hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

848 Commits

Author SHA1 Message Date
semmle-qlci
e36e16af48 Merge pull request #2079 from taus-semmle/python-unused-local-nonlocal 
Approved by RasmusWL
 2019-10-07 15:38:21 +01:00
Rasmus Wriedt Larsen
3f45d8614b Merge pull request #2047 from taus-semmle/python-modernise-and-fix-cyclic-import-fp 
Python: modernise and fix cyclic import false positive.
 2019-10-07 14:28:36 +02:00
Taus Brock-Nannestad
5946a4a066 Python: Teach py/unused-local-variable about nonlocal. 2019-10-03 17:56:29 +02:00
AlexTereshenkov
3e6f8fb6be Add bind-socket-all-network-interfaces Python query (#2048) 
Add bind-socket-all-network-interfaces Python query
 2019-10-03 11:23:11 +01:00
Taus Brock-Nannestad
384013e0dc Python: Add tests for reachability when using nonlocal. 2019-10-02 17:13:00 +02:00
Taus
fb20cab4c8 Merge pull request #2012 from RasmusWL/python-modernise-cls-self-checks 
Python: modernise cls self argument name checks
 2019-09-30 15:50:32 +02:00
Taus Brock-Nannestad
aa16d20d5a Python: Fix false positive for cyclic imports guarded by if False:. 2019-09-27 15:22:12 +02:00
Taus Brock-Nannestad
25985e901b Python: Remove a few false positives from py/unused-import. 2019-09-27 11:46:59 +02:00
Rasmus Wriedt Larsen
457794e030 Python: Consistenly use parameter instead of argument in docs 
The Python 3 FAQ states that this is the right thing [0]

It sadly doesn't align 100% with PEP8, which calls them for "arguments" [1], but
after discussion with Taus, we decided to go with "parameter" everywhere to be
consistent.

[0] https://docs.python.org/3/faq/programming.html#faq-argument-vs-parameter
[1] https://www.python.org/dev/peps/pep-0008/#function-and-method-arguments
 2019-09-26 16:31:09 +02:00
Rasmus Wriedt Larsen
12c49031e8 Python: Modernise bottle library 2019-09-26 15:03:47 +02:00
Rasmus Wriedt Larsen
546405a379 Python: Add more tests for cls/self argument names 2019-09-26 13:25:14 +02:00
Rasmus Wriedt Larsen
c6d9eb9254 Python: Move more tests for argument names into own file 
Plus fixup of expected output from unrelated tests
 2019-09-26 13:25:14 +02:00
Rasmus Wriedt Larsen
d273974045 Python: Don't flag return procedure_call() in __init__ as error 
This commit fixes the results for
0d8a429b7e/files/mayaTools/cgm/lib/classes/AttrFactory.py (L90)

```
def __init__(...):
    if error_case:
        return guiFactory.warning(...)
```

that was wrongly reporting _Explicit return in __init__ method._ as an error.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
6e50a0ef84 Python: Modernise the py/explicit-return-in-init query. 
Add explicit test case to show that we don't doulbe report this problem.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
3c33e863ad Python: split tests for Functions into more files 
Makes it easier to see what the testcases are relevant for what queries.
 2019-09-19 11:54:28 +02:00
Taus Brock-Nannestad
d336140c19 Python: Modernise the py/non-iterable-in-for-loop query. 
Also adds a small test case exhibiting the same false positive seen in
ODASA-8042.
 2019-09-05 12:24:51 +02:00
Mark Shannon
3f740d6efe Python: Update CWE-312 queries to use new taint-tracking configuration. 2019-08-30 11:21:04 +01:00
Mark Shannon
811815aa4e Merge branch 'master' into python-cwe-312 2019-08-30 10:39:04 +01:00
Mark Shannon
989d7aeace Merge branch 'master' into python-cwe-312 2019-08-29 15:57:49 +01:00
Mark Shannon
e5900921e7 Python taint-tracking: Remove warnings from test output. 2019-08-29 10:31:50 +01:00
Mark Shannon
64c160b75c Python taint-tracking: Fix ambiguous flow through class instantiation. Tweak the path query to ensure edge to sink is always present. 2019-08-29 10:31:50 +01:00
Mark Shannon
d31e55f88e Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests. 2019-08-29 10:31:50 +01:00
Mark Shannon
78ce19678a Python taint-tracking: Fix up SQL injection query. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
2d9d292ee4 Python: Fix up pi-node handling in taint-tracking. 2019-08-29 10:31:50 +01:00
Rebecca Valentine
36f99c19bc Merge pull request #1840 from markshannon/python-better-hasattribute-handling 
Python: Add 'hasAttribute' predicate to ObjectInternal and Value.
 2019-08-28 10:45:44 -07:00
Mark Shannon
1c8ce418d9 Python: Add test to confirm #1212 is fixed. 2019-08-28 12:01:04 +01:00
Mark Shannon
8909c3d6ab Python: Fix tags and message for CWE-312 queries. 2019-08-23 15:20:19 +01:00
Taus Brock-Nannestad
92f48191c2 Update test results for UndefinedGlobal.ql. 2019-08-22 17:53:36 +02:00
Taus Brock-Nannestad
b82ebf2a37 Add tests. 2019-08-22 16:30:14 +02:00
Mark Shannon
4759044ee4 Python tests: Fix up tests for CWE-312 to not use external locations. 2019-08-22 15:27:49 +01:00
Mark Shannon
9df205b288 Python tests: Fix up CWE-327 tests to use new sensitive-data library. 2019-08-22 15:27:48 +01:00
Mark Shannon
816938369e Python: Add tests for clear-text storage and logging. 2019-08-22 15:27:48 +01:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
Taus
34106ec739 Merge pull request #1730 from markshannon/python-prepare-for-unrolling 
Python prepare for implementing loop unrolling in extractor.
 2019-08-13 10:54:24 +02:00
Taus
5f55cb046d Merge pull request #1691 from markshannon/python-fewer-missing-edges 
Python: Make a few more expressions point-to the 'unknown' value.
 2019-08-12 16:15:09 +02:00
Mark Shannon
8dd3963546 Python tests: Temporarily remove some analysis tests prior to implementing loop-unrolling in extractor. 2019-08-12 14:12:02 +01:00
Rebecca Valentine
8823cdfdbc Merge pull request #1713 from markshannon/python-remove-parents 
Python taint-tracking: Remove 'parents' query from path-queries.
 2019-08-08 10:01:40 -07:00
Mark Shannon
c2f9189286 Python: Make a few more expressions point-to the 'unknown' value to improve reachability by about 1%. 2019-08-08 12:01:41 +01:00
Mark Shannon
4b242ddc86 Python: Port a few queries to new API. 2019-08-08 11:58:23 +01:00
Mark Shannon
6bd5158f9e Python taint-tracking: Remove 'parents' query from path-queries, as it unused by the tooling. 2019-08-08 10:15:06 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Mark Shannon
27c0571a86 Python points-to: Infer types for comprehensions. 2019-07-25 14:18:05 +01:00
Mark Shannon
2c5b1c0810 Fix semantic merge conflict between #1470 and #1487. 2019-07-15 15:34:00 +01:00
Taus
f12c057826 Merge pull request #1470 from markshannon/python-tarslip 
Python: "TarSlip" query
 2019-07-15 12:43:47 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Mark Shannon
347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00