hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d2b90662a3 Python: implement ToString on mappings 2020-10-14 17:31:13 +02:00
Taus
466c22f4a8 Merge pull request #4435 from RasmusWL/python-port-code-injection 
Python: port code injection query
 2020-10-14 16:41:42 +02:00
Rasmus Lerchedahl Petersen
6a3aed337f Python self -> range 2020-10-14 16:35:43 +02:00
Rasmus Lerchedahl Petersen
352418cb5d Python: track safe loaders 2020-10-14 16:33:55 +02:00
Taus Brock-Nannestad
f8190feef2 Python: Fix divergence in tuple/subscripted type toString 
A slightly more complicated version of the situation in
https://github.com/github/codeql/pull/2507 could cause the `toString`
calculation to diverge. Although the previous PR took tuples nested
inside tuples into account (and subscripted types cannot be nested
inside each other in our modelling), it did not account for having
this nesting be interleaved, and this is what caused the divergence.

I have not done the usual "test case first to show the problem
exists", since this would also diverge and take forever to fail. The
instance observed in `scipy` was likely caused by something akin to

```python
x = ()
while True:
    x = x[(x,)]
```

Finally, to prevent this from happening with other types, I went
through and checked each instance where the string representation of
an `ObjectInternal` might potentially contain a reference to
itself (and thus explode). I encapsulated this in a
`bounded_toString` helper predicate, and used this in all the cases
where I was able to determine that the above _could_ happen.
 2020-10-14 16:13:03 +02:00
yoff
5f6f85c998 Merge pull request #4465 from tausbn/python-remove-essa-flow 
Python: Remove flow between ESSA variables
 2020-10-14 15:37:39 +02:00
Rasmus Lerchedahl Petersen
b8cba381cf Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization 2020-10-14 15:01:30 +02:00
Tamas Vajk
5a91736b7a C#: Change public fields to properties 2020-10-14 14:44:01 +02:00
Rasmus Lerchedahl Petersen
3a281a1bd6 Python: Adjust comments and tests 2020-10-14 14:40:11 +02:00
Rasmus Wriedt Larsen
5db4f906d0 Merge branch 'main' into python-port-code-injection 2020-10-14 14:22:02 +02:00
Tom Hvitved
91806da2fa C#: Address review comments 2020-10-14 14:15:34 +02:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Tom Hvitved
444e607338 C#: Add missing flow through library code using params arguments 2020-10-14 14:15:34 +02:00
Tom Hvitved
f2dc2d912a C#: Add inter-procedural data-flow test for StringBuilder 2020-10-14 14:15:34 +02:00
yoff
ffe79f688d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 14:08:16 +02:00
Ian Lynagh
9e518d2555 C++: Accept test change for p#n -> (unnamed parameter n) 2020-10-14 12:59:47 +01:00
Tom Hvitved
2af7e1c213 C#: Use CFG nodes instead of AST nodes in sign/modulus analysis 2020-10-14 13:39:44 +02:00
Taus
92ccb795fd Merge pull request #4415 from RasmusWL/python-flask-routed-parameter 
Python: Add support for routed parameters in flask
 2020-10-14 13:29:51 +02:00
Tamas Vajk
1094d192ab C#: Change extraction of NamespaceDeclarations to have ID based on the location 2020-10-14 13:26:01 +02:00
Rasmus Wriedt Larsen
1fde477a8f Python: Refactor argument matching 2020-10-14 13:22:35 +02:00
Rasmus Wriedt Larsen
680a6eb2a6 Python: Refactor argument matching (more) 2020-10-14 13:21:04 +02:00
Rasmus Wriedt Larsen
61ecec7d17 Merge pull request #4467 from tausbn/python-fix-import-type-tracking 
Python: Fix unwanted module type tracking
 2020-10-14 13:08:57 +02:00
Tamas Vajk
5fae440a58 C#: Reverse assignment child nodes in AST 2020-10-14 12:49:08 +02:00
Tamas Vajk
ee9a40e16d C#: Remove location from base types in the AST 2020-10-14 12:49:08 +02:00
yoff
27f474f0e9 Merge pull request #4429 from RasmusWL/python-model-invoke 
Python: model invoke library
 2020-10-14 12:13:35 +02:00
Rasmus Lerchedahl Petersen
dc7e7890f0 Python: Clearer naming and comments (I hope) 2020-10-14 12:03:05 +02:00
Taus Brock-Nannestad
f3c07e3849 Python: Fix up import helper tests 2020-10-14 11:58:14 +02:00
Max Schaefer
4100ab2919 JavaScript: Add another test to show that flow through functions still works. 2020-10-14 10:03:27 +01:00
Max Schaefer
1c04c07f07 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. 2020-10-14 10:03:04 +01:00
Tamás Vajk
8127d9b93e Merge pull request #4404 from tamasvajk/feature/cleanup-2 
C# extractor code cleanup
 2020-10-14 11:02:40 +02:00
Rasmus Wriedt Larsen
b0cfa1d92d Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:53:18 +02:00
Rasmus Wriedt Larsen
bfa5d18476 Python: Use new importNode 2020-10-14 10:49:38 +02:00
Rasmus Wriedt Larsen
7d600e4e8e Merge branch 'main' into python-port-code-injection 2020-10-14 10:48:38 +02:00
Rasmus Wriedt Larsen
4d9d2155fc Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:44:58 +02:00
Rasmus Wriedt Larsen
b0e79890e6 Python: Use new importNode 2020-10-14 10:43:22 +02:00
Rasmus Wriedt Larsen
4597ba64d0 Merge branch 'main' into python-model-invoke 2020-10-14 10:41:37 +02:00
Rasmus Wriedt Larsen
eff47457bf Python: Refactor argument matching 2020-10-14 10:37:38 +02:00
Rasmus Wriedt Larsen
2ea71f574c Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:37:37 +02:00
Rasmus Wriedt Larsen
2e30f58aa2 Python: Use new importNode 2020-10-14 10:37:36 +02:00
Rasmus Wriedt Larsen
ecf70c5f30 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-14 10:36:43 +02:00
Tom Hvitved
952b2da7d4 C#: Add copy of ControlFlowReachability.qll to be used by sign/modulus analysis 2020-10-14 10:28:08 +02:00
Tom Hvitved
c32242ed50 C#: Simplify ControlFlowReachability.qll 2020-10-14 10:28:07 +02:00
Rasmus Wriedt Larsen
74bd045488 Python: Make "..Call" modeling classes extend DataFlow::CfgNode 2020-10-14 10:24:46 +02:00
Rasmus Wriedt Larsen
ba158f3317 Python: Use new importNode 2020-10-14 10:17:35 +02:00
Rasmus Wriedt Larsen
49d2e68d12 Merge branch 'main' into python-flask-routed-parameter 2020-10-14 10:16:00 +02:00
Rasmus Lerchedahl Petersen
b0ebb5b6d1 Python: Adjust tag format 2020-10-14 09:51:24 +02:00
Rasmus Lerchedahl Petersen
93383747bd Python: Use more common name for concept 2020-10-14 09:28:58 +02:00
Rasmus Lerchedahl Petersen
a76d276b48 Python: Adjust getARelevantTag 2020-10-14 08:44:04 +02:00
yoff
3b9ea3a958 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 08:24:26 +02:00
Jonathan Leitschuh
fc71ca747d Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile 2020-10-13 21:15:09 -04:00