hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,454 Commits 1,673 Branches 157 Tags
b55921a391a4a49bf3155b8d35057ffac49ecdff
Commit Graph

2660 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
b6007cf324 Merge pull request #5023 from yoff/python-unify-synthetic-post-update-nodes 
Python: Only generate one post-update node, even if there are multiple reasons for doing so.
 2021-01-28 13:11:50 +01:00
Rasmus Lerchedahl Petersen
ae2c122159 Python: Small refactor 
- align synthetic pre-update nodes with synthetic post -update nodes
- move the classes into the modules
- rename modules after the new main class (eliding "needs")
 2021-01-27 23:15:50 +01:00
Rasmus Wriedt Larsen
5646af56dd Python: Fix too many results from DataFlow::importNode 2021-01-27 19:11:55 +01:00
Rasmus Wriedt Larsen
0d42e546a0 Python: Add deep import chain to import-helper tests 2021-01-27 19:09:09 +01:00
Rasmus Wriedt Larsen
44bb41e84b Python: Add extra type-tracking test for "long" import chain 
While trying to debug an other problem related to full import of django view, I
stumbled upon this oddity. (yikes)
 2021-01-27 19:06:51 +01:00
Rasmus Lerchedahl Petersen
5d62a56ed8 Python: Remove debug function 2021-01-27 08:24:11 +01:00
Rasmus Lerchedahl Petersen
d29fdda779 Python: Only generate one post-update node, 
even if there are multiple reasons for doing so.
Solves `uniqueNodeToString` inconsistencies
(and probably saves quite a lot of nodes).
 2021-01-27 01:20:51 +01:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Rasmus Wriedt Larsen
902bade5ae Merge pull request #5015 from yoff/python-add-missing-postupdate-nodes 
Python: add missing postupdate nodes
 2021-01-26 14:39:29 +01:00
Taus
4c0f54f5d3 Merge pull request #5007 from yoff/python-disregard-comp-args 2021-01-26 12:53:33 +01:00
Rasmus Lerchedahl Petersen
e253855999 Python: Add comment about reverse reads. 2021-01-26 12:11:21 +01:00
Rasmus Lerchedahl Petersen
e44f1813fa Python: Add TODO comment 2021-01-26 11:29:14 +01:00
Rasmus Lerchedahl Petersen
2c58643fd1 Python: Test for parameters without nodes. 2021-01-26 11:28:31 +01:00
CodeQL CI
c1726ed868 Merge pull request #5014 from RasmusWL/typetracking-test-track-self 
Approved by tausbn
 2021-01-26 02:10:52 -08:00
Rasmus Lerchedahl Petersen
7b9ca7171a Python: update test expectations 2021-01-26 09:47:48 +01:00
Rasmus Lerchedahl Petersen
dacc21d0b5 Python: update test expectation 2021-01-26 09:45:41 +01:00
yoff
7ba0939239 Merge pull request #4995 from RasmusWL/tornado-model-http-sinks 
Python: model HTTP sink in Tornado
 2021-01-25 21:53:44 +01:00
Rasmus Lerchedahl Petersen
96b7f75905 Python: add postupdate nodes for kwargs 
drops remaining reverse read failures on saltstack.
 2021-01-25 17:34:49 +01:00
Rasmus Wriedt Larsen
a8186be2fa Python: Add test of type-tracking self in methods 2021-01-25 17:20:11 +01:00
Rasmus Lerchedahl Petersen
ad39bfb2ff Python: Add postupdate nodes for subscripts. 
This drops reverse read inconsistencies on saltstack from 14909 to 1353.
 2021-01-25 17:01:25 +01:00
Rasmus Lerchedahl Petersen
361bee851a Python: Tests inspired by reverse read check 2021-01-25 17:01:25 +01:00
Rasmus Lerchedahl Petersen
89e56707c3 Python: Omit all unresolved parameter nodes. 
Drops the results further to 139.
 2021-01-24 16:16:07 +01:00
Rasmus Lerchedahl Petersen
baf0917524 On saltstack this drops the number of consistency errors 
of type uniqueEnclosingCallable from 4026 to 614.
 2021-01-24 15:30:59 +01:00
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Wriedt Larsen
b55817a5b2 Python: Model HTTP responses in tornado 
This is quite a simpel model, but ends up matching what we were able to do with
points-to.

I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
 2021-01-21 13:26:31 +01:00
Rasmus Wriedt Larsen
ac77a8b8a8 Python: Add proper HTTP response tests for Tornado 2021-01-21 13:22:31 +01:00
Rasmus Lerchedahl Petersen
e786be06ae Python: Fix broken references 2021-01-21 12:40:35 +01:00
Rasmus Lerchedahl Petersen
419449fb8a Python: default value for argN 2021-01-20 20:33:04 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
yoff
3fc085ff38 Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-20 16:11:40 +01:00
yoff
d0663e5c3a Merge pull request #4971 from RasmusWL/avoid-double-route-setup-django 
Python: Avoid duplicated route-setup in django
 2021-01-20 16:10:33 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Lerchedahl Petersen
23d3343bfb Merge branch 'main' of github.com:github/codeql into python-dataflow-modernize-tests 2021-01-19 18:24:52 +01:00
Rasmus Lerchedahl Petersen
8e126603b3 Python: Remember that old style tests still needs 
updated expectations.
 2021-01-19 18:21:27 +01:00
Rasmus Lerchedahl Petersen
ae38bbe03b Python: Fearlessly adding another test 
in the middle of the file.
 2021-01-19 18:19:11 +01:00
Rasmus Lerchedahl Petersen
69913c053e Python: relative line numbers in 
MISSING-annotations
 2021-01-19 18:10:22 +01:00
Rasmus Lerchedahl Petersen
77da4b0106 Python: Remove absolute line numbers 
- Use relative line numbers in flow test
- Elide line numbers in routing test (new concept)
 2021-01-19 17:05:42 +01:00
Rasmus Wriedt Larsen
830f8bfef6 Python: Add change-note for Flask class based view handlers 
For https://github.com/github/codeql/pull/4944
 2021-01-19 15:09:04 +01:00
Rasmus Lerchedahl Petersen
42fa3bdb81 Python: Only consider the closest SOURCE 
(in use-use flow) a source
 2021-01-19 09:13:17 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
f9a29cb886 Python: Add change-note for tornado source modeling 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00