hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

9181 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d84294df3d Python: Check that tests are valid 2020-08-07 20:07:02 +02:00
Rasmus Lerchedahl Petersen
3db1ceeb70 Python: format ql 2020-08-06 15:42:14 +02:00
Rasmus Lerchedahl Petersen
614103c3b6 Python: Test calls rather than flows 2020-08-06 15:40:41 +02:00
Rasmus Lerchedahl Petersen
ce86a8b72e Python: format ql 2020-08-06 14:42:56 +02:00
Rasmus Lerchedahl Petersen
e77ceaf4b8 Python: Track dictionary keys 
Also, less hacky comprehension,
but I think we still want to fix the extractor
 2020-08-06 13:31:54 +02:00
Rasmus Lerchedahl Petersen
7c235597de Python: More precise dataflow for tuples 
(and dictionaries, but that is not fleshed out)
 2020-08-05 19:22:54 +02:00
yoff
e642808a75 Update python/ql/test/experimental/dataflow/coverage/classes.py 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-05 15:12:27 +02:00
Rasmus Lerchedahl Petersen
a89624698d Python: format ql 2020-08-05 14:28:28 +02:00
Rasmus Lerchedahl Petersen
2639e68a0d Python: format ql 2020-08-05 14:16:50 +02:00
Rasmus Lerchedahl Petersen
81ad4552c9 Python: full list of magic methods to be tested 2020-08-05 13:30:30 +02:00
Rasmus Lerchedahl Petersen
d7c08f732d Merge branch 'master' of github.com:github/codeql into SharedDataflow_Classes 2020-08-04 16:01:42 +02:00
Rasmus Lerchedahl Petersen
9312b42e79 Python: More easy-to-get content flow 
There are some things that should be rewritten, though,
but it may involve the extractor
 2020-08-04 13:54:50 +02:00
Rasmus Lerchedahl Petersen
9d09b4c811 Python: Comprehension stores 2020-08-03 08:53:22 +02:00
Rasmus Lerchedahl Petersen
f21777c6ce Python: Simplyfy sequence stores 2020-08-03 08:16:43 +02:00
Rasmus Lerchedahl Petersen
4a8d532a71 Python: update test expectations and annotations 2020-08-03 07:25:06 +02:00
Rasmus Lerchedahl Petersen
6debc48e79 Merge branch 'master' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-03 07:05:34 +02:00
Calum Grant
595ab442e6 Merge pull request #3996 from yoff/SharedDataflow_Syntax 
Python: Test all expressions that incur dataflow
 2020-07-31 17:45:00 +01:00
Rasmus Lerchedahl Petersen
3e13056140 Python: Address most review comments 2020-07-31 17:20:58 +02:00
Rasmus Lerchedahl Petersen
b21da86ac1 Python: Field flow for sequence elements 
only from displays so far
 2020-07-31 15:45:20 +02:00
Rasmus Lerchedahl Petersen
e8ce62e211 Python: Fix missing flow annotation 2020-07-31 15:28:27 +02:00
Rasmus Lerchedahl Petersen
e13cf2e126 Python: fix formatting 2020-07-31 14:25:09 +02:00
Rasmus Lerchedahl Petersen
29493f5bd7 Python: Make the coverage test a path query 2020-07-31 12:38:57 +02:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Rasmus Lerchedahl Petersen
133e18edd9 Python: Annotate missing flow 2020-07-30 18:13:39 +02:00
Rasmus Lerchedahl Petersen
1467d6b419 Python: Test all expressions that incur dataflow 2020-07-30 17:51:17 +02:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Rasmus Lerchedahl Petersen
d32e2772a0 Python: some doc, a generator, and a corotuine 2020-07-29 15:52:56 +02:00
Rasmus Lerchedahl Petersen
488a7f4d01 Python: update test expectations 2020-07-28 21:46:45 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Rasmus Lerchedahl Petersen
eab64f125b Python: Dataflow, start on test for classes 2020-07-28 20:32:12 +02:00
Rasmus Lerchedahl Petersen
38acea633f Python: Dataflow, expand callable to classes 2020-07-27 17:58:21 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Rasmus Wriedt Larsen
e0016f6c52 Python: CG trace: Mention adding projects in README 2020-07-24 20:08:39 +02:00
Rasmus Wriedt Larsen
aca703e131 Python: CG trace: Add support for flask 2020-07-24 20:06:53 +02:00
Rasmus Wriedt Larsen
bb80635dc3 Python: CG trace: Updated README 2020-07-24 19:35:06 +02:00
Rasmus Wriedt Larsen
ecafc760e8 Python: CG trace: Improved debugging queries a bit 2020-07-24 19:34:51 +02:00
Rasmus Wriedt Larsen
2407c8b07e Python: CG trace: Better handling of builtins without __module__ 
Not 100% perfect, but better
 2020-07-24 19:13:53 +02:00
Rasmus Wriedt Larsen
9c76618d8b Python: CG trace: Make ./helper.sh show help again 2020-07-24 18:59:29 +02:00
Rasmus Wriedt Larsen
8057e11fe4 Python: CG trace: Add ./helper.sh metrics command 2020-07-24 18:38:12 +02:00
Rasmus Wriedt Larsen
779a82ee07 Python: CG trace: Minor cleanup in helper.sh 2020-07-24 18:37:48 +02:00
Rasmus Wriedt Larsen
4c689434c3 Python: CG trace: Restructure QL code 2020-07-24 17:00:13 +02:00
Rasmus Wriedt Larsen
321d5104f0 Python: CG trace: Autogenerate BytecodeExpr.qll 
Some code I had lying around, just hadn't comitted.

Not that useful since most of these have been disabled in 55404ae98 for now.
 2020-07-24 16:51:14 +02:00
Rasmus Wriedt Larsen
a7bc9544b6 Python: CG trace: Metrics, number of recorded calls not ignored 
turned out to be useful after all :P
 2020-07-24 16:49:54 +02:00
Rasmus Wriedt Larsen
367a49803b Python: CG trace: handle class instantiation properly in points-to 2020-07-24 11:19:11 +02:00
Porcupiney Hairs
7a71ca3e0f fix tests. 2020-07-24 00:57:19 +05:30
Rasmus Wriedt Larsen
3ead2e3dc7 Python: CG trace: Improve performance by only logging when needed 
Seems like a 2x performance overall

wcwidth:
  - DEBUG=True 5.78 seconds
  - DEBUG=False 2.70 seconds

youtube-dl
  - DEBUG=True 238.90 seconds
  - DEBUG=False 120.70 seconds
 2020-07-23 20:14:49 +02:00
Rasmus Wriedt Larsen
c49311e69e Python: Fix JinjaSSTISinks.expected 2020-07-23 20:11:27 +02:00
Rasmus Wriedt Larsen
fbd939133e Python: CG trace: More caching 
Improves runtime of tracing youtube-dl from 296.19 seconds to 224.50 seconds.

Better, but still not that amazing :|
 2020-07-23 18:07:55 +02:00
Rasmus Wriedt Larsen
ce42221cf7 Python: CG trace: Fix some printing in helper.sh 2020-07-23 17:57:52 +02:00
Rasmus Wriedt Larsen
55404ae980 Python: CG trace: Experiment with disabling some opcodes 
Currently not supported in the QL code, so no reason to pay performance to
record them right now :P
 2020-07-23 17:39:43 +02:00