hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

9277 Commits

Author SHA1 Message Date
Rebecca Valentine
d5f689e041 Adds preliminary modernization 2020-02-28 10:42:27 -08:00
Rasmus Wriedt Larsen
ee4190e0d9 Python: Add example if urlsplit(url).path: => missing points-to 
I wanted to highlight that it's not the call to `urlsplit` that is a problem, so
that's why I inserted a `check` in-between.
 2020-02-28 13:43:10 +01:00
Rasmus Wriedt Larsen
8dd19ca6cd Python: Add example of re.compile missing points-to 2020-02-28 13:41:26 +01:00
Taus Brock-Nannestad
10bacfe8fd Python: Use subscriptUnknown instead of instance check. 
Also adds a test for decomposing the unknown value of `a`.
 2020-02-28 13:38:54 +01:00
Rasmus Wriedt Larsen
2e7807718f Python: Add a bit of regex docs 
and use the canonical way of specifying a ModuleValue
 2020-02-28 11:45:39 +01:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Rebecca Valentine
19c1ee5427 Adds preliminary modernization 2020-02-27 15:46:51 -08:00
Rebecca Valentine
9601c41fe5 Update python/ql/src/Expressions/IsComparisons.qll 
Co-Authored-By: Taus <tausbn@github.com>
 2020-02-27 10:46:07 -08:00
Rebecca Valentine
d19957f09d Puts use_of_apply example back into expressions_test to avoid messing up other tests 2020-02-27 10:44:46 -08:00
Taus Brock-Nannestad
5bbf93241b Python: Add test for tuple unpacking with "complicated" value. 2020-02-27 17:34:32 +01:00
Taus Brock-Nannestad
7a3895d661 Python: Fix points-to for a, b = some_unknown_object. 
Also rewrites `multi_assignment_points_to` to be a bit more readable.

I'm not entirely sure that we want an unknown instance of `object` rather than
just `UnknownInternal`. The latter gets filtered out in the characteristic
predicate for `Value`, though, so I opted for the slightly more permissive
variant.
 2020-02-27 17:26:54 +01:00
Rasmus Wriedt Larsen
24e9f65a2f Python: Fix documentation of MultiAssignmentDefinition.indexOf 
As discussed in person
 2020-02-27 14:12:33 +01:00
Rasmus Wriedt Larsen
4433cc044d Python: Document MultiAssignmentDefinition.indexOf 2020-02-27 13:48:43 +01:00
Taus
0da554c701 Merge pull request #2914 from RasmusWL/python-remove-optimize-true-directive 
Python: Remove `--optimize: true` from options files
 2020-02-27 13:16:59 +01:00
Taus
d9383d0e86 Merge pull request #2902 from RasmusWL/python-use-of-input 
Python: Highlight py/use-of-input is for Python 2
 2020-02-27 13:15:32 +01:00
Taus
8bd3063d2b Merge pull request #2875 from RasmusWL/python-taint-urlsplit 
Python: Add taint for urlsplit
 2020-02-27 13:13:47 +01:00
Taus
e09907894d Merge pull request #2817 from BekaValentine/objectapi-to-valueapi-truncateddivision 
Python: ObjectAPI to ValueAPI: TruncatedDivision
 2020-02-27 12:52:26 +01:00
Rebecca Valentine
fe2bb8fb4b Adds preliminary modernization 2020-02-26 22:01:31 -08:00
Rebecca Valentine
057fed2cb8 Fixes erroneus naming 2020-02-26 21:55:02 -08:00
Rebecca Valentine
84875d70ff Adds preliminary modernization 
This will overlapp with/depend on changes to CallArgs and ObjectAPI that are already in the WrongNamedArgumentInCall PR
 2020-02-26 21:42:52 -08:00
Rebecca Valentine
b0493458d6 Combine and clean up the test files 2020-02-26 09:04:14 -08:00
Rebecca Valentine
ba1f3c46b8 Removes obsolete asBuiltin predicate 2020-02-26 08:17:45 -08:00
Taus Brock-Nannestad
5c3109a324 Python: Fix bug in multi_assignment_points_to. 
This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.
 2020-02-26 16:11:43 +01:00
Taus
85f5ad2231 Merge pull request #2904 from RasmusWL/python-http-clients 
Python: Model outgoing HTTP client requests
 2020-02-26 15:49:41 +01:00
Rasmus Wriedt Larsen
771dfecf6d Python: Add sanitized edges for urlsplit test 2020-02-26 14:10:30 +01:00
Rasmus Wriedt Larsen
0b31cb1716 Python: Show that we have initial taint in urlsplit test 2020-02-26 14:09:02 +01:00
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00
Rasmus Wriedt Larsen
4330d4e289 Python: Remove unused import in test 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
5fae3a8d0a Python: Explain complexity of HTTPConnection.request 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
b213db03fd Python: Consolidate stdlib http client tests 
Move the stdlib tests from test/{2,3}/library-tests/ into /test/library-tests/,
and deal with version by using sys.version_info (results should be the same for
both versions).

six tests were moved from /library-tests/web/client/stdlib => /library-tests/web/client/six
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
be187bcc0a Python: Make Client::HttpRequest extend ControlFlowNode 
Taus poitned out that the reuqest being send off, doesn't *need* to happen on a
CallNode. Someone *could* use a __setattr__ or property :\
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
e25079acc2 Python: Remove unnecessary cast 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
cd5399d43e Python: Model outgoing http client requests 2020-02-26 10:26:30 +01:00
Rebecca Valentine
2fb722b04e Removes the general versions of the query. 2020-02-25 14:55:55 -08:00
Rebecca Valentine
15aeeb1e50 Removes erroneous expected result for py3 2020-02-25 14:54:52 -08:00
Rebecca Valentine
e07a003f75 Swaps overridden_call globally 2020-02-25 11:02:18 -08:00
Rebecca Valentine
50c91b99da Swaps correct_args_if_called_as_method globally 2020-02-25 11:01:51 -08:00
Rebecca Valentine
fb0cae76cf Swaps wrong_args globally 2020-02-25 11:00:39 -08:00
Rebecca Valentine
3a764ade8d Swaps too_many_args globally 2020-02-25 10:59:55 -08:00
Rebecca Valentine
3b0be46377 Swaps too_few_args globally 2020-02-25 10:59:16 -08:00
Rebecca Valentine
2c32a859cc Swaps illegally_named_parameter globally 2020-02-25 10:58:08 -08:00
Rebecca Valentine
4857a947ac Swaps get_function_or_initializer globally 2020-02-25 10:51:40 -08:00
Rebecca Valentine
cf4b7e1270 Swaps arg_count globally 2020-02-25 10:50:30 -08:00
Rebecca Valentine
c2a3af7e67 Adds objectapi suffix to private predicates 2020-02-25 10:48:29 -08:00
Rebecca Valentine
930228acc5 Un-autoformats 2020-02-25 09:52:46 -08:00
Rebecca Valentine
3e53e462d6 changes indents to 4 2020-02-25 09:46:21 -08:00
Rebecca Valentine
04951faf86 autoformat 2020-02-25 09:43:51 -08:00
Taus Brock-Nannestad
1526c86e6d Python: Update test results for ReturnTypes.ql for Python 2. 2020-02-25 17:30:46 +01:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00