hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

468 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
ad39b8c68b Python: Accept .expected changes 2024-02-14 14:46:33 +01:00
Rasmus Wriedt Larsen
9399258e3b Merge branch 'main' into amammad-python-bombs 2024-02-14 13:37:59 +01:00
Anders Schack-Mulligen
088a0a54ba Python: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
amammad
5795c72a99 added inline tests 2023-12-07 14:04:33 +01:00
amammad
6ebdae3bab Merge branch 'main' into amammad-python-bombs 2023-12-07 13:50:20 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Rasmus Wriedt Larsen
80506f1028 Python: Accept .expected changes 2023-10-17 10:11:39 +02:00
amammad
4283bb7d48 clean up unused vars,fix tests 2023-10-09 23:15:58 +02:00
Rasmus Lerchedahl Petersen
60dc1afbc0 Python: prepare to promote NoSqlInjection 
Mostly move files, preserving authourship.
This will not compile.
 2023-09-07 09:28:29 +02:00
Rasmus Wriedt Larsen
c665c21d83 Python: More style-guide renaming 
Split it into multiple commits to make it easier to review.
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6961ca5234 Python: Rename to EmailXss 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ed0e441567 Python: Accept missing DataflowQueryTest implementation for now 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
bfcc194b85 Python: Move experimental paramiko to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
1a4e8d9464 Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935 Python: Move experimental ReflectedXSS to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0 Python: Move experimental TarSlipImprov to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f Python: Move experimental UnsafeUnpack to new dataflow API 2023-08-28 15:31:07 +02:00
yoff
826b8e6aa5 Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
f33359bd5c Python: Fix tests 2023-08-23 15:37:55 +02:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
Rasmus Wriedt Larsen
b579ab0694 Python: Accept .expected change 2023-08-18 11:12:55 +02:00
Rasmus Wriedt Larsen
38577e6a5c Python: Remove duplicated SSTI tests 
Besides the Cheetah tests, which were missing from the query tests.
 2023-08-18 10:20:16 +02:00
Rasmus Wriedt Larsen
33f8998c2e Python: Minor fix in test 2023-08-18 10:19:44 +02:00
Rasmus Wriedt Larsen
cf54d3f4ca Python: Move paramiko tests to own folder 2023-08-17 15:45:28 +02:00
Rasmus Wriedt Larsen
4c693b4fc3 Python: Port py/xslt-injection to new data-flow 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
ef139f2ee9 Python: Delete XsltSinks.ql test 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c Python: Rename to XsltInjection.ql 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
0336c76871 Python: Rename template injection tests 2023-08-17 15:45:04 +02:00
Rasmus Wriedt Larsen
91edde72c4 Python: Port py/template-injection to new data-flow 
I kept all the modeling in _one_ file, since that makes it easy to work
with such an external contribution... and I would certainly propose this
file setup for the future 👍
 2023-08-17 15:44:26 +02:00
Rasmus Wriedt Larsen
1c3cc1fa29 Python: Remove flow through stdlib 
This means tests can pass on any machine now 👍
 2023-08-14 11:55:22 +02:00
Rasmus Wriedt Larsen
0fba38c6d8 Merge branch 'main' into amammad-python-WebAppsConstatntSecretKeys 2023-08-14 11:29:56 +02:00
Rasmus Wriedt Larsen
ca93f4d223 Python: Accept .expected changes 2023-08-11 10:36:05 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Rasmus Wriedt Larsen
aa8ed91993 Python: Accept .expected changes 
but it's kinda bad, since it has paths to stdlib in there :(
 2023-07-14 14:47:27 +02:00
Rasmus Wriedt Larsen
9e0f985e23 Python: Fix qlref 2023-07-14 14:33:17 +02:00
amammad
816799c4ba upgrade query to detect redash CVE too 2023-06-30 22:14:50 +10:00
amammad
7aa002fa2a fix an accident :) 2023-06-29 22:20:46 +10:00
amammad
7a17b99c17 V2 2023-06-29 20:55:51 +10:00
amammad
e3e0307db7 V1 2023-06-25 20:36:28 +10:00
amammad
748e96d852 V1 Bombs 2023-06-22 19:28:27 +10:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Rasmus Lerchedahl Petersen
144df9a39e python: remove explicit dataflow steps 2023-05-26 13:24:22 +02:00