hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

9593 Commits

Author SHA1 Message Date
Taus
964b8478dc Merge pull request #3405 from jcreedcmu/jcreed/jump-to-def-python 
Python: Refactor definitions query, add queries for ide search
 2020-05-07 12:51:35 +02:00
Jason Reed
5934345fe3 Python: Fix formatting. 2020-05-06 08:48:45 -04:00
Rasmus Wriedt Larsen
f1630983d3 Python: Cleanup default-indexing upgrade script 2020-05-06 09:57:07 +02:00
Rasmus Wriedt Larsen
010d5fb769 Python: Fix indexes of keyword-only defaults in upgrade script 
Works like a charm ;)
 2020-05-06 09:57:07 +02:00
Rasmus Wriedt Larsen
a15833d194 Python: DB upgrade script for default-indexing change 
Follow this excellent guide:
https://github.com/github/codeql-c-extractor-team/blob/master/docs/db-upgrade.md
 2020-05-06 09:56:53 +02:00
Jason Reed
c759e891d0 Python: Exclude additional tag from LGTM suites 2020-05-05 09:43:40 -04:00
jcreedcmu
6cf30ef87a Update python/ql/src/analysis/DefinitionTracking.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-05-05 09:40:54 -04:00
Rasmus Wriedt Larsen
6488714758 Python: Autoformat 2020-05-05 11:38:17 +02:00
Rasmus Wriedt Larsen
07ae40206f Python: Don't allow getParameter(-1) for BoundMethodValue 
As per discussion in the PR
 2020-05-05 11:37:10 +02:00
Rasmus Wriedt Larsen
5d5d412b78 Python: Add test of safe methods for py/modification-of-default-value 2020-05-05 11:14:37 +02:00
Rasmus Wriedt Larsen
4da5222255 Python: More safe methods for py/modification-of-default-value 
Fixes https://github.com/github/codeql/issues/3397
 2020-05-05 11:09:05 +02:00
Rasmus Wriedt Larsen
affca1a728 Python: Add test-cases using keyword arguments for builtin function 2020-05-05 10:26:25 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Rasmus Wriedt Larsen
dfe7c8270b Python: Clean up trailing whitespace 2020-05-05 09:55:09 +02:00
Rasmus Wriedt Larsen
87d7738b6e Python: Expand QLDoc for get[Named]ArgumentForCall 2020-05-05 09:54:54 +02:00
Rasmus Wriedt Larsen
061bbb82f5 Python: Restructure getNamedArgumentForCall 
So it matches the structure of getArgumentForCall -- call.getArgByName first!
 2020-05-05 09:00:55 +02:00
Rasmus Wriedt Larsen
838106d49c Python: Refactor get[Named]ArgumentForCall 
Also fixed a bug for BoundMethodValue, as highlighted in the expected diff 👍
 2020-05-04 20:51:23 +02:00
Rasmus Wriedt Larsen
bc92c26e12 Python: Add BoundMethodValue 2020-05-04 20:51:12 +02:00
Rasmus Wriedt Larsen
96fdb7a5b6 Python: Add tests for getParameter[byName] 
These already have results for BoundMethodValue, although

1) it's a bit strange that `getParameter(-1)` has results
2) why does `Method(Function C.n, class C)` exists? this would only be relevant
if `n` was a classmethod, but it isn't. It's not a problem that it exsits per
se, but curious.
 2020-05-04 20:51:04 +02:00
Rasmus Wriedt Larsen
e9859ad96d Python: Fix getArgumentForCall when using keyword arguments 
Yikes :|
 2020-05-04 20:50:56 +02:00
Rasmus Wriedt Larsen
acb506db21 Python: Add test for getNamedArgumentForCall 
and rename the one for getArgumentForCall
 2020-05-04 20:50:32 +02:00
Rasmus Wriedt Larsen
9ec32ee1c1 Python: Add test-cases using keyword arguments 2020-05-04 20:50:19 +02:00
Rasmus Wriedt Larsen
fc0b0221f0 Python: Add test-cases for BuiltinFunction and BuiltinMethod 2020-05-04 20:50:14 +02:00
Rasmus Wriedt Larsen
f624754390 Python: Use Value in GetACAll test 
That was not possible when using the old Object-API, but in Value-API getACall
is defined on all Values.
 2020-05-04 20:50:06 +02:00
Rasmus Wriedt Larsen
06b67e0d32 Python: Modernise test/library-tests/PointsTo/calls/* 2020-05-04 20:49:57 +02:00
Rasmus Wriedt Larsen
a5289bd708 Python: Use Object in CallRefersTo test 
Since other things than FunctionObject can be called ;)
 2020-05-04 20:49:47 +02:00
Rasmus Wriedt Larsen
7b8b4af6d2 Python: Add test for call.getFunction().refersTo 
Showing that
`call.getFunction().refersTo(func)` gives different results from
`call = func.getACall()`
 2020-05-04 20:49:19 +02:00
Jason Reed
c34fa840a2 Python: Use NiceLocationExpr::hasLocationInfo for ide jump-to-def 2020-05-04 11:36:54 -04:00
Jason Reed
b0f72ebb56 Python: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for python source archives.
 2020-05-04 11:27:30 -04:00
Rasmus Wriedt Larsen
16e9d76e22 Merge branch 'master' into python-keyword-only-args 2020-05-04 11:49:00 +02:00
Taus
33f4503ac3 Merge pull request #3213 from RasmusWL/python-iter-str-seq-with-tests 
Python: supress non-useful results (w/ tests) for iter str/seq query
 2020-05-01 11:04:05 +02:00
Rasmus Wriedt Larsen
e569d7ae41 Merge branch 'master' into python-parse_qs 2020-04-30 17:05:17 +02:00
Rasmus Wriedt Larsen
e0b4518a3e Merge branch 'master' into python-improve-file-taint 2020-04-30 11:24:29 +02:00
Rasmus Wriedt Larsen
c5e14f5c0d Python: Handle defaults and annotations for keyword-only arguments 
This commit is based on a change to the extractor
 2020-04-27 17:24:10 +02:00
Rasmus Wriedt Larsen
1fcbb6e9f4 Python: Better test for Argument.getDefault(i) 
Default values for positional arugments follow a rule, so if an argument has a
default value, later positional arguments must also have default values.

The database only stores the actual default values, and nothing about the
arguments that doesn't have default values.

This turns out to be a major problem for Argument.getKwDefault(i), since default
values for keyword-only arguments doesn't have the same rule. So if you know
there is one default value, you can't tell if it is associated with `foo` or
`bar`, as in the examples below:

```
def a(*, foo=None, bar):
    pass

def b(*, foo, bar=None):
    pass
```
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
5f6058363f Python: Improve QLdoc for Parameter.getPosition 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
8c1cfe52f6 Python: Use getAKeywordOnlyArg instead of getAKwonlyarg 
The result is the same, but `getAKeywordOnlyArg` is the method used everywhere
else in the code.
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
c508e89a00 Python: Handle keyword-only arguments properly 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
4185edc087 Python: Expand parameters/functions test 
I want to ensure we handle when only _some_ parameters have default/annotations
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
0cc8d49112 Python: Add tests for full Python 3 parameters syntax 
Currently keyword-only parameters are not handled properly :(
 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
96b36a7f0f Python: Clean up some QLdocs 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
ce2d7fe04c Python: Improve QLDoc for Arguments 2020-04-27 17:22:56 +02:00
Rasmus Wriedt Larsen
64c013ef4d Merge branch 'master' into python-iter-str-seq-with-tests 2020-04-27 17:20:06 +02:00
Rasmus Wriedt Larsen
4e80abbfa9 Python: Fixup wording in comment 
where you place a not is not without significance :D
 2020-04-27 17:03:01 +02:00
Taus
de08433bd3 Merge pull request #3212 from RasmusWL/python-fix-tests-filter 
Python: Fix (some) shortcomings of tests filter
 2020-04-27 11:26:35 +02:00
Taus
bcb980b3d5 Merge pull request #3302 from RasmusWL/python-str-taint-add-methods 
Python: Add taint for string methods
 2020-04-24 16:29:11 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
semmle-qlci
4c7a5007d8 Merge pull request #3314 from RasmusWL/python-model-stdlib-http.server 
Approved by tausbn
 2020-04-24 15:27:21 +01:00
Rasmus Wriedt Larsen
2b3025265b Python: Clean up QLdoc 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-04-24 14:05:02 +02:00
Rasmus Wriedt Larsen
367ee3e8c4 Python: Modernise security/injection/Path.qll 
And we're making things a bit more clean since it's not *any* argument of `open()` that is a taint-sink.
 2020-04-24 12:03:42 +02:00