hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,595 Commits 1,671 Branches 157 Tags
rc/1.25
Commit Graph

1637 Commits

Author SHA1 Message Date
Calum Grant
595ab442e6 Merge pull request #3996 from yoff/SharedDataflow_Syntax 
Python: Test all expressions that incur dataflow
 2020-07-31 17:45:00 +01:00
Rasmus Lerchedahl Petersen
3e13056140 Python: Address most review comments 2020-07-31 17:20:58 +02:00
Rasmus Lerchedahl Petersen
e8ce62e211 Python: Fix missing flow annotation 2020-07-31 15:28:27 +02:00
Rasmus Lerchedahl Petersen
e13cf2e126 Python: fix formatting 2020-07-31 14:25:09 +02:00
Rasmus Lerchedahl Petersen
29493f5bd7 Python: Make the coverage test a path query 2020-07-31 12:38:57 +02:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Rasmus Lerchedahl Petersen
133e18edd9 Python: Annotate missing flow 2020-07-30 18:13:39 +02:00
Rasmus Lerchedahl Petersen
1467d6b419 Python: Test all expressions that incur dataflow 2020-07-30 17:51:17 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Porcupiney Hairs
7a71ca3e0f fix tests. 2020-07-24 00:57:19 +05:30
Rasmus Wriedt Larsen
c49311e69e Python: Fix JinjaSSTISinks.expected 2020-07-23 20:11:27 +02:00
Rasmus Wriedt Larsen
03d22fa8e3 Python: Fix filenames in qhelp 2020-07-23 17:32:01 +02:00
Rasmus Wriedt Larsen
e283d289fd Python: Update TemplateInjection.qhelp 
Moved things around so there is only a single `<example>` tag (and had to rewrite contents a bit).
 2020-07-23 17:23:26 +02:00
Porcupiney Hairs
1e7921e575 add qhelp and fix tests. 2020-07-23 20:04:32 +05:30
porcupineyhairs
8e85dc755a Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-23 19:37:40 +05:30
Rasmus Wriedt Larsen
a97f942a17 Python: Autoformat 2020-07-23 11:38:34 +02:00
Alexey Tereshenkov
7840dfce3b Put the closing tag back 2020-07-22 20:51:29 +01:00
Alexey Tereshenkov
e2939377e9 Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-22 20:07:34 +01:00
Alexey Tereshenkov
a6eb3caa5f Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-07-22 20:07:27 +01:00
Alexey Tereshenkov
a5f566b563 Fix typo 2020-07-22 15:39:50 +01:00
Rasmus Wriedt Larsen
91e6222662 Python: Fix SSTI query by importing UntrustedStringKind 
Without a concrete ExternalStringKind class, there will be no flow for
ExternalStringKind by default.
 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
9dbd280d31 Python: Fix syntax error 2020-07-21 18:01:27 +05:30
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
semmle-qlci
0bee0687cb Merge pull request #3911 from RasmusWL/python-call-graph-tracing 
Approved by tausbn
 2020-07-14 15:33:45 +01:00
Rasmus Wriedt Larsen
f1601d643a Python: autoformat 2020-07-14 14:12:56 +02:00
Rasmus Wriedt Larsen
1d9c3b3bcd Python: call-graph tracing: callable => callee 
to use consistent naming
 2020-07-14 14:12:02 +02:00
semmle-qlci
f8c03dcae6 Merge pull request #3924 from RasmusWL/python-metrics-queries-for-dist-compare 
Approved by tausbn
 2020-07-14 13:03:02 +01:00
Rasmus Wriedt Larsen
ee42d0839e Python: Rename target => callee 
To use a standardised naming :)
 2020-07-14 11:26:05 +02:00
Rasmus Wriedt Larsen
d913d33289 Python: Autoformat 2020-07-14 11:21:55 +02:00
Rasmus Wriedt Larsen
dc7d92ba2f Python: Autoformat experimental/library-tests/CallGraph/ 2020-07-13 16:20:02 +02:00
Rasmus Wriedt Larsen
83bd14b687 Python: Make experimental/library-tests/CallGraph pass for Python 2 
The import doesn't actually work the intended way, so running
```
$ python python/ql/test/experimental/library-tests/CallGraph/test.py
```

will procude no output. but our extractor will extract the things we need, so
for a quick fix this will need to suffice.
 2020-07-13 14:52:28 +02:00
Rasmus Wriedt Larsen
3127bb27d0 Python: Remove strange empty line 2020-07-13 10:55:43 +02:00
Rasmus Wriedt Larsen
0b6c3ff99d Python: Don't use PointsTo module name in metrics query 
To avoid confusion with the normal PointsTo module in
python/ql/src/semmle/python/pointsto/PointsTo.qll
 2020-07-13 10:46:03 +02:00
Rasmus Wriedt Larsen
a7d23063de Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-07-13 10:44:19 +02:00
Taus
df3eb9f9c5 Merge pull request #3790 from RasmusWL/python-add-annotated-callgraph-tests 
Python: Add annotated call-graph tests
 2020-07-10 15:38:38 +02:00
Rasmus Wriedt Larsen
e7c89dc24b Python: Fix grammar 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-09 10:39:58 +02:00
Rasmus Wriedt Larsen
32219e58c0 Python: Add basic call-graph metric queries 
For use with dist-compare
 2020-07-08 13:29:54 +02:00
Rasmus Wriedt Larsen
7306f58e57 Python: Fix experimental tests 2020-07-07 19:44:43 +02:00
Taus Brock-Nannestad
45eccb2521 Python: Fix test failures. 2020-07-07 17:01:17 +02:00
Taus
df4d145490 Merge branch 'master' into python-qlformat-everything-again 2020-07-07 16:33:21 +02:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Rasmus Wriedt Larsen
42227c625d Python: Fix grammar 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-07 11:33:54 +02:00
Rasmus Wriedt Larsen
27d1512a75 Python: MWE for call-graph tracing and ql comparison 2020-07-07 11:05:03 +02:00
Rasmus Wriedt Larsen
d00e7396c4 Python: Consistently use camelCase in annotated call-graph tests 2020-07-06 17:59:16 +02:00
Rasmus Wriedt Larsen
65c4e6c02a Python: Disable class instantiation annotation for now 
Adjusting test setup properly requires some deep thinking, and I don't think I'm
ready to do that right now. Added a TODO instead.
 2020-07-06 17:48:15 +02:00
Rasmus Wriedt Larsen
cd8ea78420 Python: Autoformat 2020-07-06 17:34:19 +02:00
Rasmus Wriedt Larsen
9e252d5465 Python: Explain random example 2020-07-06 17:30:49 +02:00