hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

169 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
5c90becc1c Python: Use TUnknown instead of TUnknownInstance. 2020-03-12 19:21:11 +01:00
Taus Brock-Nannestad
115bbf619d Merge branch 'master' into python-fix-multi-assign-points-to 2020-03-12 18:50:10 +01:00
Taus Brock-Nannestad
4b5a20d21b Merge branch 'master' into python-add-points-to-for-missing-builtin-return-types 2020-03-12 11:31:29 +01:00
Rasmus Wriedt Larsen
ee4190e0d9 Python: Add example if urlsplit(url).path: => missing points-to 
I wanted to highlight that it's not the call to `urlsplit` that is a problem, so
that's why I inserted a `check` in-between.
 2020-02-28 13:43:10 +01:00
Rasmus Wriedt Larsen
8dd19ca6cd Python: Add example of re.compile missing points-to 2020-02-28 13:41:26 +01:00
Taus Brock-Nannestad
10bacfe8fd Python: Use subscriptUnknown instead of instance check. 
Also adds a test for decomposing the unknown value of `a`.
 2020-02-28 13:38:54 +01:00
Taus Brock-Nannestad
5bbf93241b Python: Add test for tuple unpacking with "complicated" value. 2020-02-27 17:34:32 +01:00
Taus Brock-Nannestad
5c3109a324 Python: Fix bug in multi_assignment_points_to. 
This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.
 2020-02-26 16:11:43 +01:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00
Taus Brock-Nannestad
5813209337 Python: Add tests for missing points-to for built-in methods. 2020-02-25 16:25:41 +01:00
Taus Brock-Nannestad
887f85cee2 Python: Add test for missing points-to information 
To ease the rollout of this test, currently we only report missing points-to
information for nodes that either

- appear as an argument in a call to a function named `check`, or
- appear inside a scope where the first line is annotated with a comment ending
  in "check".

The idea behind the second version is that once we have points-to running at a
level where no node inside a scope that _ought_ to have points-to is missing
this information, we can simply remove all uses of `check(...)` from inside this
scope, and annotate the entire scope with `# check`. Once this has been done for
the entire file, we can then remove all the comments and just require
_everything_ to be checked.

Note that I don't expect all nodes to have the need for points-to information.
For instance, there are nodes representing scope entry and exit, and for these
it doesn't make sense to require that they "point-to" anything. Similarly,
`NameNode` appearing in a "store" (i.e. as the left hand side of an assignment)
do not strictly need to have points-to information, although it might be more
intuitive if they did.

Thus, the `relevant_node` predicate will almost certainly need to be extended to
exclude these kinds of nodes.
 2020-02-25 16:07:50 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
2837f987c5 Python: Show how pointsTo handles 0+0 == 0 (2/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
4231bb1bcf Python: Show how pointsTo handles 0+0 == 0 (1/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
96d5703f2c Python: Remove use of deprecated methods 2020-01-22 13:45:14 +01:00
Mark Shannon
f11d0638cf Python: Remove tests for pruning in QL. 2019-08-25 17:00:08 +01:00
Taus
ae2a68b988 Merge pull request #1791 from markshannon/python-revert-tests 
Python: Revert and update tests removed in #1767
 2019-08-22 11:20:24 +02:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
Mark Shannon
523c5b1e1e Python ESSA: Remove unnecessary intermediate class. 2019-08-20 11:41:53 +01:00
Mark Shannon
e34ccae1fc Python ESSA: Move all Essa code to semmle.python.essa folder. 2019-08-20 11:41:46 +01:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Mark Shannon
902871bd48 Python: update tests results after rebase. 2019-08-15 11:37:07 +01:00
Mark Shannon
6c6e35f541 Python: Enhance points-to to support type-hint analysis. 2019-08-15 11:35:14 +01:00
Mark Shannon
96ba9a2dfd Python points-to. Do not track tuples on lhs of assignment or in deletions. 2019-08-12 11:04:28 +01:00
Mark Shannon
cb719a8998 Python points-to: track instances of int, float or str without a specific value, and calls to bool(). 2019-08-08 10:49:58 +01:00
Rebecca Valentine
fc4bb028b7 Merge pull request #1636 from markshannon/python-api-odds-and-ends 
Python: Assorted improvements to API.
 2019-08-07 09:50:44 -07:00
Mark Shannon
63f24dfe18 Python: Add some more utility predicates and classes to the new 'Value' API. 2019-08-02 10:50:51 +01:00
Mark Shannon
ebd5829bfb Python: Treat the result of calling a missing module member as 'unknown'. 2019-08-01 10:37:41 +01:00
Mark Shannon
5496fa41c8 Python: Add a way to easily specify constant values for in new Value API. 2019-07-31 12:41:51 +01:00
Mark Shannon
f69ea7f65e Python: Add redimentary tests for new Value API. 2019-07-26 15:11:48 +01:00
Taus
0258f799df Merge pull request #1591 from markshannon/python-fix-property-setter-handling 
Python: fix property setter handling in points-to.
 2019-07-26 14:01:41 +02:00
Taus
85a0566c43 Merge pull request #1597 from markshannon/python-tracking-special-variable-attributes-through-phis 
Python points-to: Track implicit module attributes through phi-nodes.
 2019-07-25 11:43:16 +02:00
Taus
cca1593ea4 Merge pull request #1598 from markshannon/python-better-parameter-api 
Python: Better API for parameters.
 2019-07-25 11:35:51 +02:00
Mark Shannon
2e8c7a9d20 Python points-to: Support property setters and deleters. 2019-07-25 09:35:56 +01:00
Mark Shannon
9b00177544 Python: Add failing test for analysis of property with .setter. 2019-07-25 09:33:41 +01:00
Mark Shannon
88f9685d40 Merge rc/1.21 into master 2019-07-18 16:40:32 +01:00
Mark Shannon
54a8c64b23 Python points-to: Remove negative recursion when using legacy points-to in legacy points-to extensions. 2019-07-18 14:16:52 +01:00
Mark Shannon
3035178391 Python: Better API for parameters. 2019-07-16 16:50:40 +01:00
Mark Shannon
b4d413cfa8 Python points-to: Track implicit module attributes through phi-nodes. 2019-07-16 15:39:58 +01:00
yh-semmle
a0dc84010a Merge pull request #1518 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-06-28 13:52:18 -04:00
Mark Shannon
8570b4117f Python: Add opaque 'decorated function' for complex decorated functions. Allows finding calls in taint-tracking without contaminating points-to results. 2019-06-28 12:14:10 +01:00
Taus
1b98f248e5 Merge branch 'master' into python-better-handling-calls-on-edge-of-context 2019-06-28 11:27:42 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Taus
76f8da8986 Merge pull request #1484 from markshannon/python-aggressive-pruning 
Python: Use aggressive dead-code elimination when pruning.
 2019-06-25 19:17:44 +02:00
Mark Shannon
6f1399be9b Python: Better handle calls on edge of context. 2019-06-25 16:15:39 +01:00
Mark Shannon
a917019915 Python: Add failing tests for undefined variable as value and nested 'from import *'. 2019-06-24 14:54:25 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Taus
927d72414b Merge pull request #1483 from markshannon/merge-121 
Merge rc/1.21 into master
 2019-06-21 14:11:07 +02:00
Mark Shannon
a5f741e504 Python: Use aggressive dead-code elimination when pruning. 2019-06-21 13:03:36 +01:00