hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,672 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

404 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
fc851b46c3 Python: Fix Django class-based views 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
fb864b7262 Python: Consolidate tests for django 
The tests in 3/ was not Python 3 specific anymore
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
471318369b Python: Don't quote %s in django example 
This is vulnerable to SQL injection because of the quotes around %s -- added
some code that highlights this in test.py

Since our examples did this in the safe query, I ended up rewriting them
completely, causing a lot of trouble for myself :D
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
afe7a0536c Python: Support positional arguments in Django routes 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
5b6675aa71 Python: Select location first in tornado Classes test 
so it conforms with the general scheme in tests
 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
2bb933fef0 Python: Modernise tornado library 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
3e3833927b Python: Remove unused getTornadoRequestHandlerMethod 
It was only used in a test, and with the mock, it gives no results anyway.
 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
bc50e90f5b Python: Use mock for tornado tests 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
4248a8418b Python: Move tornado tests from internal repo 2019-10-24 15:01:35 +02:00
Rasmus Wriedt Larsen
2874c54133 Python: Move pyramid tests from internal repo 
Use minimal mock instead of full library
 2019-10-23 16:28:46 +02:00
Rasmus Wriedt Larsen
bf197b9f20 Add testcase 2019-10-10 15:34:54 +02:00
Taus
fb20cab4c8 Merge pull request #2012 from RasmusWL/python-modernise-cls-self-checks 
Python: modernise cls self argument name checks
 2019-09-30 15:50:32 +02:00
Taus
04f14f1fe7 Merge pull request #2040 from RasmusWL/python-modernise-cherrypy 
Python: Modernise cherrypy library
 2019-09-30 11:53:59 +02:00
Rasmus Wriedt Larsen
ff28b3f1b4 Python: Modernise cherrypy library 2019-09-27 11:23:33 +02:00
Rasmus Wriedt Larsen
12c49031e8 Python: Modernise bottle library 2019-09-26 15:03:47 +02:00
Rasmus Wriedt Larsen
a81bf720f5 Python: Modernise the py/not-named-self query. 2019-09-26 13:25:14 +02:00
Taus
f8bd3770d6 Merge pull request #1848 from markshannon/python-rationalize-taint-tracking 
Python: Move TaintTracking.qll
 2019-08-30 16:21:49 +02:00
Mark Shannon
637677d515 Python: Move TaintTracking.qll from semmle.python.security to semmle.python.dataflow, for consistency with other code. 2019-08-30 12:57:47 +01:00
Mark Shannon
811815aa4e Merge branch 'master' into python-cwe-312 2019-08-30 10:39:04 +01:00
Mark Shannon
989d7aeace Merge branch 'master' into python-cwe-312 2019-08-29 15:57:49 +01:00
Mark Shannon
22f55d25c2 Python taint-tracking. Reorder columns in some tests for easier comprehension of expected output. 2019-08-29 14:36:10 +01:00
Mark Shannon
e51b797c03 Python taint-tracking. Add an adapter for old 'dataflow config'. 2019-08-29 14:30:09 +01:00
Mark Shannon
179f4ee88f Python taint-tracking: Add documented example test. 2019-08-29 13:03:58 +01:00
Mark Shannon
10fddbc19b Python new taint-tracking: Fix some typos and clarify documentation. 2019-08-29 11:03:35 +01:00
Mark Shannon
e5900921e7 Python taint-tracking: Remove warnings from test output. 2019-08-29 10:31:50 +01:00
Mark Shannon
c7ec5690a5 Python taint-tracking: make sure all features of legacy extensions are supported. 2019-08-29 10:31:50 +01:00
Mark Shannon
64c160b75c Python taint-tracking: Fix ambiguous flow through class instantiation. Tweak the path query to ensure edge to sink is always present. 2019-08-29 10:31:50 +01:00
Mark Shannon
3f8066878a Python taint-tracking: Fix up handling of contexts for __init__ and for context-free taints. 2019-08-29 10:31:50 +01:00
Mark Shannon
fe9c9d479d Python taint-tracking. Fix bug in legacy API. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
24b4a4102c Python taint-tracking: Further enhancements to new implementation for better debugging and backwards compatibility. 2019-08-29 10:31:50 +01:00
Mark Shannon
1addfaac1a Python taint-tracking: update test results. 2019-08-29 10:31:50 +01:00
Mark Shannon
a7845ae0e1 Python taint-tracking: Remove old implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
74f1dd3ec0 Python taint-tracking. Add some tests and fix up various parts of the implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
f11d0638cf Python: Remove tests for pruning in QL. 2019-08-25 17:00:08 +01:00
Mark Shannon
6cd0087d9d Python: Use Value API for sensitive data analysis. 2019-08-22 15:27:48 +01:00
Taus Brock-Nannestad
f9c002e441 Python: Support short mode flags (e.g. re.M) in regexes. 2019-08-22 14:53:58 +02:00
Taus
ae2a68b988 Merge pull request #1791 from markshannon/python-revert-tests 
Python: Revert and update tests removed in #1767
 2019-08-22 11:20:24 +02:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
Mark Shannon
523c5b1e1e Python ESSA: Remove unnecessary intermediate class. 2019-08-20 11:41:53 +01:00
Mark Shannon
e34ccae1fc Python ESSA: Move all Essa code to semmle.python.essa folder. 2019-08-20 11:41:46 +01:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
Mark Shannon
902871bd48 Python: update tests results after rebase. 2019-08-15 11:37:07 +01:00
Mark Shannon
6c6e35f541 Python: Enhance points-to to support type-hint analysis. 2019-08-15 11:35:14 +01:00
Taus
34106ec739 Merge pull request #1730 from markshannon/python-prepare-for-unrolling 
Python prepare for implementing loop unrolling in extractor.
 2019-08-13 10:54:24 +02:00
Mark Shannon
d96a009975 Python tests: Temporarily comment out loops prior to implementing loop-unrolling in extractor. 2019-08-12 14:10:44 +01:00
Mark Shannon
96ba9a2dfd Python points-to. Do not track tuples on lhs of assignment or in deletions. 2019-08-12 11:04:28 +01:00
Mark Shannon
cb719a8998 Python points-to: track instances of int, float or str without a specific value, and calls to bool(). 2019-08-08 10:49:58 +01:00