hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

9593 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
1562f5c69a Python: General comment on dataflow 
between SSA variables and control flow nodes
 2020-06-18 07:52:29 +02:00
Rasmus Lerchedahl Petersen
d283919b92 Python: implemented ParameterNode, updated test 2020-06-18 07:45:16 +02:00
Rasmus Lerchedahl Petersen
c20219c2b9 Python: more local flow and more tests 2020-06-17 20:48:06 +02:00
Rasmus Lerchedahl Petersen
ce57a28c8f Python: Use CallableValue and improve tests 2020-06-17 19:12:10 +02:00
Rasmus Lerchedahl Petersen
f24dc69e1d Python: add flow from ArgumentNodes 2020-06-17 18:36:50 +02:00
Rasmus Lerchedahl Petersen
a45b5a7d3c Python: Implemented return node 
but I think they receive no flow
 2020-06-17 17:41:43 +02:00
Rasmus Lerchedahl Petersen
25d624d64b Python: Implement parameter nodes 2020-06-17 16:59:19 +02:00
Rasmus Lerchedahl Petersen
8e51b2fed8 Python: refactor test for global flow 2020-06-17 16:43:11 +02:00
Rasmus Lerchedahl Petersen
71f364eef3 Python: Implement OutNode 
Also, fix test for local flow
 2020-06-17 16:24:44 +02:00
Rasmus Lerchedahl Petersen
52898f16f5 Python: update paths after move 2020-06-17 08:34:45 +02:00
Rasmus Lerchedahl Petersen
47f5b04e87 Python: fix identical-files.json after move 
also more grouping
 2020-06-17 07:08:46 +02:00
Rasmus Lerchedahl Petersen
e192b66116 Python: move shared dataflow to experimental 2020-06-17 06:46:46 +02:00
Rasmus Lerchedahl Petersen
0f77403f0e Python: small start on global flow 
need to actually have `OutNode`s
 2020-06-16 15:36:03 +02:00
Rasmus Lerchedahl Petersen
f3e879a5ab Python: small test of local flow 2020-06-16 14:31:22 +02:00
Rasmus Lerchedahl Petersen
0abba238cc Python: bit more local flow and fix ql docs 2020-06-16 08:21:32 +02:00
Rasmus Lerchedahl Petersen
ad04ec554a Python: group related predicates 
also restore accidentally removed comment
 2020-06-16 07:30:44 +02:00
Rasmus Lerchedahl Petersen
f8eb5839cd Python: start on local flow 2020-06-15 16:25:41 +02:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00
Rasmus Lerchedahl Petersen
6dfb3a5df8 Python: Address QL docs 2020-06-15 11:50:07 +02:00
Rasmus Wriedt Larsen
7601bd497e Python: Add tests for re.escape FP 2020-06-15 11:34:42 +02:00
Rasmus Lerchedahl Petersen
1af2e56894 Summary of recent meeting. 
Perhaps a not-python-specific version of this
could go into the shared implementation.
 2020-06-15 08:01:02 +02:00
Rasmus Lerchedahl Petersen
375da38765 Python: Minimal compilation of shared dataflow 2020-06-12 11:48:41 +02:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
Rasmus Wriedt Larsen
a24974b194 Python: Add missing <p> to qhelp 2020-06-11 11:45:38 +02:00
Rasmus Wriedt Larsen
33a9fb6034 Python: Reorder XSLT qhelp to be valid 2020-06-11 11:30:54 +02:00
Rasmus Lerchedahl Petersen
b5703cd3f6 Python: link to FP report in test file 2020-06-11 07:14:48 +02:00
semmle-qlci
4cdb3c13df Merge pull request #3658 from RasmusWL/python-3.8-dict-ismapping 
Approved by tausbn
 2020-06-10 17:19:49 +01:00
semmle-qlci
f7c6b1364b Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert 
Approved by tausbn
 2020-06-10 17:19:22 +01:00
Rasmus Wriedt Larsen
ce1f0a39ac Python: Minor fixup of qhelp for XPath injection 2020-06-10 16:59:40 +02:00
Rasmus Wriedt Larsen
48b2d2cc5c Python: Make isSequence() and isMapping() tests version specific 
Since unicode/bytes difference, output can't match between Python 2 and Python 3.
 2020-06-10 16:43:56 +02:00
Rasmus Wriedt Larsen
721713b9e1 Python: Minor fixes from code review 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-06-10 16:14:21 +02:00
Taus
5b0d92d72b Merge pull request #3464 from yoff/UnicodeEscape 
Python: Handle more escapes in regexes
 2020-06-10 15:47:09 +02:00
Rasmus Wriedt Larsen
f73876e6ce Python: Modernise ShouldBeContextManager 2020-06-10 11:53:11 +02:00
Rasmus Wriedt Larsen
37cfb5400d Python: Modernise RatioOfDefinitions 2020-06-10 11:51:41 +02:00
Rasmus Wriedt Larsen
bacd491875 Python: Fix isSequence() and isMapping() 2020-06-09 14:21:02 +02:00
Rasmus Wriedt Larsen
846101d295 Python: Extend isSequence/isMapping test with custom classes 2020-06-09 14:04:14 +02:00
Rasmus Wriedt Larsen
65ce6d27ff Python: Update isSequence() and isMapping() for Python 3.8 2020-06-09 11:57:00 +02:00
Rasmus Wriedt Larsen
958763edc2 Python: Add test for ClassValue.isSequence() and isMapping() 
For Python 3.6
 2020-06-09 11:55:22 +02:00
semmle-qlci
1a7570ebbe Merge pull request #3563 from RasmusWL/python-fabric-execute 
Approved by tausbn
 2020-06-08 16:00:49 +01:00
Rasmus Wriedt Larsen
baa415fec8 Python: Add points-to regression for metaclass 2020-06-08 15:03:46 +02:00
Rasmus Wriedt Larsen
7c037cd2ab Python: Handle Enum._convert in Python 3.8 2020-06-08 14:49:58 +02:00
porcupineyhairs
6dd9106301 Update XSLT.qll 2020-06-08 03:12:23 +05:30
Porcupiney Hairs
424e88d318 include sugestions from review 2020-06-08 02:52:11 +05:30
Porcupiney Hairs
1ceb963d4c Python : Add support for detecting XSLT Injection 
This PR adds support for detecting XSLT injection in Python.
I have included the ql files as well as the tests with this.
 2020-06-07 03:05:50 +05:30
Rasmus Wriedt Larsen
1ff369f62d Python: Update test results for fabric.api.execute 2020-06-04 16:30:03 +02:00
Robert Brignull
6e0552c074 add more code-scanning suites 2020-06-01 11:45:46 +01:00
Rasmus Wriedt Larsen
551420401a Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-29 14:27:07 +02:00
Rasmus Wriedt Larsen
48be57c8fd Python: Improve QLDoc for ExternalStringDictKind 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
b083c01520 Python: Deprecate StringDictKind 
This QL

```codeql
import python
import semmle.python.dataflow.TaintTracking
import semmle.python.security.strings.Untrusted

from CollectionKind ck
where
    ck.(DictKind).getMember() instanceof StringKind
    or
    ck.getMember().(DictKind).getMember() instanceof StringKind
select ck, ck.getAQlClass(), ck.getMember().getAQlClass()
```

generates these 6 results.

```
1	{externally controlled string}          ExternalStringDictKind	UntrustedStringKind
2	{externally controlled string}	        StringDictKind	        UntrustedStringKind
3	[{externally controlled string}]	SequenceKind	        ExternalStringDictKind
4	[{externally controlled string}]	SequenceKind	        StringDictKind
5	{{externally controlled string}}	DictKind	        ExternalStringDictKind
6	{{externally controlled string}}	DictKind	        StringDictKind
```

StringDictKind was only used in *one* place in our library code. As illustrated
above, it pollutes our set of TaintKinds. Effectively, every time we make a
flow-step for dictionaries with tainted strings as values, we do it TWICE --
once for ExternalStringDictKind, and once for StringDictKind... that is just a
waste.
 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
87bc8ae28d Python: Don't use UntrustedStringKind in web lib 
If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.
 2020-05-29 12:06:57 +02:00