hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,611 Commits 1,670 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

84611 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
a35fba1e36 Python: Add change note 2025-12-04 22:14:15 +00:00
Taus
98279f7c75 Python: Add stats 
Not actually based on any measurements, just the usual 100/1000 stuff.
 2025-12-04 21:49:19 +00:00
Taus
44bf762817 Python: Add up-/downgrade scripts for template literals 
We do the usual thing. Downgrade scripts remove the relevant relations;
upgrade scripts do nothing.
 2025-12-04 21:49:18 +00:00
Taus
f709d02464 Python: Bump extractor version 2025-12-04 16:43:05 +00:00
Taus
89f66d77e5 Python: Add AST node wrappers 2025-12-04 16:43:05 +00:00
Taus
68733a83e9 Python: Regenerate AST and dbscheme files 2025-12-04 16:43:05 +00:00
Taus
48cd54165a Python: Support template strings in rest of extractor 
Adds three new AST nodes to the mix:

- `TemplateString` represents a t-string in Python 3.14
- `TemplateStringPart` represents one of the string constituents of a
t-string. (The interpolated expressions are represented as `Expr` nodes,
just like f-strings.)
- `JoinedTemplateString` represents an implicit concatenation of
template strings.

Importantly, we _completely avoid_ the complicated construction we
currently do for format strings (as well as the confusing nomenclature).
No extra injection of empty strings (so that a template string is a
strict alternation of strings and expressions). A `JoinedTemplateString`
simply has a list of template string children, and a `TemplateString`
has a list of "values" which may be either `Expr` or
`TemplateStringPart` nodes.

If we ever find that we actually want the more complicated interface for
these strings, then I would much rather we reconstruct this inside of QL
rather than in the parser.
 2025-12-04 16:42:43 +00:00
Taus
5928d0ff12 Python: Regenerate parser files 2025-12-04 16:31:17 +00:00
Taus
287e18d02c Python: Add parser support for template strings 
- Extends the scanner with a new token kind representing the start of a
template string. This is used to distinguish template strings from
regular strings (because only a template string will start with a
`_template_string_start` external token).

- Cleans up the logic surrounding interpolations (and the method names)
so that format strings and template strings behave the same in this
case.

Finally, we add two new node types in the tree-sitter grammar:

- `template_string` behaves like format strings, but is a distinct type
(mainly so that an implicit concatenation between template strings and
regular strings becomes a syntax error).
- `concatenated_template_string` is the counterpart of
`concatenated_string`.

However, internally, the string parts of a template strings are just the
same `string_content` nodes that are used in regular format strings. We
will disambiguate these inside `tsg-python`.
 2025-12-04 16:31:16 +00:00
Tom Hvitved
8b89e15dfa Merge pull request #20863 from hvitved/rust/call-refactor 
Rust: Restructure classes representing calls
 2025-12-04 17:02:17 +01:00
Owen Mansel-Chan
5c8ab1f6d1 Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer 
Java: improve regex sanitizer for `java/ssrf`
 2025-12-04 15:32:12 +00:00
Michael Nebel
cdd8aa49e1 Merge pull request #20933 from michaelnebel/csharp/runtraceraftercompilation 
C#: Invoke the extractor after the compiler to ensure that source generators have been executed.
 2025-12-04 13:41:38 +01:00
Tom Hvitved
bc6d38ebb4 Address review comments 2025-12-04 10:38:47 +01:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
Michael Nebel
e74031bee4 Merge pull request #20936 from michaelnebel/csharp/nocrashdotnetinfo 
C#: Retry logic for `dotnet --info` when it fails with exit code 143.
 2025-12-04 09:13:12 +01:00
Tom Hvitved
38a572dfa0 Rust: Run codegen 2025-12-03 20:47:05 +01:00
Tom Hvitved
a707527022 Address review comments in annotations.py 2025-12-03 20:46:30 +01:00
Geoffrey White
2665d8395a Merge pull request #20939 from geoffw0/saltmodel 
Rust: Add heuristic sinks for passwords, initialization vectors etc
 2025-12-03 18:01:48 +00:00
Tom Hvitved
ca9d327280 Merge pull request #20915 from hvitved/content-flow-ap-limit 
Shared: Improvements to content-sensitive model generation
 2025-12-03 15:54:57 +01:00
Michael Nebel
a903420122 C#: Add change note. 2025-12-03 15:49:37 +01:00
Michael Nebel
0d08f24a2d C#: Invoke the extractor after the compiler to ensure that source generators have been executed. 2025-12-03 15:49:35 +01:00
yoff
7fd4755e93 Merge pull request #20919 from yoff/python/header-splitting-experiments 
Python: detecting header splitting in synthetic app
 2025-12-03 15:48:54 +01:00
Tom Hvitved
3ba256a72a C#/Java: Go back to access path limit 2 2025-12-03 15:05:02 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
Anders Schack-Mulligen
4191b18410 Dataflow: Add flowFrom predicates to mirror flowTo. 2025-12-03 13:46:44 +01:00
Michael Nebel
c1793ab529 C#: Code quality improvement. 2025-12-03 11:48:32 +01:00
Paolo Tranquilli
5784a216a2 Merge pull request #20810 from github/redsun82/update-bazel 
Bazel: update to 8.4.2
 2025-12-03 11:45:38 +01:00
Geoffrey White
3028e5dac0 Rust: CallExpr -> Call. 2025-12-02 17:31:35 +00:00
Owen Mansel-Chan
e710c150de Add change note 2025-12-02 17:12:05 +00:00
Owen Mansel-Chan
a85d0ea8a3 Make tests pass 2025-12-02 17:08:16 +00:00
Owen Mansel-Chan
8fd8fc07b7 Add failing tests for more regex match methods 2025-12-02 17:06:34 +00:00
Owen Mansel-Chan
566aa8f201 Refactor regex sanitizer 
Move it to Sanitizers.qll and rename it to be more general (mostly
following Go).
 2025-12-02 16:04:39 +00:00
Michael Nebel
3197b50da7 C#: Address review comments. 2025-12-02 16:16:29 +01:00
Michael Nebel
1d9b88de8b C#: Comment back in the .NET 10 tests. 2025-12-02 14:59:45 +01:00
Michael Nebel
4a6ae216a4 C#: Gracefully handle non-zero exitcodes for dotnet --info. 2025-12-02 14:42:00 +01:00
Owen Mansel-Chan
e52f819df0 Merge pull request #20949 from owen-mc/go/reinstate-dummy-test 
Go: Reinstate dummy test so consistency tests are run
 2025-12-02 12:55:36 +00:00
Owen Mansel-Chan
e9cb183670 Revert "Delete dummy.ql for now" 
This reverts commit 38cb6e5a00.
 2025-12-02 11:41:39 +00:00
Owen Mansel-Chan
848677e580 Merge pull request #20917 from owen-mc/go/enable-data-flow-consistency-checks 
Go: enable data flow consistency checks
 2025-12-02 10:52:47 +00:00
Tom Hvitved
7378fbc567 Rust: Restructure classes representing calls 2025-12-02 10:08:04 +01:00
Tom Hvitved
666855dbd7 Shared: Improvements to content-sensitive model generation 2025-12-01 21:23:14 +01:00
Tom Hvitved
3e5ea5664c Rust: Add DB downgrade script 2025-12-01 20:59:31 +01:00
Tom Hvitved
b350a000e3 Rust: Add DB upgrade script 2025-12-01 20:59:30 +01:00
Tom Hvitved
a2782a12f2 Rust: Run codegen 2025-12-01 20:59:28 +01:00
Tom Hvitved
b40353f88f Rust: Remove CallExprBase and elaborate QL doc 2025-12-01 20:59:26 +01:00
Tom Hvitved
464d2cd5fc Merge pull request #20891 from hvitved/rust/data-flow-implicit-deref-borrow 
Rust: Improve handling of implicit derefs/borrows in data flow
 2025-12-01 19:03:55 +01:00
Florin Coada
d41a2d475b Merge pull request #20927 from github/changedocs/2.23.6 
Add changelog entry for CodeQL CLI version 2.23.6
 2025-12-01 13:55:33 +00:00
Simon Friis Vindum
87d6a60814 Merge pull request #20924 from paldepind/rust/struct-field-tostring 
Rust: Implement `toString` for struct fields and visibility
 2025-12-01 14:52:23 +01:00
Geoffrey White
c64f19f6eb Rust: Change note. 2025-12-01 12:39:19 +00:00
Geoffrey White
450403883b Rust: Add test cases for a small number of FPs we see. 2025-12-01 12:39:18 +00:00