hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

2409 Commits

Author SHA1 Message Date
yoff
104ff5d217 Merge pull request #4596 from RasmusWL/python-import-customizations 
Python: Import Customizations into python
 2020-11-03 11:49:51 +01:00
Rasmus Wriedt Larsen
cac336d053 Python: Import Customizations into python 
Using the pattern from JS and Java to make this the _first_ import in `<lang>.qll`
 2020-11-03 10:23:05 +01:00
Jonas Jensen
5680b2df13 Merge remote-tracking branch 'upstream/main' into better-syntax-for-false-positives-and-negatives-inline-expectation 
Required fixing up semantic conflicts in tests.

Conflicts:
	python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py
 2020-11-03 09:47:26 +01:00
Taus Brock-Nannestad
5dadb0f476 Python: Fix imports in tests 2020-11-02 23:02:29 +01:00
Taus Brock-Nannestad
8752b1af1e Python: Fix up remaining data-flow library copies 2020-11-02 23:02:04 +01:00
Taus Brock-Nannestad
b7773849d7 Python: Fix up some comments 2020-11-02 22:57:40 +01:00
Taus Brock-Nannestad
d8c554ed4f Python: Add redirects to old data-flow libraries 2020-11-02 22:20:16 +01:00
Taus Brock-Nannestad
a5121babc8 Python: The one with changes that don't look like renames anymore 2020-11-02 22:19:15 +01:00
Taus Brock-Nannestad
fb6a02e060 Python: More import fixups 2020-11-02 22:17:42 +01:00
Taus Brock-Nannestad
5156bf756d Python: Promote data-flow libraries 
Step 1: Moving stuff around. Also includes a bit of import renaming.
 2020-11-02 22:15:38 +01:00
Taus
25e88ed585 Merge pull request #4588 from yoff/python-pep-249 
Python: Model PEP 249
 2020-11-02 18:57:15 +01:00
yoff
1535ce1f5d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 18:26:37 +01:00
Rasmus Lerchedahl Petersen
ea74c7f12b Python: add tests 2020-11-02 17:59:51 +01:00
Rasmus Lerchedahl Petersen
cb47b57440 Python: fix typos 2020-11-02 17:22:01 +01:00
yoff
222a2f7f5d Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:19:21 +01:00
yoff
ca34219ec5 Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:19:10 +01:00
yoff
1c83d67513 Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:18:18 +01:00
Rasmus Lerchedahl Petersen
6a81987284 Python: Rename and add docs 2020-11-02 17:17:12 +01:00
Taus
2dfffdbab8 Merge pull request #4590 from RasmusWL/python-model-base64 
Python: Model encoding/decoding with base64 module
 2020-11-02 17:00:21 +01:00
Rasmus Lerchedahl Petersen
6d850b2e0c Merge branch 'main' of github.com:github/codeql into python-pep-249 2020-11-02 16:58:31 +01:00
yoff
ac85a77ac5 Update python/ql/src/experimental/semmle/python/Frameworks.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-02 16:40:22 +01:00
Calum Grant
cb527cae73 Merge pull request #4583 from tausbn/python-test-2 
Python: Promote experimental queries
 2020-11-02 14:42:27 +00:00
Rasmus Wriedt Larsen
247fd4f5f3 Python: Make encoding/decoding preserve taint automatically 
With the way we have set things up, there is no way to opt out of this behavior.
 2020-11-02 14:53:30 +01:00
Rasmus Lerchedahl Petersen
36e364d6ef Python: Django use PEP 249 2020-11-02 14:49:34 +01:00
Rasmus Wriedt Larsen
66f5d0d9d5 Python: Model encoding/decoding with base64 module 2020-11-02 14:44:53 +01:00
Rasmus Wriedt Larsen
eff244db71 Python: Add Encoding concept 
I wasn't able to find a good opposite of "parsing", so left that out of the list
of intended purposes.
 2020-11-02 14:19:20 +01:00
Taus Brock-Nannestad
8147ad4e0b Python: Remove irrelevant files 2020-11-02 14:08:59 +01:00
Taus Brock-Nannestad
f84ab2fa99 Python: Remove old data-flow tests 2020-11-02 14:07:04 +01:00
Taus Brock-Nannestad
9d6c07c8df Python: Add copy of old queries 2020-11-02 13:35:20 +01:00
Taus Brock-Nannestad
b620b9b7c6 Python: Fixup CWE-022 tests 
This was a bit of a mess, since there was crosstalk between the
TarSlip and PathInjection queries. (Also one of these needs the
`options` file to be in one way, and the other not). To fix this, I
split these out into separate directories.
 2020-11-02 11:46:28 +01:00
Taus Brock-Nannestad
af7626a6b3 Python: Fixup CWE-079 tests 2020-11-02 11:46:02 +01:00
Taus Brock-Nannestad
57b51090ef Python: Fixup CWE-094 tests 2020-11-02 11:45:44 +01:00
Taus Brock-Nannestad
ebb593466d Python: Fixup CWE-089 tests 2020-11-02 11:45:14 +01:00
Taus Brock-Nannestad
7a395bf7c8 Python: Fixup CWE-078 tests. 2020-11-02 11:44:42 +01:00
Taus Brock-Nannestad
52dc905037 Python: Fixup CWE-502 tests. 2020-11-02 11:44:00 +01:00
Rasmus Lerchedahl Petersen
d35bf8f446 Python: Update comments on PEP 249 module 2020-11-02 11:22:51 +01:00
Rasmus Lerchedahl Petersen
0240670d62 Python: import frameworks 2020-11-01 18:02:36 +01:00
Rasmus Lerchedahl Petersen
babcf7acd9 Python: add two implementations of PEP249 2020-11-01 16:01:05 +01:00
Mathias Vorreiter Pedersen
6d0783a3bd Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space. 2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen
870ed0039b Python: Allow single quote strings and accept test changes. 2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen
0bc4d52d66 Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit. 2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen
ed9ad8b5e3 Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation 2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen
ae3227fc33 Python: initial sketch 2020-10-31 00:10:49 +01:00
Rasmus Lerchedahl Petersen
63cbc01c32 Python: Use subclass pattern for Models 2020-10-30 22:29:38 +01:00
Taus Brock-Nannestad
f903e4ffbe Python: Promote experimental queries 
DO NOT MERGE

Also adds performance fix to `python.qll`.
 2020-10-30 19:40:56 +01:00
Rasmus Lerchedahl Petersen
80360450de Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen
ef9999a4a1 Python: fix test annotation 2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen
37ad59a92a Python: subclas of known subclasses 2020-10-30 17:37:54 +01:00
yoff
a3cc9b6982 Update python/ql/src/experimental/semmle/python/frameworks/Flask.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-30 17:29:35 +01:00
Mathias Vorreiter Pedersen
45b24a9bc8 Python: Update inline-expectation tests 2020-10-30 16:53:33 +01:00