hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
6c4a1d0a34 Merge pull request #264 from smowton/smowton/feature/printast-restrict-files 
PrintAst: improve support for restricting subsets of the AST to print
 2020-07-22 15:20:14 +01:00
Remco Vermeulen
3320061178 Add and adjust QL docs for classes and predicates 2020-07-22 16:04:55 +02:00
Remco Vermeulen
2c42d3cca5 Extract additional taint steps 
This is done for logical cohesion. We already have the capability of
extending additional taint steps by extending
`TaintTracking::AdditionalTaintStep`.
 2020-07-22 16:04:55 +02:00
Remco Vermeulen
57e7411c0a Extract Ldap injection sanitizers to importable lib 
This includes a new abstract class that represents all the Ldap injection
santizers and can be used to add additional santizers through
extension.
 2020-07-22 16:04:55 +02:00
Remco Vermeulen
0d5f9113a3 Extract ldap injection sink into importable library 2020-07-22 16:04:55 +02:00
Rasmus Wriedt Larsen
746c577d72 Python: CG trace: Update naming and add QLDoc 2020-07-22 15:49:11 +02:00
Rasmus Wriedt Larsen
67b45164eb Python: CG trace: Partial matching of BytecodeExpr and AST not safe 2020-07-22 15:19:57 +02:00
Chris Smowton
f8d141f7ff PrintAst: Sort root File nodes by relative path. 
This should make graphtext output deterministic, rather than depending on the order the results interpretation step happens to see the nodes.
 2020-07-22 13:43:34 +01:00
Rasmus Wriedt Larsen
1e89388f2b Python: CG trace: Don't abuse example dir 2020-07-22 14:22:04 +02:00
Rasmus Wriedt Larsen
ad2e336ead Python: CG trace: Autoformat 2020-07-22 13:53:22 +02:00
Sauyon Lee
c9df4d81b4 Add correctness tag to MistypedExponentiation 2020-07-22 04:26:56 -07:00
Rasmus Wriedt Larsen
ccffa7d99d Python: CG trace: Ignore some calls for call-grahp metrics 
and provide some internal metrics as well
 2020-07-22 13:12:52 +02:00
Chris Smowton
c30d198f3d Switch to using top-level function declarations to filter PrintAst 
This means it's no longer possible to ask for the AST of a function literal, but this is hopefully a niche use-case that we can add if and when there is demand.
 2020-07-22 10:40:41 +01:00
Rasmus Wriedt Larsen
b227a7ec90 Python: CG trace: Add overall metrics query 2020-07-22 00:55:53 +02:00
Rasmus Wriedt Larsen
278ab4b883 Python: CG trace: Much improved toString for QL 2020-07-22 00:55:53 +02:00
Rasmus Wriedt Larsen
a5838b66ed Python: CG trace: Small improvements to QL code 2020-07-22 00:00:17 +02:00
Rasmus Wriedt Larsen
b86ca19264 Python: CG trace: Apply better_compare_for_dataclass to all 2020-07-21 23:37:33 +02:00
Rasmus Wriedt Larsen
9bff615fad Python: CG trace: Handle BUILD_LIST 2020-07-21 23:08:33 +02:00
Rasmus Wriedt Larsen
8c8656ccca Python: CG trace: Handle BUILD_TUPLE 2020-07-21 23:05:49 +02:00
Rasmus Wriedt Larsen
0d05d96b50 Python: CG trace: Handle CALL_FUNCTION_EX 2020-07-21 22:54:45 +02:00
Rasmus Wriedt Larsen
3539798c22 Python: CG trace: ignore with statement for now 2020-07-21 22:54:19 +02:00
Rasmus Wriedt Larsen
4843d29ad6 Python: CG trace: Cache calls seen 
This improved runtime from ~10 seconds to 1 seconds when running one of the
tests fo wcwidth
 2020-07-21 22:54:10 +02:00
Rasmus Wriedt Larsen
ebbea0cd61 Python: CG trace: Ignore IMPORT_NAME 2020-07-21 22:17:17 +02:00
Rasmus Wriedt Larsen
6830804112 Python: CG trace: More logging 2020-07-21 22:08:15 +02:00
Rasmus Wriedt Larsen
3752a25665 Python: CG trace: Handle LOAD_DEREF 2020-07-21 22:02:25 +02:00
Rasmus Wriedt Larsen
61b1d3eef3 Python: CG trace: Handle subscript 2020-07-21 21:45:53 +02:00
Rasmus Wriedt Larsen
79c2c682d7 Python: CG trace: Nicer logging 2020-07-21 21:34:20 +02:00
Rasmus Wriedt Larsen
0a7e6a9938 Python: CG trace: Avoid handling jumps for now 2020-07-21 20:07:33 +02:00
Rasmus Wriedt Larsen
4e3ae98ddf Python: CG trace: Handle list-comprehension and iteration 
Which relies on LOAD_CONST and MAKE_FUNCTION
 2020-07-21 19:54:59 +02:00
Rasmus Wriedt Larsen
58f11194a8 Python: CG trace: Refactoring 2020-07-21 19:53:05 +02:00
Rasmus Wriedt Larsen
290eb638f9 Python: CG trace: Handle SystemExit 
otherwise, with-exit would end the tracer without producing any output :|
 2020-07-21 19:40:58 +02:00
Rasmus Wriedt Larsen
296d7d1725 Python: CG trace: Allow tracing modules 
As would normally be invoked by `python -m <module-name>` now works with
`cg-trace --module <module-name>`.

This is useful for tracing invocations of `pytest`.
 2020-07-21 19:39:51 +02:00
Owen Mansel-Chan
3018874f69 Merge pull request #259 from gagliardetto/oauth2-fixed-state 
CWE-352: Use of constant `state` in Oauth2 flow
 2020-07-21 17:11:46 +01:00
Chris Smowton
09990f9764 Configure plugin AST printer to ignore comments and only print one file 2020-07-21 17:01:07 +01:00
Chris Smowton
b8c4004c59 PrintAst: support excluding comments 2020-07-21 17:01:07 +01:00
Chris Smowton
e0aa59ced1 PrintAst: improve support for restricting subsets of the AST to print 
* Exclude function definitions, not just their children, when excluded by configuration
* Allow excluding files
* Test both features
 2020-07-21 17:00:28 +01:00
Chris Smowton
a625a4c7d5 Merge pull request #263 from smowton/smowton/feature/order-functypeexpr-children 
PrintAst: order parameter and result declarations
 2020-07-21 15:47:26 +01:00
Rasmus Wriedt Larsen
91e6222662 Python: Fix SSTI query by importing UntrustedStringKind 
Without a concrete ExternalStringKind class, there will be no flow for
ExternalStringKind by default.
 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
9dbd280d31 Python: Fix syntax error 2020-07-21 18:01:27 +05:30
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
89e8202d11 Python: CG trace: Add some tests using classes 2020-07-21 11:16:52 +02:00
Rasmus Wriedt Larsen
eeeadad359 Python: CG trace: Don't commit examples traces all the time 2020-07-21 11:14:07 +02:00
Rasmus Wriedt Larsen
38af1930fe Python: CG trace: Rename ValidRecordedCall to IdentifiedRecordedCall 2020-07-21 10:19:47 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Andrew Eisenberg
f35343e618 Merge pull request #262 from aeisenberg/aeisenberg/print-ast 
Add the printAst contextual query
 2020-07-20 11:11:42 -07:00
Slavomir
02b5fce67e Add go.mod to CWE-352 test folder 2020-07-20 17:46:12 +03:00
Chris Smowton
ce0cc31b03 PrintAst: order parameter and result declarations 
This adds support for generally overriding the default AstNode child ordering, and uses it to sort parameter and result declarations in the context of a FuncTypeExpr in left-to-right textual order.
 2020-07-20 14:32:42 +01:00
Remco Vermeulen
c2733ad22e Apply grammar suggestions 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-20 14:55:00 +02:00
Rasmus Wriedt Larsen
bbfea44db0 Python: CG trace: Handle multiple calls to same func on same line 
Such as

```
one(); one()
```

Now there are no InvalidRecordedCall in the current examples.
 2020-07-20 14:54:05 +02:00