hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

4539 Commits

Author SHA1 Message Date
yoff
48910d0597 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-15 14:02:27 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
f9a29cb886 Python: Add change-note for tornado source modeling 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Lerchedahl Petersen
dfdfd3c2b7 Python: FIx flow 2021-01-14 01:19:58 +01:00
Rasmus Lerchedahl Petersen
6dc0d691ac Python: Final(?!) fix of annotations 2021-01-14 01:06:10 +01:00
Rasmus Lerchedahl Petersen
e3199fbbe2 Python: Fix inconsostencies to fix flow 
(and fix annotations again)
 2021-01-14 00:09:18 +01:00
Rasmus Lerchedahl Petersen
36a4a5081e Python: big refactor and fix tests 
Make sure tests are valid
Fix wrong test annotations
Big refactor to make code readable
Big comment to explain code
 2021-01-13 18:33:08 +01:00
Rasmus Lerchedahl Petersen
b2d95e617d Python: Test interaction between nesting, 
iteration, and conversion
 2021-01-13 09:02:56 +01:00
Rasmus Lerchedahl Petersen
b10cf78e17 Python: start handling iterated unpacking 2021-01-13 08:40:47 +01:00
Rasmus Lerchedahl Petersen
4ee2f49f38 Python: model conversion during unpacking 2021-01-12 22:19:31 +01:00
Rasmus Lerchedahl Petersen
d8d8b45c6a Python: add test annotations 2021-01-12 22:03:49 +01:00
Rasmus Wriedt Larsen
2ba7ed4940 Python: Add note about future work for getARequestHandler 2021-01-12 13:32:43 +01:00
Rasmus Lerchedahl Petersen
a1ab5cc2b8 Python: start support for nested unpacking 2021-01-12 13:09:12 +01:00
Rasmus Lerchedahl Petersen
9c08467828 Python: add tests for conversion during unpacking 2021-01-12 12:46:51 +01:00
Rasmus Lerchedahl Petersen
4d9f5be2bc Python: Add more unpacking tests 2021-01-12 12:30:03 +01:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Taus
75cfec863f Merge pull request #4828 from yoff/yoff-python-add-source-nodes 
Python: add source nodes
 2021-01-05 15:07:51 +01:00
Rasmus Lerchedahl Petersen
8ceb33d3f7 Python: Also restrict StepSumary::step 2021-01-04 16:42:11 +01:00
Rasmus Wriedt Larsen
3094aedf14 Python: Fix regression in ConceptTests 
I accidentially deleted that line :D
 2020-12-22 14:42:53 +01:00
Rasmus Wriedt Larsen
dc0d940331 Python: Ensure all concept tests ignore irrelevant results 
Since this was causing a CI error.

also changed things a bit so we do it in a consistent way :)
 2020-12-22 11:32:42 +01:00
Rasmus Wriedt Larsen
bc4a0bcbeb Python: Split request handler / route setup concept tests 
Not doing so earlier was just a mistake.
 2020-12-22 11:31:20 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Rasmus Lerchedahl Petersen
e6e1cc2398 Python: Remember to accept failing tests 2020-12-18 13:38:14 +01:00
Rasmus Lerchedahl Petersen
712765c185 Python: Use ImportExp instead of SSA nodes 
This also reverts the previous commit.
It should be squashed with that one, but for now we keep the history,
so we can track the performance tests.
 2020-12-18 13:30:24 +01:00
Rasmus Lerchedahl Petersen
0629d3e6e7 Python: Enclosing callable for synthetic arguments 2020-12-18 10:45:24 +01:00
Rasmus Lerchedahl Petersen
a16d58dfc0 Python: Add tests cases with synthetic arguments 2020-12-18 10:41:42 +01:00
yoff
39acc9a40b Merge pull request #4735 from RasmusWL/python-untrusted-flow 
Python: Untrusted data used in external APIs
 2020-12-18 00:15:08 +01:00
yoff
9dd6439e3c Merge pull request #4749 from RasmusWL/command-injection-tests 
Python: Add some command injection tests
 2020-12-17 23:36:06 +01:00