hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-02 13:48:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,728 Branches 164 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
44ba3469db Python: Model response_class attribute of Flask class 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
082e35c2c7 Python: Model mimetype instead of content-type for HTTP Response 
Since that's really what we're after (at least for now)
 2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen
81a42b73a8 Python: Model flask.Response 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
1f99bbf744 Python: Model flask.Response 
I kept `Response::instance()` predicate even though we don't need it for
anything right now, I thought it could be nice to keep for the future.
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
7894d01248 Python: Add test for mimetype/headers priority 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
35334cf630 Python: Remove status code modeling 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
19dc04de3c Python: Handle make_response on flask app 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
e38ac18e46 Python: Add (only) basic $HttpResponse tag to other tests files 
This seems really nice to me, but you might disagree
 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
8b0b87ae62 Python: Model flask.make_response 2020-10-23 14:31:29 +02:00
Rasmus Wriedt Larsen
e93c20a7a8 Python: You can supply defaults for HTTP Response properties 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
87f31a96d7 Python: Add flask_attr helper 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
bfc29bb349 Python: Add annotations for flask response tests 
The fact that we need to add routeSetup and routeHandler annotations is sort of
annoying :|
 2020-10-23 14:31:27 +02:00
Rasmus Wriedt Larsen
47dcc09992 Python: Add tests for creating HTTP responses in flask 
Which is runnable, if you have flask installed locally
 2020-10-23 14:31:26 +02:00
Rasmus Wriedt Larsen
8aaa36bd99 Python: Port ReflectedXss query (and tests) 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
df6fd53a7e Python: Add HttpResponse concept 
We might need to rework this a bit when we also start to handle redirects. I
could see a world where we simply allow http redirects to be subclasses of http
responses, and need to manually exclude them from queries (or create
HttpContentResponse to model the HttpResponses that will contain a body). Let us
see where the wind will take us.

I looked through JS and Go libraries, but I didn't feel their modeling would map
very well to Python.
 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
0d6165883c Python: Fix spelling for Server::RouteSetup documentation 2020-10-23 14:31:24 +02:00
CodeQL CI
bbda22c769 Merge pull request #4534 from RasmusWL/python-update-flask-modeling 
Approved by tausbn
 2020-10-23 13:28:19 +01:00
Rasmus Wriedt Larsen
b3e53f8d0a Python: Model django.conf.urls.url (v 1.x) 2020-10-23 14:26:37 +02:00
Arthur Baars
f6292e437e Merge pull request #4 from github/shared_lib 
Add library package for shared code
 2020-10-23 14:18:42 +02:00
Taus Brock-Nannestad
6d81ca12c4 Python: Fix bad join order in adjacentUseUseSameVar 2020-10-23 14:08:45 +02:00
Nick Rolfe
849e109583 Add library package for shared code 2020-10-23 13:01:17 +01:00
Rasmus Wriedt Larsen
ed0fe29d7d Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 13:53:16 +02:00
Rasmus Wriedt Larsen
be166d9c02 Python: Expand Django 2/3 routing tests with 1.x way 
Added it to the `testapp` so it's easy to run the server to SEE that it works.

Added it to `routing_test` so it's obvious this is supported by our modeling
when we _know_ it's running Django 2/3.
 2020-10-23 13:43:27 +02:00
yoff
462e839a83 Update python/ql/src/experimental/Security-new-dataflow/CWE-022/PathInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-23 13:35:13 +02:00
luchua-bc
f5f7259937 Revamp the query to implement AdditionalTaintStep 2020-10-23 12:00:36 +01:00
luchua-bc
3c5c8494b1 Refine the query to check intents coming from outside only 2020-10-23 11:58:16 +01:00
luchua-bc
f86413a9b5 text changes 2020-10-23 11:58:12 +01:00
Bt2018
2ddeb0b169 Add method access qualifier as source 2020-10-23 11:57:02 +01:00
luchua-bc
f5ca459795 Add remote source of Android intent extra 2020-10-23 11:57:01 +01:00
Jonas Jensen
08bf464437 Merge pull request #4540 from criemen/printast-performance 
C++: Improve PrintAST performance if only individual files are printed
 2020-10-23 12:46:34 +02:00
Rasmus Wriedt Larsen
ae60ac211b Python: Annotate django v1 routing tests 
Again need to remove trailing $, since inline-expectation tests still don't
handle $
 2020-10-23 12:05:05 +02:00
Rasmus Wriedt Larsen
78ab637b54 Python: Port django v1 tests 2020-10-23 12:00:27 +02:00
Sauyon Lee
64ac49a618 Merge pull request #380 from sauyon/funtionmodel-shortcuts 
Add utility predicates to FunctionModel
 2020-10-23 02:26:51 -07:00
Chris Smowton
e9278b5477 Merge pull request #386 from smowton/smowton/admin/improve-error-messages 
Improve error messages
 2020-10-23 08:27:03 +01:00
Rasmus Lerchedahl Petersen
f88cc3c98e Python: Use custom PathGraph 2020-10-23 01:10:21 +02:00
Arthur Baars
305fd566a8 Merge pull request #3 from github/aibaars/codeql-extractor-yaml 
Basic CodeQL extractor configuration and autobuild scripts
 2020-10-22 22:23:44 +02:00
Chris Smowton
26b7deccf5 Autobuilder: fall back when os.Executable fails 
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
 2020-10-22 20:04:47 +02:00
Rasmus Wriedt Larsen
41ec4f8166 Python: Use FlaskModel as workaround name 
As suggested by Taus 👍
 2020-10-22 19:13:26 +02:00
Francis Alexander
5d5b84974b Play remote source update to return functionaccessexpr 2020-10-22 22:29:43 +05:30
Dave Bartolomeo
99072483b8 Fix PR feedback 2020-10-22 12:55:40 -04:00
Francis Alexander
d216dcdee0 updates & conflict marker removal 2020-10-22 22:25:36 +05:30
Dave Bartolomeo
b62bda6c3a Fix regression due to primary instructions for side effects not being computed correctly in the presence of synthetic temporary objects. 2020-10-22 12:55:30 -04:00
Arthur Baars
e16b85e511 Add codeql-extractor config 2020-10-22 18:30:57 +02:00
Sauyon Lee
47f40d5f3e Add tests for log frameworks 2020-10-22 09:18:53 -07:00
Sauyon Lee
671b427e1e Add shared testing framework 
It has been modified to use `hasLocation` instead of `Location`
 2020-10-22 09:18:52 -07:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Francis Alexander
518de822e1 updates 2020-10-22 20:47:11 +05:30
Francis Alexander
5c256dadc8 Feedback incorporation and documentation updates 2020-10-22 20:27:38 +05:30
Francis Alexander
f7d63f8666 Feedback incorporation and documentation updates 2020-10-22 20:21:47 +05:30
Francis Alexander
33f7d52a46 Naming Fixes 2020-10-22 20:20:52 +05:30