hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,180 Commits 1,671 Branches 157 Tags
kaspersv/overlay-informed-dataflow-experiment
Commit Graph

9313 Commits

Author SHA1 Message Date
Kasper Svendsen
3cbaf51ce1 Run config/sync-files.py 2025-06-20 13:58:58 +02:00
Jeroen Ketema
dd1c09769f Python: Fix integration test 2025-06-19 13:36:57 +02:00
Nora Dimitrijević
438b92b995 Merge pull request #19797 from d10c/d10c/python/diff-informed-2 
Python: mass enable diff-informed data flow `none()` location overrides
 2025-06-19 10:55:07 +02:00
Joe Farebrother
4ae72dbad6 Merge pull request #19709 from joefarebrother/python-qual-init-call-subclass 
Python: Modernize the init-calls-subclass query
 2025-06-18 14:21:25 +01:00
Tamas Vajk
e6a9ff08a3 Adjust query-suite integration test expected files 2025-06-18 13:10:34 +02:00
Tamas Vajk
40274dcd69 Add code-quality-extended query suites 2025-06-18 13:10:34 +02:00
Nora Dimitrijević
b79ce6d30b Python: mass enable diff-informed data flow none() location overrides 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on github#18346 and github/codeql-patch#88
 2025-06-17 15:36:52 +02:00
Joe Farebrother
d1bd7228c3 Fix typos 2025-06-17 13:58:30 +01:00
Joe Farebrother
547c03cee6 Update tests 2025-06-17 13:58:27 +01:00
Joe Farebrother
2c8896848f Update integration test output 2025-06-17 13:58:22 +01:00
Joe Farebrother
22a6fa3ebf Remove case for being last in initialisation. This pattern can still be a problem if the subclass overrides initialisation. 2025-06-17 13:57:36 +01:00
Joe Farebrother
95153c172c Add some more details to the documentation 2025-06-17 13:57:30 +01:00
Joe Farebrother
90bf45a3ba Fix docs 2025-06-17 13:57:23 +01:00
Joe Farebrother
75bb743ce3 Update documentation 2025-06-17 13:57:18 +01:00
Joe Farebrother
a04fbc59f5 Update tests 2025-06-17 13:57:10 +01:00
Joe Farebrother
f3ce57840d Filter out some results; for if the overridden method doesn't use self, or the call is last in the initialisation. 2025-06-17 13:57:04 +01:00
Joe Farebrother
ed3cf84efd Update init calls subclass to not use pointto 2025-06-17 13:56:55 +01:00
Joe Farebrother
e04dea10c8 Merge pull request #19554 from joefarebrother/python-qual-iter-not-return-self 
Python: Modernize iter not returning self query
 2025-06-13 13:13:31 +01:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Joe Farebrother
73f2770acb Fix handling for some wrappers + add test case 2025-05-30 11:24:06 +01:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Joe Farebrother
f3a5608b06 Apply review suggestions - remove methodOfClass, fix qhelp typo; additionally add some more doc comments 2025-05-27 13:35:13 +01:00
Sylwia Budzynska
e66659276b Fix formatting 2025-05-27 13:51:03 +02:00
Sylwia Budzynska
8a1c323a98 Change naming to PascalCase 2025-05-27 13:45:40 +02:00
Sylwia Budzynska
55c70a4cae Fix nitpicks 2025-05-27 13:44:21 +02:00
Sylwia Budzynska
84228e0ec8 Add Pandas SQLi sinks 2025-05-27 13:10:39 +02:00
Joe Farebrother
c070d04231 Fix qhelp 2025-05-23 14:31:13 +01:00
Joe Farebrother
e933a27cd9 Add changenote 2025-05-23 14:25:38 +01:00
Joe Farebrother
b15fec0fb9 Fix qhelp and tests 2025-05-23 14:17:21 +01:00
Joe Farebrother
44a678a3f4 remove redundant import 2025-05-23 13:16:13 +01:00
Joe Farebrother
06504f2cb6 Update tests 2025-05-23 13:04:56 +01:00
Joe Farebrother
f27057a747 Update qhelp 2025-05-23 10:56:43 +01:00
Joe Farebrother
7b452a1611 Add case for wrappers 2025-05-22 09:01:15 +01:00
Joe Farebrother
bedd44a287 Update query and add case for iter(self.__next__, None) 2025-05-21 11:02:24 +01:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Taus
579cf4a65a Merge pull request #19424 from github/tausbn/python-extract-hidden-file-by-default 
Python: Extract files in hidden dirs by default
 2025-05-16 14:43:47 +02:00
Taus
9ee3e4cdf3 Python: Update change note 
Co-authored-by: yoff <yoff@github.com>
 2025-05-16 13:50:22 +02:00
Taus
2158eaa34c Python: Fix a bug in glob regex creation 
The previous version was tested on a version of the code where we had
temporarily removed the `glob.strip("/")` bit, and so the bug didn't
trigger then.

We now correctly remember if the glob ends in `/`, and add an extra part
in that case. This way, if the path ends with multiple slashes, they
effectively get consolidated into a single one, which results in the
correct semantics.
 2025-05-15 15:34:11 +00:00
Taus
c8cca126a1 Python: Bump extractor version 2025-05-15 14:59:33 +00:00
Taus
72ae633a64 Python: Update change note and extractor config 
Removes the previously added extractor option and updates the change
note to explain how to use `paths-ignore` to exclude files in hidden
directories.
 2025-05-15 14:58:32 +00:00
Taus
96558b53b8 Python: Update test 
The second test case now sets the `paths-ignore` setting in the config
file in order to skip files in hidden directories.
 2025-05-15 14:53:15 +00:00
Taus
98388be25c Python: Remove special casing of hidden files 
If it is necessary to exclude hidden files, then adding
```
paths-ignore: ['**/.*/**']
```
to the relevant config file is recommended instead.
 2025-05-15 14:49:17 +00:00
Taus
61719cf448 Python: Fix a bug in glob conversion 
If you have a filter like `**/foo/**` set in the `paths-ignore` bit of
your config file, then currently the following happens:

- First, the CodeQL CLI observes that this string ends in `/**` and
  strips off the `**` leaving `**/foo/`
- Then the Python extractor strips off leading and trailing `/`
  characters and proceeds to convert `**/foo` into a regex that is
  matched against files to (potentially) extract.

The trouble with this is that it leaves us unable to distinguish
between, say, a file `foo.py` and a file `foo/bar.py`. In other words,
we have lost the ability to exclude only the _folder_ `foo` and not any
files that happen to start with `foo`.

To fix this, we instead make a note of whether the glob ends in a
forward slash or not, and adjust the regex correspondingly.
 2025-05-15 14:48:06 +00:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00