hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

2409 Commits

Author SHA1 Message Date
Taus
e179df7c43 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-16 18:21:50 +02:00
Taus
4b423feef9 Merge pull request #4245 from RasmusWL/python-dataflow-dynamic-tuple-tests 
Python: Add dataflow tests for dynamic tuple creation
 2020-09-16 15:19:41 +02:00
Taus Brock-Nannestad
2d3e23ebb0 Python: Cleanup, docs, and an extra test case 2020-09-16 14:46:04 +02:00
Rasmus Lerchedahl Petersen
e46ae9b98d Python: Move some query predicates to debug 2020-09-15 21:45:47 +02:00
Taus Brock-Nannestad
7cdd290b90 Python: Disregard module-time reads. 2020-09-15 18:25:24 +02:00
Taus Brock-Nannestad
2e737eda1e Python: Add a few function-local import tests 2020-09-15 14:25:26 +02:00
Taus Brock-Nannestad
d5e9f36747 Python: Add "enclosing callable" for ModuleVariableNode 
I've named this `DataFlowModuleScope` since it's not really a
callable (and all of the relevant methods are empty anyway).
 2020-09-15 14:23:20 +02:00
Rasmus Lerchedahl Petersen
839cd829ce Python: Fix formatting 2020-09-14 18:48:55 +02:00
Taus Brock-Nannestad
3727c48227 Python: Record test changes 
Some of the places where flow has disappeared look a bit suspect, so I
don't consider this to be the final word on these tests.
 2020-09-14 18:12:20 +02:00
Taus Brock-Nannestad
0bb726f21c Python: Fix up merge weirdness 2020-09-14 17:57:45 +02:00
yoff
5efc06da2c Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen
4c02852358 Python: add missing * (and a rename) 2020-09-14 16:56:46 +02:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6 Python: testIsTrue -> branch 2020-09-14 15:32:03 +02:00
yoff
2a4e28db16 Apply suggestions from code review 
Will make the same renames in the changed code also..

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e Python: avoid creating big predicate 2020-09-14 15:24:46 +02:00
Taus Brock-Nannestad
e197f52b6d Merge branch 'main' into python-add-global-flow-steps 2020-09-14 15:13:07 +02:00
Taus Brock-Nannestad
0b641c5ce9 Python: Update type tracking and strange-essaflow tests 2020-09-14 15:05:16 +02:00
Taus Brock-Nannestad
5fb33c90bc Python: Add ModuleVariableNode to dataflow 2020-09-14 14:57:32 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Faten Healy
6f20516f84 Update broken_crypto.py to AES instead of Blowfish 2020-09-13 21:07:28 +10:00
Faten Healy
826fc0a630 Update BrokenCryptoAlgorithm - Blowfish to AES 2020-09-13 21:04:07 +10:00
Taus Brock-Nannestad
e0f5b208da Python: Fix broken test of global typetracker flow 
The missing `global g` annotation meant `g = x` was interpreted as a
local assignment.
 2020-09-11 18:17:25 +02:00
Rasmus Lerchedahl Petersen
0eb8b6c7b0 Python: Address review 2020-09-11 14:24:49 +02:00
Rasmus Lerchedahl Petersen
5dbb4af5b5 Python: Implement BarrierGuard 2020-09-11 11:55:51 +02:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00
Rasmus Wriedt Larsen
949b81b07c Python: Add dataflow tests for dynamic tuple creation 
Inspired by the FP-report in https://github.com/github/codeql/issues/4239
 2020-09-10 13:44:48 +02:00
Rasmus Lerchedahl Petersen
2eb8ea85fb Python: update test expectations 2020-09-10 10:59:26 +02:00
Rasmus Lerchedahl Petersen
deb1a4ceb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_UseUseFlow 2020-09-10 10:55:34 +02:00
Rasmus Lerchedahl Petersen
50cc5d58e9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-09-10 10:20:55 +02:00
Rasmus Lerchedahl Petersen
7b10a3a546 Python: fix comment and source uses 2020-09-10 08:36:00 +02:00
Taus
f4f47bd5ed Merge pull request #4236 from RasmusWL/python-experimental-taint-sanitizers 
Python: Expand on taint sanitizer tests
 2020-09-09 17:51:24 +02:00
Rasmus Wriedt Larsen
b8e057f7ad Python: isSanitizerGuard test is future work 2020-09-09 15:57:53 +02:00
Rasmus Lerchedahl Petersen
b1567827a0 Python: Repair flow out of post-update nodes 2020-09-09 15:52:07 +02:00
Rasmus Wriedt Larsen
2172fb6e65 Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers 2020-09-09 14:30:33 +02:00
Rasmus Wriedt Larsen
d90f0be2c4 Dataflow: defaultTaintBarrier => defaultTaintSanitizer 
Just keeping things a bit more consistent :)
 2020-09-09 14:11:56 +02:00
Rasmus Wriedt Larsen
ab8cc23ce7 Python: Expand on taint sanitizer tests 
Most interesting to look at the custom sanitizers. Once we have use-use flow, we
should handle this case:

```
s = TAINTED_STRING
emulated_authentication_check(s)
ensure_not_tainted(s)
```
 2020-09-09 13:57:25 +02:00
Rasmus Lerchedahl Petersen
9e59d79a72 Python: Repair flow from pre-update nodes 2020-09-09 13:51:24 +02:00
Rasmus Lerchedahl Petersen
ce7f82ddc6 Python: Add def-use jump-steps 2020-09-09 13:27:14 +02:00
Rasmus Lerchedahl Petersen
c661f43316 Python: Port use-use implementation from Java 2020-09-09 12:19:40 +02:00
CodeQL CI
22b3b0a5f1 Merge pull request #3953 from RasmusWL/python-more-call-graph-tracing 
Approved by tausbn
 2020-09-07 17:34:14 +01:00
Rasmus Wriedt Larsen
61998afc56 Python: Remove unnecessary comment 
Was introduced in 5d031d7abe when I actually fixed
the loop variable capture problem.
 2020-09-07 15:06:07 +02:00
Rasmus Wriedt Larsen
fb37330f5e Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-07 14:59:07 +02:00
yoff
2a70da4da6 Merge pull request #4210 from tausbn/python-remove-spurious-global-flow 
Python: Remove implicit uses from `essaFlowStep`
 2020-09-07 10:16:18 +02:00
yoff
ae9f58489d Merge pull request #4159 from RasmusWL/python-port-dataflow-tests 
Python: port dataflow tests
 2020-09-07 09:54:12 +02:00
Taus Brock-Nannestad
266365d0b6 Python: Update strange-essaflow test 2020-09-04 16:38:59 +02:00
Taus Brock-Nannestad
260763a748 Python: Update consistency test results 2020-09-04 16:35:49 +02:00
Taus Brock-Nannestad
df1448cfb2 Merge branch 'main' into python-remove-spurious-global-flow 2020-09-04 16:28:03 +02:00
Taus
5ffc959e32 Merge pull request #4211 from RasmusWL/python-strange-essaflow 
Python: Add example of strange DataFlow::jumpStep
 2020-09-04 15:47:22 +02:00