hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,006 Commits 1,712 Branches 163 Tags
d0081dfbfa954fc8a7eee666389dbc298431af13
Commit Graph

15006 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
d0081dfbfa Python: Attempt at taint step for list.append/set.add 2020-08-27 10:57:07 +02:00
Rasmus Wriedt Larsen
af20c3e082 Python: Make new taint tracking tests runnable again 
since the files was called `collection`, that conflicted with import system :|
 2020-08-27 10:44:14 +02:00
Rasmus Wriedt Larsen
bd21fc5601 Python: Autoformat 2020-08-26 20:37:48 +02:00
Rasmus Wriedt Larsen
c24e3452f5 Python: Add more expected collection taint steps 2020-08-26 20:28:33 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
b6049765a8 Python: Add a few more collection taint tests 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
41e24ae93f Python: Add non-syntactical test for taint of json methods 2020-08-26 19:39:35 +02:00
Rasmus Wriedt Larsen
5f9aa4c3b9 Python: Restructure defaultAdditionalTaintStep tests 
This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.
 2020-08-26 19:39:33 +02:00
Rasmus Wriedt Larsen
a1ada62596 Python: Remodel taint tests for shared lib 
I took the bits from ql/test/library-tests/taint/ that seemed easy to port. I
left out namedtuple for now, but it is part of internal tracking ticket, so
won't be forgotten.
 2020-08-26 19:39:32 +02:00
Dave Bartolomeo
01a61469d3 Merge pull request #4137 from tausbn/python-cpp-make-inline-test-libs-language-agnostic 
CPP: Make inline expectation test library language agnostic.
 2020-08-26 13:00:19 -04:00
Taus Brock-Nannestad
0f221ccfa2 Merge branch 'main' into python-cpp-make-inline-test-libs-language-agnostic 2020-08-26 17:23:25 +02:00
Taus
b1946c60dd Merge pull request #4127 from RasmusWL/python-tainttracking-fstring 
Python: Handle f-strings in (current) taint tracking
 2020-08-26 16:06:01 +02:00
Taus Brock-Nannestad
a824d75e4f C++: Add documentation for the LineComment class 2020-08-26 16:02:26 +02:00
Jonas Jensen
f60abd8cf9 Merge pull request #4125 from geoffw0/oparray2 
C++: Model operator[]
 2020-08-26 13:44:02 +02:00
Nick Rolfe
00316dca8b Merge pull request #4120 from github/igfoo/global_vars 
C++: Give fewer types to global variables
 2020-08-26 12:29:41 +01:00
Taus Brock-Nannestad
f8ba4c1579 CPP: Make inline expectation test library language agnostic. 
In preparation for adding this to Python, I have split out the
definition of the comment class in a separate file (which will be
specific to each language).
 2020-08-26 13:06:24 +02:00
Tamás Vajk
9ef827641f C#: Add .editorconfig file (#4129) 2020-08-26 12:41:00 +02:00
Geoffrey White
3f04530d84 C++: Autoformat. 2020-08-26 09:34:06 +01:00
Robert Marsh
28d3343e2b Merge pull request #4122 from jbj/constexpr-const-test 
C++: Demonstrate that constexpr implies const
 2020-08-25 19:36:13 -04:00
Geoffrey White
fdf45f02f1 C++: Autoformat. 2020-08-25 18:53:19 +01:00
Geoffrey White
c083c6235d C++: Explicitly model data flow in through reference return values. 2020-08-25 16:20:12 +01:00
Taus
000fa33d54 Merge pull request #4013 from yoff/SharedDataflow_SequenceFlow 
Python: Shared dataflow: Content flow
 2020-08-25 15:38:14 +02:00
CodeQL CI
92c97b1778 Merge pull request #4124 from RasmusWL/python-taint-tracking-string-methods 
Approved by yoff
 2020-08-25 14:14:47 +01:00
Geoffrey White
76a07f7292 C++: Use [, ...] syntax. 2020-08-25 12:30:06 +01:00
Geoffrey White
d31987d496 C++: Additional QLDoc. 2020-08-25 12:21:06 +01:00
Geoffrey White
23a792b8c6 C++: Add tests of nested vectors. 2020-08-25 12:13:32 +01:00
Rasmus Wriedt Larsen
2dbf83b579 Python: TaintTracking: Move tests of py3 string methods 2020-08-25 13:06:27 +02:00
Rasmus Wriedt Larsen
cf121cc4d0 Python: TaintTracking: stringMethods => stringManipualtion 2020-08-25 13:05:27 +02:00
Rasmus Wriedt Larsen
238e0845aa Python: Minor refactoring 2020-08-25 12:50:41 +02:00
Rasmus Wriedt Larsen
0439b83c60 Python: Taint when using unicode 2020-08-25 12:50:32 +02:00
Rasmus Wriedt Larsen
2a29e26687 Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-08-25 12:41:53 +02:00
Tamás Vajk
74db25d80c C#: Enable nullability on Semmle.Extraction.CIL.Driver (#4114) 2020-08-25 11:44:08 +02:00
CodeQL CI
722b1a24f6 Merge pull request #4087 from erik-krogh/thisJsx 
Approved by asgerf
 2020-08-25 10:20:32 +01:00
CodeQL CI
844abc51e8 Merge pull request #4108 from erik-krogh/packType 
Approved by asgerf
 2020-08-25 10:17:28 +01:00
Rasmus Wriedt Larsen
483bd0e863 Python: Fix shared taint tracking tests 
Since there was a .ql file, qltest tried to run a test in
test/experimental/dataflow/taintracking/ which failed since there was no code.
 2020-08-25 11:15:11 +02:00
Tamás Vajk
dc62cd166c C#: Enable nullability checks in Semmle.Extraction.Tests (#4112) 2020-08-25 08:40:30 +02:00
Erik Krogh Kristensen
b0d4e79653 split out trap tests to avoid "package.json" naming conflict in trap test 2020-08-24 21:36:34 +02:00
Geoffrey White
adbfad21ef C++: Correct the localFlow test. 2020-08-24 18:05:30 +01:00
Geoffrey White
c0aaed2fac Merge branch 'main' into oparray2 2020-08-24 17:36:18 +01:00
Geoffrey White
ae807f7f33 C++: Autoformat. 2020-08-24 17:36:07 +01:00
Rasmus Wriedt Larsen
13148b42d3 Python: Handle taint of f-strings 2020-08-24 17:23:10 +02:00
Rasmus Wriedt Larsen
2f090df6d3 Python: Transform comments to QLDoc for security.strings.Basic 2020-08-24 17:20:04 +02:00
Rasmus Lerchedahl Petersen
2608509fa7 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-24 17:16:33 +02:00
Rasmus Wriedt Larsen
be2acc00db Python: Add test for tainted f-string 2020-08-24 17:14:51 +02:00
CodeQL CI
e2c6a01c00 Merge pull request #4097 from erik-krogh/createRequire 
Approved by esbena
 2020-08-24 15:57:10 +01:00
Rasmus Wriedt Larsen
d96ef73033 Python: Handle taint for f-strings 
Which we seem to not handle in the current taint tracking :O

f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
 2020-08-24 16:46:00 +02:00