hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

4030 Commits

Author SHA1 Message Date
yoff
4785048076 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-22 09:29:07 +01:00
Rasmus Lerchedahl Petersen
d288c4a709 Python: rename folder 2023-11-21 16:48:41 +01:00
yoff
4f7fde7b87 Merge pull request #14858 from yoff/python/demonstrate-use-use-explosion 
Python: Test demonstrating the need for phi-read-nodes
 2023-11-21 16:44:11 +01:00
Rasmus Lerchedahl Petersen
c552bc5eb1 Python: fix test output 2023-11-21 15:48:22 +01:00
Rasmus Lerchedahl Petersen
077e51c6c6 Python: fix test output 2023-11-21 15:47:18 +01:00
Rasmus Lerchedahl Petersen
4857960f72 Python: test demonstrating the need for phi nodes 
or a dataflow node playing that role, at least.
 2023-11-21 15:40:05 +01:00
Rasmus Lerchedahl Petersen
f138fc0d2d Python: Test demonstrating need for phi-read-nodes 
Or for a data flow node filling that role, at least.
 2023-11-21 13:54:02 +01:00
Rasmus Wriedt Larsen
37d03ee0f3 Python: Accept .expected changes 
Note that in this case, since there is a known `django.urls.path`
route-setup, we know that the request-handler will only be passed
keyword arguments, so it is not a mistake that `*args` is not considered
a routed-parameter here (although it certainly wouldn't have hurt us if
we did consider it a routed-parameter either).
 2023-11-21 13:46:55 +01:00
Rasmus Wriedt Larsen
36a846ee32 Python: Fix django regex path handling 2023-11-21 13:08:45 +01:00
Rasmus Wriedt Larsen
c51c15ae74 Python: Add test of routed parameters to *args 
Also move the **kwargs and *args test to a more appropriate file
 2023-11-21 13:01:01 +01:00
Rasmus Wriedt Larsen
2ec1822e9c Python: Accept consistency-errors in django-orm 2023-11-21 12:44:42 +01:00
Rasmus Wriedt Larsen
5f26790b90 Merge branch 'main' into py-restframework 2023-11-21 11:57:48 +01:00
Rasmus Wriedt Larsen
df9fb141b8 Python: Remove old manual consistency query tests 2023-11-21 11:50:23 +01:00
Rasmus Wriedt Larsen
71c017f053 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-11-21 10:07:42 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Rasmus Wriedt Larsen
c8301fc5f0 Merge pull request #14851 from RasmusWL/variable-caputre-list-comprehension 
Python: Add test for variable reference in list comprehension
 2023-11-20 17:10:34 +01:00
Rasmus Wriedt Larsen
db1499d5b0 Python: Add test for variable reference in list comprehension 2023-11-20 16:41:34 +01:00
Taus
216cd88225 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 15:25:06 +00:00
Rasmus Wriedt Larsen
25d3af9236 Merge branch 'main' into clean-tests 2023-11-16 11:21:01 +01:00
Taus
fd750a3bf0 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 09:59:44 +00:00
Rasmus Wriedt Larsen
71ef98584d Merge pull request #14791 from RasmusWL/python-3.12 
Python: Update `.expected` to support Python 3.12
 2023-11-16 10:42:48 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Rasmus Wriedt Larsen
e02c32f3d4 Python: options file was not enough, split into 2/3 
I reckon this is due to the Python 3 version used by the Python 2 tests
is different from 3.12, so even with --lang=3 the tests are still using
an incompatible version :(
 2023-11-15 14:24:11 +01:00
Rasmus Wriedt Larsen
0f1dc9b2d9 Python: Add missing options file 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
4256fbf11a Python: Accept changes from Python 3.12 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f3dd002ba9 Python: Copy tests to Python 3 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f9e9ae91f7 Python: Move tests that would change under Python 3.12 to lang specific directory 
This moves the tests to Python 2, next we copy them to Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
23419ee634 Python: Update .expected to support Python 3.12 
You might wonder why the number of lines changed, but it's due to `tty`
module receiving its' first update since 2001, so the actual number of
lines DID change :phew:

https://github.com/python/cpython/commits/3.12/Lib/tty.py

Since there is now a difference between Python 2 and Python 3, we need to restrict the lines of code test to only run as Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
69453aa144 Python: Fix missing newline in .expected 2023-11-15 10:10:23 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Wriedt Larsen
721bde1ce8 Python: Delete orphaned .expected files 2023-11-15 09:59:26 +01:00
Rasmus Wriedt Larsen
e1c47f5584 Python: Reorganize taint tests of re 
Mostly to highlight that with flow-summary modeling, we don't expect
taint for a lot of these.

I aslo opted to make `finditer()` tainted for consistency.
 2023-11-13 10:56:29 +01:00
Rasmus Wriedt Larsen
ffc27b5301 Python: Solve problems with missing TTupleElementContent 
Ruby uses 10 as their number. I considered doing the same, but didn't
really care _too_ much about it 🤷

14cfb82a8c/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll (L636)
 2023-11-13 10:48:51 +01:00
Rasmus Wriedt Larsen
c3fa3f26a7 Python: Fix problems with missing TAttributeContent 2023-11-13 10:46:40 +01:00
Rasmus Wriedt Larsen
943b2a2ed1 Python: Highlight problem with flow summaries and TAttributeContent 2023-11-13 10:42:13 +01:00
Rasmus Wriedt Larsen
c85d99d949 Merge branch 'main' into re-modeling 2023-11-10 16:32:50 +01:00
Rasmus Wriedt Larsen
5fc8a00487 Python: Rename test function 2023-11-10 15:58:20 +01:00
Rasmus Wriedt Larsen
4943fc5a57 Python: Model taint from re.<func> calls 2023-11-08 17:18:40 +01:00
Rasmus Wriedt Larsen
851c30e797 Python: Add taint modeling of re.Match objects 2023-11-08 17:18:09 +01:00
Rasmus Wriedt Larsen
ea4761d3b6 Python: Add tests of taint-flow for re module 2023-11-08 16:05:22 +01:00
Rasmus Wriedt Larsen
9b0ad8295e Python: Add test of nested classes 2023-11-08 14:58:40 +01:00
Rasmus Wriedt Larsen
9d5cf0b331 Merge branch 'main' into class-attribute-flow 2023-11-08 14:30:53 +01:00
Rasmus Wriedt Larsen
6d4e000c7c Merge pull request #14590 from RasmusWL/fix-dataflow-class-scope 
Python: Fix dataflow consistency error due to missing class scope
 2023-11-08 14:30:34 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Rasmus Wriedt Larsen
5433907c33 Python: Accept more test changes 
All are for the better 🎉
 2023-11-07 15:49:14 +01:00
Rasmus Wriedt Larsen
5220a8d3f8 Update python/ql/test/experimental/dataflow/validTest.py 
Co-authored-by: Taus <tausbn@github.com>
 2023-11-07 11:30:13 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
904a8b1ea9 Python: Add consistency tests for class scope 2023-11-07 11:29:23 +01:00