hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 07:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,607 Commits 1,712 Branches 163 Tags
f5e33ac00a3c0ea059db832dd3f17283c06c28fa
Commit Graph

1118 Commits

Author SHA1 Message Date
jorgectf
198f8dcc1f Improve predicates 2021-04-03 23:01:50 +02:00
jorgectf
7ed7809a60 Use LocalSourceNode and flowsTo() for better performance 2021-04-02 21:17:18 +02:00
jorgectf
513055cae5 Change old comments 2021-04-01 18:45:39 +02:00
jorgectf
ee70eb709c Remove old comment 2021-04-01 18:34:54 +02:00
jorgectf
5edb3b1153 Query upload 2021-04-01 18:31:45 +02:00
jorgectf
15e176a3b8 Polish query select 2021-04-01 13:00:12 +02:00
jorgectf
f980d0694b Fix taint configs 2021-04-01 12:50:25 +02:00
jorgectf
c8740a2031 Update naming 2021-04-01 12:41:11 +02:00
jorgectf
9b430310b4 Improve Sanitizer calls 2021-03-31 23:19:56 +02:00
jorgectf
4328ff3981 Remove attrs feature 2021-03-31 22:26:08 +02:00
jorgectf
3a47a45e47 Attempt to apply TaintTracking2 2021-03-31 18:49:41 +02:00
jorgectf
f0a50eb67a Polish up configs 2021-03-31 17:58:18 +02:00
jorgectf
017a826b30 Remove unused class variables 2021-03-31 17:52:03 +02:00
jorgectf
7a4dc46341 Fix Sinks 2021-03-31 17:50:05 +02:00
jorgectf
01f9d4a1b0 Fix MongoEngine Sink 2021-03-31 15:50:45 +02:00
jorgectf
ccd57bea7a Fix imports 2021-03-30 21:17:11 +02:00
jorgectf
d856f160c8 Adapt query configs and custom classes 2021-03-30 21:14:21 +02:00
jorgectf
bd5ff01ebb PyMongo and Mongoengine sinks 2021-03-30 21:13:43 +02:00
jorgectf
aea7546cf9 Add Concepts 2021-03-30 21:13:15 +02:00
jorgectf
517a9202ce PR init 2021-03-30 17:51:17 +02:00
jorgectf
8faafb6961 Update Sink 2021-03-30 16:58:02 +02:00
jorgectf
3cda2e5207 Polish up ldap3 tests 2021-03-29 23:39:49 +02:00
jorgectf
8223539f0c Add a test without attributes 2021-03-29 23:28:28 +02:00
Calum Grant
c26d05b1d5 Merge pull request #5532 from RasmusWL/python-cleanup 
Python: Delete filter queries, code duplication library, and precision tag from metric queries
 2021-03-29 17:16:43 +01:00
Rasmus Wriedt Larsen
96a66fa4ee Python: Apply suggestions from code review 2021-03-29 17:02:56 +02:00
jorgectf
ad36bea9d4 Refactor LDAP3 stuff (untested) 2021-03-29 09:14:35 +02:00
jorgectf
85ec82a389 Refactor in progress 2021-03-28 21:07:08 +02:00
jorgectf
95a1dae315 Precision warn and Remove CWE reference 2021-03-28 18:33:17 +02:00
jorgectf
719b48cbaf Move to experimental folder 2021-03-28 18:33:17 +02:00
Rasmus Wriedt Larsen
9abe02f419 Python: Fix query metadata for old queries that have been ported 
I'm not sure even I want to keep these around much longer. They seem to be
causing more problem than they are doing good.
 2021-03-25 16:01:56 +01:00
yoff
61cff8faed Update python/ql/src/experimental/semmle/python/Concepts.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-24 01:06:03 +01:00
Rasmus Lerchedahl Petersen
198a4ca79b Python: Add files to experimental 2021-03-22 21:42:06 +01:00
Taus Brock-Nannestad
7cdf439b83 Python: Clean up basicStoreStep 
Moves the `flowsTo` logic into the shared implementation, so that
`TypeTrackingPrivate` only has to define the shape of immediate store
steps.

Also cleans up the documentation to talk a bit more about what
`content` can represent, and what caveats there are.
 2021-03-22 18:42:24 +01:00
Taus Brock-Nannestad
0e81fd2624 Python: Move Boolean into TypeTrackerPrivate 
In general, this may be defined already for other languages, so moving
it in here will avoid potential clashes.
 2021-03-22 18:41:22 +01:00
Dilan
1385b22642 pr fixes, typo in qhelp file and helper method for queries 2021-03-19 16:43:29 -07:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
jorgectf
957b3e1e85 Precision warn 2021-03-18 20:39:53 +01:00
jorgectf
3ce0a9c8c0 Move to experimental folder 2021-03-18 20:20:04 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Taus Brock-Nannestad
f05313435d Python: Move typePreservingStep into Private 2021-03-12 14:06:39 +01:00
Taus Brock-Nannestad
9b8056371f Python: Make the type tracking implementation shareable 2021-03-12 13:51:24 +01:00
Rasmus Wriedt Larsen
024a586a7d Python: Remove tags for old query copy 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:55 +01:00
Rasmus Wriedt Larsen
b43533ce8d Python: Ensure old dataflow queries are not used 
There seems to have been some cases where the old ones have been picked up
instead of the new ones. At least I spotted _one_ case where this happened, in
an internal actions run.

I'm not sure how to actual debug this, so just removing all the tags that could
make these queries to become picked up :|
 2021-02-26 11:22:23 +01:00
Rasmus Wriedt Larsen
a09f8c4b4a Python: Port bind-to-all-interfaces to type-tracking 2021-02-23 16:01:24 +01:00
Rasmus Wriedt Larsen
46ad611d57 Python: Port py/weak-crypto-key to use type-tracking 
instead of points-to.

Looking at query results also made me realize I didn't supply a very good
"origin" for ECC in cryptography package, so I improved that 👍 -- maybe that
sohuld have been split into multiple commits... too late :(
 2021-02-19 15:03:43 +01:00
Rasmus Wriedt Larsen
d8bfa3565f Python: Simple port of URL redirect query 
Still have not added sanitizer, but seems like old sanitizer was a bit too broad
(also covering %-formatting)
 2021-01-20 11:35:44 +01:00
Taus Brock-Nannestad
a5121babc8 Python: The one with changes that don't look like renames anymore 2020-11-02 22:19:15 +01:00
Taus Brock-Nannestad
5156bf756d Python: Promote data-flow libraries 
Step 1: Moving stuff around. Also includes a bit of import renaming.
 2020-11-02 22:15:38 +01:00
Taus
25e88ed585 Merge pull request #4588 from yoff/python-pep-249 
Python: Model PEP 249
 2020-11-02 18:57:15 +01:00
yoff
1535ce1f5d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 18:26:37 +01:00