hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

3974 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
8de5cfef43 Python: Update dataflow-consistency.expected 
After merging in main
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
c0ad870949 Python: Exclude synthetic generator functions from DataFlowCallable 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
d86f98d60b Python: Accept changes for enclosing-callable test 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
aa382ac042 Python: Add test for strange generator taint flow 
I did check, and this was not a problem with the old call-graph on main!

I'm absolutely baffled!
 2022-11-22 14:46:33 +01:00
Rasmus Wriedt Larsen
6646e98d20 Python: Fix results outside DB for StackTraceExposure 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
972cfa5cf6 Python: Accept bad StackTraceExposure.expected 
This is only Python 2 though
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
a301c93ebf Python: Fix results outside DB for CleartextLogging 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
0a41d8d2c1 Python: Accept bad CleartextLogging.expected 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
39ce50fadc Python: Fix problems with sinks in pathlib 
This must mean that we did not have this flow with the old call-graph,
which means the new call-graph is doing a better job (yay).
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
edcaff26af Python: Add path-injection test using pathlib 
Since it has the same problem of showing sinks inside the extracted
stdlib
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
9d29a0a044 Python: Accept changes to .expected from more pathlib flow 
But we don't want to keep this, this commit is just to show why we need a fix :)
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
df4d09b3f9 Python: Don't rely on all DataFlowCall being resolved 
I've been living dangerously with that assumption :|
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
c4122275dc Python: Bring back support for flow-summaries 
Also needed to fix up `TestUtil/UnresolvedCalls.qll` after a bad merge
conflict resolution. Since all calls are now DataFlowCall, and not JUST
the ones that can be resolved, we need to put in the restriction that
the callable can also be resolved.
 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
e5fdeae6fc Python: Add return (func_ref, ...) test 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
fb0cc184d9 Python: Add test of multi func def based on runtime decision 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
276a825cd0 Python: Allow same function name in call-graph tests 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
8a56b48357 Python: Support super().__new__(cls) 2022-11-22 14:46:32 +01:00
Rasmus Wriedt Larsen
2b76964f7f Python: Expand tests of __new__ a bit more 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
a4e6433942 Python: add support for type(self)() 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
d43a48c265 Python: Add type(self)() tests 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
16483f7d40 Python: Add funky call-graph regression 
I don't even know how to phrase this :D
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
1e96ced3ab Python: Ignore functions with @property decorator for now 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
cba93ded77 Python: Add test for @property problem 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
b33f02f9dc Python: Fix self-passing problems 
This also fixes performance problems for pandas-dev/pandas
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
722c69edcc Python: Add test showing self type-tracking problems 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
5e5bab5a7c Python: Don't pass synthetic class instance to __new__ on class calls 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
6fefd54533 Python: Consider __new__ a classmethod 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
f040ad8dac Python: Add test of __new__ handling 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
57c7dc8ea9 Python: Allow cls passing to classmethod 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
0cf13e9976 Python: Expand argument highlighting test 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
4416037dc6 Python: Ignore SPURIOUS call-graph edges in points-to vs. type-tracker results 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
6351defe0d Python: Add call-graph tests with isinstance 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
5fc127cb2c Python: Make UnresolvedCalls.qll handle class calls without __init__ 
This commit used to make sense to have here in the ordering of commits,
but due to various rebases it no longer changes any test output..

it's still a good change though, so I'll keep it.
 2022-11-22 14:46:31 +01:00
Rasmus Wriedt Larsen
98a849405f Python: Add support for late *args arguments 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
035d083515 Python: Support flow to *args param from positional arg 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
db921ac036 Python: Add basic support for *args 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
b6314dd19d Python: Add *args tests 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
c687df4ddc Python: Support flow to keyword param from **kwargs arg 
When resolving merge conflict after flow-summaries was merged, this is
the original commit where I introduced ParameterNodeImpl, so this is the
commit where differences in that implementation was committed...

I removed TParameterNode, since I could not see we we gain anything from
having it.
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
215a03d948 Python: Support flow to **kwargs param from keyword arg 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
503ad544e9 Python: Remove impossible flow for **kwargs params 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
eb600f07b7 Python: Use config for dataflow-consistency.ql 
And ignore post-update nodes for `**kwargs` arguments
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
5722d231bd Python: Add basic support for **kwargs 
For now this is JUST from `**kwargs` in arguments, to `**kwargs`
parameters, and this part is based on field-flow

Note that dataflow-library complains about missing post update nodes for
these. This needs to be ignored, since post update nodes for `**kwargs`
arguments doesn't make sense, it's not possible to alter the dictionary
inside the method.
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
9b2663034d Python: Change test .ql to also show bad argument flow 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
5a976cfb14 Python: Add more **kwargs arg passing tests 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
e7a337991a Python: Accept fix from extractor change 
namely the variable access mentioned in
https://github.com/github/codeql/pull/10171
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
61410191e7 Python: Fix bug in argumentRoutingTest.ql 
Since `DataFlowPrivate::DataFlowCall` only exists for calls resolved to
a function, we didn't have any results before... but allowing any call
helps things!
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
a5c3e850f1 Python: Handle __call__ 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
b5e8bf7882 Python: Add note about trying DataFlowDispatchPointsTo for InlineCallGraphTest 
Since I was very confused about no results for __call__, I tried to see
whether I had cheated by making the comparison too unfair. But it didn't
seem to be the case.
 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
f3ac81a013 Python: Expand tests for special method calls 2022-11-22 14:46:30 +01:00
Rasmus Wriedt Larsen
70cc986d5f Python: Suppress None.json.dumps from ExternalAPI queries 2022-11-22 14:46:29 +01:00