hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

9277 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
636cf611ae Python: Allow general content in type-tracker 
This should not result in many changes, since store/load steps are still
only implemented for attributes.
 2024-03-14 10:42:37 +01:00
Rasmus Wriedt Larsen
fc8caa66c8 Python: Prepare for general content in type-tracker 
Due to the char-pred of Content, this change should keep exactly the
same behavior as before.
 2024-03-14 10:42:37 +01:00
Rasmus Lerchedahl Petersen
533b63743b Python: test MaD syntax for keyword argument 
use the combined positional/keyword syntax as
that is what we will probably mostly use.
 2024-03-13 15:28:34 +01:00
Tom Hvitved
6c0ed28e6b Python: Implement new data flow interface 2024-03-13 14:41:57 +01:00
yoff
b5c0fbb827 Merge pull request #15776 from RasmusWL/tt-consistency 
Python: Add type-tracking consistency query
 2024-03-13 11:11:07 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Rasmus Wriedt Larsen
800351c7b7 Merge branch 'main' into tt-consistency 2024-03-11 14:12:09 +01:00
yoff
e6e6a4e9c8 Merge pull request #15841 from RasmusWL/missing-use-use2 
Python: Add example of missing use-use flow
 2024-03-11 13:59:57 +01:00
yoff
adbcbefaa9 Merge pull request #15551 from yoff/python/avoid-duplicate-model-inclusions 
python: Remove `TaintStepFromSummary`
 2024-03-11 13:52:20 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Rasmus Wriedt Larsen
4ac8dd72a7 Merge pull request #15855 from yoff/python/add-MaD-test-tuple-output 
Python: Add test for `ReturnValue.TupleElement[n]`
 2024-03-11 12:05:31 +01:00
Rasmus Wriedt Larsen
42acd9c22c Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step 
Python: Add `.copy()` method call as copy step
 2024-03-11 09:43:34 +01:00
Rasmus Lerchedahl Petersen
3601773856 python: support encoding lower bound 2024-03-08 14:59:28 +01:00
Rasmus Wriedt Larsen
adf5a4b1e4 Python: Fix internal consistency failures 2024-03-08 14:13:47 +01:00
Rasmus Wriedt Larsen
87b6592dbc Python: Accept inconsistency for missing use-use flow 
At least until we have a proper fix
 2024-03-08 13:34:26 +01:00
Rasmus Wriedt Larsen
8fe483d9d8 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-08 13:26:01 +01:00
Rasmus Lerchedahl Petersen
6d8d106d91 Python: add test for ReturnValue.TupleElement[n] 2024-03-08 11:18:51 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Taus
5202792163 Merge pull request #15754 from github/tausbn/python-copy-extractor-to-external-repo 
Python: Copy Python extractor to `codeql` repo
 2024-03-07 15:15:28 +01:00
Taus
4b0689b6ba Python: Add warnOnImplicitThis: true to qlpack.yml 2024-03-07 13:59:16 +00:00
Taus
6dec323cfc Python: Copy Python extractor to codeql repo 2024-03-07 13:59:16 +00:00
Rasmus Wriedt Larsen
4dd8f6e618 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-07 14:25:55 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
yoff
00e77a3ddb Merge pull request #15720 from RasmusWL/nosql-precision 
Python: Add precision to NoSQL query
 2024-03-04 14:44:46 +01:00
yoff
569bb991d4 Merge pull request #15775 from RasmusWL/scope-consistency 
Python: Add consistency check for `PhaseDependentFlow`
 2024-03-04 14:43:13 +01:00
Rasmus Wriedt Larsen
fbf6727809 Python: Add change-note 2024-03-04 11:46:38 +01:00
Rasmus Wriedt Larsen
16cb6c2044 Python: Fix validTest expectations 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:41:47 +01:00
Rasmus Wriedt Larsen
85a45b0155 Python: Fix comment 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:40:17 +01:00
Rasmus Wriedt Larsen
d99a763ef7 Python: add change-note 2024-03-01 15:24:33 +01:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Rasmus Wriedt Larsen
30b7fadbb8 Python: Add test 2024-03-01 15:19:56 +01:00
Rasmus Wriedt Larsen
7c60562132 Python: Ignore IterableSequenceNode inconsistencies 2024-03-01 14:22:18 +01:00
Rasmus Wriedt Larsen
7e3e5db3db Python: Add example of consistency failure 2024-03-01 14:21:16 +01:00
Rasmus Wriedt Larsen
bcd5c08ebd Python: Ignore match-related inconsistencies 2024-03-01 14:15:32 +01:00
Rasmus Wriedt Larsen
5d212514c6 Python: Add example of consistency failure 2024-03-01 14:07:08 +01:00
Rasmus Wriedt Larsen
1658a1cb80 Python: Ignore SynthDictSplatArgumentNode failures 2024-03-01 14:00:06 +01:00
Rasmus Wriedt Larsen
bff95c4c1b Python: Add example of consistency failure 2024-03-01 13:58:33 +01:00
Rasmus Wriedt Larsen
ff5f794750 Python: Exclude synth preupdate nodes from tt-consistency 
... and that should be it 👍 (so that's why I'm allowing the tests to
run on all data-flow nodes again)
 2024-03-01 10:27:29 +01:00
Rasmus Wriedt Larsen
bbe8c6dcaa Python: Remove synth postupdate nodes from tt-consistency 2024-03-01 10:23:50 +01:00
Rasmus Wriedt Larsen
9f01ea68f7 Python: Add type-tracking consistency query 
For now I'm only ignoring stdlib nodes, so it's easy for reviewer to see
why we need to have more excludes :)
 2024-03-01 10:19:49 +01:00
Rasmus Wriedt Larsen
d182eae868 Python: Add consistency check for PhaseDependentFlow 
This would have found the problem in
https://github.com/github/codeql/pull/15755.

As highlighted in the comment in the code, it's not a perfect solution
since we don't have an automatic way to ensure we don't introduce a new
PhaseDependentFlow use with a new step relation and forget to add it to
this consistency check... but I think this consistency check still adds
value!
 2024-03-01 10:01:08 +01:00
Rasmus Wriedt Larsen
8079788a5f Python: Add change-note 2024-02-28 16:44:25 +01:00
Rasmus Wriedt Larsen
cdf4dd16f0 Python: Fix module level flow for iterable unpacking 
(and for * patterns in match)

Since `PhaseDependentFlow` uses the following predicate, that relies on
.getScope() to be present for there to be any importTimeFlow (flow at
toplevel scope), it's important that data-flow nodes implement `.getScope`.

```
private predicate isTopLevel(Node node) { node.getScope() instanceof Module }
```

By implementing getScope, we can now rely on default implementation of
`getEnclosingCallable` in DataFlow::Node:

```
  /** Gets the enclosing callable of this node. */
  DataFlowCallable getEnclosingCallable() { result = getCallableScope(this.getScope()) }
```
 2024-02-28 16:39:08 +01:00
Rasmus Wriedt Larsen
e4699e092d Python: Add test for iterable unpacking on module level 
Currently doesn't work :O
 2024-02-28 16:10:29 +01:00