hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,697 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
58f11194a8 Python: CG trace: Refactoring 2020-07-21 19:53:05 +02:00
Rasmus Wriedt Larsen
290eb638f9 Python: CG trace: Handle SystemExit 
otherwise, with-exit would end the tracer without producing any output :|
 2020-07-21 19:40:58 +02:00
Rasmus Wriedt Larsen
296d7d1725 Python: CG trace: Allow tracing modules 
As would normally be invoked by `python -m <module-name>` now works with
`cg-trace --module <module-name>`.

This is useful for tracing invocations of `pytest`.
 2020-07-21 19:39:51 +02:00
Rasmus Wriedt Larsen
91e6222662 Python: Fix SSTI query by importing UntrustedStringKind 
Without a concrete ExternalStringKind class, there will be no flow for
ExternalStringKind by default.
 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
9dbd280d31 Python: Fix syntax error 2020-07-21 18:01:27 +05:30
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
89e8202d11 Python: CG trace: Add some tests using classes 2020-07-21 11:16:52 +02:00
Rasmus Wriedt Larsen
eeeadad359 Python: CG trace: Don't commit examples traces all the time 2020-07-21 11:14:07 +02:00
Rasmus Wriedt Larsen
38af1930fe Python: CG trace: Rename ValidRecordedCall to IdentifiedRecordedCall 2020-07-21 10:19:47 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Remco Vermeulen
c2733ad22e Apply grammar suggestions 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-20 14:55:00 +02:00
Rasmus Wriedt Larsen
bbfea44db0 Python: CG trace: Handle multiple calls to same func on same line 
Such as

```
one(); one()
```

Now there are no InvalidRecordedCall in the current examples.
 2020-07-20 14:54:05 +02:00
Rasmus Wriedt Larsen
cb98f4433d Python: CG trace: Handle multiple calls on one line 
Reduced number of InvalidRecordedCall from 16 to 2. This is the calls

```
one(); one()
```

since they are not distinguishable from the expression.
 2020-07-20 14:07:09 +02:00
Rasmus Wriedt Larsen
a1c1ab080b Python: CG trace: Add examples of multiple calls on one line 
There are currently 16 InvalidRecordedCall
 2020-07-20 14:03:37 +02:00
Rasmus Wriedt Larsen
49a90c058d Python: CG trace: minor adjustment to recreate-dh.sh 2020-07-20 13:00:47 +02:00
Rasmus Wriedt Larsen
5ef817012a Python: CG trace: restructure QL for new XML format 2020-07-20 13:00:07 +02:00
Rasmus Wriedt Larsen
c2748bf7cf Python: CG trace: reconstruct call expr from bytecode 
So we can differentiate multiple calls in one line.
 2020-07-20 11:28:05 +02:00
Rasmus Wriedt Larsen
d46b410111 Python: CG trace: Proper exception handling 2020-07-20 01:22:33 +02:00
intrigus
f94055fa2c Move tainted path ad-hoc guard back. 2020-07-19 00:19:29 +02:00
intrigus
33526f61a8 Make path creation subclasses private. 2020-07-19 00:11:04 +02:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
intrigus
4570444c7e Rename to getAnInput and clarify doc. 2020-07-19 00:10:13 +02:00
Rasmus Wriedt Larsen
10ec1e078a Python: CG trace: Better type hints 2020-07-18 17:56:56 +02:00
Rasmus Wriedt Larsen
8b6de17461 Python: CG trace: Use logging module for debuging 2020-07-18 17:56:10 +02:00
Rasmus Wriedt Larsen
acc5f70d4a Python: CG trace: Python 3.7 is minimal version 2020-07-18 17:10:53 +02:00
Robert Marsh
0bb6d0c7ca C++: make IR BarrierGuard::checks match AST 2020-07-17 15:43:57 -07:00
Taus Brock-Nannestad
cec3694c89 Python: Add type tracker and step summary implementation. 2020-07-17 16:36:56 +02:00
Calum Grant
79f412ff54 C#: Fix tags typo 2020-07-17 15:30:33 +01:00
Rasmus Wriedt Larsen
6c60881cbe Python: CG trace: Move code to src/ 
As recommended in https://blog.ionelmc.ro/2014/05/25/python-packaging/ and
following pattern of black and pytest
 2020-07-17 14:41:49 +02:00
Rasmus Wriedt Larsen
0a0c24f3c5 Python: CG trace: Make code modular 2020-07-17 14:40:54 +02:00
Rasmus Wriedt Larsen
94a03d73a3 Python: CG trace: blackify 
And make code pass flake8 tests
 2020-07-17 13:49:25 +02:00
Raul Garcia (MSFT)
5387294168 Moving to experimental as requested 2020-07-16 09:32:17 -07:00
Rasmus Wriedt Larsen
1c2e259970 Python: CG trace: Handle builtins 2020-07-16 18:04:04 +02:00
Rasmus Wriedt Larsen
92e8e1622c Python: CG trace: move traces to own dir 2020-07-16 16:47:23 +02:00
Geoffrey White
2e5af67626 Merge pull request #3952 from MathiasVP/output-parameter-index-for-UserDefinedFormattingFunction 
C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction class.
 2020-07-15 18:11:09 +01:00
Nick Rolfe
c7b668193b Merge pull request #3929 from igfoo/static_assert 
C++: Give static assertions an enclosing element
 2020-07-15 18:03:26 +01:00
Mathias Vorreiter Pedersen
289a908eb8 C++: Update qldoc in reponse to PR comments 2020-07-15 16:24:47 +02:00
Mathias Vorreiter Pedersen
c4b97a3a62 C++: Accept more test changes 2020-07-15 16:19:51 +02:00
Geoffrey White
c4940aaa86 Merge branch 'master' into copymove 2020-07-15 15:01:01 +01:00
Rasmus Wriedt Larsen
abcc76baec Python: CG trace: use lxml to pretty-print xml 2020-07-15 14:48:58 +02:00
Mathias Vorreiter Pedersen
edc33b6516 C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction and accept test changes 2020-07-15 14:46:08 +02:00
Mathias Vorreiter Pedersen
d711c22cd2 C++: Add testcase demonstrating lost query results 2020-07-15 14:42:45 +02:00
Rasmus Wriedt Larsen
7ac4ea9bf1 Python: CG trace: use standardized etree import 
makes it easy to switch out XML library.
 2020-07-15 14:41:39 +02:00
Rasmus Wriedt Larsen
ba4207fc90 Python: CG trace: sort output before writing/printing 
Allows comparing output of one run with another
 2020-07-15 14:37:41 +02:00
Rasmus Wriedt Larsen
e6873956ca Python: CG trace: add canonic_filename helper 2020-07-15 14:25:42 +02:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Robert Marsh
7dd2677746 Merge pull request #3950 from MathiasVP/simple-range-analysis-unsigned-multiplication-tests 
C++: Add test cases for range analysis for unsigned multiplication
 2020-07-14 14:18:06 -07:00
Raul Garcia (MSFT)
896cdf9b12 Merge branch 'master' of https://github.com/github/codeql 2020-07-14 11:16:51 -07:00
Mathias Vorreiter Pedersen
174b30461a C++: Fix syntax error in testfile 2020-07-14 19:47:21 +02:00