hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

3072 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e92d6c0459 Python: Stop py/import-deprecated-module from double alerting 
This changes the location from the import statement, to the actual expression
 2020-01-28 16:15:46 +01:00
Rasmus Wriedt Larsen
7949acc3ef Python: Autoformat 2020-01-28 16:15:21 +01:00
Rasmus Wriedt Larsen
46f4b74134 Python: Fix tornado lib: a redirect is not a http response 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
ee382bb2ea Python: Fix typo (reques => request) 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
2cdbae08b6 Python: Don't make duplicate sink for Tornado handler 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
effa4548ab Python: Add toString to TurboGears HttpResponseTaintSinks 
Naming these were a bit hard, but better than generic "Taint Sink"
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
b36a6aa5b5 Python: Remove unused variable from exists expression 2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen
d67577e66c Python: Modernise import related queries 
Except for Metrics/Dependencies/ExternalDependenciesSourceLinks.ql, since it is
rather tricky :D
 2020-01-27 16:01:25 +01:00
Rasmus Wriedt Larsen
647b9cdcb0 Python: Autoformat query 2020-01-27 16:01:24 +01:00
Rasmus Wriedt Larsen
081d66eaa3 Python: Recognize taint for extended iterable unpacking 2020-01-27 15:28:53 +01:00
Rasmus Wriedt Larsen
781024d679 Python: Recognize taint for iterable unpacking 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
fa48fb04f5 Python: Recognize nested tuple/list assignment 
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but
more of a warmup excersize for me
 2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen
9502756874 Python: Autoformat dataflow files 2020-01-27 13:07:01 +01:00
Rasmus Wriedt Larsen
1ce77ff600 Merge pull request #2507 from tausbn/python-fix-infinite-tuple-tostring 
Python: Fix divergence in tuple `toString`.
 2020-01-27 11:14:44 +01:00
Taus Brock-Nannestad
3cebffe820 Python: Fix divergence in tuple toString. 
Our definition of `toString` for the internal tuple objects we create during the
points-to analysis may have been a _tad_ too ambitious. In particular, it can
easily lead to non-termination, e.g. using the following piece of code:

```python
x = ()
while True:
    x = (x, x)
```

This commit cuts off the infinite recursion by replacing _nested_ tuples with
the string "...". In particular this means even non-recursive tuples will be cut
off at that point, so that the following tuples

```python
(1, "2")
((3, 4), [5, 6])
(1, 2, 3, 4, 5)
```

Get the following string representations.

```
"(int 1, '2', )"
"(..., List, )"
"(int 1, int 2, int 3, 2 more...)"
```
 2020-01-24 17:08:56 +01:00
Taus
0627fadbff Merge pull request #2669 from RasmusWL/python-modernise-resources 
Python: modernise Resources/ queries
 2020-01-23 13:43:33 +01:00
Taus
618a35bb7c Merge pull request #2664 from RasmusWL/python-fix-redirect-example 
Python: Remove unused variable in example for py/url-redirection
 2020-01-23 13:42:00 +01:00
Taus
d06e86f54d Merge pull request #2662 from RasmusWL/python-taint-on-eq-test 
Python: Only clear taint on constant comparison in if
 2020-01-23 13:41:40 +01:00
Taus
ef7eafa849 Merge pull request #2644 from RasmusWL/python-add-deprecated-keyword 
Python: Add deprecated keyword to deprecated functions
 2020-01-23 13:41:15 +01:00
Taus Brock-Nannestad
0924a973de Python: Modernise remaining web libraries. 2020-01-22 15:27:29 +01:00
Rasmus Wriedt Larsen
7d9f1f08ee Python: Autoformat 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
12bb05522a Python: Make py/weak-cryptographic-algorithm a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
c5091f1ce7 Python: Make py/hardcoded-credentials a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
96d5703f2c Python: Remove use of deprecated methods 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
e6425bb4cf Python: Add deprecated keyword to deprecated functions 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
aeaaab6437 Python: Modernise Resources/ queries 2020-01-22 11:20:31 +01:00
Rasmus Wriedt Larsen
47b932d6ce Python: Autoformat Resources/ queries 2020-01-22 11:20:28 +01:00
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Taus
cfb84be7b1 Merge pull request #2540 from RasmusWL/python-modernise-variables-queries 
Python: modernise variables queries
 2020-01-10 14:45:12 +01:00
Taus Brock-Nannestad
851d692996 Python: Remove manual TC from ssaShortCut. 
This caused a massive slowdown on certain snapshots.
 2020-01-06 13:40:52 +01:00
Rasmus Wriedt Larsen
5d01cb7c28 Python: Fix bad QL-rewriting 
Original code:

exists(Expr e, For forloop | forloop = loop and e.pointsTo(_, _, capturing) |
    not loop.contains(e)
)

The new version will preserve the same semantics. The problem with the first
rewrite was that `not loop.(For).somethingMore` would hold for any AstNode that
was not a For
 2020-01-06 13:30:37 +01:00
Rasmus Wriedt Larsen
92e272cc03 Python: Address comments for modernising Variables/ 2019-12-20 15:58:51 +01:00
Rasmus Wriedt Larsen
b8a9a353b8 Python: Autoformat Variables/* 2019-12-20 15:08:20 +01:00
Rasmus Wriedt Larsen
25ab0ed20f Python: Modernise Variables/MonkeyPatched.qll 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
994ad197c4 Python: Add Module::builtinModule() 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
58bb16e5dd Python: Modernise Variables/Undefined.qll 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
34f9135492 Python: Modernise py/unused-parameter 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
15bc4cd090 Python: Add override helpers to Value classes 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
aba3ac7b66 Python: Modernise py/uninitialized-local-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
697a006ef2 Python: Modernise py/undefined-global-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
5faa7e7127 Python: Add ModuleValue::hasCompleteExportInfo 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
3ffea599f1 Python: Rewrite casts for py/undefined-global-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
81e27aab8d Python: Modernise py/unused-loop-variable 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
8f7ba0a06d Python: Modernise py/local-shadows-global 2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen
9f4088413a Python: Modernise py/local-shadows-builtin 
+ moved `scope instanceof Function` so it makes more sense :)
 2019-12-20 15:05:49 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Rasmus Wriedt Larsen
48f873e3d9 Python: Add getAReturnedNode to PythonFunctionValue 2019-12-18 12:00:43 +01:00
Rasmus Wriedt Larsen
582ef6cec9 Python: Restructure logic in Twisted.qll 2019-12-18 10:42:39 +01:00