hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,385 Commits 1,712 Branches 163 Tags
f449da2fdbb19ae8257fb414c0abe599d80b7291
Commit Graph

1931 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
f449da2fdb Python: Write explanatory examples. 2020-10-05 11:39:18 +02:00
Rasmus Lerchedahl Petersen
8e27904f65 Python: Add explanatory comment. 2020-10-04 15:34:25 +02:00
Rasmus Lerchedahl Petersen
3463889010 Python: Add comments 2020-10-04 09:40:06 +02:00
Rasmus Lerchedahl Petersen
385e213fcf Python: Fix comments 2020-10-04 09:33:30 +02:00
Rasmus Lerchedahl Petersen
ce18bff274 Python: Support method calls 2020-10-03 23:34:39 +02:00
Rasmus Lerchedahl Petersen
bd32faf934 Python: annotate new test 2020-10-02 10:06:54 +02:00
Rasmus Lerchedahl Petersen
2a4d21a989 Python: Test method call 2020-10-02 10:02:29 +02:00
Rasmus Lerchedahl Petersen
0841e92a6b Python: Test for method call 2020-10-01 16:26:12 +02:00
Rasmus Lerchedahl Petersen
5326125b70 Python: Handle positional construtor arguments 2020-10-01 15:28:26 +02:00
Rasmus Lerchedahl Petersen
2187389da1 Python: Show constructor keyword arg problem 
Also make tests runnable
 2020-10-01 12:48:38 +02:00
Rasmus Lerchedahl Petersen
db23dad6ec Python: Allow callables to connect to calls freely 2020-10-01 12:33:42 +02:00
Rasmus Lerchedahl Petersen
b092df48a5 Python: Location and toString for KwUnpacked 2020-10-01 10:15:19 +02:00
Rasmus Lerchedahl Petersen
29a162bc9c Python: Proper flow **arg -> **param 2020-09-30 23:55:02 +02:00
Rasmus Lerchedahl Petersen
b0ed7af897 Python: Approximate **arg -> **param 2020-09-30 15:54:12 +02:00
Rasmus Lerchedahl Petersen
4ae422ce16 Python: Add test for extraneous overflow arguments 2020-09-30 15:28:29 +02:00
Rasmus Lerchedahl Petersen
00966bba0d Python: update test expectations 2020-09-30 13:11:23 +02:00
Rasmus Lerchedahl Petersen
30d048f9d4 Python: Support unpacking of keyword arguments. 2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
e02cfbf6b0 Python: Support keyword overflow arguments 2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
27af9bbae8 Python: Support overflow positional arguments 
Currently ignoring starred arguments
 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
8f2ef94b3e Python: Hook up keyword arguments 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
f5244aab8c Python: Add testfiles 2020-09-30 11:54:40 +02:00
Taus
fc84286b56 Merge pull request #3830 from yoff/SharedDataflow_FieldFlow 
Python: Shared dataflow: Field flow
 2020-09-25 14:53:57 +02:00
Rasmus Lerchedahl Petersen
4621e6d8c0 Python: fix QL format 2020-09-25 13:37:39 +02:00
Rasmus Lerchedahl Petersen
88bba46698 Python: Modify tests based on review 
The extra hist in `test.py` seen in `globalStep.expected`
are due to the removal of manual filtering code.
(That code was from when dataflow had many strange things in it.)
 2020-09-25 13:35:30 +02:00
yoff
c56ff986d4 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-25 11:56:50 +02:00
CodeQL CI
4deb43f361 Merge pull request #4323 from RasmusWL/python-new-command-injection-query 
Approved by tausbn
 2020-09-25 02:39:46 -07:00
Rasmus Wriedt Larsen
66815c9d3d Python: Suppress unused variable warnings in DataFlowPrivate 2020-09-23 14:33:10 +02:00
Rasmus Wriedt Larsen
6aec2ec673 Python: Fix os.popen modeling 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:32 +02:00
Rasmus Wriedt Larsen
624cdd339a Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:12 +02:00
Rasmus Lerchedahl Petersen
ef4461ce54 Python: Address review comments 2020-09-22 23:48:28 +02:00
yoff
aece0ff652 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-22 22:33:46 +02:00
Rasmus Wriedt Larsen
71a75ce596 Python: Handle bound methods in flask modeling 2020-09-22 16:33:35 +02:00
Rasmus Wriedt Larsen
5709189c2a Python: Expand flask test 2020-09-22 16:33:34 +02:00
Rasmus Wriedt Larsen
e614365963 Python: Adopt new approach in flask modeling 
Removed all the dict-like stuff, not sure that is how we should do things.
 2020-09-22 16:33:33 +02:00
Rasmus Wriedt Larsen
a82fa04d8a Python: Add worked example of taint step modeling of external libs 
This can't be seen on the example, but I went through quite a lot of iterations
before arriving at this fairly simple solution.
 2020-09-22 16:28:26 +02:00
Rasmus Wriedt Larsen
00ea0cebc3 Python: More Flask modeling kinda works 
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|

A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
 2020-09-22 16:28:25 +02:00
Rasmus Wriedt Larsen
3c08590ee4 Python: Expand flask tests a bit 2020-09-22 16:28:24 +02:00
Rasmus Wriedt Larsen
2bdd0284dc Python: Port py-command-line-injection with new dataflow 2020-09-22 16:28:23 +02:00
Rasmus Wriedt Larsen
7c205dd3fc Python: First attempt at modeling Flask 2020-09-22 16:28:21 +02:00
Rasmus Wriedt Larsen
cdc5ca7aec Python: Model os.system and os.popen 2020-09-22 16:28:20 +02:00
Rasmus Wriedt Larsen
0265f26301 Python: Add importModule and importMember DataFlow helpers 2020-09-22 16:28:19 +02:00
Rasmus Wriedt Larsen
2551173156 Python: Update example in QLDoc for TypeTracker 2020-09-22 16:28:18 +02:00
Rasmus Lerchedahl Petersen
131cf8d2ec Python: Fix compilation error 2020-09-22 15:02:31 +02:00
Rasmus Lerchedahl Petersen
b065d8724e Python: Fixup comments after merge 2020-09-22 13:52:30 +02:00
Rasmus Lerchedahl Petersen
3e2331c87f Merge branch 'main' of github.com:github/codeql into SharedDataflow_FieldFlow 2020-09-22 13:32:36 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Rasmus Lerchedahl Petersen
08b51e67c4 Python: Update test annotation 2020-09-21 17:44:36 +02:00
Rasmus Lerchedahl Petersen
73d2d9b1f8 Python: Make constructor calls post-update nodes 2020-09-21 17:32:22 +02:00
Taus
724baaf26a Merge pull request #4308 from RasmusWL/python-private-import-of-DataFlowPrivate 
Python: Make import of DataFlowPrivate private
 2020-09-21 17:13:48 +02:00
Rasmus Wriedt Larsen
2f9f51dbd8 Python: Fix tests that use DataFlowPrivate 2020-09-21 16:08:17 +02:00