hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

3152 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
638fcab12d Python: Allow path from non-sourceNodes 
This is against the philosophy, but we
have still restricted attributes.
We use this PR to test performance.
 2020-12-15 15:35:16 +01:00
Rasmus Wriedt Larsen
8df186167e Python: Reword QLDoc for class modeling with type-tracking 
As discussed in https://github.com/github/codeql/pull/4797#discussion_r542423387
 2020-12-15 15:15:03 +01:00
Rasmus Wriedt Larsen
050e720770 Python: Minor rewrite 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-15 12:02:56 +01:00
Rasmus Wriedt Larsen
272feedb69 Merge branch 'main' into stdlib-http-source-modeling 2020-12-15 11:59:23 +01:00
Rasmus Wriedt Larsen
ed53742f03 Python: Fix additional taint-steps for cgi 
So there isn't flow from *any* instance to *any* access of the methods,
but only from the _actual_ instance where the method is accessed.
 2020-12-15 11:41:00 +01:00
Rasmus Lerchedahl Petersen
e64af59667 Merge branch 'main' of github.com:github/codeql into tausbn-python-add-source-nodes 2020-12-15 11:13:35 +01:00
Rasmus Lerchedahl Petersen
a152833a51 Merge branch 'python-add-source-nodes' of https://github.com/tausbn/codeql into tausbn-python-add-source-nodes 2020-12-15 11:13:02 +01:00
CodeQL CI
0420ac7aac Merge pull request #4820 from RasmusWL/add-pymysql-modeling 
Approved by yoff
 2020-12-14 03:04:24 -08:00
Rasmus Wriedt Larsen
daf418624e Python: Make all PEP249 implementations private 
Since we're still sticking with `private by default` at least for a while longer.
 2020-12-14 10:57:51 +01:00
Rasmus Wriedt Larsen
31d4ea77cb Python: Add modeling of PyMySQL 2020-12-14 10:56:47 +01:00
Rasmus Wriedt Larsen
8d8e92eb09 Python: Model execute on a DB connection 2020-12-14 10:33:10 +01:00
Rasmus Wriedt Larsen
18f7dbe865 Python: Adjust PEP249 QLDocs 2020-12-14 10:26:17 +01:00
yoff
9bec9b46e1 Merge pull request #4801 from RasmusWL/sqlite3-support 
Python: Add sqlite3 support
 2020-12-11 13:30:24 +01:00
Rasmus Wriedt Larsen
36e8ef53eb Python: Model sqlite3 as SQL interface 2020-12-09 11:36:18 +01:00
yoff
3bddb946b7 Merge pull request #4773 from RasmusWL/path-injection-improvements 
Python: Path injection improvements
 2020-12-08 14:05:53 +01:00
Rasmus Wriedt Larsen
ba1ca70858 Python: Add source modeling of stdlib HTTPRequestHandlers 2020-12-08 14:04:15 +01:00
Rasmus Wriedt Larsen
34863721f0 Python: Model cgi.FieldStorage 2020-12-08 14:03:13 +01:00
Rasmus Wriedt Larsen
976559889f Python: Reword qhelp text 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-12-08 11:34:44 +01:00
Rasmus Wriedt Larsen
608ce50399 Python: Expose HTTP verbs in HTTP concept 
Let's discuss whether doing it this way is reasonable, since I'm not 100% sure
whether this fits into "concepts" or not.
 2020-12-04 14:04:56 +01:00
Rasmus Wriedt Larsen
c7ab78f8c2 Python: Add modeling of django class based view handlers 
BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and
Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important
question about how to do MRO without points-to :S
 2020-12-04 14:03:59 +01:00
Rasmus Wriedt Larsen
ffdbecfbb7 Python: Simplify getARouteHandler for Django 2020-12-04 11:29:52 +01:00
Rasmus Wriedt Larsen
e8f63311ac Python: Model abspath and realpath (for Path Injection) 2020-12-03 13:41:54 +01:00
Rasmus Wriedt Larsen
e53ed478ab Python: Highlight os.path.join behavior with absolute paths 2020-12-03 13:41:52 +01:00
CodeQL CI
e266cedc84 Merge pull request #4700 from RasmusWL/python-add-code-injection-FP 
Approved by tausbn
 2020-12-02 16:29:21 +00:00
CodeQL CI
6017f25106 Merge pull request #4740 from RasmusWL/fix-json-modeling 
Approved by tausbn
 2020-12-02 16:29:00 +00:00
Rasmus Wriedt Larsen
a08e1db601 Python: Remove leftover note to self in qhelp file 2020-11-30 17:44:18 +01:00
Rasmus Lerchedahl Petersen
289b9e62f9 Python: Add read step for unpacking assignment 2020-11-30 15:30:14 +01:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Rasmus Wriedt Larsen
94e90aac39 Python: Only one Unit implementation 
Conflict arose since the Unit in DataFlowPrivate was added in a merged PR.

The behavior from this PR will make it match what java does (931322e4c5/java/ql/src/semmle/code/Unit.qll)
 2020-11-30 14:41:47 +01:00
Rasmus Wriedt Larsen
1eac1995a9 Merge branch 'main' into python-untrusted-flow 2020-11-30 14:38:52 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Rasmus Wriedt Larsen
e6319e5d84 Python: Rewrite StringConstCompare to use IterableNode 2020-11-27 13:37:03 +01:00
Rasmus Wriedt Larsen
098f8c4f21 Python: Add IterableNode 
I'm specifically not using an abstract class, since that is an anti-pattern:
https://github.com/github/codeql/pull/4357#discussion_r520526275 (I'm still
trying to wrap my head fully aroudn this)
 2020-11-27 13:36:55 +01:00
Rasmus Wriedt Larsen
33e46e168f Python: Add QLDoc for SetNode 2020-11-27 13:29:16 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Rasmus Wriedt Larsen
cc9a7fe4fe Python: Move BarrierGuards to own file 2020-11-27 12:09:57 +01:00
Rasmus Wriedt Larsen
9e4910f863 Python: Untrusted data used in external APIs 
A port of the one for Java that was added in https://github.com/github/codeql/pull/3938
 2020-11-26 18:19:35 +01:00
Rasmus Wriedt Larsen
7e3dbb0149 Python: Add Unit helper library 
Like Java did in https://github.com/github/codeql/pull/4184
 2020-11-26 18:17:14 +01:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
Rasmus Wriedt Larsen
cafe55f5c7 Merge pull request #4701 from yoff/python-fix-return-node-enclosing-callable 
Python: Use default `getEnclosingCallable` for `RetrunNode`
 2020-11-25 10:36:41 +01:00
Rasmus Lerchedahl Petersen
88643da01f Python: Use default getEnclosingCallable 
for `RetrunNode`
 2020-11-25 08:19:07 +01:00
Rasmus Wriedt Larsen
d88e5bdb3a Python: Model io.open as FileSystemAccess 2020-11-24 18:27:33 +01:00
Rasmus Wriedt Larsen
e39bb56078 Python: Model builtin open function better 2020-11-24 18:27:31 +01:00
Rasmus Wriedt Larsen
caf73e4b9b Python: Wrap all Stdlib modeling consistently 
Some of these predicates had fallen outside the `private module Stdlib`
 2020-11-24 18:27:29 +01:00
CodeQL CI
2277242196 Merge pull request #4692 from yoff/python-psycopg 
Approved by RasmusWL
 2020-11-24 10:59:04 +00:00
Rasmus Wriedt Larsen
f35ffa5632 Python: Add support for x in ["safe", "also_safe"] (and not in) 2020-11-23 10:42:24 +01:00