hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

3934 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
89a13213e2 Python: Accept changes in Python 2 specific tests 
Due to internal PR#35123 we now actually run the tests under
`python/ql/test/2/...`

Since we haven't done this in a while, test output has changed a bit. These
changes look perfectly fine.
 2019-11-08 13:48:14 +01:00
Taus
e9336fe30e Merge pull request #2129 from RasmusWL/python-update-django 
Python: update django support
 2019-11-05 20:51:55 +01:00
Rasmus Wriedt Larsen
ca22ec6104 Merge pull request #2042 from tausbn/python-fix-unused-import-fps 
Python: Fix false positives in `py/unused-import`.
 2019-11-04 14:47:30 +01:00
Taus Brock-Nannestad
5e62da7690 Python: Do not report unreachable "catch-all" cases in elif-chains. 
This was brought up on the LGTM.com forums here:
https://discuss.lgtm.com/t/warn-when-always-failing-assert-is-reachable-rather-than-unreachable/2436

Essentially, in a complex chain of `elif` statements, like

```python
if x < 0:
    ...
elif x >= 0:
    ...
else:
    ...
```

the `else` clause is redundant, since the preceding conditions completely
exhaust the possible values for `x` (assuming `x` is an integer). Rather than
promoting the final `elif` clause to an `else` clause, it is common to instead
raise an explicit exception in the `else` clause. During execution, this
exception will never actually be raised, but its presence indicates that the
preceding conditions are intended to cover all possible cases.

I think it's a fair point. This is a clear instance where the alert, even if it
is technically correct, is not useful for the end user.

Also, I decided to make the exclusion fairly restrictive: it only applies if
the unreachable statement is an `assert False, ...` or `raise ...`, and only
if said statement is the first in the `else` block. Any other statements will
still be reported.
 2019-10-29 15:30:32 +01:00
Rasmus Wriedt Larsen
fc851b46c3 Python: Fix Django class-based views 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
fb864b7262 Python: Consolidate tests for django 
The tests in 3/ was not Python 3 specific anymore
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
471318369b Python: Don't quote %s in django example 
This is vulnerable to SQL injection because of the quotes around %s -- added
some code that highlights this in test.py

Since our examples did this in the safe query, I ended up rewriting them
completely, causing a lot of trouble for myself :D
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
afe7a0536c Python: Support positional arguments in Django routes 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
f1004b10ba Merge pull request #2147 from tausbn/python-cyclic-import-package-fp 
Python: Fix cyclic import FP relating to packages.
 2019-10-25 11:57:55 +02:00
Rasmus Wriedt Larsen
5b6675aa71 Python: Select location first in tornado Classes test 
so it conforms with the general scheme in tests
 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
2bb933fef0 Python: Modernise tornado library 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
3e3833927b Python: Remove unused getTornadoRequestHandlerMethod 
It was only used in a test, and with the mock, it gives no results anyway.
 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
bc50e90f5b Python: Use mock for tornado tests 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
4248a8418b Python: Move tornado tests from internal repo 2019-10-24 15:01:35 +02:00
Rasmus Wriedt Larsen
2874c54133 Python: Move pyramid tests from internal repo 
Use minimal mock instead of full library
 2019-10-23 16:28:46 +02:00
Rasmus Wriedt Larsen
a98466392d Python: Improve tests and docs for py/iter-returns-non-iterator 2019-10-23 10:46:07 +02:00
Taus Brock-Nannestad
32de65c0c6 Python: Add discussed test case (a false negative). 2019-10-22 15:10:40 +02:00
Taus Brock-Nannestad
83bf54c524 Python: Move false positive (now a true negative) into subfolder. 2019-10-22 15:08:29 +02:00
Taus Brock-Nannestad
b2f7b0921b Python: Add false negative test case. 2019-10-21 14:31:05 +02:00
Taus Brock-Nannestad
99b99ef2b6 Python: Teach py/unreachable-statement about contextlib.suppress. 2019-10-21 14:31:05 +02:00
Taus Brock-Nannestad
70d9d1bd0e Python: Add false positive test case for cyclic import. 2019-10-18 14:03:23 +02:00
Rasmus Wriedt Larsen
bf197b9f20 Add testcase 2019-10-10 15:34:54 +02:00
semmle-qlci
ff5a98b260 Merge pull request #2074 from taus-semmle/python-unreachable-nonlocal 
Approved by RasmusWL
 2019-10-07 15:45:24 +01:00
semmle-qlci
e36e16af48 Merge pull request #2079 from taus-semmle/python-unused-local-nonlocal 
Approved by RasmusWL
 2019-10-07 15:38:21 +01:00
Rasmus Wriedt Larsen
3f45d8614b Merge pull request #2047 from taus-semmle/python-modernise-and-fix-cyclic-import-fp 
Python: modernise and fix cyclic import false positive.
 2019-10-07 14:28:36 +02:00
Taus Brock-Nannestad
5946a4a066 Python: Teach py/unused-local-variable about nonlocal. 2019-10-03 17:56:29 +02:00
AlexTereshenkov
3e6f8fb6be Add bind-socket-all-network-interfaces Python query (#2048) 
Add bind-socket-all-network-interfaces Python query
 2019-10-03 11:23:11 +01:00
Taus Brock-Nannestad
384013e0dc Python: Add tests for reachability when using nonlocal. 2019-10-02 17:13:00 +02:00
Taus
fb20cab4c8 Merge pull request #2012 from RasmusWL/python-modernise-cls-self-checks 
Python: modernise cls self argument name checks
 2019-09-30 15:50:32 +02:00
Taus
04f14f1fe7 Merge pull request #2040 from RasmusWL/python-modernise-cherrypy 
Python: Modernise cherrypy library
 2019-09-30 11:53:59 +02:00
Taus Brock-Nannestad
aa16d20d5a Python: Fix false positive for cyclic imports guarded by if False:. 2019-09-27 15:22:12 +02:00
Taus Brock-Nannestad
25985e901b Python: Remove a few false positives from py/unused-import. 2019-09-27 11:46:59 +02:00
Rasmus Wriedt Larsen
ff28b3f1b4 Python: Modernise cherrypy library 2019-09-27 11:23:33 +02:00
Rasmus Wriedt Larsen
457794e030 Python: Consistenly use parameter instead of argument in docs 
The Python 3 FAQ states that this is the right thing [0]

It sadly doesn't align 100% with PEP8, which calls them for "arguments" [1], but
after discussion with Taus, we decided to go with "parameter" everywhere to be
consistent.

[0] https://docs.python.org/3/faq/programming.html#faq-argument-vs-parameter
[1] https://www.python.org/dev/peps/pep-0008/#function-and-method-arguments
 2019-09-26 16:31:09 +02:00
Rasmus Wriedt Larsen
12c49031e8 Python: Modernise bottle library 2019-09-26 15:03:47 +02:00
Rasmus Wriedt Larsen
546405a379 Python: Add more tests for cls/self argument names 2019-09-26 13:25:14 +02:00
Rasmus Wriedt Larsen
a81bf720f5 Python: Modernise the py/not-named-self query. 2019-09-26 13:25:14 +02:00
Rasmus Wriedt Larsen
c6d9eb9254 Python: Move more tests for argument names into own file 
Plus fixup of expected output from unrelated tests
 2019-09-26 13:25:14 +02:00
Taus
594a50e066 Merge pull request #1955 from RasmusWL/python-modernise-explicit-return-in-init 
Python: Modernise the `py/explicit-return-in-init` query.
 2019-09-24 16:23:37 +02:00
Taus Brock-Nannestad
e1012d8d5a Python: Add __aiter__ as a recognised iterator method. 2019-09-23 12:26:16 +02:00
Rasmus Wriedt Larsen
d273974045 Python: Don't flag return procedure_call() in __init__ as error 
This commit fixes the results for
0d8a429b7e/files/mayaTools/cgm/lib/classes/AttrFactory.py (L90)

```
def __init__(...):
    if error_case:
        return guiFactory.warning(...)
```

that was wrongly reporting _Explicit return in __init__ method._ as an error.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
6e50a0ef84 Python: Modernise the py/explicit-return-in-init query. 
Add explicit test case to show that we don't doulbe report this problem.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
3c33e863ad Python: split tests for Functions into more files 
Makes it easier to see what the testcases are relevant for what queries.
 2019-09-19 11:54:28 +02:00
Rebecca Valentine
f503e042fc Merge pull request #1877 from taus-semmle/python-modernise-non-iterator-query 
Python: Modernise the `py/non-iterable-in-for-loop` query.
 2019-09-12 11:14:40 -07:00
Taus Brock-Nannestad
1013fb7b25 Update .expected file for Python 3 tests. 2019-09-11 14:13:05 +02:00
Rebecca Valentine
9eebe00b33 Merge pull request #1869 from taus-semmle/python-fix-typehint-divergence 
Python: Prevent divergence in type-hint analysis. (ODASA-8075)
 2019-09-06 14:33:20 -07:00
Taus Brock-Nannestad
8882f1410a Add test cases for nested subscripts. 2019-09-06 12:01:18 +02:00
Taus Brock-Nannestad
2d45c23d19 Comment out diverging example for now. 
Otherwise it'll keep timing out until the fix has been pushed to LGTM.com
 2019-09-05 13:18:01 +02:00
Taus Brock-Nannestad
d336140c19 Python: Modernise the py/non-iterable-in-for-loop query. 
Also adds a small test case exhibiting the same false positive seen in
ODASA-8042.
 2019-09-05 12:24:51 +02:00
Taus Brock-Nannestad
4440e02fa5 Add test case for divergence. 2019-09-04 13:23:06 +02:00