hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
Tom Hvitved
b5e2e1e469 Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks 
Data flow: Add consistency checks for parameter positions
 2022-12-06 09:33:36 +01:00
ALJI Mohamed
68fd75ca34 UnpackUnsafe query and tests 2022-12-05 17:20:22 +01:00
Tom Hvitved
8f701cf1cb Python: Update expected test output 2022-12-05 14:33:06 +01:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
Jami Cogswell
25f0a13e15 update python test cases 2022-12-01 11:56:44 -05:00
Rasmus Wriedt Larsen
544de5232c Python: Use ' instead of ` in select text 2022-11-29 14:47:45 +01:00
Rasmus Wriedt Larsen
4e67ec19d0 Python: Adjust alert text of py/pam-auth-bypass 2022-11-28 16:14:38 +01:00
Rasmus Wriedt Larsen
f8442ccb0e Python: Adjust PAM Auth bypass test slightly 2022-11-28 16:08:44 +01:00
Rasmus Wriedt Larsen
fef06679e5 Python: Remove options file for PAM Auth Bypass 
Should not be needed
 2022-11-28 16:03:32 +01:00
Rasmus Wriedt Larsen
479a9e4156 Python: Update .expected 2022-11-28 16:01:42 +01:00
Rasmus Lerchedahl Petersen
91198524cd Python: port py/super-not-enclosing-class 2022-11-23 14:37:45 +01:00
Asger F
1c910550e6 Python: merge package/type columns 2022-11-23 11:17:42 +01:00
Rasmus Wriedt Larsen
5866af413f Merge pull request #11347 from tausbn/python-clean-up-import-resolution 
Python: Add change note for module resolution
 2022-11-22 15:28:38 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
00ec3a23ba Python: Accept fix from module-resolution PR 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
ee2f7401e8 Python: Add generator-flow/dataflow-consistency.ql 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
8de5cfef43 Python: Update dataflow-consistency.expected 
After merging in main
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
c0ad870949 Python: Exclude synthetic generator functions from DataFlowCallable 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
d86f98d60b Python: Accept changes for enclosing-callable test 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
aa382ac042 Python: Add test for strange generator taint flow 
I did check, and this was not a problem with the old call-graph on main!

I'm absolutely baffled!
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
6646e98d20 Python: Fix results outside DB for StackTraceExposure 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
972cfa5cf6 Python: Accept bad StackTraceExposure.expected 
This is only Python 2 though
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
a301c93ebf Python: Fix results outside DB for CleartextLogging 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
0a41d8d2c1 Python: Accept bad CleartextLogging.expected 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
39ce50fadc Python: Fix problems with sinks in pathlib 
This must mean that we did not have this flow with the old call-graph,
which means the new call-graph is doing a better job (yay).
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
edcaff26af Python: Add path-injection test using pathlib 
Since it has the same problem of showing sinks inside the extracted
stdlib
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
9d29a0a044 Python: Accept changes to .expected from more pathlib flow 
But we don't want to keep this, this commit is just to show why we need a fix :)
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
df4d09b3f9 Python: Don't rely on all DataFlowCall being resolved 
I've been living dangerously with that assumption :|
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
c4122275dc Python: Bring back support for flow-summaries 
Also needed to fix up `TestUtil/UnresolvedCalls.qll` after a bad merge
conflict resolution. Since all calls are now DataFlowCall, and not JUST
the ones that can be resolved, we need to put in the restriction that
the callable can also be resolved.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
e5fdeae6fc Python: Add return (func_ref, ...) test 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
fb0cc184d9 Python: Add test of multi func def based on runtime decision 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
276a825cd0 Python: Allow same function name in call-graph tests 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
8a56b48357 Python: Support super().__new__(cls) 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
2b76964f7f Python: Expand tests of __new__ a bit more 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
a4e6433942 Python: add support for type(self)() 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
d43a48c265 Python: Add type(self)() tests 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
16483f7d40 Python: Add funky call-graph regression 
I don't even know how to phrase this :D
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
1e96ced3ab Python: Ignore functions with @property decorator for now 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
cba93ded77 Python: Add test for @property problem 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
b33f02f9dc Python: Fix self-passing problems 
This also fixes performance problems for pandas-dev/pandas
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
722c69edcc Python: Add test showing self type-tracking problems 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
5e5bab5a7c Python: Don't pass synthetic class instance to __new__ on class calls 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
6fefd54533 Python: Consider __new__ a classmethod 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
f040ad8dac Python: Add test of __new__ handling 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
57c7dc8ea9 Python: Allow cls passing to classmethod 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
0cf13e9976 Python: Expand argument highlighting test 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
4416037dc6 Python: Ignore SPURIOUS call-graph edges in points-to vs. type-tracker results 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
6351defe0d Python: Add call-graph tests with isinstance 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
5fc127cb2c Python: Make UnresolvedCalls.qll handle class calls without __init__ 
This commit used to make sense to have here in the ordering of commits,
but due to various rebases it no longer changes any test output..

it's still a good change though, so I'll keep it.
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
98a849405f Python: Add support for late *args arguments 2022-11-22 14:46:30 +01:00