hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

907 Commits

Author SHA1 Message Date
Mark Shannon
c2f9189286 Python: Make a few more expressions point-to the 'unknown' value to improve reachability by about 1%. 2019-08-08 12:01:41 +01:00
Mark Shannon
4b242ddc86 Python: Port a few queries to new API. 2019-08-08 11:58:23 +01:00
Mark Shannon
6bd5158f9e Python taint-tracking: Remove 'parents' query from path-queries, as it unused by the tooling. 2019-08-08 10:15:06 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Mark Shannon
27c0571a86 Python points-to: Infer types for comprehensions. 2019-07-25 14:18:05 +01:00
Mark Shannon
2c5b1c0810 Fix semantic merge conflict between #1470 and #1487. 2019-07-15 15:34:00 +01:00
Taus
f12c057826 Merge pull request #1470 from markshannon/python-tarslip 
Python: "TarSlip" query
 2019-07-15 12:43:47 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Mark Shannon
347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Mark Shannon
39b7a69abd Python: Tarslip query: Fix up sanitizers. 2019-06-19 15:00:02 +01:00
Mark Shannon
6f15c84bdc Python: Tarslip query; Add sink for members and sanitizers for tarinfo objects. 2019-06-19 11:48:31 +01:00
Mark Shannon
e14f7ef466 Python: Tarslip query; track info objects and handle sanitization. 2019-06-19 11:48:31 +01:00
Mark Shannon
ea4e263060 Python: Initial version and help of tar-slip (CWE-022) query. 2019-06-19 11:48:31 +01:00
Mark Shannon
918bdecba5 Python: Don't record taint past sinks. 2019-06-18 16:34:23 +01:00
Taus
af08f856b5 Merge pull request #1389 from markshannon/python-ipa-objects-fix-performance 
Python: New points-to and object model with performance fixes
 2019-06-03 18:52:28 +02:00
alexey
86ec047be2 Rename files by style guide and change query metadata 2019-05-29 15:35:58 +01:00
alexey
8168c0ee0a Fix typo in test for the query 2019-05-23 15:54:59 +01:00
alexey
e214174114 add return-or-yield-outside-of-function Python query 2019-05-22 15:27:32 +01:00
Mark Shannon
bf78c62594 Python points-to: Add objects representing missing modules and their attributes. 2019-05-15 11:24:01 +01:00
Mark Shannon
0afcb11a13 Python points-to: Make sure reachability can skip over if-statements. 2019-05-14 11:52:33 +01:00
Mark Shannon
a8dc2908de Python: Update test results. 2019-05-13 17:32:29 +01:00
Mark Shannon
0491fe1356 Python points-to: Update 'analysis' query test results. 2019-05-13 12:11:19 +01:00
Rasmus Lerchedahl Petersen
b5b2d56bfa Add pythagorean query 2019-05-01 13:16:40 +02:00
Mark Shannon
65a30ab392 Adjust a couple of query tests to work with latest points-to. 2019-04-29 14:28:51 +01:00
Mark Shannon
90bbfd3b16 Python: Add library tests for django. 2019-04-26 16:21:46 +01:00
Mark Shannon
4a03fd03cd Update test to reflect new true positive. 2019-04-26 16:21:46 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Mark Shannon
2ba122373a Merge pull request #1128 from taus-semmle/python-paramiko-unsafe-host-key-validation 
Python: Add query for insecure SSH host key policies in Paramiko.
 2019-04-04 16:57:13 +01:00
Taus
702fc80054 Merge pull request #1166 from Semmle/rc/1.20 
Merge rc/1.20 into master
 2019-03-26 13:09:40 +01:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Taus Brock-Nannestad
c7c6c83627 Address review comments. 2019-03-19 15:44:11 +01:00
Taus Brock-Nannestad
52278b25d9 Python: Add query for insecure SSH host key policies in Paramiko. 2019-03-18 16:45:54 +01:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Mark Shannon
e9a45268a8 Python: Don't report Python 2 print statements as having no effect. 2019-03-13 10:08:07 +00:00
Mark Shannon
28c20a3216 Python: Fix false positive for redundant comparison query when a complex comparison is negated. 2019-03-12 15:07:49 +00:00
Mark Shannon
38a5fb715a Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query. 2019-03-05 16:52:28 +00:00
Mark Shannon
94190e76aa Python: Update py/modification-of-default-value to account for truthiness of default value. 2019-03-01 12:01:39 +00:00
Taus Brock-Nannestad
64e6974aac Merge branch 'master' into python-mutable-default-with-flow 2019-03-01 11:10:56 +01:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Taus
dcaf0f8ba8 Merge pull request #978 from markshannon/python-turbogears 
Python: Add support for turbogears; requests and responses.
 2019-02-26 21:46:01 +01:00
Taus Brock-Nannestad
e47b391329 Fix interpolation. 2019-02-26 16:27:04 +01:00
Taus Brock-Nannestad
7daaf77183 Make query alert refer to AST nodes rather than CFG nodes. 2019-02-26 15:56:37 +01:00