hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,401 Commits 1,673 Branches 157 Tags
ae2a5da63f4c07c562bf1fb9e3d39e4f669ae87f
Commit Graph

2554 Commits

Author SHA1 Message Date
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Rasmus Wriedt Larsen
902bade5ae Merge pull request #5015 from yoff/python-add-missing-postupdate-nodes 
Python: add missing postupdate nodes
 2021-01-26 14:39:29 +01:00
Taus
4c0f54f5d3 Merge pull request #5007 from yoff/python-disregard-comp-args 2021-01-26 12:53:33 +01:00
Rasmus Lerchedahl Petersen
e253855999 Python: Add comment about reverse reads. 2021-01-26 12:11:21 +01:00
Rasmus Lerchedahl Petersen
e44f1813fa Python: Add TODO comment 2021-01-26 11:29:14 +01:00
Rasmus Lerchedahl Petersen
2c58643fd1 Python: Test for parameters without nodes. 2021-01-26 11:28:31 +01:00
CodeQL CI
c1726ed868 Merge pull request #5014 from RasmusWL/typetracking-test-track-self 
Approved by tausbn
 2021-01-26 02:10:52 -08:00
Rasmus Lerchedahl Petersen
7b9ca7171a Python: update test expectations 2021-01-26 09:47:48 +01:00
Rasmus Lerchedahl Petersen
dacc21d0b5 Python: update test expectation 2021-01-26 09:45:41 +01:00
yoff
7ba0939239 Merge pull request #4995 from RasmusWL/tornado-model-http-sinks 
Python: model HTTP sink in Tornado
 2021-01-25 21:53:44 +01:00
Rasmus Lerchedahl Petersen
96b7f75905 Python: add postupdate nodes for kwargs 
drops remaining reverse read failures on saltstack.
 2021-01-25 17:34:49 +01:00
Rasmus Wriedt Larsen
a8186be2fa Python: Add test of type-tracking self in methods 2021-01-25 17:20:11 +01:00
Rasmus Lerchedahl Petersen
ad39bfb2ff Python: Add postupdate nodes for subscripts. 
This drops reverse read inconsistencies on saltstack from 14909 to 1353.
 2021-01-25 17:01:25 +01:00
Rasmus Lerchedahl Petersen
361bee851a Python: Tests inspired by reverse read check 2021-01-25 17:01:25 +01:00
Rasmus Lerchedahl Petersen
89e56707c3 Python: Omit all unresolved parameter nodes. 
Drops the results further to 139.
 2021-01-24 16:16:07 +01:00
Rasmus Lerchedahl Petersen
baf0917524 On saltstack this drops the number of consistency errors 
of type uniqueEnclosingCallable from 4026 to 614.
 2021-01-24 15:30:59 +01:00
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Wriedt Larsen
b55817a5b2 Python: Model HTTP responses in tornado 
This is quite a simpel model, but ends up matching what we were able to do with
points-to.

I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
 2021-01-21 13:26:31 +01:00
Rasmus Wriedt Larsen
ac77a8b8a8 Python: Add proper HTTP response tests for Tornado 2021-01-21 13:22:31 +01:00
Rasmus Lerchedahl Petersen
e786be06ae Python: Fix broken references 2021-01-21 12:40:35 +01:00
Rasmus Lerchedahl Petersen
419449fb8a Python: default value for argN 2021-01-20 20:33:04 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
yoff
3fc085ff38 Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-20 16:11:40 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Lerchedahl Petersen
23d3343bfb Merge branch 'main' of github.com:github/codeql into python-dataflow-modernize-tests 2021-01-19 18:24:52 +01:00
Rasmus Lerchedahl Petersen
8e126603b3 Python: Remember that old style tests still needs 
updated expectations.
 2021-01-19 18:21:27 +01:00
Rasmus Lerchedahl Petersen
ae38bbe03b Python: Fearlessly adding another test 
in the middle of the file.
 2021-01-19 18:19:11 +01:00
Rasmus Lerchedahl Petersen
69913c053e Python: relative line numbers in 
MISSING-annotations
 2021-01-19 18:10:22 +01:00
Rasmus Lerchedahl Petersen
77da4b0106 Python: Remove absolute line numbers 
- Use relative line numbers in flow test
- Elide line numbers in routing test (new concept)
 2021-01-19 17:05:42 +01:00
Rasmus Lerchedahl Petersen
42fa3bdb81 Python: Only consider the closest SOURCE 
(in use-use flow) a source
 2021-01-19 09:13:17 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Wriedt Larsen
2ba7ed4940 Python: Add note about future work for getARequestHandler 2021-01-12 13:32:43 +01:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Taus
75cfec863f Merge pull request #4828 from yoff/yoff-python-add-source-nodes 
Python: add source nodes
 2021-01-05 15:07:51 +01:00
Rasmus Lerchedahl Petersen
8ceb33d3f7 Python: Also restrict StepSumary::step 2021-01-04 16:42:11 +01:00