hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 15:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,596 Commits 1,673 Branches 157 Tags
9573048ee86120a7ab81eca246c14839d8d3955d
Commit Graph

259 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
9573048ee8 Python: Port py/clear-text-logging-sensitive-data 2021-06-25 14:35:31 +02:00
Rasmus Wriedt Larsen
a9469b73d9 Python: Port py/clear-text-storage-sensitive-data 2021-06-24 17:39:08 +02:00
Rasmus Wriedt Larsen
c0964617d7 Merge pull request #6111 from tausbn/python-a-few-minor-cleanups 
Python: A few minor bits of cleanup
 2021-06-23 10:42:41 +02:00
Taus
317c6867aa Python: Fix sneaky semantic change 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-22 16:46:54 +02:00
Rasmus Wriedt Larsen
e05d6e71b8 Merge pull request #6064 from tausbn/python-add-get-method-call 
Python: Add `getAMethodCall` to `LocalSourceNode`
 2021-06-22 11:16:39 +02:00
Taus
768cab3642 Python: Address review comments 
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
 2021-06-21 14:57:19 +00:00
Taus
3aea270e10 Python: Autoformat 2021-06-18 18:30:27 +00:00
Taus
348b20ca9d Merge branch 'main' of https://github.com/github/codeql into python-a-few-minor-cleanups 2021-06-18 17:38:43 +00:00
Taus
9351688da8 Python: asCfgNode cleanup 2021-06-18 17:22:42 +00:00
Taus
c386f4a009 Python: Clean up py/insecure-protocol 
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
 2021-06-18 17:22:42 +00:00
Taus
359bc5eff9 Python: Autoformat 2021-06-15 15:56:40 +00:00
Taus
e90ec807ef Python: Clean up Ssl.qll 2021-06-15 15:04:29 +00:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Rasmus Wriedt Larsen
753dca91b1 Python: weak-crypto: Make algorithm selection less brittle 
As discussed in https://github.com/github/codeql/pull/5635#discussion_r633477154
 2021-05-19 17:47:09 +02:00
Rasmus Wriedt Larsen
97fadd9970 Merge branch 'main' into port-weak-crypto-algorithm 2021-05-18 14:04:18 +02:00
Rasmus Wriedt Larsen
9156316b14 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-18 11:53:11 +02:00
Rasmus Wriedt Larsen
37db21d269 Merge pull request #5284 from yoff/python-port-insecure-protocol 
Python: port py/insecure-protocol
 2021-04-27 09:30:18 +02:00
Rasmus Wriedt Larsen
f9383a31bf Python: Fix BrokenCryptoAlgorithm.qhelp 2021-04-22 15:58:28 +02:00
Rasmus Wriedt Larsen
fc1a6d0e32 Python: Say salting is not part of py/weak-sensitive-data-hashing 2021-04-22 15:23:41 +02:00
Rasmus Wriedt Larsen
ac83c695ad Python: Add py/weak-sensitive-data-hashing query 2021-04-22 15:23:41 +02:00
Rasmus Wriedt Larsen
56c409737d Python: Port py/weak-cryptographic-algorithm 
The other query (py/weak-sensitive-data-hashing) is added in future commit
 2021-04-22 15:23:38 +02:00
Rasmus Lerchedahl Petersen
6408ee2eaf Python: Fix bad join 2021-04-20 20:03:06 +02:00
Rasmus Lerchedahl Petersen
fc2c62350e Python: Fix bad join 
Also fixed up the QLDoc
 2021-04-20 18:54:03 +02:00
Taus
a55b43b67e Python: Use LocalSourceNode throughout step 
This commit does a lot of stuff all at once, so here are the main
highlights:

In `TypeTracker.qll`, we change `StepSummary::step` to step only between
source nodes. Because reads and writes of global variables happen in two
different (jump) steps, this requires the intermediate
`ModuleVariableNode` to _also_ be a `LocalSourceNode`, and we therefore
modify the charpred for that class accordingly. (This also means
changing a few of the tests to account for these new source nodes.)

In addition, we change `TypeTracker::step` to likewise step between
local source nodes.

Next, to enable the use of the `track` convenience method on nodes, we
add some pragmas to `TypeTracker::step` that prevent bad joins from
occurring. With this, we can eliminate all of the manual type tracker
join predicates.

Next, we observe that because `StepSummary::step` now uses `flowsTo`, it
automatically encapsulates all local-flow steps. In particular this
means we do not have to use `typePreservingStep` in `smallstep`, but can
use `jumpStep` directly. A similar observation applies to
`TypeTracker::smallstep`.

Having done this, we no longer need `typePreservingStep`, so we get rid
of it.
 2021-04-20 12:59:33 +00:00
Rasmus Lerchedahl Petersen
30fbb8f1e7 Python: clean up interface 2021-04-13 11:34:47 +02:00
Rasmus Lerchedahl Petersen
178cb6c90f Python: Bit too eager with the modernisation... 
Lift type restrictions to recover results.
 2021-04-13 11:26:05 +02:00
Rasmus Lerchedahl Petersen
7c0b0642c8 Python: Add imports to make code compile 2021-04-13 11:09:27 +02:00
Rasmus Lerchedahl Petersen
b6bd782746 Python: Modernize via CallCfgNode 2021-04-12 23:55:59 +02:00
yoff
e4d74cf098 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-12 23:47:54 +02:00
Rasmus Lerchedahl Petersen
3ff8e010b2 Python: Refactor based on review 
- more natural handling of default arguments
- do not assume default construction gives a family
- simplifies `UnspecificSSLContextCreation`
 2021-04-12 10:00:07 +02:00
Rasmus Lerchedahl Petersen
036fddfdb5 Python: Namable -> Nameable 2021-04-12 08:18:24 +02:00
yoff
02d6de81a7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-12 08:16:36 +02:00
yoff
38daeb4df2 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-07 15:50:51 +02:00
Rasmus Lerchedahl Petersen
a006a92f8d Python: Expand commentary 2021-04-07 08:32:40 +02:00
Rasmus Lerchedahl Petersen
f22db2a30b Python: One family to rule them all... 2021-04-07 08:32:21 +02:00
Rasmus Lerchedahl Petersen
fb95c488e8 Python: format 2021-04-07 08:20:52 +02:00
Rasmus Lerchedahl Petersen
a44490b470 Python: remove unused file 2021-04-06 22:56:07 +02:00
Rasmus Lerchedahl Petersen
0626684442 Python: small cleanups enabled by review 2021-04-06 22:55:32 +02:00
yoff
acf8fd0f03 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-06 22:45:03 +02:00
Rasmus Lerchedahl Petersen
6d72b4fd39 Python: Limit pretty printing to relevant nodes 2021-03-27 03:10:43 +01:00
Rasmus Lerchedahl Petersen
16902c2f56 Python: handle default argument 2021-03-27 02:40:13 +01:00
Rasmus Lerchedahl Petersen
7a511c5682 Python: update naming 2021-03-27 02:20:59 +01:00
Rasmus Lerchedahl Petersen
bd86388447 Python: Add typetracker to constrain attribute. 2021-03-27 01:07:15 +01:00
Rasmus Lerchedahl Petersen
bf81122fc6 Python: fix typo and add linebreaks 2021-03-26 23:37:19 +01:00
Rasmus Lerchedahl Petersen
e0352fe763 Python: remove deprecated section of qhelp file 2021-03-26 23:26:24 +01:00
Rasmus Lerchedahl Petersen
44d62df3f7 Python: Fix model of TLS and add reference 2021-03-26 17:51:18 +01:00
Rasmus Lerchedahl Petersen
470b4d8658 Python: Add missing qldoc 2021-03-26 17:35:36 +01:00
Rasmus Lerchedahl Petersen
98dfe1a00a Python: Elaborate qldoc and renames to match 2021-03-26 17:27:43 +01:00
Rasmus Lerchedahl Petersen
8155334fa7 Python: More elaborate qldoc 
also refactor code to match
 2021-03-26 15:57:07 +01:00