hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1781 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
131cf8d2ec Python: Fix compilation error 2020-09-22 15:02:31 +02:00
Rasmus Lerchedahl Petersen
b065d8724e Python: Fixup comments after merge 2020-09-22 13:52:30 +02:00
Rasmus Lerchedahl Petersen
3e2331c87f Merge branch 'main' of github.com:github/codeql into SharedDataflow_FieldFlow 2020-09-22 13:32:36 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Rasmus Lerchedahl Petersen
73d2d9b1f8 Python: Make constructor calls post-update nodes 2020-09-21 17:32:22 +02:00
Taus
724baaf26a Merge pull request #4308 from RasmusWL/python-private-import-of-DataFlowPrivate 
Python: Make import of DataFlowPrivate private
 2020-09-21 17:13:48 +02:00
Rasmus Wriedt Larsen
6aca82fa82 Python: Make import of DataFlowPrivate private 
Otherwise you are able to use `DataFlow::isExpressionNode` where
`isExpressionNode` is defined in `DataFlowPrivate.qll`.
 2020-09-21 13:52:58 +02:00
Taus
9d7a2d2b5d Merge branch 'main' into python-add-global-flow-steps 2020-09-21 13:50:20 +02:00
Taus Brock-Nannestad
1d6558b4e8 Python: Add a bit more documentation to ModuleVariableNode 2020-09-21 11:46:18 +02:00
Rasmus Lerchedahl Petersen
9aa0cfb35c Python: class callable -> class call 
Only have one type of callable, but have an extra type of call.
A constructor call directs to an init callable
(should also handle `call` overrides at some point).
 2020-09-19 22:27:11 +02:00
Rasmus Lerchedahl Petersen
aa28167177 Python: Add malloc nodes 2020-09-19 22:27:10 +02:00
Rasmus Lerchedahl Petersen
27b25565ca Python: Implement field-stores, -reads, and -content 2020-09-19 22:27:10 +02:00
Taus Brock-Nannestad
11c85f0fb5 Python: Clean up various jump/local data flow steps 
Removes steps from `ModuleVariableNode`s from `essaFlowStep`, and
instead puts them only in `jumpStep`. This cleans up the logic a bit.

This slightly broke the type tracker implementation (as it relied on
`essaFlowStep` being fairly liberal), so I have rewritten it to
explicitly rely on just familiar predicates for local and jump steps.

Additionally, we disallow Essa-to-Essa steps where exactly one of the
two nodes corresponds to a global variable (i.e. only local-local and
global-global steps).
 2020-09-18 18:14:47 +02:00
Taus Brock-Nannestad
2d3e23ebb0 Python: Cleanup, docs, and an extra test case 2020-09-16 14:46:04 +02:00
Taus Brock-Nannestad
7cdd290b90 Python: Disregard module-time reads. 2020-09-15 18:25:24 +02:00
Taus Brock-Nannestad
d5e9f36747 Python: Add "enclosing callable" for ModuleVariableNode 
I've named this `DataFlowModuleScope` since it's not really a
callable (and all of the relevant methods are empty anyway).
 2020-09-15 14:23:20 +02:00
Rasmus Lerchedahl Petersen
839cd829ce Python: Fix formatting 2020-09-14 18:48:55 +02:00
Taus Brock-Nannestad
0bb726f21c Python: Fix up merge weirdness 2020-09-14 17:57:45 +02:00
yoff
5efc06da2c Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen
4c02852358 Python: add missing * (and a rename) 2020-09-14 16:56:46 +02:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6 Python: testIsTrue -> branch 2020-09-14 15:32:03 +02:00
yoff
2a4e28db16 Apply suggestions from code review 
Will make the same renames in the changed code also..

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e Python: avoid creating big predicate 2020-09-14 15:24:46 +02:00
Taus Brock-Nannestad
e197f52b6d Merge branch 'main' into python-add-global-flow-steps 2020-09-14 15:13:07 +02:00
Taus Brock-Nannestad
5fb33c90bc Python: Add ModuleVariableNode to dataflow 2020-09-14 14:57:32 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Faten Healy
6f20516f84 Update broken_crypto.py to AES instead of Blowfish 2020-09-13 21:07:28 +10:00
Faten Healy
826fc0a630 Update BrokenCryptoAlgorithm - Blowfish to AES 2020-09-13 21:04:07 +10:00
Rasmus Lerchedahl Petersen
0eb8b6c7b0 Python: Address review 2020-09-11 14:24:49 +02:00
Rasmus Lerchedahl Petersen
5dbb4af5b5 Python: Implement BarrierGuard 2020-09-11 11:55:51 +02:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00
Rasmus Lerchedahl Petersen
deb1a4ceb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_UseUseFlow 2020-09-10 10:55:34 +02:00
Rasmus Lerchedahl Petersen
50cc5d58e9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-09-10 10:20:55 +02:00
Rasmus Lerchedahl Petersen
7b10a3a546 Python: fix comment and source uses 2020-09-10 08:36:00 +02:00
Rasmus Lerchedahl Petersen
b1567827a0 Python: Repair flow out of post-update nodes 2020-09-09 15:52:07 +02:00
Rasmus Wriedt Larsen
2172fb6e65 Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers 2020-09-09 14:30:33 +02:00
Rasmus Wriedt Larsen
d90f0be2c4 Dataflow: defaultTaintBarrier => defaultTaintSanitizer 
Just keeping things a bit more consistent :)
 2020-09-09 14:11:56 +02:00
Rasmus Lerchedahl Petersen
9e59d79a72 Python: Repair flow from pre-update nodes 2020-09-09 13:51:24 +02:00
Rasmus Lerchedahl Petersen
ce7f82ddc6 Python: Add def-use jump-steps 2020-09-09 13:27:14 +02:00
Rasmus Lerchedahl Petersen
c661f43316 Python: Port use-use implementation from Java 2020-09-09 12:19:40 +02:00
Taus Brock-Nannestad
df1448cfb2 Merge branch 'main' into python-remove-spurious-global-flow 2020-09-04 16:28:03 +02:00
Taus
59c7907ee4 Merge pull request #4207 from RasmusWL/python-typetracker-small-fixes 
Python: Small fixes for TypeTracker
 2020-09-04 14:30:10 +02:00
Taus Brock-Nannestad
98266ad5da Python: Remove implicit uses from essaFlowStep 2020-09-04 14:22:43 +02:00
CodeQL CI
fd715a5b66 Merge pull request #4179 from RasmusWL/python-tainttracking-ala-go 
Approved by tausbn, yoff
 2020-09-04 12:20:12 +01:00
Rasmus Wriedt Larsen
f12fa52e22 Python: Update inline example for TypeTracker usage 2020-09-04 11:11:30 +02:00
Rasmus Wriedt Larsen
189c94f9e3 Python: Add TypeTracker::end() 
Copied from JS
 2020-09-04 11:10:10 +02:00
Rasmus Wriedt Larsen
7855576a69 Python: TypeTracker only exposes its own interface 
This is especially important if the TypeTracker needs to be publicly imported by
DataFlowPublic.
 2020-09-04 10:58:20 +02:00
Taus
8e86d56bce Merge pull request #4189 from RasmusWL/python-experimental-file-structure 
Python: Move files in experimental dirs to be consistent
 2020-09-02 16:34:35 +02:00