hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

1271 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
72d0dcdaba Python: Workaround for module level items from import * not being LocalSourceNodes 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
6521e5165c Python: Extend import * with plain use 
(no calls or anything)
 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
amammad
6c8cc79b4d v1 2023-10-08 21:24:54 +02:00
Mathew Payne
a23904ca39 Add taint tests 2023-10-02 15:09:11 +01:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Rasmus Lerchedahl Petersen
be506c64ba Python: update test-expectations 
These are semantic differences.
They generally look good, except perhaps
we should exclude illegal package names?
(It passes `legalShortName`, though).
 2023-09-29 15:10:19 +02:00
Rasmus Lerchedahl Petersen
f5059a6918 Python: fix computation at part boundaries 2023-09-26 20:51:15 +02:00
Rasmus Lerchedahl Petersen
cdf1db09bd Python: add test for part boundaries 2023-09-26 20:50:08 +02:00
Rasmus Lerchedahl Petersen
c1ebde4288 Python: improve location computation 2023-09-26 12:08:50 +02:00
Rasmus Lerchedahl Petersen
aa64390af7 Python: add more tests 2023-09-26 10:54:45 +02:00
Rasmus Lerchedahl Petersen
417907b36d Python: switch to inline expectations 2023-09-25 11:44:56 +02:00
Rasmus Wriedt Larsen
db7b1eea55 Merge branch 'main' into maikypedia/python-unsafe-deserialization 2023-09-25 10:29:18 +02:00
Rasmus Wriedt Larsen
a45e10d64f Python: Slight rewrite of numpy test 
To use positional argument for allow_pickle
 2023-09-25 10:25:11 +02:00
Rasmus Wriedt Larsen
d1caa75053 Python: Fix format for pandas.read_pickle 2023-09-25 10:24:27 +02:00
Max Schaefer
6f67055852 Correctly account for length of string literal prefix when computing locations for RegExpTerms. 2023-09-22 11:24:25 +01:00
Max Schaefer
d4ff9c8ed1 Add test for locations of regexp terms. 2023-09-22 11:24:24 +01:00
Maiky
6d0ba5f97b Add allow_pickle to tests 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-09-17 18:53:18 +02:00
Tom Hvitved
d3558f8579 Python: Update expected test output 2023-09-12 21:18:31 +02:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Rasmus Wriedt Larsen
62c2316124 Merge pull request #14084 from RasmusWL/flask-jsonify 
Python: Remove XSS FP from use of `flask.jsonify`
 2023-08-30 13:07:54 +02:00
yoff
ae4c76c788 Merge pull request #13975 from yoff/python/parsemodechars-not-chars 2023-08-29 14:05:57 +02:00
Rasmus Wriedt Larsen
0b2458d065 Python: Improve modeling of Flask jsonify 
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
 2023-08-29 11:11:32 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Lerchedahl Petersen
68cd422788 Python: Fix test expectations 2023-08-25 11:27:53 +02:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
Geoffrey White
f07f97a94e Python: Accept test changes. I think these reflect the 'parse mode chars should not be considered chars' issue. 2023-08-24 10:52:52 +01:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Rasmus Lerchedahl Petersen
e6943ce98e Python: use standard test format 2023-08-15 15:26:18 +02:00
Rasmus Wriedt Larsen
d12743d7c3 Merge pull request #13941 from yoff/python/test-nice-location 
Python: fix nice locations for import aliases
 2023-08-14 21:37:23 +02:00
Rasmus Wriedt Larsen
ca93f4d223 Python: Accept .expected changes 2023-08-11 10:36:05 +02:00
Rasmus Lerchedahl Petersen
e5cd3e8f64 Python: nice locations for import aliases 
These were computed wrongly before.
 2023-08-10 20:27:06 +02:00
Rasmus Lerchedahl Petersen
eac44e89d9 Python: test nice locations 
there are errors both on lines 2 and 3 due to
locations being computed wrongly.
 2023-08-10 14:21:16 +02:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Rasmus Wriedt Larsen
4f47461f60 Python: Add requested test 2023-08-08 10:44:48 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Asger F
eb5c600a6b Python: fix some whitespace 2023-07-13 15:42:34 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Rasmus Wriedt Larsen
991d5cc54b Python: Fix test of HttpResponse.getBody() 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
15269c9166 Python: Add StreamResponse test 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
0f9ab8f53e Python: Fixup tests 
But notice that keyword argument is not handled yet
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
ee1ba71e5d add tests 2023-07-13 13:07:12 +02:00
Rasmus Lerchedahl Petersen
4d2ce6b2e0 python: create shared serverless module and use it 
Modelled on the javascript serverless module, but
- The predicate that reports YAML files is now public
  so languages can implement their own file conventions.
- It also reports framework and runtime.
- The conveninece predicates with files still exist,
  but they only report the path.
- Handler mapping conventions are now documented.
- Use parameterised serverless module in Python,
  tests now pass.
 2023-07-12 16:42:01 +02:00
Rasmus Lerchedahl Petersen
a892e83c8e python: add simple test for AWS lambda 
made space for other serverless frameworks in the directory `serverless`
 2023-07-12 16:42:00 +02:00