hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

620 Commits

Author SHA1 Message Date
Joe Farebrother
ba054bd428 Manually specify subclasses for redirect models 2024-04-30 14:33:46 +01:00
Joe Farebrother
7df8b1ba51 Don't rely on specific parameter names, add qldoc 2024-04-30 09:45:11 +01:00
Joe Farebrother
2a0459838b Add models for responses 2024-04-25 15:55:59 +01:00
Joe Farebrother
86d1e5b646 Add additional type tracking for request attributes 2024-04-25 13:58:36 +01:00
Joe Farebrother
8fb2faa89b Add additional info to concept tests 2024-04-24 14:05:41 +01:00
Joe Farebrother
2b935e575a Add concept tests + fix typo 2024-04-24 14:05:41 +01:00
Rasmus Wriedt Larsen
bb00d6919a Python: Move dataflow TestUtil to importable location 2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen
e0e405bb31 Python: replace dataflow-test location in files 2024-04-23 09:40:59 +02:00
Joe Farebrother
f85ee38e04 Add instance taint steps for requests 2024-04-22 16:03:39 +01:00
Joe Farebrother
88e3227ed0 Add pyramid models 2024-04-22 13:27:18 +01:00
Taus
58eaddf627 Python: Update all .expected files 
I'm beginning to realise why I didn't do the `toString` overriding way
back when. Thankfully, now that all of our tests are in the same place,
this is actually not a terrible ordeal.
 2024-04-22 12:00:09 +00:00
Tom Hvitved
ceb5b4c56e Python: No longer use models-as-data CSV interface 2024-04-12 13:40:15 +02:00
Anders Schack-Mulligen
bfcfedab8c Python: Update expected output (uninteresting). 2024-04-12 09:20:30 +02:00
Sylwia Budzynska
5d946586b8 Add tests 2024-04-08 15:39:54 +02:00
Sylwia Budzynska
bed0d5678d Add Gradio models 2024-04-05 14:14:21 +02:00
Rasmus Wriedt Larsen
cbb9a64bbb Merge pull request #15457 from RasmusWL/psycopg 
Python: Model the `psycopg` package
 2024-02-12 15:59:16 +01:00
Anders Schack-Mulligen
088a0a54ba Python: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Rasmus Wriedt Larsen
c70b32f7eb Python: Require quote escaping for html.escape 2024-01-30 12:17:01 +01:00
Rasmus Wriedt Larsen
3f0dc2b022 Python: Model the psycopg package 2024-01-29 14:30:20 +01:00
Rasmus Wriedt Larsen
cbed6e861d Python: Add html.escape as HTML sanitizer 2024-01-22 17:32:28 +01:00
Rasmus Wriedt Larsen
72687e0368 Merge branch 'main' into automated-subclass-models 2023-12-19 17:08:25 +01:00
Rasmus Wriedt Larsen
933938d926 Python: Make rest_framework tests runnable again 2023-12-19 17:07:01 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Rasmus Lerchedahl Petersen
9e1c818db6 Python: address review comments 2023-12-04 17:49:26 +01:00
Rasmus Wriedt Larsen
c952f6a648 Python: Update rest of tests to new dataflow lib 
I had missed these originally, since I had just fixed the ones that were
highlighted in the actions logs, thinking they had covered everything :(
 2023-12-04 14:49:40 +01:00
Rasmus Lerchedahl Petersen
e091ae84ab Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph 2023-12-04 14:05:40 +01:00
Rasmus Wriedt Larsen
2fed0adde7 Merge pull request #8457 from RasmusWL/add-dataflow-consistency-query 
Python: Add dataflow consistency query
 2023-12-04 12:50:46 +01:00
Rasmus Wriedt Larsen
4dd3ea3798 Python: Update tests to new dataflow lib 
Avoids some deprecation warnings :)
 2023-12-04 12:36:57 +01:00
Rasmus Wriedt Larsen
4e0cca9a41 Merge pull request #14353 from GeekMasher/py-restframework 
Python: support `*args` and `**kwargs` in request handlers
 2023-11-23 14:04:36 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
3d46129bbf Python: Remove intermediary steps from taint-test 
These were leftovers from old way of propagating taint
 2023-11-23 10:40:25 +01:00
Rasmus Wriedt Larsen
37d03ee0f3 Python: Accept .expected changes 
Note that in this case, since there is a known `django.urls.path`
route-setup, we know that the request-handler will only be passed
keyword arguments, so it is not a mistake that `*args` is not considered
a routed-parameter here (although it certainly wouldn't have hurt us if
we did consider it a routed-parameter either).
 2023-11-21 13:46:55 +01:00
Rasmus Wriedt Larsen
36a846ee32 Python: Fix django regex path handling 2023-11-21 13:08:45 +01:00
Rasmus Wriedt Larsen
c51c15ae74 Python: Add test of routed parameters to *args 
Also move the **kwargs and *args test to a more appropriate file
 2023-11-21 13:01:01 +01:00
Rasmus Wriedt Larsen
2ec1822e9c Python: Accept consistency-errors in django-orm 2023-11-21 12:44:42 +01:00
Rasmus Wriedt Larsen
5f26790b90 Merge branch 'main' into py-restframework 2023-11-21 11:57:48 +01:00
Rasmus Wriedt Larsen
df9fb141b8 Python: Remove old manual consistency query tests 2023-11-21 11:50:23 +01:00
Rasmus Wriedt Larsen
71c017f053 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-11-21 10:07:42 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Rasmus Wriedt Larsen
25d3af9236 Merge branch 'main' into clean-tests 2023-11-16 11:21:01 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Wriedt Larsen
e1c47f5584 Python: Reorganize taint tests of re 
Mostly to highlight that with flow-summary modeling, we don't expect
taint for a lot of these.

I aslo opted to make `finditer()` tainted for consistency.
 2023-11-13 10:56:29 +01:00
Rasmus Wriedt Larsen
c85d99d949 Merge branch 'main' into re-modeling 2023-11-10 16:32:50 +01:00
Rasmus Wriedt Larsen
4943fc5a57 Python: Model taint from re.<func> calls 2023-11-08 17:18:40 +01:00
Rasmus Wriedt Larsen
851c30e797 Python: Add taint modeling of re.Match objects 2023-11-08 17:18:09 +01:00
Rasmus Wriedt Larsen
ea4761d3b6 Python: Add tests of taint-flow for re module 2023-11-08 16:05:22 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00