codeql

mirror of https://github.com/github/codeql.git synced 2026-04-06 23:54:11 +02:00

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	a1fe8a5b2b	python: handle `not` in BarrierGuard in the program ```python if not is_safe(path): return ``` the last node in the `ConditionBlock` is `not is_safe(path)`, so it would never match "a call to is_safe". Thus, guards inside `not` would not be part of `GuardNode` (nor `BarrierGuard`). Now they can.	2022-06-27 20:10:47 +00:00
Rasmus Lerchedahl Petersen	882000afb3	python: `not` is confusing our logic - added `is_unsafe` - added "negated version" of two tests. These versions do not use `not` and the analysis gets the taint right.	2022-06-27 20:10:47 +00:00
Anders Schack-Mulligen	f473a0a961	Python: Deprecate and replace BarrierGuard class.	2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen	9d81fd3b95	Python: Improve sanitizer/guards tests Based on review conversation	2022-02-18 14:12:41 +01:00
Rasmus Wriedt Larsen	1394b38032	Python: Improve customSanitizer tests Before we didn't show how we treated the value _after_ the check. But we do actually handle this nicely 💪	2022-02-01 15:09:29 +01:00
Rasmus Wriedt Larsen	3e7dc12246	Python: Port taint tests to use inline expectations The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file: > Defines a InlineExpectationsTest for checking whether any arguments in > `ensure_tainted` and `ensure_not_tainted` calls are tainted. > > Also defines query predicates to ensure that: > - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`. > - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`. > > The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.	2021-04-15 18:00:33 +02:00
Rasmus Lerchedahl Petersen	f6fa1276a6	Python: Add consistency checks to all data-flow test floders	2021-01-29 21:28:43 +01:00
Rasmus Wriedt Larsen	e5e8ec6ecc	Python: Add a few test-cases for barrier guards and references I'm not sure references is the best name, but it's the best I could come up with jsut now	2020-12-07 15:27:20 +01:00
Rasmus Wriedt Larsen	08bcba98e6	Python: Add BarrierGuard test with exception inside unsafe branch	2020-11-20 11:55:07 +01:00
Rasmus Wriedt Larsen	34f78d4211	Python: Add BarrierGuard test with return inside unsafe branch	2020-11-20 11:52:36 +01:00
Rasmus Wriedt Larsen	a82936c904	Python: Enable test for sanitizer-guard and logic expressions `not` is not working properly, but otherwise pretty good	2020-11-20 10:06:25 +01:00
Rasmus Wriedt Larsen	b3d3d6e142	Python: Move logical test of sanitizers Don't know why it would ever have been under default sanitizers :D	2020-11-19 16:46:07 +01:00
Rasmus Lerchedahl Petersen	e46ae9b98d	Python: Move some query predicates to debug	2020-09-15 21:45:47 +02:00
Rasmus Lerchedahl Petersen	ecc5a4a1f6	Python: testIsTrue -> branch	2020-09-14 15:32:03 +02:00
yoff	2a4e28db16	Apply suggestions from code review Will make the same renames in the changed code also.. Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen	033529e85e	Python: avoid creating big predicate	2020-09-14 15:24:46 +02:00
Rasmus Lerchedahl Petersen	543876f980	Python: Fix `getAGuardedNode`	2020-09-14 14:46:15 +02:00
Rasmus Lerchedahl Petersen	0eb8b6c7b0	Python: Address review	2020-09-11 14:24:49 +02:00
Rasmus Lerchedahl Petersen	5dbb4af5b5	Python: Implement `BarrierGuard`	2020-09-11 11:55:51 +02:00
Rasmus Lerchedahl Petersen	2eb8ea85fb	Python: update test expectations	2020-09-10 10:59:26 +02:00
Rasmus Wriedt Larsen	b8e057f7ad	Python: isSanitizerGuard test is future work	2020-09-09 15:57:53 +02:00
Rasmus Wriedt Larsen	ab8cc23ce7	Python: Expand on taint sanitizer tests Most interesting to look at the custom sanitizers. Once we have use-use flow, we should handle this case: ``` s = TAINTED_STRING emulated_authentication_check(s) ensure_not_tainted(s) ```	2020-09-09 13:57:25 +02:00

22 Commits