hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,024 Commits 1,673 Branches 157 Tags
2a98a7e615f646c73f0450143ff5c4410e83d345
Commit Graph

7830 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
2a98a7e615 Python: Delete old copy of DataFlowImplConsistency.qll 
We forgot to delete that file in https://github.com/github/codeql/pull/8457
 2023-12-14 18:18:25 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
fossilet
1cc2f073c4 Fix typo in qll. 2023-12-14 16:05:14 +08:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
yoff
a39eb5efc9 Merge pull request #15051 from yoff/python/slightly-improve-tarslip 
Python: slightly improve tarslip logic
 2023-12-12 14:43:43 +01:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Rasmus Wriedt Larsen
419130be21 Merge pull request #15030 from yoff/python/remove-module-entry-definitions 
Python: Remove control flow nodes for module entry definitions from the dataflow graph.
 2023-12-11 11:40:17 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Rasmus Lerchedahl Petersen
d9c0c8c26d Python: Update comment. 2023-12-08 17:32:23 +01:00
Rasmus Lerchedahl Petersen
2539e2ec1a Python: slightly improve tarslip logic 2023-12-08 17:18:25 +01:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
Rasmus Lerchedahl Petersen
263c0aade7 Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-06 23:00:51 +01:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Rasmus Lerchedahl Petersen
8c5ca3f564 Python: remove control flow nodes 
for module entry definitions from the dataflow graph.
 2023-12-06 21:47:03 +01:00
Rasmus Lerchedahl Petersen
9e1c818db6 Python: address review comments 2023-12-04 17:49:26 +01:00
yoff
f5c176bd12 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-04 17:41:00 +01:00
Rasmus Wriedt Larsen
c952f6a648 Python: Update rest of tests to new dataflow lib 
I had missed these originally, since I had just fixed the ones that were
highlighted in the actions logs, thinking they had covered everything :(
 2023-12-04 14:49:40 +01:00
Rasmus Lerchedahl Petersen
e091ae84ab Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph 2023-12-04 14:05:40 +01:00
Rasmus Wriedt Larsen
2fed0adde7 Merge pull request #8457 from RasmusWL/add-dataflow-consistency-query 
Python: Add dataflow consistency query
 2023-12-04 12:50:46 +01:00
Rasmus Wriedt Larsen
4dd3ea3798 Python: Update tests to new dataflow lib 
Avoids some deprecation warnings :)
 2023-12-04 12:36:57 +01:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Taus
4ef1fe49e3 Merge pull request #14918 from github/tausbn/python-support-tarslip-extraction-filters 
Python: Add support for extraction filters
 2023-11-30 22:55:09 +01:00
Taus
6e279183d9 Python: Remove unused unsafeFilter predicates 2023-11-28 13:54:17 +00:00
Taus
91643ad08f Python: Update hasUnsafeFilter to use API graph 
This will probably break the tests in the short run. I'll fix the remaining issues in a follow-up commit.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2023-11-28 14:48:26 +01:00
Rasmus Wriedt Larsen
2c10160ad4 Python: Highlight we actually want post-update nodes for *args and **kwargs arguments 2023-11-28 14:07:03 +01:00
Rasmus Wriedt Larsen
02f2031239 Python: Ensure other call for super().foo 2023-11-28 14:04:51 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Taus
ad1a86879e Python: Add change note 2023-11-27 14:39:32 +00:00
Taus
95e9284d08 Python: Add support for extraction filters 
Adds support for extraction filters as defined in
https://peps.python.org/pep-0706/
and implemented in Python 3.12.

By my reading, setting the filter to `'data'` or `'tar'` is probably
safe, whereas `'fully_trusted'` or the default (which is the same as
`None`) is not.

For now, I have just added this modelling to the tarslip query. We could
also share it with the modelling of `shutil.unpack_archive` (which has also
gained a `filter` argument), but it was unclear to me where we should put
this modelling in that case. Perhaps the best solution would be to merge
the experimental `py/tarslip-extended` query into the existing query (in
which case the current location is perhaps not too bad).
 2023-11-27 14:11:17 +00:00
Rasmus Wriedt Larsen
4e0cca9a41 Merge pull request #14353 from GeekMasher/py-restframework 
Python: support `*args` and `**kwargs` in request handlers
 2023-11-23 14:04:36 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
3d46129bbf Python: Remove intermediary steps from taint-test 
These were leftovers from old way of propagating taint
 2023-11-23 10:40:25 +01:00
Rasmus Wriedt Larsen
4a98ed903e Python: Fix consistency for bound-methods used in list-comp 2023-11-22 14:07:40 +01:00
Rasmus Wriedt Larsen
67b1414177 Python: Highlight even more cases for multipleArgumentCallExclude 2023-11-22 11:25:23 +01:00
Rasmus Wriedt Larsen
30891ca4aa Merge pull request #14861 from yoff/python/demonstrate-def-use-explosion 
Python: test demonstrating the need for phi nodes
 2023-11-22 09:57:10 +01:00
yoff
4785048076 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-22 09:29:07 +01:00
Rasmus Lerchedahl Petersen
d288c4a709 Python: rename folder 2023-11-21 16:48:41 +01:00
yoff
4f7fde7b87 Merge pull request #14858 from yoff/python/demonstrate-use-use-explosion 
Python: Test demonstrating the need for phi-read-nodes
 2023-11-21 16:44:11 +01:00
Rasmus Wriedt Larsen
63fcaca82f Python: add change-note 2023-11-21 16:02:41 +01:00
Rasmus Wriedt Larsen
a0867b4f66 Python: More HTTP request handler *args/**kwargs modeling 
I looked through all `override Parameter getARoutedParameter() {` in our
codebase, and we now modeling *args/**kwargs for all of them 👍
 2023-11-21 16:02:40 +01:00
Rasmus Wriedt Larsen
f9d7becd04 Python: Make multipleArgumentCallExclude more specific 2023-11-21 15:57:12 +01:00
Rasmus Lerchedahl Petersen
c552bc5eb1 Python: fix test output 2023-11-21 15:48:22 +01:00
Rasmus Lerchedahl Petersen
077e51c6c6 Python: fix test output 2023-11-21 15:47:18 +01:00
Rasmus Lerchedahl Petersen
4857960f72 Python: test demonstrating the need for phi nodes 
or a dataflow node playing that role, at least.
 2023-11-21 15:40:05 +01:00
Rasmus Lerchedahl Petersen
f138fc0d2d Python: Test demonstrating need for phi-read-nodes 
Or for a data flow node filling that role, at least.
 2023-11-21 13:54:02 +01:00
Rasmus Wriedt Larsen
37d03ee0f3 Python: Accept .expected changes 
Note that in this case, since there is a known `django.urls.path`
route-setup, we know that the request-handler will only be passed
keyword arguments, so it is not a mistake that `*args` is not considered
a routed-parameter here (although it certainly wouldn't have hurt us if
we did consider it a routed-parameter either).
 2023-11-21 13:46:55 +01:00
Rasmus Wriedt Larsen
1bc8a6de61 Python: Fixup mistaken modelling 2023-11-21 13:46:23 +01:00
Rasmus Wriedt Larsen
36a846ee32 Python: Fix django regex path handling 2023-11-21 13:08:45 +01:00
Rasmus Wriedt Larsen
c51c15ae74 Python: Add test of routed parameters to *args 
Also move the **kwargs and *args test to a more appropriate file
 2023-11-21 13:01:01 +01:00