hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

9183 Commits

Author SHA1 Message Date
Taus
301ebcb12b Python: Extend test cases for "unused global var" query 
Adds two test cases having to do with type annotations. The first one
demonstrates that type annotations (even if they are never executed by
the Python interpreter) count as uses for the purposes of the unused
variable query. The second one demonstrates that this is _not_ the case
if all such uses are inside strings (i.e. forward declarations), as we
do not currently inspect the content of these strings.
 2025-03-04 13:52:31 +00:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Taus
83cdcdbb0b Python: Add change note 2025-02-26 13:53:49 +00:00
Taus
3956a1fea8 Python: Move min/maxParameter methods to Function 
These seem generally useful outside of points-to, and so it might be
better to add them to the `Function` class instead.

I took the liberty of renaming these to say `Arguments` rather than
`Parameters`, as this is more in line with the nomenclature that we're
using elsewhere. (The internal points-to methods retain the old names.)

I'm somewhat ambivalent about the behaviour of `getMaxParameters` on
functions with `*varargs`. The hard-coded `INT_MAX` return value is
somewhat awkward, but the alternative (to only have the predicate
defined when a specific maximum exists) seems like it would potentially
cause a lot of headaches.
 2025-02-26 13:51:12 +00:00
Kevin Stubbings
04476ca5f4 Add more choices to SSRF remediation 2025-02-25 00:16:48 -08:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Joe Farebrother
180e45d66a Merge pull request #18599 from joefarebrother/python-qual-not-named-self-cls 
Python: Modernize py/not-named-self and py/not-named-cls queries
 2025-02-17 08:58:34 +00:00
Joe Farebrother
f46a2a1773 Exclude some decorators 2025-02-12 09:40:45 +00:00
yoff
158430af82 Merge pull request #17765 from yoff/python/test-functional-behaviour 
Python: Add tests for functional-like programming
 2025-02-11 16:28:37 +01:00
Taus
a69e3f5236 Python: Add change note 
Co-authored-by: yoff <yoff@github.com>
 2025-02-11 13:02:09 +00:00
Taus
918c05c538 Python: Don't prune any MatchLiteralPatterns 
Extends the mechanism introduced in
https://github.com/github/codeql/pull/18030
to behave the same for _all_ `MatchLiteralPattern`s, not just the ones
that happen to be the constant `True` or `False`.

Co-authored-by: yoff <yoff@github.com>
 2025-02-11 12:58:52 +00:00
Asger F
eedfa4dbb2 Merge pull request #18341 from asgerf/py/diff-informed 
Python: enable diff-informed data flow queries
 2025-02-11 13:15:44 +01:00
Joe Farebrother
61d5a692fb Refactor metaclass logic a bit, ensure lambdas are excluded 2025-02-07 21:46:30 +00:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Asger F
d3b9d1d89d JS: Partial SSRF does not select the sink location 2025-02-06 11:30:32 +01:00
Asger F
7d6abb4e0a JS: Disable diff-informedness for full SSRF 
Partial SSRF uses its result in a way that prevents diff-informedness
 2025-02-06 11:30:18 +01:00
Asger F
d3ee658399 Python: resolve remaining TODOs 2025-02-06 10:27:56 +01:00
Asger F
975ce064fc Python: implement for polynomial redos 2025-02-06 10:27:45 +01:00
Asger F
15c2ccb880 Python: ignore experimental for now 2025-02-06 10:27:43 +01:00
Asger F
9dfd1cc608 Python: Fixup broken patch 2025-02-06 10:27:21 +01:00
Asger F
e4a1847dad Python: mass enable diff-informed data flow 2025-02-06 10:27:19 +01:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Joe Farebrother
287cf0121d Fix docs 2025-02-04 15:28:13 +00:00
Joe Farebrother
3802a73f47 Update docs 2025-02-04 14:46:02 +00:00
Joe Farebrother
e8adef18a3 Update to inline expectations + fixes 2025-02-04 14:45:59 +00:00
Joe Farebrother
aa2c84ea36 Move tests to separate folder 2025-02-04 14:45:56 +00:00
Joe Farebrother
0bf8d4ec4b Exclude 'methods' used in initialisation, and allow self for metaclass methods 2025-02-04 14:45:52 +00:00
Joe Farebrother
fa76bf3c9f Fix formatting and rewrite redundant exists 2025-02-04 14:45:48 +00:00
Joe Farebrother
526e235fc1 Update NonSelf and NonCls queries 2025-02-04 14:45:44 +00:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
erik-krogh
90b403b40b py: delete the remainder of the deprecated TypeTracker libary 2025-01-27 22:17:18 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
github-actions[bot]
fbb7f0a0c6 Post-release preparation for codeql-cli-2.20.2 2025-01-20 21:11:14 +00:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Joe Farebrother
d248fbfe57 Merge pull request #18301 from joefarebrother/python-model-missing-builtins 
Python: Add models for builtins `map`, `filter`, `zip`, and `enumerate`.
 2025-01-20 16:39:37 +00:00
Paolo Tranquilli
4ab5650979 Python: add some more FP tests around match 2025-01-17 11:01:00 +01:00
Geoffrey White
90faab456d Merge pull request #18473 from geoffw0/sensitive2 
Improve shared sensitive data library handling of snake_case variable names
 2025-01-15 18:02:33 +00:00
Joe Farebrother
344dd2dab5 Qldoc fix 2025-01-15 10:26:37 +00:00
Joe Farebrother
2aea356756 Add change note + fix tests 2025-01-15 10:24:18 +00:00
Joe Farebrother
6a6585e415 Add tests for zip and enumerate 2025-01-15 09:57:15 +00:00
Joe Farebrother
460de3f7d5 Reduce generality of map and zip for performance 2025-01-14 09:39:57 +00:00
Joe Farebrother
4e36008ed9 Add tests 2025-01-14 09:39:56 +00:00
Joe Farebrother
642f9dcbea Model missing builtins 2025-01-14 09:39:54 +00:00
yoff
599411b440 Merge pull request #17787 from yoff/shared/add-location-to-typetracking-nodes 
shared: Add locations to type tracking nodes
 2025-01-13 23:06:09 +01:00