hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

784 Commits

Author SHA1 Message Date
Taus
1206ff5889 Merge pull request #4150 from RasmusWL/python-dataflow-private-import 
Python: Make import of python private in shared dataflow
 2020-08-27 18:05:55 +02:00
Taus Brock-Nannestad
7112aa2e9a Merge branch 'main' into python-add-typetracker 2020-08-27 17:05:26 +02:00
Taus
e7322d114f Merge pull request #4077 from yoff/MagicMethods 
Python: Add support for magic methods
 2020-08-27 13:20:56 +02:00
Rasmus Wriedt Larsen
909bff2313 Python: Make import of python private in shared dataflow 2020-08-27 11:48:56 +02:00
Rasmus Wriedt Larsen
d0081dfbfa Python: Attempt at taint step for list.append/set.add 2020-08-27 10:57:07 +02:00
Rasmus Wriedt Larsen
bd21fc5601 Python: Autoformat 2020-08-26 20:37:48 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Lerchedahl Petersen
bf6211f639 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ParsimoniousFlowNodes 2020-08-26 17:50:17 +02:00
Rasmus Lerchedahl Petersen
47e35c530d Merge branch 'main' of github.com:github/codeql into MagicMethods 2020-08-26 17:42:44 +02:00
Rasmus Lerchedahl Petersen
551ae42fb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-08-25 15:45:20 +02:00
Rasmus Lerchedahl Petersen
d67f57a0bb Python: Remove dead code 2020-08-25 15:39:37 +02:00
Taus
000fa33d54 Merge pull request #4013 from yoff/SharedDataflow_SequenceFlow 
Python: Shared dataflow: Content flow
 2020-08-25 15:38:14 +02:00
Rasmus Lerchedahl Petersen
56b78a664e Python: Store step for generators 2020-08-25 15:36:26 +02:00
Rasmus Lerchedahl Petersen
ecf3928ed1 Python: Handle comprehensions with multiple fors 2020-08-25 15:21:08 +02:00
Rasmus Wriedt Larsen
cf121cc4d0 Python: TaintTracking: stringMethods => stringManipualtion 2020-08-25 13:05:27 +02:00
Rasmus Lerchedahl Petersen
1cdb6be531 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-08-25 13:05:13 +02:00
Rasmus Wriedt Larsen
238e0845aa Python: Minor refactoring 2020-08-25 12:50:41 +02:00
Rasmus Wriedt Larsen
0439b83c60 Python: Taint when using unicode 2020-08-25 12:50:32 +02:00
Rasmus Wriedt Larsen
2a29e26687 Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-08-25 12:41:53 +02:00
Rasmus Lerchedahl Petersen
2608509fa7 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-24 17:16:33 +02:00
Rasmus Lerchedahl Petersen
e91581e9fa Python: Experiments with nested comprhensions 2020-08-24 17:15:31 +02:00
Rasmus Wriedt Larsen
d96ef73033 Python: Handle taint for f-strings 
Which we seem to not handle in the current taint tracking :O

f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
 2020-08-24 16:46:00 +02:00
Rasmus Wriedt Larsen
cb4b4e91ab Python: Taint for string multiplication 2020-08-24 14:54:06 +02:00
Rasmus Wriedt Larsen
5125c7a55c Python: Add taint tests for encode/decode functions 2020-08-24 14:54:04 +02:00
Rasmus Wriedt Larsen
31b398937a Python: Handle taint from bytes(obj) 2020-08-24 14:17:59 +02:00
Rasmus Wriedt Larsen
1e447c5ca2 Python: Handle taint for % formatting 2020-08-24 14:15:27 +02:00
Rasmus Wriedt Larsen
80745e8881 Python: Model string methods in shared taint tracking library 2020-08-24 13:58:42 +02:00
Rasmus Wriedt Larsen
a77f118b62 Python: Shared taint tracking: Handle string concat + subcript 2020-08-24 13:58:41 +02:00
Rasmus Lerchedahl Petersen
e1343c7f1e Python: Support set literals. 2020-08-21 11:15:04 +02:00
Rasmus Lerchedahl Petersen
f9b1c5e4bd Python: Fix bug pointed out by reviewer 2020-08-21 10:04:27 +02:00
yoff
bfd9c0860f Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-21 09:43:29 +02:00
yoff
8e2b2540fa Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-21 09:39:00 +02:00
Rasmus Lerchedahl Petersen
94e6fd9199 Python: Convenience methods 
asVar, asCfgNode, and asExpr
 2020-08-20 15:16:23 +02:00
Rasmus Lerchedahl Petersen
5a734730de Python: Control flow nodes are dataflow nodes 
iff they are expression nodes
We could refine this later, but it seems to work for now...
 2020-08-20 15:00:42 +02:00
Rasmus Wriedt Larsen
0baac8fd54 Python: Adjust shared taint tracking skeleton 
So it fits the setup from Java/Go, with AdditionalTaintStep class.
 2020-08-20 14:49:09 +02:00
Rasmus Lerchedahl Petersen
18e946d4aa Python: Small rearrangement 2020-08-19 17:56:02 +02:00
Rasmus Lerchedahl Petersen
bd53a711d3 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-19 11:42:41 +02:00
Rasmus Lerchedahl Petersen
176aa06fad Python: Address review comments 2020-08-19 09:21:16 +02:00
yoff
5e84754f73 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-19 08:03:47 +02:00
yoff
06bd436aea Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-08-19 08:02:53 +02:00
yoff
8fbb447f4c Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:02:29 +02:00
yoff
1c3b945e55 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:01:54 +02:00
yoff
43a5e74c65 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-19 08:01:42 +02:00
Rasmus Lerchedahl Petersen
aab603d261 Python: QL doc 2020-08-18 14:37:59 +02:00
Rasmus Lerchedahl Petersen
d0eaa13974 Python: Magic -> Special and reaarange classes 2020-08-18 14:14:38 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00