hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,772 Commits 1,672 Branches 157 Tags
cedf9ef538cbb59f1e504cf105a5ae41914d76fc
Commit Graph

5495 Commits

Author SHA1 Message Date
yoff
cedf9ef538 python: make DataFlowCall "publicly usable" 
- add `getCallable`, `getArg` and `getNode`
- these are `none` for summary calls
- revert "external" uses (they had been changed to `DataFlowSourceCall`)
 2022-06-23 08:32:23 +00:00
yoff
dd69100dcd python: ParameterNode -> SourceParameterNode 2022-06-21 12:55:22 +00:00
yoff
2c2395ffd7 python: ParameterNode is the one used publicly 
- it contains also synthesized nodes, but getParameter returns none for these.
- hide isParameterOf
 2022-06-21 12:38:40 +00:00
yoff
8a2125353d Python: fix definition of LocalSourceNode 
and typo
 2022-06-20 08:48:33 +00:00
yoff
8b9915e372 Python: Let the user help us identifying callbacks 2022-05-23 11:07:47 +00:00
yoff
dac1b6867a python: Avoid abstract class in public interface 
use construction from Ruby with `ParameterNodeImpl`
 2022-05-16 09:12:06 +00:00
yoff
a7a646960d python: sync other file 2022-05-16 08:15:16 +00:00
yoff
5794e64940 python: sync file 2022-05-16 08:12:25 +00:00
yoff
2822ed9594 Merge remote-tracking branch 'upstream/main' into python-dataflow/flow-summaries-from-scratch 2022-05-16 08:10:15 +00:00
Anders Schack-Mulligen
83f817ca45 Merge pull request #9134 from aschackmull/dataflow/perf-std-order 
Dataflow: Improve standard order through easier type check elimination.
 2022-05-16 10:05:17 +02:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Anders Schack-Mulligen
adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00
Rasmus Wriedt Larsen
7cd51d6147 Merge pull request #9126 from RasmusWL/moduleimport-with-dots 
Python: Fully disallow `API::moduleImport` of module with dots
 2022-05-12 14:16:25 +02:00
yoff
0778d90ac1 python: fix implementation of lambdaCreation 
- still identifying summarized callables by name.
I think ther shoudl perhaps be a `getAUse` next to `getACall`.
- also fix tests, adding a standard taint configuration
 2022-05-12 11:35:57 +00:00
Rasmus Wriedt Larsen
795adf0566 Python: Fix API::moduleImport("foo.bar") 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen
3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
yoff
92c4c87058 python: sync file 2022-05-11 12:36:02 +00:00
yoff
4445cf152a python: various fixes 
- compilation
- alerts
- some review comments
 2022-05-11 12:28:58 +00:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen
27b99c51e9 Python: Add placeholder precision for py/insecure-cookie 2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen
a902d3d8f0 Python: Add security-severity for py/insecure-cookie 
Matching the Java query
7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)
 2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen
84ad45c665 Python: Fix Django import 2022-05-11 11:33:35 +02:00
Rasmus Wriedt Larsen
d127d2164a Merge branch 'main' into jorgectf/python/insecure-cookie 2022-05-11 11:13:47 +02:00
yoff
f67be52b99 python: fix compilation 
by making client code use the "new" class.
Really, this part of the split class should have the old name,
to minimise disruptions to clients.
Same goes for the other split classes.
 2022-05-10 12:53:13 +00:00
yoff
db008f1939 python: summaries may allowParameterReturnInSelf 2022-05-10 12:48:42 +00:00
yoff
238c578f5a python: Add LocalSourceParameterNode 
This can be used when one wants to consider a
(source) parameter node as a local source.
 2022-05-10 12:48:42 +00:00
yoff
28b239a9a4 python: add qldoc 2022-05-10 12:48:42 +00:00
yoff
da3634188d python: variaous fixes 
- sync summary files
- format files
- fix compilation
 2022-05-10 12:48:42 +00:00
yoff
f14ee0e794 python: Flow summaries based on type tracking 
Two classes have been inserted into the hierarchies:

- `NonLibraryDataFlowCallable` with a method `getACall2`.
This method implements "get a call, not considering flow summaries".
For `NonLibraryDataFlowCallable`s, `getACall` will defer to `getACall2`.
While you could have a synthesised call to such a callable,
it would not correspond to a `CallNode`.

- `NonLibraryDataFlowSourceCall` with methods
`getArg2` and `getCallable2`. These also refer to a call graph that
does not consider flow summaries.

`getArg2` is used to synthesise pre-update nodes for arguments.

`getCallable2` is used in `connects` to compute argument passing.
This is used to define data flow nodes for overflow arguments.

`getACall2` ensures that `LibraryCallableValue::getACall` is not called
when the charpred of `FunctionCall` is evaluated.
 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
506efcf051 python: refactor TDataFlowCall 
- Branch predicates are made simple. In particular, they do not try to detect library calls.
- All branches based on `CallNode`s are gathered into one.
- That branch has been given a class `NonSpecialCall`, which is the new parent of call classes based on `CallNode`s. (Those classes now have more involved charpreds.)
- A new such class, 'LambdaCall` has been split out from `FunctionCall` to allow the latter to replace its
  general `CallNode` field with a specific `FunctionValue` one.
- `NonSpecialCall` is not an abstract class, but it has some abstract overrides. Therefor, it is not
  considered a resolved call in the test `UnresolvedCalls.qll`.
 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
d85844bb89 python: type tracking uses source nodes 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
81ca479ca9 Python: local flow for type tracking 
summary flow is excluded from the local flow relation used for
typetracking, but included in the one used for global data flow.
 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
177dea5307 python: use new syntax for flow summaries 
also convert to inline tests
 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
4024ce4777 python: some summary flows 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
8c263b349f python: add summary flow steps 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
828db3a392 python: Add summary nodes 
allowing more `OutNode`s (not restricting to `CallNode`s),
gives more flow in the `classesCallGraph` test
 2022-05-10 12:48:42 +00:00
Rasmus Lerchedahl Petersen
80175a9af5 Python: Compiles and mostly pass tests 
- add flowsummaries shared files
- register in indentical files
- fix initial non-monotonic recursions
  - add DataFlowSourceCall
  - add resolvedCall
  - add SourceParameterNode

failing tests:
- 3/library-tests/with/test.ql
 2022-05-10 12:48:42 +00:00
Rasmus Wriedt Larsen
2b6e0cfb44 Merge pull request #8340 from yoff/python/simple-csrf 
python: minimal CSRF implementation
 2022-05-10 13:36:38 +02:00
Rasmus Wriedt Larsen
cb17e2a649 Merge pull request #8595 from porcupineyhairs/pypam 
Python : Add query to detect PAM authorization bypass
 2022-05-10 13:35:12 +02:00
Tom Hvitved
712fe002b9 Data flow: Sync files 2022-05-10 12:41:10 +02:00
Rasmus Lerchedahl Petersen
aa3d7babf4 python: fix bad merge 
caused by an optimistic attempt at solving a
merge conflict in the online GUI.
 2022-05-10 11:37:41 +02:00
Rasmus Wriedt Larsen
2421076d2f Merge pull request #8696 from RasmusWL/new-nosql-examples 
Python: Improve experimental modeling for `pymongo`
 2022-05-10 11:03:05 +02:00