hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

9543 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
5e62f54094 Merge pull request #3030 from BekaValentine/python-objectapi-to-valueapi-useimplicitnonereturnvalue 
Python: ObjectAPI to ValueAPI: UseImplicitNoneReturnValue
 2020-03-10 10:38:06 +01:00
Rasmus Wriedt Larsen
1b8154c139 Merge pull request #2925 from BekaValentine/python-objectapi-to-valueapi-callargs 
Python: ObjectAPI to ValueAPI: CallArgs
 2020-03-10 10:26:21 +01:00
Rebecca Valentine
7ce905a310 Python: Adds preliminary modernization 2020-03-09 19:29:47 -07:00
Rebecca Valentine
bbeefd5747 Python: Modernizes query 2020-03-09 19:21:31 -07:00
Rebecca Valentine
047c328c58 Update python/ql/src/semmle/python/objects/ObjectAPI.qll 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 19:20:08 -07:00
Rebecca Valentine
e8708a083f Python: Modernizes query and expecteds 2020-03-09 19:13:54 -07:00
Rebecca Valentine
48e67bca51 Python: Modernizes query 2020-03-09 18:57:42 -07:00
Rebecca Valentine
810efc5ca2 Python: Adds Rasmus's suggestion 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 16:21:34 -07:00
Rebecca Valentine
f4f8c6e1e5 Python: Swaps out element_from_tuple 2020-03-09 16:20:22 -07:00
Taus
be09c17367 Merge pull request #2990 from BekaValentine/python-objectapi-to-valueapi-raisingtuple 
Python: ObjectAPI to ValueAPI: RaisingTuple
 2020-03-10 00:16:12 +01:00
Taus
96e99f55ad Merge pull request #2976 from BekaValentine/python-objectapi-to-valueapi-emptyexcept 
Python: ObjectAPI to ValueAPI: EmptyExcept
 2020-03-09 23:56:27 +01:00
Taus
b51e2a9e80 Merge pull request #2977 from BekaValentine/python-objectapi-to-valueapi-catchingbaseexception 
Python: ObjectAPI to ValueAPI: CatchingBaseException
 2020-03-09 22:54:50 +01:00
Rebecca Valentine
c9c469b201 Python: Modernizes queries 2020-03-09 12:52:33 -07:00
Rebecca Valentine
6a1203a60f Python: Adds modernized predicates 2020-03-09 12:52:15 -07:00
Rebecca Valentine
6636f72e07 Python: Moves more predicates over to suffixed form 2020-03-09 11:59:44 -07:00
Rebecca Valentine
6d10c47cba Python: Moves predicates over to suffixed form 2020-03-09 11:56:57 -07:00
Rebecca Valentine
bf92cee1b1 Python: Updates expected results 2020-03-09 11:16:58 -07:00
Rasmus Wriedt Larsen
a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen
a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
Rasmus Wriedt Larsen
31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Rasmus Wriedt Larsen
0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen
cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Rebecca Valentine
2f3967cf5e Python: Fixes erroneous modernization bug 2020-03-06 18:31:38 -08:00
Rebecca Valentine
3e36c672cf Python: Removes superfluous cast 2020-03-06 13:06:11 -08:00
Rebecca Valentine
7b49c8e6f8 Python: Fixes bug in modernization 2020-03-06 12:47:46 -08:00
Rasmus Wriedt Larsen
8b2c74a4dd Python: Modernise remaining Security/*.qll files 2020-03-06 17:30:02 +01:00
Rasmus Wriedt Larsen
14957345a3 Python: Fix formatting of isLegalExceptionType 2020-03-06 17:27:50 +01:00
Rasmus Wriedt Larsen
70634fe30e Python: Remove usage of deprecated .getValue() 2020-03-06 16:20:31 +01:00
Rasmus Wriedt Larsen
2416cac8f4 Python: Modernise StringKind files 2020-03-06 14:45:03 +01:00
semmle-qlci
3ae1aada37 Merge pull request #2995 from tausbn/python-fix-nested-sequence-assign-cp 
Approved by RasmusWL
 2020-03-06 09:43:24 +00:00
Taus Brock-Nannestad
2face94fa5 Python: Mitigate CP in nested_sequence_assign. 
The problem here was that in the base case, there was no relationship between
`left_parent` and `right_parent`. These could be any two tuples or lists, even
if they were not part of an assignment statement.

To fix this, we add a bit of manual "magic", requiring that both of these
arguments must belong to the left and right-hand sides of the same assignment
statement.

(Note that this is in principle _still_ a gross overapproximation, but since
assignment statements are usually quite restricted in size, I don't expect this
to be a major problem.)
 2020-03-05 14:09:50 +01:00
Rasmus Wriedt Larsen
fb1e993c0f Merge pull request #2963 from BekaValentine/python-objectapi-to-valueapi-advancedformatting 
Python: ObjectAPI to ValueAPI: AdvancedFormatting
 2020-03-05 13:40:02 +01:00
Rebecca Valentine
d535246703 Python: Modernizes query 2020-03-04 17:28:44 -08:00
Rebecca Valentine
646bc29e76 Python: Modernizes query 2020-03-04 17:22:21 -08:00
Rebecca Valentine
b09ab67e75 Python: Modernizes query 2020-03-04 17:10:32 -08:00
semmle-qlci
c4b961c8af Merge pull request #2973 from tausbn/python-fix-or-disable-cps 
Approved by BekaValentine
 2020-03-04 10:36:47 +00:00
Rebecca Valentine
2bcd8c8cb8 Python: Moves query over to modernized predicates 2020-03-03 17:05:47 -08:00
Rebecca Valentine
fa59fc607c Python: Adds modernized predicates 2020-03-03 17:05:29 -08:00
Rebecca Valentine
0f26734e9a Python: Moves more predicates over to suffixed form 2020-03-03 17:04:12 -08:00
Rebecca Valentine
a0cf2cbb13 Python: Moves old predicates to suffixed form 2020-03-03 16:53:56 -08:00
Rebecca Valentine
400a0f5741 Python: Adds preliminary modernization 2020-03-03 16:52:12 -08:00
Rebecca Valentine
b33b222db8 Python: Modernizes query 2020-03-03 16:41:52 -08:00
Rebecca Valentine
88daf65854 Python: Removes obsolete predicates 2020-03-03 16:03:27 -08:00
Rebecca Valentine
3bedd5cb58 Python: Adds modernized predicates and moves query over to them 2020-03-03 16:02:25 -08:00
Rebecca Valentine
5fea31eed1 Python: Moves predicates over to suffixed form 2020-03-03 15:55:40 -08:00
Rebecca Valentine
e39a0c9121 Python: Moves non_local_control_flow to new API, and fixes bug in ClassValue implementation 2020-03-03 15:38:35 -08:00
Taus
02ae0fbda6 Merge pull request #2965 from BekaValentine/python-objectapi-to-valueapi-raising 
Python: ObjectAPI to ValueAPI: Raising
 2020-03-04 00:03:17 +01:00
Rebecca Valentine
ce204ac949 Python: Moves statement out of quantifier that it didnt need to be in 2020-03-03 14:57:30 -08:00
Rebecca Valentine
8e1c089ff3 Python: Removes unused import 2020-03-03 14:38:26 -08:00
Taus Brock-Nannestad
48a47e1b54 Python: Fix broken test output. 2020-03-03 19:45:13 +01:00