hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9672 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
a55c13e61c Python: Improve tests for StringDictKind taint 
+ show we handle dict.values()
+ show we don't handle dict.items()
 2020-01-22 14:24:50 +01:00
Rasmus Wriedt Larsen
7d9f1f08ee Python: Autoformat 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
12bb05522a Python: Make py/weak-cryptographic-algorithm a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
c5091f1ce7 Python: Make py/hardcoded-credentials a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
96d5703f2c Python: Remove use of deprecated methods 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
e6425bb4cf Python: Add deprecated keyword to deprecated functions 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
aeaaab6437 Python: Modernise Resources/ queries 2020-01-22 11:20:31 +01:00
Rasmus Wriedt Larsen
47b932d6ce Python: Autoformat Resources/ queries 2020-01-22 11:20:28 +01:00
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Taus Brock-Nannestad
ead687da06 Python: Add false positive test example for issue #2652. 2020-01-21 15:28:01 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen
1498145415 Python: Highlight that any comparison will clear taint 2020-01-21 15:24:56 +01:00
Taus
cfb84be7b1 Merge pull request #2540 from RasmusWL/python-modernise-variables-queries 
Python: modernise variables queries
 2020-01-10 14:45:12 +01:00
Taus Brock-Nannestad
851d692996 Python: Remove manual TC from ssaShortCut. 
This caused a massive slowdown on certain snapshots.
 2020-01-06 13:40:52 +01:00
Rasmus Wriedt Larsen
5d01cb7c28 Python: Fix bad QL-rewriting 
Original code:

exists(Expr e, For forloop | forloop = loop and e.pointsTo(_, _, capturing) |
    not loop.contains(e)
)

The new version will preserve the same semantics. The problem with the first
rewrite was that `not loop.(For).somethingMore` would hold for any AstNode that
was not a For
 2020-01-06 13:30:37 +01:00
Rasmus Wriedt Larsen
9b0b0c338f Python: Cleanup overrides tests 2020-01-06 10:55:37 +01:00
Rasmus Wriedt Larsen
92e272cc03 Python: Address comments for modernising Variables/ 2019-12-20 15:58:51 +01:00
Rasmus Wriedt Larsen
b8a9a353b8 Python: Autoformat Variables/* 2019-12-20 15:08:20 +01:00
Rasmus Wriedt Larsen
25ab0ed20f Python: Modernise Variables/MonkeyPatched.qll 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
994ad197c4 Python: Add Module::builtinModule() 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
58bb16e5dd Python: Modernise Variables/Undefined.qll 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
34f9135492 Python: Modernise py/unused-parameter 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
15bc4cd090 Python: Add override helpers to Value classes 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
aba3ac7b66 Python: Modernise py/uninitialized-local-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
697a006ef2 Python: Modernise py/undefined-global-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
5faa7e7127 Python: Add ModuleValue::hasCompleteExportInfo 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
3ffea599f1 Python: Rewrite casts for py/undefined-global-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
81e27aab8d Python: Modernise py/unused-loop-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
8f7ba0a06d Python: Modernise py/local-shadows-global 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
9f4088413a Python: Modernise py/local-shadows-builtin 
+ moved `scope instanceof Function` so it makes more sense :)
 2019-12-20 15:05:49 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Taus
52d231c219 Merge pull request #2469 from RasmusWL/python-modernise-twisted-library 
Python: modernise twisted library
 2019-12-18 13:55:50 +01:00
Taus
eb6feeeaf8 Merge pull request #2482 from RasmusWL/python-include-zope-web-tests 
Python: include zope web tests from internal repo
 2019-12-18 13:55:23 +01:00
Rasmus Wriedt Larsen
48f873e3d9 Python: Add getAReturnedNode to PythonFunctionValue 2019-12-18 12:00:43 +01:00
Rasmus Wriedt Larsen
582ef6cec9 Python: Restructure logic in Twisted.qll 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
9942c3fd8b Python: Autoformat twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
ac55e6aba6 Python: Modernise twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
4e3c183676 Python: Adapt twisted tests so they pass 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
6011cb74f8 Python: Add twisted tests from internal repo 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
8b5d6ae2cf Python: Modernise zope web tests 2019-12-17 17:42:03 +01:00
Rasmus Wriedt Larsen
e257ba40c4 Python: Make zope web tests pass 2019-12-17 17:42:03 +01:00
Taus Brock-Nannestad
1d94f6d303 Python: Fix several bad join orders. 
Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in
the most recent dist upgrade) went from ~670s to ~313s on
`py/hardcoded-credentials`.

There are still a few tuple counts in the 10-100 million range, but this commit
takes care of all of the ones that numbered in the billions. (A single tuple
count in the 100-1000 million range remains, but it appears to be less critical,
taking only two seconds to calculate.)
 2019-12-17 17:19:49 +01:00
Max Schaefer
a17b615ae5 C++/Python: Deprecate XMLFile.getPath and XMLFile.getFolder. 
Both can be expressed using predicates inherited from `File`.
 2019-12-17 10:15:43 +00:00
Max Schaefer
47c1fc7358 C++/Python: Fix XMLFile.getPath and XMLFile.getFolder. 
Previously, the former returned the file's stem (that is, basename without extension), and the latter never held.
 2019-12-17 10:15:43 +00:00
Max Schaefer
bf30f9cdd2 Python: Remove use of deprecated predicate. 2019-12-17 10:15:43 +00:00
Max Schaefer
ef453db225 Python: Adjust XMLParent.getName to match other languages. 2019-12-17 10:15:43 +00:00
Max Schaefer
3068a89ab2 Python: Adjust implementation of allCharactersString to match other languages. 2019-12-17 10:15:43 +00:00
Max Schaefer
923e36ba4f C++/Java/JavaScript/Python: Make qldoc consistent. 2019-12-17 10:15:43 +00:00
Max Schaefer
a2fe678464 C++/Java/JavaScript/Python: Unify imports in XML.qll. 2019-12-17 10:15:43 +00:00
Max Schaefer
49abffa477 Python: Autoformat XML.qll. 2019-12-17 10:15:43 +00:00