hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

3920 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
0b45b63bd2 Python: Update debug query to changed API 
The change is commented out by default
which is why no compilation tests failed
when the API changed.
 2023-11-01 11:39:51 +01:00
Rasmus Lerchedahl Petersen
38b811b050 Python: Separate -> PhaseDependentFlow 2023-10-31 21:50:33 +01:00
Rasmus Lerchedahl Petersen
e745df6478 Python: module for import time flow 
The logic for separating local flow into _import time_
and _runtime_ was duplicated a few times.
Create a module for it instead, and add a good qldoc.
 2023-10-27 15:07:49 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
yoff
867a39083e Merge pull request #14114 from yoff/python/allow-namespace-packages 
Python: Allow namespace packages
 2023-10-26 16:56:05 +02:00
Max Schaefer
3939167ba2 Include more details in the message for py/weak-cryptographic-algorithm. 
Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.
 2023-10-26 11:28:09 +01:00
Rasmus Wriedt Larsen
e8f548ab52 Python: Model routed parameter flow to *args and **kwargs in Django + rest framework 2023-10-23 17:18:22 +02:00
Rasmus Wriedt Larsen
24687b4156 Python: Add test highlighting missing routed parameter flow to **kwargs parameter of request handler function 2023-10-23 16:49:43 +02:00
Rasmus Wriedt Larsen
8b23140a08 Python: Remove trailing , 2023-10-23 16:45:08 +02:00
Rasmus Wriedt Larsen
60e7786b04 Python: Use explicit keyword parameter 2023-10-23 16:44:54 +02:00
Rasmus Wriedt Larsen
46e44a0036 Python: Fix import 2023-10-23 16:42:55 +02:00
amammad
1fe565a46f cherrypy framework file system access Sinks are added 2023-10-21 19:47:30 +02:00
Mathew Payne
a24e168ec0 Merge branch 'main' into py-restframework 2023-10-20 11:39:07 +01:00
Rasmus Wriedt Larsen
80506f1028 Python: Accept .expected changes 2023-10-17 10:11:39 +02:00
Rasmus Wriedt Larsen
2bf4c32433 Python: Add syntactic support for yield in contextlib.contextmanager 2023-10-17 09:51:20 +02:00
Rasmus Wriedt Larsen
2399793c8a Python: Expand contextmanager test even more 2023-10-17 09:41:30 +02:00
Rasmus Wriedt Larsen
883bd9f3b3 Python: Add test for type-tracking with yield 2023-10-16 12:09:07 +02:00
Rasmus Lerchedahl Petersen
a4117538ab Python: update test expectations 
This update looks different locally for me,
so this is slightly sketchy..
 2023-10-11 16:31:56 +02:00
Rasmus Wriedt Larsen
68d00a829e Merge pull request #14430 from RasmusWL/api-graph-import-star 
Python: Better allow `import *` to work with API graphs
 2023-10-11 10:03:46 +02:00
Rasmus Wriedt Larsen
72d0dcdaba Python: Workaround for module level items from import * not being LocalSourceNodes 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
6521e5165c Python: Extend import * with plain use 
(no calls or anything)
 2023-10-10 17:45:11 +02:00
yoff
f1266a3e81 Merge pull request #14417 from github/tausbn/python-add-flow-for-assignment-expressions 2023-10-10 17:09:20 +02:00
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
Taus
8e1bb4b364 Python: Accept moved consistency test results 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-10 09:22:36 +00:00
amammad
4283bb7d48 clean up unused vars,fix tests 2023-10-09 23:15:58 +02:00
Taus
e8ac258994 Python: Add missing flow for AssignmentExpr nodes 
Also extend the tests surrounding this construct to be a bit more comprehensive.

Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-09 14:16:03 +00:00
Erik Krogh Kristensen
625e889c62 Merge pull request #14339 from erik-krogh/range-printing 
JS/PY/RB/Java: escape unicode chars in overly-large-range
 2023-10-09 14:22:38 +02:00
amammad
6c8cc79b4d v1 2023-10-08 21:24:54 +02:00
Mathew Payne
a23904ca39 Add taint tests 2023-10-02 15:09:11 +01:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Rasmus Lerchedahl Petersen
be506c64ba Python: update test-expectations 
These are semantic differences.
They generally look good, except perhaps
we should exclude illegal package names?
(It passes `legalShortName`, though).
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
1d4832cbfe python: allow namespace packages as packages 
remove the logic around isPotentialPackage
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
362cf107a4 python: add tests for module import 
- `--max-import-depth=3` to give points-to a chance
- `not_root` dir to force namespace package logic
- add usage in `example.py` to get files extracted
 2023-09-29 15:10:19 +02:00
yoff
dbecb1bd0f Merge pull request #14070 from yoff/python/promote-nosql-query 
Python: promote nosql query
 2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen
9b73bbfc31 Python: Add keyword argument support 
and a fair bit of refactoring
 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
3676262313 Python: Clean trailing whitespace 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
16e1a00e88 Python: NoSQLInjection -> NoSqlInjection 2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen
2d845e3e55 Python: nicer paths 
turn "the long jump" that would end up
straight at the argument into a short jump
that ends up at the dictionary being written to.
Dataflow takes care of the rest of the path.
 2023-09-29 12:02:16 +02:00
erik-krogh
5d4b542995 escape unicode chars in overly-large-range 2023-09-28 20:16:09 +02:00
Rasmus Lerchedahl Petersen
d5b64c5ff2 Python: update test expectations 2023-09-28 14:20:30 +02:00
Rasmus Lerchedahl Petersen
3fb579eaff Python: add test for type tracking 2023-09-28 12:14:12 +02:00
yoff
8156fa9a4d Apply naming suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-28 11:47:10 +02:00
Rasmus Wriedt Larsen
f3acc89900 Python: Accept .expected 2023-09-28 10:41:16 +02:00
Rasmus Lerchedahl Petersen
db95eade64 Python: accept improved test output 2023-09-26 20:58:51 +02:00
Rasmus Lerchedahl Petersen
f5059a6918 Python: fix computation at part boundaries 2023-09-26 20:51:15 +02:00
Rasmus Lerchedahl Petersen
cdf1db09bd Python: add test for part boundaries 2023-09-26 20:50:08 +02:00
Rasmus Lerchedahl Petersen
c1ebde4288 Python: improve location computation 2023-09-26 12:08:50 +02:00
Rasmus Lerchedahl Petersen
aa64390af7 Python: add more tests 2023-09-26 10:54:45 +02:00
Rasmus Lerchedahl Petersen
417907b36d Python: switch to inline expectations 2023-09-25 11:44:56 +02:00