hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,833 Commits 1,672 Branches 157 Tags
3ea39a25536e750dd7601f55850dc3137e43f12c
Commit Graph

8300 Commits

Author SHA1 Message Date
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
yoff
e6e6a4e9c8 Merge pull request #15841 from RasmusWL/missing-use-use2 
Python: Add example of missing use-use flow
 2024-03-11 13:59:57 +01:00
yoff
adbcbefaa9 Merge pull request #15551 from yoff/python/avoid-duplicate-model-inclusions 
python: Remove `TaintStepFromSummary`
 2024-03-11 13:52:20 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Rasmus Wriedt Larsen
4ac8dd72a7 Merge pull request #15855 from yoff/python/add-MaD-test-tuple-output 
Python: Add test for `ReturnValue.TupleElement[n]`
 2024-03-11 12:05:31 +01:00
Rasmus Wriedt Larsen
42acd9c22c Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step 
Python: Add `.copy()` method call as copy step
 2024-03-11 09:43:34 +01:00
Rasmus Lerchedahl Petersen
3601773856 python: support encoding lower bound 2024-03-08 14:59:28 +01:00
Rasmus Lerchedahl Petersen
6d8d106d91 Python: add test for ReturnValue.TupleElement[n] 2024-03-08 11:18:51 +01:00
Taus
5202792163 Merge pull request #15754 from github/tausbn/python-copy-extractor-to-external-repo 
Python: Copy Python extractor to `codeql` repo
 2024-03-07 15:15:28 +01:00
Taus
4b0689b6ba Python: Add warnOnImplicitThis: true to qlpack.yml 2024-03-07 13:59:16 +00:00
Taus
6dec323cfc Python: Copy Python extractor to codeql repo 2024-03-07 13:59:16 +00:00
Rasmus Wriedt Larsen
4dd8f6e618 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-07 14:25:55 +01:00
yoff
00e77a3ddb Merge pull request #15720 from RasmusWL/nosql-precision 
Python: Add precision to NoSQL query
 2024-03-04 14:44:46 +01:00
yoff
569bb991d4 Merge pull request #15775 from RasmusWL/scope-consistency 
Python: Add consistency check for `PhaseDependentFlow`
 2024-03-04 14:43:13 +01:00
Rasmus Wriedt Larsen
fbf6727809 Python: Add change-note 2024-03-04 11:46:38 +01:00
Rasmus Wriedt Larsen
16cb6c2044 Python: Fix validTest expectations 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:41:47 +01:00
Rasmus Wriedt Larsen
85a45b0155 Python: Fix comment 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-04 11:40:17 +01:00
Rasmus Wriedt Larsen
d99a763ef7 Python: add change-note 2024-03-01 15:24:33 +01:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Rasmus Wriedt Larsen
30b7fadbb8 Python: Add test 2024-03-01 15:19:56 +01:00
Rasmus Wriedt Larsen
d182eae868 Python: Add consistency check for PhaseDependentFlow 
This would have found the problem in
https://github.com/github/codeql/pull/15755.

As highlighted in the comment in the code, it's not a perfect solution
since we don't have an automatic way to ensure we don't introduce a new
PhaseDependentFlow use with a new step relation and forget to add it to
this consistency check... but I think this consistency check still adds
value!
 2024-03-01 10:01:08 +01:00
Rasmus Wriedt Larsen
8079788a5f Python: Add change-note 2024-02-28 16:44:25 +01:00
Rasmus Wriedt Larsen
cdf4dd16f0 Python: Fix module level flow for iterable unpacking 
(and for * patterns in match)

Since `PhaseDependentFlow` uses the following predicate, that relies on
.getScope() to be present for there to be any importTimeFlow (flow at
toplevel scope), it's important that data-flow nodes implement `.getScope`.

```
private predicate isTopLevel(Node node) { node.getScope() instanceof Module }
```

By implementing getScope, we can now rely on default implementation of
`getEnclosingCallable` in DataFlow::Node:

```
  /** Gets the enclosing callable of this node. */
  DataFlowCallable getEnclosingCallable() { result = getCallableScope(this.getScope()) }
```
 2024-02-28 16:39:08 +01:00
Rasmus Wriedt Larsen
e4699e092d Python: Add test for iterable unpacking on module level 
Currently doesn't work :O
 2024-02-28 16:10:29 +01:00
Rasmus Wriedt Larsen
1cfac50749 Python: Add precision to NoSQL query 
Due to this, it was not part of any query suite :O
 2024-02-26 11:23:43 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Taus
f1392712ee Python: Add .copy() as a copy step 2024-02-22 13:09:27 +00:00
Taus
5125973f9b Python: Add test case for .copy() as a copy step 2024-02-22 13:01:03 +00:00
Chris Smowton
f2e04c0cb2 Merge pull request #15672 from github/post-release-prep/codeql-cli-2.16.3 
Post-release preparation for codeql-cli-2.16.3
 2024-02-20 21:59:55 +00:00
yoff
d3ee5f65db Merge pull request #15550 from yoff/python/remove-pointsto-from-module-getAnExport 
python: remove a use of points-to
 2024-02-20 19:04:46 +01:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Rasmus Lerchedahl Petersen
22e72d2fed python: Move the rewrite out to Scope.qll 2024-02-20 10:39:29 +01:00
Rasmus Lerchedahl Petersen
de727bf1b5 Revert "python: remove a use of points-to" 
This reverts commit 5cb71ce7e5.
 2024-02-20 10:23:31 +01:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Rasmus Wriedt Larsen
eb401a205d Python: Fix test exclusion for stdlib Python 3.12 2024-02-14 16:53:19 +01:00
Rasmus Wriedt Larsen
59014787a1 Python: Fix DataflowQueryTest 
You're only allowed to have `result=OK` if there is a sink on that line...
 2024-02-14 15:44:40 +01:00
Rasmus Wriedt Larsen
cd596f5d05 Python: Reformat test-file 
All those newlines are not good for inline expectations
 2024-02-14 15:44:06 +01:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
69c8ef9898 Python: Use dataflow instead of taint-tracking 2024-02-14 14:52:37 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
d8fd457310 Python: Use helper predicate 
Since the helper predicate had nice qldocs
 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
e7772f1062 Python: Use Unit class 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
ad39b8c68b Python: Accept .expected changes 2024-02-14 14:46:33 +01:00
Rasmus Wriedt Larsen
9399258e3b Merge branch 'main' into amammad-python-bombs 2024-02-14 13:37:59 +01:00
Cornelius Riemenschneider
e08946ec8d Merge pull request #15586 from github/criemen/bazel-python-language-pack 
Python: Update BUILD.bazel files.
 2024-02-13 10:19:12 +01:00
Cornelius Riemenschneider
27ebebc24b Python: Update BUILD.bazel files. 
This allows us to (later) build the whole python language pack with
bazel.
 2024-02-12 17:10:35 +01:00
Rasmus Wriedt Larsen
cbb9a64bbb Merge pull request #15457 from RasmusWL/psycopg 
Python: Model the `psycopg` package
 2024-02-12 15:59:16 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00