hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,052 Commits 1,740 Branches 165 Tags
98dfe1a00a14e6dfc8c27d84cfeb2ee363515f56
Commit Graph

220 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
3d5511221e Python: Add test for implicit __init__.py files 2020-09-25 11:48:38 +02:00
Rasmus Wriedt Larsen
120a569c6f Python: Explain how CallGraph test.py even works 
Also remove options file, since it did nothing at all (and blocked
experimental/library-tests/options from taking effect)
 2020-09-25 11:42:59 +02:00
Rasmus Wriedt Larsen
624cdd339a Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:12 +02:00
Rasmus Wriedt Larsen
71a75ce596 Python: Handle bound methods in flask modeling 2020-09-22 16:33:35 +02:00
Rasmus Wriedt Larsen
5709189c2a Python: Expand flask test 2020-09-22 16:33:34 +02:00
Rasmus Wriedt Larsen
e614365963 Python: Adopt new approach in flask modeling 
Removed all the dict-like stuff, not sure that is how we should do things.
 2020-09-22 16:33:33 +02:00
Rasmus Wriedt Larsen
a82fa04d8a Python: Add worked example of taint step modeling of external libs 
This can't be seen on the example, but I went through quite a lot of iterations
before arriving at this fairly simple solution.
 2020-09-22 16:28:26 +02:00
Rasmus Wriedt Larsen
00ea0cebc3 Python: More Flask modeling kinda works 
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|

A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
 2020-09-22 16:28:25 +02:00
Rasmus Wriedt Larsen
3c08590ee4 Python: Expand flask tests a bit 2020-09-22 16:28:24 +02:00
Rasmus Wriedt Larsen
7c205dd3fc Python: First attempt at modeling Flask 2020-09-22 16:28:21 +02:00
Rasmus Wriedt Larsen
569e54e7bb Python: Remove symlink from experimental test 2020-08-27 11:19:55 +02:00
Rasmus Wriedt Larsen
dc7d92ba2f Python: Autoformat experimental/library-tests/CallGraph/ 2020-07-13 16:20:02 +02:00
Rasmus Wriedt Larsen
83bd14b687 Python: Make experimental/library-tests/CallGraph pass for Python 2 
The import doesn't actually work the intended way, so running
```
$ python python/ql/test/experimental/library-tests/CallGraph/test.py
```

will procude no output. but our extractor will extract the things we need, so
for a quick fix this will need to suffice.
 2020-07-13 14:52:28 +02:00
Rasmus Wriedt Larsen
d00e7396c4 Python: Consistently use camelCase in annotated call-graph tests 2020-07-06 17:59:16 +02:00
Rasmus Wriedt Larsen
65c4e6c02a Python: Disable class instantiation annotation for now 
Adjusting test setup properly requires some deep thinking, and I don't think I'm
ready to do that right now. Added a TODO instead.
 2020-07-06 17:48:15 +02:00
Rasmus Wriedt Larsen
cd8ea78420 Python: Autoformat 2020-07-06 17:34:19 +02:00
Rasmus Wriedt Larsen
9e252d5465 Python: Explain random example 2020-07-06 17:30:49 +02:00
Rasmus Wriedt Larsen
849159b279 Python: Unlimited import depth 2020-07-06 17:30:26 +02:00
Rasmus Wriedt Larsen
acfc62cad6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-07-06 17:21:29 +02:00
Rasmus Wriedt Larsen
155bbbdec9 Python: Add annotated call-graph tests 
See the added README for in-depth details
 2020-06-24 22:15:39 +02:00