hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,045 Commits 1,672 Branches 157 Tags
b0303158a57205d162fd3aaa68a7072c6735d74c
Commit Graph

1145 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
b0303158a5 Merge pull request #3088 from tausbn/python-prepare-autoformatting 
Python: Prepare for autoformatting.
 2020-03-18 17:48:46 +01:00
Taus Brock-Nannestad
57af7b84aa Python: Prepare for autoformatting. 
Mostly fixes up a bunch of comments that were made wonky by the autoformatter.
 2020-03-18 13:59:38 +01:00
Rebecca Valentine
f351916418 Merge branch 'master' into testmerge 2020-03-17 12:32:45 -07:00
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Rebecca Valentine
c7a2925620 Python: Exceptions.qll: Clean up handleObject again 2020-03-16 14:52:51 -07:00
Rebecca Valentine
34ab4efeda Python: ObjectAPI.qll: getOrigin now returns a CFG 2020-03-16 14:52:23 -07:00
Rebecca Valentine
45e47b92a0 Python: IllegalExceptionHandlerType.ql: Autoformats 2020-03-16 14:48:05 -07:00
Rebecca Valentine
5d55db116b Python: Exceptions.qll: Updates handledObject to use getOrigin 2020-03-16 11:24:55 -07:00
Rebecca Valentine
787b80f9ae Python: ObjectAPI.qll: Adds getOrigin predicate 2020-03-16 11:24:22 -07:00
Rasmus Wriedt Larsen
b45f8ff41d Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version 
Python: Make two tests not depend on minor Python version.
 2020-03-13 10:56:40 +01:00
Taus Brock-Nannestad
3d0ee90880 Python: Make two tests not depend on minor Python version. 
For syntax errors, we simply report the major version.

For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
 2020-03-12 18:19:53 +01:00
Taus
099997088a Merge pull request #3005 from RasmusWL/python-modernise-string-taint 
Python: Modernise StringKind files
 2020-03-12 15:01:18 +01:00
Rasmus Wriedt Larsen
e52fec03f8 Python: Fix code formatting 2020-03-11 18:16:55 +01:00
Rebecca Valentine
f80e206d33 Merge pull request #3008 from RasmusWL/python-modernise-security-files 
Python: modernise remaining security files
 2020-03-11 08:56:19 -07:00
Rasmus Wriedt Larsen
f5a8084a33 Merge pull request #2827 from BekaValentine/objectapi-to-valueapi-expectedmappingforformatstring 
Python: ObjectAPI to ValueAPI: ExpectedMappingForFormatString
 2020-03-11 10:52:48 +01:00
Rasmus Wriedt Larsen
47cd9c8956 Merge pull request #3038 from BekaValentine/python-objectapi-to-valueapi-deprecatedslicemethod 
Python: ObjectAPI to ValueAPI: DeprecatedSliceMethod
 2020-03-11 10:51:01 +01:00
Taus
11b5c54a0e Merge pull request #2820 from RasmusWL/python-modernise-statements 
Python: modernise Statements/ queries
 2020-03-10 16:46:50 +01:00
Rebecca Valentine
b36214ae47 Python: Modernizes query and updates expecteds 2020-03-10 08:33:29 -07:00
semmle-qlci
4c1d76ee9a Merge pull request #2937 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsforformat 
Approved by tausbn
 2020-03-10 15:04:05 +00:00
Rebecca Valentine
909e064016 Merge branch 'objectapi-to-valueapi-expectedmappingforformatstring' of github.com:BekaValentine/ql into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:54:56 -07:00
Rebecca Valentine
1234cb6e0f Python: Incorporates updates from new master 2020-03-10 07:54:28 -07:00
Rebecca Valentine
b7bcf6c3d0 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:51:48 -07:00
Rebecca Valentine
c690e2595c Merge pull request #3007 from RasmusWL/python-remove-use-of-deprecated-getvalue 
Python: Remove usage of deprecated .getValue()
 2020-03-10 07:18:41 -07:00
Taus
ea5aa57151 Merge pull request #3031 from BekaValentine/python-objectapi-to-valueapi-signaturespecialmethods 
Python: ObjectAPI to ValueAPI: SignatureSpecialMethods
 2020-03-10 14:54:39 +01:00
Rasmus Wriedt Larsen
b1d1974a0f Merge branch 'master' into python-modernise-statements 2020-03-10 14:53:44 +01:00
Taus
dd0ce1c607 Merge pull request #2942 from RasmusWL/pyhton-improve-regex-docs 
Python: Add a bit of regex docs
 2020-03-10 14:49:31 +01:00
Rasmus Wriedt Larsen
2382b42bbe Python: Rewrite helper predicate has_string_type 2020-03-10 14:47:49 +01:00
Rasmus Wriedt Larsen
f3a10a12a1 Python: Fix typo 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-03-10 14:45:33 +01:00
Rasmus Wriedt Larsen
5439059b0d Python: Minor cleanup in regex.qll 2020-03-10 14:00:30 +01:00
Taus
e3160f966f Merge pull request #2932 from RasmusWL/python-re.compile-missing-points-to 
Python: Add example of re.compile missing points-to
 2020-03-10 11:55:23 +01:00
Rasmus Wriedt Larsen
5e62f54094 Merge pull request #3030 from BekaValentine/python-objectapi-to-valueapi-useimplicitnonereturnvalue 
Python: ObjectAPI to ValueAPI: UseImplicitNoneReturnValue
 2020-03-10 10:38:06 +01:00
Rasmus Wriedt Larsen
1b8154c139 Merge pull request #2925 from BekaValentine/python-objectapi-to-valueapi-callargs 
Python: ObjectAPI to ValueAPI: CallArgs
 2020-03-10 10:26:21 +01:00
Rebecca Valentine
047c328c58 Update python/ql/src/semmle/python/objects/ObjectAPI.qll 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 19:20:08 -07:00
Rebecca Valentine
e8708a083f Python: Modernizes query and expecteds 2020-03-09 19:13:54 -07:00
Rebecca Valentine
48e67bca51 Python: Modernizes query 2020-03-09 18:57:42 -07:00
Rebecca Valentine
810efc5ca2 Python: Adds Rasmus's suggestion 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 16:21:34 -07:00
Rebecca Valentine
f4f8c6e1e5 Python: Swaps out element_from_tuple 2020-03-09 16:20:22 -07:00
Taus
be09c17367 Merge pull request #2990 from BekaValentine/python-objectapi-to-valueapi-raisingtuple 
Python: ObjectAPI to ValueAPI: RaisingTuple
 2020-03-10 00:16:12 +01:00
Taus
96e99f55ad Merge pull request #2976 from BekaValentine/python-objectapi-to-valueapi-emptyexcept 
Python: ObjectAPI to ValueAPI: EmptyExcept
 2020-03-09 23:56:27 +01:00
Taus
b51e2a9e80 Merge pull request #2977 from BekaValentine/python-objectapi-to-valueapi-catchingbaseexception 
Python: ObjectAPI to ValueAPI: CatchingBaseException
 2020-03-09 22:54:50 +01:00
Rebecca Valentine
c9c469b201 Python: Modernizes queries 2020-03-09 12:52:33 -07:00
Rebecca Valentine
6a1203a60f Python: Adds modernized predicates 2020-03-09 12:52:15 -07:00
Rebecca Valentine
6636f72e07 Python: Moves more predicates over to suffixed form 2020-03-09 11:59:44 -07:00
Rebecca Valentine
6d10c47cba Python: Moves predicates over to suffixed form 2020-03-09 11:56:57 -07:00
Rasmus Wriedt Larsen
a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen
a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
Rasmus Wriedt Larsen
31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Rasmus Wriedt Larsen
0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen
cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00