codeql

mirror of https://github.com/github/codeql.git synced 2026-05-31 03:21:23 +02:00

Files

yoff 1bcaa56b10 Python: rebless second round after shared-CFG dataflow migration

Second batch of test reblessings, capturing changes in result content
(not just toString labels):

- Framework taint/concept tests (fastapi, sqlalchemy, aiohttp, lxml,
  stdlib, django-orm): mostly gained MISSING-tainted annotations where
  the new dataflow no longer reaches sinks. Some are real taint
  regressions; left as documented failures for follow-up.

- Exception-handler tests (CWE-209-StackTraceExposure, EmptyExcept,
  CatchingBaseException, IncorrectExceptOrder, FileNotAlwaysClosed,
  FindSubclass/Find, Statements/exit/UseOfExit): the no-raise shared CFG
  abstraction does not emit ExceptionSuccessor abrupt-completion edges
  from arbitrary expressions, so except-handler bodies (and their
  exception target Names) are statically dead. Tracked separately under
  cfg-modelling-exceptions.

- Dataflow-path / control-flow node toString polish across the security
  query suite (PathInjection, CodeInjection, UnsafeUnpacking,
  UnsafeUsageOfClientSideEncryptionVersion, RequestWithoutValidation,
  ReflectedXss, CallGraph): simple-leaf nodes now stringify as their
  AST text instead of 'After X'.

- SSA / call-graph improvements (CmpTest, CallGraph/InlineCallGraphTest):
  fewer SSA mismatches between new and old; two previously-MISSING tt=
  annotations resolved.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-05-28 21:09:49 +00:00

CONSISTENCY

Python: Update all .expected files

2024-04-22 12:00:09 +00:00

testapp

python: Inline expectation should have space after $

2026-03-04 12:45:05 +00:00

testproj

Python: ORM: Add raw python test files

2022-02-28 16:38:40 +01:00

.gitignore

Python: ORM: Add raw python test files

2022-02-28 16:38:40 +01:00

dummy_import.py

Python: ORM: Add raw python test files

2022-02-28 16:38:40 +01:00

manage.py

Python: ORM: Add boilerplate django project

2022-02-28 16:38:40 +01:00

NormalDataflowTest.expected

Python: rebless second round after shared-CFG dataflow migration

2026-05-28 21:09:49 +00:00

NormalDataflowTest.ql

Python: Update all test util paths to point to the new location.

2024-12-12 13:54:30 +01:00

pytest.ini

Python: ORM: Add raw python test files

2022-02-28 16:38:40 +01:00

README.md

Python: Apply suggestions from code review

2022-03-16 10:43:20 +01:00

ReflectedXss.expected

Python: rebless second round after shared-CFG dataflow migration

2026-05-28 21:09:49 +00:00

ReflectedXss.qlref

Python: ORM: Add qltests

2022-02-28 16:38:40 +01:00

README.md

The interesting ORM tests files can be found under testapp/orm_*.py. These are set up to be executed by the testapp/tests.py file.

List of interesting tests files (that might go out of date if it is forgotten 😳):

testapp/orm_tests.py: which tests flow from source to sink
testapp/orm_form_test.py: shows how forms can be used to save Models to the DB
testapp/orm_security_tests.py: which highlights some interesting interactions with security queries
testapp/orm_inheritance.py: which highlights how inheritance of ORM models works

Setup

pip install django pytest pytest-django django-polymorphic

Run server

python manage.py makemigrations && python manage.py migrate && python manage.py runserver

Run tests

pytest