796 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	b28d022be9	Python: Add simpel model of a django path/re_path route setup ... Also had to change the annotation to not include the `r` prefix for the raw-string... not sure why that isn't replicated, but ¯\_(ツ)_/¯	2020-10-16 11:12:11 +02:00
Tom Hvitved	5f01fda1ef	Data flow: Sync files	2020-10-16 09:05:02 +02:00
Anders Schack-Mulligen	94f110f739	Sync.	2020-10-16 09:05:01 +02:00
Tom Hvitved	d608138c0c	Data flow: Sync files	2020-10-16 09:03:13 +02:00
Rasmus Wriedt Larsen	5142bfaf01	Merge pull request #4453 from yoff/python-port-unsafe-deserialization ... Python: port unsafe deserialization	2020-10-15 17:26:31 +02:00
Rasmus Wriedt Larsen	58baec5b06	Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing ... Python: Shared dataflow, argument passing	2020-10-15 17:10:59 +02:00
Rasmus Lerchedahl Petersen	89f5352324	Python: fix QL format	2020-10-15 16:41:41 +02:00
Rasmus Lerchedahl Petersen	ef32488596	Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization	2020-10-15 15:45:35 +02:00
CodeQL CI	ab7d28b3fb	Merge pull request #4482 from RasmusWL/promote-script ... Approved by tausbn	2020-10-15 06:15:55 -07:00
Rasmus Wriedt Larsen	43cee8567c	Python: Add script to promote experimental security queries	2020-10-15 13:25:01 +02:00
Rasmus Lerchedahl Petersen	cc7d32c27c	Merge branch 'python-port-unsafe-deserialization' of github.com:yoff/codeql into python-port-unsafe-deserialization	2020-10-15 13:01:38 +02:00
Rasmus Lerchedahl Petersen	172e058438	Python: unsafe -> mayExecuteInput	2020-10-15 12:56:29 +02:00
Rasmus Lerchedahl Petersen	00566f0eee	Python: Extend DataFlow::CfgNode when appropriate	2020-10-15 12:40:16 +02:00
yoff	c36ad7dd9b	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2020-10-15 12:35:21 +02:00
Rasmus Lerchedahl Petersen	9c8e968cba	Python: Fix bad merge	2020-10-15 11:47:34 +02:00
Rasmus Wriedt Larsen	ce967e1249	Merge branch 'main' into python-model-python2-specific-command-execution	2020-10-15 10:00:02 +02:00
Rasmus Lerchedahl Petersen	0766eef49b	Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing	2020-10-15 09:49:21 +02:00
Rasmus Lerchedahl Petersen	d2b90662a3	Python: implement ToString on mappings	2020-10-14 17:31:13 +02:00
Taus	466c22f4a8	Merge pull request #4435 from RasmusWL/python-port-code-injection ... Python: port code injection query	2020-10-14 16:41:42 +02:00
Rasmus Lerchedahl Petersen	6a3aed337f	Python self -> range	2020-10-14 16:35:43 +02:00
Rasmus Lerchedahl Petersen	352418cb5d	Python: track safe loaders	2020-10-14 16:33:55 +02:00
yoff	5f6f85c998	Merge pull request #4465 from tausbn/python-remove-essa-flow ... Python: Remove flow between ESSA variables	2020-10-14 15:37:39 +02:00
Rasmus Lerchedahl Petersen	b8cba381cf	Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization	2020-10-14 15:01:30 +02:00
Rasmus Lerchedahl Petersen	3a281a1bd6	Python: Adjust comments and tests	2020-10-14 14:40:11 +02:00
Rasmus Wriedt Larsen	5db4f906d0	Merge branch 'main' into python-port-code-injection	2020-10-14 14:22:02 +02:00
yoff	ffe79f688d	Apply suggestions from code review ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-10-14 14:08:16 +02:00
Taus	92ccb795fd	Merge pull request #4415 from RasmusWL/python-flask-routed-parameter ... Python: Add support for routed parameters in flask	2020-10-14 13:29:51 +02:00
Rasmus Wriedt Larsen	1fde477a8f	Python: Refactor argument matching	2020-10-14 13:22:35 +02:00
Rasmus Wriedt Larsen	680a6eb2a6	Python: Refactor argument matching (more)	2020-10-14 13:21:04 +02:00
Rasmus Wriedt Larsen	61ecec7d17	Merge pull request #4467 from tausbn/python-fix-import-type-tracking ... Python: Fix unwanted module type tracking	2020-10-14 13:08:57 +02:00
Rasmus Lerchedahl Petersen	dc7e7890f0	Python: Clearer naming and comments (I hope)	2020-10-14 12:03:05 +02:00
Rasmus Wriedt Larsen	b0cfa1d92d	Python: Make "..Call" modeling classes extend DataFlow::CfgNode	2020-10-14 10:53:18 +02:00
Rasmus Wriedt Larsen	bfa5d18476	Python: Use new importNode	2020-10-14 10:49:38 +02:00
Rasmus Wriedt Larsen	7d600e4e8e	Merge branch 'main' into python-port-code-injection	2020-10-14 10:48:38 +02:00
Rasmus Wriedt Larsen	4d9d2155fc	Python: Make "..Call" modeling classes extend DataFlow::CfgNode	2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen	b0e79890e6	Python: Use new importNode	2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen	4597ba64d0	Merge branch 'main' into python-model-invoke	2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen	eff47457bf	Python: Refactor argument matching	2020-10-14 10:37:38 +02:00
Rasmus Wriedt Larsen	2ea71f574c	Python: Make "..Call" modeling classes extend DataFlow::CfgNode	2020-10-14 10:37:37 +02:00
Rasmus Wriedt Larsen	2e30f58aa2	Python: Use new importNode	2020-10-14 10:37:36 +02:00
Rasmus Wriedt Larsen	ecf70c5f30	Merge branch 'main' into python-model-python2-specific-command-execution	2020-10-14 10:36:43 +02:00
Rasmus Wriedt Larsen	74bd045488	Python: Make "..Call" modeling classes extend DataFlow::CfgNode	2020-10-14 10:24:46 +02:00
Rasmus Wriedt Larsen	ba158f3317	Python: Use new importNode	2020-10-14 10:17:35 +02:00
Rasmus Wriedt Larsen	49d2e68d12	Merge branch 'main' into python-flask-routed-parameter	2020-10-14 10:16:00 +02:00
Rasmus Lerchedahl Petersen	93383747bd	Python: Use more common name for concept	2020-10-14 09:28:58 +02:00
Rasmus Lerchedahl Petersen	a76d276b48	Python: Adjust getARelevantTag	2020-10-14 08:44:04 +02:00
yoff	3b9ea3a958	Apply suggestions from code review ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-10-14 08:24:26 +02:00
Taus Brock-Nannestad	7d86b53b71	Python: Fix unwanted module type tracking	2020-10-13 22:47:57 +02:00
yoff	1f2390455c	Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll ... Co-authored-by: Taus <tausbn@github.com>	2020-10-13 19:15:33 +02:00
Rasmus Lerchedahl Petersen	5d66c485d5	Python: IPA type for arguemnt mappings ... Not sure how arg2 in line 118 is achieved	2020-10-13 19:12:52 +02:00