hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

9240 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
b505778bc8 Python: remove non-local steps 2023-12-16 01:03:27 +01:00
Rasmus Lerchedahl Petersen
661ba1ca7b Python: move restriction into branch predicate 
Otherwise we get loads of nodes with missing locations
from the brnach nodes that are not matched.
 2023-12-16 00:33:11 +01:00
Rasmus Lerchedahl Petersen
5de1725648 Python: update class name 2023-12-15 23:50:29 +01:00
Rasmus Lerchedahl Petersen
4a1fcde649 Python: abandon synthetic node 
for `CapturingClosureArgumentNode`.

Unless we define it for every single `CallNode`, we need a more
sophisticated mutual recursion with the call graph construction.
There is built-in support for that, but we are currently not using it.
 2023-12-15 23:42:29 +01:00
Rasmus Lerchedahl Petersen
e36b079e0f Python: fix compilation error 
introduced by bad merge
 2023-12-15 21:27:22 +01:00
Rasmus Lerchedahl Petersen
416ba6a709 Python: use updated API 2023-12-15 21:26:05 +01:00
Rasmus Lerchedahl Petersen
1ee11ae7af Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-basic 2023-12-15 14:31:57 +01:00
Rasmus Lerchedahl Petersen
8601105988 Python: Address TODO comment 2023-12-15 14:03:38 +01:00
Rasmus Lerchedahl Petersen
e1bf2821d9 Python: split variable capture instantiation out 
into its own file.
 2023-12-15 13:59:52 +01:00
Rasmus Lerchedahl Petersen
f668453d01 Python: move things around 2023-12-15 13:48:50 +01:00
Rasmus Lerchedahl Petersen
739b839628 Python: use updated names 2023-12-15 13:48:28 +01:00
yoff
b07316f4ae Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 13:41:04 +01:00
Rasmus Lerchedahl Petersen
a311582285 Python: Bring back (now simplified) exclusion 2023-12-15 13:28:16 +01:00
yoff
4b89a412c6 Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 12:59:01 +01:00
Rasmus Lerchedahl Petersen
d3b237bf7e Python: rename synthetic lambda nodes 2023-12-15 12:55:26 +01:00
Anders Schack-Mulligen
1ea1130271 Merge pull request #15062 from aschackmull/dataflow/deprecate-flowstatestring 
Dataflow: Deprecate FlowStateString.
 2023-12-15 11:59:04 +01:00
Rasmus Lerchedahl Petersen
5b6ea15028 Python: remove unneeded consistency exclusion 2023-12-15 11:09:37 +01:00
Rasmus Lerchedahl Petersen
bfdcae4538 Python : P -> PY 2023-12-15 10:43:02 +01:00
Rasmus Lerchedahl Petersen
262d43abcf Python: Make compile and add comment 2023-12-15 10:28:51 +01:00
Rasmus Lerchedahl Petersen
2051ba3395 Python: hide synthesized capture nodes 2023-12-15 10:26:56 +01:00
Rasmus Lerchedahl Petersen
f96c52ed3b Python: make compile again 
also improve comment
 2023-12-15 10:25:49 +01:00
yoff
c395d2d957 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 09:58:27 +01:00
Rasmus Lerchedahl Petersen
abd544d96c Python: consistency failure gone 2023-12-15 00:38:58 +01:00
Rasmus Lerchedahl Petersen
b6123de518 Python: simplify assignments to captured variables 2023-12-15 00:34:52 +01:00
Rasmus Wriedt Larsen
2a98a7e615 Python: Delete old copy of DataFlowImplConsistency.qll 
We forgot to delete that file in https://github.com/github/codeql/pull/8457
 2023-12-14 18:18:25 +01:00
Anders Schack-Mulligen
8ef4821f63 Python: Remove references to FlowStateString. 2023-12-14 15:05:33 +01:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Rasmus Wriedt Larsen
36b635fb70 Python: Remove @tags meta from internal debug queries 
These queries were great when evaluating coverage of the new call-graph compared with the old.

However, they are not useful to run as part of our DCA experiments.
 2023-12-14 14:39:32 +01:00
Tom Hvitved
6fc9e6193a Add change note 2023-12-14 13:25:21 +01:00
Tom Hvitved
84aa9f17a0 Python/Ruby: Use SummaryTypeTracker from typetracking pack 2023-12-14 13:25:18 +01:00
Tom Hvitved
3b1146bf98 Python: Adopt shared type tracking library 2023-12-14 13:22:44 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Rasmus Lerchedahl Petersen
0b6d47b8bc Python: update to new API 
update is in a comment, so compilation
never failed in CI.
 2023-12-14 11:56:05 +01:00
Rasmus Lerchedahl Petersen
2a5736e73d Python: add consistency exception 
this must have been lost in my
clean-up rebase.
 2023-12-14 11:50:09 +01:00
Rasmus Lerchedahl Petersen
479d81fb75 Python: fix nonlocal captured variables 
This depends on the extractor fix
 2023-12-14 10:37:27 +01:00
Rasmus Lerchedahl Petersen
38e03216f6 Python: allow CaptureArgumentNodes as multiple arguemnts 
These are the labmda self references. This is similar to
how `BlockParameterArgumentNode` is excluded for Ruby.

It is important that we restrict `call` in this logic.
Otherwise, we get a cartesian product and the consistency
check runs for a very long time...
 2023-12-14 10:32:29 +01:00
Rasmus Lerchedahl Petersen
f32d5e422d Python: typo 2023-12-14 10:28:26 +01:00
Rasmus Lerchedahl Petersen
efcdb3e67e Python: filter local flow from a node to itself 2023-12-14 10:28:26 +01:00
Rasmus Lerchedahl Petersen
5471c92e9f Python: exclusion for summary nodes 
as in Ruby
 2023-12-14 10:28:26 +01:00
Rasmus Lerchedahl Petersen
061fd014a6 Python: further restrict LibraryLambdaMethod 
On the small test project, this reduces the number
of instances from 285 to 22.
 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
453ab9ca7b Python: restrict LibraryLambdaMethod 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
17a0029585 Python: support callbacks to library calls 
TODO:
The member predicate `LibraryLambdaMethod::getACall` is
currently too permissive.
Ideally, we would have `libraryCallHasLambdaArg`
as in Ruby. But even a more precise
`libraryCall` predicate might be fine.
 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
7565873e83 Python: test callbacks to library calls 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
797deebcdd Python: exclude CaptureNodes 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
b513871b9b Python: add consistency exclusions 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
c054ba6a97 python: instantiate module for variable capture 
This provides variable capture in standard situations:
- nested functions
- lambdas
There are some deficiencies:
- we do not yet handle objects capturing variables.
- we do not handle variables captured via the `nonlocal` keyword.
  This should be solved at the AST level, though, and then it
  should "just work".

There are still inconsistencies in the case where
a `SynthesizedCaptureNode` has a comprehensions
as its enclosing callable. In this case,
`TFunction(cn.getEnclosingCallable())` is not
defined and so getEnclosingCallable does not exist
for the `CaptureNode`.
 2023-12-14 10:25:39 +01:00
Rasmus Lerchedahl Petersen
6db55cd12f Python: add missing annotation 2023-12-14 10:20:49 +01:00
fossilet
1cc2f073c4 Fix typo in qll. 2023-12-14 16:05:14 +08:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
yoff
a39eb5efc9 Merge pull request #15051 from yoff/python/slightly-improve-tarslip 
Python: slightly improve tarslip logic
 2023-12-12 14:43:43 +01:00