hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,712 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
4e3ae98ddf Python: CG trace: Handle list-comprehension and iteration 
Which relies on LOAD_CONST and MAKE_FUNCTION
 2020-07-21 19:54:59 +02:00
Rasmus Wriedt Larsen
58f11194a8 Python: CG trace: Refactoring 2020-07-21 19:53:05 +02:00
Rasmus Wriedt Larsen
290eb638f9 Python: CG trace: Handle SystemExit 
otherwise, with-exit would end the tracer without producing any output :|
 2020-07-21 19:40:58 +02:00
Rasmus Wriedt Larsen
296d7d1725 Python: CG trace: Allow tracing modules 
As would normally be invoked by `python -m <module-name>` now works with
`cg-trace --module <module-name>`.

This is useful for tracing invocations of `pytest`.
 2020-07-21 19:39:51 +02:00
Owen Mansel-Chan
3018874f69 Merge pull request #259 from gagliardetto/oauth2-fixed-state 
CWE-352: Use of constant `state` in Oauth2 flow
 2020-07-21 17:11:46 +01:00
Chris Smowton
09990f9764 Configure plugin AST printer to ignore comments and only print one file 2020-07-21 17:01:07 +01:00
Chris Smowton
b8c4004c59 PrintAst: support excluding comments 2020-07-21 17:01:07 +01:00
Chris Smowton
e0aa59ced1 PrintAst: improve support for restricting subsets of the AST to print 
* Exclude function definitions, not just their children, when excluded by configuration
* Allow excluding files
* Test both features
 2020-07-21 17:00:28 +01:00
Chris Smowton
a625a4c7d5 Merge pull request #263 from smowton/smowton/feature/order-functypeexpr-children 
PrintAst: order parameter and result declarations
 2020-07-21 15:47:26 +01:00
Rasmus Wriedt Larsen
91e6222662 Python: Fix SSTI query by importing UntrustedStringKind 
Without a concrete ExternalStringKind class, there will be no flow for
ExternalStringKind by default.
 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
9dbd280d31 Python: Fix syntax error 2020-07-21 18:01:27 +05:30
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
89e8202d11 Python: CG trace: Add some tests using classes 2020-07-21 11:16:52 +02:00
Rasmus Wriedt Larsen
eeeadad359 Python: CG trace: Don't commit examples traces all the time 2020-07-21 11:14:07 +02:00
Rasmus Wriedt Larsen
38af1930fe Python: CG trace: Rename ValidRecordedCall to IdentifiedRecordedCall 2020-07-21 10:19:47 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Andrew Eisenberg
f35343e618 Merge pull request #262 from aeisenberg/aeisenberg/print-ast 
Add the printAst contextual query
 2020-07-20 11:11:42 -07:00
Slavomir
02b5fce67e Add go.mod to CWE-352 test folder 2020-07-20 17:46:12 +03:00
Chris Smowton
ce0cc31b03 PrintAst: order parameter and result declarations 
This adds support for generally overriding the default AstNode child ordering, and uses it to sort parameter and result declarations in the context of a FuncTypeExpr in left-to-right textual order.
 2020-07-20 14:32:42 +01:00
Remco Vermeulen
c2733ad22e Apply grammar suggestions 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-20 14:55:00 +02:00
Rasmus Wriedt Larsen
bbfea44db0 Python: CG trace: Handle multiple calls to same func on same line 
Such as

```
one(); one()
```

Now there are no InvalidRecordedCall in the current examples.
 2020-07-20 14:54:05 +02:00
Rasmus Wriedt Larsen
cb98f4433d Python: CG trace: Handle multiple calls on one line 
Reduced number of InvalidRecordedCall from 16 to 2. This is the calls

```
one(); one()
```

since they are not distinguishable from the expression.
 2020-07-20 14:07:09 +02:00
Rasmus Wriedt Larsen
a1c1ab080b Python: CG trace: Add examples of multiple calls on one line 
There are currently 16 InvalidRecordedCall
 2020-07-20 14:03:37 +02:00
Rasmus Wriedt Larsen
49a90c058d Python: CG trace: minor adjustment to recreate-dh.sh 2020-07-20 13:00:47 +02:00
Rasmus Wriedt Larsen
5ef817012a Python: CG trace: restructure QL for new XML format 2020-07-20 13:00:07 +02:00
Rasmus Wriedt Larsen
c2748bf7cf Python: CG trace: reconstruct call expr from bytecode 
So we can differentiate multiple calls in one line.
 2020-07-20 11:28:05 +02:00
Rasmus Wriedt Larsen
d46b410111 Python: CG trace: Proper exception handling 2020-07-20 01:22:33 +02:00
intrigus
f94055fa2c Move tainted path ad-hoc guard back. 2020-07-19 00:19:29 +02:00
intrigus
33526f61a8 Make path creation subclasses private. 2020-07-19 00:11:04 +02:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
intrigus
4570444c7e Rename to getAnInput and clarify doc. 2020-07-19 00:10:13 +02:00
Rasmus Wriedt Larsen
10ec1e078a Python: CG trace: Better type hints 2020-07-18 17:56:56 +02:00
Rasmus Wriedt Larsen
8b6de17461 Python: CG trace: Use logging module for debuging 2020-07-18 17:56:10 +02:00
Rasmus Wriedt Larsen
acc5f70d4a Python: CG trace: Python 3.7 is minimal version 2020-07-18 17:10:53 +02:00
Robert Marsh
0bb6d0c7ca C++: make IR BarrierGuard::checks match AST 2020-07-17 15:43:57 -07:00
Andrew Eisenberg
0ae1330c02 Add the printAst contextual query 
This is similar to the cpp query for printing the AST in the
context of VS Code.

This PR also includes a small refactoring to extract the
`getEncodedFile` predicate to a new `qll` file.
 2020-07-17 10:12:48 -07:00
Taus Brock-Nannestad
cec3694c89 Python: Add type tracker and step summary implementation. 2020-07-17 16:36:56 +02:00
Calum Grant
79f412ff54 C#: Fix tags typo 2020-07-17 15:30:33 +01:00
Rasmus Wriedt Larsen
6c60881cbe Python: CG trace: Move code to src/ 
As recommended in https://blog.ionelmc.ro/2014/05/25/python-packaging/ and
following pattern of black and pytest
 2020-07-17 14:41:49 +02:00
Rasmus Wriedt Larsen
0a0c24f3c5 Python: CG trace: Make code modular 2020-07-17 14:40:54 +02:00
Rasmus Wriedt Larsen
94a03d73a3 Python: CG trace: blackify 
And make code pass flake8 tests
 2020-07-17 13:49:25 +02:00
Slavomir
27f62b0b3a Fix examples 2020-07-17 13:12:18 +03:00
Slavomir
ee2804dfb1 Improve comments 2020-07-17 11:01:25 +03:00
Raul Garcia (MSFT)
5387294168 Moving to experimental as requested 2020-07-16 09:32:17 -07:00
Rasmus Wriedt Larsen
1c2e259970 Python: CG trace: Handle builtins 2020-07-16 18:04:04 +02:00
Slavomir
ee4356501a Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-16 18:36:40 +03:00
Slavomir
fb78818db7 Fix .expected 2020-07-16 18:33:35 +03:00
Slavomir
ef7198c0cb Improve query scenarios 2020-07-16 18:29:15 +03:00
Rasmus Wriedt Larsen
92e8e1622c Python: CG trace: move traces to own dir 2020-07-16 16:47:23 +02:00