hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

9543 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Rasmus Wriedt Larsen
e7fdfd3d3e Python: Move subprocess.call so super-class detection works 
This is a temporary fix!

Added minimal working example (MWE) as a regression, so it's easier to fix the
real problem.

only Python 3 is facing the problem -- and without --max-import-depth=1 the test
times out at 10 minutes :O
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
d7b803a859 Python: Fix modernisation of py/iteration-string-and-sequence 
Introduced a regression, since the old code was:

```
predicate is_a_string_type(ClassObject seqtype) {
    seqtype = theBytesType() and major_version() = 2
    or
    seqtype = theUnicodeType()
}
```

but *now* we're good!
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
0509228296 Python: Make ModelUsage test language agnostic 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
87eff7f062 Python: More iterator => iterable renaming 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
82b29b5698 Python: Recognize shebangs in module usage detection 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
01f5b3dc63 Python: Add a script that we can't classify usage of 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
3e7e9636ea Python: Add ModuleValue.{isUsedAsModule, isUsedAsScript} 
and a few test cases
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
b4ab0b55be Python: Modernise Statements/RedundantAssignment 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
79a4d7e9cc Python: Add some confusing (but valid) property tests 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
67e9edb820 Python: Add PropertyValue 
+ Extend PropertyInternal.getSetter to handle non-decorator
+ Add PropertyInternal.getDeleter

It seems like a bit hacky way to do things, since we're not using the
PropertySetterOrDeleter class at all, but for now I'll leave it be.
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
e747add485 Python: Descriptor tests fixup (3/3) 
Better tests for properties
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
aed7bfb820 Python: Descriptor tests fixup (2/3) 
Test format improved
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
3f49aeecfe Python: Descriptor tests fixup (1/3) 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
13568b7b9f Python: Modernise Statements/ queries 
Almost. Left out a few things marked with TODO
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
83d40f167b Python: Update py/ineffectual-statement 
e.(StrConst).isDocString() can only hold if e instanceof StrConst, since we have
that condition on the line above, we can safely remove this condition.
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
6e349eb6e7 Python: Make py/side-effect-in-assert handle example 
Also removed parantheses
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
ae8dbd81f3 Python: Update test-file for py/redundant-assignment 
now the test code can be pasted, and actually works ;)
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
381668871d Python: Autoformat statements 2020-02-19 14:05:55 +01:00
Rebecca Valentine
2fa20eb805 Fixes bug introduced by merge of foresight additions. 2020-02-18 21:37:52 -08:00
Rebecca Valentine
7997e1dc98 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-02-18 21:33:12 -08:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine
810efef9de Adds python3 test 2020-02-18 15:02:47 -08:00
Rebecca Valentine
e55f01d905 Adds new UseofApply test case and results to the Python2 tests dir 2020-02-18 12:12:25 -08:00
Rebecca Valentine
9338d21aaf Removes unnecessary explanation 2020-02-18 11:43:43 -08:00
Rebecca Valentine
4059a99da6 Autoformats the query 2020-02-18 11:43:31 -08:00
Rebecca Valentine
d0617ef7bc Autoformat 2020-02-18 09:00:31 -08:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Rasmus Wriedt Larsen
1826abcdda Python: Autoformat django/General.qll 
Should get into the habbit of doing this, but this time it slipped :P
 2020-02-18 11:26:16 +01:00
Rasmus Wriedt Larsen
48c1c598bc Python: Write DjangoRegexRoute in more modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:25:27 +01:00
Rasmus Wriedt Larsen
ed9aa7dced Python: Write DjangoPathRoute in modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:24:24 +01:00
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Rebecca Valentine
4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Rebecca Valentine
c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine
13cd8d2435 Fixes expected results bug 2020-02-17 11:47:03 -08:00
Rebecca Valentine
a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine
c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Rasmus Wriedt Larsen
adec76d041 Python: Follow conventions of getASomething 
When multiple results are available, we usually name the function
`getAnArgument` or `getASomething`. The support for django copied the way bottle
did things, so this commits cleans up both
 2020-02-17 16:55:55 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Rasmus Wriedt Larsen
a3c6472b9b Python: Improve django tests (and prepare for v2 + v3 support) 2020-02-17 16:39:01 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Rebecca Valentine
6a04004d94 Adds test cases and qlref. 2020-02-13 14:49:01 -08:00
Rebecca Valentine
b665f54a31 Corrects query to use builtin instead of special 2020-02-13 14:48:46 -08:00
Rebecca Valentine
3b45fbc87c Adds rough modernization. 2020-02-13 14:22:00 -08:00
jack1142
e1644dd68b Python: Handle __class_getitem__ in py/not-named-self (#2825) 
Fixes #2824
 2020-02-13 13:38:36 +01:00
Rasmus Wriedt Larsen
1558cf2eae Python: Fix typo (decent => descent) 2020-02-13 13:35:29 +01:00