Merge branch 'master' of github.com:github/codeql into SharedDataflow_ParameterTests

2026-05-01 03:35:13 +02:00 · 2020-08-14 14:27:57 +02:00
parent 3f2fcbf0ae e9a36b2524
commit 2817602a97
62 changed files with 2494 additions and 1379 deletions
--- a/python/ql/test/experimental/dataflow/coverage/classes.py
+++ b/python/ql/test/experimental/dataflow/coverage/classes.py
@@ -1,5 +1,5 @@
 # User-defined methods, both instance methods and class methods, can be called in many non-standard ways
-# i.e. differently from simply `c.f()` or `C.f()`. For example, a user-defined `__await__` function on a
+# i.e. differently from simply `c.f()` or `C.f()`. For example, a user-defined `__await__` method on a
 # class `C` will be called by the syntactic construct `await c` when `c` is an instance of `C`.
 #
 # These tests should cover all the class calls that we hope to support.
@@ -1275,7 +1275,9 @@ def test_index():
  with_index = With_index()
  operator.index(with_index)

-# make With_index subscriptable to test slicing
+def test_index_slicing():
+  with_index = With_index()
+  [0][with_index:1]

 def test_index_bin():
  with_index = With_index()
--- a/python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql
+++ b/python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql
@@ -31,5 +31,6 @@ where
  sink.getLocation().getFile().getBaseName() = "classes.py" and
  exists(CallGraphConfig cfg | cfg.hasFlow(source, sink))
 select source, sink
-// Rewrite this to just have 1-step paths?
-// Split into two queries, one for calls and one for returns?
+// Ideally, we would just have 1-step paths either from argument to parameter
+// or from return to call. This gives a bit more, so should be rewritten.
+// We should also consider splitting this into two, one for each direction.
--- a/python/ql/test/experimental/dataflow/coverage/datamodel.py
+++ b/python/ql/test/experimental/dataflow/coverage/datamodel.py
@@ -1,5 +1,5 @@
 # User-defined methods, both instance methods and class methods, can be called in many non-standard ways
-# i.e. differently from simply `c.f()` or `C.f()`. For example, a user-defined `__await__` function on a
+# i.e. differently from simply `c.f()` or `C.f()`. For example, a user-defined `__await__` method on a
 # class `C` will be called by the syntactic construct `await c` when `c` is an instance of `C`.
 #
 # These tests are based on the first part of https://docs.python.org/3/reference/datamodel.html.
--- a/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected
+++ b/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected
@@ -1,2 +1,3 @@
 | imports_test.py:21:1:21:20 | from module import * | Using 'from ... import *' pollutes the namespace |
 | imports_test.py:22:1:22:32 | from module_without_all import * | Using 'from ... import *' pollutes the namespace |
+| imports_test.py:65:1:65:40 | from module_that_does_not_exist import * | Using 'from ... import *' pollutes the namespace |
--- a/python/ql/test/query-tests/Imports/general/imports_test.py
+++ b/python/ql/test/query-tests/Imports/general/imports_test.py
@@ -61,3 +61,5 @@ import module1 as different
 #Use it
 different

+# FP reported in https://github.com/github/codeql/issues/4003
+from module_that_does_not_exist import *