hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,611 Commits 1,741 Branches 165 Tags
43567664bf17da5f93e04dd3d0a1099810602f4a
Commit Graph

9203 Commits

Author SHA1 Message Date
Joe Farebrother
43567664bf Merge pull request #18845 from joefarebrother/python-qual-file-not-closed 
Python: Modernize File Not Always Closed query
 2025-03-28 14:47:38 +00:00
Joe Farebrother
2fd9b16736 Attempt performance improvement for fileLocalFlow 2025-03-27 15:45:38 +00:00
Arthur Baars
9dd7b20db7 Merge pull request #18960 from github/aibaars/rust-tainted-path 
Rust: TaintedPath query
 2025-03-27 10:37:36 +01:00
Tamas Vajk
34e8318797 Rename the CCR query suite to code-quality 2025-03-27 08:36:53 +01:00
Joe Farebrother
d23c3b8a74 Revert manual magic 
This appeared to cause timeouts on DCA.
 2025-03-26 09:23:49 +00:00
Joe Farebrother
0fa70db4c2 Review suggestions - update comment and introduce manual magic to filelocalflow 2025-03-25 08:55:55 +00:00
Joe Farebrother
a46c157e46 Add quality tag + tweak description 2025-03-21 09:24:54 +00:00
Joe Farebrother
bdbdcf8bd8 Clean up charpred of WithStatement + fix a comment 2025-03-20 14:28:57 +00:00
Joe Farebrother
3707f107bf Fix tests + add more tests 2025-03-20 11:35:38 +00:00
Joe Farebrother
2c74ddb853 Add django FileRsponse as a wrapper 2025-03-20 11:35:29 +00:00
Joe Farebrother
b2acfbcf87 Simplify handling of wrapper classes and exception flow + improve qldoc and annotate tests. 2025-03-20 11:35:18 +00:00
Joe Farebrother
f8a0b1c5f9 Update docs, precision, and deprecate old library 2025-03-20 11:35:12 +00:00
Joe Farebrother
f750e22d91 Add case for exception flow 2025-03-20 11:35:01 +00:00
Joe Farebrother
c8fc56560d Check for wrapper classes 2025-03-20 11:34:51 +00:00
Joe Farebrother
ecb3050780 Update tests 2025-03-20 11:34:42 +00:00
Joe Farebrother
09694c448d Rewrite file not closed simple case using dataflow 2025-03-20 11:34:33 +00:00
Arthur Baars
d3e28772ae Rust/Python improve qldoc of SafeAccessCheck 2025-03-20 11:16:45 +01:00
Chris Smowton
9a2a13ed55 Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc317-into-main 2025-03-19 16:01:29 +00:00
github-actions[bot]
51cdeefafb Post-release preparation for codeql-cli-2.20.7 2025-03-17 13:00:41 +00:00
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
Taus
3d643c02be Merge pull request #18921 from github/tausbn/python-fix-unused-global-variable-in-forward-annotation-fp 
Python: Add support for forward references in unused var query
 2025-03-13 16:37:25 +01:00
Taus
f30ebf1571 Merge pull request #18871 from github/tausbn/python-modernise-special-method-signature-query 
Python: Move min/maxParameter methods to `Function` class
 2025-03-13 13:03:21 +01:00
yoff
10a9b78bc5 Merge pull request #18738 from github/tausbn/python-fix-match-pruning-logic 
Python: Don't prune any `MatchLiteralPattern`s
 2025-03-12 20:01:26 +01:00
yoff
a5101bdae6 Merge pull request #18855 from Kwstubbs/ssrf_documentation 
Python: Add more documentation in regards to SSRF
 2025-03-12 15:27:01 +01:00
Taus
6546bb1b1d Merge branch 'main' into tausbn/python-fix-match-pruning-logic 2025-03-06 14:37:58 +01:00
Taus
a9ab39da1b Merge pull request #18448 from github/tausbn/python-add-type-annotation-metrics-query 
Python: Add metrics query for type annotations
 2025-03-06 13:52:26 +01:00
Joe Farebrother
2692b8fa9f Merge pull request #18936 from joefarebrother/python-add-not-named-self-cls-ccr 
Python: Include `py/not-named-self` and `py/not-named-cls` in the CCR suite
 2025-03-06 09:51:14 +00:00
Joe Farebrother
a06de21f45 Python: Include py/not-named-self and py/not-named-cls in the CCR suite. 2025-03-05 15:13:20 +00:00
Taus
bf3d9ee6a9 Python: Address review comments 2025-03-04 22:30:55 +00:00
Taus
f246ef764a Python: Update change note 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-03-04 18:09:54 +01:00
Taus
50a01b1244 Python: Remove superfluous reference to FunctionExpr 
This way we also get annotations that appear in `Lambda`s
 2025-03-04 15:53:34 +00:00
Taus
5d3b40d514 Python: Add change note 2025-03-04 14:47:03 +00:00
Taus
88615f427b Python: Add support for forward declarations in unused var query 
Fixes the false positive reported in
https://github.com/github/codeql/issues/18910

Adds a new `Annotation` class (subclass of `Expr`) which encompasses all
possible kinds of annotations in Python.

Using this, we look for string literals which are part of an annotation,
and which have the same content as the name of a (potentially) unused
global variable, and in that case we do not produce an alert.

In future, we may want to support inspecting such string literals more
deeply (e.g. to support stuff like "list[unused_var]"), but I think for
now this level of support is sufficient.
 2025-03-04 14:41:45 +00:00
Taus
301ebcb12b Python: Extend test cases for "unused global var" query 
Adds two test cases having to do with type annotations. The first one
demonstrates that type annotations (even if they are never executed by
the Python interpreter) count as uses for the purposes of the unused
variable query. The second one demonstrates that this is _not_ the case
if all such uses are inside strings (i.e. forward declarations), as we
do not currently inspect the content of these strings.
 2025-03-04 13:52:31 +00:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Taus
83cdcdbb0b Python: Add change note 2025-02-26 13:53:49 +00:00
Taus
3956a1fea8 Python: Move min/maxParameter methods to Function 
These seem generally useful outside of points-to, and so it might be
better to add them to the `Function` class instead.

I took the liberty of renaming these to say `Arguments` rather than
`Parameters`, as this is more in line with the nomenclature that we're
using elsewhere. (The internal points-to methods retain the old names.)

I'm somewhat ambivalent about the behaviour of `getMaxParameters` on
functions with `*varargs`. The hard-coded `INT_MAX` return value is
somewhat awkward, but the alternative (to only have the predicate
defined when a specific maximum exists) seems like it would potentially
cause a lot of headaches.
 2025-02-26 13:51:12 +00:00
Paolo Tranquilli
1bcc6ddb32 Rust/Ruby/Python: apply clippy lints 2025-02-25 13:21:28 +01:00
Paolo Tranquilli
6089a75262 Rust/Ruby/Python: format code 2025-02-25 13:19:03 +01:00
Paolo Tranquilli
e8799e346d Rust/Python: fix edition-related errors 2025-02-25 13:16:58 +01:00
Paolo Tranquilli
eff87d24fa Rust/Ruby/Python: update rustc and edition 2025-02-25 13:15:19 +01:00
Kevin Stubbings
04476ca5f4 Add more choices to SSRF remediation 2025-02-25 00:16:48 -08:00
Chris Smowton
a1ba584b20 Autoformat 2025-02-20 19:31:00 +00:00
Chris Smowton
4567e02b8c Regularise extractor pack licenses to all cite the MIT license that covers the whole CodeQL repository 2025-02-20 18:55:55 +00:00
Paolo Tranquilli
530bfccb7c Merge branch 'main' into redsun82/update-py-deps 2025-02-18 10:03:29 +01:00
Paolo Tranquilli
38efd4a8a2 Python: downgrade tree-sitter back to 0.20.4 2025-02-18 10:03:18 +01:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Paolo Tranquilli
342bff6125 Python: undo tree-sitter update 2025-02-17 15:52:45 +01:00