hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1242 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e1c47f5584 Python: Reorganize taint tests of re 
Mostly to highlight that with flow-summary modeling, we don't expect
taint for a lot of these.

I aslo opted to make `finditer()` tainted for consistency.
 2023-11-13 10:56:29 +01:00
Rasmus Wriedt Larsen
c85d99d949 Merge branch 'main' into re-modeling 2023-11-10 16:32:50 +01:00
Rasmus Wriedt Larsen
4943fc5a57 Python: Model taint from re.<func> calls 2023-11-08 17:18:40 +01:00
Rasmus Wriedt Larsen
851c30e797 Python: Add taint modeling of re.Match objects 2023-11-08 17:18:09 +01:00
Rasmus Wriedt Larsen
ea4761d3b6 Python: Add tests of taint-flow for re module 2023-11-08 16:05:22 +01:00
Rasmus Wriedt Larsen
9d5cf0b331 Merge branch 'main' into class-attribute-flow 2023-11-08 14:30:53 +01:00
Rasmus Wriedt Larsen
5433907c33 Python: Accept more test changes 
All are for the better 🎉
 2023-11-07 15:49:14 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00
amammad
e8eff78799 fix tests because of error in Frameworks.qll 2023-11-06 19:19:36 +01:00
amammad
315bdc2b48 add tests for new frameworks 2023-11-06 19:13:57 +01:00
Taus
75e6de8311 Python: Add test 2023-11-06 13:50:55 +00:00
Rasmus Wriedt Larsen
92b13c4259 Merge branch 'main' into amammad-python-FileSystemAccess 2023-11-06 11:30:09 +01:00
Rasmus Lerchedahl Petersen
58bf70d61b Python: filter self steps from use-use flow 
Factor out use-use flow in order to do this.
Also improve names and comments.

I also wanted to change the types in `difinitionFlowStep`, but
that broke the module instantiation.
 2023-11-02 09:31:28 +01:00
yoff
867a39083e Merge pull request #14114 from yoff/python/allow-namespace-packages 
Python: Allow namespace packages
 2023-10-26 16:56:05 +02:00
Rasmus Wriedt Larsen
e8f548ab52 Python: Model routed parameter flow to *args and **kwargs in Django + rest framework 2023-10-23 17:18:22 +02:00
Rasmus Wriedt Larsen
24687b4156 Python: Add test highlighting missing routed parameter flow to **kwargs parameter of request handler function 2023-10-23 16:49:43 +02:00
Rasmus Wriedt Larsen
8b23140a08 Python: Remove trailing , 2023-10-23 16:45:08 +02:00
Rasmus Wriedt Larsen
60e7786b04 Python: Use explicit keyword parameter 2023-10-23 16:44:54 +02:00
Rasmus Wriedt Larsen
46e44a0036 Python: Fix import 2023-10-23 16:42:55 +02:00
amammad
1fe565a46f cherrypy framework file system access Sinks are added 2023-10-21 19:47:30 +02:00
Mathew Payne
a24e168ec0 Merge branch 'main' into py-restframework 2023-10-20 11:39:07 +01:00
Rasmus Wriedt Larsen
72d0dcdaba Python: Workaround for module level items from import * not being LocalSourceNodes 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
6521e5165c Python: Extend import * with plain use 
(no calls or anything)
 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
amammad
6c8cc79b4d v1 2023-10-08 21:24:54 +02:00
Mathew Payne
a23904ca39 Add taint tests 2023-10-02 15:09:11 +01:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Rasmus Lerchedahl Petersen
be506c64ba Python: update test-expectations 
These are semantic differences.
They generally look good, except perhaps
we should exclude illegal package names?
(It passes `legalShortName`, though).
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
f5059a6918 Python: fix computation at part boundaries 2023-09-26 20:51:15 +02:00
Rasmus Lerchedahl Petersen
cdf1db09bd Python: add test for part boundaries 2023-09-26 20:50:08 +02:00
Rasmus Lerchedahl Petersen
c1ebde4288 Python: improve location computation 2023-09-26 12:08:50 +02:00
Rasmus Lerchedahl Petersen
aa64390af7 Python: add more tests 2023-09-26 10:54:45 +02:00
Rasmus Lerchedahl Petersen
417907b36d Python: switch to inline expectations 2023-09-25 11:44:56 +02:00
Rasmus Wriedt Larsen
db7b1eea55 Merge branch 'main' into maikypedia/python-unsafe-deserialization 2023-09-25 10:29:18 +02:00
Rasmus Wriedt Larsen
a45e10d64f Python: Slight rewrite of numpy test 
To use positional argument for allow_pickle
 2023-09-25 10:25:11 +02:00
Rasmus Wriedt Larsen
d1caa75053 Python: Fix format for pandas.read_pickle 2023-09-25 10:24:27 +02:00
Max Schaefer
6f67055852 Correctly account for length of string literal prefix when computing locations for RegExpTerms. 2023-09-22 11:24:25 +01:00
Max Schaefer
d4ff9c8ed1 Add test for locations of regexp terms. 2023-09-22 11:24:24 +01:00
Maiky
6d0ba5f97b Add allow_pickle to tests 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-09-17 18:53:18 +02:00
Tom Hvitved
d3558f8579 Python: Update expected test output 2023-09-12 21:18:31 +02:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Rasmus Wriedt Larsen
62c2316124 Merge pull request #14084 from RasmusWL/flask-jsonify 
Python: Remove XSS FP from use of `flask.jsonify`
 2023-08-30 13:07:54 +02:00
yoff
ae4c76c788 Merge pull request #13975 from yoff/python/parsemodechars-not-chars 2023-08-29 14:05:57 +02:00
Rasmus Wriedt Larsen
0b2458d065 Python: Improve modeling of Flask jsonify 
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
 2023-08-29 11:11:32 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Lerchedahl Petersen
68cd422788 Python: Fix test expectations 2023-08-25 11:27:53 +02:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
Geoffrey White
f07f97a94e Python: Accept test changes. I think these reflect the 'parse mode chars should not be considered chars' issue. 2023-08-24 10:52:52 +01:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00