hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 07:06:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,280 Commits 1,673 Branches 157 Tags
e4ed050c87f834848e51495cb041b937c8ed1941
Commit Graph

2541 Commits

Author SHA1 Message Date
CodeQL CI
c1726ed868 Merge pull request #5014 from RasmusWL/typetracking-test-track-self 
Approved by tausbn
 2021-01-26 02:10:52 -08:00
yoff
7ba0939239 Merge pull request #4995 from RasmusWL/tornado-model-http-sinks 
Python: model HTTP sink in Tornado
 2021-01-25 21:53:44 +01:00
Rasmus Wriedt Larsen
a8186be2fa Python: Add test of type-tracking self in methods 2021-01-25 17:20:11 +01:00
Rasmus Wriedt Larsen
ee2d18afd8 Merge pull request #4665 from yoff/python-dataflow-modernize-tests 
Python: Add new-style tests
 2021-01-21 13:35:39 +01:00
Rasmus Wriedt Larsen
b55817a5b2 Python: Model HTTP responses in tornado 
This is quite a simpel model, but ends up matching what we were able to do with
points-to.

I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
 2021-01-21 13:26:31 +01:00
Rasmus Wriedt Larsen
ac77a8b8a8 Python: Add proper HTTP response tests for Tornado 2021-01-21 13:22:31 +01:00
Rasmus Lerchedahl Petersen
e786be06ae Python: Fix broken references 2021-01-21 12:40:35 +01:00
Rasmus Lerchedahl Petersen
419449fb8a Python: default value for argN 2021-01-20 20:33:04 +01:00
Rasmus Lerchedahl Petersen
2409a7899b Python: Remove func tag in some situations. 
Also make ArgumentNode public
 2021-01-20 20:18:40 +01:00
yoff
3fc085ff38 Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-01-20 16:11:40 +01:00
Rasmus Wriedt Larsen
9a397b6faf Python: Apply code-review suggestion 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-20 15:28:20 +01:00
Rasmus Lerchedahl Petersen
23d3343bfb Merge branch 'main' of github.com:github/codeql into python-dataflow-modernize-tests 2021-01-19 18:24:52 +01:00
Rasmus Lerchedahl Petersen
8e126603b3 Python: Remember that old style tests still needs 
updated expectations.
 2021-01-19 18:21:27 +01:00
Rasmus Lerchedahl Petersen
ae38bbe03b Python: Fearlessly adding another test 
in the middle of the file.
 2021-01-19 18:19:11 +01:00
Rasmus Lerchedahl Petersen
69913c053e Python: relative line numbers in 
MISSING-annotations
 2021-01-19 18:10:22 +01:00
Rasmus Lerchedahl Petersen
77da4b0106 Python: Remove absolute line numbers 
- Use relative line numbers in flow test
- Elide line numbers in routing test (new concept)
 2021-01-19 17:05:42 +01:00
Rasmus Lerchedahl Petersen
42fa3bdb81 Python: Only consider the closest SOURCE 
(in use-use flow) a source
 2021-01-19 09:13:17 +01:00
Rasmus Wriedt Larsen
8e5557eca3 Python: Avoid duplicated route-setup in django 
When using `django.conf.urls.url` with Django 2+
 2021-01-18 16:18:29 +01:00
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
14bb10a361 Python: Use LocalSourceNode for TornadoRouteRegex 2021-01-14 13:39:41 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Wriedt Larsen
2ba7ed4940 Python: Add note about future work for getARequestHandler 2021-01-12 13:32:43 +01:00
Rasmus Wriedt Larsen
7d94bab75e Merge branch 'main' into django-request-handler-without-route 2021-01-11 12:24:41 +01:00
Rasmus Wriedt Larsen
828bb9a902 Python: Small refactor for request param modeling in Django 2021-01-11 11:29:54 +01:00
Rasmus Wriedt Larsen
141b9adc4d Python: Minor refactoring 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-01-11 11:18:59 +01:00
Taus
75cfec863f Merge pull request #4828 from yoff/yoff-python-add-source-nodes 
Python: add source nodes
 2021-01-05 15:07:51 +01:00
Rasmus Lerchedahl Petersen
8ceb33d3f7 Python: Also restrict StepSumary::step 2021-01-04 16:42:11 +01:00
Rasmus Wriedt Larsen
3094aedf14 Python: Fix regression in ConceptTests 
I accidentially deleted that line :D
 2020-12-22 14:42:53 +01:00
Rasmus Wriedt Larsen
dc0d940331 Python: Ensure all concept tests ignore irrelevant results 
Since this was causing a CI error.

also changed things a bit so we do it in a consistent way :)
 2020-12-22 11:32:42 +01:00
Rasmus Wriedt Larsen
bc4a0bcbeb Python: Split request handler / route setup concept tests 
Not doing so earlier was just a mistake.
 2020-12-22 11:31:20 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
05ab6cd54a Python: Add RemoteFlowSource for django handler without route 
A bit scary that we don't have any tests to indicate that I forgot to add this :O
 2020-12-21 18:02:30 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
Rasmus Wriedt Larsen
49f902d28b Merge pull request #4757 from yoff/python-dataflow-synthetic-callables 
Python: Enclosing callable for synthetic arguments
 2020-12-18 16:06:26 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen
3e6296c7b8 Python: Fix grammar in QLDoc 2020-12-18 14:54:14 +01:00
Rasmus Wriedt Larsen
ed11e8f916 Python: Simplify predicate implementation 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-12-18 14:52:20 +01:00
Rasmus Lerchedahl Petersen
e6e1cc2398 Python: Remember to accept failing tests 2020-12-18 13:38:14 +01:00