hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,791 Commits 1,681 Branches 158 Tags
fb3148a7a81914deec4e510128e49bb5018ff37a
Commit Graph

67 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
a89624698d Python: format ql 2020-08-05 14:28:28 +02:00
Rasmus Lerchedahl Petersen
38acea633f Python: Dataflow, expand callable to classes 2020-07-27 17:58:21 +02:00
Rasmus Wriedt Larsen
03d22fa8e3 Python: Fix filenames in qhelp 2020-07-23 17:32:01 +02:00
Rasmus Wriedt Larsen
e283d289fd Python: Update TemplateInjection.qhelp 
Moved things around so there is only a single `<example>` tag (and had to rewrite contents a bit).
 2020-07-23 17:23:26 +02:00
Porcupiney Hairs
1e7921e575 add qhelp and fix tests. 2020-07-23 20:04:32 +05:30
porcupineyhairs
8e85dc755a Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-23 19:37:40 +05:30
Rasmus Wriedt Larsen
a97f942a17 Python: Autoformat 2020-07-23 11:38:34 +02:00
Rasmus Wriedt Larsen
91e6222662 Python: Fix SSTI query by importing UntrustedStringKind 
Without a concrete ExternalStringKind class, there will be no flow for
ExternalStringKind by default.
 2020-07-21 18:01:27 +05:30
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
7306f58e57 Python: Fix experimental tests 2020-07-07 19:44:43 +02:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Rasmus Lerchedahl Petersen
fe9520b50b Python: correct doc for toString 2020-07-03 15:04:54 +02:00
Rasmus Lerchedahl Petersen
33cf96ccb8 Python: Address review comments 2020-07-03 14:11:58 +02:00
yoff
d201eb2c12 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-03 13:33:27 +02:00
yoff
59d611ddd5 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-03 13:32:03 +02:00
yoff
8891fbf006 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-03 13:31:38 +02:00
yoff
40a6728748 Update python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-07-03 13:30:10 +02:00
Rasmus Lerchedahl Petersen
e3666004cf Python: add some links to readme 2020-07-03 10:37:38 +02:00
Rasmus Lerchedahl Petersen
a9e0288e5b Python: exclude global vars from local flow 2020-07-03 08:41:10 +02:00
Rasmus Lerchedahl Petersen
bdc68ce6b6 Python: refactor Node class 2020-07-03 08:01:44 +02:00
Rasmus Lerchedahl Petersen
5f18fb427a Python: update TODO 2020-07-02 16:20:38 +02:00
Rasmus Lerchedahl Petersen
0b11e77457 Python: make compile 2020-07-01 16:55:44 +02:00
Rasmus Lerchedahl Petersen
0175d5be0c Sync dataflow files 2020-07-01 16:44:11 +02:00
Rasmus Lerchedahl Petersen
7787900bed Python: make compile and simplify 2020-07-01 07:36:00 +02:00
Rasmus Lerchedahl Petersen
825f24a953 Python: simplify according to review comments 2020-07-01 07:20:26 +02:00
Rasmus Lerchedahl Petersen
3388ca44ed Python: sync dataflow library 2020-07-01 07:16:59 +02:00
Rasmus Lerchedahl Petersen
e259281821 Merge branch 'master' of github.com:github/codeql into SharedDataflow 
to receive updates from data flow library
 2020-07-01 07:15:32 +02:00
Rasmus Lerchedahl Petersen
64af5f585c Python: Update status description 2020-06-26 13:18:07 +02:00
Rasmus Lerchedahl Petersen
f84adb3c26 Python: stub for clearsContent 
also remove all `CastNode`s (seems to help)
 2020-06-26 13:09:35 +02:00
Rasmus Lerchedahl Petersen
248717473e Python: quick status added to readme.md 2020-06-26 12:25:17 +02:00
Rasmus Wriedt Larsen
b164f2695d Python: One more minor doc fix from review 2020-06-26 12:08:12 +02:00
Rasmus Wriedt Larsen
08384e30af Python: Minor doc fixes from review 2020-06-26 12:06:31 +02:00
Rasmus Lerchedahl Petersen
6e5f71bf43 Python: sync dataflow files 2020-06-26 12:02:14 +02:00
Rasmus Lerchedahl Petersen
e147e59652 Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To sync files
 2020-06-26 12:01:01 +02:00
Rasmus Wriedt Larsen
22ad8f717f Python: Remove usage of .getASuccessor() in XSLT.qll 2020-06-25 12:07:45 +02:00
Rasmus Wriedt Larsen
3cc566f703 Merge branch 'master' into python-3521-revived 2020-06-25 12:02:21 +02:00
Rasmus Wriedt Larsen
994db060c7 Python: Use CWE-091 for XSLT 
As indicated here https://www.zaproxy.org/docs/alerts/90017/
 2020-06-25 11:53:12 +02:00
Rasmus Lerchedahl Petersen
c70cf6d780 Python: better (if imperfect) handling of phi node 2020-06-23 17:25:33 +02:00
Rasmus Lerchedahl Petersen
a55b4660d4 Python: support for with-definitions 2020-06-23 07:45:30 +02:00
Rasmus Lerchedahl Petersen
aa04a2a476 Python: sync dataflow files 2020-06-22 14:56:11 +02:00
Rasmus Lerchedahl Petersen
13bb971b05 Python: sort out some enclosing callable confusion 2020-06-22 14:26:25 +02:00
Rasmus Lerchedahl Petersen
8d564e06d7 Python: sync data flow files 2020-06-22 12:16:11 +02:00
Rasmus Lerchedahl Petersen
cc8367bff2 Python: update readme with lessons learned 2020-06-22 11:22:32 +02:00
Rasmus Lerchedahl Petersen
47819bbcda Python: obtain remaining expected flows 
- implement encosing callable for more nodes
 - implement extra flow for ESSA global variables
 2020-06-22 07:36:09 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
Rasmus Lerchedahl Petersen
5a864aab87 Python: override genEnclosingCallable 
achieved flow out of functions!
 2020-06-19 07:29:46 +02:00
Rasmus Lerchedahl Petersen
9669a6a4dc Python: test for getASuccessor 
also align test names
 2020-06-18 15:10:45 +02:00
Rasmus Lerchedahl Petersen
03b26f7ebe Python: Remove excessive type pruning 2020-06-18 13:58:47 +02:00
Rasmus Lerchedahl Petersen
1562f5c69a Python: General comment on dataflow 
between SSA variables and control flow nodes
 2020-06-18 07:52:29 +02:00
Rasmus Lerchedahl Petersen
d283919b92 Python: implemented ParameterNode, updated test 2020-06-18 07:45:16 +02:00