hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,929 Commits 1,671 Branches 157 Tags
rc/1.20
Commit Graph

232 Commits

Author SHA1 Message Date
Mark Shannon
df2000ea8e Python: Fix up dataflow configuration to act as expected. Keep undocumented for now. 2019-04-05 09:05:13 +01:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Taus
52d8ca09ab Merge pull request #1169 from markshannon/python-speedup-flow-step 
Python: Speed up taint-tracking
 2019-03-26 16:58:47 +01:00
Mark Shannon
1e1903b6ac Python taint-tracking: Avoid computing many redundant copies of flow step for dicts and sequences. 2019-03-26 14:41:03 +00:00
Mark Shannon
2f0bb828c8 Python: Tweak wording of qldoc. 2019-03-25 17:35:23 +00:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00
Taus
36c7a8430a Merge pull request #1112 from markshannon/python-forward-compatible-points-to-extensions 
Python: Allow points-to extensions to specify just the object.
 2019-03-21 19:20:44 +01:00
Mark Shannon
7213b72b9b Python: Allow points-to extensions to specify just the object, and infer the class. Allows points-to extensions to more easily compatible across versions. 2019-03-15 11:09:46 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Mark Shannon
ab23a157ef Python: Move taint-tracking library to new location and extend configuration to match API of other languages. 2019-03-14 10:22:57 +00:00
Mark Shannon
e9a45268a8 Python: Don't report Python 2 print statements as having no effect. 2019-03-13 10:08:07 +00:00
Mark Shannon
ccd18b6c67 Python: Update python-2 specific tests for new parser/tokenizer. 2019-03-12 17:53:50 +00:00
Mark Shannon
28c20a3216 Python: Fix false positive for redundant comparison query when a complex comparison is negated. 2019-03-12 15:07:49 +00:00
Mark Shannon
7b8ca30c12 Python: Make behaviour of taint-tracking sanitizers and extensions less surprising for the unlikely case of mutliple configurations. 2019-03-12 12:40:02 +00:00
Taus
984fb3a010 Merge pull request #1043 from markshannon/python-fix-stack-trace-exposure 
Python: fix stack trace exposure query.
 2019-03-08 11:40:27 +01:00
Mark Shannon
7aef32e63f Python: Add basic taint-tracking configuration. Should help avoid cross-talk between flows and brings the interface closer to that of the other languages. 2019-03-06 15:48:03 +00:00
Mark Shannon
38a5fb715a Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query. 2019-03-05 16:52:28 +00:00
Mark Shannon
32dabcee1e Python: Ignore dead objects from library trap files. 2019-03-05 15:27:45 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Taus Brock-Nannestad
63893fe52c Python: Add missing @kind for py/insecure-temporary-file. 2019-03-04 11:20:39 +01:00
Mark Shannon
94190e76aa Python: Update py/modification-of-default-value to account for truthiness of default value. 2019-03-01 12:01:39 +00:00
Mark Shannon
ebd9bc3cb5 Python: Improve taint tracking to account for truthiness of the taint kind. 2019-03-01 11:24:07 +00:00
Taus Brock-Nannestad
64e6974aac Merge branch 'master' into python-mutable-default-with-flow 2019-03-01 11:10:56 +01:00
Taus Brock-Nannestad
91cfc9bd4c Change kind to path-problem. 2019-03-01 11:06:48 +01:00
Mark Shannon
af2680729f Python: Fix qldoc. 2019-02-28 15:25:43 +00:00
Mark Shannon
2df718d632 Python: Make bottle response logic consistent with other frameworks. 2019-02-28 15:25:15 +00:00
Mark Shannon
91a1cc9f0b Python: Add cherrypy handler function return values as taint sinks. 2019-02-28 15:25:13 +00:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Mark Shannon
e933ba28d5 Python: Add basic support for stdlib cookie objects. 2019-02-28 15:24:36 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Mark Shannon
1444b3976c Python: Add wsgi.environment as a kind of taint, and add suuport for env attribute of falcon request objects. 2019-02-28 13:06:11 +00:00
Taus
a83f33be33 Merge pull request #1001 from markshannon/python-delete-internal-tests 
Python delete extractor tests. Duplicates of internal tests.
 2019-02-28 11:04:52 +01:00
Mark Shannon
9170d85155 Python: Fix falcon sources to only be source if a route is attached. 2019-02-27 16:42:31 +00:00
Mark Shannon
d605dfd542 Python delete extractor tests. Duplicates of internal tests. 2019-02-27 15:35:52 +00:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Mark Shannon
9e268d77d0 Python: Add responses to Falcon framework support. 2019-02-27 09:56:18 +00:00
Mark Shannon
6a48420191 Python: Basic support for falcon framework; routing and requests. 2019-02-27 09:55:52 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Taus
dcaf0f8ba8 Merge pull request #978 from markshannon/python-turbogears 
Python: Add support for turbogears; requests and responses.
 2019-02-26 21:46:01 +01:00
Mark Shannon
a480da6ed5 Python: Generalize turbogear response sinks to allow for internally sourced strings. 2019-02-26 18:31:06 +00:00
Mark Shannon
2995b023fa Python: Fix handling of turbogears' 'expose' decorator. 2019-02-26 16:40:21 +00:00
Taus Brock-Nannestad
e47b391329 Fix interpolation. 2019-02-26 16:27:04 +01:00
Taus Brock-Nannestad
7daaf77183 Make query alert refer to AST nodes rather than CFG nodes. 2019-02-26 15:56:37 +01:00
Taus Brock-Nannestad
504cb648d1 Change query description. 2019-02-26 13:26:20 +01:00
Taus Brock-Nannestad
8d774cd354 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-02-26 13:23:38 +01:00
Taus
9d7877907b Merge pull request #964 from markshannon/python-locations-for-packages 
Python: Make sure packages have locations.
 2019-02-26 11:55:27 +01:00
Mark Shannon
7d0943f30d Python: Add tests for turbogears. 2019-02-26 10:15:37 +00:00
Mark Shannon
26c5ebde54 Python: Basic support for TurboGears: requests and responses. 2019-02-26 10:15:36 +00:00