hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

4863 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Rebecca Valentine
4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Rebecca Valentine
c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine
a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine
c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Rasmus Wriedt Larsen
adec76d041 Python: Follow conventions of getASomething 
When multiple results are available, we usually name the function
`getAnArgument` or `getASomething`. The support for django copied the way bottle
did things, so this commits cleans up both
 2020-02-17 16:55:55 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Rebecca Valentine
b665f54a31 Corrects query to use builtin instead of special 2020-02-13 14:48:46 -08:00
Rebecca Valentine
3b45fbc87c Adds rough modernization. 2020-02-13 14:22:00 -08:00
jack1142
e1644dd68b Python: Handle __class_getitem__ in py/not-named-self (#2825) 
Fixes #2824
 2020-02-13 13:38:36 +01:00
Rasmus Wriedt Larsen
1558cf2eae Python: Fix typo (decent => descent) 2020-02-13 13:35:29 +01:00
Rebecca Valentine
65cba82c7e Fixes bug w/ use of pointsTo 2020-02-12 19:45:55 -08:00
Rebecca Valentine
bfb720c7f3 Adds range and tuple types 2020-02-12 19:36:03 -08:00
Rebecca Valentine
3ce250b2cf Adds some debugging changes. 2020-02-12 19:29:42 -08:00
Taus
12113e947f Merge pull request #2603 from RasmusWL/python-fix-http-source-sink 
Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink
 2020-02-12 13:42:22 +01:00
Rebecca Valentine
2270c6c960 Adds modernized files. 2020-02-11 21:45:49 -08:00
Rebecca Valentine
178acc85b9 Adds main modifications. 2020-02-11 21:25:50 -08:00
Rasmus Wriedt Larsen
1f762841ec Python: In py/import-own-module handle from foo import * 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
5cc2efef8e Python: Fix FPs for py/import-own-module 
Before I added `--max-import-depth=2`, there was a bit of trouble, where it
would alert on `from pkg_ok import foo2` -- since all the `pkg_ok.foo<n>`
modules were missing, I guess the analysis didn't make any assumptions on
whether `foo2` is a module or a regular attribute.
 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
d5c6092920 Python: Fix typo (trakcing => tracking) 2020-02-06 11:50:44 +01:00
Rasmus Wriedt Larsen
de63eb1450 Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut 
Python: Remove manual TC from `ssaShortCut`.
 2020-02-04 14:04:25 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2802ac2e72 Python: Add NumericValue 
Since `IntObjectInternal` extends `TInt`, and `TInt` is defined for all
instances of `Builtin.intValue`, and `Builtin.intValue` includes both `int` and
`long`, we don't need to handles Longs in a special manner, as we did in NumericObject.
 2020-02-04 11:39:16 +01:00
Rasmus Wriedt Larsen
d30e6d2b69 Python: Value::forString and friends returns StringValue 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
27a7d09c94 Python: Fix minor problems in security examples 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
5bc592514a Python: Consistenly use "a user-provided value" 
ReflectedXss was the only query that used it with the "a"
 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
cc73352bf6 Merge pull request #2549 from tausbn/python-fix-several-bad-join-orders 
Python: Fix several bad join orders.
 2020-02-03 13:54:36 +01:00
Rasmus Wriedt Larsen
2648e34f1a Python: Autoformat security 2020-01-31 14:49:18 +01:00
Rasmus Wriedt Larsen
72fddaf5ed Merge pull request #2733 from tausbn/python-add-stringvalue 
Python: Extend `Value` API.
 2020-01-31 13:12:14 +01:00
Taus Brock-Nannestad
ba2bbf1788 Python: Extend Value API. 
Adds

- `StringValue` as a new class,
- `Value::booleanValue` which returns the boolean interpretation of the given
  value, and
- `ClassValue::str` which returns the value of the `str` class, depending on the
  Python version.
 2020-01-31 12:33:02 +01:00
Taus
b89273402d Merge pull request #2701 from RasmusWL/python-modernise-metrics 
Python: modernise import related queries
 2020-01-30 14:37:39 +01:00
Anders Schack-Mulligen
743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Rasmus Wriedt Larsen
4ca72de4cd Python: Fix recommended module for deprecated posixfile 
$ python2 -W default -c 'import posixfile'
-c:1: DeprecationWarning: The posixfile module is deprecated; fcntl.lockf() provides better locking

https://docs.python.org/2.7/library/posixfile.html
 2020-01-28 16:44:47 +01:00
Rasmus Wriedt Larsen
6c7cddf258 Python: py/import-deprecated-module handle backwards compatible code 2020-01-28 16:36:47 +01:00
Rasmus Wriedt Larsen
e92d6c0459 Python: Stop py/import-deprecated-module from double alerting 
This changes the location from the import statement, to the actual expression
 2020-01-28 16:15:46 +01:00
Rasmus Wriedt Larsen
7949acc3ef Python: Autoformat 2020-01-28 16:15:21 +01:00
Rasmus Wriedt Larsen
46f4b74134 Python: Fix tornado lib: a redirect is not a http response 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
ee382bb2ea Python: Fix typo (reques => request) 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
2cdbae08b6 Python: Don't make duplicate sink for Tornado handler 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
effa4548ab Python: Add toString to TurboGears HttpResponseTaintSinks 
Naming these were a bit hard, but better than generic "Taint Sink"
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
b36a6aa5b5 Python: Remove unused variable from exists expression 2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen
d67577e66c Python: Modernise import related queries 
Except for Metrics/Dependencies/ExternalDependenciesSourceLinks.ql, since it is
rather tricky :D
 2020-01-27 16:01:25 +01:00