hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
Arthur Baars
5b6d3afd89 Python: Yaml printAst and tests 2023-04-26 13:41:57 +02:00
Rasmus Lerchedahl Petersen
824d4d5413 python: fix test expectations 
also rename `collections.py` so it does not
clash with the standard library name.
This clash is an issue when testing locally.
 2023-04-26 13:31:37 +02:00
Rasmus Wriedt Larsen
b178c9cfe6 Python: Accept dataflow/basic/*.expected 2023-04-26 13:30:11 +02:00
Rasmus Wriedt Larsen
3f39648065 Python: Remove duplicated test 2023-04-26 13:30:11 +02:00
Rasmus Wriedt Larsen
1a97e8f329 Python: Add flow-step for arg[1] to dict.setdefault 2023-04-26 13:30:11 +02:00
Rasmus Lerchedahl Petersen
0338d4ef9c This was the case locally, but not in CI.. 🤷 
Revert "python: no longer missing"

This reverts commit f796177b69.
 2023-04-25 21:34:27 +02:00
Rasmus Lerchedahl Petersen
f796177b69 python: no longer missing 2023-04-25 14:24:26 +02:00
Rasmus Lerchedahl Petersen
141c5af30e Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-25 14:07:11 +02:00
yoff
b35637e1c5 Merge pull request #12858 from RasmusWL/paramiko-modeling 
Python: Expand modeling of `paramiko`
 2023-04-25 14:04:50 +02:00
Rasmus Wriedt Larsen
7453533ba4 Python: Expand setdefault tests 2023-04-24 12:29:58 +02:00
Rasmus Wriedt Larsen
7fa84a3613 Python: Only test UnsafeUnpacking with Python 3 
Apparently the fixup of .expected in the latest commit was only required
when extracting as Python 3, but not as Python 2... I honestly don't
understand why.
 2023-04-24 12:29:58 +02:00
Rasmus Lerchedahl Petersen
a25c7f7549 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-24 11:50:32 +02:00
Rasmus Wriedt Larsen
b60cab254a Python: Accept .expected change 2023-04-21 15:25:47 +02:00
Rasmus Wriedt Larsen
f80a0916ac Python: Don't report get/setdefault as unresolved calls for dict tests 2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen
b56869551d Python: Support more dictionary read/store steps 
The `setdefault` behavior is kinda strange, but no reason not to support
it.
 2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen
6e31f64aaa Python: Add test for dictionary flow 2023-04-21 14:18:46 +02:00
Rasmus Wriedt Larsen
a168af349e Python: Expand modeling of paramiko 2023-04-18 11:57:20 +02:00
Rasmus Wriedt Larsen
a5a0861be0 Python: Expand test of py/paramiko-missing-host-key-validation 2023-04-18 11:56:07 +02:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
yoff
9e3d57d442 Update python/ql/test/library-tests/ApiGraphs/py3/test_captured_flask.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-04-11 14:34:40 +02:00
Rasmus Wriedt Larsen
f3937a4a12 Python: Update .expected from PostUpdateNode commit 2023-03-30 10:17:33 +02:00
Raul Garcia
cf8a683d7d Merge branch 'main' into main 2023-03-29 20:27:03 -07:00
Rasmus Wriedt Larsen
86333e3ba5 Python: Remove duplicate results from azure blob query 2023-03-29 11:47:29 +02:00
Rasmus Wriedt Larsen
32d52c023e Python: Allow any order for azure blob query 
By only allowing the sink in the state where encryption v1 is used, we
can handle the new case where the order of attribute assignment is
flipped.

However, we get a few too many paths because we can have multiple
sources reaching the same sink... let's fix in next commit.
 2023-03-29 11:42:01 +02:00
Rasmus Wriedt Larsen
480f171d9b Python: Add azure blob tests with swapped order 
Just shows we need to use some state in the query to get the correct
behavior.
 2023-03-29 11:25:37 +02:00
Rasmus Wriedt Larsen
683985a00a Python: Expand azure blob modeling 
Now we can differentiate between the classes
 2023-03-29 11:24:36 +02:00
Rasmus Wriedt Larsen
8ea6b6f256 Python: Update py/azure-storage/unsafe-client-side-encryption-in-use to use datafow 2023-03-28 10:09:22 +02:00
Rasmus Wriedt Larsen
691ffcd3a4 Python: Add tests of py/azure-storage/unsafe-client-side-encryption-in-use 
Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.
 2023-03-28 10:05:09 +02:00
Taus
df192383b2 Merge pull request #9722 from ahmed-farid-dev/timing-attack-py 2023-03-27 18:09:35 +02:00
Rasmus Wriedt Larsen
0b9d16a43e Merge pull request #12636 from RasmusWL/sql-modeling 
Python: Some more SQL modeling
 2023-03-27 15:52:30 +02:00
Taus
af060e8c6b Merge branch 'main' into timing-attack-py 2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Taus
eaf2930205 Python: Accept test changes 
(These look like they were the result of changes elsewhere in the
analysis.)
 2023-03-27 12:17:13 +00:00
yoff
2121ed784f Merge branch 'main' into python/rewrite-InsecureContextConfiguration 2023-03-27 10:20:53 +02:00
Taus
11c89adbe3 Merge branch 'main' into timing-attack-py 2023-03-24 15:40:33 +01:00
Taus
c0eb611dae Merge pull request #12244 from RasmusWL/import-refined 
Python: Fix import of refined variable
 2023-03-24 13:22:19 +01:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
Rasmus Wriedt Larsen
7b3f710e91 Python: Model aiosqlite 2023-03-22 15:51:47 +01:00
Rasmus Wriedt Larsen
2b4ebf7377 Python: Add support for .executescript 2023-03-22 15:20:06 +01:00
Rasmus Wriedt Larsen
5930499f1d Python: Add test for missing .executescript SQL method 2023-03-22 14:57:08 +01:00
Rasmus Wriedt Larsen
170a93cc4f Python: Model cassandra-driver PyPI package 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
e4db5f9a64 Python: Model asyncpg.connection.connect() 2023-03-22 10:28:04 +01:00
Rasmus Wriedt Larsen
4f9117963d Python: Model sqlite3.dbapi2 2023-03-22 10:28:04 +01:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
Rasmus Wriedt Larsen
b2f34ef4b1 Merge branch 'main' into import-refined 2023-03-21 15:12:11 +01:00
yoff
e21e630316 Merge branch 'main' into python/add-test-to-valid 2023-03-21 14:47:17 +01:00
Rasmus Wriedt Larsen
e90559b86d Python: Add missing options files 
I could not for the life of me figure out why the tests were failing,
when they were working for me locally 🤦
 2023-03-21 10:24:28 +01:00
Rasmus Wriedt Larsen
346086524b Python: Accept dataflow-consistency test changes 
To PRs must have had a conflict when merged separately
 2023-03-21 10:09:01 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Rasmus Wriedt Larsen
2ee09cc5d1 Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00