hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-08 15:11:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,754 Commits 1,751 Branches 167 Tags
e52fec03f8197b75bc12a2de239ee98eb985ad9a
Commit Graph

1035 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e52fec03f8 Python: Fix code formatting 2020-03-11 18:16:55 +01:00
Rasmus Wriedt Larsen
0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen
cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Rasmus Wriedt Larsen
2416cac8f4 Python: Modernise StringKind files 2020-03-06 14:45:03 +01:00
semmle-qlci
3ae1aada37 Merge pull request #2995 from tausbn/python-fix-nested-sequence-assign-cp 
Approved by RasmusWL
 2020-03-06 09:43:24 +00:00
Taus Brock-Nannestad
2face94fa5 Python: Mitigate CP in nested_sequence_assign. 
The problem here was that in the base case, there was no relationship between
`left_parent` and `right_parent`. These could be any two tuples or lists, even
if they were not part of an assignment statement.

To fix this, we add a bit of manual "magic", requiring that both of these
arguments must belong to the left and right-hand sides of the same assignment
statement.

(Note that this is in principle _still_ a gross overapproximation, but since
assignment statements are usually quite restricted in size, I don't expect this
to be a major problem.)
 2020-03-05 14:09:50 +01:00
Rasmus Wriedt Larsen
fb1e993c0f Merge pull request #2963 from BekaValentine/python-objectapi-to-valueapi-advancedformatting 
Python: ObjectAPI to ValueAPI: AdvancedFormatting
 2020-03-05 13:40:02 +01:00
semmle-qlci
c4b961c8af Merge pull request #2973 from tausbn/python-fix-or-disable-cps 
Approved by BekaValentine
 2020-03-04 10:36:47 +00:00
Taus
02ae0fbda6 Merge pull request #2965 from BekaValentine/python-objectapi-to-valueapi-raising 
Python: ObjectAPI to ValueAPI: Raising
 2020-03-04 00:03:17 +01:00
Rebecca Valentine
8e1c089ff3 Python: Removes unused import 2020-03-03 14:38:26 -08:00
Taus Brock-Nannestad
48a47e1b54 Python: Fix broken test output. 2020-03-03 19:45:13 +01:00
Taus
8bd4f6d136 Merge pull request #2945 from BekaValentine/python-objectapi-to-valueapi-calltosuperwrongclass 
Python: ObjectAPI to ValueAPI: CallToSuperWrongClass
 2020-03-03 18:38:58 +01:00
Taus
9068040097 Merge pull request #2964 from BekaValentine/python-objectapi-to-valueapi-notimplemented 
Python: ObjectAPI to ValueAPI: NotImplemented
 2020-03-03 18:36:14 +01:00
Calum Grant
464a034c7d Merge pull request #2894 from BekaValentine/python-objectapi-to-valueapi-iscomparisons 
Python: ObjectAPI to ValueAPI: IsComparisons
 2020-03-03 17:25:24 +00:00
Taus Brock-Nannestad
eecace788f Python: Fix or disable CPs introduced by #2700 and #2875. 2020-03-03 18:18:03 +01:00
Rebecca Valentine
2bbe4759ba Python: Removes obsolete predicate 2020-03-02 18:53:06 -08:00
Rebecca Valentine
e481ddf99e Python: Adds modernized predicate and moves queries over to it 2020-03-02 18:52:45 -08:00
Rebecca Valentine
a8ae843059 Python: Removes now obsolete original predicate 2020-03-02 18:46:19 -08:00
Rebecca Valentine
7161ca57c8 Python: Adds modernizations and moves query over to them 2020-03-02 18:45:41 -08:00
Rebecca Valentine
31fc0f2240 Python: Moves library and queries over to the new predicates, removes old ones 2020-03-02 18:08:10 -08:00
Rebecca Valentine
c058e17089 Python: Moves dependent queries to suffixed predicate names 2020-03-02 17:37:11 -08:00
Rebecca Valentine
0dcd52bd87 Python: Moves dependent query over to suffixed predicate names 2020-03-02 17:35:13 -08:00
Rebecca Valentine
8ee2587997 Python: Moves library predicates to suffixed names 2020-03-02 17:04:32 -08:00
Rebecca Valentine
7930037bb6 Python: Move AdvancedFormatting dependents over to suffixed API 2020-03-02 16:39:02 -08:00
Rebecca Valentine
48bcde8e0f Python: Move objectapi code to suffixed name 2020-03-02 16:31:06 -08:00
Rebecca Valentine
de6ea63fae Python: Adds preliminary modernization. 2020-03-02 15:43:57 -08:00
Taus
f3b62e106d Merge pull request #2840 from BekaValentine/python-objectapi-to-valueapi-useofapply 
Python: ObjectAPI to ValueAPI: UseofApply
 2020-03-02 21:40:35 +01:00
Rebecca Valentine
d5f689e041 Adds preliminary modernization 2020-02-28 10:42:27 -08:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Rebecca Valentine
9601c41fe5 Update python/ql/src/Expressions/IsComparisons.qll 
Co-Authored-By: Taus <tausbn@github.com>
 2020-02-27 10:46:07 -08:00
Rebecca Valentine
d19957f09d Puts use_of_apply example back into expressions_test to avoid messing up other tests 2020-02-27 10:44:46 -08:00
Taus
0da554c701 Merge pull request #2914 from RasmusWL/python-remove-optimize-true-directive 
Python: Remove `--optimize: true` from options files
 2020-02-27 13:16:59 +01:00
Taus
d9383d0e86 Merge pull request #2902 from RasmusWL/python-use-of-input 
Python: Highlight py/use-of-input is for Python 2
 2020-02-27 13:15:32 +01:00
Taus
8bd3063d2b Merge pull request #2875 from RasmusWL/python-taint-urlsplit 
Python: Add taint for urlsplit
 2020-02-27 13:13:47 +01:00
Taus
e09907894d Merge pull request #2817 from BekaValentine/objectapi-to-valueapi-truncateddivision 
Python: ObjectAPI to ValueAPI: TruncatedDivision
 2020-02-27 12:52:26 +01:00
Rebecca Valentine
b0493458d6 Combine and clean up the test files 2020-02-26 09:04:14 -08:00
Rebecca Valentine
ba1f3c46b8 Removes obsolete asBuiltin predicate 2020-02-26 08:17:45 -08:00
Taus
85f5ad2231 Merge pull request #2904 from RasmusWL/python-http-clients 
Python: Model outgoing HTTP client requests
 2020-02-26 15:49:41 +01:00
Rasmus Wriedt Larsen
771dfecf6d Python: Add sanitized edges for urlsplit test 2020-02-26 14:10:30 +01:00
Rasmus Wriedt Larsen
0b31cb1716 Python: Show that we have initial taint in urlsplit test 2020-02-26 14:09:02 +01:00
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00
Rasmus Wriedt Larsen
4330d4e289 Python: Remove unused import in test 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
5fae3a8d0a Python: Explain complexity of HTTPConnection.request 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
b213db03fd Python: Consolidate stdlib http client tests 
Move the stdlib tests from test/{2,3}/library-tests/ into /test/library-tests/,
and deal with version by using sys.version_info (results should be the same for
both versions).

six tests were moved from /library-tests/web/client/stdlib => /library-tests/web/client/six
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
be187bcc0a Python: Make Client::HttpRequest extend ControlFlowNode 
Taus poitned out that the reuqest being send off, doesn't *need* to happen on a
CallNode. Someone *could* use a __setattr__ or property :\
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
e25079acc2 Python: Remove unnecessary cast 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
cd5399d43e Python: Model outgoing http client requests 2020-02-26 10:26:30 +01:00
Rebecca Valentine
2fb722b04e Removes the general versions of the query. 2020-02-25 14:55:55 -08:00
Rebecca Valentine
15aeeb1e50 Removes erroneous expected result for py3 2020-02-25 14:54:52 -08:00