hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9672 Commits

Author SHA1 Message Date
Mark Shannon
7b8ca30c12 Python: Make behaviour of taint-tracking sanitizers and extensions less surprising for the unlikely case of mutliple configurations. 2019-03-12 12:40:02 +00:00
Tom Hvitved
c5450128be Merge branch 'rc/1.20' into merge-rc 2019-03-12 09:14:38 +01:00
Mark Shannon
94e4bd8b01 Merge pull request #1063 from taus-semmle/python-fix-compilation-warnings 
Python: Fix compilation warnings.
 2019-03-08 13:54:31 +00:00
Taus Brock-Nannestad
a74a2060f5 Remove use of deprecated function theEmptyTupleObject. 2019-03-08 14:00:16 +01:00
Taus Brock-Nannestad
116e262c62 Add missing override annotations. 2019-03-08 13:59:52 +01:00
Taus
984fb3a010 Merge pull request #1043 from markshannon/python-fix-stack-trace-exposure 
Python: fix stack trace exposure query.
 2019-03-08 11:40:27 +01:00
Mark Shannon
ef1c08e351 Python: Fix up OsGuard class. 2019-03-07 14:21:03 +00:00
Mark Shannon
7aef32e63f Python: Add basic taint-tracking configuration. Should help avoid cross-talk between flows and brings the interface closer to that of the other languages. 2019-03-06 15:48:03 +00:00
Mark Shannon
38a5fb715a Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query. 2019-03-05 16:52:28 +00:00
Mark Shannon
32dabcee1e Python: Ignore dead objects from library trap files. 2019-03-05 15:27:45 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Taus Brock-Nannestad
63893fe52c Python: Add missing @kind for py/insecure-temporary-file. 2019-03-04 11:20:39 +01:00
Mark Shannon
94190e76aa Python: Update py/modification-of-default-value to account for truthiness of default value. 2019-03-01 12:01:39 +00:00
Mark Shannon
ebd9bc3cb5 Python: Improve taint tracking to account for truthiness of the taint kind. 2019-03-01 11:24:07 +00:00
Taus Brock-Nannestad
64e6974aac Merge branch 'master' into python-mutable-default-with-flow 2019-03-01 11:10:56 +01:00
Taus Brock-Nannestad
91cfc9bd4c Change kind to path-problem. 2019-03-01 11:06:48 +01:00
Mark Shannon
af2680729f Python: Fix qldoc. 2019-02-28 15:25:43 +00:00
Mark Shannon
2df718d632 Python: Make bottle response logic consistent with other frameworks. 2019-02-28 15:25:15 +00:00
Mark Shannon
91a1cc9f0b Python: Add cherrypy handler function return values as taint sinks. 2019-02-28 15:25:13 +00:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Mark Shannon
e933ba28d5 Python: Add basic support for stdlib cookie objects. 2019-02-28 15:24:36 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Mark Shannon
1444b3976c Python: Add wsgi.environment as a kind of taint, and add suuport for env attribute of falcon request objects. 2019-02-28 13:06:11 +00:00
Taus
a83f33be33 Merge pull request #1001 from markshannon/python-delete-internal-tests 
Python delete extractor tests. Duplicates of internal tests.
 2019-02-28 11:04:52 +01:00
Mark Shannon
9170d85155 Python: Fix falcon sources to only be source if a route is attached. 2019-02-27 16:42:31 +00:00
Mark Shannon
d605dfd542 Python delete extractor tests. Duplicates of internal tests. 2019-02-27 15:35:52 +00:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Mark Shannon
9e268d77d0 Python: Add responses to Falcon framework support. 2019-02-27 09:56:18 +00:00
Mark Shannon
6a48420191 Python: Basic support for falcon framework; routing and requests. 2019-02-27 09:55:52 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Taus
dcaf0f8ba8 Merge pull request #978 from markshannon/python-turbogears 
Python: Add support for turbogears; requests and responses.
 2019-02-26 21:46:01 +01:00
Mark Shannon
a480da6ed5 Python: Generalize turbogear response sinks to allow for internally sourced strings. 2019-02-26 18:31:06 +00:00
Mark Shannon
2995b023fa Python: Fix handling of turbogears' 'expose' decorator. 2019-02-26 16:40:21 +00:00
Taus Brock-Nannestad
e47b391329 Fix interpolation. 2019-02-26 16:27:04 +01:00
Taus Brock-Nannestad
7daaf77183 Make query alert refer to AST nodes rather than CFG nodes. 2019-02-26 15:56:37 +01:00
Taus Brock-Nannestad
504cb648d1 Change query description. 2019-02-26 13:26:20 +01:00
Taus Brock-Nannestad
8d774cd354 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-02-26 13:23:38 +01:00
Taus
9d7877907b Merge pull request #964 from markshannon/python-locations-for-packages 
Python: Make sure packages have locations.
 2019-02-26 11:55:27 +01:00
Mark Shannon
7d0943f30d Python: Add tests for turbogears. 2019-02-26 10:15:37 +00:00
Mark Shannon
26c5ebde54 Python: Basic support for TurboGears: requests and responses. 2019-02-26 10:15:36 +00:00
Taus
89216208be Merge pull request #969 from markshannon/python-points-to-speed-up 
Python: Refactor three predicates to improve join-order.
 2019-02-22 15:27:02 +01:00
Mark Shannon
d46467f526 Python: Update tests to account for packages having locations. 2019-02-22 12:16:34 +00:00
Mark Shannon
a1820fe4c3 Python: Refactor three predicates to improve join-order. 2019-02-22 11:48:39 +00:00
Taus
69270d0a4e Merge pull request #963 from markshannon/python-sanity-context-sensitive 
Python: Make points-to sanity check context sensitive.
 2019-02-22 11:50:48 +01:00
Mark Shannon
1519e1b1f9 Python: Make sanity check context sensitive. 2019-02-21 14:23:24 +00:00
Mark Shannon
c1b8f500c7 Python: Make sure packages have locations, so they can be displayed, even if those locations are meaningless. 2019-02-21 12:53:59 +00:00
Taus
ed3a8f0bee Merge pull request #799 from markshannon/python-api-tidy-up 
Python API tidy up, part 1
 2019-02-21 13:25:17 +01:00
Taus
caf0bfe858 Merge pull request #951 from markshannon/python-string-tests 
Python: Add a test for handling of corner-case strings.
 2019-02-20 12:46:42 +01:00
Mark Shannon
adadd4942b Python: Remove BuiltinFunctionObject module as it is clearer and more concise to use ModuleObject::builtin(). 2019-02-20 11:23:48 +00:00
Mark Shannon
98be27a73e Python: Add 'attr' predicate as a synomnym for 'getAttribute' to help readability. 2019-02-20 11:08:44 +00:00