hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 13:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,875 Commits 1,673 Branches 157 Tags
38581663a4146ef322756bd2bcb9451fe9ae3e2d
Commit Graph

280 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
b1d1974a0f Merge branch 'master' into python-modernise-statements 2020-03-10 14:53:44 +01:00
Taus
e3160f966f Merge pull request #2932 from RasmusWL/python-re.compile-missing-points-to 
Python: Add example of re.compile missing points-to
 2020-03-10 11:55:23 +01:00
Taus Brock-Nannestad
48a47e1b54 Python: Fix broken test output. 2020-03-03 19:45:13 +01:00
Taus Brock-Nannestad
eecace788f Python: Fix or disable CPs introduced by #2700 and #2875. 2020-03-03 18:18:03 +01:00
Rasmus Wriedt Larsen
ee4190e0d9 Python: Add example if urlsplit(url).path: => missing points-to 
I wanted to highlight that it's not the call to `urlsplit` that is a problem, so
that's why I inserted a `check` in-between.
 2020-02-28 13:43:10 +01:00
Rasmus Wriedt Larsen
8dd19ca6cd Python: Add example of re.compile missing points-to 2020-02-28 13:41:26 +01:00
Taus
0da554c701 Merge pull request #2914 from RasmusWL/python-remove-optimize-true-directive 
Python: Remove `--optimize: true` from options files
 2020-02-27 13:16:59 +01:00
Taus
8bd3063d2b Merge pull request #2875 from RasmusWL/python-taint-urlsplit 
Python: Add taint for urlsplit
 2020-02-27 13:13:47 +01:00
Rasmus Wriedt Larsen
771dfecf6d Python: Add sanitized edges for urlsplit test 2020-02-26 14:10:30 +01:00
Rasmus Wriedt Larsen
0b31cb1716 Python: Show that we have initial taint in urlsplit test 2020-02-26 14:09:02 +01:00
Rasmus Wriedt Larsen
4330d4e289 Python: Remove unused import in test 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
b213db03fd Python: Consolidate stdlib http client tests 
Move the stdlib tests from test/{2,3}/library-tests/ into /test/library-tests/,
and deal with version by using sys.version_info (results should be the same for
both versions).

six tests were moved from /library-tests/web/client/stdlib => /library-tests/web/client/six
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
cd5399d43e Python: Model outgoing http client requests 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
Rasmus Wriedt Larsen
798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Rasmus Wriedt Larsen
fd270cc02c Python: Add basic taint support for urlsplit/urlparse 2020-02-19 16:31:10 +01:00
Rasmus Wriedt Larsen
74345b1c05 Python: Make library-tests/taint/strings tests more transparent 
Following the setup I invented for library-tests/taint/unpacking.

TestStep is still a bit annoying, since the output is not easy to eyeball; but
for now I guess we can live with it :)

I honestly didn't get the point of DistinctStringKinds.ql, other than showing we
can handle multiple taint kinds
 2020-02-19 16:24:22 +01:00
Rasmus Wriedt Larsen
0509228296 Python: Make ModelUsage test language agnostic 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
82b29b5698 Python: Recognize shebangs in module usage detection 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
01f5b3dc63 Python: Add a script that we can't classify usage of 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
3e7e9636ea Python: Add ModuleValue.{isUsedAsModule, isUsedAsScript} 
and a few test cases
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
79a4d7e9cc Python: Add some confusing (but valid) property tests 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
67e9edb820 Python: Add PropertyValue 
+ Extend PropertyInternal.getSetter to handle non-decorator
+ Add PropertyInternal.getDeleter

It seems like a bit hacky way to do things, since we're not using the
PropertySetterOrDeleter class at all, but for now I'll leave it be.
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
e747add485 Python: Descriptor tests fixup (3/3) 
Better tests for properties
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
aed7bfb820 Python: Descriptor tests fixup (2/3) 
Test format improved
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
3f49aeecfe Python: Descriptor tests fixup (1/3) 2020-02-19 14:10:29 +01:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
895f2f74ab Merge branch 'master' into python-clean-qltest-options 2020-02-12 13:44:41 +01:00
Rasmus Wriedt Larsen
efedcd26d0 Python: Django tests need --lang=3 2020-02-11 13:16:52 +01:00
Rasmus Wriedt Larsen
c0b7dcc019 Python: Remove ignored automatic_locations in qltest options files 2020-02-06 14:28:10 +01:00
Rasmus Wriedt Larsen
397c17c4ff Python: Use --lang=3 in tests 
With internal update to qltest it will not actually do something.

- also remove it from the tests that never needed it.
 2020-02-06 14:20:59 +01:00
Rasmus Wriedt Larsen
2837f987c5 Python: Show how pointsTo handles 0+0 == 0 (2/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
4231bb1bcf Python: Show how pointsTo handles 0+0 == 0 (1/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
c25782d6da Python: For web tests, use more precise name HttpResponseSinks 
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
46f4b74134 Python: Fix tornado lib: a redirect is not a http response 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
ee382bb2ea Python: Fix typo (reques => request) 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9bc72450a0 Python: Temporarily disable falcon HttpSinks test 
I will fix this in an other PR
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
2cdbae08b6 Python: Don't make duplicate sink for Tornado handler 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
effa4548ab Python: Add toString to TurboGears HttpResponseTaintSinks 
Naming these were a bit hard, but better than generic "Taint Sink"
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
6b87458c2e Python: Add explicit tests for HttpSources and HttpSinks 
Some of the tests currently fail, since they can't reproduce the old tests
results (since the sinks/sources defined in the library code are not
HttpResponseTaintSink/HttpRequestTaintSource)
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
0a1c91fbb8 Python: Autoformat web tests QL files 2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen
781024d679 Python: Recognize taint for iterable unpacking 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
a3f1f4cb87 Python: Add iterable unpacking tests 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
fa48fb04f5 Python: Recognize nested tuple/list assignment 
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but
more of a warmup excersize for me
 2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen
9763ec71fe Python: Add tests for nested assignment 2020-01-27 14:39:34 +01:00
Taus
5a2dfd40af Merge pull request #2639 from RasmusWL/python-improve-dict-taint 
Python: Improve tests for tainted collections
 2020-01-24 15:06:01 +01:00