hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 20:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,639 Commits 1,679 Branches 157 Tags
7eb64aa998573eaf18725bb9db61857710abc76e
Commit Graph

842 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
1ae76a80aa Dataflow: Fix qldoc. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
Taus Brock-Nannestad
8752b1af1e Python: Fix up remaining data-flow library copies 2020-11-02 23:02:04 +01:00
Taus Brock-Nannestad
b7773849d7 Python: Fix up some comments 2020-11-02 22:57:40 +01:00
Taus Brock-Nannestad
d8c554ed4f Python: Add redirects to old data-flow libraries 2020-11-02 22:20:16 +01:00
Taus Brock-Nannestad
a5121babc8 Python: The one with changes that don't look like renames anymore 2020-11-02 22:19:15 +01:00
Taus Brock-Nannestad
5156bf756d Python: Promote data-flow libraries 
Step 1: Moving stuff around. Also includes a bit of import renaming.
 2020-11-02 22:15:38 +01:00
yoff
c8bb0509e5 Merge pull request #4563 from tausbn/python-remove-refersto-from-regex-libs 
Python: Remove `refersTo` from `regex.qll`
 2020-10-28 13:37:14 +01:00
Taus Brock-Nannestad
1503c5ea16 Python: Remove refersTo from regex.qll 
This was causing the old `Object` API stuff to be evaluated when using
our new library models (specifically the Django model).
 2020-10-28 12:41:17 +01:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
Taus Brock-Nannestad
6d81ca12c4 Python: Fix bad join order in adjacentUseUseSameVar 2020-10-23 14:08:45 +02:00
Erik Krogh Kristensen
e89e99deaa Merge pull request #4461 from erik-krogh/pyPrint 
Python: implement printAst for Python
 2020-10-22 09:37:10 +02:00
Erik Krogh Kristensen
e18cf08d99 documentation changes based on review 2020-10-21 09:45:16 +02:00
Erik Krogh Kristensen
c1dba2ee9f add a few shouldPrint calls to improve performance 2020-10-21 09:37:53 +02:00
Erik Krogh Kristensen
3306b59a14 Update python/ql/src/semmle/python/PrintAst.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-10-20 23:19:47 +02:00
Erik Krogh Kristensen
d629eea54e aggregate the arguments of a call into a synthetic node 2020-10-15 13:35:19 +02:00
Erik Krogh Kristensen
5770d0256f fixing printing of NameConstants 2020-10-15 13:32:22 +02:00
Erik Krogh Kristensen
2a5dd2c8a3 fix pretty-printing of number literals 2020-10-15 13:04:52 +02:00
Erik Krogh Kristensen
1d4a605517 remove location for synthetic nodes 2020-10-15 12:57:46 +02:00
Erik Krogh Kristensen
9da8c23717 change the order of the children from FunctionDef 2020-10-15 12:57:17 +02:00
Rasmus Wriedt Larsen
c5810d623b Merge pull request #4474 from tausbn/python-fix-tostring-divergence 
Python: Fix divergence in tuple/subscripted type `toString`
 2020-10-15 10:29:33 +02:00
Taus Brock-Nannestad
f8190feef2 Python: Fix divergence in tuple/subscripted type toString 
A slightly more complicated version of the situation in
https://github.com/github/codeql/pull/2507 could cause the `toString`
calculation to diverge. Although the previous PR took tuples nested
inside tuples into account (and subscripted types cannot be nested
inside each other in our modelling), it did not account for having
this nesting be interleaved, and this is what caused the divergence.

I have not done the usual "test case first to show the problem
exists", since this would also diverge and take forever to fail. The
instance observed in `scipy` was likely caused by something akin to

```python
x = ()
while True:
    x = x[(x,)]
```

Finally, to prevent this from happening with other types, I went
through and checked each instance where the string representation of
an `ObjectInternal` might potentially contain a reference to
itself (and thus explode). I encapsulated this in a
`bounded_toString` helper predicate, and used this in all the cases
where I was able to determine that the above _could_ happen.
 2020-10-14 16:13:03 +02:00
Erik Krogh Kristensen
9604705f64 remove pretty printing of bytes (unstable between minor versions) 2020-10-12 22:32:37 +02:00
Erik Krogh Kristensen
9b7c59f4b4 implement printAst for Python 2020-10-12 21:17:46 +02:00
Rasmus Wriedt Larsen
67c5c590d2 Python: Expose getParameter on ParameterNode 2020-10-07 12:28:35 +02:00
Taus Brock-Nannestad
75f4051cb5 Python: Fix hasLocationInfo for packages 2020-10-01 17:21:53 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Rasmus Lerchedahl Petersen
4c02852358 Python: add missing * (and a rename) 2020-09-14 16:56:46 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00
Rasmus Lerchedahl Petersen
50cc5d58e9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-09-10 10:20:55 +02:00
Rasmus Lerchedahl Petersen
7b10a3a546 Python: fix comment and source uses 2020-09-10 08:36:00 +02:00
Rasmus Lerchedahl Petersen
ce7f82ddc6 Python: Add def-use jump-steps 2020-09-09 13:27:14 +02:00
Rasmus Lerchedahl Petersen
c661f43316 Python: Port use-use implementation from Java 2020-09-09 12:19:40 +02:00
Rasmus Lerchedahl Petersen
6c173047e6 Merge branch 'MagicMethods' of github.com:yoff/codeql into MagicMethods 2020-08-26 17:43:27 +02:00
Rasmus Lerchedahl Petersen
47e35c530d Merge branch 'main' of github.com:github/codeql into MagicMethods 2020-08-26 17:42:44 +02:00
Rasmus Lerchedahl Petersen
fae915bbb5 Python: QL doc 2020-08-25 21:02:17 +02:00
yoff
3140b43db2 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-25 10:48:01 +02:00
Rasmus Wriedt Larsen
13148b42d3 Python: Handle taint of f-strings 2020-08-24 17:23:10 +02:00
Rasmus Wriedt Larsen
2f090df6d3 Python: Transform comments to QLDoc for security.strings.Basic 2020-08-24 17:20:04 +02:00
Rasmus Lerchedahl Petersen
e91581e9fa Python: Experiments with nested comprhensions 2020-08-24 17:15:31 +02:00
Rasmus Lerchedahl Petersen
de1c75c279 Python: QL format 2020-08-18 16:34:04 +02:00
Rasmus Lerchedahl Petersen
f8364dc74b Python: QL doc 2020-08-18 15:11:20 +02:00
Rasmus Lerchedahl Petersen
d0eaa13974 Python: Magic -> Special and reaarange classes 2020-08-18 14:14:38 +02:00
yoff
b9bf11adb4 Update python/ql/src/semmle/python/Magic.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-18 12:59:57 +02:00
Rasmus Lerchedahl Petersen
bbf925fcc4 Python: Magic subscript and format 
(this in preparation for addressing reviews)
 2020-08-18 12:56:15 +02:00
Rasmus Lerchedahl Petersen
8eacef3467 Python: Add QL doc 2020-08-17 12:01:36 +02:00