hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,208 Commits 1,673 Branches 157 Tags
0e059cea56c52dea88f1fc91d6e24f0053e2796d
Commit Graph

2635 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Lerchedahl Petersen
e786be06ae Python: Fix broken references 2021-01-21 12:40:35 +01:00
Rasmus Lerchedahl Petersen
419449fb8a Python: default value for argN 2021-01-20 20:33:04 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
yoff
3fc085ff38 Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-20 16:11:40 +01:00
yoff
d0663e5c3a Merge pull request #4971 from RasmusWL/avoid-double-route-setup-django 
Python: Avoid duplicated route-setup in django
 2021-01-20 16:10:33 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Lerchedahl Petersen
23d3343bfb Merge branch 'main' of github.com:github/codeql into python-dataflow-modernize-tests 2021-01-19 18:24:52 +01:00
Rasmus Lerchedahl Petersen
8e126603b3 Python: Remember that old style tests still needs 
updated expectations.
 2021-01-19 18:21:27 +01:00
Rasmus Lerchedahl Petersen
ae38bbe03b Python: Fearlessly adding another test 
in the middle of the file.
 2021-01-19 18:19:11 +01:00
Rasmus Lerchedahl Petersen
69913c053e Python: relative line numbers in 
MISSING-annotations
 2021-01-19 18:10:22 +01:00
Rasmus Lerchedahl Petersen
77da4b0106 Python: Remove absolute line numbers 
- Use relative line numbers in flow test
- Elide line numbers in routing test (new concept)
 2021-01-19 17:05:42 +01:00
Rasmus Wriedt Larsen
830f8bfef6 Python: Add change-note for Flask class based view handlers 
For https://github.com/github/codeql/pull/4944
 2021-01-19 15:09:04 +01:00
Rasmus Lerchedahl Petersen
42fa3bdb81 Python: Only consider the closest SOURCE 
(in use-use flow) a source
 2021-01-19 09:13:17 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
f9a29cb886 Python: Add change-note for tornado source modeling 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Wriedt Larsen
2ba7ed4940 Python: Add note about future work for getARequestHandler 2021-01-12 13:32:43 +01:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Taus
75cfec863f Merge pull request #4828 from yoff/yoff-python-add-source-nodes 
Python: add source nodes
 2021-01-05 15:07:51 +01:00
Rasmus Lerchedahl Petersen
8ceb33d3f7 Python: Also restrict StepSumary::step 2021-01-04 16:42:11 +01:00
Rasmus Wriedt Larsen
3094aedf14 Python: Fix regression in ConceptTests 
I accidentially deleted that line :D
 2020-12-22 14:42:53 +01:00
Rasmus Wriedt Larsen
dc0d940331 Python: Ensure all concept tests ignore irrelevant results 
Since this was causing a CI error.

also changed things a bit so we do it in a consistent way :)
 2020-12-22 11:32:42 +01:00
Rasmus Wriedt Larsen
bc4a0bcbeb Python: Split request handler / route setup concept tests 
Not doing so earlier was just a mistake.
 2020-12-22 11:31:20 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Rasmus Lerchedahl Petersen
e6e1cc2398 Python: Remember to accept failing tests 2020-12-18 13:38:14 +01:00
Rasmus Lerchedahl Petersen
712765c185 Python: Use ImportExp instead of SSA nodes 
This also reverts the previous commit.
It should be squashed with that one, but for now we keep the history,
so we can track the performance tests.
 2020-12-18 13:30:24 +01:00
Rasmus Lerchedahl Petersen
0629d3e6e7 Python: Enclosing callable for synthetic arguments 2020-12-18 10:45:24 +01:00