hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 17:50:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,874 Commits 1,673 Branches 157 Tags
91806da2fa696e08993a04e17dfdce9a34875b8e
Commit Graph

16874 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
91806da2fa C#: Address review comments 2020-10-14 14:15:34 +02:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Tom Hvitved
444e607338 C#: Add missing flow through library code using params arguments 2020-10-14 14:15:34 +02:00
Tom Hvitved
f2dc2d912a C#: Add inter-procedural data-flow test for StringBuilder 2020-10-14 14:15:34 +02:00
Taus
92ccb795fd Merge pull request #4415 from RasmusWL/python-flask-routed-parameter 
Python: Add support for routed parameters in flask
 2020-10-14 13:29:51 +02:00
Rasmus Wriedt Larsen
61ecec7d17 Merge pull request #4467 from tausbn/python-fix-import-type-tracking 
Python: Fix unwanted module type tracking
 2020-10-14 13:08:57 +02:00
yoff
27f474f0e9 Merge pull request #4429 from RasmusWL/python-model-invoke 
Python: model invoke library
 2020-10-14 12:13:35 +02:00
Taus Brock-Nannestad
f3c07e3849 Python: Fix up import helper tests 2020-10-14 11:58:14 +02:00
Tamás Vajk
8127d9b93e Merge pull request #4404 from tamasvajk/feature/cleanup-2 
C# extractor code cleanup
 2020-10-14 11:02:40 +02:00
Rasmus Wriedt Larsen
4d9d2155fc Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen
b0e79890e6 Python: Use new importNode 2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen
74bd045488 Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:24:46 +02:00
Rasmus Wriedt Larsen
ba158f3317 Python: Use new importNode 2020-10-14 10:17:35 +02:00
Rasmus Wriedt Larsen
49d2e68d12 Merge branch 'main' into python-flask-routed-parameter 2020-10-14 10:16:00 +02:00
Taus Brock-Nannestad
7d86b53b71 Python: Fix unwanted module type tracking 2020-10-13 22:47:57 +02:00
Taus Brock-Nannestad
76e5b59dab Python: Add test case for unwanted module type tracking 2020-10-13 22:47:03 +02:00
Robert Marsh
b49aa677d0 Merge pull request #4459 from geoffw0/setex 
C++: Additional taint flows through std::set
 2020-10-13 15:17:54 -04:00
Taus
83937bacae Merge pull request #4448 from RasmusWL/python-simplify-import-modeling 
Python: simplify import modeling
 2020-10-13 18:08:07 +02:00
Rasmus Wriedt Larsen
2c5996f694 Python: Refactor subprocess_attr type-tracker 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-13 17:21:21 +02:00
Rasmus Wriedt Larsen
b895641a83 Merge pull request #4464 from tausbn/python-remove-dataflowcfgnode 
Python: Get rid of `DataFlowCfgNode`
 2020-10-13 15:08:28 +02:00
Rasmus Wriedt Larsen
76c9b8c49f Python: Expose importNode instead of importModule/importMember 
Since predicate name `import` is not allowed, I adopted `importNode` as it sort
of matches what `exprNode` does.

---

Due to only using `importMember` in `os_attr` we previously didn't handle
`import os.path as alias` :|

I did creat a hotfix for this (https://github.com/github/codeql/pull/4446), but
in doing so I realized the core of the problem: We're exposing ourselves to
making these kinds of mistakes by having BOTH importModule and importMember, and
we don't really gain anything from doing this!

We do loose the ability to easily only modeling `from mod import val` and not
`import mod.val`, but I don't think that will ever be relevant.

This change will also make us to recognize some invalid code, for example in

    import os.system as runtime_error

we would now model that `runtime_error` is a reference to the `os.system`
function (although the actual import would result in a runtime error).

Overall these are tradeoffs I'm willing to make, as it does makes things simpler
from a QL modeling point of view, and THAT sounds nice 👍
 2020-10-13 15:03:22 +02:00
Tamas Vajk
ce9624e61d C#: Remove unneeded vscode settings from settings.json 2020-10-13 14:50:46 +02:00
Rasmus Wriedt Larsen
4bfd55f1af Python: Show problem with os.path modeling 
This is not a very good test for showing that we don't handle direct imports,
but it was the best I had available without inventing something new. It's very
fragile, since any of these would propagate taint (due to handling all `join`
calls as if the qualifier was a string):

    ospath_alias.join(ts)
    ospath_alias.join(ts, "foo", "bar")

But this test DOES serve the purpose of illustrating that my fix works :D
 2020-10-13 14:50:00 +02:00
Tamas Vajk
ce793c357f C#: Adjust parameters of DefinitionField ctor 2020-10-13 14:45:38 +02:00
Tamas Vajk
ea53ea0994 C#: Prefer keywords over type names 2020-10-13 14:45:38 +02:00
Tamas Vajk
8afac25120 C#: Add params modifier on override 2020-10-13 14:45:38 +02:00
Tamas Vajk
63e173198d C#: Make static member on generic class private 2020-10-13 14:45:38 +02:00
Tamas Vajk
6cf20d569d C#: Remove overrides that do nothing 2020-10-13 14:45:38 +02:00
Tamas Vajk
9b349eb844 C#: Use Contains instead of IndexOf 2020-10-13 14:45:38 +02:00
Tamas Vajk
5b33f43b78 C#: Use nameof 2020-10-13 14:45:38 +02:00
Tamas Vajk
f84669904b C#: Fix typo 2020-10-13 14:45:38 +02:00
Tamas Vajk
7075c6f8ca C#: Fix public property naming 2020-10-13 14:45:38 +02:00
Tamas Vajk
a4fec39c11 C#: Move fields to locals where possible 2020-10-13 14:45:38 +02:00
Tamas Vajk
b07aceff6b C#: Fix exception throwing 2020-10-13 14:45:37 +02:00
Tamas Vajk
6dfe90e479 C#: Change array-returning properties 2020-10-13 14:45:37 +02:00
Tamas Vajk
7721c7bba7 C#: Remove redundant conditions 2020-10-13 14:45:37 +02:00
Tamas Vajk
cbdd13127e C#: Convert publicly visible fields to properties 2020-10-13 14:45:37 +02:00
Tamas Vajk
d5382f2cfd C#: Fix modifier orders 2020-10-13 14:45:37 +02:00
Tamas Vajk
fbc128fcc7 C#: Fix type parameter names 2020-10-13 14:45:37 +02:00
Tamas Vajk
2e350caf9f C#: Fix private field and local variable naming 2020-10-13 14:45:37 +02:00
Tamas Vajk
ecb29a267b C#: Add editor config naming rules 2020-10-13 14:45:37 +02:00
Tamas Vajk
baf6f59bfc C#: Add braces to multiline block statements 2020-10-13 14:45:37 +02:00
Tamas Vajk
28694513a1 C#: Use pattern matching 2020-10-13 14:45:37 +02:00
Tamas Vajk
155453d9cb C#: Format single line if statements 2020-10-13 14:45:37 +02:00
Tamas Vajk
aec4481cfb C#: Use var everywhere 2020-10-13 14:45:37 +02:00
Tamas Vajk
7d544e34af C#: Add declaration visibility modifiers 2020-10-13 14:45:37 +02:00
Tamas Vajk
466e0cf085 C#: Remove naming styles from editor config, add IDE diagnostic severities 2020-10-13 13:27:46 +02:00
Tamas Vajk
ec6ed90c49 C#: Add final new line to files 2020-10-13 13:27:46 +02:00
Tamas Vajk
2e21564032 C#: Fix formatting with 'dotnet format' 2020-10-13 13:27:46 +02:00