hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,044 Commits 1,681 Branches 158 Tags
fffc88ea5b853ef9ed85feb30d3c8145309f2875
Commit Graph

1105 Commits

Author SHA1 Message Date
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Taus
7716cff3d8 Merge pull request #3551 from RasmusWL/python-fix-upcoming-deprecation 
Python: Fix (upcoming) deprecation compiler-warnings
 2020-05-25 16:17:57 +02:00
semmle-qlci
8146073c74 Merge pull request #3553 from RasmusWL/python-fix-tainttracking-import 
Approved by tausbn
 2020-05-25 14:18:54 +01:00
Rasmus Wriedt Larsen
f602f3e1c7 Python: Use proper import for semmle.python.dataflow.TaintTracking 
It was moved in 637677d515, but imports were not
updated.
 2020-05-25 13:45:49 +02:00
Rasmus Wriedt Larsen
6ce1b9f7fa Python: Fix use of StrConst.strValue() 2020-05-25 13:12:56 +02:00
semmle-qlci
ac1a338390 Merge pull request #3407 from RasmusWL/python-add-BoundMethodValue-v2 
Approved by tausbn
 2020-05-25 12:00:45 +01:00
Rasmus Wriedt Larsen
32c8dd0491 Python: Fix (upcoming) deprecation compiler-warnings 
In a near-future release overriding a deprecated predicate without making as
deprecated would give a compiler warning.

Not fixing the XML one. [I can see that this shouldn't be reported
anymore](https://github.com/github/codeql/pull/3520#issuecomment-631552943), and
it's not safe to remove since it was only marked as deprecated in
e6425bb4cf.
 2020-05-25 11:05:30 +02:00
Taus
a2308771a3 Merge pull request #3489 from yoff/DeprecateObject 
Python: Modernise `py/missing-equals`.
 2020-05-25 10:56:16 +02:00
Rasmus Wriedt Larsen
49d7e12acd Python: Remove unnecessary restriction from getNamedArgumentForCall 
As agreed in https://github.com/github/codeql/pull/3407
 2020-05-25 10:17:37 +02:00
Rasmus Wriedt Larsen
87ee6ae101 Python: Add a bit of docs to CallableObjectInternal 
As requested :)
 2020-05-25 09:53:28 +02:00
Rasmus Wriedt Larsen
9e0d57c610 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-25 09:47:01 +02:00
Rasmus Lerchedahl Petersen
3e712be431 Python: Modernise 2020-05-25 09:00:34 +02:00
semmle-qlci
079021a3e9 Merge pull request #3453 from RasmusWL/python-flask-routed-params 
Approved by tausbn
 2020-05-20 14:47:53 +01:00
Rasmus Wriedt Larsen
712d4bd150 Python: Fix typo in docs 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-20 13:06:24 +02:00
Rasmus Lerchedahl Petersen
1817d2af2b Make test for wrong bool type pass 2020-05-14 15:56:57 +02:00
Rasmus Lerchedahl Petersen
d9d86e1f56 Make test pass 2020-05-13 12:16:11 +02:00
Rasmus Wriedt Larsen
8150c78ae0 Python: In flask, taint routed prameters for variable rules 
Fixes https://github.com/github/codeql-python-team/issues/79
 2020-05-12 15:02:32 +02:00
Taus
2502d1c3ed Merge pull request #3410 from RasmusWL/python-fix-3397 
Python: More safe methods for py/modification-of-default-value
 2020-05-07 15:28:24 +02:00
Taus
964b8478dc Merge pull request #3405 from jcreedcmu/jcreed/jump-to-def-python 
Python: Refactor definitions query, add queries for ide search
 2020-05-07 12:51:35 +02:00
Jason Reed
5934345fe3 Python: Fix formatting. 2020-05-06 08:48:45 -04:00
Jason Reed
c759e891d0 Python: Exclude additional tag from LGTM suites 2020-05-05 09:43:40 -04:00
jcreedcmu
6cf30ef87a Update python/ql/src/analysis/DefinitionTracking.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-05-05 09:40:54 -04:00
Rasmus Wriedt Larsen
6488714758 Python: Autoformat 2020-05-05 11:38:17 +02:00
Rasmus Wriedt Larsen
07ae40206f Python: Don't allow getParameter(-1) for BoundMethodValue 
As per discussion in the PR
 2020-05-05 11:37:10 +02:00
Rasmus Wriedt Larsen
4da5222255 Python: More safe methods for py/modification-of-default-value 
Fixes https://github.com/github/codeql/issues/3397
 2020-05-05 11:09:05 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Rasmus Wriedt Larsen
dfe7c8270b Python: Clean up trailing whitespace 2020-05-05 09:55:09 +02:00
Rasmus Wriedt Larsen
87d7738b6e Python: Expand QLDoc for get[Named]ArgumentForCall 2020-05-05 09:54:54 +02:00
Rasmus Wriedt Larsen
061bbb82f5 Python: Restructure getNamedArgumentForCall 
So it matches the structure of getArgumentForCall -- call.getArgByName first!
 2020-05-05 09:00:55 +02:00
Rasmus Wriedt Larsen
838106d49c Python: Refactor get[Named]ArgumentForCall 
Also fixed a bug for BoundMethodValue, as highlighted in the expected diff 👍
 2020-05-04 20:51:23 +02:00
Rasmus Wriedt Larsen
bc92c26e12 Python: Add BoundMethodValue 2020-05-04 20:51:12 +02:00
Rasmus Wriedt Larsen
e9859ad96d Python: Fix getArgumentForCall when using keyword arguments 
Yikes :|
 2020-05-04 20:50:56 +02:00
Jason Reed
c34fa840a2 Python: Use NiceLocationExpr::hasLocationInfo for ide jump-to-def 2020-05-04 11:36:54 -04:00
Jason Reed
b0f72ebb56 Python: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for python source archives.
 2020-05-04 11:27:30 -04:00
Taus
33f4503ac3 Merge pull request #3213 from RasmusWL/python-iter-str-seq-with-tests 
Python: supress non-useful results (w/ tests) for iter str/seq query
 2020-05-01 11:04:05 +02:00
Rasmus Wriedt Larsen
e569d7ae41 Merge branch 'master' into python-parse_qs 2020-04-30 17:05:17 +02:00
Rasmus Wriedt Larsen
e0b4518a3e Merge branch 'master' into python-improve-file-taint 2020-04-30 11:24:29 +02:00
Rasmus Wriedt Larsen
64c013ef4d Merge branch 'master' into python-iter-str-seq-with-tests 2020-04-27 17:20:06 +02:00
Taus
de08433bd3 Merge pull request #3212 from RasmusWL/python-fix-tests-filter 
Python: Fix (some) shortcomings of tests filter
 2020-04-27 11:26:35 +02:00
Taus
bcb980b3d5 Merge pull request #3302 from RasmusWL/python-str-taint-add-methods 
Python: Add taint for string methods
 2020-04-24 16:29:11 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
semmle-qlci
4c7a5007d8 Merge pull request #3314 from RasmusWL/python-model-stdlib-http.server 
Approved by tausbn
 2020-04-24 15:27:21 +01:00
Rasmus Wriedt Larsen
2b3025265b Python: Clean up QLdoc 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-04-24 14:05:02 +02:00
Rasmus Wriedt Larsen
367ee3e8c4 Python: Modernise security/injection/Path.qll 
And we're making things a bit more clean since it's not *any* argument of `open()` that is a taint-sink.
 2020-04-24 12:03:42 +02:00
Rasmus Wriedt Larsen
67837887c8 Python: Modernise security/injection/Exec.qll 2020-04-24 11:59:05 +02:00
Rasmus Wriedt Larsen
8878884724 Python: Rewrite web/stdlib/Request.qll QLDoc to be more clear 2020-04-24 08:07:23 +02:00
Rasmus Wriedt Larsen
23f3736b67 Python: Simplify CgiFieldStorageFieldKind.getTaintOfAttribute 2020-04-24 08:04:55 +02:00
Taus
1d6b6a48ae Merge pull request #2924 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsincall 
Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall
 2020-04-23 17:56:39 +02:00
Rasmus Wriedt Larsen
06edd076b6 Python: Enable taint when iterating over ExternalFileObject 2020-04-23 14:11:50 +02:00
Rasmus Wriedt Larsen
94ae2febe5 Python: Propagate taint through parse_qsl 2020-04-23 12:14:22 +02:00