hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

1267 Commits

Author SHA1 Message Date
erik-krogh
1d1aa7c8b4 update some expected output 2022-08-25 20:52:30 +02:00
yoff
0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 
synced files have changed
 2022-08-25 09:24:05 +00:00
Ian Lynagh
3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
Ian Lynagh
4cd618f81c Make *.expected non-executable 2022-08-24 16:51:50 +01:00
yoff
b8931d36ca python: give InterpretNode empty charpred 
InterpreNode is going away, but we need a dummy implementation.
However, we do not need any instances, and some tests get confused.
 2022-08-10 10:57:30 +00:00
yoff
75ac24a847 Merge branch 'main' into python-dataflow/flow-summaries-from-scratch 2022-08-10 10:57:59 +02:00
Rasmus Wriedt Larsen
f89b32183f Merge branch 'main' into typetracker-decorators 2022-08-08 11:52:09 +02:00
yoff
f52d792b36 Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 2022-07-01 12:01:07 +00:00
yoff
71583bf6be python: fix import of AccessPathSyntax 2022-07-01 08:48:55 +00:00
Asger F
a522562f93 Merge pull request #9369 from asgerf/python/api-graph-api 
Python: API graph renaming and documentation
 2022-06-28 14:48:12 +02:00
yoff
140dc1a61e merge in main 2022-06-23 09:05:32 +00:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Asger F
b096f9ec72 Python: Rename getAUse -> getAValueReachableFromSource 2022-06-21 12:44:06 +02:00
Asger F
181a53bd03 Python: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:06 +02:00
Asger F
60fde3c031 Python: Rename getARhs -> asSink 2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen
a7c268f804 Python: adjust test. 2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Rasmus Wriedt Larsen
d6e68258a4 Python: API-graphs: allow class decorators in .getASubclass() 2022-06-15 17:30:34 +02:00
Rasmus Wriedt Larsen
5f32f898d5 Python: API-graphs: test class decorators and subclass 
A class decorator could change the class definition in any way.

In this specific case, it would be better if we allowed the subclass to
be found with API graphs still.

inspired by
c2250cfb80/tests/auth_tests/test_views.py (L40-L46)
 2022-06-15 16:16:34 +02:00
yoff
9dbb451f41 Merge pull request #9463 from RasmusWL/req-wo-cert-validation 
Python: Rewrite `py/request-without-cert-validation`
 2022-06-15 13:00:57 +02:00
Rasmus Wriedt Larsen
cfd640b1b2 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-06-14 16:47:24 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen
5b2d799fde Python: Model certificate disabling in urllib3 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
0d02ca07d7 Python: Add certificate disable test of urllib/urllib2 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
049e87201c Python: Model certificate disabling in httpx 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
1a2a4232a8 Python: Refactor httpx tests 
and improve QLDocs a bit
 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
f72a1d98bb Python: Model certificate disabling in aiohttp.client 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
f37d1775f1 Python: Improve requests tests 2022-06-08 17:41:11 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
729cf79be7 Merge pull request #9351 from RasmusWL/django-file-read 
Python: Support `read` on Django file
 2022-06-01 10:45:26 +02:00
Rasmus Wriedt Larsen
b6cc438390 Merge pull request #9368 from RasmusWL/test-model-api-graphs 
Python: Port test model to API graphs
 2022-05-30 15:45:13 +02:00
Rasmus Wriedt Larsen
08e64ea1b4 Python: Remove contrived test-case example 2022-05-30 14:45:34 +02:00
Rasmus Wriedt Larsen
a8b4b6a374 Python: Move test-modeling to API-graphs 
Notice that although we loose the contrived examples in `test.py`, we do
gain support for real-world test-case construction, which seems worth
the tradeoff.
 2022-05-30 14:13:06 +02:00
Rasmus Wriedt Larsen
a5dc4f430c Python: Expand test-filter tests 
With no virtual environment enabled, none of the third-party library
test case are found.
 2022-05-30 14:11:50 +02:00
Erik Krogh Kristensen
e557d8839b have the Instance token just be an alias for ReturnValue 2022-05-30 12:21:42 +02:00
Rasmus Wriedt Larsen
5924e88a86 Python: Support read on Django file 2022-05-27 11:18:26 +02:00
Erik Krogh Kristensen
204e01fc24 change getNumArgument to only count positional arguments 2022-05-20 12:43:06 +02:00
Erik Krogh Kristensen
d5f0446940 exclude self parameter from the API-graph edge for keywordParameter 2022-05-17 22:34:38 +02:00
Erik Krogh Kristensen
2868eb61ea add test for Parameter[any] and Parameter[any-named] 2022-05-17 12:08:53 +02:00
Erik Krogh Kristensen
f273ccf73b add explicit test of what Parameter[0] matches 2022-05-17 11:17:15 +02:00
Erik Krogh Kristensen
ce21d7e5a8 use test-sink for sinks in the MaD test 2022-05-17 11:13:59 +02:00
Erik Krogh Kristensen
aef592fec8 make a more realistic test for self-parameter 2022-05-17 11:13:35 +02:00
yoff
2822ed9594 Merge remote-tracking branch 'upstream/main' into python-dataflow/flow-summaries-from-scratch 2022-05-16 08:10:15 +00:00
Alex Ford
da135448a2 python: update tests for CryptographicOperation#getBlockMode 2022-05-13 16:32:36 +01:00
Erik Krogh Kristensen
dea5596289 update MaD test to reflect that dotted module names don't work 2022-05-12 14:45:29 +02:00
Erik Krogh Kristensen
31e9876de7 Merge branch 'main' into pyMaD 2022-05-12 14:43:16 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Rasmus Lerchedahl Petersen
80175a9af5 Python: Compiles and mostly pass tests 
- add flowsummaries shared files
- register in indentical files
- fix initial non-monotonic recursions
  - add DataFlowSourceCall
  - add resolvedCall
  - add SourceParameterNode

failing tests:
- 3/library-tests/with/test.ql
 2022-05-10 12:48:42 +00:00
yoff
6c3e2db7fd Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00