hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1781 Commits

Author SHA1 Message Date
Taus
e09907894d Merge pull request #2817 from BekaValentine/objectapi-to-valueapi-truncateddivision 
Python: ObjectAPI to ValueAPI: TruncatedDivision
 2020-02-27 12:52:26 +01:00
Rebecca Valentine
fe2bb8fb4b Adds preliminary modernization 2020-02-26 22:01:31 -08:00
Rebecca Valentine
057fed2cb8 Fixes erroneus naming 2020-02-26 21:55:02 -08:00
Rebecca Valentine
84875d70ff Adds preliminary modernization 
This will overlapp with/depend on changes to CallArgs and ObjectAPI that are already in the WrongNamedArgumentInCall PR
 2020-02-26 21:42:52 -08:00
Rebecca Valentine
ba1f3c46b8 Removes obsolete asBuiltin predicate 2020-02-26 08:17:45 -08:00
Taus Brock-Nannestad
5c3109a324 Python: Fix bug in multi_assignment_points_to. 
This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.
 2020-02-26 16:11:43 +01:00
Taus
85f5ad2231 Merge pull request #2904 from RasmusWL/python-http-clients 
Python: Model outgoing HTTP client requests
 2020-02-26 15:49:41 +01:00
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00
Rasmus Wriedt Larsen
5fae3a8d0a Python: Explain complexity of HTTPConnection.request 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
be187bcc0a Python: Make Client::HttpRequest extend ControlFlowNode 
Taus poitned out that the reuqest being send off, doesn't *need* to happen on a
CallNode. Someone *could* use a __setattr__ or property :\
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
e25079acc2 Python: Remove unnecessary cast 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
cd5399d43e Python: Model outgoing http client requests 2020-02-26 10:26:30 +01:00
Rebecca Valentine
e07a003f75 Swaps overridden_call globally 2020-02-25 11:02:18 -08:00
Rebecca Valentine
50c91b99da Swaps correct_args_if_called_as_method globally 2020-02-25 11:01:51 -08:00
Rebecca Valentine
fb0cae76cf Swaps wrong_args globally 2020-02-25 11:00:39 -08:00
Rebecca Valentine
3a764ade8d Swaps too_many_args globally 2020-02-25 10:59:55 -08:00
Rebecca Valentine
3b0be46377 Swaps too_few_args globally 2020-02-25 10:59:16 -08:00
Rebecca Valentine
2c32a859cc Swaps illegally_named_parameter globally 2020-02-25 10:58:08 -08:00
Rebecca Valentine
4857a947ac Swaps get_function_or_initializer globally 2020-02-25 10:51:40 -08:00
Rebecca Valentine
cf4b7e1270 Swaps arg_count globally 2020-02-25 10:50:30 -08:00
Rebecca Valentine
c2a3af7e67 Adds objectapi suffix to private predicates 2020-02-25 10:48:29 -08:00
Rebecca Valentine
930228acc5 Un-autoformats 2020-02-25 09:52:46 -08:00
Rebecca Valentine
3e53e462d6 changes indents to 4 2020-02-25 09:46:21 -08:00
Rebecca Valentine
04951faf86 autoformat 2020-02-25 09:43:51 -08:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00
Rasmus Wriedt Larsen
8f70101572 Python: docs: Use <code> tag consistently in UseofInput.qhelp 2020-02-25 15:40:08 +01:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Rasmus Wriedt Larsen
9d629aef95 Python: Highlight py/use-of-input is for Python 2 2020-02-24 15:13:19 +01:00
Taus
285be2893c Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda 
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
 2020-02-21 22:23:02 +01:00
Taus
e444fb8bfa Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Rasmus Wriedt Larsen
abbc9293db Merge pull request #2891 from tausbn/python-special-operations 
Python: Add AST support for special operations.
 2020-02-21 13:16:22 +01:00
Rebecca Valentine
2b1d9c8d16 Updates last library difference 
I'm not entirely sure if `getLiteralObject` and `getLiteralValue` are equivalent, and there don't see to be library tests for this
 2020-02-20 20:20:56 -08:00
Rebecca Valentine
210387a8be Adds bulk of modernizations 2020-02-20 17:32:42 -08:00
Rebecca Valentine
df7f43ee86 Adds modernization 2020-02-20 17:07:56 -08:00
Rebecca Valentine
376638e9c0 Move query over to Rasmus's API for NumericValue 2020-02-20 16:18:54 -08:00
Rebecca Valentine
ab1fcb32ae autoformats 2020-02-20 16:17:43 -08:00
Rebecca Valentine
5d9d724d43 Removes conflicting NumericValue definition 2020-02-20 16:17:33 -08:00
Rebecca Valentine
28be3b47fc Replaces name-reference to the class with canonical predicate. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
5acd982d59 Swaps ...obj for ...val 2020-02-20 15:41:51 -08:00
Rebecca Valentine
96b8d78650 Adds modernized files. 2020-02-20 15:41:51 -08:00
Taus Brock-Nannestad
913db460b2 Python: Add AST support for special operations. 
These have the form `$name(arg1, arg2, ...)` and currently have no semantics.
They may be useful for testing purposes, however.
 2020-02-20 18:05:37 +01:00
Rasmus Wriedt Larsen
1029f04e76 Python: TarSlip sanitizer: handle not 2020-02-20 16:27:54 +01:00
Rasmus Wriedt Larsen
3c317ed0e6 Python: TarSlip sanitizer: only clear taint on false edge 
maybe it was on purpose, will have to investigate FPs when query is good
 2020-02-20 16:11:24 +01:00
Rasmus Wriedt Larsen
fd270cc02c Python: Add basic taint support for urlsplit/urlparse 2020-02-19 16:31:10 +01:00
Rasmus Wriedt Larsen
4f3149d865 Python: Fix error after merge conflict 2020-02-19 16:27:31 +01:00
Rasmus Wriedt Larsen
e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Rasmus Wriedt Larsen
d7b803a859 Python: Fix modernisation of py/iteration-string-and-sequence 
Introduced a regression, since the old code was:

```
predicate is_a_string_type(ClassObject seqtype) {
    seqtype = theBytesType() and major_version() = 2
    or
    seqtype = theUnicodeType()
}
```

but *now* we're good!
 2020-02-19 14:12:22 +01:00