hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 18:50:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,144 Commits 1,676 Branches 157 Tags
43e5c0212cc3a562dbe033b4eac7cb1626401b63
Commit Graph

48 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
e46ae9b98d Python: Move some query predicates to debug 2020-09-15 21:45:47 +02:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6 Python: testIsTrue -> branch 2020-09-14 15:32:03 +02:00
yoff
2a4e28db16 Apply suggestions from code review 
Will make the same renames in the changed code also..

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e Python: avoid creating big predicate 2020-09-14 15:24:46 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Rasmus Lerchedahl Petersen
0eb8b6c7b0 Python: Address review 2020-09-11 14:24:49 +02:00
Rasmus Lerchedahl Petersen
5dbb4af5b5 Python: Implement BarrierGuard 2020-09-11 11:55:51 +02:00
Rasmus Lerchedahl Petersen
2eb8ea85fb Python: update test expectations 2020-09-10 10:59:26 +02:00
Rasmus Lerchedahl Petersen
deb1a4ceb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_UseUseFlow 2020-09-10 10:55:34 +02:00
Rasmus Wriedt Larsen
b8e057f7ad Python: isSanitizerGuard test is future work 2020-09-09 15:57:53 +02:00
Rasmus Lerchedahl Petersen
b1567827a0 Python: Repair flow out of post-update nodes 2020-09-09 15:52:07 +02:00
Rasmus Wriedt Larsen
ab8cc23ce7 Python: Expand on taint sanitizer tests 
Most interesting to look at the custom sanitizers. Once we have use-use flow, we
should handle this case:

```
s = TAINTED_STRING
emulated_authentication_check(s)
ensure_not_tainted(s)
```
 2020-09-09 13:57:25 +02:00
Rasmus Lerchedahl Petersen
9e59d79a72 Python: Repair flow from pre-update nodes 2020-09-09 13:51:24 +02:00
Rasmus Lerchedahl Petersen
c661f43316 Python: Port use-use implementation from Java 2020-09-09 12:19:40 +02:00
Rasmus Wriedt Larsen
bf34b07605 Python: Add a few taint tests for default sanitizer 
specifically the ones removes from dataflow tests in https://github.com/yoff/codeql/pull/1
 2020-09-02 16:56:05 +02:00
Rasmus Wriedt Larsen
c5e3333d10 Python: Update expected tests after last commit 
I'm pushing too fast it seems
 2020-09-01 12:01:34 +02:00
Rasmus Wriedt Larsen
e0cfe8123e Python: Update comments for new taint tests 
I see I didn't keep them up to date as I implemented things
 2020-09-01 11:58:26 +02:00
Rasmus Wriedt Larsen
e5a361c230 Python: Better taint tests for copy.deepcopy 2020-09-01 11:50:33 +02:00
Rasmus Wriedt Larsen
4e73abc254 Merge branch 'main' into python-more-additional-taint-steps 2020-08-31 14:34:42 +02:00
Rasmus Wriedt Larsen
2d2b036b8c Python: Fix expected output for moved taint tests 2020-08-28 11:25:46 +02:00
Rasmus Wriedt Larsen
7213da195c Python: Use standard naming scheme for taint flow tests 
We got into problems since using `string.py` would shadow the string module from
the standard library. By some reason I adopted a pattern of `_` as suffix, but
let us just use the standard pattern of `test_` prefix like a normal testing
framework like pytest does.
 2020-08-28 11:22:42 +02:00
Rasmus Wriedt Larsen
f12d29de07 Python: Add taint test of more colleciton methods 2020-08-27 17:36:10 +02:00
Rasmus Wriedt Larsen
627363d6ea Python: Test taint step for string augmented assignment 
Apprently it just works 😕 :magic:
 2020-08-27 11:37:56 +02:00
Rasmus Wriedt Larsen
d0081dfbfa Python: Attempt at taint step for list.append/set.add 2020-08-27 10:57:07 +02:00
Rasmus Wriedt Larsen
af20c3e082 Python: Make new taint tracking tests runnable again 
since the files was called `collection`, that conflicted with import system :|
 2020-08-27 10:44:14 +02:00
Rasmus Wriedt Larsen
c24e3452f5 Python: Add more expected collection taint steps 2020-08-26 20:28:33 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
b6049765a8 Python: Add a few more collection taint tests 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
41e24ae93f Python: Add non-syntactical test for taint of json methods 2020-08-26 19:39:35 +02:00
Rasmus Wriedt Larsen
5f9aa4c3b9 Python: Restructure defaultAdditionalTaintStep tests 
This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.
 2020-08-26 19:39:33 +02:00
Rasmus Wriedt Larsen
a1ada62596 Python: Remodel taint tests for shared lib 
I took the bits from ql/test/library-tests/taint/ that seemed easy to port. I
left out namedtuple for now, but it is part of internal tracking ticket, so
won't be forgotten.
 2020-08-26 19:39:32 +02:00
Rasmus Lerchedahl Petersen
dcabd37974 Python: Update test expectations 2020-08-26 17:58:35 +02:00
Rasmus Wriedt Larsen
2dbf83b579 Python: TaintTracking: Move tests of py3 string methods 2020-08-25 13:06:27 +02:00
Rasmus Wriedt Larsen
0439b83c60 Python: Taint when using unicode 2020-08-25 12:50:32 +02:00
Rasmus Wriedt Larsen
483bd0e863 Python: Fix shared taint tracking tests 
Since there was a .ql file, qltest tried to run a test in
test/experimental/dataflow/taintracking/ which failed since there was no code.
 2020-08-25 11:15:11 +02:00
Rasmus Wriedt Larsen
d96ef73033 Python: Handle taint for f-strings 
Which we seem to not handle in the current taint tracking :O

f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
 2020-08-24 16:46:00 +02:00
Rasmus Wriedt Larsen
cb4b4e91ab Python: Taint for string multiplication 2020-08-24 14:54:06 +02:00
Rasmus Wriedt Larsen
5125c7a55c Python: Add taint tests for encode/decode functions 2020-08-24 14:54:04 +02:00
Rasmus Wriedt Larsen
31b398937a Python: Handle taint from bytes(obj) 2020-08-24 14:17:59 +02:00
Rasmus Wriedt Larsen
1e447c5ca2 Python: Handle taint for % formatting 2020-08-24 14:15:27 +02:00
Rasmus Wriedt Larsen
80745e8881 Python: Model string methods in shared taint tracking library 2020-08-24 13:58:42 +02:00
Rasmus Wriedt Larsen
a77f118b62 Python: Shared taint tracking: Handle string concat + subcript 2020-08-24 13:58:41 +02:00
Rasmus Wriedt Larsen
61f89ca3c3 Python: Add tests for shared taint tracking for strings 
I adopted the TestTaint testing setup that I made for the "old" taint tracking
tests. This time around we should figure out if we can use .qlref or similar so
it doesn't end up in multiple copies that are not kept up to date :|

The `repr` predicate could probably be placed somewhere better. For now I just
wanted something that could help me. I considered just expanding the `repr`
predicate in `ql/src/semmle/python/strings.qll`, but since it's currently used
by queries, I didn't want to do anything about it.

Anyway, the output it gives is much more useful than seeing this ;)

```
| test.py:20 | ok   | str_operations | test.py:20:9:20:10 | ts |
| test.py:21 | fail | str_operations | test.py:21:9:21:18 | BinaryExpr |
| test.py:22 | fail | str_operations | test.py:22:9:22:18 | BinaryExpr |
| test.py:23 | fail | str_operations | test.py:23:9:23:21 | Subscript |
| test.py:24 | fail | str_operations | test.py:24:9:24:13 | Subscript |
| test.py:25 | fail | str_operations | test.py:25:9:25:18 | Subscript |
| test.py:26 | fail | str_operations | test.py:26:9:26:13 | Subscript |
| test.py:27 | fail | str_operations | test.py:27:9:27:15 | str() |
| test.py:35 | fail | str_methods | test.py:35:9:35:23 | Attribute() |
| test.py:36 | fail | str_methods | test.py:36:9:36:21 | Attribute() |
| test.py:37 | fail | str_methods | test.py:37:9:37:22 | Attribute() |
| test.py:38 | fail | str_methods | test.py:38:9:38:23 | Attribute() |
| test.py:40 | fail | str_methods | test.py:40:9:40:19 | Attribute() |
| test.py:41 | fail | str_methods | test.py:41:9:41:23 | Attribute() |
| test.py:42 | fail | str_methods | test.py:42:9:42:36 | Attribute() |
| test.py:44 | fail | str_methods | test.py:44:9:44:25 | Attribute() |
| test.py:45 | fail | str_methods | test.py:45:9:45:45 | Attribute() |
| test.py:47 | fail | str_methods | test.py:47:9:47:21 | Attribute() |
| test.py:48 | fail | str_methods | test.py:48:9:48:19 | Attribute() |
| test.py:49 | fail | str_methods | test.py:49:9:49:18 | Attribute() |
| test.py:51 | fail | str_methods | test.py:51:9:51:32 | Attribute() |
| test.py:52 | fail | str_methods | test.py:52:9:52:34 | Attribute() |
| test.py:54 | fail | str_methods | test.py:54:9:54:21 | Attribute() |
| test.py:55 | fail | str_methods | test.py:55:9:55:19 | Attribute() |
| test.py:56 | fail | str_methods | test.py:56:9:56:18 | Attribute() |
| test.py:57 | fail | str_methods | test.py:57:9:57:21 | Attribute() |
| test.py:58 | fail | str_methods | test.py:58:9:58:18 | Attribute() |
| test.py:59 | fail | str_methods | test.py:59:9:59:18 | Attribute() |
| test.py:60 | fail | str_methods | test.py:60:9:60:21 | Attribute() |
| test.py:62 | fail | str_methods | test.py:62:9:62:26 | Attribute() |
| test.py:63 | fail | str_methods | test.py:63:9:63:42 | Attribute() |
| test.py:65 | fail | str_methods | test.py:65:9:65:26 | Attribute() |
| test.py:66 | fail | str_methods | test.py:66:9:66:42 | Attribute() |
| test.py:69 | fail | str_methods | test.py:69:9:69:25 | Attribute() |
| test.py:70 | fail | str_methods | test.py:70:9:70:26 | Attribute() |
| test.py:71 | fail | str_methods | test.py:71:9:71:22 | Attribute() |
| test.py:72 | fail | str_methods | test.py:72:9:72:21 | Attribute() |
| test.py:73 | fail | str_methods | test.py:73:9:73:23 | Attribute() |
| test.py:78 | ok   | str_methods | test.py:78:9:78:39 | Attribute() |
```
 2020-08-24 13:58:39 +02:00
Rasmus Wriedt Larsen
7fb8e0e277 Python: Add basic shared taint tracking test 2020-08-20 14:49:17 +02:00