hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9673 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
2fad5e8e32 Python: Remove deprecated TaintFlow and additionalFlowStepVar. 2020-04-22 10:34:00 +02:00
Rasmus Wriedt Larsen
26ed911bb2 Python: Add modeling of http.server.BaseHTTPRequestHandler 2020-04-22 09:52:10 +02:00
Rasmus Wriedt Larsen
30e2592701 Python: Propagate taint through parse_qs 2020-04-22 08:55:35 +02:00
Taus
5af351eacd Merge pull request #3275 from RasmusWL/python-fix-points-to-deprecations 
Python: Remove deprecated annotation for old PointsTo::points_to
 2020-04-21 18:18:07 +02:00
Rasmus Wriedt Larsen
32a97266cf Python: Fix deprecation warnings in test output 2020-04-21 11:39:44 +02:00
semmle-qlci
d75d520f35 Merge pull request #3232 from RasmusWL/python-more-deprecated-annotations 
Approved by BekaValentine
 2020-04-21 09:30:27 +01:00
Rasmus Wriedt Larsen
43bc7c6619 Python: Autoformat 
I'm not particularly happy about this one, but I don't care to fight about it today.
 2020-04-20 16:08:53 +02:00
Rasmus Wriedt Larsen
b7145af447 Python: Handle all methods in StringKind.getTaintOfMethodResult 2020-04-20 16:07:30 +02:00
Rasmus Wriedt Larsen
a5d3966cb3 Python: Refactor StringKind.getTaintOfMethodResult 
no need to match on ControlFlowNodes manually anymore 🎉
 2020-04-20 15:01:40 +02:00
Rasmus Wriedt Larsen
10b36bb7a8 Python: Taint of string method reference isn't handled 2020-04-20 15:01:40 +02:00
Rasmus Wriedt Larsen
1631787336 Python: Fix points-to regressions Test.ql 
Only being able to debug missing pointsTo for NameNode was quite limiting ...
 2020-04-20 14:41:55 +02:00
Rasmus Wriedt Larsen
8746876377 Python: Add points-to regression for uncalled function 2020-04-20 14:41:45 +02:00
Taus
964a619450 Merge pull request #3211 from RasmusWL/python-unused-import-small-fix 
Python: Fix FN in unused import
 2020-04-16 14:22:50 +02:00
Taus
a92d926b56 Merge pull request #3218 from RasmusWL/python-add-missing-override 
Python: Add missing override to ClassValue.hasAttribute
 2020-04-16 14:06:23 +02:00
Taus Brock-Nannestad
2d8770d17c Python: Fix remaining deprecation warnings. 2020-04-16 14:03:21 +02:00
Rasmus Wriedt Larsen
ab120ed7af Python: Remove deprecated annotation for old PointsTo::points_to 
We should only deprecate it when we're ready to deprecate the old refersTo and
all the old Object classes
 2020-04-16 09:47:45 +02:00
Rasmus Wriedt Larsen
b179a0bdc2 Python: Add deprecated comment for FinalCustomPointsToFact 2020-04-15 16:59:07 +02:00
Rasmus Wriedt Larsen
5a51d2cc4c Merge pull request #3245 from BekaValentine/python-objectapi-to-valueapi-wrongnameforargumentinclassinstantiation 
Python: ObjectAPI to ValueAPI: WrongNameForArgumentInClassInstantiation
 2020-04-15 16:48:26 +02:00
Rasmus Wriedt Larsen
390959713a Merge pull request #3246 from BekaValentine/python-objectapi-to-valueapi-uselessclass 
Python: ObjectAPI to ValueAPI: UselessClass
 2020-04-15 16:45:02 +02:00
Taus
8402e6a2e1 Merge pull request #3243 from BekaValentine/python-objectapi-to-valueapi-incorrectlyspecifiedoverriddenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlySpecifiedOverriddenMethod
 2020-04-14 18:55:42 +02:00
Taus
3e46604fa5 Merge pull request #3223 from BekaValentine/python-objectapi-to-valueapi-iterreturnsnoniterator 
Python: ObjectAPI to ValueAPI: IterReturnsNonIterator
 2020-04-14 12:55:21 +02:00
Taus
d9a2429de8 Merge pull request #3244 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsinclassinstantiation 
Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInClassInstantiation
 2020-04-14 12:46:29 +02:00
semmle-qlci
52b76b1373 Merge pull request #3233 from RasmusWL/python-use-getAbsolutePath 
Approved by BekaValentine
 2020-04-14 10:43:24 +01:00
semmle-qlci
2e95cab970 Merge pull request #3234 from RasmusWL/python-modenise-files 
Approved by BekaValentine
 2020-04-14 10:38:26 +01:00
Rebecca Valentine
8e91f10030 Python: ObjectAPI to ValueAPI: UselessClass: Adds preliminary modernization 2020-04-09 15:25:38 -07:00
Rebecca Valentine
339758fa70 Python: ObjectAPI to ValueAPI: WrongNameForArgumentInClassInstantiation: Adds preliminary modernization 2020-04-09 15:04:44 -07:00
Rebecca Valentine
8dc1933a02 Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInClassInstantiation: Adds preliminary modernization 2020-04-09 14:58:30 -07:00
Rebecca Valentine
336e48c5c6 Python: ObjectAPI to ValueAPI: IncorrectlySpecifiedOverriddenMethod: Adds preliminary modernization 2020-04-09 14:50:26 -07:00
Rebecca Valentine
be00d71b99 Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod: Adds preliminary modernization 2020-04-09 14:41:22 -07:00
Rebecca Valentine
7a586c97a4 Python: ObjectAPI to ValueAPI: IterReturnsNonIterature: Replaces custom return_type predicate with call to getAnInferredReturnType 2020-04-09 14:30:40 -07:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Rasmus Wriedt Larsen
a2440f0fcd Python: Modernise semmle/python/dataflow/Files.qll 2020-04-08 16:53:19 +02:00
Rasmus Wriedt Larsen
32c04ad765 Python: Use getAbsolutePath() instead of deprecated getName() 2020-04-08 16:46:33 +02:00
Rasmus Wriedt Larsen
ac3acb9187 Python: Add more deprecated annotations 
These classes/predicates are not used by anything in our codebase, and is using
deprecated classes/predicates, so I think it's safe to assume they should also
have been marked with the deprecated annotation.

Changes the QL compiler warnings with:

-WARNING: Type Configuration has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/dataflow/TaintTracking.qll:663,50-63)
-WARNING: Type Configuration has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/dataflow/TaintTracking.qll:666,19-32)
-WARNING: Type Configuration has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/dataflow/TaintTracking.qll:671,19-32)
-WARNING: Type Configuration has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/dataflow/TaintTracking.qll:733,16-39)

-WARNING: Type CustomPointsToAttribute has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/types/Extensions.qll:181,28-51)

-WARNING: Type CustomPointsToFact has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/types/Extensions.qll:155,60-78)
-WARNING: Type CustomPointsToFact has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/types/Extensions.qll:159,19-37)
-WARNING: Type CustomPointsToFact has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/types/Extensions.qll:41,33-51)
+WARNING: Type CustomPointsToFact has been deprecated and may be removed in future (/home/rasmus/code/ql/python/ql/src/semmle/python/types/Extensions.qll:41,44-62)
 2020-04-08 15:10:35 +02:00
Rebecca Valentine
c2443f2342 Python: ObjectAPI to ValueAPI: OverlyComplexDelMethod: Adds preliminary modernization 2020-04-07 21:31:35 -07:00
Rebecca Valentine
0d65db148f Python: ObjectAPI to ValueAPI: IterReturnsNonIterator: Adds preliminary modernization 2020-04-07 21:14:25 -07:00
Rasmus Wriedt Larsen
7af5f038ab Python: Add missing override to ClassValue.hasAttribute 
I was considering if this was actually something different than
Value.hasAttribute, and the names were just accidentially the same. But after
looking at the definition for Value, I'm happy about marking this as an
override (I did not test whether it was neede though):

```codeql
class Value extends TObject {
    ...

    /** Holds if this value has the attribute `name` */
    predicate hasAttribute(string name) { this.(ObjectInternal).hasAttribute(name) }
```
 2020-04-07 14:02:53 +02:00
Rasmus Wriedt Larsen
befe73df14 Python: supress non-useful results (w/ tests) for iter str/seq query 
Fixes https://github.com/Semmle/ql/issues/3207
 2020-04-07 11:46:36 +02:00
Rasmus Wriedt Larsen
94ccc16f85 Python: iter str/seq query gives non-useful results with tests 2020-04-07 11:46:35 +02:00
Rasmus Wriedt Larsen
46ecbef8f2 Python: Consistenly use TestScope instead of Test 
It's not clear which one is the correct to use, but there were more uses of
TestScope than Test, so I'm assuming that is the right one ¯\_(ツ)_/¯
 2020-04-07 11:42:13 +02:00
Rasmus Wriedt Larsen
2871eb307a Python: Fix (some) shortcomings of tests filter 2020-04-07 11:24:06 +02:00
Rasmus Wriedt Larsen
6ed7b3dd92 Python: Add tests to illustrate shortcomings of current tests filter 2020-04-07 11:22:16 +02:00
Rasmus Wriedt Larsen
75e6470009 Python: Fix FN in py/unused-import 2020-04-07 09:41:42 +02:00
Rasmus Wriedt Larsen
1077ce3a35 Python: Add FN for py/unused-import 2020-04-07 09:26:14 +02:00
Rebecca Valentine
c1ba1345df Python: ObjAPI to ValAPI: WrongNumArgsInCall: ObjectAPI.qll: Adds doc for getAnInferredType 2020-04-06 11:03:42 -07:00
Rebecca Valentine
16eedf9ea5 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-06 10:35:49 -07:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Rebecca Valentine
01aac8273c Python: ObjAPI to ValAPI: WrongNumArgsInCall: Update queries to use objectapi 2020-04-04 03:11:25 -07:00