hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 09:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,791 Commits 1,673 Branches 157 Tags
ec63acfb0cbf02167ccb1cf9553ca573f593efbd
Commit Graph

238 Commits

Author SHA1 Message Date
CodeQL CI
d3f8fb5e53 Merge pull request #4423 from tausbn/python-add-attribute-access-interface 
Approved by RasmusWL
 2020-10-13 02:56:21 -07:00
Anders Schack-Mulligen
091e3a2931 Dataflow: Adjust test output. 2020-10-09 16:25:14 +02:00
Taus Brock-Nannestad
d46453caaa Python: Support named imports as attribute reads 
Required a small change in `DataFlow::importModule` to get the desired
behaviour (cf. the type trackers defined in `moduleattr.ql`, but this
should be harmless. The node that is added doesn't have any flow
anywhere.
 2020-10-08 18:08:55 +02:00
Taus Brock-Nannestad
b905a3d5e3 Python: Attribute access API 2020-10-06 16:36:29 +02:00
CodeQL CI
5bc7e19c44 Merge pull request #4414 from yoff/SharedDataflow_Conditionals 
Approved by RasmusWL
 2020-10-06 05:46:24 -07:00
Rasmus Lerchedahl Petersen
f9c5b864bb Python: Fix test of parenthesized form 2020-10-06 13:12:12 +02:00
Rasmus Lerchedahl Petersen
0f077f5d7d Python: Add flow inside IfExprNodes 2020-10-06 10:54:23 +02:00
Rasmus Lerchedahl Petersen
8f13d586b7 Python: More tests of conditonals 
Also use better formatter
(better because comments are close to what they comment)
 2020-10-06 10:49:15 +02:00
Rasmus Wriedt Larsen
fbe115c046 Python: Show TypeTracking doesn't work for module members 2020-10-06 03:12:39 +02:00
Rasmus Wriedt Larsen
1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Taus
fc84286b56 Merge pull request #3830 from yoff/SharedDataflow_FieldFlow 
Python: Shared dataflow: Field flow
 2020-09-25 14:53:57 +02:00
Rasmus Lerchedahl Petersen
4621e6d8c0 Python: fix QL format 2020-09-25 13:37:39 +02:00
Rasmus Lerchedahl Petersen
88bba46698 Python: Modify tests based on review 
The extra hist in `test.py` seen in `globalStep.expected`
are due to the removal of manual filtering code.
(That code was from when dataflow had many strange things in it.)
 2020-09-25 13:35:30 +02:00
yoff
c56ff986d4 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-25 11:56:50 +02:00
Rasmus Wriedt Larsen
0265f26301 Python: Add importModule and importMember DataFlow helpers 2020-09-22 16:28:19 +02:00
Rasmus Lerchedahl Petersen
3e2331c87f Merge branch 'main' of github.com:github/codeql into SharedDataflow_FieldFlow 2020-09-22 13:32:36 +02:00
Rasmus Lerchedahl Petersen
08b51e67c4 Python: Update test annotation 2020-09-21 17:44:36 +02:00
Rasmus Lerchedahl Petersen
73d2d9b1f8 Python: Make constructor calls post-update nodes 2020-09-21 17:32:22 +02:00
Taus
724baaf26a Merge pull request #4308 from RasmusWL/python-private-import-of-DataFlowPrivate 
Python: Make import of DataFlowPrivate private
 2020-09-21 17:13:48 +02:00
Rasmus Wriedt Larsen
2f9f51dbd8 Python: Fix tests that use DataFlowPrivate 2020-09-21 16:08:17 +02:00
Taus
9d7a2d2b5d Merge branch 'main' into python-add-global-flow-steps 2020-09-21 13:50:20 +02:00
Rasmus Lerchedahl Petersen
9aa0cfb35c Python: class callable -> class call 
Only have one type of callable, but have an extra type of call.
A constructor call directs to an init callable
(should also handle `call` overrides at some point).
 2020-09-19 22:27:11 +02:00
Rasmus Lerchedahl Petersen
b2f1c435a8 Python: update test expectations 2020-09-19 22:27:11 +02:00
Rasmus Lerchedahl Petersen
e132361736 Python: Add missing .expected file 2020-09-19 22:27:11 +02:00
Rasmus Lerchedahl Petersen
e50b66554d Python: Add explorative test 2020-09-19 22:27:10 +02:00
Rasmus Lerchedahl Petersen
aa28167177 Python: Add malloc nodes 2020-09-19 22:27:10 +02:00
Rasmus Lerchedahl Petersen
27b25565ca Python: Implement field-stores, -reads, and -content 2020-09-19 22:27:10 +02:00
Rasmus Lerchedahl Petersen
a2d006fe47 Python: Tests for field flow 2020-09-19 22:27:10 +02:00
Taus Brock-Nannestad
11c85f0fb5 Python: Clean up various jump/local data flow steps 
Removes steps from `ModuleVariableNode`s from `essaFlowStep`, and
instead puts them only in `jumpStep`. This cleans up the logic a bit.

This slightly broke the type tracker implementation (as it relied on
`essaFlowStep` being fairly liberal), so I have rewritten it to
explicitly rely on just familiar predicates for local and jump steps.

Additionally, we disallow Essa-to-Essa steps where exactly one of the
two nodes corresponds to a global variable (i.e. only local-local and
global-global steps).
 2020-09-18 18:14:47 +02:00
Taus Brock-Nannestad
f93c44a688 Python: Fix typo 2020-09-17 13:26:55 +02:00
Taus Brock-Nannestad
1d462ae156 Python: Fix misnamed variable. 2020-09-17 13:22:27 +02:00
Taus Brock-Nannestad
797ac23db7 Python: Clean up global flow test 2020-09-17 13:20:58 +02:00
Taus Brock-Nannestad
9458861b18 Python: Add missing global flow test 2020-09-17 12:04:30 +02:00
Taus Brock-Nannestad
ee76d9b33d Python: Clean up tests 2020-09-16 19:04:27 +02:00
Taus
e179df7c43 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-16 18:21:50 +02:00
Taus
4b423feef9 Merge pull request #4245 from RasmusWL/python-dataflow-dynamic-tuple-tests 
Python: Add dataflow tests for dynamic tuple creation
 2020-09-16 15:19:41 +02:00
Taus Brock-Nannestad
2d3e23ebb0 Python: Cleanup, docs, and an extra test case 2020-09-16 14:46:04 +02:00
Rasmus Lerchedahl Petersen
e46ae9b98d Python: Move some query predicates to debug 2020-09-15 21:45:47 +02:00
Taus Brock-Nannestad
7cdd290b90 Python: Disregard module-time reads. 2020-09-15 18:25:24 +02:00
Taus Brock-Nannestad
2e737eda1e Python: Add a few function-local import tests 2020-09-15 14:25:26 +02:00
Taus Brock-Nannestad
d5e9f36747 Python: Add "enclosing callable" for ModuleVariableNode 
I've named this `DataFlowModuleScope` since it's not really a
callable (and all of the relevant methods are empty anyway).
 2020-09-15 14:23:20 +02:00
Taus Brock-Nannestad
3727c48227 Python: Record test changes 
Some of the places where flow has disappeared look a bit suspect, so I
don't consider this to be the final word on these tests.
 2020-09-14 18:12:20 +02:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6 Python: testIsTrue -> branch 2020-09-14 15:32:03 +02:00
yoff
2a4e28db16 Apply suggestions from code review 
Will make the same renames in the changed code also..

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e Python: avoid creating big predicate 2020-09-14 15:24:46 +02:00
Taus Brock-Nannestad
e197f52b6d Merge branch 'main' into python-add-global-flow-steps 2020-09-14 15:13:07 +02:00
Taus Brock-Nannestad
0b641c5ce9 Python: Update type tracking and strange-essaflow tests 2020-09-14 15:05:16 +02:00