codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	0da78f216a	Python: Show that `e, f, g = tainted_list` doesn't work	2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen	a55c13e61c	Python: Improve tests for StringDictKind taint + show we handle dict.values() + show we don't handle dict.items()	2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen	96d5703f2c	Python: Remove use of deprecated methods	2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen	bbe93f43d3	Python: Only comparison with constant will clear taint tainted = SOURCE if tainted == tainted: SINK(tainted) # unsafe before, in the body of the if statement, `tainted` was not tainted	2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen	1498145415	Python: Highlight that any comparison will clear taint	2020-01-21 15:24:56 +01:00
Rasmus Wriedt Larsen	9151a7e433	Python: Always enable legacy taint tracking configuration If the legacy configuration is only enabled if there are no other configurations, defining a configuration in an imported library can lead to unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)` would stop working, if it did not define its own configuration. (this actually happened to us) We performed a dist-compare to ensure there is not a performance deg ration by doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e Tests that were affected by this: - RockPaperScissors + Simple: new edges because no configuration was defined for SqlInjectionTaint or CommandInjectionTaint - CleartextLogging + CleartextStorage: new edges because no configuration was defined before, AND duplicate deges. - TestNode: new edges because no configuration was defined before - PathInjection: Duplicate edges - TarSlip: Duplicate edges - CommandInjection: Duplicate edges - ReflectedXss: Duplicate edges - SqlInjection: Duplicate edges - CodeInjection: Duplicate edges - StackTraceExposure: Duplicate edges - UnsafeDeserialization: Duplicate edges - UrlRedirect: Duplicate edges	2019-11-11 11:17:21 +01:00
Rasmus Wriedt Larsen	bf197b9f20	Add testcase	2019-10-10 15:34:54 +02:00
Mark Shannon	637677d515	Python: Move TaintTracking.qll from semmle.python.security to semmle.python.dataflow, for consistency with other code.	2019-08-30 12:57:47 +01:00
Mark Shannon	22f55d25c2	Python taint-tracking. Reorder columns in some tests for easier comprehension of expected output.	2019-08-29 14:36:10 +01:00
Mark Shannon	e51b797c03	Python taint-tracking. Add an adapter for old 'dataflow config'.	2019-08-29 14:30:09 +01:00
Mark Shannon	179f4ee88f	Python taint-tracking: Add documented example test.	2019-08-29 13:03:58 +01:00
Mark Shannon	10fddbc19b	Python new taint-tracking: Fix some typos and clarify documentation.	2019-08-29 11:03:35 +01:00
Mark Shannon	c7ec5690a5	Python taint-tracking: make sure all features of legacy extensions are supported.	2019-08-29 10:31:50 +01:00
Mark Shannon	64c160b75c	Python taint-tracking: Fix ambiguous flow through class instantiation. Tweak the path query to ensure edge to sink is always present.	2019-08-29 10:31:50 +01:00
Mark Shannon	3f8066878a	Python taint-tracking: Fix up handling of contexts for __init__ and for context-free taints.	2019-08-29 10:31:50 +01:00
Mark Shannon	fe9c9d479d	Python taint-tracking. Fix bug in legacy API.	2019-08-29 10:31:50 +01:00
Mark Shannon	7c4a18eee3	Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking	2019-08-29 10:31:50 +01:00
Mark Shannon	24b4a4102c	Python taint-tracking: Further enhancements to new implementation for better debugging and backwards compatibility.	2019-08-29 10:31:50 +01:00
Mark Shannon	1addfaac1a	Python taint-tracking: update test results.	2019-08-29 10:31:50 +01:00
Mark Shannon	a7845ae0e1	Python taint-tracking: Remove old implementation.	2019-08-29 10:31:50 +01:00
Mark Shannon	74f1dd3ec0	Python taint-tracking. Add some tests and fix up various parts of the implementation.	2019-08-29 10:31:50 +01:00
Mark Shannon	453ae19881	Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements.	2019-08-16 09:54:11 +01:00
Mark Shannon	9d6df78d44	Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.	2019-06-21 15:55:27 +01:00
Mark Shannon	e8190d9a7b	Python: Track taint through 'yield' expressions.	2019-06-18 16:39:52 +01:00
Mark Shannon	97c98f29e4	Python taint-tracking: Support iterables of taint.	2019-06-18 16:39:47 +01:00
Mark Shannon	2aa967ae8e	Remove redundant tests.	2019-04-26 16:21:47 +01:00
Esben Sparre Andreasen	c80ee3df01	Mergeback: rc/1.20 into Semmle/master	2019-04-16 08:46:15 +02:00
Mark Shannon	d6ba729dce	Python: Fix semantic merge conflict between #1206 and #1240 .	2019-04-12 12:32:41 +01:00
Taus	707b73c3d0	Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests Python: Remove callsite refinement ESSA definition in tests	2019-04-12 12:05:40 +02:00
Mark Shannon	ca6e03f597	Python: Remove callsite refinement ESSA definition when call in a test defining a pi-node.	2019-04-11 16:08:29 +01:00
Mark Shannon	df2000ea8e	Python: Fix up dataflow configuration to act as expected. Keep undocumented for now.	2019-04-05 09:05:13 +01:00
Mark Shannon	e2a3d91a7d	Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test.	2019-04-04 14:29:34 +01:00
Mark Shannon	2edde1fed8	Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints.	2019-03-22 11:58:23 +00:00
Mark Shannon	ebd9bc3cb5	Python: Improve taint tracking to account for truthiness of the taint kind.	2019-03-01 11:24:07 +00:00
Mark Shannon	d32e6b8501	Python tests: Make sure stdlib can be found.	2018-12-03 11:55:57 +00:00
Mark Shannon	05b69a1c0f	QL tests for Python queries and libraries.	2018-11-19 15:15:54 +00:00

1 2

86 Commits