hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,940 Commits 1,680 Branches 158 Tags
21a0f8af074e04053df70747fed13fa78241ab37
Commit Graph

109 Commits

Author SHA1 Message Date
Joe Farebrother
ab23d0ad23 Merge branch 'main' into python-promote-header-injection 2024-05-08 13:49:00 +01:00
Joe Farebrother
8fb2faa89b Add additional info to concept tests 2024-04-24 14:05:41 +01:00
Joe Farebrother
2b935e575a Add concept tests + fix typo 2024-04-24 14:05:41 +01:00
Rasmus Wriedt Larsen
bb00d6919a Python: Move dataflow TestUtil to importable location 2024-04-23 09:40:59 +02:00
Rasmus Lerchedahl Petersen
0b6d47b8bc Python: update to new API 
update is in a comment, so compilation
never failed in CI.
 2023-12-14 11:56:05 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Lerchedahl Petersen
0b45b63bd2 Python: Update debug query to changed API 
The change is commented out by default
which is why no compilation tests failed
when the API changed.
 2023-11-01 11:39:51 +01:00
Rasmus Wriedt Larsen
991d5cc54b Python: Fix test of HttpResponse.getBody() 2023-07-13 13:57:08 +02:00
Jeroen Ketema
abe06e5b95 Python: Update remaining inline expectation tests to use the paramterized module 2023-07-03 10:22:35 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
yoff
4849f43d16 Merge branch 'main' into python/update-taint-debug 2023-05-09 21:35:56 +02:00
Rasmus Lerchedahl Petersen
30d3c3e8cd python: fix warnings 
- rename `Conf` -> `Config`
- comment out unused code
- rearrange code so it is easy to see how to swap comments
- autoformat
 2023-05-09 15:01:31 +02:00
Kasper Svendsen
d9f29a85d6 Python: Enable implicit this warnings 2023-05-04 10:16:52 +02:00
Rasmus Lerchedahl Petersen
e65ff68547 python: update debug queries 2023-05-01 14:58:42 +02:00
Anders Schack-Mulligen
5469a82efb Go,Java,Python: Fix some tests. 2023-02-28 14:31:00 +01:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Asger F
a522562f93 Merge pull request #9369 from asgerf/python/api-graph-api 
Python: API graph renaming and documentation
 2022-06-28 14:48:12 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Asger F
181a53bd03 Python: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:06 +02:00
Asger F
60fde3c031 Python: Rename getARhs -> asSink 2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen
a7c268f804 Python: adjust test. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
f473a0a961 Python: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Alex Ford
da135448a2 python: update tests for CryptographicOperation#getBlockMode 2022-05-13 16:32:36 +01:00
Erik Krogh Kristensen
31e9876de7 Merge branch 'main' into pyMaD 2022-05-12 14:43:16 +02:00
Rasmus Lerchedahl Petersen
aa3d7babf4 python: fix bad merge 
caused by an optimistic attempt at solving a
merge conflict in the online GUI.
 2022-05-10 11:37:41 +02:00
yoff
6c3e2db7fd Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00
Erik Krogh Kristensen
fc1ab06c1c autoformat 2022-05-09 12:39:38 +02:00
Rasmus Wriedt Larsen
de05b108fa Python: Fix singleton set 2022-05-09 11:01:13 +02:00
Rasmus Wriedt Larsen
dfe99b0b51 Python: Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-05 14:14:44 +02:00
Rasmus Wriedt Larsen
0a589bed4e Python: Add inline test of MaD sinks 
This enables us to keep the framework modeling tests under `/frameworks`
folder

I had hoped to use `mad-sink[<kind>]` syntax, but that was not allowed
:(

Maybe it oculd be allowed in the future, but for now I'll stick with the
more ugly solution of `mad-sink__<kind>`
 2022-05-05 13:11:43 +02:00
Erik Krogh Kristensen
571fc3e73b Revert "deprecate SqlConstruction" 
This reverts commit c0eca0d09a.
 2022-05-04 10:59:02 +02:00
Erik Krogh Kristensen
c0eca0d09a deprecate SqlConstruction 2022-05-02 12:58:21 +02:00
Rasmus Wriedt Larsen
1f285b8983 Python: Rename to XmlParsingVulnerabilityKind 
To keep up with style guide
 2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen
ab59d5c786 Python: Rename to XmlParsing 
To follow our style guide
 2022-04-05 11:06:22 +02:00
Rasmus Wriedt Larsen
673220b231 Python: Minor cleanup of XmlParsingTest 2022-03-31 18:18:35 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
35ccba2ec1 Python: Promote XMLParsing concept test 2022-03-31 09:52:55 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Rasmus Lerchedahl Petersen
1e9840d779 python: broaden local protection concept 2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen
6c2449564a python: add concept tests 2022-03-23 12:05:09 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts 
to prepare for XXE and other XML related modelling
 2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
Rasmus Wriedt Larsen
5ee755db09 Python: Require MISSING: flow annotations for normal data-flow tests 
I had to rewrite the SINK1-SINK7 definitions, since this new requirement
complained that we had to add this `MISSING: flow` annotation :D

Doing this implementation also revealed that there was a bug, since I
did not compare files when checking for these `MISSING:` annotations. So
fixed that up in the implementation for inline taint tests as well.

(extra whitespace in argumentPassing.py to avoid changing line numbers
for other tests)
 2022-02-01 17:46:53 +01:00
Rasmus Lerchedahl Petersen
36e18d5d80 python: dataflow for match 
- also update `validTest.py`, but commented out for now
  otherwise CI will fail until we force it to run with Python 3.10
- added debug utility for dataflow (`dataflowTestPaths.ql`)
 2022-01-19 14:29:58 +01:00
Rasmus Wriedt Larsen
f8fc583af3 Python: client request: getUrl => getAUrlPart 
I think `getUrl` is a bit too misleading, since from the name, I would
only ever expect ONE result for one request being made.

`getAUrlPart` captures that there could be multiple results, and that
they might not constitute a whole URl.

Which is the same naming I used when I tried to model this a long time ago
a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
 2021-12-15 21:55:04 +01:00