hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

2856 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Tom Hvitved
40e77a0c67 Merge pull request #10415 from hvitved/code-block-fix 
Change two ```codeql to ```ql
 2022-09-14 15:07:55 +02:00
Tom Hvitved
4ea1c0050b Change two ``codeql to ``ql 2022-09-14 13:53:34 +02:00
Rasmus Lerchedahl Petersen
33b508d6e6 Python: undo change to --max-import-depth 
This is not necessary as long as `LibraryCall` only
includes unresolved calls.
 2022-09-14 12:52:27 +02:00
Rasmus Lerchedahl Petersen
f83158ff8b Python: do not stake out too much territory 2022-09-14 10:28:11 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
erik-krogh
03a325ca31 autoformat 2022-09-13 10:06:35 +02:00
Rasmus Lerchedahl Petersen
03c243175b Python: fix QL alerts 2022-09-12 23:53:42 +02:00
Rasmus Lerchedahl Petersen
2e9c60de6c Python: remove ressurected file 2022-09-12 23:38:44 +02:00
Rasmus Lerchedahl Petersen
bf16e220a0 Python: adjust expectations 2022-09-12 22:43:03 +02:00
Rasmus Lerchedahl Petersen
e3280c8a3e Python: handle TODO 
although this is not actually tested,
so we may have to adjust once we use it.
But the _very_ generic implementation is modeled on the Ruby code.
 2022-09-12 21:03:56 +02:00
Rasmus Lerchedahl Petersen
78d4dc3123 Python: sync files 2022-09-12 21:01:57 +02:00
Rasmus Lerchedahl Petersen
203481ad3e Python: rearrange to minimize diff 
also fix typo
 2022-09-12 20:07:32 +02:00
Rasmus Lerchedahl Petersen
efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
Rasmus Wriedt Larsen
41ce1c2016 Python: getStarArg gives first *args argument 
I couldn't see any reason that we should give up altogether if there are
multiple `*args` arguments. Including the first one looks like a win to
me!
 2022-09-12 17:02:31 +02:00
erik-krogh
05ef76cbca add change-note 2022-09-12 15:41:28 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Lerchedahl Petersen
0f95992b2f Python: remove NonLibraryDataFlowCallable 
this required managing parameters and their pre-update nodes a bit
 2022-09-12 15:17:29 +02:00
Rasmus Wriedt Larsen
4296ac1ac0 Python: Allow CallNode.getArgByName for keyword args after **kwargs 2022-09-12 15:03:13 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
erik-krogh
80158f8035 fix some python uses of renamed features 2022-09-12 12:08:30 +02:00
Erik Krogh Kristensen
c9ea10b1ef revise some Python names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-12 12:00:57 +02:00
Rasmus Lerchedahl Petersen
fa2da2f3ec Python: remove NonLibraryNormalCall 
it is not necessary to distinguish these calls,
so we remove the class from the hierarchy.
 2022-09-11 22:25:29 +02:00
Rasmus Lerchedahl Petersen
895f5480c2 Python: Added recursion guard 
to ensure that the call graph seen by type tracking
does not include summary calls resolved by type tracking.

(I tried inserting a similar test into the Ruby codebase,
 and it still compiled)

To get this to compile, I had to move the resolution of summary calls
out of the data flow nodes and into the `viableCallable` predicate.
This means that we now have a potential summary call for each
cfg call node. (I tried using the base class, `DataFlowCall`, for this
but calls to `map` got identified as class calls and would no longer
be associated with a summary.)

It is possible that the "NonLIbrary"-layers the were inserted into the
hierarchy can be removed again.
 2022-09-09 22:47:47 +02:00
Rasmus Wriedt Larsen
89a331f186 Merge pull request #10359 from tausbn/python-clean-up-import-resolution 
Python: Clean up module resolution
 2022-09-09 15:09:43 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Taus
5ce60d028d Python: Remove ImportStar import. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-08 22:01:58 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Taus
366c574308 Python: Move import logic into its own module 2022-09-08 14:52:08 +00:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00
Rasmus Lerchedahl Petersen
1649ec7cd7 Python: Describe current naming scheme 
In the hope that this will enable a better one.
It looks like
- type tracking should currently be mutually recursive with data flow
  (this needs investigation)
- type tracking already supports special methods
  (we should probably have a test for this)
 2022-09-07 12:18:42 +02:00
Rasmus Lerchedahl Petersen
565378031d Python: remember to import the new framework 
I think it should perhaps not be mentioned in `frameworks.rst`
 2022-09-07 10:24:58 +02:00
erik-krogh
283c711de9 deprecate unused predicate inside the essa module 2022-09-07 07:40:04 +02:00
erik-krogh
1cbf28358c deprecate unused code inside the points-to library 2022-09-07 07:39:16 +02:00
erik-krogh
46b7aa92ae deprecate predicates in protocols.qll that were only retained for backwards compatibility 2022-09-07 07:37:51 +02:00
Rasmus Lerchedahl Petersen
b2fbbc6ac5 Python: add a flow summary 
we could consider adding non-value-preserving flow from input to output
 2022-09-06 21:29:58 +02:00
Rasmus Lerchedahl Petersen
744fbf0c1b Python: qldoc for inject 2022-09-06 17:46:14 +02:00
Rasmus Lerchedahl Petersen
67710eaed7 Python: Comment to highlight convention 2022-09-06 17:43:34 +02:00
Rasmus Lerchedahl Petersen
a496d10126 Python: qldoc to highlight source code aspect 2022-09-06 17:39:20 +02:00
Rasmus Lerchedahl Petersen
e7400e90e5 Python: add qldoc 2022-09-06 17:29:27 +02:00
Rasmus Lerchedahl Petersen
4cd41c24c7 Python: remove comments and start design document 2022-09-06 17:23:40 +02:00
Rasmus Lerchedahl Petersen
67c3a9b2f4 Python: resolve library calls in the CFG 
rather than in the AST
 2022-09-06 17:00:28 +02:00
Asger F
95c60858d4 Export as DataFlow instead of DF 2022-09-06 15:02:48 +02:00
Rasmus Lerchedahl Petersen
e5f087518e Python: stay in control flow layer 2022-09-06 14:16:48 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00