hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,917 Commits 1,673 Branches 157 Tags
635bcd4fa2c9577ff37f4fa3eaaf278a893a6381
Commit Graph

3490 Commits

Author SHA1 Message Date
Taus
fd750a3bf0 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 09:59:44 +00:00
Rasmus Wriedt Larsen
71ef98584d Merge pull request #14791 from RasmusWL/python-3.12 
Python: Update `.expected` to support Python 3.12
 2023-11-16 10:42:48 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Rasmus Wriedt Larsen
e02c32f3d4 Python: options file was not enough, split into 2/3 
I reckon this is due to the Python 3 version used by the Python 2 tests
is different from 3.12, so even with --lang=3 the tests are still using
an incompatible version :(
 2023-11-15 14:24:11 +01:00
Rasmus Wriedt Larsen
0f1dc9b2d9 Python: Add missing options file 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
4256fbf11a Python: Accept changes from Python 3.12 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f3dd002ba9 Python: Copy tests to Python 3 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f9e9ae91f7 Python: Move tests that would change under Python 3.12 to lang specific directory 
This moves the tests to Python 2, next we copy them to Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
23419ee634 Python: Update .expected to support Python 3.12 
You might wonder why the number of lines changed, but it's due to `tty`
module receiving its' first update since 2001, so the actual number of
lines DID change :phew:

https://github.com/python/cpython/commits/3.12/Lib/tty.py

Since there is now a difference between Python 2 and Python 3, we need to restrict the lines of code test to only run as Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
5fc8a00487 Python: Rename test function 2023-11-10 15:58:20 +01:00
Rasmus Wriedt Larsen
9b0ad8295e Python: Add test of nested classes 2023-11-08 14:58:40 +01:00
Rasmus Wriedt Larsen
9d5cf0b331 Merge branch 'main' into class-attribute-flow 2023-11-08 14:30:53 +01:00
Rasmus Wriedt Larsen
6d4e000c7c Merge pull request #14590 from RasmusWL/fix-dataflow-class-scope 
Python: Fix dataflow consistency error due to missing class scope
 2023-11-08 14:30:34 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Rasmus Wriedt Larsen
5433907c33 Python: Accept more test changes 
All are for the better 🎉
 2023-11-07 15:49:14 +01:00
Rasmus Wriedt Larsen
5220a8d3f8 Update python/ql/test/experimental/dataflow/validTest.py 
Co-authored-by: Taus <tausbn@github.com>
 2023-11-07 11:30:13 +01:00
Rasmus Wriedt Larsen
9f43108ba8 Python: Fix DataFlowCall.getEnclosingCallable 
Now it is aligned with the implementation of DataFlow::Node

See 4bc4e0845d/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll (L134-L138)
 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
904a8b1ea9 Python: Add consistency tests for class scope 2023-11-07 11:29:23 +01:00
Rasmus Wriedt Larsen
6568332e3d Python: Add basic flow for class attributes 2023-11-07 11:23:42 +01:00
Rasmus Wriedt Larsen
6c50c2bfe6 Python: Highlight missing flow for class attributes 2023-11-07 11:23:42 +01:00
amammad
e8eff78799 fix tests because of error in Frameworks.qll 2023-11-06 19:19:36 +01:00
amammad
315bdc2b48 add tests for new frameworks 2023-11-06 19:13:57 +01:00
Rasmus Wriedt Larsen
43f1d092f1 Python: Misc: show that all tests passed in validTest 2023-11-06 16:04:58 +01:00
Taus
75e6de8311 Python: Add test 2023-11-06 13:50:55 +00:00
Rasmus Wriedt Larsen
92b13c4259 Merge branch 'main' into amammad-python-FileSystemAccess 2023-11-06 11:30:09 +01:00
Rasmus Lerchedahl Petersen
58bf70d61b Python: filter self steps from use-use flow 
Factor out use-use flow in order to do this.
Also improve names and comments.

I also wanted to change the types in `difinitionFlowStep`, but
that broke the module instantiation.
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
613831b2e1 Python: add test for post-update loop flow 2023-11-02 09:31:28 +01:00
yoff
c26c68c286 Merge pull request #14617 from yoff/python/module-for-import-time-flow 
Python: module for import time flow
 2023-11-02 09:28:51 +01:00
Rasmus Lerchedahl Petersen
0b45b63bd2 Python: Update debug query to changed API 
The change is commented out by default
which is why no compilation tests failed
when the API changed.
 2023-11-01 11:39:51 +01:00
Rasmus Lerchedahl Petersen
38b811b050 Python: Separate -> PhaseDependentFlow 2023-10-31 21:50:33 +01:00
Rasmus Lerchedahl Petersen
e745df6478 Python: module for import time flow 
The logic for separating local flow into _import time_
and _runtime_ was duplicated a few times.
Create a module for it instead, and add a good qldoc.
 2023-10-27 15:07:49 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
yoff
867a39083e Merge pull request #14114 from yoff/python/allow-namespace-packages 
Python: Allow namespace packages
 2023-10-26 16:56:05 +02:00
Max Schaefer
3939167ba2 Include more details in the message for py/weak-cryptographic-algorithm. 
Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.
 2023-10-26 11:28:09 +01:00
amammad
1fe565a46f cherrypy framework file system access Sinks are added 2023-10-21 19:47:30 +02:00
Rasmus Wriedt Larsen
80506f1028 Python: Accept .expected changes 2023-10-17 10:11:39 +02:00
Rasmus Wriedt Larsen
2bf4c32433 Python: Add syntactic support for yield in contextlib.contextmanager 2023-10-17 09:51:20 +02:00
Rasmus Wriedt Larsen
2399793c8a Python: Expand contextmanager test even more 2023-10-17 09:41:30 +02:00
Rasmus Wriedt Larsen
883bd9f3b3 Python: Add test for type-tracking with yield 2023-10-16 12:09:07 +02:00
Rasmus Lerchedahl Petersen
a4117538ab Python: update test expectations 
This update looks different locally for me,
so this is slightly sketchy..
 2023-10-11 16:31:56 +02:00
Rasmus Wriedt Larsen
68d00a829e Merge pull request #14430 from RasmusWL/api-graph-import-star 
Python: Better allow `import *` to work with API graphs
 2023-10-11 10:03:46 +02:00
Rasmus Wriedt Larsen
72d0dcdaba Python: Workaround for module level items from import * not being LocalSourceNodes 2023-10-10 17:45:11 +02:00
Rasmus Wriedt Larsen
6521e5165c Python: Extend import * with plain use 
(no calls or anything)
 2023-10-10 17:45:11 +02:00
yoff
f1266a3e81 Merge pull request #14417 from github/tausbn/python-add-flow-for-assignment-expressions 2023-10-10 17:09:20 +02:00
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
Taus
8e1bb4b364 Python: Accept moved consistency test results 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-10 09:22:36 +00:00
Taus
e8ac258994 Python: Add missing flow for AssignmentExpr nodes 
Also extend the tests surrounding this construct to be a bit more comprehensive.

Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-10-09 14:16:03 +00:00
Erik Krogh Kristensen
625e889c62 Merge pull request #14339 from erik-krogh/range-printing 
JS/PY/RB/Java: escape unicode chars in overly-large-range
 2023-10-09 14:22:38 +02:00