8 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	f30dad7705	Dataflow: Update test expected outputs.	2021-09-07 13:02:20 +02:00
Rasmus Lerchedahl Petersen	64c0eaf305	Python: Update test expectations	2021-02-25 11:49:57 +01:00
Rasmus Wriedt Larsen	a19da54c9e	Python: Exclude flask.request imports as RemoteFlowSource ... When I changed the taint modeling in 19b7ea8d85, that obviously also means that some of the related locations for alerts will change. So that's why all the examples needs to be updated. Besides this, I had to fix a minor problem with having too many alerts. If running a query agaisnt code like in the example below, there would be 3 alerts, 2 of them originating from the import. ``` from flask import Flask, request app = Flask(__name__) @app.route("/route") def route(): SINK(request.args.get['input']) ``` The 2 import sources where: - ControlFlowNode for ImportMember - GSSA Variable request I removed these from being a RemoteFlowSource, as seen in the diff. I considered restricting `FlaskRequestSource` so it only extends `DataFlow::CfgNode` (and make the logic a bit simpler), but I wasn't actually sure if that was safe to do or not... If you know, please let me know :)	2021-02-19 12:22:05 +01:00
Rasmus Wriedt Larsen	7afe3972d8	Revert "Merge pull request #5171 from RasmusWL/restructure-queries" ... This reverts commit 8caafb3710, reversing changes made to ec79094957.	2021-02-17 16:32:53 +01:00
Rasmus Wriedt Larsen	8494fcf45f	Python: Move query tests to reflect new file layout	2021-02-16 13:15:01 +01:00
Rasmus Wriedt Larsen	1d6f9bee08	Python: Update qlrefs	2021-02-16 11:48:36 +01:00
Rasmus Wriedt Larsen	4ab3fff973	Python: Fix untrusted data to external API example ... The hmac.digest function was only added in python 3.7, so obviously doesn't work on Python 2	2020-11-30 10:42:30 +01:00
Rasmus Wriedt Larsen	9e4910f863	Python: Untrusted data used in external APIs ... A port of the one for Java that was added in https://github.com/github/codeql/pull/3938	2020-11-26 18:19:35 +01:00