hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4008 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
991d5cc54b Python: Fix test of HttpResponse.getBody() 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
15269c9166 Python: Add StreamResponse test 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
0f9ab8f53e Python: Fixup tests 
But notice that keyword argument is not handled yet
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
ee1ba71e5d add tests 2023-07-13 13:07:12 +02:00
Rasmus Lerchedahl Petersen
4d2ce6b2e0 python: create shared serverless module and use it 
Modelled on the javascript serverless module, but
- The predicate that reports YAML files is now public
  so languages can implement their own file conventions.
- It also reports framework and runtime.
- The conveninece predicates with files still exist,
  but they only report the path.
- Handler mapping conventions are now documented.
- Use parameterised serverless module in Python,
  tests now pass.
 2023-07-12 16:42:01 +02:00
Rasmus Lerchedahl Petersen
a892e83c8e python: add simple test for AWS lambda 
made space for other serverless frameworks in the directory `serverless`
 2023-07-12 16:42:00 +02:00
Jeroen Ketema
8cee4f37a4 Merge branch 'main' into inline-5 2023-07-11 10:30:11 +02:00
Rasmus Wriedt Larsen
44c67171f2 Python: Fix default parameter value flow 
Somehow the previous fix didn't work :O
 2023-07-07 16:17:07 +02:00
Rasmus Wriedt Larsen
a850a481d0 Merge pull request #13676 from RasmusWL/aiohttp-ssrf-sink 
Python: Relax restriction of flow through `async with`
 2023-07-07 14:55:57 +02:00
Rasmus Wriedt Larsen
43b025015d Python: Avoid overlap between AssignmentDefinition and ParameterDefinition 2023-07-07 14:26:28 +02:00
Rasmus Wriedt Larsen
70994b9c57 Python: Accept points-to .expected changes 
They look pretty safe to me, but haven't given them a whole lot of
thought.
 2023-07-07 12:14:19 +02:00
Rasmus Wriedt Larsen
6f3cb67050 Python: Model parameter with default value as DefinitionNode 2023-07-07 11:54:50 +02:00
Rasmus Wriedt Larsen
64a86e8fd7 Python: Update inline expectations 2023-07-07 11:32:05 +02:00
Rasmus Wriedt Larsen
cfd2d09a61 Python: Add test for DefinitionNode default parameter value 2023-07-07 11:00:16 +02:00
Rasmus Wriedt Larsen
bea07002d3 Python: Expand captured-variable test with default param 2023-07-06 17:21:29 +02:00
Rasmus Wriedt Larsen
1f93e5b58d Python: Relax restriction of flow through async with 2023-07-06 11:51:58 +02:00
Rasmus Wriedt Larsen
43af8d7ac5 Python: Fix test to use async with 
It doesn't work if just using plain `with`
 2023-07-06 11:34:05 +02:00
Rasmus Wriedt Larsen
79039dc7b8 Python: Wrap aiohttp client request in async def 
And I added `await` before all the `resp` assignments
 2023-07-06 11:29:14 +02:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Jeroen Ketema
5d855594ba Python: Use correct class in inline expectation test 
These were missed earlier, and still referred to the classes from the legacy
interface and not the parameterized module.
 2023-07-03 10:23:26 +02:00
Jeroen Ketema
abe06e5b95 Python: Update remaining inline expectation tests to use the paramterized module 2023-07-03 10:22:35 +02:00
amammad
816799c4ba upgrade query to detect redash CVE too 2023-06-30 22:14:50 +10:00
amammad
7aa002fa2a fix an accident :) 2023-06-29 22:20:46 +10:00
amammad
7a17b99c17 V2 2023-06-29 20:55:51 +10:00
Rasmus Wriedt Larsen
257f9912dd Python: Remove one more unnecessary taint test 2023-06-26 12:00:55 +02:00
Rasmus Wriedt Larsen
6cb03190fa Python: Updates from inline test being parameterized 2023-06-26 11:43:51 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
amammad
e3e0307db7 V1 2023-06-25 20:36:28 +10:00
Rasmus Lerchedahl Petersen
86dfc7b66e python: format 2023-06-23 08:18:06 +02:00
Rasmus Lerchedahl Petersen
2264b119a6 python: more consistent tests 
- do not test taint flow whne dataflow is established
- test taint of both the collection and the expected element
 2023-06-22 11:52:25 +02:00
yoff
0f8ebd1519 Update python/ql/test/experimental/dataflow/model-summaries/model_summaries.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-22 11:31:21 +02:00
amammad
748e96d852 V1 Bombs 2023-06-22 19:28:27 +10:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Rasmus Lerchedahl Petersen
cb2de69f5a python: consolidate tests 
also change `Foo` -> `foo`
 2023-06-20 16:13:38 +02:00
Erik Krogh Kristensen
2341c82450 Merge pull request #13342 from erik-krogh/once-again-deps 
Py: delete more old deprecations
 2023-06-20 15:29:17 +02:00
Rasmus Wriedt Larsen
47d0a6d2e3 Python: Restore rest of experimental files 2023-06-20 14:30:43 +02:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Rasmus Lerchedahl Petersen
e111a19524 python: split tests into taint and value 
and add summaries
 2023-06-20 10:46:27 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Rasmus Lerchedahl Petersen
229641070f python: rename summaries 2023-06-18 22:01:47 +02:00
Rasmus Lerchedahl Petersen
6554e804dd python: add test for model summaries 
(but no summaries yet)
 2023-06-18 21:52:49 +02:00
Rasmus Wriedt Larsen
fb6955edf9 Python: Add tests of methods in summaries 2023-06-16 14:43:45 +02:00
Rasmus Lerchedahl Petersen
b7bf750174 python: use updated names in test 2023-06-14 22:23:21 +02:00
Rasmus Lerchedahl Petersen
6521a51d93 python: unique strings in tests 2023-06-14 21:14:50 +02:00
erik-krogh
df61c4dd62 reintroduce the experiemental queries that use deprecated features 2023-06-14 08:31:57 +02:00
erik-krogh
bfe7e62f35 update some expected outputs - some tests no longer have an edges relation - and XsltSinks lost a result 2023-06-14 08:31:57 +02:00
erik-krogh
e463819bc2 get ParamSource.ql to compile by deleting import that got deleted - I have no if this is a good change 2023-06-14 08:31:57 +02:00
erik-krogh
3a436d1f84 do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library 2023-06-14 08:31:56 +02:00
erik-krogh
ae8bf5ed3c delete old deprecations 2023-06-14 08:31:51 +02:00