Rasmus Wriedt Larsen
4df7dfbff6
Python: Don't import module as module_attr
...
For `from <pkg> import <attr>` we would use to treat the `<pkg>`
(ImportExpr) as a definition of the name `<attr>`.
Since this removes bad import-flow, and nothing broke, I'm guessing this
was never intentional.
2023-02-22 14:52:35 +01:00
Rasmus Wriedt Larsen
6ba39d5fb3
Python: Add import regression for re-exported things
2023-02-22 14:50:42 +01:00
Rasmus Wriedt Larsen
6a5eebe891
Python: Add test of module_export
2023-02-22 12:26:01 +01:00
Rasmus Wriedt Larsen
4a66e48dc5
Python: Allow import resolution with recursive phi/refine steps
2023-02-21 17:46:39 +01:00
Rasmus Wriedt Larsen
e522009666
Python: More complex import examples
...
We need some recursive unwinding to get all of these right
2023-02-21 17:46:28 +01:00
Rasmus Wriedt Larsen
00eec6986c
Python: Allow import of refined variable
...
However, as illustrated by the `CWE-327-InsecureProtocol` test, this fix
is NOT good enough, since now even the `secure_context` is considered to
be insecure (for both versions). Ouch.
Will fix this in a later commit, since it was only discoverd late on.
2023-02-21 17:45:58 +01:00
Rasmus Wriedt Larsen
fb425b73fc
Python: Add import test of py/insecure-protocol
2023-02-21 17:43:04 +01:00
Tom Hvitved
879eff41ea
Merge branch 'main' into util/inline-expect-test-use-end-line
2023-02-20 10:03:38 +01:00
Rasmus Wriedt Larsen
efc75e02cc
Merge pull request #12168 from RasmusWL/crypto-stdlib-modeling
...
Python: Add modeling of `hmac`
2023-02-20 09:26:53 +01:00
Rasmus Wriedt Larsen
27e2307d0c
Python: Add import regression for refined variable
2023-02-17 16:34:34 +01:00
Tom Hvitved
59efcd593a
Python: Update test expectations
2023-02-17 15:20:21 +01:00
Rasmus Wriedt Larsen
39e7bba563
Merge pull request #12203 from RasmusWL/import-resolution-phi
...
Python: Handle if-then-else definitions in import resolution
2023-02-17 10:10:42 +01:00
yoff
2f8dddabb6
Merge pull request #11570 from Sim4n6/UnsafeUnpack
...
Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests
2023-02-17 09:48:05 +01:00
amammad
54582031d8
v1
2023-02-16 17:14:32 +01:00
Rasmus Wriedt Larsen
9ed021ad66
Python: Accept change to WeakFilePermissions.expected
...
💪
2023-02-16 13:27:16 +01:00
Rasmus Wriedt Larsen
766e6c400e
Python: Handle if-then-else definitions in import resolution
2023-02-16 11:18:30 +01:00
Rasmus Wriedt Larsen
80f5342a6d
Python: Add import regression for if-then-else definitions
2023-02-16 11:12:08 +01:00
Rasmus Wriedt Larsen
c4fbfb0d07
Merge branch 'main' into call-graph-code
2023-02-15 20:15:04 +01:00
Rasmus Wriedt Larsen
66c3529465
Python: Fix import * from __init__.py files
2023-02-15 14:10:37 +01:00
Rasmus Wriedt Larsen
df6039d6cf
Python: Add import resolution regression
2023-02-15 13:50:27 +01:00
Rasmus Wriedt Larsen
e1ae3c3cfb
Python: sys.exit if import resolution tests fail
2023-02-15 13:44:45 +01:00
erik-krogh
759854991a
fix various nits based on feedback
2023-02-15 11:10:43 +01:00
Rasmus Wriedt Larsen
9e2eb56032
Python: Remove support for late *args arguments
...
I found this to cause bad performance, so the implementation of this has
to be thought out more carefully.
2023-02-15 09:42:11 +01:00
Rasmus Wriedt Larsen
1c7fe97427
Python: Add modeling of hmac
2023-02-13 15:39:43 +01:00
Rasmus Wriedt Larsen
df22181963
Python: Add tests of hmac
2023-02-13 15:38:14 +01:00
Sim4n6
d7af80136e
Fail tests when missing annotation on sink orfail
2023-02-12 21:27:20 +01:00
Sim4n6
518684b736
Put back the annotation result=BAD
2023-02-12 21:26:12 +01:00
Sim4n6
80d4fb5e33
Organisation TarSlip/UnsafeUnpack into two folders
2023-02-12 10:51:53 +01:00
Sim4n6
b04d5684fb
add a blank line at the end of the file
2023-02-09 15:23:58 +01:00
Rasmus Wriedt Larsen
23144f584a
Merge branch 'main' into call-graph-code
2023-02-08 16:17:34 +01:00
Taus
080ce09bd7
Python: Update six test expectations
2023-02-07 16:21:15 +00:00
Taus
8dea993f41
Python: Update failing test
...
Seems the name for the codec changed between Python 2 and 3. :)
2023-02-07 16:21:15 +00:00
erik-krogh
cf094c2f4f
adjust which folders are seen as exported to remove an FP
2023-02-03 14:47:55 +01:00
erik-krogh
848b24cfe4
adjust concept tests after changing subprocess model
2023-02-03 14:47:55 +01:00
erik-krogh
ef44cb86c2
remove FPs related to parameters that are meant to be commands
2023-02-03 14:47:55 +01:00
erik-krogh
e9ebba3350
assume shell=False for subprocess calls, fixes FPs in e.g. youtube-dl
2023-02-03 14:47:55 +01:00
erik-krogh
d228cf0e7b
use more API-nodes to model subprocess.run (and friends)
2023-02-03 14:47:55 +01:00
erik-krogh
bce83bfc4e
add failing test for indirectly setting the shell=true flag for subprocess.run
2023-02-03 14:47:55 +01:00
erik-krogh
0a2c7d062c
add Fabric test, and add tracking of the shell flag in Fabric
2023-02-03 14:47:55 +01:00
erik-krogh
6bbc4f4a48
add more tests
2023-02-03 14:47:55 +01:00
erik-krogh
33c506d7fe
add minimal test for Array join as a sink, and learn that the order is flipped compared to JS. Thanks Copilot!
2023-02-03 14:47:55 +01:00
erik-krogh
5bddfc0d79
add test for f-strings as sink
2023-02-03 14:47:55 +01:00
erik-krogh
47a06d2824
add library inputs as a source, and get minimal test to work
2023-02-03 14:47:55 +01:00
erik-krogh
6e712b293a
add tracking of strings to compile-sites for poly-redos, in the style of Ruby
2023-02-02 22:56:20 +01:00
Sim4n6
a0150849cb
Updated the expected test file
2023-02-02 21:42:47 +01:00
Sim4n6
1a8c9abee2
Incorporate Sink & Source as steps from TarSlipQry
2023-02-02 21:09:40 +01:00
erik-krogh
52959d7c0a
add failing test for not tracking strings to re.compile
2023-02-02 19:10:32 +01:00
Rasmus Wriedt Larsen
db114bb104
Merge branch 'main' into call-graph-code
2023-02-02 11:56:55 +01:00
Erik Krogh Kristensen
01f6862965
Merge pull request #11833 from erik-krogh/trackPyReg
...
PY: track string-constants to regular expression uses
2023-02-01 11:40:42 +01:00
Rasmus Wriedt Larsen
cef933f813
Python: Add comment explaining SINK3_F(kwargs["c"]) test
...
Co-authored-by: yoff <yoff@github.com >
2023-01-27 15:48:59 +01:00
