codeql

mirror of https://github.com/github/codeql.git synced 2026-06-18 11:21:07 +02:00

Author	SHA1	Message	Date
Taus	03ae7831ad	Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module Python: fix alerts for py/import-deprecated-module	2020-02-17 11:46:12 +01:00
Taus	df3ac49c28	Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking Python: Handle iterable unpacking in taint tracking	2020-02-17 11:44:25 +01:00
Rasmus Wriedt Larsen	1558cf2eae	Python: Fix typo (decent => descent)	2020-02-13 13:35:29 +01:00
Taus	12113e947f	Merge pull request #2603 from RasmusWL/python-fix-http-source-sink Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink	2020-02-12 13:42:22 +01:00
Rasmus Wriedt Larsen	d5c6092920	Python: Fix typo (trakcing => tracking)	2020-02-06 11:50:44 +01:00
Rasmus Wriedt Larsen	de63eb1450	Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut Python: Remove manual TC from `ssaShortCut`.	2020-02-04 14:04:25 +01:00
Rasmus Wriedt Larsen	cc73352bf6	Merge pull request #2549 from tausbn/python-fix-several-bad-join-orders Python: Fix several bad join orders.	2020-02-03 13:54:36 +01:00
Rasmus Wriedt Larsen	72fddaf5ed	Merge pull request #2733 from tausbn/python-add-stringvalue Python: Extend `Value` API.	2020-01-31 13:12:14 +01:00
Taus Brock-Nannestad	ba2bbf1788	Python: Extend `Value` API. Adds - `StringValue` as a new class, - `Value::booleanValue` which returns the boolean interpretation of the given value, and - `ClassValue::str` which returns the value of the `str` class, depending on the Python version.	2020-01-31 12:33:02 +01:00
Taus	b89273402d	Merge pull request #2701 from RasmusWL/python-modernise-metrics Python: modernise import related queries	2020-01-30 14:37:39 +01:00
Anders Schack-Mulligen	743b612d0d	Javascript/Python: Sync XML.qll	2020-01-29 13:31:25 +01:00
Rasmus Wriedt Larsen	6c7cddf258	Python: py/import-deprecated-module handle backwards compatible code	2020-01-28 16:36:47 +01:00
Rasmus Wriedt Larsen	46f4b74134	Python: Fix tornado lib: a redirect is not a http response	2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen	ee382bb2ea	Python: Fix typo (reques => request)	2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen	9b2ca0c9c7	Python: Update web libraries to use HttpSources and HttpSinks	2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen	2cdbae08b6	Python: Don't make duplicate sink for Tornado handler `self.write(...)` would be treated as both TornadoConnectionWrite and TornadoHttpRequestHandlerWrite	2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen	effa4548ab	Python: Add toString to TurboGears HttpResponseTaintSinks Naming these were a bit hard, but better than generic "Taint Sink"	2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen	b36a6aa5b5	Python: Remove unused variable from exists expression	2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen	d67577e66c	Python: Modernise import related queries Except for Metrics/Dependencies/ExternalDependenciesSourceLinks.ql, since it is rather tricky :D	2020-01-27 16:01:25 +01:00
Rasmus Wriedt Larsen	081d66eaa3	Python: Recognize taint for extended iterable unpacking	2020-01-27 15:28:53 +01:00
Rasmus Wriedt Larsen	781024d679	Python: Recognize taint for iterable unpacking	2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen	fa48fb04f5	Python: Recognize nested tuple/list assignment Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but more of a warmup excersize for me	2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen	9502756874	Python: Autoformat dataflow files	2020-01-27 13:07:01 +01:00
Rasmus Wriedt Larsen	1ce77ff600	Merge pull request #2507 from tausbn/python-fix-infinite-tuple-tostring Python: Fix divergence in tuple `toString`.	2020-01-27 11:14:44 +01:00
Taus Brock-Nannestad	3cebffe820	Python: Fix divergence in tuple `toString`. Our definition of `toString` for the internal tuple objects we create during the points-to analysis may have been a _tad_ too ambitious. In particular, it can easily lead to non-termination, e.g. using the following piece of code: ```python x = () while True: x = (x, x) ``` This commit cuts off the infinite recursion by replacing _nested_ tuples with the string "...". In particular this means even non-recursive tuples will be cut off at that point, so that the following tuples ```python (1, "2") ((3, 4), [5, 6]) (1, 2, 3, 4, 5) ``` Get the following string representations. ``` "(int 1, '2', )" "(..., List, )" "(int 1, int 2, int 3, 2 more...)" ```	2020-01-24 17:08:56 +01:00
Taus	d06e86f54d	Merge pull request #2662 from RasmusWL/python-taint-on-eq-test Python: Only clear taint on constant comparison in if	2020-01-23 13:41:40 +01:00
Taus	ef7eafa849	Merge pull request #2644 from RasmusWL/python-add-deprecated-keyword Python: Add deprecated keyword to deprecated functions	2020-01-23 13:41:15 +01:00
Taus Brock-Nannestad	0924a973de	Python: Modernise remaining web libraries.	2020-01-22 15:27:29 +01:00
Rasmus Wriedt Larsen	96d5703f2c	Python: Remove use of deprecated methods	2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen	e6425bb4cf	Python: Add deprecated keyword to deprecated functions	2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen	bbe93f43d3	Python: Only comparison with constant will clear taint tainted = SOURCE if tainted == tainted: SINK(tainted) # unsafe before, in the body of the if statement, `tainted` was not tainted	2020-01-21 15:25:57 +01:00
Taus	cfb84be7b1	Merge pull request #2540 from RasmusWL/python-modernise-variables-queries Python: modernise variables queries	2020-01-10 14:45:12 +01:00
Taus Brock-Nannestad	851d692996	Python: Remove manual TC from `ssaShortCut`. This caused a massive slowdown on certain snapshots.	2020-01-06 13:40:52 +01:00
Rasmus Wriedt Larsen	92e272cc03	Python: Address comments for modernising Variables/	2019-12-20 15:58:51 +01:00
Rasmus Wriedt Larsen	994ad197c4	Python: Add Module::builtinModule()	2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen	15bc4cd090	Python: Add override helpers to Value classes	2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen	aba3ac7b66	Python: Modernise py/uninitialized-local-variable	2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen	5faa7e7127	Python: Add ModuleValue::hasCompleteExportInfo	2019-12-20 15:05:49 +01:00
Rasmus Wriedt Larsen	81e27aab8d	Python: Modernise py/unused-loop-variable	2019-12-20 15:05:49 +01:00
Tom Hvitved	29cd6a9e30	Sync `XML.qll`	2019-12-19 10:29:30 +01:00
Rasmus Wriedt Larsen	48f873e3d9	Python: Add getAReturnedNode to PythonFunctionValue	2019-12-18 12:00:43 +01:00
Rasmus Wriedt Larsen	582ef6cec9	Python: Restructure logic in Twisted.qll	2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen	9942c3fd8b	Python: Autoformat twisted library	2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen	ac55e6aba6	Python: Modernise twisted library	2019-12-18 10:42:39 +01:00
Taus Brock-Nannestad	1d94f6d303	Python: Fix several bad join orders. Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in the most recent dist upgrade) went from ~670s to ~313s on `py/hardcoded-credentials`. There are still a few tuple counts in the 10-100 million range, but this commit takes care of all of the ones that numbered in the billions. (A single tuple count in the 100-1000 million range remains, but it appears to be less critical, taking only two seconds to calculate.)	2019-12-17 17:19:49 +01:00
Max Schaefer	a17b615ae5	C++/Python: Deprecate `XMLFile.getPath` and `XMLFile.getFolder`. Both can be expressed using predicates inherited from `File`.	2019-12-17 10:15:43 +00:00
Max Schaefer	47c1fc7358	C++/Python: Fix `XMLFile.getPath` and `XMLFile.getFolder`. Previously, the former returned the file's stem (that is, basename without extension), and the latter never held.	2019-12-17 10:15:43 +00:00
Max Schaefer	bf30f9cdd2	Python: Remove use of deprecated predicate.	2019-12-17 10:15:43 +00:00
Max Schaefer	ef453db225	Python: Adjust `XMLParent.getName` to match other languages.	2019-12-17 10:15:43 +00:00
Max Schaefer	3068a89ab2	Python: Adjust implementation of `allCharactersString` to match other languages.	2019-12-17 10:15:43 +00:00

1 2 3 4 5 ...

532 Commits