hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

9375 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
5fc8a00487 Python: Rename test function 2023-11-10 15:58:20 +01:00
Rasmus Wriedt Larsen
b3feb4d7e9 Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-11-10 15:57:00 +01:00
Rasmus Wriedt Larsen
3023d3b8c0 Python: Add change-note 2023-11-08 17:20:05 +01:00
Rasmus Wriedt Larsen
4943fc5a57 Python: Model taint from re.<func> calls 2023-11-08 17:18:40 +01:00
Rasmus Wriedt Larsen
851c30e797 Python: Add taint modeling of re.Match objects 2023-11-08 17:18:09 +01:00
Rasmus Wriedt Larsen
ea4761d3b6 Python: Add tests of taint-flow for re module 2023-11-08 16:05:22 +01:00
Rasmus Wriedt Larsen
9b0ad8295e Python: Add test of nested classes 2023-11-08 14:58:40 +01:00
Rasmus Wriedt Larsen
9d5cf0b331 Merge branch 'main' into class-attribute-flow 2023-11-08 14:30:53 +01:00
Rasmus Wriedt Larsen
6d4e000c7c Merge pull request #14590 from RasmusWL/fix-dataflow-class-scope 
Python: Fix dataflow consistency error due to missing class scope
 2023-11-08 14:30:34 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
b63294764b Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00
Rasmus Wriedt Larsen
5433907c33 Python: Accept more test changes 
All are for the better 🎉
 2023-11-07 15:49:14 +01:00
Rasmus Wriedt Larsen
dc8ca70ab5 Merge pull request #14694 from RasmusWL/python-validtest-success 
Python: Misc: show that all tests passed in validTest
 2023-11-07 14:56:57 +01:00
Rasmus Wriedt Larsen
5220a8d3f8 Update python/ql/test/experimental/dataflow/validTest.py 
Co-authored-by: Taus <tausbn@github.com>
 2023-11-07 11:30:13 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
904a8b1ea9 Python: Add consistency tests for class scope 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
5bee44dcfe Python: add change-note 2023-11-07 11:27:11 +01:00
Rasmus Wriedt Larsen
6568332e3d Python: Add basic flow for class attributes 2023-11-07 11:23:42 +01:00
Rasmus Wriedt Larsen
6c50c2bfe6 Python: Highlight missing flow for class attributes 2023-11-07 11:23:42 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
e8eff78799 fix tests because of error in Frameworks.qll 2023-11-06 19:19:36 +01:00
amammad
ad756d59c8 put new frameworks in Frameworks.qll and fix some mistakes of Baize 2023-11-06 19:17:50 +01:00
amammad
315bdc2b48 add tests for new frameworks 2023-11-06 19:13:57 +01:00
amammad
637c52d10a separate each new FileSystemAccess packages. 2023-11-06 19:03:55 +01:00
Rasmus Wriedt Larsen
43f1d092f1 Python: Misc: show that all tests passed in validTest 2023-11-06 16:04:58 +01:00
Taus
75e6de8311 Python: Add test 2023-11-06 13:50:55 +00:00
Taus
f67c68da9a Python: Make TypeParameter extend AstNode 
With `AstNode` defined as a union of other classes, we don't get this for free.

(Compare with `DictItem`, which is in a similar situation.)
 2023-11-06 13:50:55 +00:00
Taus
878299823c Python: Add up-/downgrade scripts 
In the upgrade direction, we simply do nothing.

In the downgrade direction, we remove the two new relations, and
also any `Stmt` nodes corresponding to `TypeAlias` nodes.
 2023-11-06 13:50:55 +00:00
Taus
9cd1e0e546 Python: Add stats for new relations 2023-11-06 13:50:55 +00:00
Taus
e8209a6a10 Python: Fix missing override compilation error 2023-11-06 13:50:55 +00:00
Taus
2e77b8d3c2 Python: Add wrapper classes around the newly added AST nodes 2023-11-06 13:50:55 +00:00
Taus
c397f707a1 Python: Add automatically generated files 
For these, I opted for a placement that would cause as few changes to the
dbscheme as possible. This puts the new `type_parameters` fields as the
last field on function and class definitions.
 2023-11-06 13:50:55 +00:00
Rasmus Wriedt Larsen
f6ae7523b5 Merge pull request #14591 from RasmusWL/minor-stringpool-improvement 
Python: Minor cleanup for string pool interaction
 2023-11-06 13:13:27 +01:00
Rasmus Wriedt Larsen
92b13c4259 Merge branch 'main' into amammad-python-FileSystemAccess 2023-11-06 11:30:09 +01:00
Rasmus Wriedt Larsen
3d8a7e0ee3 Python: Add change-note 2023-11-06 11:29:52 +01:00
yoff
fd757b0089 Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
58bf70d61b Python: filter self steps from use-use flow 
Factor out use-use flow in order to do this.
Also improve names and comments.

I also wanted to change the types in `difinitionFlowStep`, but
that broke the module instantiation.
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
613831b2e1 Python: add test for post-update loop flow 2023-11-02 09:31:28 +01:00
yoff
c26c68c286 Merge pull request #14617 from yoff/python/module-for-import-time-flow 
Python: module for import time flow
 2023-11-02 09:28:51 +01:00
Tom Hvitved
3c86aad16d Merge pull request #14628 from hvitved/ruby/type-tracking-store-post-update 
Ruby: Summarized type-tracking stores should target post-update nodes
 2023-11-01 13:54:21 +01:00
Rasmus Lerchedahl Petersen
0b45b63bd2 Python: Update debug query to changed API 
The change is commented out by default
which is why no compilation tests failed
when the API changed.
 2023-11-01 11:39:51 +01:00
Tom Hvitved
0c5b528d54 Address review comments 2023-11-01 11:32:57 +01:00
Rasmus Lerchedahl Petersen
f7a8a8ae19 Python: Fix QL alert 2023-11-01 09:24:59 +01:00
Rasmus Lerchedahl Petersen
38b811b050 Python: Separate -> PhaseDependentFlow 2023-10-31 21:50:33 +01:00
Rasmus Lerchedahl Petersen
7f6ae8b2ab Python: improve readability 2023-10-31 14:52:37 +01:00
yoff
f76cde36bb Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-10-31 14:12:24 +01:00
Chris Smowton
79e1aa0498 Merge pull request #14634 from github/post-release-prep/codeql-cli-2.15.2 
Post-release preparation for codeql-cli-2.15.2
 2023-10-31 10:24:53 +00:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00