hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,672 Branches 157 Tags
cs/assembly-prefix
Commit Graph

750 Commits

Author SHA1 Message Date
Taus
aa7a997c7a Merge pull request #2248 from RasmusWL/python-sensitive-data-fewer-fp 
Python: Limit what functions we treat as returning sensitive data
 2019-11-04 15:09:52 +01:00
Rasmus Wriedt Larsen
ca22ec6104 Merge pull request #2042 from tausbn/python-fix-unused-import-fps 
Python: Fix false positives in `py/unused-import`.
 2019-11-04 14:47:30 +01:00
Rasmus Wriedt Larsen
b075103198 Merge pull request #2163 from tausbn/python-undefined-export-fp 
Python: Modernise and fix FP in `py/undefined-export`
 2019-11-04 13:10:48 +01:00
Rasmus Wriedt Larsen
6593477d0b Python: Limit what functions we treat as returning sensitive data 
Before this change, any function that has a parameter that was called
password/credentials would be treated as returning sensitive data of that
kind. `py/clear-text-logging-sensitive-data` would alert if one of these are
logged, which has a LOT of false-positives.
 2019-11-04 11:32:21 +01:00
Taus Brock-Nannestad
d2f985038c Python: Fix missing modernisation. 2019-11-04 10:48:42 +01:00
Luke Cartey
d9d4aa30a9 Merge pull request #2214 from hmakholm/pr/upgrade-packs 
Make each upgrade directory a QL pack
 2019-10-29 16:45:02 +00:00
Taus Brock-Nannestad
5e62da7690 Python: Do not report unreachable "catch-all" cases in elif-chains. 
This was brought up on the LGTM.com forums here:
https://discuss.lgtm.com/t/warn-when-always-failing-assert-is-reachable-rather-than-unreachable/2436

Essentially, in a complex chain of `elif` statements, like

```python
if x < 0:
    ...
elif x >= 0:
    ...
else:
    ...
```

the `else` clause is redundant, since the preceding conditions completely
exhaust the possible values for `x` (assuming `x` is an integer). Rather than
promoting the final `elif` clause to an `else` clause, it is common to instead
raise an explicit exception in the `else` clause. During execution, this
exception will never actually be raised, but its presence indicates that the
preceding conditions are intended to cover all possible cases.

I think it's a fair point. This is a clear instance where the alert, even if it
is technically correct, is not useful for the end user.

Also, I decided to make the exclusion fairly restrictive: it only applies if
the unreachable statement is an `assert False, ...` or `raise ...`, and only
if said statement is the first in the `else` block. Any other statements will
still be reported.
 2019-10-29 15:30:32 +01:00
Taus
6e6dab9ab8 Merge pull request #2178 from RasmusWL/python-minor-qldoc-fix 
Python: Fix qldoc for TaintTracking Configuration
 2019-10-29 10:40:12 +01:00
Henning Makholm
ae554cf1e9 Make each upgrade directory a QL pack 2019-10-28 17:14:31 +01:00
Taus
04e3683035 Merge pull request #2194 from RasmusWL/python-improve-getbasetype-qldoc 
Python: Improve qldoc for ClassValue::getABaseType
 2019-10-28 17:07:19 +01:00
Rasmus Wriedt Larsen
f1004b10ba Merge pull request #2147 from tausbn/python-cyclic-import-package-fp 
Python: Fix cyclic import FP relating to packages.
 2019-10-25 11:57:55 +02:00
Rasmus Wriedt Larsen
c50d366527 Python: Improve qldoc for ClassValue::getABaseType 
Hopefully it is more clear that you can get multiple results from getABaseType
because of multiple inheritance, and not because we are following the chain of
inheritance
 2019-10-24 17:10:42 +02:00
Rasmus Wriedt Larsen
8767d29d21 Python: Use src for naming in TaintTrackign::Configuration 
We picked `src` since this is used much more than `source` in our existing code.
 2019-10-23 15:56:37 +02:00
Taus
30483db621 Merge pull request #2146 from RasmusWL/python-improve-iter-returns-non-iterator 
Python: improve py/iter-returns-non-iterator
 2019-10-23 11:53:00 +02:00
Rasmus Wriedt Larsen
5c5eaacc09 Python: Remove cached annotation in py/iter-returns-non-iterator 2019-10-23 10:46:07 +02:00
Rasmus Wriedt Larsen
a98466392d Python: Improve tests and docs for py/iter-returns-non-iterator 2019-10-23 10:46:07 +02:00
Henning Makholm
347d97c14c qlpack.json is now qlpack.yml 2019-10-22 17:36:35 +02:00
Pavel Avgustinov
72de1b25ab Merge pull request #2164 from hmakholm/suites 
Add some new-style suite definitions
 2019-10-22 16:35:19 +01:00
Taus
a19569ce3e Merge pull request #2161 from RasmusWL/python-fix-cookieset-tostring 
Python: Fix toString for CookieSet classes
 2019-10-22 16:48:31 +02:00
Henning Makholm
fd768a1af6 Add some new-style suite definitions 2019-10-22 15:51:00 +02:00
Taus Brock-Nannestad
32de65c0c6 Python: Add discussed test case (a false negative). 2019-10-22 15:10:40 +02:00
Taus Brock-Nannestad
83bf54c524 Python: Move false positive (now a true negative) into subfolder. 2019-10-22 15:08:29 +02:00
Rasmus Wriedt Larsen
e487fd3648 Python: Improve alert message for py/iter-returns-non-iterator 
Fixes https://github.com/Semmle/ql/issues/1427
 2019-10-22 10:27:55 +02:00
Rasmus Wriedt Larsen
6056b457e9 Python: Autoformat py/iter-returns-non-iterator 2019-10-22 10:25:01 +02:00
Taus Brock-Nannestad
ab2c8f312c Python: Apply autoformat. 2019-10-21 17:40:36 +02:00
Taus Brock-Nannestad
4fe1ba0ea4 Python: Refactor py/undefined-export for more clarity. 2019-10-21 17:40:36 +02:00
Taus Brock-Nannestad
8a1d1e7b7a Python: Modernise and false positive in py/undefined-export. 2019-10-21 16:07:48 +02:00
Rasmus Wriedt Larsen
016c95a69c Merge pull request #2078 from taus-semmle/python-unreachable-suppressed 
Python: Teach `py/unreachable-statement` about `contextlib.suppress`.
 2019-10-21 15:14:39 +02:00
Taus Brock-Nannestad
b2f7b0921b Python: Add false negative test case. 2019-10-21 14:31:05 +02:00
Taus Brock-Nannestad
99b99ef2b6 Python: Teach py/unreachable-statement about contextlib.suppress. 2019-10-21 14:31:05 +02:00
Rasmus Wriedt Larsen
9cf0e244b1 Python: Fix toString for CookieSet classes 
The old implementation would result in empty recursion.
 2019-10-21 11:26:10 +02:00
Taus
45158a7177 Merge pull request #2053 from RasmusWL/python-modernise-falcon-library 
Python modernise falcon library
 2019-10-18 14:47:33 +02:00
Taus Brock-Nannestad
70d9d1bd0e Python: Add false positive test case for cyclic import. 2019-10-18 14:03:23 +02:00
Taus
37291c5642 Merge pull request #2100 from RasmusWL/python-fix-hasFlowPath 
Python: Fix hasFlowPath default implementation of isSink/2
 2019-10-18 11:16:58 +02:00
Taus Brock-Nannestad
067bdf5ec4 Python: Disregard packages when looking for cyclic imports. 2019-10-17 12:47:34 +02:00
Rasmus Wriedt Larsen
d3f3cefa54 Python: Autoformat (4 spaces) falcon library 2019-10-15 11:23:51 +02:00
Rasmus Wriedt Larsen
7a112f37cb Python: Modernise falcon library 2019-10-15 11:22:46 +02:00
Henning Makholm
29167bbff8 Add qlpack.json files 
Eventually these files will subsume the current `queries.xml` files
at the top of query-containing and library directories. For now they're
just here to support internal testing of the tooling support for them
we're writing on.

Format and contents is a work in progress. If you're not in Semmle,
don't depend on anything here making sense (or staying stable) until
you see the version tags increase to something nonzero.
 2019-10-12 17:38:01 +02:00
Rasmus Wriedt Larsen
bf197b9f20 Add testcase 2019-10-10 15:34:54 +02:00
Rasmus Wriedt Larsen
36bb5f54ce Python: Fix hasFlowPath default implementation of isSink/2 
If hasFlowPath was used, and isSink/2 was not overridden,
hasFlowPath(src, sink) would not use isSink/1 to restrict the allowed TaintSink.
This resulted in false-positives when we had flows with unrelated TaintSinks.

FP: 1a8e7ffc2e/files/webapp/graphite/dashboard/views.py (x2d486922081db956):1

Fixes https://github.com/Semmle/ql/issues/2081
 2019-10-10 15:34:54 +02:00
semmle-qlci
ff5a98b260 Merge pull request #2074 from taus-semmle/python-unreachable-nonlocal 
Approved by RasmusWL
 2019-10-07 15:45:24 +01:00
semmle-qlci
e36e16af48 Merge pull request #2079 from taus-semmle/python-unused-local-nonlocal 
Approved by RasmusWL
 2019-10-07 15:38:21 +01:00
Rasmus Wriedt Larsen
3f45d8614b Merge pull request #2047 from taus-semmle/python-modernise-and-fix-cyclic-import-fp 
Python: modernise and fix cyclic import false positive.
 2019-10-07 14:28:36 +02:00
Taus Brock-Nannestad
26da6a1178 Python: Apply autoformat. 2019-10-03 17:58:52 +02:00
Taus Brock-Nannestad
5946a4a066 Python: Teach py/unused-local-variable about nonlocal. 2019-10-03 17:56:29 +02:00
AlexTereshenkov
3e6f8fb6be Add bind-socket-all-network-interfaces Python query (#2048) 
Add bind-socket-all-network-interfaces Python query
 2019-10-03 11:23:11 +01:00
Taus Brock-Nannestad
384013e0dc Python: Add tests for reachability when using nonlocal. 2019-10-02 17:13:00 +02:00
Taus
fb20cab4c8 Merge pull request #2012 from RasmusWL/python-modernise-cls-self-checks 
Python: modernise cls self argument name checks
 2019-09-30 15:50:32 +02:00
Taus
9a8b62250f Merge pull request #2043 from RasmusWL/python-modernise-django 
Python: modernise django library
 2019-09-30 11:57:09 +02:00
Taus
04f14f1fe7 Merge pull request #2040 from RasmusWL/python-modernise-cherrypy 
Python: Modernise cherrypy library
 2019-09-30 11:53:59 +02:00