hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 05:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,788 Commits 1,679 Branches 158 Tags
802a7252606871eaa9489fa01c1ba43e9587b14d
Commit Graph

2064 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
045a6c3cb5 Python: Add test for tricky module member for type-tracking 
Local testing shows that the `getDefinition` result for this is a `SSA filter definition`,
and not an `AssignmentDefinition`.
 2020-10-20 12:20:35 +02:00
Taus
f5ec548e68 Python: Fix typo in QLDoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-10-19 23:51:38 +02:00
Taus Brock-Nannestad
7755993dd3 Python: Add jump steps for module attribute reads. 
This is the quick-and-dirty solution, as discussed.

An even quicker-and-dirtier solution would have used
`ModuleValue::attr` and take the `getOrigin` of that as the source of
the jump step. However, this turns out to be a bad choice, since
`attr` might fail to have a value for the given attribute (for a
variety of reasons). Thus, we instead appeal to a helper predicate
that keeps track of which names are defined by which right-hand-sides
in a given module. (Observe that type tracking works correctly for `x`
in `mymodule.py`, even though `x` is never assigned a value in the
eyes of the Value API.)

This means that points-to is only used to actually figure out if the
object we're looking an attribute up on is a module or not. This is
the next thing to replace in order to eliminate the dependence on
points-to, but this will require some care to ensure that all module
lookups are handled correctly.

Only two test files needed to be changed for the tests to pass. The
first was the fixed false negative in the type tracker, and the other
was a bunch of missing flow in the regression test. I have manually
removed the `# Flow not found` annotations to make them consistent
with the output. Pay particular attention to the annotation on line
117 -- I believe it was misplaced and should have been on line 106
instead (where, indeed, we now have flow where none appeared before).
 2020-10-19 19:13:32 +02:00
Taus Brock-Nannestad
60fcb5e7d5 Python: Add PEP-328 test example 
Based on https://www.python.org/dev/peps/pep-0328/#guido-s-decision

Original "code" is in the Public Domain.
 2020-10-16 12:03:43 +02:00
Taus Brock-Nannestad
1829126230 Python: Get rid of DataFlowCfgNode 
Should make modelling data flow nodes that are also specific
subclasses of `ControlFlowNode` a bit smoother.
 2020-10-13 13:04:59 +02:00
CodeQL CI
d3f8fb5e53 Merge pull request #4423 from tausbn/python-add-attribute-access-interface 
Approved by RasmusWL
 2020-10-13 02:56:21 -07:00
Taus Brock-Nannestad
3288cf1a75 Python: Hopefully final changes to documentation. 2020-10-12 16:38:21 +02:00
Taus Brock-Nannestad
b07c7abacc Python: Clear up attribute name access QLDoc 2020-10-12 13:49:08 +02:00
Anders Schack-Mulligen
091e3a2931 Dataflow: Adjust test output. 2020-10-09 16:25:14 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Taus
60eec7b136 Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-08 18:14:20 +02:00
Taus Brock-Nannestad
d46453caaa Python: Support named imports as attribute reads 
Required a small change in `DataFlow::importModule` to get the desired
behaviour (cf. the type trackers defined in `moduleattr.ql`, but this
should be harmless. The node that is added doesn't have any flow
anywhere.
 2020-10-08 18:08:55 +02:00
Taus Brock-Nannestad
df447c0af9 Python: Remove flow from getAttributeName 2020-10-08 15:01:24 +02:00
Taus Brock-Nannestad
ceb249680e Python: Reuse existing node fields 
Also changes `x = TCfgNode(y)` to `x.asCfgNode() = y` where applicable.
 2020-10-08 15:00:14 +02:00
Taus Brock-Nannestad
31596ef569 Python: Clean up and extend built-in call node classes 2020-10-08 14:57:39 +02:00
Taus Brock-Nannestad
e9ecc00b37 Python: Implement and use mayHaveAttributeName 2020-10-08 14:53:54 +02:00
Taus Brock-Nannestad
b905a3d5e3 Python: Attribute access API 2020-10-06 16:36:29 +02:00
CodeQL CI
5bc7e19c44 Merge pull request #4414 from yoff/SharedDataflow_Conditionals 
Approved by RasmusWL
 2020-10-06 05:46:24 -07:00
Rasmus Lerchedahl Petersen
f9c5b864bb Python: Fix test of parenthesized form 2020-10-06 13:12:12 +02:00
Rasmus Lerchedahl Petersen
0f077f5d7d Python: Add flow inside IfExprNodes 2020-10-06 10:54:23 +02:00
Rasmus Lerchedahl Petersen
8f13d586b7 Python: More tests of conditonals 
Also use better formatter
(better because comments are close to what they comment)
 2020-10-06 10:49:15 +02:00
Rasmus Wriedt Larsen
fbe115c046 Python: Show TypeTracking doesn't work for module members 2020-10-06 03:12:39 +02:00
Arthur Baars
78c58c2415 Merge pull request #4384 from tausbn/python-fix-package-locations 
Python: Fix `hasLocationInfo` for packages
 2020-10-02 20:48:43 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Taus
fce76e2799 Merge pull request #4354 from RasmusWL/python-command-execution-modeling 
Python: Better command execution modeling
 2020-10-02 16:14:34 +02:00
Taus
2e4a61428d Merge pull request #4346 from RasmusWL/python-add-implicit-init-test 
Python: add test for implicit __init__.py files
 2020-10-02 16:13:25 +02:00
Rasmus Wriedt Larsen
e5b9ac8d9c Python: Use getCommand as tag in ConceptsTest 2020-10-02 14:12:41 +02:00
Rasmus Wriedt Larsen
eb67986916 Python: Exlucde only command injection sinks in os and subprocess 2020-10-02 14:11:07 +02:00
Rasmus Wriedt Larsen
68eacef23c Python: Refactor OsExecCall and friends for better readability 2020-10-02 13:38:54 +02:00
Rasmus Wriedt Larsen
de07d9e5d9 Python: Highlight that os.popen is not only problem for extra alerts 2020-10-02 13:34:33 +02:00
Taus Brock-Nannestad
b5d05f99c9 Python: Fix test output 2020-10-02 12:04:43 +02:00
Taus Brock-Nannestad
75f4051cb5 Python: Fix hasLocationInfo for packages 2020-10-01 17:21:53 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Rasmus Wriedt Larsen
3247b300ae Python: Fix problem with missing use-use flow 2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen
9b3509f0ba Python: Highlight problem with missing use-use flow 2020-10-01 12:51:44 +02:00
Rasmus Wriedt Larsen
428c2a3fda Merge branch 'main' into python-command-execution-modeling 2020-09-30 17:38:59 +02:00
Rasmus Wriedt Larsen
c4a2e1d6d1 Python: Rewrite attribute lookup helpers for better performance 
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
 2020-09-30 17:31:20 +02:00
Taus
32bf7d6bdf Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Rasmus Wriedt Larsen
4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
Rasmus Wriedt Larsen
9c1253c8af Python: Remove flow out of CommandInjection sinks 2020-09-30 13:29:40 +02:00
Rasmus Wriedt Larsen
a2d12f0440 Python: Update CommandInjection.expected 2020-09-30 13:00:10 +02:00
Rasmus Wriedt Larsen
1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Rasmus Wriedt Larsen
b3efa28277 Merge branch 'main' into python-command-execution-modeling 2020-09-30 10:24:11 +02:00
Rasmus Wriedt Larsen
fee279f952 Python: Hotfix performance problem with flask methods 
This improves runtime for command injection query on
https://lgtm.com/projects/g/alibaba/funcraft from +200 seconds (I did not care
to wait more) down to ~55 seconds on my machine.

This type of tracking predicate with string as additional argument apparently
causes trouble :|
 2020-09-29 11:00:57 +02:00