hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

1889 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e7d55736b0 Python: Add test of find-subclass code 2023-12-08 11:27:50 +01:00
amammad
5795c72a99 added inline tests 2023-12-07 14:04:33 +01:00
amammad
6ebdae3bab Merge branch 'main' into amammad-python-bombs 2023-12-07 13:50:20 +01:00
Rasmus Lerchedahl Petersen
263c0aade7 Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-06 23:00:51 +01:00
Rasmus Lerchedahl Petersen
9e1c818db6 Python: address review comments 2023-12-04 17:49:26 +01:00
yoff
f5c176bd12 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-04 17:41:00 +01:00
Rasmus Wriedt Larsen
c952f6a648 Python: Update rest of tests to new dataflow lib 
I had missed these originally, since I had just fixed the ones that were
highlighted in the actions logs, thinking they had covered everything :(
 2023-12-04 14:49:40 +01:00
Rasmus Lerchedahl Petersen
e091ae84ab Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph 2023-12-04 14:05:40 +01:00
Rasmus Wriedt Larsen
2fed0adde7 Merge pull request #8457 from RasmusWL/add-dataflow-consistency-query 
Python: Add dataflow consistency query
 2023-12-04 12:50:46 +01:00
Rasmus Wriedt Larsen
4dd3ea3798 Python: Update tests to new dataflow lib 
Avoids some deprecation warnings :)
 2023-12-04 12:36:57 +01:00
Rasmus Wriedt Larsen
3c82653b63 Python: Highlight missing post-update flow for *args and **kwargs 2023-11-28 10:59:48 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
30891ca4aa Merge pull request #14861 from yoff/python/demonstrate-def-use-explosion 
Python: test demonstrating the need for phi nodes
 2023-11-22 09:57:10 +01:00
yoff
4785048076 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-22 09:29:07 +01:00
Rasmus Lerchedahl Petersen
d288c4a709 Python: rename folder 2023-11-21 16:48:41 +01:00
yoff
4f7fde7b87 Merge pull request #14858 from yoff/python/demonstrate-use-use-explosion 
Python: Test demonstrating the need for phi-read-nodes
 2023-11-21 16:44:11 +01:00
Rasmus Lerchedahl Petersen
c552bc5eb1 Python: fix test output 2023-11-21 15:48:22 +01:00
Rasmus Lerchedahl Petersen
077e51c6c6 Python: fix test output 2023-11-21 15:47:18 +01:00
Rasmus Lerchedahl Petersen
4857960f72 Python: test demonstrating the need for phi nodes 
or a dataflow node playing that role, at least.
 2023-11-21 15:40:05 +01:00
Rasmus Lerchedahl Petersen
f138fc0d2d Python: Test demonstrating need for phi-read-nodes 
Or for a data flow node filling that role, at least.
 2023-11-21 13:54:02 +01:00
Rasmus Wriedt Larsen
df9fb141b8 Python: Remove old manual consistency query tests 2023-11-21 11:50:23 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Rasmus Wriedt Larsen
db1499d5b0 Python: Add test for variable reference in list comprehension 2023-11-20 16:41:34 +01:00
Rasmus Wriedt Larsen
25d3af9236 Merge branch 'main' into clean-tests 2023-11-16 11:21:01 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Wriedt Larsen
721bde1ce8 Python: Delete orphaned .expected files 2023-11-15 09:59:26 +01:00
Rasmus Wriedt Larsen
ffc27b5301 Python: Solve problems with missing TTupleElementContent 
Ruby uses 10 as their number. I considered doing the same, but didn't
really care _too_ much about it 🤷

14cfb82a8c/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll (L636)
 2023-11-13 10:48:51 +01:00
Rasmus Wriedt Larsen
c3fa3f26a7 Python: Fix problems with missing TAttributeContent 2023-11-13 10:46:40 +01:00
Rasmus Wriedt Larsen
943b2a2ed1 Python: Highlight problem with flow summaries and TAttributeContent 2023-11-13 10:42:13 +01:00
Rasmus Wriedt Larsen
5fc8a00487 Python: Rename test function 2023-11-10 15:58:20 +01:00
Rasmus Wriedt Larsen
9b0ad8295e Python: Add test of nested classes 2023-11-08 14:58:40 +01:00
Rasmus Wriedt Larsen
9d5cf0b331 Merge branch 'main' into class-attribute-flow 2023-11-08 14:30:53 +01:00
Rasmus Wriedt Larsen
6d4e000c7c Merge pull request #14590 from RasmusWL/fix-dataflow-class-scope 
Python: Fix dataflow consistency error due to missing class scope
 2023-11-08 14:30:34 +01:00
Rasmus Wriedt Larsen
5433907c33 Python: Accept more test changes 
All are for the better 🎉
 2023-11-07 15:49:14 +01:00
Rasmus Wriedt Larsen
5220a8d3f8 Update python/ql/test/experimental/dataflow/validTest.py 
Co-authored-by: Taus <tausbn@github.com>
 2023-11-07 11:30:13 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
904a8b1ea9 Python: Add consistency tests for class scope 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
6568332e3d Python: Add basic flow for class attributes 2023-11-07 11:23:42 +01:00
Rasmus Wriedt Larsen
6c50c2bfe6 Python: Highlight missing flow for class attributes 2023-11-07 11:23:42 +01:00
Rasmus Wriedt Larsen
43f1d092f1 Python: Misc: show that all tests passed in validTest 2023-11-06 16:04:58 +01:00
Rasmus Lerchedahl Petersen
58bf70d61b Python: filter self steps from use-use flow 
Factor out use-use flow in order to do this.
Also improve names and comments.

I also wanted to change the types in `difinitionFlowStep`, but
that broke the module instantiation.
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
613831b2e1 Python: add test for post-update loop flow 2023-11-02 09:31:28 +01:00
yoff
c26c68c286 Merge pull request #14617 from yoff/python/module-for-import-time-flow 
Python: module for import time flow
 2023-11-02 09:28:51 +01:00
Rasmus Lerchedahl Petersen
0b45b63bd2 Python: Update debug query to changed API 
The change is commented out by default
which is why no compilation tests failed
when the API changed.
 2023-11-01 11:39:51 +01:00
Rasmus Lerchedahl Petersen
38b811b050 Python: Separate -> PhaseDependentFlow 2023-10-31 21:50:33 +01:00
Rasmus Lerchedahl Petersen
e745df6478 Python: module for import time flow 
The logic for separating local flow into _import time_
and _runtime_ was duplicated a few times.
Create a module for it instead, and add a good qldoc.
 2023-10-27 15:07:49 +02:00
yoff
867a39083e Merge pull request #14114 from yoff/python/allow-namespace-packages 
Python: Allow namespace packages
 2023-10-26 16:56:05 +02:00
Rasmus Wriedt Larsen
80506f1028 Python: Accept .expected changes 2023-10-17 10:11:39 +02:00
Rasmus Wriedt Larsen
2bf4c32433 Python: Add syntactic support for yield in contextlib.contextmanager 2023-10-17 09:51:20 +02:00