hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,417 Commits 1,673 Branches 157 Tags
dbc60140e034b672d21d64ea072fe020ba668b5c
Commit Graph

789 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
dbc60140e0 Python: move tests to data extensions 
For these tests, we cannot use the same mechanism, as we want the
data extensions to be available for both tests.

Instead, we create a ql-pack for the test directory and point to
the data entensions from there. This makes the extensions
available for all tests in the directory.
 2023-08-10 09:17:34 +02:00
yoff
d032bf5c0e Merge pull request #13685 from RasmusWL/captured-variables-default-param-value 
Python: Model parameter with default value as `DefinitionNode`
 2023-07-17 14:25:13 +02:00
Rasmus Wriedt Larsen
6f3cb67050 Python: Model parameter with default value as DefinitionNode 2023-07-07 11:54:50 +02:00
Rasmus Wriedt Larsen
bea07002d3 Python: Expand captured-variable test with default param 2023-07-06 17:21:29 +02:00
Jeroen Ketema
abe06e5b95 Python: Update remaining inline expectation tests to use the paramterized module 2023-07-03 10:22:35 +02:00
Rasmus Wriedt Larsen
257f9912dd Python: Remove one more unnecessary taint test 2023-06-26 12:00:55 +02:00
Rasmus Wriedt Larsen
6cb03190fa Python: Updates from inline test being parameterized 2023-06-26 11:43:51 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
Rasmus Lerchedahl Petersen
86dfc7b66e python: format 2023-06-23 08:18:06 +02:00
Rasmus Lerchedahl Petersen
2264b119a6 python: more consistent tests 
- do not test taint flow whne dataflow is established
- test taint of both the collection and the expected element
 2023-06-22 11:52:25 +02:00
yoff
0f8ebd1519 Update python/ql/test/experimental/dataflow/model-summaries/model_summaries.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-22 11:31:21 +02:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Rasmus Lerchedahl Petersen
cb2de69f5a python: consolidate tests 
also change `Foo` -> `foo`
 2023-06-20 16:13:38 +02:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Rasmus Lerchedahl Petersen
e111a19524 python: split tests into taint and value 
and add summaries
 2023-06-20 10:46:27 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Rasmus Lerchedahl Petersen
229641070f python: rename summaries 2023-06-18 22:01:47 +02:00
Rasmus Lerchedahl Petersen
6554e804dd python: add test for model summaries 
(but no summaries yet)
 2023-06-18 21:52:49 +02:00
Rasmus Wriedt Larsen
fb6955edf9 Python: Add tests of methods in summaries 2023-06-16 14:43:45 +02:00
Rasmus Lerchedahl Petersen
b7bf750174 python: use updated names in test 2023-06-14 22:23:21 +02:00
Rasmus Lerchedahl Petersen
6521a51d93 python: unique strings in tests 2023-06-14 21:14:50 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
Rasmus Wriedt Larsen
2b7fc94aef Python: Fix validTest.py expectation 2023-06-13 12:11:28 +02:00
yoff
8cae151883 Update python/ql/test/experimental/dataflow/typetracking-summaries/TestSummaries.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-13 11:22:54 +02:00
Rasmus Lerchedahl Petersen
b709ed47e1 python: add test 2023-06-13 11:20:15 +02:00
Jeroen Ketema
8f599faf85 Python: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:29 +02:00
Rasmus Lerchedahl Petersen
2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Rasmus Lerchedahl Petersen
47b2d48da2 python: add tests 
- add `getACallSimple` to `SummarizedCallable`
  (by adding it to `LibraryCallable`)
 2023-05-30 13:16:04 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Rasmus Lerchedahl Petersen
144df9a39e python: remove explicit dataflow steps 2023-05-26 13:24:22 +02:00
Rasmus Lerchedahl Petersen
8d4f9447b1 python: remove explicit steps 
copy, pop, get, popitem
 2023-05-26 13:22:54 +02:00
Rasmus Lerchedahl Petersen
5d68473d12 python: elide nodes without location from basic 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
5b4f98d6c4 python: Add summaries for container constructors 
Also:
- turn on flow summaries for taint
- do not restrict node type
  (as now we need summary nodes)
 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
145eaf3947 python: remove steps for container constructors 2023-05-16 10:35:10 +02:00
Rasmus Lerchedahl Petersen
81adf5aad4 python: remember to adjust annotation 2023-05-12 14:28:41 +02:00
Rasmus Lerchedahl Petersen
1b848bb510 python: fix tests 2023-05-12 13:51:50 +02:00
yoff
6a5fc3c1b1 Update python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py 2023-05-12 13:06:08 +02:00
yoff
62b60f490c Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-05-12 12:54:17 +02:00
Rasmus Lerchedahl Petersen
0a9515dbcd python: add tests for built-in collections 
- constructors: list, tuple, set, dict
- methods:
  - general: copy, pop
  - list: append
  - set: add
  - dict: keys, values, items, get, popitem
- functions: sorted, reversed, iter, next
 2023-05-10 18:10:05 +02:00
yoff
9cc7cdef4c Merge branch 'main' into python/update-taint-debug 2023-05-10 10:26:19 +02:00
yoff
25899c15c9 Merge pull request #13098 from hvitved/python/update-consistency-expected 
Python: Update expected test output
 2023-05-10 08:58:27 +02:00
Tom Hvitved
4d84f92e8c Python: Update expected test output 2023-05-10 08:15:15 +02:00
yoff
4849f43d16 Merge branch 'main' into python/update-taint-debug 2023-05-09 21:35:56 +02:00
yoff
1a57f81aca Merge pull request #12537 from yoff/python/captured-variables-for-typetracking 
Python: Captured variables for type tracking and the API graph
 2023-05-09 12:34:22 +02:00
yoff
42090b55fa Merge branch 'main' into python/captured-variables-for-typetracking 2023-05-04 13:52:23 +02:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Mathias Vorreiter Pedersen
e650df810d Python: Accept consistency changes. 2023-05-03 20:33:00 +01:00
Rasmus Lerchedahl Petersen
6d9fd24f1b python: update comments 2023-05-03 18:10:15 +02:00