hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

1889 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
c1ab66181b Python: format 2022-09-13 08:08:04 +02:00
Rasmus Lerchedahl Petersen
03c243175b Python: fix QL alerts 2022-09-12 23:53:42 +02:00
Rasmus Lerchedahl Petersen
bf16e220a0 Python: adjust expectations 2022-09-12 22:43:03 +02:00
Rasmus Lerchedahl Petersen
efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Rasmus Lerchedahl Petersen
0f95992b2f Python: remove NonLibraryDataFlowCallable 
this required managing parameters and their pre-update nodes a bit
 2022-09-12 15:17:29 +02:00
Rasmus Wriedt Larsen
4296ac1ac0 Python: Allow CallNode.getArgByName for keyword args after **kwargs 2022-09-12 15:03:13 +02:00
Rasmus Lerchedahl Petersen
895f5480c2 Python: Added recursion guard 
to ensure that the call graph seen by type tracking
does not include summary calls resolved by type tracking.

(I tried inserting a similar test into the Ruby codebase,
 and it still compiled)

To get this to compile, I had to move the resolution of summary calls
out of the data flow nodes and into the `viableCallable` predicate.
This means that we now have a potential summary call for each
cfg call node. (I tried using the base class, `DataFlowCall`, for this
but calls to `map` got identified as class calls and would no longer
be associated with a summary.)

It is possible that the "NonLIbrary"-layers the were inserted into the
hierarchy can be removed again.
 2022-09-09 22:47:47 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Rasmus Lerchedahl Petersen
f6d807aec0 Python: Add summary test append_to_list 2022-09-06 18:42:32 +02:00
Taus
0b8bdc0f85 Python: Fix broken test 2022-09-06 16:37:43 +00:00
Taus
3bb7e28712 Merge pull request #10176 from RasmusWL/import-problem 
Python: Add testcase for import problem
 2022-09-06 18:12:37 +02:00
Rasmus Lerchedahl Petersen
4cd41c24c7 Python: remove comments and start design document 2022-09-06 17:23:40 +02:00
Rasmus Lerchedahl Petersen
67c3a9b2f4 Python: resolve library calls in the CFG 
rather than in the AST
 2022-09-06 17:00:28 +02:00
Rasmus Wriedt Larsen
e979dffc08 Python: Fix variable access from extractor-change 
These changes are from internal PR.
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
ebd97f4496 Python: Add type-tracking regession example 2022-09-06 10:11:36 +02:00
Ahmed Farid
8153b790ad Update test result 2022-08-31 16:01:09 +01:00
Ahmed Farid
56d48e6264 Add more tests 2022-08-31 15:59:51 +01:00
erik-krogh
1d1aa7c8b4 update some expected output 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Rasmus Wriedt Larsen
0728ecebbb Python: Highlight that import problem is not just a relative problem 2022-08-25 15:54:21 +02:00
Rasmus Wriedt Larsen
1ca19533e0 Python: Add import problem test from the wild 2022-08-25 15:50:55 +02:00
yoff
6b4716485b Python: rename file 2022-08-25 12:23:09 +00:00
yoff
800165d63c python: udate deprecated call 2022-08-25 09:49:46 +00:00
yoff
0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 
synced files have changed
 2022-08-25 09:24:05 +00:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Taus
687cd92903 Python: Update .expected file 2022-08-19 11:43:57 +00:00
Ahmed Farid
9cb7a0ac2e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 16:29:05 +01:00
Ahmed Farid
685cd97b8e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 16:28:51 +01:00
Ahmed Farid
2377880d0c Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.py 2022-08-16 16:28:36 +01:00
Ahmed Farid
f956fe12d5 Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qlref 2022-08-16 16:28:17 +01:00
Ahmed Farid
6536b602df Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.expected 2022-08-16 16:28:00 +01:00
Ahmed Farid
b8fe0e2eee Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeader.py 2022-08-16 16:27:45 +01:00
Ahmed Farid
87b67ed64f Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py 2022-08-16 16:27:19 +01:00
Ahmed Farid
fa3940f69a Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.qlref 2022-08-16 16:27:02 +01:00
Ahmed Farid
6a94d45643 Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected 2022-08-16 16:26:45 +01:00
Ahmed Farid
31ecb0727f Rename TimingAttackAgainstHeader.expected to TimingAttackAgainstHeaderValue.expected 2022-08-16 14:50:54 +01:00
Ahmed Farid
d8719f3b1f Rename TimingAttackAgainstSensitiveInfo.expected to PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 14:50:21 +01:00
Ahmed Farid
67476d0a36 Rename TimingAttackAgainstSensitiveInfo.qlref to PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:36:59 +01:00
Ahmed Farid
e8376a522c Update TimingAttackAgainstHeaderValue.qlref 2022-08-16 13:35:20 +01:00
Ahmed Farid
ecbe663c2f Update TimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:34:24 +01:00
Ahmed Farid
1dd4400c67 Update PossibleTimingAttackAgainstHash.qlref 2022-08-16 13:33:17 +01:00
Ahmed Farid
44f054bede Update PossibleTimingAttackAgainstHash.expected 2022-08-16 12:31:33 +01:00
Ahmed Farid
abc49bd62b Update TimingAttackAgainstHeader.py 2022-08-16 12:06:34 +01:00
Ahmed Farid
68cf084b8f Update TimingAttackAgainstSensitiveInfo.expected 2022-08-16 12:03:14 +01:00
Ahmed Farid
c85ad1b2c0 Update TimingAttackAgainstHash.py 2022-08-16 11:50:37 +01:00
Ahmed Farid
5ecadd06ae Update TimingAttackAgainstHash.py 2022-08-15 15:21:10 +01:00
Ahmed Farid
f2bf58bdb6 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 15:16:30 +01:00
Ahmed Farid
18b103dbd5 Update TimingAttackAgainstHash.py 2022-08-15 11:29:29 +01:00
Ahmed Farid
7d23b80582 Update TimingAttackAgainstHash.py 2022-08-15 11:29:09 +01:00
Ahmed Farid
521dbd0e82 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:28:51 +01:00