hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

4030 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
7fa84a3613 Python: Only test UnsafeUnpacking with Python 3 
Apparently the fixup of .expected in the latest commit was only required
when extracting as Python 3, but not as Python 2... I honestly don't
understand why.
 2023-04-24 12:29:58 +02:00
Rasmus Lerchedahl Petersen
a25c7f7549 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-24 11:50:32 +02:00
Rasmus Wriedt Larsen
b60cab254a Python: Accept .expected change 2023-04-21 15:25:47 +02:00
Rasmus Wriedt Larsen
f80a0916ac Python: Don't report get/setdefault as unresolved calls for dict tests 2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen
b56869551d Python: Support more dictionary read/store steps 
The `setdefault` behavior is kinda strange, but no reason not to support
it.
 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
6e31f64aaa Python: Add test for dictionary flow 2023-04-21 14:18:46 +02:00
Rasmus Wriedt Larsen
a168af349e Python: Expand modeling of paramiko 2023-04-18 11:57:20 +02:00
Rasmus Wriedt Larsen
a5a0861be0 Python: Expand test of py/paramiko-missing-host-key-validation 2023-04-18 11:56:07 +02:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
yoff
9e3d57d442 Update python/ql/test/library-tests/ApiGraphs/py3/test_captured_flask.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-04-11 14:34:40 +02:00
Rasmus Wriedt Larsen
f3937a4a12 Python: Update .expected from PostUpdateNode commit 2023-03-30 10:17:33 +02:00
Raul Garcia
cf8a683d7d Merge branch 'main' into main 2023-03-29 20:27:03 -07:00
Rasmus Wriedt Larsen
86333e3ba5 Python: Remove duplicate results from azure blob query 2023-03-29 11:47:29 +02:00
Rasmus Wriedt Larsen
32d52c023e Python: Allow any order for azure blob query 
By only allowing the sink in the state where encryption v1 is used, we
can handle the new case where the order of attribute assignment is
flipped.

However, we get a few too many paths because we can have multiple
sources reaching the same sink... let's fix in next commit.
 2023-03-29 11:42:01 +02:00
Rasmus Wriedt Larsen
480f171d9b Python: Add azure blob tests with swapped order 
Just shows we need to use some state in the query to get the correct
behavior.
 2023-03-29 11:25:37 +02:00
Rasmus Wriedt Larsen
683985a00a Python: Expand azure blob modeling 
Now we can differentiate between the classes
 2023-03-29 11:24:36 +02:00
Rasmus Wriedt Larsen
8ea6b6f256 Python: Update py/azure-storage/unsafe-client-side-encryption-in-use to use datafow 2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen
691ffcd3a4 Python: Add tests of py/azure-storage/unsafe-client-side-encryption-in-use 
Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.
 2023-03-28 10:05:09 +02:00
Taus
df192383b2 Merge pull request #9722 from ahmed-farid-dev/timing-attack-py 2023-03-27 18:09:35 +02:00
Rasmus Wriedt Larsen
0b9d16a43e Merge pull request #12636 from RasmusWL/sql-modeling 
Python: Some more SQL modeling
 2023-03-27 15:52:30 +02:00
Taus
af060e8c6b Merge branch 'main' into timing-attack-py 2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Taus
eaf2930205 Python: Accept test changes 
(These look like they were the result of changes elsewhere in the
analysis.)
 2023-03-27 12:17:13 +00:00
yoff
2121ed784f Merge branch 'main' into python/rewrite-InsecureContextConfiguration 2023-03-27 10:20:53 +02:00
Taus
11c89adbe3 Merge branch 'main' into timing-attack-py 2023-03-24 15:40:33 +01:00
Taus
c0eb611dae Merge pull request #12244 from RasmusWL/import-refined 
Python: Fix import of refined variable
 2023-03-24 13:22:19 +01:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
Rasmus Wriedt Larsen
7b3f710e91 Python: Model aiosqlite 2023-03-22 15:51:47 +01:00
Rasmus Wriedt Larsen
2b4ebf7377 Python: Add support for .executescript 2023-03-22 15:20:06 +01:00
Rasmus Wriedt Larsen
5930499f1d Python: Add test for missing .executescript SQL method 2023-03-22 14:57:08 +01:00
Rasmus Wriedt Larsen
170a93cc4f Python: Model cassandra-driver PyPI package 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
e4db5f9a64 Python: Model asyncpg.connection.connect() 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
4f9117963d Python: Model sqlite3.dbapi2 2023-03-22 10:28:04 +01:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
Rasmus Wriedt Larsen
b2f34ef4b1 Merge branch 'main' into import-refined 2023-03-21 15:12:11 +01:00
yoff
e21e630316 Merge branch 'main' into python/add-test-to-valid 2023-03-21 14:47:17 +01:00
Rasmus Wriedt Larsen
e90559b86d Python: Add missing options files 
I could not for the life of me figure out why the tests were failing,
when they were working for me locally 🤦
 2023-03-21 10:24:28 +01:00
Rasmus Wriedt Larsen
346086524b Python: Accept dataflow-consistency test changes 
To PRs must have had a conflict when merged separately
 2023-03-21 10:09:01 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Rasmus Wriedt Larsen
2ee09cc5d1 Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00
Rasmus Wriedt Larsen
93c9f59e86 Python: Extract version specific coverage/classes.py tests 
Since we can analyze operator.py from Python3, but not in Python 2
(since it's implemented in C), we get a difference for the index tests.

note: `operator.length_hint` is only available in Python 3.4 and later,
so would always fail under Python 2.
 2023-03-20 15:39:20 +01:00
yoff
6639e5a97b Merge pull request #12590 from yoff/python/patch-uninitialized-local 
Python: Patch uninitialized local query
 2023-03-20 15:11:14 +01:00
Rasmus Lerchedahl Petersen
6a5db750c4 python: add test to validation (and fix it) 2023-03-20 15:07:46 +01:00
yoff
17c9ba9872 Merge pull request #12464 from yoff/python/add-test-captured-in-collection 
python: add test for captured variables in lists
 2023-03-20 15:01:58 +01:00
Rasmus Lerchedahl Petersen
b042c60ca3 python: remove outdated comment 2023-03-20 14:13:48 +01:00
Rasmus Lerchedahl Petersen
5f438e433d python: exclude nonlocals from query 2023-03-20 13:34:39 +01:00
Rasmus Lerchedahl Petersen
9b7a20f4ad python: add example showing FP 2023-03-20 13:03:26 +01:00
Rasmus Lerchedahl Petersen
4713ba1e12 python: more results no longer missing 
Adjusted `tracked.ql`
- no need to annotate results on line 0
  this could happen for global SSA variables
- no need to annotate scope entry definitons
  they look a bit weird, as the annotation goes on the
  line of the function definition.
 2023-03-16 12:55:58 +01:00
Rasmus Lerchedahl Petersen
2318752c14 python: add reads of captured variables to 
type tracking and the API graph.

- In `TypeTrackerSpecific.qll` we add a jump step
  - to every scope entry definition
  - from the value of any defining `DefinitionNode`
    (In our example, the definition is the class name, `Users`,
     while the assigned value is the class definition, and it is
     the latter which receives flow in this case.)
- In `LocalSources.qll` we allow scope entry definitions as local sources.
  - This feels natural enough, as they are a local source for the value, they represent.
    It is perhaps a bit funne to see an Ssa variable here,
    rather than a control flow node.
 - This is necessary in order for type tracking to see the local flow
    from the scope entry definition.
- In `ApiGraphs.qll` we no longer restrict the result of `trackUseNode`
  to be an `ExprNode`. To keep the positive formulation, we do not
  prohibit module variable nodes. Instead we restrict to the new
  `LocalSourceNodeNotModule` which avoids those cases.
 2023-03-16 12:55:58 +01:00
Rasmus Lerchedahl Petersen
7e003f63b9 python: add test for flask example 
This is a condensed versio of the user reported example
found [here](eb377d5918/app.py (L278))
The `MISSING` annotation indicates where our API graph falls short.
 2023-03-16 12:53:40 +01:00