hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

1252 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
260763a748 Python: Update consistency test results 2020-09-04 16:35:49 +02:00
Taus Brock-Nannestad
df1448cfb2 Merge branch 'main' into python-remove-spurious-global-flow 2020-09-04 16:28:03 +02:00
Taus
5ffc959e32 Merge pull request #4211 from RasmusWL/python-strange-essaflow 
Python: Add example of strange DataFlow::jumpStep
 2020-09-04 15:47:22 +02:00
Rasmus Wriedt Larsen
720e8c432e Python: Update comment for validTest expectations 2020-09-04 15:08:57 +02:00
Rasmus Wriedt Larsen
cf57afd102 Python: Add example of strange DataFlow::jumpStep 
The example code is just copied from command injection tests, that is not too
important. The important part is that `jumpStep` says there is flow from the
import of `os` to `app.route()` :O
 2020-09-04 14:39:16 +02:00
Taus
59c7907ee4 Merge pull request #4207 from RasmusWL/python-typetracker-small-fixes 
Python: Small fixes for TypeTracker
 2020-09-04 14:30:10 +02:00
Taus Brock-Nannestad
98266ad5da Python: Remove implicit uses from essaFlowStep 2020-09-04 14:22:43 +02:00
Rasmus Wriedt Larsen
6aae75799e Python: Fix import in type tracking test 
Fixes 7855576a6
 2020-09-04 13:36:25 +02:00
yoff
7a00fbc654 Merge pull request #4154 from RasmusWL/python-more-complete-dataflow-tests 
Python more complete dataflow tests
 2020-09-04 11:35:24 +02:00
Rasmus Wriedt Larsen
29bf98ad26 Python: Fix CUSTOM_SOURCE dataflow regression test 2020-09-03 15:03:53 +02:00
Rasmus Wriedt Larsen
febbe1229a Merge branch 'main' into python-more-complete-dataflow-tests 2020-09-03 14:58:20 +02:00
Rasmus Lerchedahl Petersen
aad51af4ce Python: use concrete iterable source 2020-09-03 11:25:41 +02:00
Rasmus Wriedt Larsen
b958c3b833 Python: Update comment for test8 2020-09-03 11:13:32 +02:00
Rasmus Wriedt Larsen
bf34b07605 Python: Add a few taint tests for default sanitizer 
specifically the ones removes from dataflow tests in https://github.com/yoff/codeql/pull/1
 2020-09-02 16:56:05 +02:00
Rasmus Wriedt Larsen
8aab0c8be7 Python: Fix .qlref for experimental security tests 2020-09-02 15:35:50 +02:00
Rasmus Wriedt Larsen
bf3a266f58 Python: dataflow regression tests: remove taint tracking tests 
they will be reintroduced in an other PR
 2020-09-02 13:51:00 +02:00
Rasmus Wriedt Larsen
552637a446 Python: dataflow regression tests: fix flow_in_iteration 2020-09-02 13:50:24 +02:00
Rasmus Wriedt Larsen
4977790617 Python: dataflow regression tests: fix source2 2020-09-02 13:49:56 +02:00
Rasmus Wriedt Larsen
34c5da563e Python: Move files in experiemntal dirs to be consistent 
Except for dataflow (where we have a lot of changes, and I don't want to
introduce lots of merge conflicts right now).
 2020-09-02 13:39:01 +02:00
Calum Grant
29b3759655 Merge pull request #3961 from tausbn/python-add-typetracker 
Python: Add type tracker and step summary implementation.
 2020-09-02 09:42:14 +01:00
Rasmus Wriedt Larsen
ab06c459f4 Python: Make validTest error on empty output again 
I accidentially disabled that when introducing the ability to handle more than
one OK.
 2020-09-01 14:42:11 +02:00
Rasmus Wriedt Larsen
c5e3333d10 Python: Update expected tests after last commit 
I'm pushing too fast it seems
 2020-09-01 12:01:34 +02:00
Rasmus Wriedt Larsen
e0cfe8123e Python: Update comments for new taint tests 
I see I didn't keep them up to date as I implemented things
 2020-09-01 11:58:26 +02:00
Rasmus Wriedt Larsen
e5a361c230 Python: Better taint tests for copy.deepcopy 2020-09-01 11:50:33 +02:00
Taus Brock-Nannestad
3547c70d35 Python: Add tests with redefinition of fields/variables 2020-08-31 17:17:37 +02:00
Rasmus Wriedt Larsen
4e73abc254 Merge branch 'main' into python-more-additional-taint-steps 2020-08-31 14:34:42 +02:00
Rasmus Lerchedahl Petersen
5f3eda0a22 Python: Annotate test file 
Also add test of custom flow
 2020-08-31 09:06:13 +02:00
Taus Brock-Nannestad
7108d28395 Python: Remove failing non-inline test 
It is subsumed by `tracked.ql` anyway.
 2020-08-28 21:21:29 +02:00
Taus Brock-Nannestad
5d853e840a Merge branch 'main' into python-add-typetracker 2020-08-28 19:59:58 +02:00
Taus Brock-Nannestad
8b78b6b1dc Python: Add inline tests 
Nodes to which we track type tracking flow from the source (any
identifier named `tracked`) are indicated with a `$tracked` tag, and
`$tracked=attr_name` if the attribute is for the specified attribute
of the given node.

For nodes that do have flow from `tracked`, I indicate this in one of
two ways:

- If it's expected due to the design of type tracking, I omit the
  `$tracked tag.
- If it's flow that _ought_ to be there, I indicate it as a false
  negative: `$f-:tracked`

Currently, only an instance of global flow is in the latter category.
 2020-08-28 19:55:52 +02:00
Rasmus Lerchedahl Petersen
6b8d9f2a77 Merge branch 'main' of github.com:github/codeql into SharedDataflow_PostUpdateNodes 2020-08-28 13:01:14 +02:00
Rasmus Lerchedahl Petersen
9503c5d8bb Python: Add post-update nodes 2020-08-28 12:59:11 +02:00
Rasmus Wriedt Larsen
2d2b036b8c Python: Fix expected output for moved taint tests 2020-08-28 11:25:46 +02:00
Rasmus Wriedt Larsen
7213da195c Python: Use standard naming scheme for taint flow tests 
We got into problems since using `string.py` would shadow the string module from
the standard library. By some reason I adopted a pattern of `_` as suffix, but
let us just use the standard pattern of `test_` prefix like a normal testing
framework like pytest does.
 2020-08-28 11:22:42 +02:00
Rasmus Wriedt Larsen
621e3f6c3c Python: Add dataflow test of deep call graph 2020-08-28 11:17:23 +02:00
Rasmus Wriedt Larsen
45ab723423 Python: Add dataflow test for a,b = b,a 
Also enables a single test to output more than one OK
 2020-08-28 11:12:25 +02:00
Taus
1206ff5889 Merge pull request #4150 from RasmusWL/python-dataflow-private-import 
Python: Make import of python private in shared dataflow
 2020-08-27 18:05:55 +02:00
Rasmus Wriedt Larsen
f12d29de07 Python: Add taint test of more colleciton methods 2020-08-27 17:36:10 +02:00
Taus Brock-Nannestad
7112aa2e9a Merge branch 'main' into python-add-typetracker 2020-08-27 17:05:26 +02:00
Rasmus Wriedt Larsen
654c4f39ac Python: Add missing module.py to consistency/regression tests 2020-08-27 16:32:26 +02:00
Rasmus Wriedt Larsen
f1e11f1efd Python: updated expected output from new shared dataflow tests 
I did not verify whether these changes are OK or not, simply ran and accepted
the tests.
 2020-08-27 16:17:12 +02:00
Rasmus Wriedt Larsen
b11b5784b2 Python: Adtop more complete tests from old dataflow impl 
The ones in test/experimental/dataflow/[consistency,regression]/test.py was a
copy from test/library-tests/taint/dataflow/test.py.

However, test/library-tests/taint/dataflow/test.py only contains a subset of
test/library-tests/taint/config/test.py, that only contains a subset of
test/library-tests/taint/general/test.py

This commit updates the experimental dataflow tests to be a copy of the
test/library-tests/taint/general/test.py file.

There seems to have been a few changes to the file after it being copied, in
`test_truth` and `test_early_exit`. I have no reproduced those changes.
 2020-08-27 16:08:51 +02:00
Taus Brock-Nannestad
797e290a67 Python+CPP: Change values to value 2020-08-27 14:12:40 +02:00
Taus Brock-Nannestad
dccbcc15b3 Python: Sync InlineExpectationsTest.qll between Python and C++ 
Also changes `valuesasas` to `values` in the test example.
 2020-08-27 13:37:26 +02:00
Rasmus Wriedt Larsen
9da6da6106 Python: Fix imports in shraed dataflow tests 2020-08-27 13:29:41 +02:00
Taus
e7322d114f Merge pull request #4077 from yoff/MagicMethods 
Python: Add support for magic methods
 2020-08-27 13:20:56 +02:00
Taus
d3175a7899 Merge pull request #4110 from yoff/SharedDataflow_ParsimoniousFlowNodes 
Python: Shared dataflow, parsimonious flow nodes
 2020-08-27 13:19:23 +02:00
CodeQL CI
30ac2f9c84 Merge pull request #4143 from tausbn/python-add-inline-test-expectations-library 
Approved by RasmusWL
 2020-08-27 12:18:41 +01:00
Rasmus Wriedt Larsen
627363d6ea Python: Test taint step for string augmented assignment 
Apprently it just works 😕 :magic:
 2020-08-27 11:37:56 +02:00
Rasmus Wriedt Larsen
569e54e7bb Python: Remove symlink from experimental test 2020-08-27 11:19:55 +02:00