hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

4560 Commits

Author SHA1 Message Date
Mark Shannon
31a95ceeec Python points-to: Use strongly typed version of CfgOrigin. 2019-04-26 16:21:46 +01:00
Mark Shannon
162bf5143b Python points-to: Assorted improvements to performance and better compatibility. 2019-04-26 16:21:46 +01:00
Mark Shannon
ef0a6b6713 Python points-to: Rationalize handling of expressions and conditions. Tweak API to be a bit more backward-compatible. 2019-04-26 16:21:46 +01:00
Mark Shannon
54c27e1d4b Python points-to: Various minor performance tweaks. 2019-04-26 16:21:46 +01:00
Mark Shannon
23ca403728 Python points-to: Understand callable and hasattr. 2019-04-26 16:21:46 +01:00
Mark Shannon
8af6cb6644 Python points-to: Use objects, not booleans when doing evaluation of tests. 2019-04-26 16:21:46 +01:00
Mark Shannon
610a35c187 Python points-to: Improve backwards compatibility for comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
f7edbcc6d9 Python points-to: Clean up interface, and deprecate old interface. 2019-04-26 16:21:45 +01:00
Mark Shannon
d3762ac5a1 Rename 'points_to' to 'pointsTo'. 2019-04-26 16:21:45 +01:00
Mark Shannon
931100c772 Python points-to: Add float objects for better backwards compatibility. 2019-04-26 16:21:45 +01:00
Mark Shannon
e9f58ba3a7 Python: refactor ConstantObjects. 2019-04-26 16:21:45 +01:00
Mark Shannon
0b0a6337f3 Python points-to: Support descriptor protocols, particularly functions. 2019-04-26 16:21:45 +01:00
Mark Shannon
dbf228d005 Python points-to: Better handling of *args, **kwargs and procedures. 2019-04-26 16:21:45 +01:00
Mark Shannon
f5c32421f4 Python points-to: Handle list, dict and float literals as instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
48297e299e Python points-to: Improve handling of 'type' object. 2019-04-26 16:21:45 +01:00
Mark Shannon
85a9016c8c Python points-to: make 'self' instances distinct from other instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
12853ccf30 Python points-to: Add support for tuples. 2019-04-26 16:21:45 +01:00
Mark Shannon
dd83149cc3 Python points-to: Port old API classes to use new points-to. 2019-04-26 16:21:45 +01:00
Mark Shannon
aa30745492 Python points-to: Further types and flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
e3ed8c6abf Python points-to: Simplify handling of booleans and comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
84c9866c50 Python points-to: Add generic instances and handle returns for builtin functions. Move attribute lookup handling to objects. 2019-04-26 16:21:45 +01:00
Mark Shannon
ce9d0f1a06 Python points-to: Add support for some more ESSA definitions. 2019-04-26 16:21:45 +01:00
Mark Shannon
ec151e9b02 Python points-to: Convert two pairs of predicates to methods on booleans. 2019-04-26 16:21:45 +01:00
Mark Shannon
39b9723054 Python: Add support for bound-methods. 2019-04-26 16:21:45 +01:00
Mark Shannon
bf692f4aad Python: Add better class support, including inheritance. 2019-04-26 16:21:45 +01:00
Mark Shannon
5a46df2132 Python: Add ADTs for ints and strings. Add some global data-flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
051683fadf Python: Break-up internal object modules. 2019-04-26 16:21:45 +01:00
Mark Shannon
c48d63f2ec Python: First draft of ADT based objects and attendant points-to. 2019-04-26 16:21:45 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Mark Shannon
d6ba729dce Python: Fix semantic merge conflict between #1206 and #1240. 2019-04-12 12:32:41 +01:00
Taus
707b73c3d0 Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests 
Python: Remove callsite refinement ESSA definition in tests
 2019-04-12 12:05:40 +02:00
Taus
607b5fb077 Merge pull request #1206 from markshannon/python-taint-flow-classless 
Python taint-tracking: Better flow for "generic" taint.
 2019-04-12 11:54:52 +02:00
Mark Shannon
ca6e03f597 Python: Remove callsite refinement ESSA definition when call in a test defining a pi-node. 2019-04-11 16:08:29 +01:00
Mark Shannon
97a9954e72 Merge pull request #1222 from taus-semmle/python-unify-old-and-new-query-suites 
Python: Make old query suites point to new query suites.
 2019-04-09 14:04:21 +01:00
Taus
adf8cdcde5 Merge pull request #1203 from markshannon/python-taint-tracking-configuration-2 
Python: Use taint tracking configuration for queries.
 2019-04-09 10:01:35 +02:00
Taus Brock-Nannestad
98e9edc27c Delete unnecessary files. 2019-04-08 18:27:30 +02:00
Taus Brock-Nannestad
e227078953 Add note about backwards compatibility. 2019-04-08 17:55:48 +02:00
Mark Shannon
52b3f77f4f Fix typo. 2019-04-08 15:47:49 +01:00
Taus Brock-Nannestad
2e6291270b Python: Make old query suites point to new. 2019-04-08 14:02:34 +02:00
Mark Shannon
df2000ea8e Python: Fix up dataflow configuration to act as expected. Keep undocumented for now. 2019-04-05 09:05:13 +01:00
Mark Shannon
2ba122373a Merge pull request #1128 from taus-semmle/python-paramiko-unsafe-host-key-validation 
Python: Add query for insecure SSH host key policies in Paramiko.
 2019-04-04 16:57:13 +01:00
Mark Shannon
c2e814a11a Fix CWE tag for Code injection query. 2019-04-04 15:09:12 +01:00
Mark Shannon
3bcd445a32 Python change 'SimpleHttpResponseTaintSink' to 'HttpResponseTaintSink'. 2019-04-04 14:45:37 +01:00
Mark Shannon
e2a3d91a7d Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test. 2019-04-04 14:29:34 +01:00
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00