hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

907 Commits

Author SHA1 Message Date
Joe Farebrother
cd6a151d9b Add missing predicate + update test output 2025-09-03 09:48:07 +01:00
Joe Farebrother
f7097136f1 Rank multiple calls so only the first 2 calls are alerted 2025-09-01 16:23:42 +01:00
Joe Farebrother
ba8658491a Update qhelp + alert messages 2025-09-01 14:11:01 +01:00
Joe Farebrother
daa5525a10 Update tests and add an additional test 2025-09-01 14:10:55 +01:00
Joe Farebrother
9619ae8a2d Add additional test case + update missing del tests 2025-09-01 14:10:47 +01:00
Joe Farebrother
c9932e187a Update tests for calls to init + fixes 2025-09-01 14:10:44 +01:00
Joe Farebrother
99a05ed5a4 Update test outputs + fix semantics 2025-09-01 14:10:36 +01:00
Joe Farebrother
732c818916 Move tests and add inline expectation postprocessing 2025-09-01 14:10:33 +01:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Joe Farebrother
7ef2b01119 Merge pull request #20142 from joefarebrother/python-qual-subclass-shadow 
Python: Modernise Superclass attribute shadows subclass method query
 2025-08-28 13:40:26 +01:00
Tom Hvitved
fa7295f0a1 Merge pull request #20303 from hvitved/python/jump-to-def-unpack-tests 
Python: Add jump-to-def tests for unpacking assignments
 2025-08-28 12:03:55 +02:00
Tom Hvitved
bf47f66691 Python: Add jump-to-def tests for unpacking assignments 2025-08-28 10:38:21 +02:00
Joe Farebrother
bde143e4c1 Merge pull request #20038 from joefarebrother/python-qual-comparison 
Python: Modernize 3 quality queries for comparison methods
 2025-08-28 09:37:20 +01:00
Joe Farebrother
c6ababd262 Fix test output 2025-08-28 08:49:34 +01:00
Joe Farebrother
ada0b372c6 Merge pull request #20120 from joefarebrother/python-qual-unexpected-raise-special 
Python: Modernize Unexpected Raise In Special Method query
 2025-08-27 15:01:46 +01:00
Joe Farebrother
bc60914ed7 Update test output 2025-08-01 12:37:51 +01:00
Joe Farebrother
2516f9452e Move to subfolder 2025-07-30 15:17:19 +01:00
Joe Farebrother
796a6060b2 Exclude setters and update tests 2025-07-30 13:56:05 +01:00
Joe Farebrother
af94ebe1fc Modernize attribute shadows subclass, Add cases for properties 2025-07-30 13:55:11 +01:00
Joe Farebrother
c0da9c407e Fix typo in test dir name + update examples 2025-07-25 13:15:46 +01:00
Joe Farebrother
362bfba049 Update unit tests 2025-07-24 14:50:36 +01:00
Joe Farebrother
b1ee795225 Merge pull request #20086 from joefarebrother/python-qual-raise-not-implemented 
Python: Modernise raise-not-implemented query
 2025-07-24 13:18:21 +01:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Joe Farebrother
909f57261c Minor doc updates; updating python 2 references to python 3 and updating grammar 2025-07-15 13:26:46 +01:00
Napalys Klicius
638f6498f0 Removed lxml.etree.XMLParser from xml bomb sinks 2025-07-15 13:43:00 +02:00
Joe Farebrother
f784bb0a35 Fix qldoc errors + typos 2025-07-14 14:26:49 +01:00
Joe Farebrother
083d258585 Add/update unit tests 2025-07-11 15:10:45 +01:00
Joe Farebrother
8fb9bdd0af move equals attr test to equals attr folder 2025-07-09 15:25:21 +01:00
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using basic block reachability
 2025-06-26 23:35:38 +01:00
Joe Farebrother
d1bd7228c3 Fix typos 2025-06-17 13:58:30 +01:00
Joe Farebrother
547c03cee6 Update tests 2025-06-17 13:58:27 +01:00
Joe Farebrother
a04fbc59f5 Update tests 2025-06-17 13:57:10 +01:00
Joe Farebrother
57a0c7a1ab Performance fix - Use basic blocks instead of full cfg reachability. 2025-06-02 14:33:52 +01:00
Joe Farebrother
73f2770acb Fix handling for some wrappers + add test case 2025-05-30 11:24:06 +01:00
Joe Farebrother
b15fec0fb9 Fix qhelp and tests 2025-05-23 14:17:21 +01:00
Joe Farebrother
06504f2cb6 Update tests 2025-05-23 13:04:56 +01:00
Joe Farebrother
7f7fca9e27 Merge pull request #19165 from joefarebrother/python-qual-loop-var-capture 
Python: Modernize the Loop Variable Capture query
 2025-04-10 13:07:05 +01:00
Joe Farebrother
b5805503fe Cleanups 2025-04-04 11:56:07 +01:00
Joe Farebrother
9fb1c31206 Update tests to inline expectations 2025-04-04 10:13:39 +01:00
Joe Farebrother
adfe89fadc Update test output 2025-04-04 09:47:21 +01:00
Taus
aacdc70a73 Merge pull request #19136 from github/tausbn/python-modernise-mixed-tuple-returns-query 
Python: Modernize `py/mixed-tuple-returns`
 2025-04-01 17:31:56 +02:00
Taus
840abbf5b1 Merge pull request #18956 from github/tausbn/python-more-special-method-query-refactoring 
Python: Modernize special method query
 2025-03-28 17:11:24 +01:00
Taus
6674288fd2 Python: Update test cases 
Adds a comment explaining why we no longer flag the indirect tuple
example.
Also adds a test case which _would_ be flagged if not for the type
annotation.
 2025-03-28 15:12:39 +00:00
Taus
f601f4ad9b Python: Update test expectations 
As we're no longer tracking tuples across function boundaries, we lose
the result that related to this setup (which, as the preceding commit
explains, lead to a lot of false positives).
 2025-03-27 15:31:28 +00:00
Joe Farebrother
3707f107bf Fix tests + add more tests 2025-03-20 11:35:38 +00:00
Joe Farebrother
b2acfbcf87 Simplify handling of wrapper classes and exception flow + improve qldoc and annotate tests. 2025-03-20 11:35:18 +00:00
Joe Farebrother
f750e22d91 Add case for exception flow 2025-03-20 11:35:01 +00:00
Joe Farebrother
ecb3050780 Update tests 2025-03-20 11:34:42 +00:00
Taus
ef9b229023 Python: Actually get rid of points-to 
Also adds `quality` to the list of tags for the query.
 2025-03-14 16:51:48 +00:00
Taus
c9e9deb41e Python: Adapt to a points-to-less world 
Technically we still depend on points-to in that we still mention
`PythonFunctionValue` and `ClassValue` in the query. However, we
immediately move to working with the corresponding `Function` and
`Class` AST nodes, and so we're not really using points-to. (The reason
for doing things this way is that otherwise the `.toString()` for all of
the alerts would change, which would make the diff hard to interpret.
This way, it should be fairly simple to see which changes are actually
relevant.)

We do lose some precision when moving away from points-to, and this is
reflected in the changes in the `.expected` file. In particular we no
longer do complicated tracking of values, but rather look at the
syntactic structure of the classes in question. This causes us to lose
out on some results where a special method is defined elsewhere, and
causes a single FP where a special method initially has the wrong
signature, but is subsequently overwritten with a function with the
correct signature.

We also lose out on results having to do with default values, as these
are now disabled.

Finally, it was necessary to add special handling of methods marked with
the `staticmethod` decorator, as these expect to receive fewer
arguments. This was motivated by a MRVA run, where e.g. sympy showed a
lot of examples along the lines of
```
@staticmethod
def __abs__():
   return ...
```
 2025-03-14 16:49:33 +00:00