hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

9547 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
80745e8881 Python: Model string methods in shared taint tracking library 2020-08-24 13:58:42 +02:00
Rasmus Wriedt Larsen
a77f118b62 Python: Shared taint tracking: Handle string concat + subcript 2020-08-24 13:58:41 +02:00
Rasmus Wriedt Larsen
61f89ca3c3 Python: Add tests for shared taint tracking for strings 
I adopted the TestTaint testing setup that I made for the "old" taint tracking
tests. This time around we should figure out if we can use .qlref or similar so
it doesn't end up in multiple copies that are not kept up to date :|

The `repr` predicate could probably be placed somewhere better. For now I just
wanted something that could help me. I considered just expanding the `repr`
predicate in `ql/src/semmle/python/strings.qll`, but since it's currently used
by queries, I didn't want to do anything about it.

Anyway, the output it gives is much more useful than seeing this ;)

```
| test.py:20 | ok   | str_operations | test.py:20:9:20:10 | ts |
| test.py:21 | fail | str_operations | test.py:21:9:21:18 | BinaryExpr |
| test.py:22 | fail | str_operations | test.py:22:9:22:18 | BinaryExpr |
| test.py:23 | fail | str_operations | test.py:23:9:23:21 | Subscript |
| test.py:24 | fail | str_operations | test.py:24:9:24:13 | Subscript |
| test.py:25 | fail | str_operations | test.py:25:9:25:18 | Subscript |
| test.py:26 | fail | str_operations | test.py:26:9:26:13 | Subscript |
| test.py:27 | fail | str_operations | test.py:27:9:27:15 | str() |
| test.py:35 | fail | str_methods | test.py:35:9:35:23 | Attribute() |
| test.py:36 | fail | str_methods | test.py:36:9:36:21 | Attribute() |
| test.py:37 | fail | str_methods | test.py:37:9:37:22 | Attribute() |
| test.py:38 | fail | str_methods | test.py:38:9:38:23 | Attribute() |
| test.py:40 | fail | str_methods | test.py:40:9:40:19 | Attribute() |
| test.py:41 | fail | str_methods | test.py:41:9:41:23 | Attribute() |
| test.py:42 | fail | str_methods | test.py:42:9:42:36 | Attribute() |
| test.py:44 | fail | str_methods | test.py:44:9:44:25 | Attribute() |
| test.py:45 | fail | str_methods | test.py:45:9:45:45 | Attribute() |
| test.py:47 | fail | str_methods | test.py:47:9:47:21 | Attribute() |
| test.py:48 | fail | str_methods | test.py:48:9:48:19 | Attribute() |
| test.py:49 | fail | str_methods | test.py:49:9:49:18 | Attribute() |
| test.py:51 | fail | str_methods | test.py:51:9:51:32 | Attribute() |
| test.py:52 | fail | str_methods | test.py:52:9:52:34 | Attribute() |
| test.py:54 | fail | str_methods | test.py:54:9:54:21 | Attribute() |
| test.py:55 | fail | str_methods | test.py:55:9:55:19 | Attribute() |
| test.py:56 | fail | str_methods | test.py:56:9:56:18 | Attribute() |
| test.py:57 | fail | str_methods | test.py:57:9:57:21 | Attribute() |
| test.py:58 | fail | str_methods | test.py:58:9:58:18 | Attribute() |
| test.py:59 | fail | str_methods | test.py:59:9:59:18 | Attribute() |
| test.py:60 | fail | str_methods | test.py:60:9:60:21 | Attribute() |
| test.py:62 | fail | str_methods | test.py:62:9:62:26 | Attribute() |
| test.py:63 | fail | str_methods | test.py:63:9:63:42 | Attribute() |
| test.py:65 | fail | str_methods | test.py:65:9:65:26 | Attribute() |
| test.py:66 | fail | str_methods | test.py:66:9:66:42 | Attribute() |
| test.py:69 | fail | str_methods | test.py:69:9:69:25 | Attribute() |
| test.py:70 | fail | str_methods | test.py:70:9:70:26 | Attribute() |
| test.py:71 | fail | str_methods | test.py:71:9:71:22 | Attribute() |
| test.py:72 | fail | str_methods | test.py:72:9:72:21 | Attribute() |
| test.py:73 | fail | str_methods | test.py:73:9:73:23 | Attribute() |
| test.py:78 | ok   | str_methods | test.py:78:9:78:39 | Attribute() |
```
 2020-08-24 13:58:39 +02:00
Taus
b8d6f76749 Merge pull request #4056 from yoff/SharedDataflow_ParameterTests 
Python: Shared dataflow, parameter routing tests
 2020-08-24 11:36:30 +02:00
Rasmus Lerchedahl Petersen
e1343c7f1e Python: Support set literals. 2020-08-21 11:15:04 +02:00
Rasmus Lerchedahl Petersen
ccff84d546 Python: Test flow into conprehension 2020-08-21 10:40:22 +02:00
Rasmus Lerchedahl Petersen
f9b1c5e4bd Python: Fix bug pointed out by reviewer 2020-08-21 10:04:27 +02:00
yoff
bfd9c0860f Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-21 09:43:29 +02:00
yoff
8e2b2540fa Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-21 09:39:00 +02:00
Rasmus Lerchedahl Petersen
94e6fd9199 Python: Convenience methods 
asVar, asCfgNode, and asExpr
 2020-08-20 15:16:23 +02:00
Rasmus Lerchedahl Petersen
5a734730de Python: Control flow nodes are dataflow nodes 
iff they are expression nodes
We could refine this later, but it seems to work for now...
 2020-08-20 15:00:42 +02:00
Rasmus Wriedt Larsen
7fb8e0e277 Python: Add basic shared taint tracking test 2020-08-20 14:49:17 +02:00
Rasmus Wriedt Larsen
0baac8fd54 Python: Adjust shared taint tracking skeleton 
So it fits the setup from Java/Go, with AdditionalTaintStep class.
 2020-08-20 14:49:09 +02:00
Rasmus Lerchedahl Petersen
18e946d4aa Python: Small rearrangement 2020-08-19 17:56:02 +02:00
Rasmus Lerchedahl Petersen
bd53a711d3 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-19 11:42:41 +02:00
Rasmus Lerchedahl Petersen
176aa06fad Python: Address review comments 2020-08-19 09:21:16 +02:00
yoff
5e84754f73 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-19 08:03:47 +02:00
yoff
06bd436aea Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-19 08:02:53 +02:00
yoff
8fbb447f4c Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:02:29 +02:00
yoff
1c3b945e55 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:01:54 +02:00
yoff
43a5e74c65 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:01:42 +02:00
Rasmus Lerchedahl Petersen
de1c75c279 Python: QL format 2020-08-18 16:34:04 +02:00
Rasmus Lerchedahl Petersen
f8364dc74b Python: QL doc 2020-08-18 15:11:20 +02:00
Rasmus Lerchedahl Petersen
aab603d261 Python: QL doc 2020-08-18 14:37:59 +02:00
Rasmus Lerchedahl Petersen
d0eaa13974 Python: Magic -> Special and reaarange classes 2020-08-18 14:14:38 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00
yoff
b9bf11adb4 Update python/ql/src/semmle/python/Magic.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-18 12:59:57 +02:00
yoff
571520602d Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-18 12:59:20 +02:00
yoff
59cee284b5 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-18 12:59:04 +02:00
Rasmus Lerchedahl Petersen
bbf925fcc4 Python: Magic subscript and format 
(this in preparation for addressing reviews)
 2020-08-18 12:56:15 +02:00
Rasmus Lerchedahl Petersen
ca7c045d31 Python: bad re match made the tests fail.. 2020-08-17 16:24:00 +02:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Rasmus Lerchedahl Petersen
8eacef3467 Python: Add QL doc 2020-08-17 12:01:36 +02:00
Rasmus Lerchedahl Petersen
bfdb580206 Python: Experiemntal cleanup strategy 2020-08-17 11:37:52 +02:00
Rasmus Lerchedahl Petersen
7ea3fc04c8 Python: adjust test annotation (for after feature) 2020-08-14 14:46:39 +02:00
Rasmus Lerchedahl Petersen
4bc04486cb Python: Annotate tests (as before the new feature) 2020-08-14 14:41:35 +02:00
Rasmus Lerchedahl Petersen
2817602a97 Merge branch 'master' of github.com:github/codeql into SharedDataflow_ParameterTests 2020-08-14 14:27:57 +02:00
Rasmus Lerchedahl Petersen
e808d3033a Python: Add magic to DataFlowCall 2020-08-14 14:19:18 +02:00
CodeQL CI
e9a36b2524 Merge pull request #4062 from tausbn/python-fix-unknown-import-star 
Approved by yoff
 2020-08-14 13:17:45 +01:00
Rasmus Lerchedahl Petersen
4211f7f346 Merge branch 'master' of github.com:github/codeql into MagicMethods 2020-08-14 13:26:27 +02:00
Rasmus Lerchedahl Petersen
360ddc6314 Python: better charPred 2020-08-14 13:25:17 +02:00
Rasmus Lerchedahl Petersen
9556937840 Python: address review comments 2020-08-14 11:29:58 +02:00
Rasmus Lerchedahl Petersen
5ed3107045 Python: Start scaffold for magic methods 2020-08-14 11:12:23 +02:00
Tom Hvitved
e518cbabd6 Python: Sync data flow files 2020-08-14 11:04:45 +02:00
yoff
8d49ad7325 Update python/ql/test/experimental/dataflow/coverage/datamodel.py 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-14 10:53:37 +02:00
yoff
4b336e9b01 Update python/ql/test/experimental/dataflow/coverage/classes.py 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-14 10:53:10 +02:00
Taus Brock-Nannestad
a1a1218f95 Python: Ignore from foo import * when foo is absent. 2020-08-13 10:50:28 +02:00
Taus Brock-Nannestad
dc5c0f8e7a Python: Add test case for missing modules 2020-08-13 10:49:11 +02:00
Rasmus Lerchedahl Petersen
3f2fcbf0ae Python: Remove most noise in the query output 
Just a quick change, the query should probably be rewritten
 2020-08-13 08:23:12 +02:00
Rasmus Lerchedahl Petersen
2cc7712d40 Python: Annotate test cases 2020-08-13 08:02:42 +02:00