hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1781 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
82b29b5698 Python: Recognize shebangs in module usage detection 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
3e7e9636ea Python: Add ModuleValue.{isUsedAsModule, isUsedAsScript} 
and a few test cases
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
b4ab0b55be Python: Modernise Statements/RedundantAssignment 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
67e9edb820 Python: Add PropertyValue 
+ Extend PropertyInternal.getSetter to handle non-decorator
+ Add PropertyInternal.getDeleter

It seems like a bit hacky way to do things, since we're not using the
PropertySetterOrDeleter class at all, but for now I'll leave it be.
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
13568b7b9f Python: Modernise Statements/ queries 
Almost. Left out a few things marked with TODO
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
83d40f167b Python: Update py/ineffectual-statement 
e.(StrConst).isDocString() can only hold if e instanceof StrConst, since we have
that condition on the line above, we can safely remove this condition.
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
6e349eb6e7 Python: Make py/side-effect-in-assert handle example 
Also removed parantheses
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
381668871d Python: Autoformat statements 2020-02-19 14:05:55 +01:00
Rebecca Valentine
2fa20eb805 Fixes bug introduced by merge of foresight additions. 2020-02-18 21:37:52 -08:00
Rebecca Valentine
7997e1dc98 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-02-18 21:33:12 -08:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine
9338d21aaf Removes unnecessary explanation 2020-02-18 11:43:43 -08:00
Rebecca Valentine
4059a99da6 Autoformats the query 2020-02-18 11:43:31 -08:00
Rebecca Valentine
d0617ef7bc Autoformat 2020-02-18 09:00:31 -08:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Rasmus Wriedt Larsen
1826abcdda Python: Autoformat django/General.qll 
Should get into the habbit of doing this, but this time it slipped :P
 2020-02-18 11:26:16 +01:00
Rasmus Wriedt Larsen
48c1c598bc Python: Write DjangoRegexRoute in more modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:25:27 +01:00
Rasmus Wriedt Larsen
ed9aa7dced Python: Write DjangoPathRoute in modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:24:24 +01:00
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Rebecca Valentine
4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Rebecca Valentine
c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine
a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine
c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Rasmus Wriedt Larsen
adec76d041 Python: Follow conventions of getASomething 
When multiple results are available, we usually name the function
`getAnArgument` or `getASomething`. The support for django copied the way bottle
did things, so this commits cleans up both
 2020-02-17 16:55:55 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Rebecca Valentine
b665f54a31 Corrects query to use builtin instead of special 2020-02-13 14:48:46 -08:00
Rebecca Valentine
3b45fbc87c Adds rough modernization. 2020-02-13 14:22:00 -08:00
jack1142
e1644dd68b Python: Handle __class_getitem__ in py/not-named-self (#2825) 
Fixes #2824
 2020-02-13 13:38:36 +01:00
Rasmus Wriedt Larsen
1558cf2eae Python: Fix typo (decent => descent) 2020-02-13 13:35:29 +01:00
Rebecca Valentine
65cba82c7e Fixes bug w/ use of pointsTo 2020-02-12 19:45:55 -08:00
Rebecca Valentine
bfb720c7f3 Adds range and tuple types 2020-02-12 19:36:03 -08:00
Rebecca Valentine
3ce250b2cf Adds some debugging changes. 2020-02-12 19:29:42 -08:00
Taus
12113e947f Merge pull request #2603 from RasmusWL/python-fix-http-source-sink 
Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink
 2020-02-12 13:42:22 +01:00
Rebecca Valentine
2270c6c960 Adds modernized files. 2020-02-11 21:45:49 -08:00
Rebecca Valentine
178acc85b9 Adds main modifications. 2020-02-11 21:25:50 -08:00
Rasmus Wriedt Larsen
1f762841ec Python: In py/import-own-module handle from foo import * 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
5cc2efef8e Python: Fix FPs for py/import-own-module 
Before I added `--max-import-depth=2`, there was a bit of trouble, where it
would alert on `from pkg_ok import foo2` -- since all the `pkg_ok.foo<n>`
modules were missing, I guess the analysis didn't make any assumptions on
whether `foo2` is a module or a regular attribute.
 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
d5c6092920 Python: Fix typo (trakcing => tracking) 2020-02-06 11:50:44 +01:00
Rasmus Wriedt Larsen
de63eb1450 Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut 
Python: Remove manual TC from `ssaShortCut`.
 2020-02-04 14:04:25 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2802ac2e72 Python: Add NumericValue 
Since `IntObjectInternal` extends `TInt`, and `TInt` is defined for all
instances of `Builtin.intValue`, and `Builtin.intValue` includes both `int` and
`long`, we don't need to handles Longs in a special manner, as we did in NumericObject.
 2020-02-04 11:39:16 +01:00
Rasmus Wriedt Larsen
d30e6d2b69 Python: Value::forString and friends returns StringValue 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
27a7d09c94 Python: Fix minor problems in security examples 2020-02-03 14:35:09 +01:00