hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

9664 Commits

Author SHA1 Message Date
Mark Shannon
c767de02e6 Python: Refactor points-to origin code for better encapsulation. 2019-02-12 14:37:19 +00:00
Mark Shannon
b644891e53 Python: Fix up some typos for bottle and add a few more tests. 2019-02-12 14:26:06 +00:00
Mark Shannon
aab0a243dc Python: Add redirects to bottle framework support. 2019-02-12 14:26:06 +00:00
Mark Shannon
d514fc543d Python: Add responses to bottle framework support. 2019-02-12 14:26:06 +00:00
Mark Shannon
8d525e5295 Python: Add support for bottle framework routing and requests. 2019-02-12 14:26:06 +00:00
Taus
9caa9c10bc Merge pull request #928 from markshannon/python-points-to-through-callsites 
Python: Points-to should flow through call-sites if not assigned out of scope.
 2019-02-12 14:41:12 +01:00
Taus
583358bee3 Merge pull request #911 from markshannon/python-add-special-operation 
Python: Add 'special operation' pseudo-expression type
 2019-02-12 13:32:20 +01:00
Taus
5b127eb676 Merge pull request #914 from markshannon/python-add-2-3-query-tests 
Python: Add 2/3 specific query tests.
 2019-02-12 12:54:29 +01:00
Taus
abc71cba4c Merge pull request #913 from markshannon/python-add-3-library-tests 
Python add 2/3 specific library tests
 2019-02-12 12:54:15 +01:00
Mark Shannon
220b881096 Python: Points-to should flow through call-sites if not assigned outside of scope. 2019-02-12 09:57:45 +00:00
Taus
fb8d0f5b1f Merge pull request #850 from markshannon/python-improve-import-analysis 
Python improve import analysis
 2019-02-11 10:28:37 +01:00
Mark Shannon
e37bda27d5 Python points-to: Clarify use of '$' variable. 2019-02-08 15:54:51 +00:00
Mark Shannon
52ddd79cab Python: Add 2/3 specific query tests. 2019-02-08 15:13:17 +00:00
Mark Shannon
adb4c42aa5 Python: Add 2-only library tests. 2019-02-08 14:49:04 +00:00
Mark Shannon
49307a72b4 Python: Add 3-only library tests. 2019-02-08 14:39:27 +00:00
Taus
90eccbdf76 Merge pull request #836 from markshannon/python-mutating-descriptor 
Python: Fix up mutating-descriptor query
 2019-02-08 15:10:30 +01:00
Mark Shannon
465f42eb2f Python: Add 'special operation' pseudo-expression type, for use in semantic stubs file. No use of it as yet. 2019-02-08 11:31:34 +00:00
Taus Brock-Nannestad
895b237e3c Python: Make "Modification of parameter with default" flow-sensitive. 2019-02-04 19:05:04 +01:00
Mark Shannon
24d678b869 Python: Points-to; let values with no boolean constant value flow through pi-nodes. 2019-01-31 15:15:49 +00:00
Mark Shannon
f190f83406 Python: Give most non-self instance attributes the 'unknown' value; improves reachability analysis. 2019-01-31 15:05:13 +00:00
Felicity Chapman
54242f4009 Merge pull request #849 from jf205/locations 
Update links to QL help topics in GH repo files (SD-2999)
 2019-01-30 11:06:22 +00:00
james
7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
Mark Shannon
50a75d2b4f Python: Fully module state of module using global variables and '$' pseudo-variable. 2019-01-30 09:34:17 +00:00
james
81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james
9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Taus
83e2689645 Merge pull request #844 from markshannon/python-hide-magic-variables-in-test 
Python tests: Further hiding of special ESSA variables in tests
 2019-01-29 18:51:06 +01:00
Mark Shannon
4c0f123748 Python: switch from '*' to '$' pseudo variable to track module state. 2019-01-29 17:04:08 +00:00
Taus
08fcb984a8 Implement getACall suggestion. 2019-01-29 17:59:45 +01:00
Taus Brock-Nannestad
edd4468d08 Fix tests by stubbing relevant os functions. 2019-01-29 17:27:14 +01:00
Taus
6f7c96db54 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-01-29 16:12:53 +01:00
Taus Brock-Nannestad
9a9d902cfb Add support for os.tempnam and os.tmpnam. 2019-01-29 16:08:32 +01:00
Mark Shannon
9820249c71 Python tests: Further hiding of special ESSA variables in tests, to ease transition from '*' to '$' variable. 2019-01-29 15:06:47 +00:00
Mark Shannon
7fe3c3d516 Merge branch 'master' into python-mutating-descriptor 2019-01-29 14:46:33 +00:00
Taus
9adb19f3a9 Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Taus
1d28c63703 Merge pull request #810 from markshannon/python-hide-magic-variables 
Python hide magic variables
 2019-01-28 23:21:31 +01:00
Taus
0f5b21e392 Merge pull request #807 from markshannon/python-insecure-file-permission 
Python: Weak file permissions query.
 2019-01-28 23:21:10 +01:00
Taus
15643d1bb6 Merge pull request #814 from markshannon/python-fix-tornado-request-path 
Python: Fix tornado and twisted request attribute tracking.
 2019-01-28 17:38:34 +01:00
Taus
c503ec4608 Merge pull request #806 from markshannon/python-points-to-remove-some-negation 
Python: Remove some negation from points-to, in preparation for ADT Objects.
 2019-01-28 16:25:18 +01:00
Taus
f61e7b66cc Merge pull request #835 from markshannon/python-compare-is-enum 
Python: Fix 'comparison using is' query to account for enum members.
 2019-01-28 16:22:57 +01:00
Mark Shannon
39705cf733 Python: Clarify predicate a bit. 2019-01-28 14:33:39 +00:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00
Mark Shannon
3992346add Python: Fix up mutating-descriptor query to only flag mutation when they occur during descriptor protocol. 2019-01-28 12:57:18 +00:00
Mark Shannon
53fbf51ee8 Python: Fix handling of enum members in python/ql/src/Expressions/IsComparisons.qll. 2019-01-28 12:20:31 +00:00
Mark Shannon
5da209f876 Python: add failing test for comparison using 'is' and enum members. 2019-01-28 12:19:54 +00:00
Mark Shannon
1bec219048 Python: Remove AST test (it will be added to the extractor tests). 2019-01-28 11:41:12 +00:00
Mark Shannon
b841ecbb7c Python: Fix tornado and twisted request attribute tracking; 'path' attribute can be trusted, but 'uri' and 'arguments' cannot. 2019-01-28 11:26:00 +00:00
Mark Shannon
3850f87879 Make qhelp for 'Incomplete URL substring sanitization' consistent across languages. 2019-01-25 16:47:23 +00:00
Taus
fc00e0a64a Merge pull request #796 from markshannon/python-import-used-in-doctest 
Python: Fix 'unused import' for doctests and typehints.
 2019-01-25 16:14:08 +01:00
Mark Shannon
6ddbed7d95 Python: Minor tweaks to qldoc and release note. 2019-01-25 11:34:41 +00:00
Mark Shannon
88d8cb514c Python: Two new queries for URL and hostname sanitization (CWE-020). 2019-01-24 12:57:14 +00:00