hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
Tom Hvitved
59efcd593a Python: Update test expectations 2023-02-17 15:20:21 +01:00
Rasmus Wriedt Larsen
39e7bba563 Merge pull request #12203 from RasmusWL/import-resolution-phi 
Python: Handle if-then-else definitions in import resolution
 2023-02-17 10:10:42 +01:00
yoff
2f8dddabb6 Merge pull request #11570 from Sim4n6/UnsafeUnpack 
Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests
 2023-02-17 09:48:05 +01:00
amammad
54582031d8 v1 2023-02-16 17:14:32 +01:00
Rasmus Wriedt Larsen
9ed021ad66 Python: Accept change to WeakFilePermissions.expected 
💪
 2023-02-16 13:27:16 +01:00
Rasmus Wriedt Larsen
766e6c400e Python: Handle if-then-else definitions in import resolution 2023-02-16 11:18:30 +01:00
Rasmus Wriedt Larsen
80f5342a6d Python: Add import regression for if-then-else definitions 2023-02-16 11:12:08 +01:00
Rasmus Wriedt Larsen
c4fbfb0d07 Merge branch 'main' into call-graph-code 2023-02-15 20:15:04 +01:00
Rasmus Wriedt Larsen
66c3529465 Python: Fix import * from __init__.py files 2023-02-15 14:10:37 +01:00
Rasmus Wriedt Larsen
df6039d6cf Python: Add import resolution regression 2023-02-15 13:50:27 +01:00
Rasmus Wriedt Larsen
e1ae3c3cfb Python: sys.exit if import resolution tests fail 2023-02-15 13:44:45 +01:00
erik-krogh
759854991a fix various nits based on feedback 2023-02-15 11:10:43 +01:00
Rasmus Wriedt Larsen
9e2eb56032 Python: Remove support for late *args arguments 
I found this to cause bad performance, so the implementation of this has
to be thought out more carefully.
 2023-02-15 09:42:11 +01:00
Rasmus Wriedt Larsen
1c7fe97427 Python: Add modeling of hmac 2023-02-13 15:39:43 +01:00
Rasmus Wriedt Larsen
df22181963 Python: Add tests of hmac 2023-02-13 15:38:14 +01:00
Sim4n6
d7af80136e Fail tests when missing annotation on sink orfail 2023-02-12 21:27:20 +01:00
Sim4n6
518684b736 Put back the annotation result=BAD 2023-02-12 21:26:12 +01:00
Sim4n6
80d4fb5e33 Organisation TarSlip/UnsafeUnpack into two folders 2023-02-12 10:51:53 +01:00
Sim4n6
b04d5684fb add a blank line at the end of the file 2023-02-09 15:23:58 +01:00
Rasmus Wriedt Larsen
23144f584a Merge branch 'main' into call-graph-code 2023-02-08 16:17:34 +01:00
Taus
080ce09bd7 Python: Update six test expectations 2023-02-07 16:21:15 +00:00
Taus
8dea993f41 Python: Update failing test 
Seems the name for the codec changed between Python 2 and 3. :)
 2023-02-07 16:21:15 +00:00
erik-krogh
cf094c2f4f adjust which folders are seen as exported to remove an FP 2023-02-03 14:47:55 +01:00
erik-krogh
848b24cfe4 adjust concept tests after changing subprocess model 2023-02-03 14:47:55 +01:00
erik-krogh
ef44cb86c2 remove FPs related to parameters that are meant to be commands 2023-02-03 14:47:55 +01:00
erik-krogh
e9ebba3350 assume shell=False for subprocess calls, fixes FPs in e.g. youtube-dl 2023-02-03 14:47:55 +01:00
erik-krogh
d228cf0e7b use more API-nodes to model subprocess.run (and friends) 2023-02-03 14:47:55 +01:00
erik-krogh
bce83bfc4e add failing test for indirectly setting the shell=true flag for subprocess.run 2023-02-03 14:47:55 +01:00
erik-krogh
0a2c7d062c add Fabric test, and add tracking of the shell flag in Fabric 2023-02-03 14:47:55 +01:00
erik-krogh
6bbc4f4a48 add more tests 2023-02-03 14:47:55 +01:00
erik-krogh
33c506d7fe add minimal test for Array join as a sink, and learn that the order is flipped compared to JS. Thanks Copilot! 2023-02-03 14:47:55 +01:00
erik-krogh
5bddfc0d79 add test for f-strings as sink 2023-02-03 14:47:55 +01:00
erik-krogh
47a06d2824 add library inputs as a source, and get minimal test to work 2023-02-03 14:47:55 +01:00
erik-krogh
6e712b293a add tracking of strings to compile-sites for poly-redos, in the style of Ruby 2023-02-02 22:56:20 +01:00
Sim4n6
a0150849cb Updated the expected test file 2023-02-02 21:42:47 +01:00
Sim4n6
1a8c9abee2 Incorporate Sink & Source as steps from TarSlipQry 2023-02-02 21:09:40 +01:00
erik-krogh
52959d7c0a add failing test for not tracking strings to re.compile 2023-02-02 19:10:32 +01:00
Rasmus Wriedt Larsen
db114bb104 Merge branch 'main' into call-graph-code 2023-02-02 11:56:55 +01:00
Erik Krogh Kristensen
01f6862965 Merge pull request #11833 from erik-krogh/trackPyReg 
PY: track string-constants to regular expression uses
 2023-02-01 11:40:42 +01:00
Rasmus Wriedt Larsen
cef933f813 Python: Add comment explaining SINK3_F(kwargs["c"]) test 
Co-authored-by: yoff <yoff@github.com>
 2023-01-27 15:48:59 +01:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Rasmus Wriedt Larsen
02b3a1b515 Python: At most one **kwargs ParameterNode per callable 
Similar to the Ruby changes from
https://github.com/github/codeql/pull/11461

I feel the change to `DataFlowFunciton.getParameter` where we use
`not exists(func.getArgByName(_))` is not very great, but I was not allowed
to use `not exists(this.getParameter(any(ParameterPosition _).isKeyword(_)))`
because of negative recursion.
 2023-01-27 11:14:42 +01:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00