hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

2899 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
86bb884f67 Python: better comment 2023-12-18 22:26:46 +01:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Rasmus Lerchedahl Petersen
7324177786 Python: address QL alerts 2023-12-18 22:20:28 +01:00
Rasmus Lerchedahl Petersen
25c83dc70d Python: adjust comment 2023-12-18 22:15:37 +01:00
Rasmus Lerchedahl Petersen
bf1ad23678 Python: add comments 
- on debug predicates
- on JS implementation
 2023-12-18 22:00:13 +01:00
Rasmus Lerchedahl Petersen
c88d686ce4 Python: move SynthCapturePostUpdateNode 
next to `SynthCaptureNode`
 2023-12-18 21:37:52 +01:00
yoff
e0c027f13c Merge pull request #14848 from hvitved/python/shared-type-tracking 
Python: Adopt shared type tracking library
 2023-12-18 21:14:42 +01:00
Tom Hvitved
a776132a10 Python: Deprecate more predicates 2023-12-18 13:05:17 +01:00
Rasmus Lerchedahl Petersen
b505778bc8 Python: remove non-local steps 2023-12-16 01:03:27 +01:00
Rasmus Lerchedahl Petersen
661ba1ca7b Python: move restriction into branch predicate 
Otherwise we get loads of nodes with missing locations
from the brnach nodes that are not matched.
 2023-12-16 00:33:11 +01:00
Rasmus Lerchedahl Petersen
4a1fcde649 Python: abandon synthetic node 
for `CapturingClosureArgumentNode`.

Unless we define it for every single `CallNode`, we need a more
sophisticated mutual recursion with the call graph construction.
There is built-in support for that, but we are currently not using it.
 2023-12-15 23:42:29 +01:00
Rasmus Lerchedahl Petersen
e36b079e0f Python: fix compilation error 
introduced by bad merge
 2023-12-15 21:27:22 +01:00
Rasmus Lerchedahl Petersen
416ba6a709 Python: use updated API 2023-12-15 21:26:05 +01:00
Rasmus Lerchedahl Petersen
1ee11ae7af Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-basic 2023-12-15 14:31:57 +01:00
Rasmus Lerchedahl Petersen
8601105988 Python: Address TODO comment 2023-12-15 14:03:38 +01:00
Rasmus Lerchedahl Petersen
e1bf2821d9 Python: split variable capture instantiation out 
into its own file.
 2023-12-15 13:59:52 +01:00
Rasmus Lerchedahl Petersen
f668453d01 Python: move things around 2023-12-15 13:48:50 +01:00
Rasmus Lerchedahl Petersen
739b839628 Python: use updated names 2023-12-15 13:48:28 +01:00
yoff
b07316f4ae Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 13:41:04 +01:00
yoff
4b89a412c6 Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 12:59:01 +01:00
Rasmus Lerchedahl Petersen
d3b237bf7e Python: rename synthetic lambda nodes 2023-12-15 12:55:26 +01:00
Anders Schack-Mulligen
1ea1130271 Merge pull request #15062 from aschackmull/dataflow/deprecate-flowstatestring 
Dataflow: Deprecate FlowStateString.
 2023-12-15 11:59:04 +01:00
Rasmus Lerchedahl Petersen
bfdcae4538 Python : P -> PY 2023-12-15 10:43:02 +01:00
Rasmus Lerchedahl Petersen
2051ba3395 Python: hide synthesized capture nodes 2023-12-15 10:26:56 +01:00
Rasmus Lerchedahl Petersen
f96c52ed3b Python: make compile again 
also improve comment
 2023-12-15 10:25:49 +01:00
yoff
c395d2d957 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-15 09:58:27 +01:00
Rasmus Lerchedahl Petersen
b6123de518 Python: simplify assignments to captured variables 2023-12-15 00:34:52 +01:00
Rasmus Wriedt Larsen
2a98a7e615 Python: Delete old copy of DataFlowImplConsistency.qll 
We forgot to delete that file in https://github.com/github/codeql/pull/8457
 2023-12-14 18:18:25 +01:00
Anders Schack-Mulligen
8ef4821f63 Python: Remove references to FlowStateString. 2023-12-14 15:05:33 +01:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved
6fc9e6193a Add change note 2023-12-14 13:25:21 +01:00
Tom Hvitved
84aa9f17a0 Python/Ruby: Use SummaryTypeTracker from typetracking pack 2023-12-14 13:25:18 +01:00
Tom Hvitved
3b1146bf98 Python: Adopt shared type tracking library 2023-12-14 13:22:44 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Rasmus Lerchedahl Petersen
479d81fb75 Python: fix nonlocal captured variables 
This depends on the extractor fix
 2023-12-14 10:37:27 +01:00
Rasmus Lerchedahl Petersen
efcdb3e67e Python: filter local flow from a node to itself 2023-12-14 10:28:26 +01:00
Rasmus Lerchedahl Petersen
061fd014a6 Python: further restrict LibraryLambdaMethod 
On the small test project, this reduces the number
of instances from 285 to 22.
 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
453ab9ca7b Python: restrict LibraryLambdaMethod 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
17a0029585 Python: support callbacks to library calls 
TODO:
The member predicate `LibraryLambdaMethod::getACall` is
currently too permissive.
Ideally, we would have `libraryCallHasLambdaArg`
as in Ruby. But even a more precise
`libraryCall` predicate might be fine.
 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
b513871b9b Python: add consistency exclusions 2023-12-14 10:27:15 +01:00
Rasmus Lerchedahl Petersen
c054ba6a97 python: instantiate module for variable capture 
This provides variable capture in standard situations:
- nested functions
- lambdas
There are some deficiencies:
- we do not yet handle objects capturing variables.
- we do not handle variables captured via the `nonlocal` keyword.
  This should be solved at the AST level, though, and then it
  should "just work".

There are still inconsistencies in the case where
a `SynthesizedCaptureNode` has a comprehensions
as its enclosing callable. In this case,
`TFunction(cn.getEnclosingCallable())` is not
defined and so getEnclosingCallable does not exist
for the `CaptureNode`.
 2023-12-14 10:25:39 +01:00
fossilet
1cc2f073c4 Fix typo in qll. 2023-12-14 16:05:14 +08:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
yoff
a39eb5efc9 Merge pull request #15051 from yoff/python/slightly-improve-tarslip 
Python: slightly improve tarslip logic
 2023-12-12 14:43:43 +01:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Rasmus Wriedt Larsen
419130be21 Merge pull request #15030 from yoff/python/remove-module-entry-definitions 
Python: Remove control flow nodes for module entry definitions from the dataflow graph.
 2023-12-11 11:40:17 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Rasmus Lerchedahl Petersen
d9c0c8c26d Python: Update comment. 2023-12-08 17:32:23 +01:00
Rasmus Lerchedahl Petersen
2539e2ec1a Python: slightly improve tarslip logic 2023-12-08 17:18:25 +01:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00