hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

3152 Commits

Author SHA1 Message Date
yoff
118840dad4 Merge pull request #5690 from tausbn/python-disallow-post-update-nodes-as-local-source-nodes 
Python: Disallow `PostUpdateNode` as `LocalSourceNode`
 2021-04-19 06:56:11 +02:00
Taus
f3661c34ee Python: Clean up Django models using API graphs 
First sweep. Takes care of most of the models.
 2021-04-16 19:53:36 +00:00
Rasmus Wriedt Larsen
3c8ea167c4 Merge pull request #5668 from tausbn/python-use-api-graphs-in-fabric 
Python: Use API graphs in Fabric model
 2021-04-16 14:27:55 +02:00
Rasmus Wriedt Larsen
6ed1016bb8 Merge pull request #5669 from tausbn/python-use-api-graphs-for-invoke 
Python: Use API graphs for Invoke
 2021-04-16 14:27:19 +02:00
Taus
92b4eb7f02 Python: Cleanup and more explanation 
Goes into some detail about the intended semantics of local source nodes
and `flowsTo`.
 2021-04-16 11:54:20 +00:00
Taus
5c79ad2412 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-16 11:38:29 +02:00
Taus
af0c32c01d Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-16 11:35:12 +02:00
Rasmus Lerchedahl Petersen
0678745677 Python: refactor based on review suggestion 2021-04-16 08:22:00 +02:00
Rasmus Lerchedahl Petersen
341dbcef2e Python: simplify code following review suggestion 
also standardise on camelCase.
 2021-04-16 07:41:00 +02:00
Rasmus Lerchedahl Petersen
8aa6b1a87c Python: use standard tracking construction 2021-04-16 07:36:04 +02:00
Taus
451d36dc97 Python: Allow _some_ PostUpdateNodes 
Specifically, allow the ones arising from calls, but not reads or
writes. This should fix the tests.
 2021-04-15 21:26:12 +00:00
thank_you
a854fb8f8b Add documentation and refactor code 2021-04-15 15:22:15 -04:00
Taus
c9c8259ed0 Python: Disallow PostUpdateNode as LocalSourceNode 
Previously, in cases like

```python
def foo(x):
    x.bar()
    x.baz()
    x.quux()
```

we would have flow from the first `x` to each use _and_ flow from the
post-update node for each method call to each subsequent use, and all
of these would be `LocalSourceNode`s. For large functions with the above
pattern, this would lead to a quadratic blowup in `hasLocalSource`.

With this commit, only the first of these will count as a
`LocalSourceNode`, and the blowup disappears.
 2021-04-15 17:56:14 +00:00
Rasmus Lerchedahl Petersen
42ae5f4f7d Python: support / from the right 
Will also support both operands being paths
 2021-04-15 16:07:35 +02:00
Rasmus Lerchedahl Petersen
d361d999b7 Python: add some path returning functions 
that were only listed as file sytem accesses.
 2021-04-15 10:55:09 +02:00
Rasmus Lerchedahl Petersen
2387dc640c Python: Attempts at modelling pathlib-Paths 2021-04-15 09:40:23 +02:00
Thank You
f1e71e21ed Add SqlAlchemy module 2021-04-14 22:00:25 -04:00
Taus
897d12420b Python: Prevent bad join in isinstanceEvaluatesTo 
In some cases, we were joining the result of `val.getClass()` against
the first argument of `Types::improperSubclass` before filtering out the
vast majority of tuples by the call to `isinstance_call`.

To fix this, we let `isinstance_call` take care of figuring out the
class of the value being tested. As a bonus, this cleans up the only
other place where `isinstance_call` is used, where we _also_ want to
know the class of the value being tested in the `isinstance` call.
 2021-04-14 16:49:12 +00:00
Taus
a7fcf52267 Python: Fix bad join in total_cost 
The recent change to `appliesTo` lead to a perturbation in the join
order of this predicate, which resulted in a cartesian product between
`call` and `ctx` being created (before being filtered by `appliesTo`).

By splitting the intermediate result into its own helper predicate,
suitably marked to prevent inlining/magic, we prevent this from
happening again.
 2021-04-14 15:36:01 +00:00
yoff
447f339857 Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers 
Python: Use API graphs in PEP249 support
 2021-04-14 15:39:49 +02:00
Taus
54c79bff74 Merge pull request #5666 from RasmusWL/django-refactor 
Python: Refactoring and exposing of Django views/fields/forms
 2021-04-14 13:07:20 +02:00
Rasmus Wriedt Larsen
44d2bf42d7 Merge pull request #5671 from tausbn/python-use-api-graphs-in-werkzeug 
Python: Use API graphs in Werkzeug
 2021-04-14 12:57:58 +02:00
Rasmus Wriedt Larsen
9de8085571 Merge pull request #5665 from tausbn/python-use-api-graphs-in-tornado 
Python: Tornado cleanup using API graphs
 2021-04-14 10:22:21 +02:00
Rasmus Wriedt Larsen
2d0c9b6bf2 Merge pull request #5670 from tausbn/python-use-api-graphs-in-dill 
Python: Use API graphs in Dill model
 2021-04-14 10:08:02 +02:00
Rasmus Wriedt Larsen
55723618a9 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-14 10:05:50 +02:00
Taus
981c5deb57 Merge pull request #5639 from tausbn/python-api-graphs-missing-builtins 
Python: Add missing builtins to `API::builtin`
 2021-04-13 21:27:52 +02:00
Taus
a6bb9ebb9f Python: Re-introduce abstract toString 
This seems like the easier solution in the short run.
 2021-04-13 16:08:41 +00:00
Taus
079c7e089d Python: Autoformat 2021-04-13 16:05:45 +00:00
Taus
5f7d3d0d36 Python: Use API graphs in Werkzeug 2021-04-13 15:57:21 +00:00
Taus
2890fe6d61 Python: Use API graphs in Dill model 
If only all rewrites were this smooth...
 2021-04-13 15:26:54 +00:00
Taus
7ed09904b4 Python: Use API graphs for Invoke 
A few stragglers remain, as they are modelling the use of decorators.

They will be dealt with at a later date.
 2021-04-13 15:21:19 +00:00
Taus
7f131c1f35 Python: Get rid of _attr predicates 2021-04-13 14:55:44 +00:00
Taus
1008411594 Python: Use API graphs in Fabric model 2021-04-13 14:49:44 +00:00
Taus
1a4845f417 Python: Restrict types a bit 
The `CallCfgNode` restrictions are familiar and useful.

Restricting `InstanceSource` to extend `LocalSourceNode` is novel, but I
think it makes sense. It will act as a good reminder to anyone extending
`InstanceSource` that the node in question is a `LocalSourceNode`, which
will be enforced by the return type of the internal type tracker anyway.
 2021-04-13 12:28:38 +00:00
Taus
f93b68d4dc Python: Get rid of _attr methods 2021-04-13 12:25:38 +00:00
Taus
98d936d8b3 Python: Tornado cleanup using API graphs 
I wasn't able to roll out API graphs as widely in Tornado as I had
hoped, since we're lacking the "def" part. This means most of the
`InstanceSource` machinery will have to stay.
 2021-04-13 12:25:38 +00:00
Rasmus Lerchedahl Petersen
30fbb8f1e7 Python: clean up interface 2021-04-13 11:34:47 +02:00
Rasmus Lerchedahl Petersen
178cb6c90f Python: Bit too eager with the modernisation... 
Lift type restrictions to recover results.
 2021-04-13 11:26:05 +02:00
Rasmus Lerchedahl Petersen
7c0b0642c8 Python: Add imports to make code compile 2021-04-13 11:09:27 +02:00
Rasmus Lerchedahl Petersen
b6bd782746 Python: Modernize via CallCfgNode 2021-04-12 23:55:59 +02:00
yoff
e4d74cf098 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-12 23:47:54 +02:00
Taus
fda750ef26 Merge pull request #5642 from tausbn/python-use-api-graphs-in-stdlib 
Python: Use API graphs in `Stdlib.qll`
 2021-04-12 18:05:38 +02:00
Taus
6d4ddc0329 Merge pull request #5614 from tausbn/python-allow-absolute-imports-from-source-directory 
Python: Allow absolute imports from source directory
 2021-04-12 18:02:00 +02:00
CodeQL CI
bc56d16c18 Merge pull request #5485 from RasmusWL/django-queryset-chains 
Approved by tausbn
 2021-04-12 08:49:31 -07:00
Tom Hvitved
7d2a60e910 Merge pull request #5640 from hvitved/dataflow/path-step-perf 
Data flow: Prevent bad join-order in `pathStep`
 2021-04-12 14:40:46 +02:00
Rasmus Wriedt Larsen
364d48948f Merge pull request #3810 from dilanbhalla/syntaxpython 
Python: Function/Class Naming Convention (Syntax)
 2021-04-12 10:42:17 +02:00
Rasmus Lerchedahl Petersen
3ff8e010b2 Python: Refactor based on review 
- more natural handling of default arguments
- do not assume default construction gives a family
- simplifies `UnspecificSSLContextCreation`
 2021-04-12 10:00:07 +02:00
Rasmus Lerchedahl Petersen
036fddfdb5 Python: Namable -> Nameable 2021-04-12 08:18:24 +02:00
yoff
02d6de81a7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-04-12 08:16:36 +02:00
Taus
10be2735ec Python: Get rid of _attr predicates 
Also changes all `CfgNode`s representing calls to `CallCfgNode`s.
 2021-04-10 12:12:18 +00:00