hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 05:06:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,915 Commits 1,673 Branches 157 Tags
ce8836fb656e5461fb4e6612672ec910e70737ed
Commit Graph

2914 Commits

Author SHA1 Message Date
yoff
c01ce955ba Merge pull request #11778 from yoff/shared/inline-tests 
Shared: Inline test expectations
 2023-01-09 13:21:18 +01:00
Rasmus Lerchedahl Petersen
c3b3c05cf3 Revert "Merge pull request #37 from erik-krogh/shared/inline-tests" 
This reverts commit 65fe9abcfe, reversing
changes made to 08e9d3391f.
 2023-01-05 09:19:43 +01:00
Calum Grant
ad55706527 Merge branch 'main' into calumgrant/remove-lgtm 2023-01-03 10:27:30 +00:00
Calum Grant
2d0f8798a4 Py: Reformat test 2022-12-28 11:05:48 +00:00
erik-krogh
b3dd50bc36 inline Location into the shared implementation of InlineExpectationsTest 2022-12-22 11:09:43 +01:00
Rasmus Lerchedahl Petersen
e8d3802ee5 Python: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:05 +01:00
Arthur Baars
dceb142551 Merge pull request #11771 from aibaars/alert-suppression-fix-test 
AlertSuppression: fix python test cases
 2022-12-21 13:14:59 +01:00
Arthur Baars
2f16d8d86a AlertSuppression: fix python test cases 2022-12-21 11:26:16 +01:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Rasmus Lerchedahl Petersen
f5e33ac00a Merge remote-tracking branch 'origin/main' into python/support-grouped-exceptions 2022-12-20 13:31:50 +01:00
Rasmus Lerchedahl Petersen
ad6ed2f629 python: update expectations 
extra tests
 2022-12-20 13:01:27 +01:00
Calum Grant
cfd79e2006 Py: Put in commented-out test and update expected 2022-12-19 17:29:48 +00:00
Arthur Baars
0f313231bc AlertSuppression: add more tests 2022-12-19 16:43:11 +01:00
Calum Grant
a1d229e445 Python: Remove references to LGTM 2022-12-19 15:15:32 +00:00
Arthur Baars
c9739b21cb AlertSuppression: add support for //codeql comments 2022-12-19 16:10:28 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
yoff
5f0cde5be7 Merge branch 'main' into python/support-grouped-exceptions 2022-12-19 13:38:25 +01:00
Arthur Baars
f68e18cd9c Python: move AlertSuppression.ql 2022-12-19 12:39:01 +01:00
Arthur Baars
acb5d6e163 Python: use shared AlertSuppression.qll 2022-12-19 12:26:12 +01:00
Rasmus Lerchedahl Petersen
997e3599f0 python: make tests valid and more fleshed out 2022-12-15 12:54:16 +01:00
Rasmus Lerchedahl Petersen
8e8d36f35e python: this also works in 3.11 2022-12-15 12:54:14 +01:00
Rasmus Lerchedahl Petersen
3ace1ee69f Python: remove obsolete coments 2022-12-15 12:54:13 +01:00
Tom Hvitved
39fea378b8 Python: Update expected test output 2022-12-13 09:53:01 +01:00
Rasmus Wriedt Larsen
d684dbdf5c Merge pull request #10656 from porcupineyhairs/PyPamImprove 
Python: Improve the PAM authentication bypass query
 2022-12-08 11:59:10 +01:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Tom Hvitved
b5e2e1e469 Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks 
Data flow: Add consistency checks for parameter positions
 2022-12-06 09:33:36 +01:00
Tom Hvitved
8f701cf1cb Python: Update expected test output 2022-12-05 14:33:06 +01:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
Jami Cogswell
25f0a13e15 update python test cases 2022-12-01 11:56:44 -05:00
Rasmus Wriedt Larsen
544de5232c Python: Use ' instead of ` in select text 2022-11-29 14:47:45 +01:00
Rasmus Wriedt Larsen
4e67ec19d0 Python: Adjust alert text of py/pam-auth-bypass 2022-11-28 16:14:38 +01:00
Rasmus Wriedt Larsen
f8442ccb0e Python: Adjust PAM Auth bypass test slightly 2022-11-28 16:08:44 +01:00
Rasmus Wriedt Larsen
fef06679e5 Python: Remove options file for PAM Auth Bypass 
Should not be needed
 2022-11-28 16:03:32 +01:00
Rasmus Wriedt Larsen
479a9e4156 Python: Update .expected 2022-11-28 16:01:42 +01:00
Rasmus Lerchedahl Petersen
91198524cd Python: port py/super-not-enclosing-class 2022-11-23 14:37:45 +01:00
Asger F
1c910550e6 Python: merge package/type columns 2022-11-23 11:17:42 +01:00
Rasmus Wriedt Larsen
5866af413f Merge pull request #11347 from tausbn/python-clean-up-import-resolution 
Python: Add change note for module resolution
 2022-11-22 15:28:38 +01:00
Rasmus Wriedt Larsen
04a68f8d52 Merge pull request #11372 from RasmusWL/getpass 
Python: Model `getpass.getpass` as source of passwords
 2022-11-22 14:49:04 +01:00
Rasmus Wriedt Larsen
9195b73d84 Python: Model getpass.getpass as source of passwords 2022-11-22 14:11:52 +01:00
Rasmus Wriedt Larsen
80e71b202a Python: Cleartext queires: Remove flow from getpass.py 2022-11-22 14:08:00 +01:00
Rasmus Wriedt Larsen
9342e3ba76 Python: Enable new test 
But look at all those elements from getpass.py implementation :(
 2022-11-22 13:59:59 +01:00
Rasmus Wriedt Larsen
e01df3ea7c Python: Prepare for new test 
.expected line changes 😠
 2022-11-22 13:52:50 +01:00
Rasmus Wriedt Larsen
1b30cf8eca Merge branch 'main' into call-graph-tests 2022-11-22 13:39:27 +01:00
Rasmus Wriedt Larsen
84faf49bf0 Python: Add tests for compound arguments field flow 2022-11-22 11:29:00 +01:00
Rasmus Wriedt Larsen
d876acde4c Python: Fix SINK/SINK_F usage for crosstalk tests 
As discussed in PR review
https://github.com/github/codeql/pull/11208#discussion_r1022473421
 2022-11-22 11:29:00 +01:00
Taus
f12e15b46b Python: Fix implicit this warnings 2022-11-21 15:23:13 +00:00
Taus
a385e87273 Python: Add change note for module resolution 
Also adapts the version-specific tests to support results specific to
Python 2 (though at the moment there are no such tests).
 2022-11-21 14:29:39 +00:00
Porcupiney Hairs
db231a111c Python : Improve the PAM authentication bypass query 
The current PAM auth bypass query which was contributed by me a few months back, alert on a vulenrable function but does not check if the function is actually function. This leads to a lot of fasle positives.

With this PR, I add a taint-tracking configuration to check if the username parameter can actually be supplied by an attacker.

This should bring the FP's significantly down.
 2022-11-19 01:29:25 +05:30
Taus
e76ab8c78c Merge branch 'main' into python-clean-up-import-resolution 2022-11-17 22:47:50 +00:00
Taus
811426c586 Python: Remove manual magic entirely 
This was causing issues with imports with many "dots" in the name.

Previously, the test added in this commit would not have the desired
result for the `check` call.
 2022-11-17 14:15:55 +00:00