hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

936 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
d273974045 Python: Don't flag return procedure_call() in __init__ as error 
This commit fixes the results for
0d8a429b7e/files/mayaTools/cgm/lib/classes/AttrFactory.py (L90)

```
def __init__(...):
    if error_case:
        return guiFactory.warning(...)
```

that was wrongly reporting _Explicit return in __init__ method._ as an error.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
6e50a0ef84 Python: Modernise the py/explicit-return-in-init query. 
Add explicit test case to show that we don't doulbe report this problem.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
3c33e863ad Python: split tests for Functions into more files 
Makes it easier to see what the testcases are relevant for what queries.
 2019-09-19 11:54:28 +02:00
Taus Brock-Nannestad
d336140c19 Python: Modernise the py/non-iterable-in-for-loop query. 
Also adds a small test case exhibiting the same false positive seen in
ODASA-8042.
 2019-09-05 12:24:51 +02:00
Mark Shannon
3f740d6efe Python: Update CWE-312 queries to use new taint-tracking configuration. 2019-08-30 11:21:04 +01:00
Mark Shannon
811815aa4e Merge branch 'master' into python-cwe-312 2019-08-30 10:39:04 +01:00
Mark Shannon
989d7aeace Merge branch 'master' into python-cwe-312 2019-08-29 15:57:49 +01:00
Mark Shannon
e5900921e7 Python taint-tracking: Remove warnings from test output. 2019-08-29 10:31:50 +01:00
Mark Shannon
64c160b75c Python taint-tracking: Fix ambiguous flow through class instantiation. Tweak the path query to ensure edge to sink is always present. 2019-08-29 10:31:50 +01:00
Mark Shannon
d31e55f88e Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests. 2019-08-29 10:31:50 +01:00
Mark Shannon
78ce19678a Python taint-tracking: Fix up SQL injection query. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
2d9d292ee4 Python: Fix up pi-node handling in taint-tracking. 2019-08-29 10:31:50 +01:00
Rebecca Valentine
36f99c19bc Merge pull request #1840 from markshannon/python-better-hasattribute-handling 
Python: Add 'hasAttribute' predicate to ObjectInternal and Value.
 2019-08-28 10:45:44 -07:00
Mark Shannon
1c8ce418d9 Python: Add test to confirm #1212 is fixed. 2019-08-28 12:01:04 +01:00
Mark Shannon
8909c3d6ab Python: Fix tags and message for CWE-312 queries. 2019-08-23 15:20:19 +01:00
Taus Brock-Nannestad
92f48191c2 Update test results for UndefinedGlobal.ql. 2019-08-22 17:53:36 +02:00
Taus Brock-Nannestad
b82ebf2a37 Add tests. 2019-08-22 16:30:14 +02:00
Mark Shannon
4759044ee4 Python tests: Fix up tests for CWE-312 to not use external locations. 2019-08-22 15:27:49 +01:00
Mark Shannon
9df205b288 Python tests: Fix up CWE-327 tests to use new sensitive-data library. 2019-08-22 15:27:48 +01:00
Mark Shannon
816938369e Python: Add tests for clear-text storage and logging. 2019-08-22 15:27:48 +01:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
Taus
34106ec739 Merge pull request #1730 from markshannon/python-prepare-for-unrolling 
Python prepare for implementing loop unrolling in extractor.
 2019-08-13 10:54:24 +02:00
Taus
5f55cb046d Merge pull request #1691 from markshannon/python-fewer-missing-edges 
Python: Make a few more expressions point-to the 'unknown' value.
 2019-08-12 16:15:09 +02:00
Mark Shannon
8dd3963546 Python tests: Temporarily remove some analysis tests prior to implementing loop-unrolling in extractor. 2019-08-12 14:12:02 +01:00
Rebecca Valentine
8823cdfdbc Merge pull request #1713 from markshannon/python-remove-parents 
Python taint-tracking: Remove 'parents' query from path-queries.
 2019-08-08 10:01:40 -07:00
Mark Shannon
c2f9189286 Python: Make a few more expressions point-to the 'unknown' value to improve reachability by about 1%. 2019-08-08 12:01:41 +01:00
Mark Shannon
4b242ddc86 Python: Port a few queries to new API. 2019-08-08 11:58:23 +01:00
Mark Shannon
6bd5158f9e Python taint-tracking: Remove 'parents' query from path-queries, as it unused by the tooling. 2019-08-08 10:15:06 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Mark Shannon
27c0571a86 Python points-to: Infer types for comprehensions. 2019-07-25 14:18:05 +01:00
Mark Shannon
2c5b1c0810 Fix semantic merge conflict between #1470 and #1487. 2019-07-15 15:34:00 +01:00
Taus
f12c057826 Merge pull request #1470 from markshannon/python-tarslip 
Python: "TarSlip" query
 2019-07-15 12:43:47 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Mark Shannon
347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Mark Shannon
39b7a69abd Python: Tarslip query: Fix up sanitizers. 2019-06-19 15:00:02 +01:00
Mark Shannon
6f15c84bdc Python: Tarslip query; Add sink for members and sanitizers for tarinfo objects. 2019-06-19 11:48:31 +01:00
Mark Shannon
e14f7ef466 Python: Tarslip query; track info objects and handle sanitization. 2019-06-19 11:48:31 +01:00
Mark Shannon
ea4e263060 Python: Initial version and help of tar-slip (CWE-022) query. 2019-06-19 11:48:31 +01:00
Mark Shannon
918bdecba5 Python: Don't record taint past sinks. 2019-06-18 16:34:23 +01:00
Taus
af08f856b5 Merge pull request #1389 from markshannon/python-ipa-objects-fix-performance 
Python: New points-to and object model with performance fixes
 2019-06-03 18:52:28 +02:00
alexey
86ec047be2 Rename files by style guide and change query metadata 2019-05-29 15:35:58 +01:00
alexey
8168c0ee0a Fix typo in test for the query 2019-05-23 15:54:59 +01:00
alexey
e214174114 add return-or-yield-outside-of-function Python query 2019-05-22 15:27:32 +01:00
Mark Shannon
bf78c62594 Python points-to: Add objects representing missing modules and their attributes. 2019-05-15 11:24:01 +01:00
Mark Shannon
0afcb11a13 Python points-to: Make sure reachability can skip over if-statements. 2019-05-14 11:52:33 +01:00