hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,867 Commits 1,673 Branches 157 Tags
14938f3872f0cdfa85bd6ac5e49938392f3cfeff
Commit Graph

2075 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
4d9d2155fc Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen
b0e79890e6 Python: Use new importNode 2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Taus
83937bacae Merge pull request #4448 from RasmusWL/python-simplify-import-modeling 
Python: simplify import modeling
 2020-10-13 18:08:07 +02:00
Rasmus Wriedt Larsen
2c5996f694 Python: Refactor subprocess_attr type-tracker 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 17:21:21 +02:00
Rasmus Wriedt Larsen
76c9b8c49f Python: Expose importNode instead of importModule/importMember 
Since predicate name `import` is not allowed, I adopted `importNode` as it sort
of matches what `exprNode` does.

---

Due to only using `importMember` in `os_attr` we previously didn't handle
`import os.path as alias` :|

I did creat a hotfix for this (https://github.com/github/codeql/pull/4446), but
in doing so I realized the core of the problem: We're exposing ourselves to
making these kinds of mistakes by having BOTH importModule and importMember, and
we don't really gain anything from doing this!

We do loose the ability to easily only modeling `from mod import val` and not
`import mod.val`, but I don't think that will ever be relevant.

This change will also make us to recognize some invalid code, for example in

    import os.system as runtime_error

we would now model that `runtime_error` is a reference to the `os.system`
function (although the actual import would result in a runtime error).

Overall these are tradeoffs I'm willing to make, as it does makes things simpler
from a QL modeling point of view, and THAT sounds nice 👍
 2020-10-13 15:03:22 +02:00
Rasmus Wriedt Larsen
4bfd55f1af Python: Show problem with os.path modeling 
This is not a very good test for showing that we don't handle direct imports,
but it was the best I had available without inventing something new. It's very
fragile, since any of these would propagate taint (due to handling all `join`
calls as if the qualifier was a string):

    ospath_alias.join(ts)
    ospath_alias.join(ts, "foo", "bar")

But this test DOES serve the purpose of illustrating that my fix works :D
 2020-10-13 14:50:00 +02:00
Taus Brock-Nannestad
1829126230 Python: Get rid of DataFlowCfgNode 
Should make modelling data flow nodes that are also specific
subclasses of `ControlFlowNode` a bit smoother.
 2020-10-13 13:04:59 +02:00
Rasmus Wriedt Larsen
662235bad8 Python: Use classRef instead of class_ 
Discussed offline with Taus
 2020-10-13 11:56:37 +02:00
CodeQL CI
d3f8fb5e53 Merge pull request #4423 from tausbn/python-add-attribute-access-interface 
Approved by RasmusWL
 2020-10-13 02:56:21 -07:00
Taus Brock-Nannestad
3288cf1a75 Python: Hopefully final changes to documentation. 2020-10-12 16:38:21 +02:00
Taus Brock-Nannestad
b07c7abacc Python: Clear up attribute name access QLDoc 2020-10-12 13:49:08 +02:00
Anders Schack-Mulligen
091e3a2931 Dataflow: Adjust test output. 2020-10-09 16:25:14 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Taus
60eec7b136 Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-08 18:14:20 +02:00
Taus Brock-Nannestad
d46453caaa Python: Support named imports as attribute reads 
Required a small change in `DataFlow::importModule` to get the desired
behaviour (cf. the type trackers defined in `moduleattr.ql`, but this
should be harmless. The node that is added doesn't have any flow
anywhere.
 2020-10-08 18:08:55 +02:00
Taus Brock-Nannestad
df447c0af9 Python: Remove flow from getAttributeName 2020-10-08 15:01:24 +02:00
Taus Brock-Nannestad
ceb249680e Python: Reuse existing node fields 
Also changes `x = TCfgNode(y)` to `x.asCfgNode() = y` where applicable.
 2020-10-08 15:00:14 +02:00
Taus Brock-Nannestad
31596ef569 Python: Clean up and extend built-in call node classes 2020-10-08 14:57:39 +02:00
Taus Brock-Nannestad
e9ecc00b37 Python: Implement and use mayHaveAttributeName 2020-10-08 14:53:54 +02:00
Rasmus Wriedt Larsen
c09695af7d Python: Properly handle invoke.task decorator 2020-10-07 12:29:19 +02:00
Rasmus Wriedt Larsen
67c5c590d2 Python: Expose getParameter on ParameterNode 2020-10-07 12:28:35 +02:00
Rasmus Wriedt Larsen
6d7f4a048b Python: Attempt to model invoke.task decorator 2020-10-07 12:26:49 +02:00
Rasmus Wriedt Larsen
c9219b3744 Clean module imports 2020-10-07 12:21:30 +02:00
Rasmus Wriedt Larsen
ebff1794fc Python: Model invoke.context.Context 2020-10-07 12:16:53 +02:00
Rasmus Wriedt Larsen
4ef5202382 Python: Add simple model for invoke.run and invoke.sudo 
and I sorted the list in Frameworks.qll, that kinda makes sense :)
 2020-10-07 12:13:59 +02:00
Rasmus Wriedt Larsen
300a8cdf7d Python: Add tests for the 'invoke' package 2020-10-07 11:55:26 +02:00
Taus Brock-Nannestad
b905a3d5e3 Python: Attribute access API 2020-10-06 16:36:29 +02:00
CodeQL CI
5bc7e19c44 Merge pull request #4414 from yoff/SharedDataflow_Conditionals 
Approved by RasmusWL
 2020-10-06 05:46:24 -07:00
Rasmus Lerchedahl Petersen
f9c5b864bb Python: Fix test of parenthesized form 2020-10-06 13:12:12 +02:00
Rasmus Lerchedahl Petersen
0f077f5d7d Python: Add flow inside IfExprNodes 2020-10-06 10:54:23 +02:00
Rasmus Lerchedahl Petersen
8f13d586b7 Python: More tests of conditonals 
Also use better formatter
(better because comments are close to what they comment)
 2020-10-06 10:49:15 +02:00
Rasmus Wriedt Larsen
fbe115c046 Python: Show TypeTracking doesn't work for module members 2020-10-06 03:12:39 +02:00
Arthur Baars
78c58c2415 Merge pull request #4384 from tausbn/python-fix-package-locations 
Python: Fix `hasLocationInfo` for packages
 2020-10-02 20:48:43 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Taus
fce76e2799 Merge pull request #4354 from RasmusWL/python-command-execution-modeling 
Python: Better command execution modeling
 2020-10-02 16:14:34 +02:00
Taus
2e4a61428d Merge pull request #4346 from RasmusWL/python-add-implicit-init-test 
Python: add test for implicit __init__.py files
 2020-10-02 16:13:25 +02:00
Rasmus Wriedt Larsen
e5b9ac8d9c Python: Use getCommand as tag in ConceptsTest 2020-10-02 14:12:41 +02:00
Rasmus Wriedt Larsen
eb67986916 Python: Exlucde only command injection sinks in os and subprocess 2020-10-02 14:11:07 +02:00
Rasmus Wriedt Larsen
68eacef23c Python: Refactor OsExecCall and friends for better readability 2020-10-02 13:38:54 +02:00
Rasmus Wriedt Larsen
de07d9e5d9 Python: Highlight that os.popen is not only problem for extra alerts 2020-10-02 13:34:33 +02:00
Taus Brock-Nannestad
b5d05f99c9 Python: Fix test output 2020-10-02 12:04:43 +02:00
Taus Brock-Nannestad
75f4051cb5 Python: Fix hasLocationInfo for packages 2020-10-01 17:21:53 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Rasmus Wriedt Larsen
3247b300ae Python: Fix problem with missing use-use flow 2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen
9b3509f0ba Python: Highlight problem with missing use-use flow 2020-10-01 12:51:44 +02:00
Rasmus Wriedt Larsen
428c2a3fda Merge branch 'main' into python-command-execution-modeling 2020-09-30 17:38:59 +02:00
Rasmus Wriedt Larsen
c4a2e1d6d1 Python: Rewrite attribute lookup helpers for better performance 
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
 2020-09-30 17:31:20 +02:00