hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,637 Commits 1,671 Branches 157 Tags
dbartol/rc/merge
Commit Graph

4097 Commits

Author SHA1 Message Date
Tom Hvitved
296d10fe2a Data flow: Adjust callMayFlowThroughFwd pragmas 2021-09-10 09:21:24 +02:00
Rasmus Lerchedahl Petersen
baca9edbb1 Merge branch 'main' of github.com:github/codeql into python-add-parameter-default-value-flow-step 2021-09-08 14:48:13 +02:00
Anders Schack-Mulligen
1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Rasmus Lerchedahl Petersen
4a5f70e6c8 Python: Reclassify defaultValueFlowStep 
as a `jumpStep`.
 2021-09-08 10:05:31 +02:00
jorgectf
4e261c61ae Optimize concatAndCompareAgainstFullHostRegex 2021-09-07 19:05:03 +02:00
jorgectf
800801177d Fix taint tracking comment 2021-09-07 19:02:32 +02:00
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587 Add start_tls_s() comment and use DataFlow::MethodCallNode instead 2021-09-07 19:00:14 +02:00
Jorge
1bc16fb31e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-07 18:37:33 +02:00
yoff
43effd2b40 Update python/ql/src/semmle/python/functions/ModificationOfParameterWithDefault.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-07 15:08:50 +02:00
Taus Brock-Nannestad
bea8a457a2 Merge branch 'main' into python-make-annotated-assignment-a-definitionnode 2021-09-07 15:01:01 +02:00
Taus Brock-Nannestad
1ab86892a0 Merge branch 'main' into python-deprecate-importnode 2021-09-07 14:59:12 +02:00
Taus Brock-Nannestad
79c3ccd56e Python: Remove import-helper tests 
As discussed, these are all present in the `ApiGraphs` directory
already (except for the dataflow consistency test, which has been
moved there instead).
 2021-09-07 14:50:05 +02:00
Taus Brock-Nannestad
5ac32f145f Merge branch 'main' into python-fix-exceptstmt-gettype 2021-09-07 14:21:13 +02:00
Taus
51c0ceea38 Python: Update test_import_star.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-07 14:15:48 +02:00
Taus Brock-Nannestad
5f5285955b Merge branch 'main' into python-api-graphs-import-star 2021-09-07 14:13:56 +02:00
Taus
b99c075282 Merge pull request #6460 from yoff/python-regex-parsing-consistency-checks 
Python: Add regex parsing consistency checks
 2021-09-07 13:33:59 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
7ec1fa2ebe Dataflow: Sync. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
3c3d71d4a0 Dataflow: Sync 2021-09-07 12:51:42 +02:00
Rasmus Lerchedahl Petersen
fcd346c2af Python: Add flow from default values 
to their parameters.
This creates data-flow inconsistencies,
probably because the default values have incorrect enclosing callables
 2021-09-07 11:33:09 +02:00
Rasmus Lerchedahl Petersen
e8644f6f2a Python: coment out discriminating test 
The test case has different behaviour between py2/3.
When merging this, we should create an issue to resolve it.
 2021-09-07 10:30:38 +02:00
Rasmus Lerchedahl Petersen
b48caaf465 Python: fix reference to PrintNode.qll 2021-09-07 10:19:42 +02:00
Rasmus Lerchedahl Petersen
8729701b66 Merge branch 'main' of github.com:github/codeql into python/port-modification-of-default-value 
Files have moved around, specifically PrintNode.qll.
 2021-09-07 10:13:51 +02:00
Rasmus Lerchedahl Petersen
29cb067769 Python: Remember to update test expectations 2021-09-07 10:13:17 +02:00
Rasmus Lerchedahl Petersen
ae8408bcab Python: Add missing qldoc 2021-09-07 10:09:02 +02:00
Rasmus Lerchedahl Petersen
4998a48f99 Python: Fix simple guards 2021-09-06 22:40:30 +02:00
yoff
138a7ae67f Merge pull request #6349 from RasmusWL/more-modeling 
Python: Improve various library modeling
 2021-09-06 17:01:45 +02:00
yoff
c7146ac10c Update python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2021-09-06 16:00:58 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Rasmus Lerchedahl Petersen
913990bc62 Python: Add suggested comments and test case 2021-09-03 14:40:16 +02:00
yoff
c6eb795e76 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-03 14:23:57 +02:00
Rasmus Wriedt Larsen
9f590dbf2d Python: Fix .expected 
After we now model `db.text()` calls from Flask-SQLAlchemy
 2021-09-02 16:04:25 +02:00
Rasmus Wriedt Larsen
414bf12f86 Python: Fix DefaultTextClauseConstruction 2021-09-02 16:03:25 +02:00
Rasmus Wriedt Larsen
88c6d4bb20 Python: Fix .qhelp 2021-09-02 16:02:04 +02:00
Rasmus Wriedt Larsen
065075056b Python: Highlight how await taint-step works 2021-09-02 15:45:59 +02:00
Rasmus Wriedt Larsen
ad102e2746 Python: Minor cleanup to snippets 
As pointed out in review, we don't need this override any more!
 2021-09-02 15:40:32 +02:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Taus
e4fd749a46 Merge pull request #6547 from github/RasmusWL/cwe328-weak-hash 
Python: Add CWE-328 to `py/weak-sensitive-data-hashing`
 2021-09-02 11:42:31 +02:00
Rasmus Wriedt Larsen
d55f18f8e3 Python: Add modeling of Flask-SQLAlchemy 2021-09-02 10:48:24 +02:00
Rasmus Wriedt Larsen
f1744890b1 Python: Add tests for Flask-SQLAlchemy 2021-09-02 10:48:15 +02:00
Rasmus Wriedt Larsen
c34d6d1162 Python: Add query to handle SQLAlchemy TextClause Injection 
instead of doing this via taint-steps. See description in code/tests.
 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
81dbe36e99 Python: Promote SQLAlchemy modeling 
Due to the split between `src/` and `lib/`, I was not really able to do
the next step without having moved the SQLAlchemy modeling over to be in
`lib/` as well.
 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
ba99e21875 Python: Remove modeling of sqlescapy PyPI package 
I've never seen this being used in real code, and this library doesn't
have a lot of traction, so I would rather not commit to supporting it
(which includes verifying that it actually makes things safe).

Personally I don't think this is the right approach for avoiding SQL
injection either.
 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
91442e100c Python: Model sessionmaker().begin() 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
feb2303e1f Python: Model the underlying DB-API connection 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
1ab04a7276 Python: Model Connection.execution_options 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
2acf518037 Python: Model exec_driver_sql 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
fe143c7dfa Python: Rewrite most of SQLAlchemy modeling 2021-09-02 10:19:57 +02:00