hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,704 Commits 1,712 Branches 163 Tags
400a0f5741becfe28fb9321b14351dce17725382
Commit Graph

23 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
fa48fb04f5 Python: Recognize nested tuple/list assignment 
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but
more of a warmup excersize for me
 2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen
9763ec71fe Python: Add tests for nested assignment 2020-01-27 14:39:34 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen
1498145415 Python: Highlight that any comparison will clear taint 2020-01-21 15:24:56 +01:00
Mark Shannon
637677d515 Python: Move TaintTracking.qll from semmle.python.security to semmle.python.dataflow, for consistency with other code. 2019-08-30 12:57:47 +01:00
Mark Shannon
22f55d25c2 Python taint-tracking. Reorder columns in some tests for easier comprehension of expected output. 2019-08-29 14:36:10 +01:00
Mark Shannon
c7ec5690a5 Python taint-tracking: make sure all features of legacy extensions are supported. 2019-08-29 10:31:50 +01:00
Mark Shannon
3f8066878a Python taint-tracking: Fix up handling of contexts for __init__ and for context-free taints. 2019-08-29 10:31:50 +01:00
Mark Shannon
fe9c9d479d Python taint-tracking. Fix bug in legacy API. 2019-08-29 10:31:50 +01:00
Mark Shannon
7c4a18eee3 Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking 2019-08-29 10:31:50 +01:00
Mark Shannon
24b4a4102c Python taint-tracking: Further enhancements to new implementation for better debugging and backwards compatibility. 2019-08-29 10:31:50 +01:00
Mark Shannon
a7845ae0e1 Python taint-tracking: Remove old implementation. 2019-08-29 10:31:50 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Mark Shannon
e8190d9a7b Python: Track taint through 'yield' expressions. 2019-06-18 16:39:52 +01:00
Mark Shannon
97c98f29e4 Python taint-tracking: Support iterables of taint. 2019-06-18 16:39:47 +01:00
Mark Shannon
2aa967ae8e Remove redundant tests. 2019-04-26 16:21:47 +01:00
Mark Shannon
d6ba729dce Python: Fix semantic merge conflict between #1206 and #1240. 2019-04-12 12:32:41 +01:00
Taus
707b73c3d0 Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests 
Python: Remove callsite refinement ESSA definition in tests
 2019-04-12 12:05:40 +02:00
Mark Shannon
ca6e03f597 Python: Remove callsite refinement ESSA definition when call in a test defining a pi-node. 2019-04-11 16:08:29 +01:00
Mark Shannon
e2a3d91a7d Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test. 2019-04-04 14:29:34 +01:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00
Mark Shannon
ebd9bc3cb5 Python: Improve taint tracking to account for truthiness of the taint kind. 2019-03-01 11:24:07 +00:00
Mark Shannon
05b69a1c0f QL tests for Python queries and libraries. 2018-11-19 15:15:54 +00:00