hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

2968 Commits

Author SHA1 Message Date
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
yoff
6b589c5d5d Merge pull request #10387 from RasmusWL/getStarArg-always-first 
Python: `getStarArg` gives first `*args` argument
 2022-09-20 20:01:07 +02:00
yoff
ea743173d5 Merge pull request #8781 from yoff/python-dataflow/flow-summaries-from-scratch 
Python dataflow: flow summaries restart
 2022-09-20 14:08:31 +02:00
Rasmus Lerchedahl Petersen
318e3290f2 Python: use "extracted" instead of "source" 
The precedence for the use of "source" to denote elements of source code
is found in `EssaVariable::getSourceVariable` as well as in the Ruby
code base. But it clashes with the many uses of source to mean
"source of flow" found in the data flow library.
 2022-09-20 13:26:04 +02:00
Rasmus Lerchedahl Petersen
9a7afa9d8d Python: more idiomatic cartesian product 2022-09-20 12:47:56 +02:00
Asger F
51618b46a8 Sync ApiGraphModels.qll 2022-09-20 11:47:37 +02:00
Rasmus Wriedt Larsen
556e93ae68 Merge pull request #10384 from RasmusWL/callnode-getargbyname 
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
 2022-09-19 15:05:59 +02:00
yoff
f7cbcb2fef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-19 14:52:18 +02:00
Rasmus Lerchedahl Petersen
6377e6c575 Python: move summary to Stdlib.qll 2022-09-19 14:36:36 +02:00
Rasmus Lerchedahl Petersen
f560719a88 Python: expand comment on flow summaries 2022-09-19 14:30:53 +02:00
Rasmus Lerchedahl Petersen
da39c14e46 Python: comment out SummarizedCallableFromModel 2022-09-19 14:06:21 +02:00
Rasmus Lerchedahl Petersen
37fb27fa1c Python: change type of LibraryCallable::getACall 
The other callables return control flow nodes,
so it is slightly inconsistent for this to return a
data flow node, but it does make models based
on API graphs nicer.
 2022-09-19 14:02:52 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Tom Hvitved
40e77a0c67 Merge pull request #10415 from hvitved/code-block-fix 
Change two ```codeql to ```ql
 2022-09-14 15:07:55 +02:00
Tom Hvitved
4ea1c0050b Change two ``codeql to ``ql 2022-09-14 13:53:34 +02:00
Rasmus Lerchedahl Petersen
33b508d6e6 Python: undo change to --max-import-depth 
This is not necessary as long as `LibraryCall` only
includes unresolved calls.
 2022-09-14 12:52:27 +02:00
Rasmus Lerchedahl Petersen
f83158ff8b Python: do not stake out too much territory 2022-09-14 10:28:11 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
erik-krogh
03a325ca31 autoformat 2022-09-13 10:06:35 +02:00
Rasmus Lerchedahl Petersen
03c243175b Python: fix QL alerts 2022-09-12 23:53:42 +02:00
Rasmus Lerchedahl Petersen
2e9c60de6c Python: remove ressurected file 2022-09-12 23:38:44 +02:00
Rasmus Lerchedahl Petersen
bf16e220a0 Python: adjust expectations 2022-09-12 22:43:03 +02:00
Rasmus Lerchedahl Petersen
e3280c8a3e Python: handle TODO 
although this is not actually tested,
so we may have to adjust once we use it.
But the _very_ generic implementation is modeled on the Ruby code.
 2022-09-12 21:03:56 +02:00
Rasmus Lerchedahl Petersen
78d4dc3123 Python: sync files 2022-09-12 21:01:57 +02:00
Rasmus Lerchedahl Petersen
203481ad3e Python: rearrange to minimize diff 
also fix typo
 2022-09-12 20:07:32 +02:00
Rasmus Lerchedahl Petersen
efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
Rasmus Wriedt Larsen
41ce1c2016 Python: getStarArg gives first *args argument 
I couldn't see any reason that we should give up altogether if there are
multiple `*args` arguments. Including the first one looks like a win to
me!
 2022-09-12 17:02:31 +02:00
erik-krogh
05ef76cbca add change-note 2022-09-12 15:41:28 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Lerchedahl Petersen
0f95992b2f Python: remove NonLibraryDataFlowCallable 
this required managing parameters and their pre-update nodes a bit
 2022-09-12 15:17:29 +02:00
Rasmus Wriedt Larsen
4296ac1ac0 Python: Allow CallNode.getArgByName for keyword args after **kwargs 2022-09-12 15:03:13 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
erik-krogh
80158f8035 fix some python uses of renamed features 2022-09-12 12:08:30 +02:00
Erik Krogh Kristensen
c9ea10b1ef revise some Python names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-12 12:00:57 +02:00
Rasmus Lerchedahl Petersen
fa2da2f3ec Python: remove NonLibraryNormalCall 
it is not necessary to distinguish these calls,
so we remove the class from the hierarchy.
 2022-09-11 22:25:29 +02:00
Rasmus Lerchedahl Petersen
895f5480c2 Python: Added recursion guard 
to ensure that the call graph seen by type tracking
does not include summary calls resolved by type tracking.

(I tried inserting a similar test into the Ruby codebase,
 and it still compiled)

To get this to compile, I had to move the resolution of summary calls
out of the data flow nodes and into the `viableCallable` predicate.
This means that we now have a potential summary call for each
cfg call node. (I tried using the base class, `DataFlowCall`, for this
but calls to `map` got identified as class calls and would no longer
be associated with a summary.)

It is possible that the "NonLIbrary"-layers the were inserted into the
hierarchy can be removed again.
 2022-09-09 22:47:47 +02:00
Rasmus Wriedt Larsen
89a331f186 Merge pull request #10359 from tausbn/python-clean-up-import-resolution 
Python: Clean up module resolution
 2022-09-09 15:09:43 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Taus
5ce60d028d Python: Remove ImportStar import. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-08 22:01:58 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Taus
366c574308 Python: Move import logic into its own module 2022-09-08 14:52:08 +00:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00
Rasmus Lerchedahl Petersen
1649ec7cd7 Python: Describe current naming scheme 
In the hope that this will enable a better one.
It looks like
- type tracking should currently be mutually recursive with data flow
  (this needs investigation)
- type tracking already supports special methods
  (we should probably have a test for this)
 2022-09-07 12:18:42 +02:00
Rasmus Lerchedahl Petersen
565378031d Python: remember to import the new framework 
I think it should perhaps not be mentioned in `frameworks.rst`
 2022-09-07 10:24:58 +02:00
erik-krogh
283c711de9 deprecate unused predicate inside the essa module 2022-09-07 07:40:04 +02:00