hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

9483 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
47f5b04e87 Python: fix identical-files.json after move 
also more grouping
 2020-06-17 07:08:46 +02:00
Rasmus Lerchedahl Petersen
e192b66116 Python: move shared dataflow to experimental 2020-06-17 06:46:46 +02:00
Rasmus Lerchedahl Petersen
0f77403f0e Python: small start on global flow 
need to actually have `OutNode`s
 2020-06-16 15:36:03 +02:00
Rasmus Lerchedahl Petersen
f3e879a5ab Python: small test of local flow 2020-06-16 14:31:22 +02:00
Rasmus Lerchedahl Petersen
0abba238cc Python: bit more local flow and fix ql docs 2020-06-16 08:21:32 +02:00
Rasmus Lerchedahl Petersen
ad04ec554a Python: group related predicates 
also restore accidentally removed comment
 2020-06-16 07:30:44 +02:00
Rasmus Lerchedahl Petersen
f8eb5839cd Python: start on local flow 2020-06-15 16:25:41 +02:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00
Rasmus Lerchedahl Petersen
6dfb3a5df8 Python: Address QL docs 2020-06-15 11:50:07 +02:00
Rasmus Wriedt Larsen
7601bd497e Python: Add tests for re.escape FP 2020-06-15 11:34:42 +02:00
Rasmus Lerchedahl Petersen
1af2e56894 Summary of recent meeting. 
Perhaps a not-python-specific version of this
could go into the shared implementation.
 2020-06-15 08:01:02 +02:00
Rasmus Lerchedahl Petersen
375da38765 Python: Minimal compilation of shared dataflow 2020-06-12 11:48:41 +02:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
Rasmus Wriedt Larsen
a24974b194 Python: Add missing <p> to qhelp 2020-06-11 11:45:38 +02:00
Rasmus Wriedt Larsen
33a9fb6034 Python: Reorder XSLT qhelp to be valid 2020-06-11 11:30:54 +02:00
Rasmus Lerchedahl Petersen
b5703cd3f6 Python: link to FP report in test file 2020-06-11 07:14:48 +02:00
semmle-qlci
4cdb3c13df Merge pull request #3658 from RasmusWL/python-3.8-dict-ismapping 
Approved by tausbn
 2020-06-10 17:19:49 +01:00
semmle-qlci
f7c6b1364b Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert 
Approved by tausbn
 2020-06-10 17:19:22 +01:00
Rasmus Wriedt Larsen
ce1f0a39ac Python: Minor fixup of qhelp for XPath injection 2020-06-10 16:59:40 +02:00
Rasmus Wriedt Larsen
48b2d2cc5c Python: Make isSequence() and isMapping() tests version specific 
Since unicode/bytes difference, output can't match between Python 2 and Python 3.
 2020-06-10 16:43:56 +02:00
Rasmus Wriedt Larsen
721713b9e1 Python: Minor fixes from code review 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-10 16:14:21 +02:00
Taus
5b0d92d72b Merge pull request #3464 from yoff/UnicodeEscape 
Python: Handle more escapes in regexes
 2020-06-10 15:47:09 +02:00
Rasmus Wriedt Larsen
f73876e6ce Python: Modernise ShouldBeContextManager 2020-06-10 11:53:11 +02:00
Rasmus Wriedt Larsen
37cfb5400d Python: Modernise RatioOfDefinitions 2020-06-10 11:51:41 +02:00
Rasmus Wriedt Larsen
bacd491875 Python: Fix isSequence() and isMapping() 2020-06-09 14:21:02 +02:00
Rasmus Wriedt Larsen
846101d295 Python: Extend isSequence/isMapping test with custom classes 2020-06-09 14:04:14 +02:00
Rasmus Wriedt Larsen
65ce6d27ff Python: Update isSequence() and isMapping() for Python 3.8 2020-06-09 11:57:00 +02:00
Rasmus Wriedt Larsen
958763edc2 Python: Add test for ClassValue.isSequence() and isMapping() 
For Python 3.6
 2020-06-09 11:55:22 +02:00
semmle-qlci
1a7570ebbe Merge pull request #3563 from RasmusWL/python-fabric-execute 
Approved by tausbn
 2020-06-08 16:00:49 +01:00
Rasmus Wriedt Larsen
baa415fec8 Python: Add points-to regression for metaclass 2020-06-08 15:03:46 +02:00
Rasmus Wriedt Larsen
7c037cd2ab Python: Handle Enum._convert in Python 3.8 2020-06-08 14:49:58 +02:00
porcupineyhairs
6dd9106301 Update XSLT.qll 2020-06-08 03:12:23 +05:30
Porcupiney Hairs
424e88d318 include sugestions from review 2020-06-08 02:52:11 +05:30
Porcupiney Hairs
1ceb963d4c Python : Add support for detecting XSLT Injection 
This PR adds support for detecting XSLT injection in Python.
I have included the ql files as well as the tests with this.
 2020-06-07 03:05:50 +05:30
Rasmus Wriedt Larsen
1ff369f62d Python: Update test results for fabric.api.execute 2020-06-04 16:30:03 +02:00
Robert Brignull
6e0552c074 add more code-scanning suites 2020-06-01 11:45:46 +01:00
Rasmus Wriedt Larsen
551420401a Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-29 14:27:07 +02:00
Rasmus Wriedt Larsen
48be57c8fd Python: Improve QLDoc for ExternalStringDictKind 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
b083c01520 Python: Deprecate StringDictKind 
This QL

```codeql
import python
import semmle.python.dataflow.TaintTracking
import semmle.python.security.strings.Untrusted

from CollectionKind ck
where
    ck.(DictKind).getMember() instanceof StringKind
    or
    ck.getMember().(DictKind).getMember() instanceof StringKind
select ck, ck.getAQlClass(), ck.getMember().getAQlClass()
```

generates these 6 results.

```
1	{externally controlled string}          ExternalStringDictKind	UntrustedStringKind
2	{externally controlled string}	        StringDictKind	        UntrustedStringKind
3	[{externally controlled string}]	SequenceKind	        ExternalStringDictKind
4	[{externally controlled string}]	SequenceKind	        StringDictKind
5	{{externally controlled string}}	DictKind	        ExternalStringDictKind
6	{{externally controlled string}}	DictKind	        StringDictKind
```

StringDictKind was only used in *one* place in our library code. As illustrated
above, it pollutes our set of TaintKinds. Effectively, every time we make a
flow-step for dictionaries with tainted strings as values, we do it TWICE --
once for ExternalStringDictKind, and once for StringDictKind... that is just a
waste.
 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
87bc8ae28d Python: Don't use UntrustedStringKind in web lib 
If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.
 2020-05-29 12:06:57 +02:00
Porcupiney Hairs
8c5a97170d Python : Add Xpath injection query 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
 2020-05-28 03:15:12 +05:30
Rasmus Wriedt Larsen
21d531f81e Python: Add QLDoc for FunctionValue.getQualifiedName 
Matching the one for Function.getQualifiedName
 2020-05-27 16:59:18 +02:00
Rasmus Wriedt Larsen
6cba2fe4f8 Python: Model Django response sinks that are not vuln to XSS 
Since HttpResponse is not *only* used for XSS, it is still valuable to know the
content is send as part of the response.

The *proper* solution to this problem of not all HttpResponses being vulnerable
to XSS is probably to define a new abstract class in Http.qll called
HttpResponseXSSVulnerableSink (or similar). I would like to model a few more
libraries/frameworks before fully comitting to an approach though.
 2020-05-26 16:45:46 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Rasmus Lerchedahl Petersen
6b168de7fc Python: re, handle \Z 2020-05-26 11:42:21 +02:00
Rasmus Wriedt Larsen
c78ca2616c Merge branch 'master' into python-keyword-only-args 2020-05-26 11:20:04 +02:00
Rasmus Wriedt Larsen
5a18b08d13 Python: Add comment explaining kw-only default index upgrade 2020-05-26 11:15:00 +02:00
Rasmus Wriedt Larsen
a616704a56 Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-26 11:07:49 +02:00
Rasmus Wriedt Larsen
9c75a39b81 Python: Extend command-injection to handle fabric.api.execute 2020-05-26 10:22:27 +02:00
Rasmus Wriedt Larsen
e04d1ffcd2 Python: Add test for fabric.api.execute 2020-05-26 10:20:22 +02:00