hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,659 Commits 1,671 Branches 157 Tags
tausbn/python-add-ast-overlay-annotations
Commit Graph

1284 Commits

Author SHA1 Message Date
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00
Taus
24a29f46be Python: Fix all metrics-related compilation failures 
In hindsight, having a `.getMetrics()` method that just returns `this`
is somewhat weird. It's possible that it predates the existence of the
inline cast, however.
 2025-11-26 21:28:51 +00:00
Taus
cd1619b43e Python: Fix queries and tests 2025-11-26 17:06:55 +00:00
Joe Farebrother
16018e91a2 Minor test fix 2025-11-26 15:47:56 +00:00
Taus
9dc774aaa3 Python: Remove points-to dependency from parts of SSA 
For whatever reason, the CFG node for exceptions and exception groups
was placed with the points-to code. (Probably because a lot of the
predicates depended on points-to.)

However, as it turned out, two of the SSA modules only depended on
non-points-to properties of these nodes, and so it was fairly
straightforward to remove the imports of `LegacyPointsTo` for those
modules.

In the process, I moved the aforementioned CFG node types into
`Flow.qll`, and changed the classes in the `Exceptions` module to the
`...WithPointsTo` form that we introduced elsewhere.
 2025-11-26 12:30:31 +00:00
Taus
e09840426c Python: Get rid of points-to from Definitions.qll 
Turns out the `ImportTime` module (despite living in
`semmle.python.types` does not actually depend on points-to, so some of
the `LegacyPointsTo` imports could be replaced or removed.
 2025-11-26 12:30:31 +00:00
Taus
7176898503 Python: Fix library tests 2025-11-26 12:30:31 +00:00
Taus
f0465f441f Python: Get rid of some get...Object methods 
This frees `Class.qll`, `Exprs.qll`, and `Function.qll` from the
clutches of points-to. For the somewhat complicated setup with
`getLiteralObject` (an abstract method), I opted for a slightly ugly but
workable solution of just defining a predicate on `ImmutableLiteral`
that inlines each predicate body, special-cased to the specific instance
to which it applies.
 2025-11-26 12:30:30 +00:00
Joe Farebrother
eb7fe71557 Fix namespace instances and update tests 2025-11-26 10:51:16 +00:00
Joe Farebrother
83eadbad60 Add namespace models 2025-11-25 16:56:36 +00:00
Joe Farebrother
b0be8184ac Add taint test 2025-11-24 16:54:21 +00:00
Joe Farebrother
a83c70f99d Add tests 2025-11-24 11:03:16 +00:00
Taus
fef08afff9 Python: Remove points-to to from ControlFlowNode 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
 2025-10-30 13:30:04 +00:00
Taus
b9f073e596 Python: Update test output 2025-09-19 15:39:12 +00:00
Napalys Klicius
8393ccf39d Python: Update globalVariableAttrPathAtDepth base case 2025-09-16 18:08:53 +02:00
Napalys Klicius
e60d0c88f1 Python: Add global variable nested field jump steps 2025-09-16 18:08:53 +02:00
Napalys Klicius
9d4b168977 Python: Added extra test for global variable nested attribute reads/writes. 2025-09-16 18:08:53 +02:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Taus
f89fae39c5 Merge pull request #20276 from github/tausbn/python-model-psycopg2-connection-pools 
Python: Add support for Psycopg2 database connection pools
 2025-08-29 13:52:59 +02:00
Taus
1008ca9744 Python: Add psycopg2.pool tests 2025-08-25 14:14:16 +00:00
Napalys Klicius
638f6498f0 Removed lxml.etree.XMLParser from xml bomb sinks 2025-07-15 13:43:00 +02:00
Sylwia Budzynska
55c70a4cae Fix nitpicks 2025-05-27 13:44:21 +02:00
Sylwia Budzynska
84228e0ec8 Add Pandas SQLi sinks 2025-05-27 13:10:39 +02:00
Napalys Klicius
f652686607 Merge pull request #19444 from Napalys/python/hdbcli 
Python: modeling of `hdbcli`
 2025-05-01 17:58:31 +02:00
Napalys Klicius
e1fc0ca051 Added implementation hdbcli as part of PEP249::PEP249ModuleApiNode 2025-05-01 14:18:02 +02:00
Napalys Klicius
0325f368fe Added test case for hdbcli 2025-05-01 13:57:14 +02:00
yoff
531f2a15a4 python: model send_header from http.server 2025-04-30 19:58:14 +02:00
yoff
158430af82 Merge pull request #17765 from yoff/python/test-functional-behaviour 
Python: Add tests for functional-like programming
 2025-02-11 16:28:37 +01:00
Joe Farebrother
d248fbfe57 Merge pull request #18301 from joefarebrother/python-model-missing-builtins 
Python: Add models for builtins `map`, `filter`, `zip`, and `enumerate`.
 2025-01-20 16:39:37 +00:00
Joe Farebrother
2aea356756 Add change note + fix tests 2025-01-15 10:24:18 +00:00
Joe Farebrother
6a6585e415 Add tests for zip and enumerate 2025-01-15 09:57:15 +00:00
Joe Farebrother
460de3f7d5 Reduce generality of map and zip for performance 2025-01-14 09:39:57 +00:00
Joe Farebrother
4e36008ed9 Add tests 2025-01-14 09:39:56 +00:00
Joe Farebrother
a7fb73a2b2 Merge pull request #18185 from joefarebrother/python-lxml 
Python: Model additional flow steps for the lxml framework
 2025-01-10 13:40:16 +00:00
Joe Farebrother
35961e454b Fix tests to check for the correct type 2025-01-07 15:23:07 +00:00
Rasmus Wriedt Larsen
34631a8784 Python: Model FastAPI requests 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2024-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen
79dfbf7b21 Python: Add FastAPI request test 
Co-authored-by: Joe Farebrother <joefarebrother@github.com>
 2024-12-18 15:48:29 +01:00
Joe Farebrother
dcbcf7e2bd Add additional tests demonstrating false negative flow 2024-12-12 15:55:36 +00:00
Michael Nebel
2321ca59f6 Python: Update all test util paths to point to the new location. 2024-12-12 13:54:30 +01:00
Joe Farebrother
2019ddfa7f Qldoc improvements + add a few extra tests 2024-12-11 12:25:40 +00:00
Joe Farebrother
bcb08bbc7b Update test output 2024-12-10 19:24:05 +00:00
Joe Farebrother
29a90235e8 Improve tests and use API graphs 2024-12-10 19:09:45 +00:00
Joe Farebrother
d2ed92d6d0 Added tests 2024-12-10 19:09:20 +00:00
Joe Farebrother
f82fa20249 Update test outputs 2024-12-09 20:37:11 +00:00
Joe Farebrother
ebaab89933 Formatting updates 2024-12-09 19:57:25 +00:00
Joe Farebrother
dd8b7a4a8f Add additional test for safe case in documentation 2024-12-09 19:57:19 +00:00
Joe Farebrother
0f0c1e1609 Test update 2024-12-09 19:56:46 +00:00
Joe Farebrother
cea196ec61 Add concepts tests + some fixes 2024-12-09 19:55:42 +00:00
yoff
81c8a702ff Merge pull request #18112 from github/tausbn/add-api-graph-support-for-parameter-annotations 2024-12-05 15:05:27 +01:00
Jeroen Ketema
c3ea883b11 Python: Update expected test results 2024-12-03 19:18:57 +01:00