hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,811 Commits 1,693 Branches 161 Tags
edc93dfeb747225990b756f4df609f2e7d8d4f7a
Commit Graph

12 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
Rasmus Lerchedahl Petersen
5b4f98d6c4 python: Add summaries for container constructors 
Also:
- turn on flow summaries for taint
- do not restrict node type
  (as now we need summary nodes)
 2023-05-16 14:38:51 +02:00
Rasmus Lerchedahl Petersen
145eaf3947 python: remove steps for container constructors 2023-05-16 10:35:10 +02:00
yoff
6a5fc3c1b1 Update python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py 2023-05-12 13:06:08 +02:00
Rasmus Lerchedahl Petersen
0a9515dbcd python: add tests for built-in collections 
- constructors: list, tuple, set, dict
- methods:
  - general: copy, pop
  - list: append
  - set: add
  - dict: keys, values, items, get, popitem
- functions: sorted, reversed, iter, next
 2023-05-10 18:10:05 +02:00
Rasmus Wriedt Larsen
6e9d9fcbbd Python: Improve taint steps in for & iterable unpacking 
These were written way before the ones in DataFlowPrivate, but
apparently didn't cover quite as much :|
 2021-07-22 14:16:17 +02:00
Rasmus Wriedt Larsen
e2d3fa7093 Python: Add list-comprehension taint test 2021-07-22 11:59:46 +02:00
Rasmus Wriedt Larsen
3e7dc12246 Python: Port taint tests to use inline expectations 
The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file:

> Defines a InlineExpectationsTest for checking whether any arguments in
> `ensure_tainted` and `ensure_not_tainted` calls are tainted.
>
> Also defines query predicates to ensure that:
> - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`.
> - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`.
>
> The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.
 2021-04-15 18:00:33 +02:00
Rasmus Wriedt Larsen
e0cfe8123e Python: Update comments for new taint tests 
I see I didn't keep them up to date as I implemented things
 2020-09-01 11:58:26 +02:00
Rasmus Wriedt Larsen
e5a361c230 Python: Better taint tests for copy.deepcopy 2020-09-01 11:50:33 +02:00
Rasmus Wriedt Larsen
7213da195c Python: Use standard naming scheme for taint flow tests 
We got into problems since using `string.py` would shadow the string module from
the standard library. By some reason I adopted a pattern of `_` as suffix, but
let us just use the standard pattern of `test_` prefix like a normal testing
framework like pytest does.
 2020-08-28 11:22:42 +02:00