hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
1013fb7b25 Update .expected file for Python 3 tests. 2019-09-11 14:13:05 +02:00
Rebecca Valentine
9eebe00b33 Merge pull request #1869 from taus-semmle/python-fix-typehint-divergence 
Python: Prevent divergence in type-hint analysis. (ODASA-8075)
 2019-09-06 14:33:20 -07:00
Taus Brock-Nannestad
8882f1410a Add test cases for nested subscripts. 2019-09-06 12:01:18 +02:00
Taus Brock-Nannestad
2d45c23d19 Comment out diverging example for now. 
Otherwise it'll keep timing out until the fix has been pushed to LGTM.com
 2019-09-05 13:18:01 +02:00
Taus Brock-Nannestad
d336140c19 Python: Modernise the py/non-iterable-in-for-loop query. 
Also adds a small test case exhibiting the same false positive seen in
ODASA-8042.
 2019-09-05 12:24:51 +02:00
Taus Brock-Nannestad
4440e02fa5 Add test case for divergence. 2019-09-04 13:23:06 +02:00
Taus
f8bd3770d6 Merge pull request #1848 from markshannon/python-rationalize-taint-tracking 
Python: Move TaintTracking.qll
 2019-08-30 16:21:49 +02:00
Mark Shannon
637677d515 Python: Move TaintTracking.qll from semmle.python.security to semmle.python.dataflow, for consistency with other code. 2019-08-30 12:57:47 +01:00
Mark Shannon
3f740d6efe Python: Update CWE-312 queries to use new taint-tracking configuration. 2019-08-30 11:21:04 +01:00
Mark Shannon
811815aa4e Merge branch 'master' into python-cwe-312 2019-08-30 10:39:04 +01:00
Mark Shannon
989d7aeace Merge branch 'master' into python-cwe-312 2019-08-29 15:57:49 +01:00
Mark Shannon
22f55d25c2 Python taint-tracking. Reorder columns in some tests for easier comprehension of expected output. 2019-08-29 14:36:10 +01:00
Mark Shannon
e51b797c03 Python taint-tracking. Add an adapter for old 'dataflow config'. 2019-08-29 14:30:09 +01:00
Mark Shannon
179f4ee88f Python taint-tracking: Add documented example test. 2019-08-29 13:03:58 +01:00
Mark Shannon
10fddbc19b Python new taint-tracking: Fix some typos and clarify documentation. 2019-08-29 11:03:35 +01:00
Mark Shannon
76c11c4575 Python: Update a test result. 2019-08-29 10:31:50 +01:00
Mark Shannon
e5900921e7 Python taint-tracking: Remove warnings from test output. 2019-08-29 10:31:50 +01:00
Mark Shannon
c7ec5690a5 Python taint-tracking: make sure all features of legacy extensions are supported. 2019-08-29 10:31:50 +01:00
Mark Shannon
64c160b75c Python taint-tracking: Fix ambiguous flow through class instantiation. Tweak the path query to ensure edge to sink is always present. 2019-08-29 10:31:50 +01:00
Mark Shannon
d31e55f88e Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests. 2019-08-29 10:31:50 +01:00
Mark Shannon
78ce19678a Python taint-tracking: Fix up SQL injection query. 2019-08-29 10:31:50 +01:00
Mark Shannon
3f8066878a Python taint-tracking: Fix up handling of contexts for __init__ and for context-free taints. 2019-08-29 10:31:50 +01:00
Mark Shannon
fe9c9d479d Python taint-tracking. Fix bug in legacy API. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
2d9d292ee4 Python: Fix up pi-node handling in taint-tracking. 2019-08-29 10:31:50 +01:00
Mark Shannon
24b4a4102c Python taint-tracking: Further enhancements to new implementation for better debugging and backwards compatibility. 2019-08-29 10:31:50 +01:00
Mark Shannon
1addfaac1a Python taint-tracking: update test results. 2019-08-29 10:31:50 +01:00
Mark Shannon
a7845ae0e1 Python taint-tracking: Remove old implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
74f1dd3ec0 Python taint-tracking. Add some tests and fix up various parts of the implementation. 2019-08-29 10:31:50 +01:00
Rebecca Valentine
36f99c19bc Merge pull request #1840 from markshannon/python-better-hasattribute-handling 
Python: Add 'hasAttribute' predicate to ObjectInternal and Value.
 2019-08-28 10:45:44 -07:00
Mark Shannon
1c8ce418d9 Python: Add test to confirm #1212 is fixed. 2019-08-28 12:01:04 +01:00
Pavel Avgustinov
b3081154fa Merge pull request #1823 from markshannon/python-dont-prune-in-ql 
Python: removing pruning in QL.
 2019-08-27 11:32:23 +01:00
Mark Shannon
f11d0638cf Python: Remove tests for pruning in QL. 2019-08-25 17:00:08 +01:00
Pavel Avgustinov
da29d99560 Merge branch 'master' of github.com:Semmle/ql into attribute 2019-08-23 21:47:31 +01:00
Mark Shannon
8909c3d6ab Python: Fix tags and message for CWE-312 queries. 2019-08-23 15:20:19 +01:00
Pavel Avgustinov
cc854dd937 Merge branch 'master' of github.com:Semmle/ql into attribute 2019-08-23 09:55:35 +01:00
Taus Brock-Nannestad
92f48191c2 Update test results for UndefinedGlobal.ql. 2019-08-22 17:53:36 +02:00
Taus Brock-Nannestad
b82ebf2a37 Add tests. 2019-08-22 16:30:14 +02:00
Mark Shannon
4759044ee4 Python tests: Fix up tests for CWE-312 to not use external locations. 2019-08-22 15:27:49 +01:00
Mark Shannon
9df205b288 Python tests: Fix up CWE-327 tests to use new sensitive-data library. 2019-08-22 15:27:48 +01:00
Mark Shannon
6cd0087d9d Python: Use Value API for sensitive data analysis. 2019-08-22 15:27:48 +01:00
Mark Shannon
816938369e Python: Add tests for clear-text storage and logging. 2019-08-22 15:27:48 +01:00
Taus Brock-Nannestad
f9c002e441 Python: Support short mode flags (e.g. re.M) in regexes. 2019-08-22 14:53:58 +02:00
Taus
ae2a68b988 Merge pull request #1791 from markshannon/python-revert-tests 
Python: Revert and update tests removed in #1767
 2019-08-22 11:20:24 +02:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
Pavel Avgustinov
cb3551b4d6 Merge commit '76982404' into attribute 2019-08-21 12:44:07 +01:00
Mark Shannon
523c5b1e1e Python ESSA: Remove unnecessary intermediate class. 2019-08-20 11:41:53 +01:00
Mark Shannon
e34ccae1fc Python ESSA: Move all Essa code to semmle.python.essa folder. 2019-08-20 11:41:46 +01:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00