hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

4863 Commits

Author SHA1 Message Date
Mark Shannon
d31e55f88e Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests. 2019-08-29 10:31:50 +01:00
Mark Shannon
78ce19678a Python taint-tracking: Fix up SQL injection query. 2019-08-29 10:31:50 +01:00
Mark Shannon
3f8066878a Python taint-tracking: Fix up handling of contexts for __init__ and for context-free taints. 2019-08-29 10:31:50 +01:00
Mark Shannon
fe9c9d479d Python taint-tracking. Fix bug in legacy API. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
2d9d292ee4 Python: Fix up pi-node handling in taint-tracking. 2019-08-29 10:31:50 +01:00
Mark Shannon
955e54b360 Python: Update unitialized local to use new taint-tracking config. 2019-08-29 10:31:50 +01:00
Mark Shannon
24b4a4102c Python taint-tracking: Further enhancements to new implementation for better debugging and backwards compatibility. 2019-08-29 10:31:50 +01:00
Mark Shannon
1addfaac1a Python taint-tracking: update test results. 2019-08-29 10:31:50 +01:00
Mark Shannon
a7845ae0e1 Python taint-tracking: Remove old implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
133909d7fe Python taint-tracking: Lengthen steps to better conform to old edge relation. 2019-08-29 10:31:50 +01:00
Mark Shannon
da6a66975c Python taint-tracking. Further improvements to new taint-tracking. 2019-08-29 10:31:50 +01:00
Mark Shannon
74f1dd3ec0 Python taint-tracking. Add some tests and fix up various parts of the implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
eed2090168 Python taint-tracking. Fill in most of new configuration-base taint-tracking implementation. 2019-08-29 10:31:47 +01:00
Mark Shannon
e8bd9e7341 Python: Add new API for taint-tracking configuration. As yet, unsupported. 2019-08-29 10:27:08 +01:00
Rebecca Valentine
36f99c19bc Merge pull request #1840 from markshannon/python-better-hasattribute-handling 
Python: Add 'hasAttribute' predicate to ObjectInternal and Value.
 2019-08-28 10:45:44 -07:00
Rebecca Valentine
cac775880f Merge pull request #1839 from markshannon/python-rationalize-library 
Python: rationalize library a bit.
 2019-08-28 10:15:36 -07:00
Rebecca Valentine
ac78d10277 Merge pull request #1821 from markshannon/python-speedup-binary-points-to 
Python points-to: Speed up binaryPointsTo predicate.
 2019-08-28 10:14:40 -07:00
Mark Shannon
5892ce2a2b Python: Implement 'hasAttribute()' on ObjectInternal and use it to implement the same predicate on Value, ModuleObject and ClassObject. 2019-08-28 17:18:25 +01:00
Mark Shannon
f64f6e6d2e Python: Move classes for lists of AST nodes into AstExtended.qll 2019-08-28 15:43:02 +01:00
Mark Shannon
97f9920a69 Python: Move NameNode class in Flow.qll with other CFG classes. 2019-08-28 14:39:27 +01:00
Mark Shannon
68da13cdc2 Python remove a couple of small AST related modules, moving contents to more appropriate modules. 2019-08-28 14:28:04 +01:00
Mark Shannon
ca75a393b4 Python: Remove pruning in QL; rely on the extractor to do it. 2019-08-25 17:03:22 +01:00
Mark Shannon
9b1fbac929 Python points-to: Speed up binaryPointsTo predicate. 2019-08-25 15:14:42 +01:00
Mark Shannon
8909c3d6ab Python: Fix tags and message for CWE-312 queries. 2019-08-23 15:20:19 +01:00
Mark Shannon
20fc64c673 Python: Prevent bad magic in one predicate. 2019-08-23 15:08:19 +01:00
Mark Shannon
4759044ee4 Python tests: Fix up tests for CWE-312 to not use external locations. 2019-08-22 15:27:49 +01:00
Mark Shannon
6cd0087d9d Python: Use Value API for sensitive data analysis. 2019-08-22 15:27:48 +01:00
Mark Shannon
81c65cd37c Add missing html tag 2019-08-22 15:27:48 +01:00
Mark Shannon
15bb8b5f70 Python add new queries for clear-text logging and storage. 2019-08-22 15:27:48 +01:00
Mark Shannon
79ebd5652a Python: Add library support for cookies. Update and extend sensitive data library. 2019-08-22 15:27:48 +01:00
Taus Brock-Nannestad
b9ef8a0526 Python: Extend hasAttribute to unknown-but-defined module variables. 2019-08-22 16:22:53 +02:00
Taus Brock-Nannestad
f9c002e441 Python: Support short mode flags (e.g. re.M) in regexes. 2019-08-22 14:53:58 +02:00
Taus
c595d0f27b Merge pull request #1784 from markshannon/python-move-essa-together 
Python: Move all ESSA related code into one folder.
 2019-08-21 17:51:45 +02:00
Taus Brock-Nannestad
a58c16f91c Python: Prevent bad magic during pruning. 
Fixes the performance regression seen on `uncompyle2` and similar projects.
 2019-08-20 16:18:42 +02:00
Mark Shannon
d8531c46e7 Python ESSA: Move variable definitions into new file and unify 'generic' and 'python specific' parts. 2019-08-20 11:55:41 +01:00
Mark Shannon
523c5b1e1e Python ESSA: Remove unnecessary intermediate class. 2019-08-20 11:41:53 +01:00
Mark Shannon
2ab3bf46cf Python ESSA: Move definition sub-classes from points-to folder to essa folder. 2019-08-20 11:41:53 +01:00
Mark Shannon
e34ccae1fc Python ESSA: Move all Essa code to semmle.python.essa folder. 2019-08-20 11:41:46 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
Mark Shannon
45f5825b47 Python API: Add ClassValue.getABaseType() 2019-08-15 11:35:14 +01:00
Mark Shannon
6c6e35f541 Python: Enhance points-to to support type-hint analysis. 2019-08-15 11:35:14 +01:00
Taus
ee06c4021f Merge pull request #1727 from markshannon/python-no-rhs-tuple-points-to 
Python points-to: Do not track tuples on lhs of assignment or in deletions.
 2019-08-13 10:53:40 +02:00
Taus
5f55cb046d Merge pull request #1691 from markshannon/python-fewer-missing-edges 
Python: Make a few more expressions point-to the 'unknown' value.
 2019-08-12 16:15:09 +02:00
Mark Shannon
96ba9a2dfd Python points-to. Do not track tuples on lhs of assignment or in deletions. 2019-08-12 11:04:28 +01:00
Rebecca Valentine
8823cdfdbc Merge pull request #1713 from markshannon/python-remove-parents 
Python taint-tracking: Remove 'parents' query from path-queries.
 2019-08-08 10:01:40 -07:00
Rebecca Valentine
56c3a4d6e5 Merge pull request #1632 from markshannon/python-account-for-dynamically-defined-builtin-instances 
Python points-to: track more instances.
 2019-08-08 09:59:11 -07:00
Mark Shannon
e6b27b37b2 Python: Update incorrect comparison queries to use new API. WORK IN PROGRESS. 2019-08-08 12:06:22 +01:00
Mark Shannon
c2f9189286 Python: Make a few more expressions point-to the 'unknown' value to improve reachability by about 1%. 2019-08-08 12:01:41 +01:00
Mark Shannon
4b242ddc86 Python: Port a few queries to new API. 2019-08-08 11:58:23 +01:00