Commit Graph

15 Commits

Author SHA1 Message Date
Taus
c439fc5d45 Python: Replace type tracking with global data-flow
This takes care of most of the false negatives from the preceding
commit.

Additionally, we add models for some known wrappers of `socket.socket`
from the `gevent` and `eventlet` packages.
2026-03-26 15:35:33 +00:00
yoff
ebe29dd143 python: model urllib.ParseResult 2025-11-26 13:36:05 +01:00
yoff
a878bc61e1 python: add model for urllib.urlparse 2025-11-26 13:32:54 +01:00
Arthur Baars
08af7d0007 Merge pull request #17810 from github/post-release-prep/codeql-cli-2.19.2
Post-release preparation for codeql-cli-2.19.2
2024-10-18 18:28:07 +02:00
Rasmus Lerchedahl Petersen
30053da70d Python: extra modelling of stdlib
as a reaction to the latest QA run
2024-10-18 13:49:33 +02:00
Taus
eaef783f4b Python: Add partial model for copy.replace
Extends our modelling to partially cover the behaviour of
`copy.replace`. In particular, we model this in two ways:

Firstly, we extend the existing Models-as-Data row for `copy` and
`deepcopy` to also cover `replace`. This means that we treat the result
of `replace` as containing all of the fields of the original object.
This is somewhat _more_ than we want, as strictly speaking the fields
that are overwritten should _not_ propagate flow through the `replace`
call, but currently we don't have a good way of modelling this blocking
of flow.

Secondly, we add a flow summary that adds flow from named arguments of
the `replace` call to the corresponding fields on the base object. This
ensures that we at least have the new flow arising from the `replace`
call.

Note that the flow summary adds this flow for _all_ named arguments of
_all_ `replace` calls throughout the codebase. However, since any
particular `replace` call will only populate a subset of these (the
subset consisting of exactly those named arguments that are in that
particular call), this does not cause any unwanted crosstalk between
different `replace` calls.§
2024-10-15 12:14:19 +00:00
Rasmus Lerchedahl Petersen
768d866e72 python: model urllib.parse.parse_qs 2024-10-03 12:20:40 +02:00
yoff
56d0affe38 Update python/ql/lib/semmle/python/frameworks/Stdlib.model.yml
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2024-10-03 10:18:25 +02:00
Rasmus Lerchedahl Petersen
cef8744a37 Python: consolidate models in one file 2024-10-01 12:56:21 +02:00
Rasmus Wriedt Larsen
333367c07d Python: Add threat-modeling of raw_input 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get()
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00