hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,833 Commits 1,684 Branches 159 Tags
f09c44f8a27cabb3b6731b33312669f29d4cb63e
Commit Graph

1809 Commits

Author SHA1 Message Date
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Rasmus Wriedt Larsen
afafaac0d7 Python: Fix typo 2023-06-16 14:41:36 +02:00
Rasmus Lerchedahl Petersen
4fded84a49 python: implement missing predicates 2023-06-14 21:30:58 +02:00
Rasmus Lerchedahl Petersen
2491fda58e python: update comment 2023-06-14 21:16:39 +02:00
Rasmus Lerchedahl Petersen
0e713e6fc1 ruby/python: more consistent naming of parameters 2023-06-14 21:02:42 +02:00
yoff
af72509ce6 Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-14 20:57:14 +02:00
yoff
2ae5dae474 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-14 20:55:45 +02:00
yoff
f5f822ca2d Merge pull request #13395 from yoff/python/container-summaries-3 2023-06-14 17:13:49 +02:00
Rasmus Lerchedahl Petersen
9a1e895fdc Python: missed removing these 
`set.add` and `list.append` do not return a value
 2023-06-14 14:51:21 +02:00
Michael Nebel
afec9b05e9 Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor 
C#: Use synthetic global in the EntityFramework code instead of jump steps.
 2023-06-14 13:47:56 +02:00
Rasmus Lerchedahl Petersen
3b558a0044 python: remove spurious return flow 2023-06-14 13:35:37 +02:00
yoff
38cca08a86 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-14 13:27:33 +02:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Rasmus Lerchedahl Petersen
f1de753400 python: add changenote 2023-06-13 21:59:51 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
Rasmus Lerchedahl Petersen
775f3eaf56 python: make copy a dataflow step 2023-06-13 17:07:41 +02:00
Rasmus Lerchedahl Petersen
e11f6b5107 ruby/python: adjust shared file 
- move `isNonLocal` to the top
- missing backtics
 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen
203f8226cb ruby/python: make SummaryTypeTracker private 2023-06-13 11:32:06 +02:00
Anders Schack-Mulligen
2d616d494e C#/Ruby: Add fields as per review comments. 2023-06-13 11:26:30 +02:00
yoff
2a5173c331 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-13 10:04:46 +02:00
Rasmus Wriedt Larsen
6526364045 Python: Add modeling of flask.render_template_string 2023-06-12 21:18:31 +02:00
Anders Schack-Mulligen
5062442982 Go/Python/Ruby/Swift: Add stub. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
98f51d7f29 Dataflow: Sync. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
6020e4d0e3 C#/Go/Python/Ruby/Swift: Fix some more references. 2023-06-09 15:30:38 +02:00
Rasmus Lerchedahl Petersen
7e87a7c1f7 python: rewrite argumentPositionMatch 
to not use the call graph.
 2023-06-09 15:29:13 +02:00
Anders Schack-Mulligen
1e3b960c1b Python: Adjust to FlowSummaryImpl changes. 2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen
2cc5bde925 Dataflow: Sync. 2023-06-09 15:27:17 +02:00
erik-krogh
42d67d0137 add change-note 2023-06-09 15:24:12 +02:00
erik-krogh
6dfeb2536b delete old deprecations 2023-06-09 15:12:23 +02:00
Rasmus Lerchedahl Petersen
b294f48dbe Merge branch 'main' of https://github.com/github/codeql into python-ruby/track-through-summaries-pm 2023-06-09 14:16:34 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
53f2b8aab0 Dataflow: Sync. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
fd832416d8 Dataflow: Add empty type strengthening predicate for languages without type pruning. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
e8cea79f1d Dataflow: Sync. 2023-06-09 08:37:35 +02:00
Tom Hvitved
cee70883f0 Merge pull request #12964 from hvitved/ruby/remove-synth-returns 
Ruby: Remove canonical return nodes
 2023-06-08 10:07:48 +02:00
Rasmus Lerchedahl Petersen
6ddf1f7eaf ruby/python: remove predicates from interface 2023-06-07 14:07:08 +02:00
Tom Hvitved
48ac3e58ee Python: Use CallGraphConstruction in call graph construction 2023-06-07 09:02:03 +02:00
Tom Hvitved
4bf124bffe Ruby/Python: Add CallGraphConstruction module for recursive type-tracking based call graph construction 2023-06-07 09:02:03 +02:00
Rasmus Lerchedahl Petersen
6755bb32fb Python: do not add read steps for collections 2023-06-01 15:18:05 +02:00
Michael Nebel
06b02eb3ce Sync files. 2023-06-01 09:30:31 +02:00
Arthur Baars
c211b704f3 Merge pull request #13272 from github/post-release-prep/codeql-cli-2.13.3 
Post-release preparation for codeql-cli-2.13.3
 2023-05-31 15:33:12 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Rasmus Lerchedahl Petersen
820b5f235e python: add change note 2023-05-30 13:36:10 +02:00
Rasmus Lerchedahl Petersen
2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Rasmus Lerchedahl Petersen
47b2d48da2 python: add tests 
- add `getACallSimple` to `SummarizedCallable`
  (by adding it to `LibraryCallable`)
 2023-05-30 13:16:04 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Rasmus Lerchedahl Petersen
144df9a39e python: remove explicit dataflow steps 2023-05-26 13:24:22 +02:00