github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 954 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

1125 Коммитов

Автор SHA1 Сообщение Дата
Rasmus Wriedt Larsen b45f8ff41d
Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version 
Python: Make two tests not depend on minor Python version.
 2020-03-13 10:56:40 +01:00
Taus Brock-Nannestad 3d0ee90880 Python: Make two tests not depend on minor Python version. 
For syntax errors, we simply report the major version.

For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
 2020-03-12 18:19:53 +01:00
Taus 099997088a
Merge pull request #3005 from RasmusWL/python-modernise-string-taint 
Python: Modernise StringKind files
 2020-03-12 15:01:18 +01:00
Rasmus Wriedt Larsen e52fec03f8 Python: Fix code formatting 2020-03-11 18:16:55 +01:00
Rebecca Valentine f80e206d33
Merge pull request #3008 from RasmusWL/python-modernise-security-files 
Python: modernise remaining security files
 2020-03-11 08:56:19 -07:00
Rasmus Wriedt Larsen f5a8084a33
Merge pull request #2827 from BekaValentine/objectapi-to-valueapi-expectedmappingforformatstring 
Python: ObjectAPI to ValueAPI: ExpectedMappingForFormatString
 2020-03-11 10:52:48 +01:00
Rasmus Wriedt Larsen 47cd9c8956
Merge pull request #3038 from BekaValentine/python-objectapi-to-valueapi-deprecatedslicemethod 
Python: ObjectAPI to ValueAPI: DeprecatedSliceMethod
 2020-03-11 10:51:01 +01:00
Taus 11b5c54a0e
Merge pull request #2820 from RasmusWL/python-modernise-statements 
Python: modernise Statements/ queries
 2020-03-10 16:46:50 +01:00
Rebecca Valentine b36214ae47 Python: Modernizes query and updates expecteds 2020-03-10 08:33:29 -07:00
semmle-qlci 4c1d76ee9a
Merge pull request #2937 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsforformat 
Approved by tausbn
 2020-03-10 15:04:05 +00:00
Rebecca Valentine 909e064016 Merge branch 'objectapi-to-valueapi-expectedmappingforformatstring' of github.com:BekaValentine/ql into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:54:56 -07:00
Rebecca Valentine 1234cb6e0f Python: Incorporates updates from new master 2020-03-10 07:54:28 -07:00
Rebecca Valentine b7bcf6c3d0 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:51:48 -07:00
Rebecca Valentine c690e2595c
Merge pull request #3007 from RasmusWL/python-remove-use-of-deprecated-getvalue 
Python: Remove usage of deprecated .getValue()
 2020-03-10 07:18:41 -07:00
Taus ea5aa57151
Merge pull request #3031 from BekaValentine/python-objectapi-to-valueapi-signaturespecialmethods 
Python: ObjectAPI to ValueAPI: SignatureSpecialMethods
 2020-03-10 14:54:39 +01:00
Rasmus Wriedt Larsen b1d1974a0f Merge branch 'master' into python-modernise-statements 2020-03-10 14:53:44 +01:00
Taus dd0ce1c607
Merge pull request #2942 from RasmusWL/pyhton-improve-regex-docs 
Python: Add a bit of regex docs
 2020-03-10 14:49:31 +01:00
Rasmus Wriedt Larsen 2382b42bbe Python: Rewrite helper predicate has_string_type 2020-03-10 14:47:49 +01:00
Rasmus Wriedt Larsen f3a10a12a1
Python: Fix typo 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-03-10 14:45:33 +01:00
Rasmus Wriedt Larsen 5439059b0d Python: Minor cleanup in regex.qll 2020-03-10 14:00:30 +01:00
Taus e3160f966f
Merge pull request #2932 from RasmusWL/python-re.compile-missing-points-to 
Python: Add example of re.compile missing points-to
 2020-03-10 11:55:23 +01:00
Rasmus Wriedt Larsen 5e62f54094
Merge pull request #3030 from BekaValentine/python-objectapi-to-valueapi-useimplicitnonereturnvalue 
Python: ObjectAPI to ValueAPI: UseImplicitNoneReturnValue
 2020-03-10 10:38:06 +01:00
Rasmus Wriedt Larsen 1b8154c139
Merge pull request #2925 from BekaValentine/python-objectapi-to-valueapi-callargs 
Python: ObjectAPI to ValueAPI: CallArgs
 2020-03-10 10:26:21 +01:00
Rebecca Valentine 047c328c58
Update python/ql/src/semmle/python/objects/ObjectAPI.qll 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 19:20:08 -07:00
Rebecca Valentine e8708a083f Python: Modernizes query and expecteds 2020-03-09 19:13:54 -07:00
Rebecca Valentine 48e67bca51 Python: Modernizes query 2020-03-09 18:57:42 -07:00
Rebecca Valentine 810efc5ca2
Python: Adds Rasmus's suggestion 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 16:21:34 -07:00
Taus be09c17367
Merge pull request #2990 from BekaValentine/python-objectapi-to-valueapi-raisingtuple 
Python: ObjectAPI to ValueAPI: RaisingTuple
 2020-03-10 00:16:12 +01:00
Taus 96e99f55ad
Merge pull request #2976 from BekaValentine/python-objectapi-to-valueapi-emptyexcept 
Python: ObjectAPI to ValueAPI: EmptyExcept
 2020-03-09 23:56:27 +01:00
Taus b51e2a9e80
Merge pull request #2977 from BekaValentine/python-objectapi-to-valueapi-catchingbaseexception 
Python: ObjectAPI to ValueAPI: CatchingBaseException
 2020-03-09 22:54:50 +01:00
Rasmus Wriedt Larsen a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
Rasmus Wriedt Larsen 31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Rasmus Wriedt Larsen 0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Rebecca Valentine 3e36c672cf Python: Removes superfluous cast 2020-03-06 13:06:11 -08:00
Rebecca Valentine 7b49c8e6f8 Python: Fixes bug in modernization 2020-03-06 12:47:46 -08:00
Rasmus Wriedt Larsen 8b2c74a4dd Python: Modernise remaining Security/*.qll files 2020-03-06 17:30:02 +01:00
Rasmus Wriedt Larsen 14957345a3 Python: Fix formatting of isLegalExceptionType 2020-03-06 17:27:50 +01:00
Rasmus Wriedt Larsen 70634fe30e Python: Remove usage of deprecated .getValue() 2020-03-06 16:20:31 +01:00
Rasmus Wriedt Larsen 2416cac8f4 Python: Modernise StringKind files 2020-03-06 14:45:03 +01:00
semmle-qlci 3ae1aada37
Merge pull request #2995 from tausbn/python-fix-nested-sequence-assign-cp 
Approved by RasmusWL
 2020-03-06 09:43:24 +00:00
Taus Brock-Nannestad 2face94fa5 Python: Mitigate CP in `nested_sequence_assign`. 
The problem here was that in the base case, there was no relationship between
`left_parent` and `right_parent`. These could be any two tuples or lists, even
if they were not part of an assignment statement.

To fix this, we add a bit of manual "magic", requiring that both of these
arguments must belong to the left and right-hand sides of the same assignment
statement.

(Note that this is in principle _still_ a gross overapproximation, but since
assignment statements are usually quite restricted in size, I don't expect this
to be a major problem.)
 2020-03-05 14:09:50 +01:00
Rasmus Wriedt Larsen fb1e993c0f
Merge pull request #2963 from BekaValentine/python-objectapi-to-valueapi-advancedformatting 
Python: ObjectAPI to ValueAPI: AdvancedFormatting
 2020-03-05 13:40:02 +01:00
Rebecca Valentine 646bc29e76 Python: Modernizes query 2020-03-04 17:22:21 -08:00
semmle-qlci c4b961c8af
Merge pull request #2973 from tausbn/python-fix-or-disable-cps 
Approved by BekaValentine
 2020-03-04 10:36:47 +00:00
Rebecca Valentine b33b222db8 Python: Modernizes query 2020-03-03 16:41:52 -08:00
Rebecca Valentine 88daf65854 Python: Removes obsolete predicates 2020-03-03 16:03:27 -08:00
Rebecca Valentine 3bedd5cb58 Python: Adds modernized predicates and moves query over to them 2020-03-03 16:02:25 -08:00
Rebecca Valentine 5fea31eed1 Python: Moves predicates over to suffixed form 2020-03-03 15:55:40 -08:00