Rasmus Wriedt Larsen
5f6e3dcc2e
Python: Revert changes to sensitive data query alert messages
...
This partly reverts the changes from https://github.com/github/codeql/pull/10252
Although consistency is nice, the new messages didn't sound as natural.
New alert message would read
> Insecure hashing algorithm (md5) depends on sensitive data (password). (...)
I'm not sure what it means that a hashing algorithm depends on data. So
for me, the original text below is much easier to understand.
> Sensitive data (password) is used in a hashing algorithm (md5) that is insecure (...)
Same goes for the other sensitive data queries.
2022-09-06 12:01:24 +02:00
Rasmus Wriedt Larsen
d708abfc80
Python: Accept more .expected changes
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
e979dffc08
Python: Fix variable access from extractor-change
...
These changes are from internal PR.
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
985e87ccde
Python: Add variable scope example with subclass
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
0e3d520712
Python: Add variables regression test
...
As illustrated when running the python file, the non qualified reads in
the `use` method all refer to the global variables, whereas `ex =
func(baz)` are to the things defined on the class.
The important part of the .expected changes is that the _global_
variable `bar` is used inside the function, whereas it's the local
variable for `foo` (on class scope) that is used inside the function
(which is wrong).
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
98db1af898
Python: Also show variable access
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
fd4f60dd1b
Python: Adjust variables tests
2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
ebd97f4496
Python: Add type-tracking regession example
2022-09-06 10:11:36 +02:00
Rasmus Lerchedahl Petersen
d31d763328
Python: adjust test expectations
...
We now locate a `DataFlow::Node` rather than an 'AstNode`.
2022-09-05 16:45:43 +02:00
Rasmus Lerchedahl Petersen
5fc1bbc8c5
Python: Only alert on Python 2 code
...
since
- Python 3 is ok from 3.7 onwards
- support for Python 3.6 was just dropped
- we do not actually know the minor version of the analysed code
(only of the extractor)
2022-09-05 13:38:14 +02:00
erik-krogh
0de0325c8e
change the alert-message for py/modification-of-default-value
2022-09-05 13:30:56 +02:00
Rasmus Lerchedahl Petersen
a8a042db57
python: remove illegal option
2022-09-03 20:33:48 +02:00
Asger F
296aa52ef0
Python: Add API::EntryPoint
...
Python: add EntryPoint test
2022-09-03 13:24:46 +02:00
erik-krogh
089ce5a8a4
change alert messages of path queries to use the same template
2022-09-02 14:45:40 +02:00
Rasmus Lerchedahl Petersen
0599e8ac35
python: add version check
...
and attempt to set version for tests
2022-09-01 23:47:07 +02:00
Ahmed Farid
8153b790ad
Update test result
2022-08-31 16:01:09 +01:00
Ahmed Farid
56d48e6264
Add more tests
2022-08-31 15:59:51 +01:00
erik-krogh
1d1aa7c8b4
update some expected output
2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a
rename more acronyms
2022-08-25 20:52:27 +02:00
Rasmus Wriedt Larsen
0728ecebbb
Python: Highlight that import problem is not just a relative problem
2022-08-25 15:54:21 +02:00
Rasmus Wriedt Larsen
1ca19533e0
Python: Add import problem test from the wild
2022-08-25 15:50:55 +02:00
Erik Krogh Kristensen
06afe9c0f4
Merge pull request #9816 from erik-krogh/msgConsis
...
Make alert messages consistent across languages
2022-08-25 15:20:01 +02:00
yoff
6b4716485b
Python: rename file
2022-08-25 12:23:09 +00:00
yoff
800165d63c
python: udate deprecated call
2022-08-25 09:49:46 +00:00
yoff
0b5d4c59dd
Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch
...
synced files have changed
2022-08-25 09:24:05 +00:00
Ian Lynagh
3fcfd32eb1
Make *.ql non-executable
2022-08-24 16:55:11 +01:00
Ian Lynagh
4cd618f81c
Make *.expected non-executable
2022-08-24 16:51:50 +01:00
erik-krogh
014dcd1454
fixup a Python query, it didn't select something with a location
2022-08-24 16:23:20 +02:00
erik-krogh
1c0f2251e2
Merge branch 'main' into msgConsis
2022-08-24 14:38:57 +02:00
erik-krogh
1a7d3ee831
update expected output after changing queries
2022-08-23 12:35:32 +02:00
erik-krogh
7e0bd5bde4
update expected output of tests
2022-08-22 21:41:47 +02:00
erik-krogh
e89e0eb7fb
make some acronyms camelCase
2022-08-22 21:22:35 +02:00
Chris Smowton
f3ef8510d3
Merge pull request #10093 from smowton/smowton/feature/java-singular-locations
...
Java: pick an arbitrary representative location when an entity has many candidate locations.
2022-08-22 09:32:43 +01:00
Chris Smowton
8d20b9cf52
Use hasLocationInfo to match several Location fields at once
2022-08-19 19:03:17 +01:00
Chris Smowton
1ea7caf559
Fix join ordering in inline-expectations test
2022-08-19 18:17:22 +01:00
Taus
687cd92903
Python: Update .expected file
2022-08-19 11:43:57 +00:00
erik-krogh
2e44fba67d
add explicit this
2022-08-17 13:33:31 +02:00
Ahmed Farid
9cb7a0ac2e
Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qlref
2022-08-16 16:29:05 +01:00
Ahmed Farid
685cd97b8e
Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected
2022-08-16 16:28:51 +01:00
Ahmed Farid
2377880d0c
Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.py
2022-08-16 16:28:36 +01:00
Ahmed Farid
f956fe12d5
Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qlref
2022-08-16 16:28:17 +01:00
Ahmed Farid
6536b602df
Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.expected
2022-08-16 16:28:00 +01:00
Ahmed Farid
b8fe0e2eee
Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeader.py
2022-08-16 16:27:45 +01:00
Ahmed Farid
87b67ed64f
Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py
2022-08-16 16:27:19 +01:00
Ahmed Farid
fa3940f69a
Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.qlref
2022-08-16 16:27:02 +01:00
Ahmed Farid
6a94d45643
Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected
2022-08-16 16:26:45 +01:00
Ahmed Farid
31ecb0727f
Rename TimingAttackAgainstHeader.expected to TimingAttackAgainstHeaderValue.expected
2022-08-16 14:50:54 +01:00
Ahmed Farid
d8719f3b1f
Rename TimingAttackAgainstSensitiveInfo.expected to PossibleTimingAttackAgainstSensitiveInfo.expected
2022-08-16 14:50:21 +01:00
Ahmed Farid
67476d0a36
Rename TimingAttackAgainstSensitiveInfo.qlref to PossibleTimingAttackAgainstSensitiveInfo.qlref
2022-08-16 13:36:59 +01:00
Ahmed Farid
e8376a522c
Update TimingAttackAgainstHeaderValue.qlref
2022-08-16 13:35:20 +01:00
