hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

9261 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
977767b0d6 Python: comment around dictionary comprehensions 2024-10-04 14:14:30 +02:00
Rasmus Lerchedahl Petersen
201c4aad13 Python: add comment 2024-10-04 14:09:33 +02:00
yoff
c064a9e092 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-04 14:01:18 +02:00
Tom Hvitved
b3b9406e45 Python: Update test 2024-10-04 08:35:32 +02:00
Rasmus Lerchedahl Petersen
777279dc29 Python: MaD test expectations 2024-10-03 13:29:56 +02:00
Rasmus Lerchedahl Petersen
768d866e72 python: model urllib.parse.parse_qs 2024-10-03 12:20:40 +02:00
Rasmus Lerchedahl Petersen
0462809edc Python: add taint test for urllib 2024-10-03 12:20:38 +02:00
Rasmus Lerchedahl Petersen
5c68bad2f1 Python: add comments 2024-10-03 12:17:59 +02:00
yoff
56d0affe38 Update python/ql/lib/semmle/python/frameworks/Stdlib.model.yml 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-03 10:18:25 +02:00
Rasmus Lerchedahl Petersen
6d486f9931 Python: move change note to the right place 2024-10-03 10:15:55 +02:00
Rasmus Lerchedahl Petersen
9e808c17af Python: add change note 2024-10-03 10:09:59 +02:00
Rasmus Lerchedahl Petersen
0dc036abd1 Python: Allow type tracking through comprehensions 
- the subscript operator is extended to comprehensions
- the capture jump-step is extended to work for the functions generated inside comprehensions
 2024-10-03 09:31:02 +02:00
Rasmus Lerchedahl Petersen
315890680c Python: dict only has one positional argument 2024-10-01 16:48:43 +02:00
Rasmus Lerchedahl Petersen
38b1eb7c71 Python: just use ListElementContent for iterables 2024-10-01 16:24:15 +02:00
Rasmus Lerchedahl Petersen
f39dc41903 Python: use imprecise content in cp 
We had accidentally used precise content leadingto blowup
 2024-10-01 13:53:25 +02:00
Rasmus Lerchedahl Petersen
05910de8d1 Python: MaD expectations 2024-10-01 13:21:22 +02:00
Rasmus Lerchedahl Petersen
cef8744a37 Python: consolidate models in one file 2024-10-01 12:56:21 +02:00
yoff
7816f34d75 Merge branch 'main' into stdlib-optparse 2024-10-01 12:48:09 +02:00
Rasmus Lerchedahl Petersen
64890a1a6b Python: valid change note 2024-10-01 12:37:45 +02:00
yoff
2b6aab108d Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll 
Co-authored-by: Taus <tausbn@github.com>
 2024-10-01 12:36:20 +02:00
yoff
2eac11edd6 Update python/ql/lib/change-notes/2024-09-24-std-lib-models.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-01 11:47:42 +02:00
yoff
62509a10c2 Update python/ql/test/library-tests/dataflow/coverage/test_builtins.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-01 11:39:12 +02:00
Rasmus Lerchedahl Petersen
e0a3c8a1c4 Python: add change note 2024-10-01 10:12:39 +02:00
Rasmus Lerchedahl Petersen
bd68986fa4 Python: add test showing dict can take multiple arguments 2024-10-01 10:01:22 +02:00
Rasmus Lerchedahl Petersen
9357762e06 Python: remove superflous code 
This is handled by parameter-argument matching
 2024-10-01 00:03:04 +02:00
github-actions[bot]
e97878ed63 Post-release preparation for codeql-cli-2.19.1 2024-09-30 19:49:00 +00:00
github-actions[bot]
455c8c5953 Release preparation for version 2.19.1 2024-09-30 17:59:48 +00:00
Rasmus Lerchedahl Petersen
dacc0ab8fe Python: docs and a simplification 2024-09-30 16:06:30 +02:00
Rasmus Lerchedahl Petersen
438e664116 Python: add missing qldoc 
More doc is needed, but this should turn the tests green
 2024-09-30 15:43:19 +02:00
Rasmus Lerchedahl Petersen
a22ea6c1c8 Python: use known sanitiser 
- also adjust test expectations in experimental
 2024-09-30 14:22:17 +02:00
Rasmus Lerchedahl Petersen
7392d186bc Python: use yield step also for taint 
Using the comprehension store step meant that all comprehensions would receive taint.
This because comprehension flow now goes via a callable, meaning they share the return node.
 2024-09-30 13:49:01 +02:00
Rasmus Lerchedahl Petersen
fb07a56de6 Python: adjust test expectations 2024-09-30 13:26:59 +02:00
Rasmus Lerchedahl Petersen
ded39749a7 Python: allow comp arg as argumentnode 2024-09-30 13:02:20 +02:00
Rasmus Lerchedahl Petersen
f9f46f0f98 Python: update test expectations 
We now have a new callable, yielding new enclosing callables
 2024-09-30 12:00:38 +02:00
Rasmus Lerchedahl Petersen
3ef05a628f Python: add location to node 2024-09-30 11:56:36 +02:00
Rasmus Lerchedahl Petersen
310819d392 Python: fix dataflow inconsistencies 
- adjust scope of argument, the argument is outside the called function
- add missing post-update nodes for the new arguments
 2024-09-30 10:31:36 +02:00
Rasmus Lerchedahl Petersen
d4ea62edec Python: flow through yield 
- add yield as a dataflow return
- replace comprehension store step
   with a store step to the yield
 2024-09-30 09:01:29 +02:00
Rasmus Lerchedahl Petersen
72530a8312 Python: use synthetic node for comprehension capture argument 
We used to use the CfgNode for the comprehension itself.
In cases where that is also an argument, say
```python
",".join([x for x in l])
```
that would be an argument to two different calls causing a dataflow consistency violation.
 2024-09-27 12:15:03 +02:00
Rasmus Lerchedahl Petersen
294092b671 Python: use comprehension function argument 
For a comprehension `[x for x in l]
- `l` is now a legal argument (in DataFlowPublic)
- `l` is the argument of the comprehension function (in DataFlowDispatch)
- the parameter of the comprehension function is being read rather than `l` (in IterableUnpacking)
Thus the read that used to cross callable boundaries is now split into a arg-param edge and a read from that param.
 2024-09-27 09:44:39 +02:00
Rasmus Wriedt Larsen
431a1af628 Merge branch 'main' into threat-models 2024-09-26 11:44:24 +02:00
Rasmus Lerchedahl Petersen
fc2dc28f87 python: capture flow through comprehensions 
- add comprehension functions as `DataFlowCallable`s
- add comprehension call as `DataFlowCall`
- create capture argument node for comprehension calls
 2024-09-25 10:02:31 +02:00
Rasmus Lerchedahl Petersen
112e7c95fa Python: all dict constructor args are relevant 2024-09-24 20:58:59 +02:00
yoff
e7f9b5bbbc Merge branch 'main' into stdlib-optparse 2024-09-24 20:24:00 +02:00
Rasmus Lerchedahl Petersen
f95926e1a8 Python: add change note 2024-09-24 20:23:39 +02:00
Taus
8c015b0784 Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette 
Python: Add Support for CORS Middlewares
 2024-09-24 15:51:49 +02:00
Kevin Stubbings
01aa63e170 Add tests 2024-09-23 16:47:10 -07:00
Kevin Stubbings
02a664319a formatting 2024-09-23 15:10:25 -07:00
Kevin Stubbings
e6b775422d Remove redundant imports 2024-09-23 15:08:24 -07:00
Kevin Stubbings
b1c0e28aff Extra test 2024-09-23 15:00:23 -07:00
Kevin Stubbings
05765c4284 Formatting 2024-09-23 14:51:50 -07:00