hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

3920 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
a5289bd708 Python: Use Object in CallRefersTo test 
Since other things than FunctionObject can be called ;)
 2020-05-04 20:49:47 +02:00
Rasmus Wriedt Larsen
7b8b4af6d2 Python: Add test for call.getFunction().refersTo 
Showing that
`call.getFunction().refersTo(func)` gives different results from
`call = func.getACall()`
 2020-05-04 20:49:19 +02:00
Rasmus Wriedt Larsen
16e9d76e22 Merge branch 'master' into python-keyword-only-args 2020-05-04 11:49:00 +02:00
Taus
33f4503ac3 Merge pull request #3213 from RasmusWL/python-iter-str-seq-with-tests 
Python: supress non-useful results (w/ tests) for iter str/seq query
 2020-05-01 11:04:05 +02:00
Rasmus Wriedt Larsen
e569d7ae41 Merge branch 'master' into python-parse_qs 2020-04-30 17:05:17 +02:00
Rasmus Wriedt Larsen
e0b4518a3e Merge branch 'master' into python-improve-file-taint 2020-04-30 11:24:29 +02:00
Rasmus Wriedt Larsen
c5e14f5c0d Python: Handle defaults and annotations for keyword-only arguments 
This commit is based on a change to the extractor
 2020-04-27 17:24:10 +02:00
Rasmus Wriedt Larsen
1fcbb6e9f4 Python: Better test for Argument.getDefault(i) 
Default values for positional arugments follow a rule, so if an argument has a
default value, later positional arguments must also have default values.

The database only stores the actual default values, and nothing about the
arguments that doesn't have default values.

This turns out to be a major problem for Argument.getKwDefault(i), since default
values for keyword-only arguments doesn't have the same rule. So if you know
there is one default value, you can't tell if it is associated with `foo` or
`bar`, as in the examples below:

```
def a(*, foo=None, bar):
    pass

def b(*, foo, bar=None):
    pass
```
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
c508e89a00 Python: Handle keyword-only arguments properly 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
4185edc087 Python: Expand parameters/functions test 
I want to ensure we handle when only _some_ parameters have default/annotations
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
0cc8d49112 Python: Add tests for full Python 3 parameters syntax 
Currently keyword-only parameters are not handled properly :(
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
64c013ef4d Merge branch 'master' into python-iter-str-seq-with-tests 2020-04-27 17:20:06 +02:00
Rasmus Wriedt Larsen
4e80abbfa9 Python: Fixup wording in comment 
where you place a not is not without significance :D
 2020-04-27 17:03:01 +02:00
Taus
de08433bd3 Merge pull request #3212 from RasmusWL/python-fix-tests-filter 
Python: Fix (some) shortcomings of tests filter
 2020-04-27 11:26:35 +02:00
Taus
bcb980b3d5 Merge pull request #3302 from RasmusWL/python-str-taint-add-methods 
Python: Add taint for string methods
 2020-04-24 16:29:11 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
semmle-qlci
4c7a5007d8 Merge pull request #3314 from RasmusWL/python-model-stdlib-http.server 
Approved by tausbn
 2020-04-24 15:27:21 +01:00
Taus
1d6b6a48ae Merge pull request #2924 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsincall 
Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall
 2020-04-23 17:56:39 +02:00
Rasmus Wriedt Larsen
fe50811bbf Python: In taint test, list comprehension => for loop 
Apparently they're not the same thing :(
 2020-04-23 14:13:00 +02:00
Rasmus Wriedt Larsen
1fe0040086 Python: Don't use six in urllib.parse string related tests 
Since this test inheriently has `--max-import-depth=1`, by using six, we would
never look at the actual source-code of urllib.parse/urlparse and therefore the
test would never show if we understood the library code good enough that we
could propagate taint out-of-the-box.

All tests moved by one line... that is why the diff is so big
 2020-04-23 13:00:45 +02:00
Rasmus Wriedt Larsen
94ae2febe5 Python: Propagate taint through parse_qsl 2020-04-23 12:14:22 +02:00
Taus
54d1991a9d Merge pull request #3300 from RasmusWL/python-pointsto-regression-open 
Python: Add points-to regression for uncalled function
 2020-04-23 11:50:30 +02:00
Rasmus Wriedt Larsen
86630f1d6c Python: Handle readline, readlines for ExternalFileObject 2020-04-23 10:40:16 +02:00
Rasmus Wriedt Larsen
7385ea5024 Python: Add tests for ExternalFileObject 2020-04-23 10:36:51 +02:00
Rebecca Valentine
89752f4b55 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-22 09:52:33 -07:00
Rebecca Valentine
9cd2171fb8 Merge branch 'master' into python-objectapi-to-valueapi-incorrectlyoverridenmethod 2020-04-22 09:40:33 -07:00
Rasmus Wriedt Larsen
22096c36b9 Python: Add standard HttpSources tests for BaseHTTPRequestHandler 2020-04-22 17:28:49 +02:00
Rasmus Wriedt Larsen
51a9094064 Python: Add sinks for http.server.BaseHTTPRequestHandler 2020-04-22 17:28:27 +02:00
Rasmus Wriedt Larsen
6b84137a92 Python: Model cgi.FieldStorage (parsing of submitted forms) 2020-04-22 11:37:47 +02:00
Rasmus Wriedt Larsen
26ed911bb2 Python: Add modeling of http.server.BaseHTTPRequestHandler 2020-04-22 09:52:10 +02:00
Rasmus Wriedt Larsen
30e2592701 Python: Propagate taint through parse_qs 2020-04-22 08:55:35 +02:00
Taus
5af351eacd Merge pull request #3275 from RasmusWL/python-fix-points-to-deprecations 
Python: Remove deprecated annotation for old PointsTo::points_to
 2020-04-21 18:18:07 +02:00
Rasmus Wriedt Larsen
32a97266cf Python: Fix deprecation warnings in test output 2020-04-21 11:39:44 +02:00
Rasmus Wriedt Larsen
b7145af447 Python: Handle all methods in StringKind.getTaintOfMethodResult 2020-04-20 16:07:30 +02:00
Rasmus Wriedt Larsen
10b36bb7a8 Python: Taint of string method reference isn't handled 2020-04-20 15:01:40 +02:00
Rasmus Wriedt Larsen
1631787336 Python: Fix points-to regressions Test.ql 
Only being able to debug missing pointsTo for NameNode was quite limiting ...
 2020-04-20 14:41:55 +02:00
Rasmus Wriedt Larsen
8746876377 Python: Add points-to regression for uncalled function 2020-04-20 14:41:45 +02:00
Taus
964a619450 Merge pull request #3211 from RasmusWL/python-unused-import-small-fix 
Python: Fix FN in unused import
 2020-04-16 14:22:50 +02:00
Rasmus Wriedt Larsen
5a51d2cc4c Merge pull request #3245 from BekaValentine/python-objectapi-to-valueapi-wrongnameforargumentinclassinstantiation 
Python: ObjectAPI to ValueAPI: WrongNameForArgumentInClassInstantiation
 2020-04-15 16:48:26 +02:00
Taus
8402e6a2e1 Merge pull request #3243 from BekaValentine/python-objectapi-to-valueapi-incorrectlyspecifiedoverriddenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlySpecifiedOverriddenMethod
 2020-04-14 18:55:42 +02:00
Taus
3e46604fa5 Merge pull request #3223 from BekaValentine/python-objectapi-to-valueapi-iterreturnsnoniterator 
Python: ObjectAPI to ValueAPI: IterReturnsNonIterator
 2020-04-14 12:55:21 +02:00
Rebecca Valentine
339758fa70 Python: ObjectAPI to ValueAPI: WrongNameForArgumentInClassInstantiation: Adds preliminary modernization 2020-04-09 15:04:44 -07:00
Rebecca Valentine
8dc1933a02 Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInClassInstantiation: Adds preliminary modernization 2020-04-09 14:58:30 -07:00
Rebecca Valentine
336e48c5c6 Python: ObjectAPI to ValueAPI: IncorrectlySpecifiedOverriddenMethod: Adds preliminary modernization 2020-04-09 14:50:26 -07:00
Rebecca Valentine
be00d71b99 Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod: Adds preliminary modernization 2020-04-09 14:41:22 -07:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Rebecca Valentine
c2443f2342 Python: ObjectAPI to ValueAPI: OverlyComplexDelMethod: Adds preliminary modernization 2020-04-07 21:31:35 -07:00
Rebecca Valentine
0d65db148f Python: ObjectAPI to ValueAPI: IterReturnsNonIterator: Adds preliminary modernization 2020-04-07 21:14:25 -07:00
Rasmus Wriedt Larsen
befe73df14 Python: supress non-useful results (w/ tests) for iter str/seq query 
Fixes https://github.com/Semmle/ql/issues/3207
 2020-04-07 11:46:36 +02:00
Rasmus Wriedt Larsen
94ccc16f85 Python: iter str/seq query gives non-useful results with tests 2020-04-07 11:46:35 +02:00