hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

966 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Rasmus Lerchedahl Petersen
e6e1cc2398 Python: Remember to accept failing tests 2020-12-18 13:38:14 +01:00
Rasmus Lerchedahl Petersen
0629d3e6e7 Python: Enclosing callable for synthetic arguments 2020-12-18 10:45:24 +01:00
Rasmus Lerchedahl Petersen
a16d58dfc0 Python: Add tests cases with synthetic arguments 2020-12-18 10:41:42 +01:00
yoff
9dd6439e3c Merge pull request #4749 from RasmusWL/command-injection-tests 
Python: Add some command injection tests
 2020-12-17 23:36:06 +01:00
Rasmus Wriedt Larsen
272feedb69 Merge branch 'main' into stdlib-http-source-modeling 2020-12-15 11:59:23 +01:00
CodeQL CI
0420ac7aac Merge pull request #4820 from RasmusWL/add-pymysql-modeling 
Approved by yoff
 2020-12-14 03:04:24 -08:00
Rasmus Wriedt Larsen
31d4ea77cb Python: Add modeling of PyMySQL 2020-12-14 10:56:47 +01:00
Rasmus Wriedt Larsen
e7b6400e48 Python: Add tests for PyMySQL 2020-12-14 10:55:01 +01:00
Rasmus Wriedt Larsen
8d8e92eb09 Python: Model execute on a DB connection 2020-12-14 10:33:10 +01:00
Rasmus Wriedt Larsen
36e8ef53eb Python: Model sqlite3 as SQL interface 2020-12-09 11:36:18 +01:00
Rasmus Wriedt Larsen
767a246edc Python: Add sqlite3 test 2020-12-09 11:36:17 +01:00
Rasmus Wriedt Larsen
ba1ca70858 Python: Add source modeling of stdlib HTTPRequestHandlers 2020-12-08 14:04:15 +01:00
Rasmus Wriedt Larsen
34863721f0 Python: Model cgi.FieldStorage 2020-12-08 14:03:13 +01:00
Rasmus Wriedt Larsen
43688715f5 Python: Add test of stdlib HTTP server facilities 
Just a port of the old tests, except for the fact that I learned
`cgi.FieldStorage()` _should_ be tainted when not specifying any arguments. (and
moved taint-test to own function)

Also clarified how imports of all the .*HTTPRequestHandler works in Python2
 2020-12-08 14:01:55 +01:00
Rasmus Wriedt Larsen
e5e8ec6ecc Python: Add a few test-cases for barrier guards and references 
I'm not sure references is the best name, but it's the best I could come up with
jsut now
 2020-12-07 15:27:20 +01:00
Rasmus Wriedt Larsen
c7ab78f8c2 Python: Add modeling of django class based view handlers 
BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and
Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important
question about how to do MRO without points-to :S
 2020-12-04 14:03:59 +01:00
Rasmus Wriedt Larsen
4ead118a31 Python: Add class based route handler in django tests 
Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(
 2020-12-04 13:27:01 +01:00
CodeQL CI
e266cedc84 Merge pull request #4700 from RasmusWL/python-add-code-injection-FP 
Approved by tausbn
 2020-12-02 16:29:21 +00:00
Rasmus Lerchedahl Petersen
289b9e62f9 Python: Add read step for unpacking assignment 2020-11-30 15:30:14 +01:00
Rasmus Lerchedahl Petersen
f345e55951 Python: Adjust test expectations 2020-11-30 14:21:30 +01:00
Rasmus Lerchedahl Petersen
673ff901fb Python: Test for unpacking assignment 2020-11-30 14:18:22 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Rasmus Wriedt Larsen
cc9a7fe4fe Python: Move BarrierGuards to own file 2020-11-27 12:09:57 +01:00
Rasmus Wriedt Larsen
cafe55f5c7 Merge pull request #4701 from yoff/python-fix-return-node-enclosing-callable 
Python: Use default `getEnclosingCallable` for `RetrunNode`
 2020-11-25 10:36:41 +01:00
Rasmus Lerchedahl Petersen
88643da01f Python: Use default getEnclosingCallable 
for `RetrunNode`
 2020-11-25 08:19:07 +01:00
Rasmus Lerchedahl Petersen
36d9097d03 Python: Add test for inner return 2020-11-25 07:09:27 +01:00
Rasmus Lerchedahl Petersen
34896ae0d7 Python: Fix failing test 2020-11-25 07:09:27 +01:00
Rasmus Wriedt Larsen
d88e5bdb3a Python: Model io.open as FileSystemAccess 2020-11-24 18:27:33 +01:00
Rasmus Wriedt Larsen
e39bb56078 Python: Model builtin open function better 2020-11-24 18:27:31 +01:00
Rasmus Wriedt Larsen
5af1fdd06f Python: Expand tests of open 2020-11-24 18:27:30 +01:00
yoff
215986bce5 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-24 14:12:23 +01:00
Rasmus Lerchedahl Petersen
05d156ba0f Python: add comments 2020-11-24 14:11:14 +01:00
Rasmus Lerchedahl Petersen
80dcb8da4a Python: annotate missing flow 2020-11-24 11:55:28 +01:00
Rasmus Lerchedahl Petersen
737f4dff09 Python: update test annotations 2020-11-24 10:57:57 +01:00
Rasmus Lerchedahl Petersen
da805f8242 Merge remote-tracking branch 'upstream/main' into python-dataflow-modernize-tests 2020-11-24 10:56:22 +01:00
Rasmus Lerchedahl Petersen
a19304a4a0 Python: Factor out prettyPrinter and update tests 2020-11-24 02:17:38 +01:00
Rasmus Lerchedahl Petersen
39c5e0d487 Python: update test expectations 2020-11-23 16:46:35 +01:00
Rasmus Lerchedahl Petersen
38bb06a207 Merge remote-tracking branch 'upstream/main' into python-dataflow-variable-capture 2020-11-23 16:40:20 +01:00
Rasmus Wriedt Larsen
f35ffa5632 Python: Add support for x in ["safe", "also_safe"] (and not in) 2020-11-23 10:42:24 +01:00
Rasmus Wriedt Larsen
431aab45f7 Python: Add support for x != "safe" BarrierGuard 2020-11-23 10:36:55 +01:00
Rasmus Wriedt Larsen
18041fd059 Python: Expand string-const-compare tests 
Also moved file to reflect that. Added tests of

+ `!=`
+ `in`
+ `not in`
 2020-11-23 10:36:49 +01:00
Rasmus Wriedt Larsen
08bcba98e6 Python: Add BarrierGuard test with exception inside unsafe branch 2020-11-20 11:55:07 +01:00
Rasmus Wriedt Larsen
34f78d4211 Python: Add BarrierGuard test with return inside unsafe branch 2020-11-20 11:52:36 +01:00
Rasmus Wriedt Larsen
12b36b2245 Python: Highlight that safe or also_safe doesn't clear taint :( 2020-11-20 10:43:46 +01:00
Rasmus Wriedt Larsen
1a52f17da3 Python: Add StringConstCompare BarrierGuard 2020-11-20 10:40:04 +01:00