hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,505 Commits 1,673 Branches 157 Tags
503b339a1f0d121c3976667f4e861908dd52aa15
Commit Graph

1923 Commits

Author SHA1 Message Date
Taus
cb195a0dc4 Merge pull request #4752 from yoff/python-dataflow-unpacking-assignment 
Python: Dataflow, unpacking assignment
 2021-01-29 14:15:28 +01:00
Taus
be5b7bb4c4 Merge pull request #5022 from yoff/python-split-lambdas 
Python: Callable for lambdas
 2021-01-29 14:12:26 +01:00
Rasmus Wriedt Larsen
b6007cf324 Merge pull request #5023 from yoff/python-unify-synthetic-post-update-nodes 
Python: Only generate one post-update node, even if there are multiple reasons for doing so.
 2021-01-28 13:11:50 +01:00
Rasmus Lerchedahl Petersen
0e0b18c214 Python: Adjust comment based on review. 2021-01-28 01:09:03 +01:00
Rasmus Lerchedahl Petersen
ae2c122159 Python: Small refactor 
- align synthetic pre-update nodes with synthetic post -update nodes
- move the classes into the modules
- rename modules after the new main class (eliding "needs")
 2021-01-27 23:15:50 +01:00
Rasmus Lerchedahl Petersen
2120868939 Python: format 2021-01-27 19:48:01 +01:00
yoff
2c5da85e3b Update python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-27 19:43:40 +01:00
Rasmus Wriedt Larsen
5646af56dd Python: Fix too many results from DataFlow::importNode 2021-01-27 19:11:55 +01:00
yoff
f2241e04e5 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-27 12:15:35 +01:00
Rasmus Lerchedahl Petersen
5d62a56ed8 Python: Remove debug function 2021-01-27 08:24:11 +01:00
Rasmus Lerchedahl Petersen
d18c1602cd Python: autoformat 2021-01-27 01:25:38 +01:00
Rasmus Lerchedahl Petersen
d29fdda779 Python: Only generate one post-update node, 
even if there are multiple reasons for doing so.
Solves `uniqueNodeToString` inconsistencies
(and probably saves quite a lot of nodes).
 2021-01-27 01:20:51 +01:00
Rasmus Lerchedahl Petersen
9b13834d28 Python: small refactor 2021-01-26 21:17:59 +01:00
Rasmus Lerchedahl Petersen
d3e0e84c37 Python: Separate callable for lambdas 
Since lambdas are split, but their children are not,
we use the Function as the callable.
 2021-01-26 21:17:59 +01:00
yoff
cd85cf1645 Update python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 2021-01-26 19:16:54 +01:00
yoff
500ea12224 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-26 19:14:46 +01:00
Rasmus Wriedt Larsen
902bade5ae Merge pull request #5015 from yoff/python-add-missing-postupdate-nodes 
Python: add missing postupdate nodes
 2021-01-26 14:39:29 +01:00
Taus
4c0f54f5d3 Merge pull request #5007 from yoff/python-disregard-comp-args 2021-01-26 12:53:33 +01:00
Rasmus Lerchedahl Petersen
e253855999 Python: Add comment about reverse reads. 2021-01-26 12:11:21 +01:00
Rasmus Lerchedahl Petersen
e44f1813fa Python: Add TODO comment 2021-01-26 11:29:14 +01:00
yoff
09bb3001d6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-25 21:58:20 +01:00
yoff
7ba0939239 Merge pull request #4995 from RasmusWL/tornado-model-http-sinks 
Python: model HTTP sink in Tornado
 2021-01-25 21:53:44 +01:00
Rasmus Lerchedahl Petersen
96b7f75905 Python: add postupdate nodes for kwargs 
drops remaining reverse read failures on saltstack.
 2021-01-25 17:34:49 +01:00
Rasmus Lerchedahl Petersen
ad39bfb2ff Python: Add postupdate nodes for subscripts. 
This drops reverse read inconsistencies on saltstack from 14909 to 1353.
 2021-01-25 17:01:25 +01:00
Rasmus Lerchedahl Petersen
89e56707c3 Python: Omit all unresolved parameter nodes. 
Drops the results further to 139.
 2021-01-24 16:16:07 +01:00
Rasmus Lerchedahl Petersen
baf0917524 On saltstack this drops the number of consistency errors 
of type uniqueEnclosingCallable from 4026 to 614.
 2021-01-24 15:30:59 +01:00
Rasmus Lerchedahl Petersen
0d20a4cb4a Python: Simplify modelling 2021-01-22 19:40:34 +01:00
Rasmus Lerchedahl Petersen
f948ef8f27 Merge branch 'main' of github.com:github/codeql into python-dataflow-unpacking-assignment 2021-01-22 16:26:48 +01:00
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Wriedt Larsen
b55817a5b2 Python: Model HTTP responses in tornado 
This is quite a simpel model, but ends up matching what we were able to do with
points-to.

I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
 2021-01-21 13:26:31 +01:00
Rasmus Lerchedahl Petersen
88db8f562d Python: Elaborate comments for steps 2021-01-21 10:55:59 +01:00
Rasmus Lerchedahl Petersen
bc1b50788a Python: Small refactor 2021-01-21 10:44:58 +01:00
Rasmus Lerchedahl Petersen
19918e2e57 Python: Have Node-postfix consistently 2021-01-21 10:43:15 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
Rasmus Lerchedahl Petersen
7a5d553dd2 Merge branch 'main' of github.com:github/codeql into python-dataflow-unpacking-assignment 2021-01-20 19:27:34 +01:00
yoff
e072864948 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-20 17:38:34 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Lerchedahl Petersen
bd3de23c6e Python: Remove some unhelpful store steps 2021-01-19 00:05:10 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
Rasmus Lerchedahl Petersen
175e43d6f2 Python: Slight refactor 2021-01-18 09:12:05 +01:00
Rasmus Lerchedahl Petersen
5f189a7e43 Python: Address reviews 2021-01-15 20:18:37 +01:00
yoff
1edad03622 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-15 18:50:04 +01:00
yoff
48910d0597 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-01-15 14:02:27 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00