hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,671 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

1268 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
ab856d6c01 Python: Show getCallableForArgument can have multiple results 2020-11-18 10:44:32 +01:00
Rasmus Wriedt Larsen
611398586d Merge pull request #4649 from yoff/python-dataflow-cfgparameters 
Python: Make `ParameterNode` a `CfgNode`
 2020-11-11 10:22:12 +01:00
Rasmus Lerchedahl Petersen
0710963fc3 Python: update test expectations 
EssaNode -> ControlFlowNode
 2020-11-10 23:58:55 +01:00
Anders Schack-Mulligen
89ef6ea4eb C++/C#/Java/JavaScript/Python: Autoformat set literals. 2020-11-10 13:32:27 +01:00
Rasmus Lerchedahl Petersen
109d55eb25 Python: Make ParameterNode a CfgNode 
Add a step from that `CfgNode` to the corresponding `EssaNode`.
The intended effect is seen in `ImpliesDataflow.expected`.
The efeect seen in other `.expected`-files is that parameter nodes
change type, that the extra steps are seen, and that flow from
`EssaVar`s is mirrored in flow from `CfgNode`s.
There is one surprise, which is the `.0` node in
`coverage/localFlow.expected`.
 2020-11-10 11:35:50 +01:00
yoff
45317bcec9 Update python/ql/test/library-tests/PointsTo/new/code/w_function_values.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-06 15:03:20 +01:00
Rasmus Lerchedahl Petersen
fe186bf854 Python: Add test 2020-11-06 13:30:11 +01:00
Rasmus Lerchedahl Petersen
64b9e9150e Python: only show results in extracted files 2020-11-06 12:01:16 +01:00
Rasmus Lerchedahl Petersen
6cecd3ba83 Python: Move and rename query 2020-11-05 11:49:39 +01:00
Rasmus Lerchedahl Petersen
38b2bb2828 Python: Add testfile with regressions 2020-11-04 15:55:59 +01:00
Rasmus Lerchedahl Petersen
6df3b8d524 Python: Update query and expectation 2020-11-04 15:17:38 +01:00
Rasmus Lerchedahl Petersen
9baa7b73da Merge branch 'main' of github.com:github/codeql into SharedDataflow_PointsToImpliesDataflow 2020-11-04 15:05:59 +01:00
Rasmus Wriedt Larsen
353505ec6c Python: Handle content of Django redirects correctly 2020-11-04 12:10:58 +01:00
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Jonas Jensen
5680b2df13 Merge remote-tracking branch 'upstream/main' into better-syntax-for-false-positives-and-negatives-inline-expectation 
Required fixing up semantic conflicts in tests.

Conflicts:
	python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py
 2020-11-03 09:47:26 +01:00
Taus Brock-Nannestad
5dadb0f476 Python: Fix imports in tests 2020-11-02 23:02:29 +01:00
Taus
25e88ed585 Merge pull request #4588 from yoff/python-pep-249 
Python: Model PEP 249
 2020-11-02 18:57:15 +01:00
Rasmus Lerchedahl Petersen
ea74c7f12b Python: add tests 2020-11-02 17:59:51 +01:00
Taus
2dfffdbab8 Merge pull request #4590 from RasmusWL/python-model-base64 
Python: Model encoding/decoding with base64 module
 2020-11-02 17:00:21 +01:00
Rasmus Wriedt Larsen
247fd4f5f3 Python: Make encoding/decoding preserve taint automatically 
With the way we have set things up, there is no way to opt out of this behavior.
 2020-11-02 14:53:30 +01:00
Rasmus Wriedt Larsen
66f5d0d9d5 Python: Model encoding/decoding with base64 module 2020-11-02 14:44:53 +01:00
Rasmus Wriedt Larsen
eff244db71 Python: Add Encoding concept 
I wasn't able to find a good opposite of "parsing", so left that out of the list
of intended purposes.
 2020-11-02 14:19:20 +01:00
Taus Brock-Nannestad
f84ab2fa99 Python: Remove old data-flow tests 2020-11-02 14:07:04 +01:00
Taus Brock-Nannestad
9d6c07c8df Python: Add copy of old queries 2020-11-02 13:35:20 +01:00
Taus Brock-Nannestad
b620b9b7c6 Python: Fixup CWE-022 tests 
This was a bit of a mess, since there was crosstalk between the
TarSlip and PathInjection queries. (Also one of these needs the
`options` file to be in one way, and the other not). To fix this, I
split these out into separate directories.
 2020-11-02 11:46:28 +01:00
Taus Brock-Nannestad
af7626a6b3 Python: Fixup CWE-079 tests 2020-11-02 11:46:02 +01:00
Taus Brock-Nannestad
57b51090ef Python: Fixup CWE-094 tests 2020-11-02 11:45:44 +01:00
Taus Brock-Nannestad
ebb593466d Python: Fixup CWE-089 tests 2020-11-02 11:45:14 +01:00
Taus Brock-Nannestad
7a395bf7c8 Python: Fixup CWE-078 tests. 2020-11-02 11:44:42 +01:00
Taus Brock-Nannestad
52dc905037 Python: Fixup CWE-502 tests. 2020-11-02 11:44:00 +01:00
Mathias Vorreiter Pedersen
6d0783a3bd Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space. 2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen
870ed0039b Python: Allow single quote strings and accept test changes. 2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen
0bc4d52d66 Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit. 2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen
ed9ad8b5e3 Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation 2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen
80360450de Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen
ef9999a4a1 Python: fix test annotation 2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen
37ad59a92a Python: subclas of known subclasses 2020-10-30 17:37:54 +01:00
Mathias Vorreiter Pedersen
45b24a9bc8 Python: Update inline-expectation tests 2020-10-30 16:53:33 +01:00
Mathias Vorreiter Pedersen
6ac740a490 Python: Sync identical file 2020-10-30 16:53:17 +01:00
Rasmus Lerchedahl Petersen
e7c9bc388b Python: support some custom subclasses 2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen
e69349791a Python: django.http.response.HttpRequest.write 2020-10-30 12:51:23 +01:00
Rasmus Lerchedahl Petersen
ffe10d1b7c Python: test HttpResponse.write 2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen
fa3a7e6686 Python: Known subclasses of HttpResponse 2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen
c962377ef4 Python: test for subclasses 2020-10-30 10:37:40 +01:00
Rasmus Lerchedahl Petersen
08af839757 Python: django.http.response.HttpResponseRedirect 2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen
52be896666 Python: django.http.response.JsonResponse 
It s possible this class is not relevant to XSS
 2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen
0f9b8595d1 Python: rename functions by vulnerability 2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen
97153b56ad Python: add false negatives to test 2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen
2ca86f5ea7 Python: django.http.response.HttpResponse 2020-10-30 00:22:53 +01:00
Mathias Vorreiter Pedersen
acf6ffb990 Python: Sync identical file 2020-10-29 19:07:10 +01:00