hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 09:51:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,770 Commits 1,784 Branches 169 Tags
96e99f55ad855428770698bed73b650dff204bd1
Commit Graph

834 Commits

Author SHA1 Message Date
Rebecca Valentine
4857a947ac Swaps get_function_or_initializer globally 2020-02-25 10:51:40 -08:00
Rebecca Valentine
cf4b7e1270 Swaps arg_count globally 2020-02-25 10:50:30 -08:00
Rebecca Valentine
c2a3af7e67 Adds objectapi suffix to private predicates 2020-02-25 10:48:29 -08:00
Rebecca Valentine
930228acc5 Un-autoformats 2020-02-25 09:52:46 -08:00
Rebecca Valentine
04951faf86 autoformat 2020-02-25 09:43:51 -08:00
Rasmus Wriedt Larsen
8f70101572 Python: docs: Use <code> tag consistently in UseofInput.qhelp 2020-02-25 15:40:08 +01:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Rasmus Wriedt Larsen
9d629aef95 Python: Highlight py/use-of-input is for Python 2 2020-02-24 15:13:19 +01:00
Taus
285be2893c Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda 
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
 2020-02-21 22:23:02 +01:00
Taus
e444fb8bfa Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Rasmus Wriedt Larsen
abbc9293db Merge pull request #2891 from tausbn/python-special-operations 
Python: Add AST support for special operations.
 2020-02-21 13:16:22 +01:00
Rebecca Valentine
2b1d9c8d16 Updates last library difference 
I'm not entirely sure if `getLiteralObject` and `getLiteralValue` are equivalent, and there don't see to be library tests for this
 2020-02-20 20:20:56 -08:00
Rebecca Valentine
210387a8be Adds bulk of modernizations 2020-02-20 17:32:42 -08:00
Rebecca Valentine
df7f43ee86 Adds modernization 2020-02-20 17:07:56 -08:00
Rebecca Valentine
376638e9c0 Move query over to Rasmus's API for NumericValue 2020-02-20 16:18:54 -08:00
Rebecca Valentine
ab1fcb32ae autoformats 2020-02-20 16:17:43 -08:00
Rebecca Valentine
5d9d724d43 Removes conflicting NumericValue definition 2020-02-20 16:17:33 -08:00
Rebecca Valentine
28be3b47fc Replaces name-reference to the class with canonical predicate. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
5acd982d59 Swaps ...obj for ...val 2020-02-20 15:41:51 -08:00
Rebecca Valentine
96b8d78650 Adds modernized files. 2020-02-20 15:41:51 -08:00
Taus Brock-Nannestad
913db460b2 Python: Add AST support for special operations. 
These have the form `$name(arg1, arg2, ...)` and currently have no semantics.
They may be useful for testing purposes, however.
 2020-02-20 18:05:37 +01:00
Rasmus Wriedt Larsen
fd270cc02c Python: Add basic taint support for urlsplit/urlparse 2020-02-19 16:31:10 +01:00
Rasmus Wriedt Larsen
e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine
d0617ef7bc Autoformat 2020-02-18 09:00:31 -08:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Rebecca Valentine
4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Rebecca Valentine
c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine
a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine
c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Rebecca Valentine
b665f54a31 Corrects query to use builtin instead of special 2020-02-13 14:48:46 -08:00
Rebecca Valentine
3b45fbc87c Adds rough modernization. 2020-02-13 14:22:00 -08:00
jack1142
e1644dd68b Python: Handle __class_getitem__ in py/not-named-self (#2825) 
Fixes #2824
 2020-02-13 13:38:36 +01:00
Rasmus Wriedt Larsen
1558cf2eae Python: Fix typo (decent => descent) 2020-02-13 13:35:29 +01:00
Taus
12113e947f Merge pull request #2603 from RasmusWL/python-fix-http-source-sink 
Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink
 2020-02-12 13:42:22 +01:00
Rebecca Valentine
2270c6c960 Adds modernized files. 2020-02-11 21:45:49 -08:00
Rasmus Wriedt Larsen
1f762841ec Python: In py/import-own-module handle from foo import * 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
5cc2efef8e Python: Fix FPs for py/import-own-module 
Before I added `--max-import-depth=2`, there was a bit of trouble, where it
would alert on `from pkg_ok import foo2` -- since all the `pkg_ok.foo<n>`
modules were missing, I guess the analysis didn't make any assumptions on
whether `foo2` is a module or a regular attribute.
 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
d5c6092920 Python: Fix typo (trakcing => tracking) 2020-02-06 11:50:44 +01:00
Rasmus Wriedt Larsen
de63eb1450 Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut 
Python: Remove manual TC from `ssaShortCut`.
 2020-02-04 14:04:25 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00