hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,841 Commits 1,671 Branches 157 Tags
merge-rc/1.24
Commit Graph

1280 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
b990fac97b Python: Fix test failures. 
How could the tests fail because of autoformatting, you may ask?

The answer is deprecation warnings. These specify the location of the deprecated
entity, and due to autoformatting these moved around.
 2020-03-30 13:55:38 +02:00
Taus Brock-Nannestad
2229e34466 Python: Fix outdated link in ImportFailure.qhelp. 2020-03-30 13:14:37 +02:00
Taus Brock-Nannestad
ab4cef53c2 Python: Autoformat one final straggler. 2020-03-30 12:36:43 +02:00
Taus Brock-Nannestad
727cde31c9 Python: Autoformat a few final stragglers. 2020-03-30 12:30:14 +02:00
Taus Brock-Nannestad
6eb9c6f84d Merge branch 'master' into python-autoformat-almost-everything 2020-03-30 12:24:01 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Rasmus Wriedt Larsen
dc9dbf3682 Python: Autoformat 2020-03-25 11:56:18 +01:00
Rasmus Wriedt Larsen
12c6997e7b Python: Reduce result set in custom taint sanitizer 2020-03-25 11:55:29 +01:00
semmle-qlci
a413a3254b Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable 
Approved by tausbn
 2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Rasmus Wriedt Larsen
05ecfc83f7 Python: Add test-case with swapped decorator order 2020-03-24 14:18:46 +01:00
Taus
fe00d1cbf4 Merge pull request #2888 from RasmusWL/python-tarslip-sanitizer 
Python: Improve tarslip sanitizer
 2020-03-24 12:59:20 +01:00
Rasmus Wriedt Larsen
3ed48aae4c Python: remove leftover arg in test code 2020-03-24 11:49:08 +01:00
Rasmus Wriedt Larsen
5ec0716cb0 Python: Add points-to regression when using @classmethod decorators 
Specifically a problem when using a second decorator
 2020-03-24 11:39:08 +01:00
Rasmus Wriedt Larsen
4b8020b98d Python: Autoformat Command.qll 2020-03-24 10:11:57 +01:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink 
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
 2020-03-23 17:04:08 +01:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not 
It was a bit confusing what was meant before
 2020-03-23 12:00:59 +01:00
semmle-qlci
2c7af72f14 Merge pull request #2858 from RasmusWL/python-support-django2 
Approved by tausbn
 2020-03-23 09:35:46 +00:00
Taus Brock-Nannestad
a3bd46d4fe Python: Autoformat remaining .qll. 2020-03-20 16:43:10 +01:00
Taus Brock-Nannestad
6904898a8b Python: Autoformat query-local libs. 2020-03-20 16:42:46 +01:00
Taus Brock-Nannestad
9044ff6959 Python: Autoformat rest of semmle/python. 2020-03-20 16:42:22 +01:00
Taus Brock-Nannestad
810e91ea00 Python: Autoformat semmle/python top-level. 2020-03-20 16:41:45 +01:00
Taus Brock-Nannestad
f406a45ce0 Python: Autoformat web. 2020-03-20 16:38:27 +01:00
Taus Brock-Nannestad
5b121b7723 Python: Autoformat values. 2020-03-20 16:37:06 +01:00
Taus Brock-Nannestad
51f1cf020c Python: Autoformat security. 2020-03-20 16:36:48 +01:00
Taus Brock-Nannestad
4852bb7355 Python: Autoformat pointsto. 2020-03-20 16:36:25 +01:00
Taus Brock-Nannestad
d8b942f922 Python: Autoformat objects. 2020-03-20 16:36:07 +01:00
Taus Brock-Nannestad
165dcd37a1 Python: Autoformat library-tests. 2020-03-20 16:35:37 +01:00
semmle-qlci
2821b01017 Merge pull request #2915 from tausbn/python-add-points-to-for-missing-builtin-return-types 
Approved by RasmusWL
 2020-03-19 11:02:46 +00:00
Rasmus Wriedt Larsen
f4e5079dd3 Merge pull request #2991 from BekaValentine/python-objectapi-to-valueapi-unguardednextingenerator 
Python: ObjectAPI to ValueAPI: UnguardedNextInGenerator
 2020-03-19 10:33:32 +01:00
Rebecca Valentine
06f0947318 Update python/ql/src/Exceptions/UnguardedNextInGenerator.ql 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:16:00 -07:00
Rebecca Valentine
9560c804b8 Update python/ql/test/query-tests/Exceptions/generators/test.py 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:15:49 -07:00
Rasmus Wriedt Larsen
9a0b2b1843 Merge pull request #2989 from BekaValentine/python-objectapi-to-valueapi-incorrectexceptorder 
Python: ObjectAPI to ValueAPI: IncorrectExceptOrder
 2020-03-18 18:03:25 +01:00
Taus
ae1268f241 Merge branch 'master' into python-add-points-to-for-missing-builtin-return-types 2020-03-18 17:59:17 +01:00
Rasmus Wriedt Larsen
290e33a912 Merge pull request #2922 from tausbn/python-fix-multi-assign-points-to 
Python: Fix bug in `multi_assignment_points_to`.
 2020-03-18 17:50:37 +01:00
Rasmus Wriedt Larsen
b0303158a5 Merge pull request #3088 from tausbn/python-prepare-autoformatting 
Python: Prepare for autoformatting.
 2020-03-18 17:48:46 +01:00
Taus Brock-Nannestad
57af7b84aa Python: Prepare for autoformatting. 
Mostly fixes up a bunch of comments that were made wonky by the autoformatter.
 2020-03-18 13:59:38 +01:00
Rebecca Valentine
f351916418 Merge branch 'master' into testmerge 2020-03-17 12:32:45 -07:00
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Rebecca Valentine
ff6e0ce35c Python: UnguardedNextInGenerator.ql: Excludes next with default value 2020-03-16 17:08:06 -07:00
Rebecca Valentine
68c455cd97 Python: IncorrectExceptOrder.ql: Autoformats w/ new QL indentation 2020-03-16 16:52:48 -07:00
Rebecca Valentine
c7a2925620 Python: Exceptions.qll: Clean up handleObject again 2020-03-16 14:52:51 -07:00
Rebecca Valentine
34ab4efeda Python: ObjectAPI.qll: getOrigin now returns a CFG 2020-03-16 14:52:23 -07:00