hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4612 Commits

Author SHA1 Message Date
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00
Mark Shannon
35e82dca68 Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same. 2019-04-04 10:56:45 +01:00
Mark Shannon
f8c43ca40b Python: make sure all django and flask request sources conform to interface. 2019-04-04 10:56:45 +01:00
Mark Shannon
61e6ae7c4a Python: Use new taint-tracking query in unsafe deserialization query. 2019-04-04 10:56:45 +01:00
Mark Shannon
3c1a5bb046 Python: Use new taint-tracking query in code-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
64e8be6ed1 Python: Use new taint-tracking query in reflected-xss query. 2019-04-04 10:56:44 +01:00
Mark Shannon
7fc5d690cd Python: Use new taint-tracking query in SQL-injection query. 2019-04-04 10:56:44 +01:00
Taus
b79b53f5e3 Merge pull request #1103 from markshannon/python-encapsulate-builtins 
Python: encapsulate extensionals dealing with 'builtin' objects.
 2019-04-03 15:20:42 +02:00
Jonas Jensen
eae2fe5a16 Merge pull request #1190 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-02 15:29:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Taus
eb5927a197 Merge branch 'master' into python-encapsulate-builtins 2019-03-27 15:40:34 +01:00
Taus
046a485dff Merge pull request #1170 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-03-26 19:28:36 +01:00
Taus
52d8ca09ab Merge pull request #1169 from markshannon/python-speedup-flow-step 
Python: Speed up taint-tracking
 2019-03-26 16:58:47 +01:00
Mark Shannon
058ae7befc Merge pull request #1142 from taus-semmle/python-use-new-moduleobject-api 
Python: Use new `ModuleObject` API more widely.
 2019-03-26 15:02:44 +00:00
Mark Shannon
1e1903b6ac Python taint-tracking: Avoid computing many redundant copies of flow step for dicts and sequences. 2019-03-26 14:41:03 +00:00
Taus
702fc80054 Merge pull request #1166 from Semmle/rc/1.20 
Merge rc/1.20 into master
 2019-03-26 13:09:40 +01:00
Mark Shannon
2f0bb828c8 Python: Tweak wording of qldoc. 2019-03-25 17:35:23 +00:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00
Mark Shannon
57368921d2 Python: Fix Builtin.isClass() and use in ClassObject. Also fix a couple of typos. 2019-03-22 10:00:14 +00:00
Taus
36c7a8430a Merge pull request #1112 from markshannon/python-forward-compatible-points-to-extensions 
Python: Allow points-to extensions to specify just the object.
 2019-03-21 19:20:44 +01:00
Mark Shannon
8ab4dae2fa Merge pull request #1150 from taus-semmle/python-fix-insecure-default-protocol-fp 
Python: Fix false positive for `py/insecure-default-protocol`.
 2019-03-21 18:16:05 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Taus Brock-Nannestad
391e111189 Use attr instead of getAttribute. 2019-03-20 17:41:23 +01:00
Taus Brock-Nannestad
f14f7b50ed Python: Use ModuleObject::named more consistently. 2019-03-20 17:41:23 +01:00
Taus Brock-Nannestad
c64372886c Fix typo. 2019-03-20 17:15:41 +01:00
Taus Brock-Nannestad
a6708572c0 Python: Copy query suites from python2 to python. 2019-03-20 15:33:54 +01:00
Mark Shannon
9d31d09f08 Python encapsulate extensionals dealing with 'builtin' objects. 2019-03-19 14:45:37 +00:00
Taus Brock-Nannestad
c7c6c83627 Address review comments. 2019-03-19 15:44:11 +01:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Taus Brock-Nannestad
52278b25d9 Python: Add query for insecure SSH host key policies in Paramiko. 2019-03-18 16:45:54 +01:00
Mark Shannon
7213b72b9b Python: Allow points-to extensions to specify just the object, and infer the class. Allows points-to extensions to more easily compatible across versions. 2019-03-15 11:09:46 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Mark Shannon
ab23a157ef Python: Move taint-tracking library to new location and extend configuration to match API of other languages. 2019-03-14 10:22:57 +00:00
Mark Shannon
e9a45268a8 Python: Don't report Python 2 print statements as having no effect. 2019-03-13 10:08:07 +00:00
Mark Shannon
ccd18b6c67 Python: Update python-2 specific tests for new parser/tokenizer. 2019-03-12 17:53:50 +00:00
Mark Shannon
28c20a3216 Python: Fix false positive for redundant comparison query when a complex comparison is negated. 2019-03-12 15:07:49 +00:00
Mark Shannon
7b8ca30c12 Python: Make behaviour of taint-tracking sanitizers and extensions less surprising for the unlikely case of mutliple configurations. 2019-03-12 12:40:02 +00:00
Tom Hvitved
c5450128be Merge branch 'rc/1.20' into merge-rc 2019-03-12 09:14:38 +01:00
Mark Shannon
94e4bd8b01 Merge pull request #1063 from taus-semmle/python-fix-compilation-warnings 
Python: Fix compilation warnings.
 2019-03-08 13:54:31 +00:00
Taus Brock-Nannestad
a74a2060f5 Remove use of deprecated function theEmptyTupleObject. 2019-03-08 14:00:16 +01:00
Taus Brock-Nannestad
116e262c62 Add missing override annotations. 2019-03-08 13:59:52 +01:00
Taus
984fb3a010 Merge pull request #1043 from markshannon/python-fix-stack-trace-exposure 
Python: fix stack trace exposure query.
 2019-03-08 11:40:27 +01:00
Mark Shannon
ef1c08e351 Python: Fix up OsGuard class. 2019-03-07 14:21:03 +00:00
Mark Shannon
7aef32e63f Python: Add basic taint-tracking configuration. Should help avoid cross-talk between flows and brings the interface closer to that of the other languages. 2019-03-06 15:48:03 +00:00
Mark Shannon
38a5fb715a Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query. 2019-03-05 16:52:28 +00:00
Mark Shannon
32dabcee1e Python: Ignore dead objects from library trap files. 2019-03-05 15:27:45 +00:00