hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9672 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
0ac4a10345 Python: model that finditer returns iterable of re.Match objects 2024-10-09 12:42:38 +02:00
Rasmus Lerchedahl Petersen
494b8bd7e1 python: model string property of resultof finditer 2024-10-09 12:40:47 +02:00
Rasmus Lerchedahl Petersen
073189ed6b python: add test for re.Match objects returned from finditer 2024-10-09 12:32:51 +02:00
yoff
6ffdf576d0 Merge pull request #17708 from yoff/python/ignore-extractor-test-output 
Python: ignore some extractor test output
 2024-10-09 12:31:42 +02:00
yoff
0b0e8a4bf5 Update python/extractor/tests/parser/.gitignore 
As suggested by @tausbn
 2024-10-09 12:22:17 +02:00
Rasmus Lerchedahl Petersen
ad630bc6ff Python: ignore some extractor test output 
If you test the extractor locally, you want to ignore these files.
 2024-10-09 11:34:58 +02:00
yoff
1f1b1b7aab Merge pull request #17653 from yoff/python/typetracking-through-comprehensions 2024-10-08 19:39:21 +02:00
Taus
92bca9c268 Python: Update CORS query tags and change note 
Makes it more clear that the query is experimental.
 2024-10-08 15:44:29 +00:00
Rasmus Lerchedahl Petersen
6f5b949ec8 Python: adjust test expectations 
note that we do retain precision in
`test_dict_from_keyword()`
 2024-10-04 15:30:02 +02:00
Rasmus Lerchedahl Petersen
a4c1a622b7 Merge branch 'main' of https://github.com/github/codeql into python/add-comprehension-capture-flow 2024-10-04 14:53:03 +02:00
yoff
306b087b6e Merge pull request #17566 from yoff/python/dict-can-take-multiple-args 
Python: All dict constructor args are relevant
 2024-10-04 14:30:10 +02:00
Rasmus Lerchedahl Petersen
977767b0d6 Python: comment around dictionary comprehensions 2024-10-04 14:14:30 +02:00
Rasmus Lerchedahl Petersen
201c4aad13 Python: add comment 2024-10-04 14:09:33 +02:00
yoff
c064a9e092 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-04 14:01:18 +02:00
Tom Hvitved
b3b9406e45 Python: Update test 2024-10-04 08:35:32 +02:00
Rasmus Lerchedahl Petersen
777279dc29 Python: MaD test expectations 2024-10-03 13:29:56 +02:00
Rasmus Lerchedahl Petersen
768d866e72 python: model urllib.parse.parse_qs 2024-10-03 12:20:40 +02:00
Rasmus Lerchedahl Petersen
0462809edc Python: add taint test for urllib 2024-10-03 12:20:38 +02:00
Rasmus Lerchedahl Petersen
5c68bad2f1 Python: add comments 2024-10-03 12:17:59 +02:00
yoff
56d0affe38 Update python/ql/lib/semmle/python/frameworks/Stdlib.model.yml 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-03 10:18:25 +02:00
Rasmus Lerchedahl Petersen
6d486f9931 Python: move change note to the right place 2024-10-03 10:15:55 +02:00
Rasmus Lerchedahl Petersen
9e808c17af Python: add change note 2024-10-03 10:09:59 +02:00
Rasmus Lerchedahl Petersen
0dc036abd1 Python: Allow type tracking through comprehensions 
- the subscript operator is extended to comprehensions
- the capture jump-step is extended to work for the functions generated inside comprehensions
 2024-10-03 09:31:02 +02:00
Rasmus Lerchedahl Petersen
315890680c Python: dict only has one positional argument 2024-10-01 16:48:43 +02:00
Rasmus Lerchedahl Petersen
38b1eb7c71 Python: just use ListElementContent for iterables 2024-10-01 16:24:15 +02:00
Rasmus Lerchedahl Petersen
f39dc41903 Python: use imprecise content in cp 
We had accidentally used precise content leadingto blowup
 2024-10-01 13:53:25 +02:00
Rasmus Lerchedahl Petersen
05910de8d1 Python: MaD expectations 2024-10-01 13:21:22 +02:00
Rasmus Lerchedahl Petersen
cef8744a37 Python: consolidate models in one file 2024-10-01 12:56:21 +02:00
yoff
7816f34d75 Merge branch 'main' into stdlib-optparse 2024-10-01 12:48:09 +02:00
Rasmus Lerchedahl Petersen
64890a1a6b Python: valid change note 2024-10-01 12:37:45 +02:00
yoff
2b6aab108d Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll 
Co-authored-by: Taus <tausbn@github.com>
 2024-10-01 12:36:20 +02:00
yoff
2eac11edd6 Update python/ql/lib/change-notes/2024-09-24-std-lib-models.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-01 11:47:42 +02:00
yoff
62509a10c2 Update python/ql/test/library-tests/dataflow/coverage/test_builtins.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-01 11:39:12 +02:00
Rasmus Lerchedahl Petersen
e0a3c8a1c4 Python: add change note 2024-10-01 10:12:39 +02:00
Rasmus Lerchedahl Petersen
bd68986fa4 Python: add test showing dict can take multiple arguments 2024-10-01 10:01:22 +02:00
Rasmus Lerchedahl Petersen
9357762e06 Python: remove superflous code 
This is handled by parameter-argument matching
 2024-10-01 00:03:04 +02:00
github-actions[bot]
e97878ed63 Post-release preparation for codeql-cli-2.19.1 2024-09-30 19:49:00 +00:00
github-actions[bot]
455c8c5953 Release preparation for version 2.19.1 2024-09-30 17:59:48 +00:00
Rasmus Lerchedahl Petersen
dacc0ab8fe Python: docs and a simplification 2024-09-30 16:06:30 +02:00
Rasmus Lerchedahl Petersen
438e664116 Python: add missing qldoc 
More doc is needed, but this should turn the tests green
 2024-09-30 15:43:19 +02:00
Rasmus Lerchedahl Petersen
a22ea6c1c8 Python: use known sanitiser 
- also adjust test expectations in experimental
 2024-09-30 14:22:17 +02:00
Rasmus Lerchedahl Petersen
7392d186bc Python: use yield step also for taint 
Using the comprehension store step meant that all comprehensions would receive taint.
This because comprehension flow now goes via a callable, meaning they share the return node.
 2024-09-30 13:49:01 +02:00
Rasmus Lerchedahl Petersen
fb07a56de6 Python: adjust test expectations 2024-09-30 13:26:59 +02:00
Rasmus Lerchedahl Petersen
ded39749a7 Python: allow comp arg as argumentnode 2024-09-30 13:02:20 +02:00
Rasmus Lerchedahl Petersen
f9f46f0f98 Python: update test expectations 
We now have a new callable, yielding new enclosing callables
 2024-09-30 12:00:38 +02:00
Rasmus Lerchedahl Petersen
3ef05a628f Python: add location to node 2024-09-30 11:56:36 +02:00
Rasmus Lerchedahl Petersen
310819d392 Python: fix dataflow inconsistencies 
- adjust scope of argument, the argument is outside the called function
- add missing post-update nodes for the new arguments
 2024-09-30 10:31:36 +02:00
Rasmus Lerchedahl Petersen
d4ea62edec Python: flow through yield 
- add yield as a dataflow return
- replace comprehension store step
   with a store step to the yield
 2024-09-30 09:01:29 +02:00
Rasmus Lerchedahl Petersen
72530a8312 Python: use synthetic node for comprehension capture argument 
We used to use the CfgNode for the comprehension itself.
In cases where that is also an argument, say
```python
",".join([x for x in l])
```
that would be an argument to two different calls causing a dataflow consistency violation.
 2024-09-27 12:15:03 +02:00
Rasmus Lerchedahl Petersen
294092b671 Python: use comprehension function argument 
For a comprehension `[x for x in l]
- `l` is now a legal argument (in DataFlowPublic)
- `l` is the argument of the comprehension function (in DataFlowDispatch)
- the parameter of the comprehension function is being read rather than `l` (in IterableUnpacking)
Thus the read that used to cross callable boundaries is now split into a arg-param edge and a read from that param.
 2024-09-27 09:44:39 +02:00