hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 04:30:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
70,817 Commits 1,680 Branches 157 Tags
91f1cf10a7a65eab9915f41973aaee05b5082b5e
Commit Graph

178 Commits

Author SHA1 Message Date
yoff
7816f34d75 Merge branch 'main' into stdlib-optparse 2024-10-01 12:48:09 +02:00
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Lerchedahl Petersen
571be8be3e Python: model more loggers 2024-06-26 01:00:38 +02:00
Rasmus Lerchedahl Petersen
eb32cbe8a5 Python: codecs.open 2024-06-26 00:57:59 +02:00
Rasmus Lerchedahl Petersen
c004ffaca8 python: move model to Stdlib.yml 
There is already a model there so we add to that one.

We did observe that this existing model was blocked by the external MaD model.
This is concerning and needs to be cleared up.
 2024-06-25 14:13:48 +02:00
Joe Farebrother
f3b27d611a Add test case for validated wsgiref servers + fix typo 2024-04-24 14:05:40 +01:00
Joe Farebrother
eeef062f7c Implement sinks for wsgiref + allow lists in bulk header updates + local flow 2024-04-24 14:05:39 +01:00
Taus
b484aee39e Python: Autoformat everything 
Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Rasmus Wriedt Larsen
c265c15f3f Merge pull request #15398 from RasmusWL/html-escape 
Python: Add `html.escape` as HTML sanitizer
 2024-01-30 16:06:01 +01:00
Rasmus Wriedt Larsen
c70b32f7eb Python: Require quote escaping for html.escape 2024-01-30 12:17:01 +01:00
Rasmus Wriedt Larsen
cbed6e861d Python: Add html.escape as HTML sanitizer 2024-01-22 17:32:28 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Rasmus Wriedt Larsen
72687e0368 Merge branch 'main' into automated-subclass-models 2023-12-19 17:08:25 +01:00
Rasmus Wriedt Larsen
13c2378b58 Python: Update a few QLdocs 2023-12-19 17:07:01 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Rasmus Wriedt Larsen
aa5eee1eac Python: Revert manual pickle modeling 
This reverts commit 62910f0cab525ca4d4901c4c27f6e6b22c3375fc.
This reverts commit 75a8197879ec47094d9b18f3dab7bcc1c1cdba28.

We don't find `kombu.serialization.pickle_load` since we respect
`__all__`. I think that was an attempt to not flood the captured
modeling with useless re-exports, but I think we've ended up doing that
anyway... we should consider to remove that restriction!

see 21d7df29c7/kombu/serialization.py (L29)
 2023-12-08 11:27:53 +01:00
Taus
5b9d56774b Python: Refactor references to ElementTree 
This would probably be better as a module, but I wanted to verify
first that this would yield the right results.
 2023-12-08 11:27:52 +01:00
Taus
d29879a844 Python: Model kombu.serialization 
More `pickle` wrappers.
 2023-12-08 11:27:52 +01:00
Taus
6261a94986 Python: Add cloudpickle model 
This one didn't seem to fit into the subclass approach, so I just modeled
it manually.
 2023-12-08 11:27:52 +01:00
Taus
9d93afe128 Python: Add logging.Logger model 2023-12-08 11:27:51 +01:00
Taus
6093bb9fd4 Python: add some stdlib models 2023-12-08 11:27:51 +01:00
Taus
750f14f859 Python: Add http.client.HTTPResponse model 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
bff7ae20e1 Python: Enable auto-model for cgi.FieldStorage 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
af6c5ccead Python: Enable auto-model BaseHttpRequestHandler 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
ec384649e8 Python: Automodel for WSGIServer 2023-12-08 11:27:50 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
e1c47f5584 Python: Reorganize taint tests of re 
Mostly to highlight that with flow-summary modeling, we don't expect
taint for a lot of these.

I aslo opted to make `finditer()` tainted for consistency.
 2023-11-13 10:56:29 +01:00
Rasmus Wriedt Larsen
c85d99d949 Merge branch 'main' into re-modeling 2023-11-10 16:32:50 +01:00
Rasmus Wriedt Larsen
4943fc5a57 Python: Model taint from re.<func> calls 2023-11-08 17:18:40 +01:00
Rasmus Wriedt Larsen
851c30e797 Python: Add taint modeling of re.Match objects 2023-11-08 17:18:09 +01:00
Max Schaefer
3939167ba2 Include more details in the message for py/weak-cryptographic-algorithm. 
Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.
 2023-10-26 11:28:09 +01:00
amammad
ad2631202d fix comments 2023-10-08 21:32:04 +02:00
amammad
6c8cc79b4d v1 2023-10-08 21:24:54 +02:00
Rasmus Wriedt Larsen
ad1743ecde Python: Modernize modeling of BaseHTTPRequestHandler 2023-09-18 14:13:27 +02:00
Rasmus Wriedt Larsen
bfb4be26c2 Python: Autoformat 2023-09-07 10:31:39 +02:00
Rasmus Wriedt Larsen
54c456d95d Python: Apply suggestions from code review 2023-09-07 10:28:46 +02:00
Peter Stöckli
ede7d8fb6a Python: apply suggestions from code review for asyncio 2023-09-06 15:47:07 +02:00
Peter Stöckli
8c4dccc81b Python: initial support for CMDi via asyncio 2023-09-05 15:33:29 +02:00
Rasmus Wriedt Larsen
794d04e4c0 Python: Model os.getenv[b] 2023-08-14 11:55:00 +02:00
Rasmus Lerchedahl Petersen
9a1e895fdc Python: missed removing these 
`set.add` and `list.append` do not return a value
 2023-06-14 14:51:21 +02:00
Rasmus Lerchedahl Petersen
3b558a0044 python: remove spurious return flow 2023-06-14 13:35:37 +02:00
yoff
38cca08a86 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-14 13:27:33 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
Rasmus Lerchedahl Petersen
775f3eaf56 python: make copy a dataflow step 2023-06-13 17:07:41 +02:00