hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

8972 Commits

Author SHA1 Message Date
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Jeroen Ketema
10592bb1c4 Merge pull request #18192 from jketema/inline-rm 
Remove deprecated `InlineExpectationsTest` class-based API
 2024-12-04 11:34:39 +01:00
Anders Schack-Mulligen
8a5fc97b06 Python: Remove deprecated configuration classes referencing deleted api. 2024-12-03 20:08:45 +01:00
Anders Schack-Mulligen
cca27e4c77 Add change notes for all languages. 2024-12-03 19:42:33 +01:00
Jeroen Ketema
c3ea883b11 Python: Update expected test results 2024-12-03 19:18:57 +01:00
Anders Schack-Mulligen
acc260cc3c Python: Delete deprecated data flow api. 2024-12-03 14:41:49 +01:00
Taus
d779ae5c3e Python: Add change note for CFG pruning fix 
... And also bump the extractor version.
 2024-11-26 15:39:15 +00:00
Taus
2734377e5d Python: Add API graph support for parameter annotations 
Adds API graph support for observing that in
```python
def foo(x : Bar): ...
```
The variable `x` is likely to be an instance of the type `Bar` inside
this function.
In particular, we add `getInstanceFromAnnotation` as a predicate on API
graph nodes that tracks this step (corresponding to a new edge type
labeled with "annotation" in the API graph), and extend the existing
`getAnInstance` predicate to also include instances arising from type
annotations.

A more complete solution would also add support for annotated
assignments (`x : Foo = ...` or just `x : Foo`) as well as track types
through type aliases (`type Foo = Bar`). This turns out to be
non-trivial, however, as these type constructs don't have any CFG nodes
(and so no data-flow nodes by default either). In order to not have
perfect be the enemy of good, this commit is only targeting the type
parameter case (which is also likely to be the most common use case
anyway).

The tests for API graphs have been extended accordingly, including tests
for the kinds of type ascriptions that we _don't_ currently model in API
graphs (marked with `MISSING:` in the inline tests).
 2024-11-26 13:03:06 +00:00
yoff
44c94e02fe Merge pull request #18037 from joefarebrother/pythob-test-global-capture 
Python: Add some test cases for flow involving global and captured variables
 2024-11-22 11:33:31 +01:00
Alexander Eyers-Taylor
c0474c4e45 Revert "Revert "Post-release preparation for codeql-cli-2.19.4"" 2024-11-21 15:37:52 +00:00
Alexander Eyers-Taylor
4effe9e364 Revert "Post-release preparation for codeql-cli-2.19.4" 2024-11-21 14:43:15 +00:00
Joe Farebrother
52cd7f2c5c Add 2 more cases 2024-11-20 11:22:42 +00:00
Joe Farebrother
9b4b01a442 Fix typo 2024-11-20 10:59:27 +00:00
github-actions[bot]
3909df75dc Post-release preparation for codeql-cli-2.19.4 2024-11-19 17:54:03 +00:00
Joe Farebrother
a398f707fe Add some test cases for flow involving global variables and captured variables 2024-11-19 16:34:59 +00:00
github-actions[bot]
9783a11565 Release preparation for version 2.19.4 2024-11-19 16:21:37 +00:00
yoff
d4ec8f650a Merge pull request #18030 from github/tausbn/python-fix-match-literal-pruning 
Python: Fix pruning of literals in `match` pattern
 2024-11-19 17:16:22 +01:00
yoff
22287be5d1 Merge pull request #17370 from Kwstubbs/Bottle/Tornado-HeaderSupport 
Python: Bottle Framework Support
 2024-11-19 15:34:26 +01:00
Taus
e2530cf14f Python: Update expected test output 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-11-19 14:10:50 +00:00
Paolo Tranquilli
147d66b587 Merge branch 'main' into redsun82/python-match-fps 2024-11-07 09:46:32 +01:00
github-actions[bot]
f107d16b4e Post-release preparation for codeql-cli-2.19.3 2024-11-04 17:20:08 +00:00
github-actions[bot]
cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
yoff
cec0544ca5 Merge pull request #17789 from aschackmull/python/resolvecall-refactor 
Python: Refactor references to NormalCall.
 2024-11-01 14:20:34 +01:00
Tom Hvitved
2b37c6cd32 Merge pull request #17548 from hvitved/shared/inline-test-post-process 
Shared: Post-processing query for inline test expectations
 2024-10-31 11:40:11 +01:00
Anders Schack-Mulligen
b556590ef8 Merge pull request #17663 from aschackmull/dataflow/speculative-flow 
Dataflow: Add support for speculative taint flow.
 2024-10-31 08:12:43 +01:00
Kevin Stubbings
ac411f1254 Second round feedback 2024-10-30 13:52:38 -07:00
Chris Smowton
5f31adc1f4 Update InsecureCookie.qhelp 
Gratuitous commit to nudge CI
 2024-10-30 09:34:49 +00:00
Charmander
a97998811a Fix typo and grammar in InsecureCookie.qhelp 2024-10-30 07:29:20 +00:00
Kevin Stubbings
0483b8004c Feedback 2024-10-29 15:45:11 -07:00
Anders Schack-Mulligen
8b5756526c Update python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-29 13:57:27 +01:00
Tom Hvitved
e5f2bbb6ec Python: Post-processing query for inline test expectations 2024-10-29 13:35:37 +01:00
yoff
7338eafbd4 Merge pull request #16812 from porcupineyhairs/pyloadSsl 
Python: Pycurl SSL Disabled
 2024-10-25 16:23:25 +02:00
Tom Hvitved
7c4d5981dd Shared: Add missing spaces in inline test expectation output 2024-10-25 13:23:03 +02:00
yoff
c78aeec2ec Update python/ql/lib/semmle/python/frameworks/Pycurl.qll 2024-10-24 11:44:16 +02:00
Porcupiney Hairs
c7610b3539 Include change-note 2024-10-21 20:14:58 +05:30
Porcupiney Hairs
c93f0ed851 Include change-note 2024-10-21 20:12:46 +05:30
Porcupiney Hairs
c74f6f587f Merge branch 'main' into pyloadSsl 2024-10-21 20:09:05 +05:30
Porcupiney Hairs
f6369a6ed7 Include changes from review 2024-10-21 20:01:44 +05:30
Porcupiney Hairs
7ef2d79b3f Include changes from review 2024-10-21 03:28:19 +05:30
Arthur Baars
08af7d0007 Merge pull request #17810 from github/post-release-prep/codeql-cli-2.19.2 
Post-release preparation for codeql-cli-2.19.2
 2024-10-18 18:28:07 +02:00
github-actions[bot]
272f6c2541 Post-release preparation for codeql-cli-2.19.2 2024-10-18 15:56:02 +00:00
Arthur Baars
aaf220d41e Fix typos in changelogs 2024-10-18 15:28:05 +00:00
github-actions[bot]
ca0345324e Release preparation for version 2.19.2 2024-10-18 15:16:21 +00:00
Arthur Baars
eb515f884b Revert "Release preparation for version 2.19.2" 2024-10-18 17:06:20 +02:00
Rasmus Lerchedahl Petersen
30e5a12230 Python: udate expectations 2024-10-18 15:14:51 +02:00
Rasmus Lerchedahl Petersen
30053da70d Python: extra modelling of stdlib 
as a reaction to the latest QA run
 2024-10-18 13:49:33 +02:00
yoff
e46722f3be Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll 2024-10-17 17:23:00 +02:00
Anders Schack-Mulligen
4153a83a4f Python: Add workaround. 2024-10-16 16:14:51 +02:00