hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

3069 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
88db8f562d Python: Elaborate comments for steps 2021-01-21 10:55:59 +01:00
Rasmus Lerchedahl Petersen
bc1b50788a Python: Small refactor 2021-01-21 10:44:58 +01:00
Rasmus Lerchedahl Petersen
19918e2e57 Python: Have Node-postfix consistently 2021-01-21 10:43:15 +01:00
Rasmus Lerchedahl Petersen
419449fb8a Python: default value for argN 2021-01-20 20:33:04 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
Rasmus Lerchedahl Petersen
7a5d553dd2 Merge branch 'main' of github.com:github/codeql into python-dataflow-unpacking-assignment 2021-01-20 19:27:34 +01:00
yoff
e072864948 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-20 17:38:34 +01:00
yoff
3fc085ff38 Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-20 16:11:40 +01:00
yoff
d0663e5c3a Merge pull request #4971 from RasmusWL/avoid-double-route-setup-django 
Python: Avoid duplicated route-setup in django
 2021-01-20 16:10:33 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Wriedt Larsen
526ccdd227 Python: Add safe example from qhelp to qltests 2021-01-20 11:35:48 +01:00
Rasmus Wriedt Larsen
37aa9b9d06 Python: Add prefix sanitizer on URL redirect query 
This doesn't cover 100% of what we want to, but matches what we used to.
 2021-01-20 11:35:47 +01:00
Rasmus Wriedt Larsen
d8bfa3565f Python: Simple port of URL redirect query 
Still have not added sanitizer, but seems like old sanitizer was a bit too broad
(also covering %-formatting)
 2021-01-20 11:35:44 +01:00
Rasmus Lerchedahl Petersen
5a652ab3aa Python: Add missing test cases 2021-01-19 20:19:45 +01:00
Rasmus Lerchedahl Petersen
23d3343bfb Merge branch 'main' of github.com:github/codeql into python-dataflow-modernize-tests 2021-01-19 18:24:52 +01:00
Rasmus Lerchedahl Petersen
8e126603b3 Python: Remember that old style tests still needs 
updated expectations.
 2021-01-19 18:21:27 +01:00
Rasmus Lerchedahl Petersen
ae38bbe03b Python: Fearlessly adding another test 
in the middle of the file.
 2021-01-19 18:19:11 +01:00
Rasmus Lerchedahl Petersen
69913c053e Python: relative line numbers in 
MISSING-annotations
 2021-01-19 18:10:22 +01:00
Rasmus Lerchedahl Petersen
77da4b0106 Python: Remove absolute line numbers 
- Use relative line numbers in flow test
- Elide line numbers in routing test (new concept)
 2021-01-19 17:05:42 +01:00
Rasmus Wriedt Larsen
9d8925ae6a Python: Extend url-redirect tests 
Specifically to show how it currently handles prefixing user-input with known
constant.

I changed test to be Python 3 only since I wanted to use f-string.
 2021-01-19 15:37:41 +01:00
Rasmus Wriedt Larsen
830f8bfef6 Python: Add change-note for Flask class based view handlers 
For https://github.com/github/codeql/pull/4944
 2021-01-19 15:09:04 +01:00
Rasmus Wriedt Larsen
ab607b8030 Python: Add redirect modeling for Django 2021-01-19 14:45:41 +01:00
Rasmus Wriedt Larsen
aea974ee0c Python: Add redirect modeling for Flask 2021-01-19 14:44:50 +01:00
Rasmus Wriedt Larsen
501e510622 Python: Add redirect modeling tests (flask/django) 2021-01-19 14:43:25 +01:00
Rasmus Wriedt Larsen
efb872ad1e Python: Add HttpRedirectResponse concept 2021-01-19 14:35:19 +01:00
Rasmus Lerchedahl Petersen
42fa3bdb81 Python: Only consider the closest SOURCE 
(in use-use flow) a source
 2021-01-19 09:13:17 +01:00
Rasmus Lerchedahl Petersen
bd3de23c6e Python: Remove some unhelpful store steps 2021-01-19 00:05:10 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
Rasmus Lerchedahl Petersen
bfc6660795 Python: Remember to update test expectations 2021-01-18 15:00:06 +01:00
Rasmus Lerchedahl Petersen
66426bf0cc Python: Add tests for iterable unpacking 
in for-iterations and comprehensions.
 2021-01-18 09:36:13 +01:00
Rasmus Lerchedahl Petersen
175e43d6f2 Python: Slight refactor 2021-01-18 09:12:05 +01:00
Rasmus Lerchedahl Petersen
5f189a7e43 Python: Address reviews 2021-01-15 20:18:37 +01:00
yoff
1edad03622 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-15 18:50:04 +01:00
yoff
48910d0597 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-15 14:02:27 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
f9a29cb886 Python: Add change-note for tornado source modeling 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Lerchedahl Petersen
dfdfd3c2b7 Python: FIx flow 2021-01-14 01:19:58 +01:00
Rasmus Lerchedahl Petersen
6dc0d691ac Python: Final(?!) fix of annotations 2021-01-14 01:06:10 +01:00