hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

4030 Commits

Author SHA1 Message Date
Rebecca Valentine
8823cdfdbc Merge pull request #1713 from markshannon/python-remove-parents 
Python taint-tracking: Remove 'parents' query from path-queries.
 2019-08-08 10:01:40 -07:00
Rebecca Valentine
56c3a4d6e5 Merge pull request #1632 from markshannon/python-account-for-dynamically-defined-builtin-instances 
Python points-to: track more instances.
 2019-08-08 09:59:11 -07:00
Mark Shannon
c2f9189286 Python: Make a few more expressions point-to the 'unknown' value to improve reachability by about 1%. 2019-08-08 12:01:41 +01:00
Mark Shannon
4b242ddc86 Python: Port a few queries to new API. 2019-08-08 11:58:23 +01:00
Mark Shannon
cb719a8998 Python points-to: track instances of int, float or str without a specific value, and calls to bool(). 2019-08-08 10:49:58 +01:00
Mark Shannon
6bd5158f9e Python taint-tracking: Remove 'parents' query from path-queries, as it unused by the tooling. 2019-08-08 10:15:06 +01:00
Rebecca Valentine
fc4bb028b7 Merge pull request #1636 from markshannon/python-api-odds-and-ends 
Python: Assorted improvements to API.
 2019-08-07 09:50:44 -07:00
Rebecca Valentine
9d2061b439 Merge pull request #1669 from markshannon/python-better-handling-unknown-decorators 
Python: Treat the result of calling a missing module member as 'unknown'.
 2019-08-05 14:30:00 -07:00
Mark Shannon
63f24dfe18 Python: Add some more utility predicates and classes to the new 'Value' API. 2019-08-02 10:50:51 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Mark Shannon
ebd5829bfb Python: Treat the result of calling a missing module member as 'unknown'. 2019-08-01 10:37:41 +01:00
Mark Shannon
5496fa41c8 Python: Add a way to easily specify constant values for in new Value API. 2019-07-31 12:41:51 +01:00
Mark Shannon
f69ea7f65e Python: Add redimentary tests for new Value API. 2019-07-26 15:11:48 +01:00
Taus
8443f68a33 Merge pull request #1624 from markshannon/python-fix-pruning-for-constants 
Python: Fix up pruning in QL to better handle constraints from constants.
 2019-07-26 16:05:14 +02:00
Taus
0258f799df Merge pull request #1591 from markshannon/python-fix-property-setter-handling 
Python: fix property setter handling in points-to.
 2019-07-26 14:01:41 +02:00
Taus
a557c6a3ea Merge pull request #1627 from markshannon/python-points-to-from-comprehensions 
Python points-to: Infer types for comprehensions.
 2019-07-25 16:09:33 +02:00
Mark Shannon
27c0571a86 Python points-to: Infer types for comprehensions. 2019-07-25 14:18:05 +01:00
Taus
85a0566c43 Merge pull request #1597 from markshannon/python-tracking-special-variable-attributes-through-phis 
Python points-to: Track implicit module attributes through phi-nodes.
 2019-07-25 11:43:16 +02:00
Taus
cca1593ea4 Merge pull request #1598 from markshannon/python-better-parameter-api 
Python: Better API for parameters.
 2019-07-25 11:35:51 +02:00
Mark Shannon
2e8c7a9d20 Python points-to: Support property setters and deleters. 2019-07-25 09:35:56 +01:00
Mark Shannon
9b00177544 Python: Add failing test for analysis of property with .setter. 2019-07-25 09:33:41 +01:00
Mark Shannon
05e498dfdc Python: Clarify pruning code. 2019-07-24 14:47:46 +01:00
Mark Shannon
2bdf42388c Python: Fix up pruning in QL to better handle constraints from constants. 2019-07-23 16:28:13 +01:00
Mark Shannon
88f9685d40 Merge rc/1.21 into master 2019-07-18 16:40:32 +01:00
Mark Shannon
c6ae06f1df Python: modernize regex library to use new points-to. 2019-07-18 14:16:57 +01:00
Mark Shannon
54a8c64b23 Python points-to: Remove negative recursion when using legacy points-to in legacy points-to extensions. 2019-07-18 14:16:52 +01:00
Mark Shannon
3035178391 Python: Better API for parameters. 2019-07-16 16:50:40 +01:00
Mark Shannon
b4d413cfa8 Python points-to: Track implicit module attributes through phi-nodes. 2019-07-16 15:39:58 +01:00
Mark Shannon
2c5b1c0810 Fix semantic merge conflict between #1470 and #1487. 2019-07-15 15:34:00 +01:00
Taus
f12c057826 Merge pull request #1470 from markshannon/python-tarslip 
Python: "TarSlip" query
 2019-07-15 12:43:47 +02:00
yh-semmle
a0dc84010a Merge pull request #1518 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-06-28 13:52:18 -04:00
Mark Shannon
8570b4117f Python: Add opaque 'decorated function' for complex decorated functions. Allows finding calls in taint-tracking without contaminating points-to results. 2019-06-28 12:14:10 +01:00
Taus
1b98f248e5 Merge branch 'master' into python-better-handling-calls-on-edge-of-context 2019-06-28 11:27:42 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Taus
2576884667 Merge pull request #1499 from markshannon/python-fix-regex-parsing 
Python regex: Fix handling of character sets.
 2019-06-27 17:49:21 +02:00
Mark Shannon
347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00
Taus
76f8da8986 Merge pull request #1484 from markshannon/python-aggressive-pruning 
Python: Use aggressive dead-code elimination when pruning.
 2019-06-25 19:17:44 +02:00
Mark Shannon
6f1399be9b Python: Better handle calls on edge of context. 2019-06-25 16:15:39 +01:00
Mark Shannon
a917019915 Python: Add failing tests for undefined variable as value and nested 'from import *'. 2019-06-24 14:54:25 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Taus
927d72414b Merge pull request #1483 from markshannon/merge-121 
Merge rc/1.21 into master
 2019-06-21 14:11:07 +02:00
Mark Shannon
a5f741e504 Python: Use aggressive dead-code elimination when pruning. 2019-06-21 13:03:36 +01:00
Taus
832abc7835 Merge pull request #1473 from markshannon/python-points-to-more-unknowns 
Python: Fix getOperand for 'not' node and make sure it can only point-to a boolean.
 2019-06-21 11:03:23 +02:00
Mark Shannon
26f870bc7f Merge branch 'rc/1.21' into master 2019-06-21 09:52:44 +01:00
Mark Shannon
bbf25f3a23 Python points-to. If __all__ is overly complex, treat all 'public' symbols as exported. 2019-06-21 09:47:50 +01:00
Taus
85ad89c299 Merge pull request #1292 from markshannon/python-prune-in-ql 
Python: Do pruning in QL.
 2019-06-19 16:58:27 +02:00
Mark Shannon
39b7a69abd Python: Tarslip query: Fix up sanitizers. 2019-06-19 15:00:02 +01:00
Mark Shannon
6f15c84bdc Python: Tarslip query; Add sink for members and sanitizers for tarinfo objects. 2019-06-19 11:48:31 +01:00
Mark Shannon
e14f7ef466 Python: Tarslip query; track info objects and handle sanitization. 2019-06-19 11:48:31 +01:00
Mark Shannon
ea4e263060 Python: Initial version and help of tar-slip (CWE-022) query. 2019-06-19 11:48:31 +01:00