954e72 Merge pull request #1222 from taus-semmle/python-unify-old-and-new-query-suites 
Python: Make old query suites point to new query suites.
 2019-04-09 14:04:21 +01:00
Taus
adf8cdcde5 Merge pull request #1203 from markshannon/python-taint-tracking-configuration-2 
Python: Use taint tracking configuration for queries.
 2019-04-09 10:01:35 +02:00
Taus Brock-Nannestad
98e9edc27c Delete unnecessary files. 2019-04-08 18:27:30 +02:00
Taus Brock-Nannestad
e227078953 Add note about backwards compatibility. 2019-04-08 17:55:48 +02:00
Mark Shannon
52b3f77f4f Fix typo. 2019-04-08 15:47:49 +01:00
Taus Brock-Nannestad
2e6291270b Python: Make old query suites point to new. 2019-04-08 14:02:34 +02:00
Mark Shannon
df2000ea8e Python: Fix up dataflow configuration to act as expected. Keep undocumented for now. 2019-04-05 09:05:13 +01:00
Mark Shannon
2ba122373a Merge pull request #1128 from taus-semmle/python-paramiko-unsafe-host-key-validation 
Python: Add query for insecure SSH host key policies in Paramiko.
 2019-04-04 16:57:13 +01:00
Mark Shannon
c2e814a11a Fix CWE tag for Code injection query. 2019-04-04 15:09:12 +01:00
Mark Shannon
3bcd445a32 Python change 'SimpleHttpResponseTaintSink' to 'HttpResponseTaintSink'. 2019-04-04 14:45:37 +01:00
Mark Shannon
e2a3d91a7d Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test. 2019-04-04 14:29:34 +01:00
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00
Mark Shannon
35e82dca68 Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same. 2019-04-04 10:56:45 +01:00
Mark Shannon
f8c43ca40b Python: make sure all django and flask request sources conform to interface. 2019-04-04 10:56:45 +01:00
Mark Shannon
61e6ae7c4a Python: Use new taint-tracking query in unsafe deserialization query. 2019-04-04 10:56:45 +01:00
Mark Shannon
3c1a5bb046 Python: Use new taint-tracking query in code-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
64e8be6ed1 Python: Use new taint-tracking query in reflected-xss query. 2019-04-04 10:56:44 +01:00
Mark Shannon
7fc5d690cd Python: Use new taint-tracking query in SQL-injection query. 2019-04-04 10:56:44 +01:00
Taus
b79b53f5e3 Merge pull request #1103 from markshannon/python-encapsulate-builtins 
Python: encapsulate extensionals dealing with 'builtin' objects.
 2019-04-03 15:20:42 +02:00
Jonas Jensen
eae2fe5a16 Merge pull request #1190 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-02 15:29:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Taus
eb5927a197 Merge branch 'master' into python-encapsulate-builtins 2019-03-27 15:40:34 +01:00
Taus
046a485dff Merge pull request #1170 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-03-26 19:28:36 +01:00
Taus
52d8ca09ab Merge pull request #1169 from markshannon/python-speedup-flow-step 
Python: Speed up taint-tracking
 2019-03-26 16:58:47 +01:00
Mark Shannon
058ae7befc Merge pull request #1142 from taus-semmle/python-use-new-moduleobject-api 
Python: Use new `ModuleObject` API more widely.
 2019-03-26 15:02:44 +00:00
Mark Shannon
1e1903b6ac Python taint-tracking: Avoid computing many redundant copies of flow step for dicts and sequences. 2019-03-26 14:41:03 +00:00
Taus
702fc80054 Merge pull request #1166 from Semmle/rc/1.20 
Merge rc/1.20 into master
 2019-03-26 13:09:40 +01:00
Mark Shannon
2f0bb828c8 Python: Tweak wording of qldoc. 2019-03-25 17:35:23 +00:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00
Mark Shannon
57368921d2 Python: Fix Builtin.isClass() and use in ClassObject. Also fix a couple of typos. 2019-03-22 10:00:14 +00:00
Taus
36c7a8430a Merge pull request #1112 from markshannon/python-forward-compatible-points-to-extensions 
Python: Allow points-to extensions to specify just the object.
 2019-03-21 19:20:44 +01:00
Mark Shannon
8ab4dae2fa Merge pull request #1150 from taus-semmle/python-fix-insecure-default-protocol-fp 
Python: Fix false positive for `py/insecure-default-protocol`.
 2019-03-21 18:16:05 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Taus Brock-Nannestad
391e111189 Use attr instead of getAttribute. 2019-03-20 17:41:23 +01:00
Taus Brock-Nannestad
f14f7b50ed Python: Use ModuleObject::named more consistently. 2019-03-20 17:41:23 +01:00