hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

9240 Commits

Author SHA1 Message Date
yoff
54ced06ada Merge branch 'main' into python/captured-variables-for-typetracking 2023-04-27 17:32:41 +02:00
Anders Schack-Mulligen
71ae0909d8 Dataflow: Enforce type pruning in all forward stages. 2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen
9140cbefc0 Dataflow: Sync. 2023-04-27 14:55:23 +02:00
Anders Schack-Mulligen
246d904712 Merge pull request #12948 from aschackmull/dataflow/pathnode-type-tostring 
Dataflow: Add type to PathNode.toString.
 2023-04-27 14:14:10 +02:00
Rasmus Wriedt Larsen
aa216e6535 Python: Update inline expectations 2023-04-27 12:04:05 +02:00
Rasmus Wriedt Larsen
d73289ac4e Python: Accept .expected changes 2023-04-27 11:54:39 +02:00
amammad
a541fdf5e5 v1.2 code quality improvements including commnets too 2023-04-27 08:30:46 +02:00
amammad
1bf159e9a9 Merge branch 'github:main' into amammad-python-paramiko 2023-04-26 23:28:29 -07:00
Arthur Baars
128d102bbc Merge pull request #12871 from aibaars/py-yaml 
Python: add YAML support
 2023-04-26 18:13:26 +02:00
Rasmus Lerchedahl Petersen
00b85cbfb9 python: remove blank line 2023-04-26 16:26:26 +02:00
Rasmus Wriedt Larsen
d274fa16a1 Python: Hide ModuleVariableNode in data-flow paths 
They just add an extra step, and don't actually contribute any good
information for end-users.
 2023-04-26 16:04:16 +02:00
Rasmus Wriedt Larsen
0c4bcec39e Python: Fix ModuleVariableNode.toString 
In some cases mod.getName() does not have a result, so toString of
ModuleVariableNode would also not have a result, which would cause
data-flow paths that use these as an edge to not be valid :O
 2023-04-26 16:03:21 +02:00
Rasmus Lerchedahl Petersen
20cbc08627 python: we want empty expected files 
(thanks @RasmusWL)
 2023-04-26 15:54:23 +02:00
Rasmus Lerchedahl Petersen
843329f2fb python: no longer missing 2023-04-26 15:06:03 +02:00
Rasmus Lerchedahl Petersen
66fdf6b241 python: add test for capturing by value 2023-04-26 15:05:03 +02:00
Rasmus Lerchedahl Petersen
003fece490 python: add test for capturing via global 2023-04-26 14:52:40 +02:00
Anders Schack-Mulligen
d681671356 Dataflow: Sync. 2023-04-26 14:45:07 +02:00
Rasmus Lerchedahl Petersen
4d95b2023e python: remember to update validTest.py 2023-04-26 14:36:52 +02:00
Rasmus Wriedt Larsen
abc1d658e0 Python: More .expected accepting 2023-04-26 14:10:13 +02:00
Rasmus Lerchedahl Petersen
b71306104e python: add test for inheritance 2023-04-26 13:50:12 +02:00
Arthur Baars
5b6d3afd89 Python: Yaml printAst and tests 2023-04-26 13:41:57 +02:00
Rasmus Lerchedahl Petersen
824d4d5413 python: fix test expectations 
also rename `collections.py` so it does not
clash with the standard library name.
This clash is an issue when testing locally.
 2023-04-26 13:31:37 +02:00
Rasmus Wriedt Larsen
b178c9cfe6 Python: Accept dataflow/basic/*.expected 2023-04-26 13:30:11 +02:00
Rasmus Wriedt Larsen
3f39648065 Python: Remove duplicated test 2023-04-26 13:30:11 +02:00
Rasmus Wriedt Larsen
1a97e8f329 Python: Add flow-step for arg[1] to dict.setdefault 2023-04-26 13:30:11 +02:00
Arthur Baars
c1c2bcf419 Python: rename YAML.qll to Yaml.qll 2023-04-26 12:44:53 +02:00
Rasmus Lerchedahl Petersen
0338d4ef9c This was the case locally, but not in CI.. 🤷 
Revert "python: no longer missing"

This reverts commit f796177b69.
 2023-04-25 21:34:27 +02:00
yoff
d4953ef26a Merge branch 'main' into python/captured-variables-for-typetracking 2023-04-25 21:32:18 +02:00
Rasmus Wriedt Larsen
95b8a22529 Merge pull request #12889 from kaspersv/kaspersv/prevent-python-join-order-regression 
Prevent Python join order regression
 2023-04-25 18:02:13 +02:00
Rasmus Lerchedahl Petersen
f796177b69 python: no longer missing 2023-04-25 14:24:26 +02:00
Rasmus Lerchedahl Petersen
141c5af30e Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-25 14:07:11 +02:00
yoff
b35637e1c5 Merge pull request #12858 from RasmusWL/paramiko-modeling 
Python: Expand modeling of `paramiko`
 2023-04-25 14:04:50 +02:00
Kasper Svendsen
361b15b2c7 Merge branch 'main' into kaspersv/prevent-python-join-order-regression 2023-04-24 13:35:07 +02:00
Michael Nebel
8ade7247a1 Merge pull request #12885 from michaelnebel/mergepathgraph3 
Dataflow: Introduce param module for merging three path graphs.
 2023-04-24 12:49:28 +02:00
Rasmus Wriedt Larsen
7453533ba4 Python: Expand setdefault tests 2023-04-24 12:29:58 +02:00
Rasmus Wriedt Larsen
7fa84a3613 Python: Only test UnsafeUnpacking with Python 3 
Apparently the fixup of .expected in the latest commit was only required
when extracting as Python 3, but not as Python 2... I honestly don't
understand why.
 2023-04-24 12:29:58 +02:00
Rasmus Lerchedahl Petersen
a25c7f7549 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-24 11:50:32 +02:00
Arthur Baars
b919547e31 Add change note 2023-04-21 17:42:02 +02:00
Arthur Baars
bc44b9e4fb Python: update stats for YAML tables 2023-04-21 17:42:02 +02:00
Arthur Baars
c4a7353583 Python: upgrade/downgrade scripts 2023-04-21 17:42:02 +02:00
Arthur Baars
f61565cab1 Python: add YAML library 2023-04-21 17:42:02 +02:00
Arthur Baars
9c25c150a3 Python: add YAML dbscheme fragment 2023-04-21 17:42:02 +02:00
Rasmus Wriedt Larsen
b60cab254a Python: Accept .expected change 2023-04-21 15:25:47 +02:00
Rasmus Wriedt Larsen
4094ec5fcc Python: Change additional dict store/read steps to not affect taint-tracking 2023-04-21 14:43:24 +02:00
Rasmus Wriedt Larsen
f80a0916ac Python: Don't report get/setdefault as unresolved calls for dict tests 2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen
e0e978bd3e Python: Fix ql4ql alerts 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
b56869551d Python: Support more dictionary read/store steps 
The `setdefault` behavior is kinda strange, but no reason not to support
it.
 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
6e31f64aaa Python: Add test for dictionary flow 2023-04-21 14:18:46 +02:00
Kasper Svendsen
603a97faf9 Prevent Python join order regression 2023-04-20 13:44:30 +02:00
Luke Cartey
a47778c22e Update SimpleXmlRpcServer.ql to avoid av detection 
This file was being flagged by McAfee as an `Exploit-Generic.src`
trojan. We have attempted to report this to Mcafee without success so
far. This commit therefore adjusts the file to avoid detection.
 2023-04-20 11:59:18 +01:00