hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

9277 Commits

Author SHA1 Message Date
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Rasmus Wriedt Larsen
dc9dbf3682 Python: Autoformat 2020-03-25 11:56:18 +01:00
Rasmus Wriedt Larsen
12c6997e7b Python: Reduce result set in custom taint sanitizer 2020-03-25 11:55:29 +01:00
semmle-qlci
a413a3254b Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable 
Approved by tausbn
 2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Rasmus Wriedt Larsen
05ecfc83f7 Python: Add test-case with swapped decorator order 2020-03-24 14:18:46 +01:00
Taus
fe00d1cbf4 Merge pull request #2888 from RasmusWL/python-tarslip-sanitizer 
Python: Improve tarslip sanitizer
 2020-03-24 12:59:20 +01:00
Rasmus Wriedt Larsen
3ed48aae4c Python: remove leftover arg in test code 2020-03-24 11:49:08 +01:00
Rasmus Wriedt Larsen
5ec0716cb0 Python: Add points-to regression when using @classmethod decorators 
Specifically a problem when using a second decorator
 2020-03-24 11:39:08 +01:00
Rasmus Wriedt Larsen
4b8020b98d Python: Autoformat Command.qll 2020-03-24 10:11:57 +01:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink 
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
 2020-03-23 17:04:08 +01:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not 
It was a bit confusing what was meant before
 2020-03-23 12:00:59 +01:00
semmle-qlci
2c7af72f14 Merge pull request #2858 from RasmusWL/python-support-django2 
Approved by tausbn
 2020-03-23 09:35:46 +00:00
Taus Brock-Nannestad
a3bd46d4fe Python: Autoformat remaining .qll. 2020-03-20 16:43:10 +01:00
Taus Brock-Nannestad
6904898a8b Python: Autoformat query-local libs. 2020-03-20 16:42:46 +01:00
Taus Brock-Nannestad
9044ff6959 Python: Autoformat rest of semmle/python. 2020-03-20 16:42:22 +01:00
Taus Brock-Nannestad
810e91ea00 Python: Autoformat semmle/python top-level. 2020-03-20 16:41:45 +01:00
Taus Brock-Nannestad
f406a45ce0 Python: Autoformat web. 2020-03-20 16:38:27 +01:00
Taus Brock-Nannestad
5b121b7723 Python: Autoformat values. 2020-03-20 16:37:06 +01:00
Taus Brock-Nannestad
51f1cf020c Python: Autoformat security. 2020-03-20 16:36:48 +01:00
Taus Brock-Nannestad
4852bb7355 Python: Autoformat pointsto. 2020-03-20 16:36:25 +01:00
Taus Brock-Nannestad
d8b942f922 Python: Autoformat objects. 2020-03-20 16:36:07 +01:00
Taus Brock-Nannestad
165dcd37a1 Python: Autoformat library-tests. 2020-03-20 16:35:37 +01:00
semmle-qlci
2821b01017 Merge pull request #2915 from tausbn/python-add-points-to-for-missing-builtin-return-types 
Approved by RasmusWL
 2020-03-19 11:02:46 +00:00
Rasmus Wriedt Larsen
f4e5079dd3 Merge pull request #2991 from BekaValentine/python-objectapi-to-valueapi-unguardednextingenerator 
Python: ObjectAPI to ValueAPI: UnguardedNextInGenerator
 2020-03-19 10:33:32 +01:00
Rebecca Valentine
06f0947318 Update python/ql/src/Exceptions/UnguardedNextInGenerator.ql 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:16:00 -07:00
Rebecca Valentine
9560c804b8 Update python/ql/test/query-tests/Exceptions/generators/test.py 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:15:49 -07:00
Rasmus Wriedt Larsen
9a0b2b1843 Merge pull request #2989 from BekaValentine/python-objectapi-to-valueapi-incorrectexceptorder 
Python: ObjectAPI to ValueAPI: IncorrectExceptOrder
 2020-03-18 18:03:25 +01:00
Taus
ae1268f241 Merge branch 'master' into python-add-points-to-for-missing-builtin-return-types 2020-03-18 17:59:17 +01:00
Rasmus Wriedt Larsen
290e33a912 Merge pull request #2922 from tausbn/python-fix-multi-assign-points-to 
Python: Fix bug in `multi_assignment_points_to`.
 2020-03-18 17:50:37 +01:00
Rasmus Wriedt Larsen
b0303158a5 Merge pull request #3088 from tausbn/python-prepare-autoformatting 
Python: Prepare for autoformatting.
 2020-03-18 17:48:46 +01:00
Taus Brock-Nannestad
57af7b84aa Python: Prepare for autoformatting. 
Mostly fixes up a bunch of comments that were made wonky by the autoformatter.
 2020-03-18 13:59:38 +01:00
Rebecca Valentine
f351916418 Merge branch 'master' into testmerge 2020-03-17 12:32:45 -07:00
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Rebecca Valentine
ff6e0ce35c Python: UnguardedNextInGenerator.ql: Excludes next with default value 2020-03-16 17:08:06 -07:00
Rebecca Valentine
68c455cd97 Python: IncorrectExceptOrder.ql: Autoformats w/ new QL indentation 2020-03-16 16:52:48 -07:00
Rebecca Valentine
c7a2925620 Python: Exceptions.qll: Clean up handleObject again 2020-03-16 14:52:51 -07:00
Rebecca Valentine
34ab4efeda Python: ObjectAPI.qll: getOrigin now returns a CFG 2020-03-16 14:52:23 -07:00
Rebecca Valentine
45e47b92a0 Python: IllegalExceptionHandlerType.ql: Autoformats 2020-03-16 14:48:05 -07:00
Rebecca Valentine
5d55db116b Python: Exceptions.qll: Updates handledObject to use getOrigin 2020-03-16 11:24:55 -07:00
Rebecca Valentine
787b80f9ae Python: ObjectAPI.qll: Adds getOrigin predicate 2020-03-16 11:24:22 -07:00
Taus Brock-Nannestad
c724b17368 Python: Fix up regression comment. 2020-03-16 16:01:05 +01:00
Taus Brock-Nannestad
dda32abd6a Python: Fix test result for pruning test. 2020-03-16 12:55:12 +01:00
Taus Brock-Nannestad
5579dfb976 Python: Fix comment based on review. 2020-03-16 12:49:46 +01:00