hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4008 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
646ced2a1d Python: Add concept test scaffold 2020-10-19 10:58:57 +02:00
Rasmus Lerchedahl Petersen
f17720f587 Python: Add test and fix filename 2020-10-19 10:58:57 +02:00
Taus Brock-Nannestad
60fcb5e7d5 Python: Add PEP-328 test example 
Based on https://www.python.org/dev/peps/pep-0328/#guido-s-decision

Original "code" is in the Public Domain.
 2020-10-16 12:03:43 +02:00
Rasmus Wriedt Larsen
86798063a3 Python: Model tainted attributes of django HttpRequest 2020-10-16 11:12:20 +02:00
Rasmus Wriedt Larsen
a3cdbf2052 Python: Basic modeling of Django HttpRequest 2020-10-16 11:12:19 +02:00
Rasmus Wriedt Larsen
f547b6010b Python: Implement routed parameter for django.urls.re_path 2020-10-16 11:12:17 +02:00
Rasmus Wriedt Larsen
ff8708df67 Python: Implement routed parameter for django.urls.path 
Matching current implementation in
f07a7bf8cf/python/ql/src/semmle/python/web/django/General.qll (L125-L133)
 2020-10-16 11:12:16 +02:00
Rasmus Wriedt Larsen
44683f2959 Python: Identify route handlers for django 
Not including class based handlers
 2020-10-16 11:12:14 +02:00
Rasmus Wriedt Larsen
c0d71f767a Python: Add taint test for django v2/v3 2020-10-16 11:12:13 +02:00
Rasmus Wriedt Larsen
09a2a6cdfd Python: Fix django re_path kwarg test 
Since it was using the wrong keyword argument name before :D
 2020-10-16 11:12:12 +02:00
Rasmus Wriedt Larsen
b28d022be9 Python: Add simpel model of a django path/re_path route setup 
Also had to change the annotation to not include the `r` prefix for the
raw-string... not sure why that isn't replicated, but ¯\_(ツ)_/¯
 2020-10-16 11:12:11 +02:00
Rasmus Wriedt Larsen
979dc471ac Python: Port old routing tests 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
ca60132e24 Python: Django test: Add simple route handler and annotations 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
44b9b7f084 Python: Django test: Enable app 
and add a bits of use docs
 2020-10-16 11:12:08 +02:00
Rasmus Wriedt Larsen
6506e5d646 Python: Django test: Add testapp 2020-10-16 11:12:07 +02:00
Rasmus Wriedt Larsen
c71c41b759 Python: Django test: Disable DB (for now) 2020-10-16 11:12:06 +02:00
Rasmus Wriedt Larsen
f704c566b9 Python: Add real django 3.1 project as base of tests 2020-10-16 11:12:05 +02:00
Rasmus Lerchedahl Petersen
cced335284 Python: Switch tests to path queries 2020-10-16 09:59:30 +02:00
Tom Hvitved
27fc610c0d Python: Update expected test output 2020-10-16 09:09:06 +02:00
Rasmus Lerchedahl Petersen
41b8877579 Python: Improve test configuration 2020-10-16 08:32:05 +02:00
Rasmus Wriedt Larsen
5142bfaf01 Merge pull request #4453 from yoff/python-port-unsafe-deserialization 
Python: port unsafe deserialization
 2020-10-15 17:26:31 +02:00
Rasmus Wriedt Larsen
58baec5b06 Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing 
Python: Shared dataflow, argument passing
 2020-10-15 17:10:59 +02:00
Rasmus Lerchedahl Petersen
ef32488596 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization 2020-10-15 15:45:35 +02:00
Erik Krogh Kristensen
1d2ca42d49 update expected output 2020-10-15 13:42:13 +02:00
Rasmus Lerchedahl Petersen
172e058438 Python: unsafe -> mayExecuteInput 2020-10-15 12:56:29 +02:00
Rasmus Lerchedahl Petersen
9c8e968cba Python: Fix bad merge 2020-10-15 11:47:34 +02:00
Rasmus Wriedt Larsen
ce967e1249 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-15 10:00:02 +02:00
Rasmus Lerchedahl Petersen
0766eef49b Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing 2020-10-15 09:49:21 +02:00
Taus
466c22f4a8 Merge pull request #4435 from RasmusWL/python-port-code-injection 
Python: port code injection query
 2020-10-14 16:41:42 +02:00
Rasmus Lerchedahl Petersen
352418cb5d Python: track safe loaders 2020-10-14 16:33:55 +02:00
yoff
5f6f85c998 Merge pull request #4465 from tausbn/python-remove-essa-flow 
Python: Remove flow between ESSA variables
 2020-10-14 15:37:39 +02:00
Rasmus Lerchedahl Petersen
b8cba381cf Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization 2020-10-14 15:01:30 +02:00
Rasmus Lerchedahl Petersen
3a281a1bd6 Python: Adjust comments and tests 2020-10-14 14:40:11 +02:00
Rasmus Wriedt Larsen
5db4f906d0 Merge branch 'main' into python-port-code-injection 2020-10-14 14:22:02 +02:00
yoff
ffe79f688d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 14:08:16 +02:00
Taus
92ccb795fd Merge pull request #4415 from RasmusWL/python-flask-routed-parameter 
Python: Add support for routed parameters in flask
 2020-10-14 13:29:51 +02:00
Rasmus Wriedt Larsen
61ecec7d17 Merge pull request #4467 from tausbn/python-fix-import-type-tracking 
Python: Fix unwanted module type tracking
 2020-10-14 13:08:57 +02:00
Taus Brock-Nannestad
f3c07e3849 Python: Fix up import helper tests 2020-10-14 11:58:14 +02:00
Rasmus Wriedt Larsen
7d600e4e8e Merge branch 'main' into python-port-code-injection 2020-10-14 10:48:38 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen
ecf70c5f30 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-14 10:36:43 +02:00
Rasmus Wriedt Larsen
49d2e68d12 Merge branch 'main' into python-flask-routed-parameter 2020-10-14 10:16:00 +02:00
Rasmus Lerchedahl Petersen
b0ebb5b6d1 Python: Adjust tag format 2020-10-14 09:51:24 +02:00
Rasmus Lerchedahl Petersen
93383747bd Python: Use more common name for concept 2020-10-14 09:28:58 +02:00
Rasmus Lerchedahl Petersen
a76d276b48 Python: Adjust getARelevantTag 2020-10-14 08:44:04 +02:00
yoff
3b9ea3a958 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 08:24:26 +02:00
Taus Brock-Nannestad
7d86b53b71 Python: Fix unwanted module type tracking 2020-10-13 22:47:57 +02:00
Taus Brock-Nannestad
76e5b59dab Python: Add test case for unwanted module type tracking 2020-10-13 22:47:03 +02:00
Rasmus Lerchedahl Petersen
5d66c485d5 Python: IPA type for arguemnt mappings 
Not sure how arg2 in line 118 is achieved
 2020-10-13 19:12:52 +02:00
Taus Brock-Nannestad
fdb489fc93 Python: Remove flow between ESSA variables 
This required a minor change in the type tracker implementation, but
apart from that no other changes appear to be needed. Seems to clean
up the test output quite a bit.
 2020-10-13 16:35:41 +02:00