hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,528 Commits 1,671 Branches 157 Tags
86c5d9f1cd9686d55d81c7b4b48ea2d06ffcec72
Commit Graph

9157 Commits

Author SHA1 Message Date
Chris Smowton
a1ba584b20 Autoformat 2025-02-20 19:31:00 +00:00
Chris Smowton
4567e02b8c Regularise extractor pack licenses to all cite the MIT license that covers the whole CodeQL repository 2025-02-20 18:55:55 +00:00
Paolo Tranquilli
530bfccb7c Merge branch 'main' into redsun82/update-py-deps 2025-02-18 10:03:29 +01:00
Paolo Tranquilli
38efd4a8a2 Python: downgrade tree-sitter back to 0.20.4 2025-02-18 10:03:18 +01:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Paolo Tranquilli
342bff6125 Python: undo tree-sitter update 2025-02-17 15:52:45 +01:00
Paolo Tranquilli
91b3d108bb Python: upgrade cargo dependencies 
This required some code changes because of some breaking changes in
`clap` and `tree-sitter`.

Also needed to assign a new bazel repo name to the `crates_vendor` to
avoid name conflicts in `MODULE.bazel`.
 2025-02-17 10:56:36 +01:00
Joe Farebrother
180e45d66a Merge pull request #18599 from joefarebrother/python-qual-not-named-self-cls 
Python: Modernize py/not-named-self and py/not-named-cls queries
 2025-02-17 08:58:34 +00:00
Joe Farebrother
f46a2a1773 Exclude some decorators 2025-02-12 09:40:45 +00:00
yoff
158430af82 Merge pull request #17765 from yoff/python/test-functional-behaviour 
Python: Add tests for functional-like programming
 2025-02-11 16:28:37 +01:00
Asger F
eedfa4dbb2 Merge pull request #18341 from asgerf/py/diff-informed 
Python: enable diff-informed data flow queries
 2025-02-11 13:15:44 +01:00
Joe Farebrother
61d5a692fb Refactor metaclass logic a bit, ensure lambdas are excluded 2025-02-07 21:46:30 +00:00
Paolo Tranquilli
cc939e64fd Python: fix bazel rule 2025-02-07 14:42:26 +01:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Taus
7124e80f28 Python: Regenerate parser files 2025-02-06 14:05:40 +00:00
Taus
c5be2a3e2d Python: Allow comments in subscripts 
Once again, the interaction between anchors and extras (specifically
comments) was causing trouble.

The root of the problem was the fact that in `a[b]`, we put `b` in the
`index` field of the subscript node, whereas in `a[b,c]`, we
additionally synthesize a `Tuple` node for `b,c` (which matches the
Python AST).

To fix this, we refactored the grammar slightly so as to make that tuple
explicit, such that a subscript node either contains a single expression
or the newly added tuple node. This greatly simplifies the logic.
 2025-02-06 14:04:57 +00:00
yoff
40851aeaef Merge pull request #18687 from github/tausbn/python-print-file-path-on-context-error 
Python: Print file path when logging context errors
 2025-02-06 15:01:06 +01:00
Asger F
d3b9d1d89d JS: Partial SSRF does not select the sink location 2025-02-06 11:30:32 +01:00
Asger F
7d6abb4e0a JS: Disable diff-informedness for full SSRF 
Partial SSRF uses its result in a way that prevents diff-informedness
 2025-02-06 11:30:18 +01:00
Asger F
d3ee658399 Python: resolve remaining TODOs 2025-02-06 10:27:56 +01:00
Asger F
975ce064fc Python: implement for polynomial redos 2025-02-06 10:27:45 +01:00
Asger F
15c2ccb880 Python: ignore experimental for now 2025-02-06 10:27:43 +01:00
Asger F
9dfd1cc608 Python: Fixup broken patch 2025-02-06 10:27:21 +01:00
Asger F
e4a1847dad Python: mass enable diff-informed data flow 2025-02-06 10:27:19 +01:00
Taus
60d97e0e16 Python: Print file path when logging context errors 
This makes it _much_ easier to find the offending bit of syntax.
 2025-02-05 13:13:39 +00:00
Remco Vermeulen
9894e9ef9f Add CCR suites 2025-02-05 01:58:34 +00:00
Joe Farebrother
287cf0121d Fix docs 2025-02-04 15:28:13 +00:00
Joe Farebrother
3802a73f47 Update docs 2025-02-04 14:46:02 +00:00
Joe Farebrother
e8adef18a3 Update to inline expectations + fixes 2025-02-04 14:45:59 +00:00
Joe Farebrother
aa2c84ea36 Move tests to separate folder 2025-02-04 14:45:56 +00:00
Joe Farebrother
0bf8d4ec4b Exclude 'methods' used in initialisation, and allow self for metaclass methods 2025-02-04 14:45:52 +00:00
Joe Farebrother
fa76bf3c9f Fix formatting and rewrite redundant exists 2025-02-04 14:45:48 +00:00
Joe Farebrother
526e235fc1 Update NonSelf and NonCls queries 2025-02-04 14:45:44 +00:00
github-actions[bot]
f1b05a79a4 Post-release preparation for codeql-cli-2.20.4 2025-02-04 09:25:09 +00:00
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
erik-krogh
a1afa20d4b add change-notes 2025-01-27 22:43:13 +01:00
erik-krogh
90b403b40b py: delete the remainder of the deprecated TypeTracker libary 2025-01-27 22:17:18 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
github-actions[bot]
fbb7f0a0c6 Post-release preparation for codeql-cli-2.20.2 2025-01-20 21:11:14 +00:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Joe Farebrother
d248fbfe57 Merge pull request #18301 from joefarebrother/python-model-missing-builtins 
Python: Add models for builtins `map`, `filter`, `zip`, and `enumerate`.
 2025-01-20 16:39:37 +00:00
Paolo Tranquilli
4ab5650979 Python: add some more FP tests around match 2025-01-17 11:01:00 +01:00
Geoffrey White
90faab456d Merge pull request #18473 from geoffw0/sensitive2 
Improve shared sensitive data library handling of snake_case variable names
 2025-01-15 18:02:33 +00:00
Joe Farebrother
344dd2dab5 Qldoc fix 2025-01-15 10:26:37 +00:00
Joe Farebrother
2aea356756 Add change note + fix tests 2025-01-15 10:24:18 +00:00
Joe Farebrother
6a6585e415 Add tests for zip and enumerate 2025-01-15 09:57:15 +00:00
Joe Farebrother
460de3f7d5 Reduce generality of map and zip for performance 2025-01-14 09:39:57 +00:00