hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

4508 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
7a6eee50ff Revert "Python: Add getPostUpdateNode to DataFlow::Node" 
This reverts commit 9137f04bd3.
 2021-07-02 13:23:02 +02:00
Rasmus Wriedt Larsen
e56dfe75bd Python: AttrRef getOjbect/1 -> accesses/2 
See this thread for discussion:
https://github.com/github/codeql/pull/5926#discussion_r635384981
 2021-07-02 13:21:12 +02:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Rasmus Lerchedahl Petersen
1fc9638486 Python: port redos .qhelp from js 2021-07-02 11:36:46 +02:00
Taus
a9c1d3ba86 Python: Clean up LocalSourceNode charpred 
This results in the same set of nodes, but is a bit more clear about
the reasons why. For instance, `ModuleVariableNode`s are included
directly, and not in a roundabout way by virtue of not having flow to
them. This should hopefully be a bit more robust as well.
 2021-07-01 19:12:18 +00:00
Taus
f151338def Merge pull request #6198 from RasmusWL/fix-cleartext-logging 
Python: Some minor fixes to `py/clear-text-logging-sensitive-data`
 2021-07-01 18:28:25 +02:00
jorgectf
3d2b6f7a2d Delete outdated comment 2021-07-01 17:54:46 +02:00
jorgectf
7fb44470ee Add .expected results 2021-07-01 17:53:04 +02:00
jorgectf
a1f48db60b Make verifiesSignature() a predicate 2021-07-01 17:51:56 +02:00
jorgectf
4079e5352e Add JWT framework to Frameworks.qll 2021-07-01 17:51:34 +02:00
jorgectf
07422a1dce Move tests under test/ 2021-07-01 17:51:00 +02:00
Taus
336c0662ef Python: Remove pointless LocalSourceNodes 
This gets rid of a large number of nodes that seemingly have no impact.
 2021-07-01 15:02:31 +00:00
Rasmus Lerchedahl Petersen
eee56e0156 Python/JS: Make most of the new library private 2021-07-01 15:34:06 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
Rasmus Wriedt Larsen
b0309dd321 Python: Limit SensitiveDataSources to prevent _some_ cross-talk 2021-07-01 12:08:12 +02:00
Rasmus Wriedt Larsen
f64e58a21c Python: Fix a QLDoc for SensitiveDataSources 2021-07-01 12:05:59 +02:00
Rasmus Wriedt Larsen
d7e3ebb15c Python: Add tests showing sensitive data cross-talk 2021-07-01 12:05:51 +02:00
Rasmus Wriedt Larsen
d9e2f504f8 Python: Fix clear text logging sink 
No need to restrict it to arguments that are calls
 2021-06-30 20:31:17 +02:00
Taus
e4af14638b Merge pull request #6175 from yoff/python-port-ReDoS 
Python: port ReDoS queries from Javascript
 2021-06-30 16:26:07 +02:00
yoff
6a77b890af Merge pull request #6155 from RasmusWL/port-cleartext-queries 
Python: Port cleartext queries
 2021-06-30 15:52:34 +02:00
Rasmus Lerchedahl Petersen
a176e6ac30 Python: comment out temporarily unused predicate 2021-06-30 15:28:31 +02:00
Rasmus Lerchedahl Petersen
45e30b0c06 Python: comment out temporarily unused predicate 2021-06-30 15:04:37 +02:00
Rasmus Lerchedahl Petersen
c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen
651f8abba0 Python: Avoid multiple results for toString 2021-06-30 14:39:49 +02:00
Rasmus Wriedt Larsen
c2708176b1 Python: Support %-style formatting for MarkupSafe 2021-06-30 14:15:41 +02:00
Rasmus Wriedt Larsen
0a4efd0e86 Python: Add %-style formatting tests for MarkupSafe 2021-06-30 14:13:59 +02:00
Rasmus Wriedt Larsen
c84658dff1 Python: Use MethodCallNode for MarkupSafe string-format 2021-06-30 13:58:09 +02:00
Rasmus Wriedt Larsen
d6e8fafdbd Python: Proper sorting in Frameworks.qll 2021-06-30 13:55:26 +02:00
Rasmus Wriedt Larsen
075953860b Merge branch 'main' into markupsafe-modeling 2021-06-30 13:55:08 +02:00
Rasmus Lerchedahl Petersen
72986e1e28 Python: Add some comments on the booelan sweep 
pattern
 2021-06-30 12:50:36 +02:00
Rasmus Lerchedahl Petersen
52d91917aa Merge branch 'python-port-ReDoS' of github.com:yoff/codeql into python-port-ReDoS 2021-06-30 12:25:59 +02:00
Rasmus Lerchedahl Petersen
09e71cfdfd Python: update test expectations 2021-06-30 12:25:29 +02:00
Rasmus Lerchedahl Petersen
6dfbf80494 Python: Disable use of toUnicode 
until supporting CLI is released
 2021-06-30 12:21:52 +02:00
Rasmus Wriedt Larsen
e5d65992b4 Python: Use DefinitionNode instead of Assign 
Based on https://github.com/github/codeql/pull/6155#discussion_r660964666:

> Hmm... Would it be better to do this using DefinitionNode instead of
> Assign? The latter is fairly limited in what it can represent, and also
> raises questions of whether this definition is sound with regard to
> control-flow splitting.
 2021-06-30 12:08:32 +02:00
yoff
c19522e921 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-30 11:49:45 +02:00
thank_you
0be2c6b765 Add SQLEscapySanitizerCall class 2021-06-29 19:39:46 -04:00
thank_you
986f2f4302 Add SQLEscape module 2021-06-29 19:39:26 -04:00
jorgectf
e02a63a27a Delete trivial *_good.py tests 2021-06-29 23:03:41 +02:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
jorgectf
621a810b7b Update .expected 2021-06-29 16:53:53 +02:00
jorgectf
9a8d1f8e0f Take back non-trivial tests 2021-06-29 16:53:44 +02:00
jorgectf
0819090fcb Fix qldocs typo 2021-06-29 16:53:32 +02:00
jorgectf
2f9e6454a5 Hardcode ldap2 binding functions 2021-06-29 16:14:55 +02:00
Rasmus Wriedt Larsen
94bcda3bae Python: Highlight problem picking DataFlow::Node for Assign 2021-06-29 15:32:16 +02:00
Rasmus Lerchedahl Petersen
e778a65464 Python: Adjust test expectations 
so we can see the light go green.
But we should perhaps do something about those duplicate results.
 2021-06-29 11:29:42 +02:00
Rasmus Lerchedahl Petersen
fbfe415162 Python: Limit test files 2021-06-29 11:18:24 +02:00
Rasmus Lerchedahl Petersen
6f2cdbf59e Python: Give up on providing values for form feeds 2021-06-29 11:14:27 +02:00
Rasmus Wriedt Larsen
a5a7f3e38a Python: Add taint-step for sqlalchemy.text 2021-06-29 11:06:25 +02:00
Rasmus Lerchedahl Petersen
ffb8938e52 Python: undo autoformat character mangling 2021-06-29 11:06:17 +02:00