hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,557 Commits 1,671 Branches 157 Tags
c2443f2342a20a0abd04f51be57b40d694b51e4b
Commit Graph

1257 Commits

Author SHA1 Message Date
Rebecca Valentine
c2443f2342 Python: ObjectAPI to ValueAPI: OverlyComplexDelMethod: Adds preliminary modernization 2020-04-07 21:31:35 -07:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Rebecca Valentine
be86c9c066 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Explains why getAnInferredReturnType is weird for builtins 2020-04-03 15:16:16 -07:00
Rebecca Valentine
64b17888e5 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Reorganizes getAnInferredReturnType() 2020-04-03 15:14:25 -07:00
Rebecca Valentine
712fb8badc Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: Autoformats 2020-04-02 09:19:41 -07:00
Rebecca Valentine
cdda80623d Merge branch 'master' into python-objectapi-to-valueapi-iterreturnsnonself 2020-04-02 09:16:23 -07:00
semmle-qlci
6757924183 Merge pull request #3157 from tausbn/python-fix-analysis-qhelp-link 
Approved by felicitymay
 2020-04-02 11:43:15 +01:00
Taus
d540bf6ce5 Merge pull request #3039 from BekaValentine/python-objectapi-to-valueapi-returnvalueignored 
Python: ObjectAPI to ValueAPI: ReturnValueIgnored
 2020-04-02 11:42:01 +02:00
Rebecca Valentine
cc53b15a5d Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Reorganizes predicates 2020-04-01 14:41:49 -07:00
Taus
bd41bb59ec Merge pull request #3032 from BekaValentine/python-objectapi-to-valueapi-signatureoverriddenmethod 
Python: ObjectAPI to ValueAPI: SignatureOverriddenMethod
 2020-04-01 23:03:27 +02:00
Rebecca Valentine
09349f1957 Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Autoformats 2020-04-01 12:54:42 -07:00
Rebecca Valentine
28319ee0f7 Python: ObjectAPI to ValueAPI: SignatureOverriddenMethod: Autoformats 2020-04-01 12:32:21 -07:00
Rebecca Valentine
838e37ca98 Python: ObjectAPI to ValueAPI: ReturnValueIgnore: Moves getAnInferredType to CallableObjectInternal 2020-04-01 08:45:27 -07:00
Rebecca Valentine
97b4077162 Merge branch 'master' into python-objectapi-to-valueapi-signatureoverriddenmethod 2020-04-01 07:42:10 -07:00
Rebecca Valentine
12377badf9 Merge branch 'master' into python-objectapi-to-valueapi-returnvalueignored 2020-04-01 07:37:17 -07:00
Taus Brock-Nannestad
554bb76746 Python: Fix up (hopefully) the last file that needs autoformatting. 2020-04-01 14:16:35 +02:00
Rasmus Wriedt Larsen
f8f51109d0 Python: Add missing ` in qldoc 2020-04-01 12:07:19 +02:00
Rebecca Valentine
093eb71433 Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Adds getAReturnType 2020-04-01 00:17:12 -07:00
Rebecca Valentine
eb4a567a34 Merge branch 'master' into python-objectapi-to-valueapi-signatureoverriddenmethod 2020-03-31 23:36:15 -07:00
Rebecca Valentine
eab31d3bef Python: ObjectAPI to ValueAPI: SignatureOverriddenMethod: Updates expected results 2020-03-31 23:34:17 -07:00
Rebecca Valentine
0b2db56051 Python: ObjectAPI to ValueAPI: ObjectAPI.qll: Fixes error in isIterator 2020-03-31 22:15:21 -07:00
Rebecca Valentine
42388b0d97 Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Adds prototype version of getAnInferredReturnType 2020-03-31 22:11:58 -07:00
Taus
e31143c9f8 Merge pull request #2889 from RasmusWL/python-add-custom-sanitizer-example 
Python: Add example for how to write your own sanitizer
 2020-03-30 22:59:56 +02:00
Rasmus Wriedt Larsen
6127d8b8f4 Python: Fixup comment alignment 2020-03-30 18:32:31 +02:00
Rasmus Wriedt Larsen
fad03e77cc Python: Move helper predicate outside of class 
otherwise the helper predicate can (and sometimes will) be evaluated once _per_
instance of that class.
 2020-03-30 18:31:16 +02:00
Rasmus Wriedt Larsen
663dc24753 Python: Apply suggestion from Taus 
rewrote the qldoc to explain it as well.
 2020-03-30 18:29:08 +02:00
Rasmus Wriedt Larsen
0b4bfed726 Merge pull request #3156 from tausbn/python-autoformat-all-ql-files 
Python: Autoformat all `.ql` files.
 2020-03-30 16:24:18 +02:00
Taus Brock-Nannestad
b990fac97b Python: Fix test failures. 
How could the tests fail because of autoformatting, you may ask?

The answer is deprecation warnings. These specify the location of the deprecated
entity, and due to autoformatting these moved around.
 2020-03-30 13:55:38 +02:00
Taus Brock-Nannestad
2229e34466 Python: Fix outdated link in ImportFailure.qhelp. 2020-03-30 13:14:37 +02:00
Taus Brock-Nannestad
ab4cef53c2 Python: Autoformat one final straggler. 2020-03-30 12:36:43 +02:00
Taus Brock-Nannestad
727cde31c9 Python: Autoformat a few final stragglers. 2020-03-30 12:30:14 +02:00
Taus Brock-Nannestad
6eb9c6f84d Merge branch 'master' into python-autoformat-almost-everything 2020-03-30 12:24:01 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Rasmus Wriedt Larsen
dc9dbf3682 Python: Autoformat 2020-03-25 11:56:18 +01:00
Rasmus Wriedt Larsen
12c6997e7b Python: Reduce result set in custom taint sanitizer 2020-03-25 11:55:29 +01:00
semmle-qlci
a413a3254b Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable 
Approved by tausbn
 2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Rasmus Wriedt Larsen
05ecfc83f7 Python: Add test-case with swapped decorator order 2020-03-24 14:18:46 +01:00
Taus
fe00d1cbf4 Merge pull request #2888 from RasmusWL/python-tarslip-sanitizer 
Python: Improve tarslip sanitizer
 2020-03-24 12:59:20 +01:00
Rasmus Wriedt Larsen
3ed48aae4c Python: remove leftover arg in test code 2020-03-24 11:49:08 +01:00
Rasmus Wriedt Larsen
5ec0716cb0 Python: Add points-to regression when using @classmethod decorators 
Specifically a problem when using a second decorator
 2020-03-24 11:39:08 +01:00
Rasmus Wriedt Larsen
4b8020b98d Python: Autoformat Command.qll 2020-03-24 10:11:57 +01:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink 
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
 2020-03-23 17:04:08 +01:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not 
It was a bit confusing what was meant before
 2020-03-23 12:00:59 +01:00