hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

3920 Commits

Author SHA1 Message Date
yoff
c520cb6d58 Merge branch 'main' into python/test-MaD-keyword-argument 2024-03-22 10:56:08 +01:00
Rasmus Lerchedahl Petersen
eef60c9ad2 python: add test for "ReturnValue.TupleElement[0,1]" 
also synchronise files
 2024-03-22 10:54:12 +01:00
yoff
ee411cc53a Merge pull request #15936 from yoff/python/test-conflicting-summaries 
Python: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-03-19 16:56:56 +01:00
yoff
f025430431 Merge pull request #15319 from Sim4n6/main 
[Python] Add Unicode DoS (qhelp, tests and the query)
 2024-03-19 10:00:30 +01:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
Sim4n6
1af8167354 updated the .expected file 2024-03-18 13:26:20 +00:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Rasmus Lerchedahl Petersen
2a0c451d2d python: No fieldFlowBranchLimit for SummarizedCallables 
Like https://github.com/github/codeql/pull/15689 for Ruby.
 2024-03-18 10:29:36 +01:00
Rasmus Lerchedahl Petersen
45c65b48aa python: make it a real package 
so python2 also respects it
 2024-03-18 08:49:31 +01:00
Rasmus Lerchedahl Petersen
cfbc3f73ec Pyhton: add test for conflicting summaries 
We noticed that when
- a function has more than one summary (with different charpred)
- one summary is subsumed by a subpath (or something happens around the function being extracted)
- the function is called multiple times(we needed at least three)
one of the summaries would no longer lead to flow.
 2024-03-15 15:13:39 +01:00
Sim4n6
3acdd3382c Update the expected file 2024-03-15 14:17:23 +01:00
Sim4n6
3d8868a6c3 Add routes for bad_5 and bad_6, and fix routes for good_3 and good_4 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
Rasmus Wriedt Larsen
7eb4419342 Python: Restrict type-tracking content to only be precise 
At least for now :)
 2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen
6babb2ff90 Python: Accept .expected for typetracking-summaries 2024-03-15 10:24:33 +01:00
Rasmus Wriedt Larsen
00f2a6a65e Python: Update ssa-compute test expectations 2024-03-15 10:14:45 +01:00
Rasmus Wriedt Larsen
7a3ee0f5f8 Python: Make IterableSequenceNode LocalSourceNode 
We do this to remove the inconsistencies, and to be ready for a future
where type-tracking support content tracker of depth > 1.

It works because targets of loadSteps needs to be LocalSourceNodes

predicate loadStep(Node nodeFrom, LocalSourceNode nodeTo, Content content) {
 2024-03-14 10:46:29 +01:00
Rasmus Wriedt Larsen
6ffaad1bc8 Python: Expand type-tracking tests with nested tuples 
I was initially surprised to see that this didn't work, until I
remembered that type-tracking only works with content of depth 1.
 2024-03-14 10:44:25 +01:00
Rasmus Wriedt Larsen
7de304bf16 Python: Add proper type-tracking tests for content 
Instead of just relying on the call-graph tests
 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
fa0c4e18fc Python: Expand dict-content tt test even more 
While it might be useful to track content to any lookup, it's not
something we do right now.
 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
4d78762ba8 Python: Ignore consistency failure 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
8a7ffac19c Python: Accept consistency failure 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
92729dbbd6 Python: Support iterable unpacking in type-tracking 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
0cf3fe4a4c Python: Expand dict update tests 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
dac2b57bb0 Python: type-track through dict-updates 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
73fe596753 Python: type-tracking through dictionary construction 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
ece8245a4b Python: type-track through tuple content 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
a95bb7c86b Python: Expand function reference in content test 2024-03-14 10:42:38 +01:00
Rasmus Lerchedahl Petersen
533b63743b Python: test MaD syntax for keyword argument 
use the combined positional/keyword syntax as
that is what we will probably mostly use.
 2024-03-13 15:28:34 +01:00
Rasmus Wriedt Larsen
800351c7b7 Merge branch 'main' into tt-consistency 2024-03-11 14:12:09 +01:00
yoff
e6e6a4e9c8 Merge pull request #15841 from RasmusWL/missing-use-use2 
Python: Add example of missing use-use flow
 2024-03-11 13:59:57 +01:00
Rasmus Wriedt Larsen
4ac8dd72a7 Merge pull request #15855 from yoff/python/add-MaD-test-tuple-output 
Python: Add test for `ReturnValue.TupleElement[n]`
 2024-03-11 12:05:31 +01:00
Rasmus Wriedt Larsen
42acd9c22c Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step 
Python: Add `.copy()` method call as copy step
 2024-03-11 09:43:34 +01:00
Rasmus Wriedt Larsen
87b6592dbc Python: Accept inconsistency for missing use-use flow 
At least until we have a proper fix
 2024-03-08 13:34:26 +01:00
Rasmus Wriedt Larsen
8fe483d9d8 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-08 13:26:01 +01:00
Rasmus Lerchedahl Petersen
6d8d106d91 Python: add test for ReturnValue.TupleElement[n] 2024-03-08 11:18:51 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Rasmus Wriedt Larsen
4dd8f6e618 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-07 14:25:55 +01:00
Rasmus Wriedt Larsen
16cb6c2044 Python: Fix validTest expectations 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:41:47 +01:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Rasmus Wriedt Larsen
30b7fadbb8 Python: Add test 2024-03-01 15:19:56 +01:00
Rasmus Wriedt Larsen
7c60562132 Python: Ignore IterableSequenceNode inconsistencies 2024-03-01 14:22:18 +01:00
Rasmus Wriedt Larsen
7e3e5db3db Python: Add example of consistency failure 2024-03-01 14:21:16 +01:00
Rasmus Wriedt Larsen
bcd5c08ebd Python: Ignore match-related inconsistencies 2024-03-01 14:15:32 +01:00
Rasmus Wriedt Larsen
5d212514c6 Python: Add example of consistency failure 2024-03-01 14:07:08 +01:00
Rasmus Wriedt Larsen
1658a1cb80 Python: Ignore SynthDictSplatArgumentNode failures 2024-03-01 14:00:06 +01:00
Rasmus Wriedt Larsen
bff95c4c1b Python: Add example of consistency failure 2024-03-01 13:58:33 +01:00
Rasmus Wriedt Larsen
ff5f794750 Python: Exclude synth preupdate nodes from tt-consistency 
... and that should be it 👍 (so that's why I'm allowing the tests to
run on all data-flow nodes again)
 2024-03-01 10:27:29 +01:00
Rasmus Wriedt Larsen
bbe8c6dcaa Python: Remove synth postupdate nodes from tt-consistency 2024-03-01 10:23:50 +01:00
Rasmus Wriedt Larsen
9f01ea68f7 Python: Add type-tracking consistency query 
For now I'm only ignoring stdlib nodes, so it's easy for reviewer to see
why we need to have more excludes :)
 2024-03-01 10:19:49 +01:00