hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 09:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,879 Commits 1,785 Branches 169 Tags
923fe2dcb9b850ca7800ae1be5511ffe14ca6ac0
Commit Graph

934 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
7eb4419342 Python: Restrict type-tracking content to only be precise 
At least for now :)
 2024-03-15 10:24:57 +01:00
Rasmus Wriedt Larsen
7a3ee0f5f8 Python: Make IterableSequenceNode LocalSourceNode 
We do this to remove the inconsistencies, and to be ready for a future
where type-tracking support content tracker of depth > 1.

It works because targets of loadSteps needs to be LocalSourceNodes

predicate loadStep(Node nodeFrom, LocalSourceNode nodeTo, Content content) {
 2024-03-14 10:46:29 +01:00
Rasmus Wriedt Larsen
af8cef5b53 Python: Fixup deprecated type-tracker API 2024-03-14 10:43:28 +01:00
Rasmus Wriedt Larsen
92729dbbd6 Python: Support iterable unpacking in type-tracking 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
dac2b57bb0 Python: type-track through dict-updates 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
73fe596753 Python: type-tracking through dictionary construction 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
ece8245a4b Python: type-track through tuple content 2024-03-14 10:42:38 +01:00
Rasmus Wriedt Larsen
7721fb3331 Python: Setup shared read/store steps 2024-03-14 10:42:37 +01:00
Rasmus Wriedt Larsen
636cf611ae Python: Allow general content in type-tracker 
This should not result in many changes, since store/load steps are still
only implemented for attributes.
 2024-03-14 10:42:37 +01:00
Rasmus Wriedt Larsen
fc8caa66c8 Python: Prepare for general content in type-tracker 
Due to the char-pred of Content, this change should keep exactly the
same behavior as before.
 2024-03-14 10:42:37 +01:00
Tom Hvitved
6c0ed28e6b Python: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
yoff
adbcbefaa9 Merge pull request #15551 from yoff/python/avoid-duplicate-model-inclusions 
python: Remove `TaintStepFromSummary`
 2024-03-11 13:52:20 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Rasmus Wriedt Larsen
42acd9c22c Merge pull request #15695 from github/tausbn/python-add-copy-method-as-copy-step 
Python: Add `.copy()` method call as copy step
 2024-03-11 09:43:34 +01:00
Rasmus Lerchedahl Petersen
3601773856 python: support encoding lower bound 2024-03-08 14:59:28 +01:00
Rasmus Wriedt Larsen
eeda4355f1 Python: Fix missing DictionaryElementContent 2024-03-01 15:21:13 +01:00
Rasmus Wriedt Larsen
cdf4dd16f0 Python: Fix module level flow for iterable unpacking 
(and for * patterns in match)

Since `PhaseDependentFlow` uses the following predicate, that relies on
.getScope() to be present for there to be any importTimeFlow (flow at
toplevel scope), it's important that data-flow nodes implement `.getScope`.

```
private predicate isTopLevel(Node node) { node.getScope() instanceof Module }
```

By implementing getScope, we can now rely on default implementation of
`getEnclosingCallable` in DataFlow::Node:

```
  /** Gets the enclosing callable of this node. */
  DataFlowCallable getEnclosingCallable() { result = getCallableScope(this.getScope()) }
```
 2024-02-28 16:39:08 +01:00
Taus
f1392712ee Python: Add .copy() as a copy step 2024-02-22 13:09:27 +00:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Rasmus Lerchedahl Petersen
580e68d5de python: add support for lower bound position 2024-02-09 13:51:16 +01:00
Anders Schack-Mulligen
817aa7655f Python: Remove redundant IncludePostUpdateFlow and PhaseDependentFlow application. 2024-02-09 11:32:08 +01:00
Rasmus Lerchedahl Petersen
45bb4a0ee5 python: remove TaintStepFromSummary 
as it should be covered by `SummarizedCallableFromModel`

Also move things around, to look more like the Ruby code.
 2024-02-08 12:48:15 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Rasmus Lerchedahl Petersen
0f89f69555 Python: fix VariableWrite and remove unneded step 2023-12-20 15:45:18 +01:00
Rasmus Lerchedahl Petersen
215b146f06 Python: remove unused member predicate 2023-12-20 14:45:00 +01:00
Rasmus Lerchedahl Petersen
491ca3f1e6 Python: hide synthetic variable node 2023-12-20 14:42:45 +01:00
Rasmus Lerchedahl Petersen
afb3d1da6f Python: move capture node to DataFlowPrivate 2023-12-20 14:41:17 +01:00
Rasmus Lerchedahl Petersen
3cea46fe7b Python: fix typos 2023-12-20 14:35:10 +01:00
Rasmus Lerchedahl Petersen
f8417b0dd8 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-basic 2023-12-20 13:16:42 +01:00
Rasmus Lerchedahl Petersen
07c88dc0be Python: remove unnecessary post-processing 
also, it is slightly incorrect...
 2023-12-20 12:09:15 +01:00
Rasmus Lerchedahl Petersen
169d7a3c98 Python: Add scope entry definition nodes 
otherwise we confuse captured variables
in the single scope entry cfg node. Now
we have one for each defined variable.
 2023-12-20 12:09:00 +01:00
yoff
a60c52b8b7 Merge branch 'main' into python/captured-variables-basic 2023-12-18 23:44:46 +01:00
Rasmus Lerchedahl Petersen
78c484faab Python: remove support for capturing callbacks 
This will be added in a follow-up PR instead.
 2023-12-18 23:24:57 +01:00
Rasmus Lerchedahl Petersen
6e4011d2ae Python: rename sythetic nodes 
Avoid the term "closure" as it is somewhat academic.
 2023-12-18 23:16:51 +01:00
Rasmus Lerchedahl Petersen
c0b3d98c6d Python: Add a bit more detail to comment. 2023-12-18 22:44:26 +01:00
Rasmus Lerchedahl Petersen
456209b269 Python: Move predicate closer to its use 2023-12-18 22:29:09 +01:00
Rasmus Lerchedahl Petersen
86bb884f67 Python: better comment 2023-12-18 22:26:46 +01:00
Rasmus Lerchedahl Petersen
7324177786 Python: address QL alerts 2023-12-18 22:20:28 +01:00
Rasmus Lerchedahl Petersen
25c83dc70d Python: adjust comment 2023-12-18 22:15:37 +01:00
Rasmus Lerchedahl Petersen
bf1ad23678 Python: add comments 
- on debug predicates
- on JS implementation
 2023-12-18 22:00:13 +01:00
Rasmus Lerchedahl Petersen
c88d686ce4 Python: move SynthCapturePostUpdateNode 
next to `SynthCaptureNode`
 2023-12-18 21:37:52 +01:00
yoff
e0c027f13c Merge pull request #14848 from hvitved/python/shared-type-tracking 
Python: Adopt shared type tracking library
 2023-12-18 21:14:42 +01:00
Tom Hvitved
a776132a10 Python: Deprecate more predicates 2023-12-18 13:05:17 +01:00
Rasmus Lerchedahl Petersen
b505778bc8 Python: remove non-local steps 2023-12-16 01:03:27 +01:00
Rasmus Lerchedahl Petersen
661ba1ca7b Python: move restriction into branch predicate 
Otherwise we get loads of nodes with missing locations
from the brnach nodes that are not matched.
 2023-12-16 00:33:11 +01:00
Rasmus Lerchedahl Petersen
4a1fcde649 Python: abandon synthetic node 
for `CapturingClosureArgumentNode`.

Unless we define it for every single `CallNode`, we need a more
sophisticated mutual recursion with the call graph construction.
There is built-in support for that, but we are currently not using it.
 2023-12-15 23:42:29 +01:00
Rasmus Lerchedahl Petersen
e36b079e0f Python: fix compilation error 
introduced by bad merge
 2023-12-15 21:27:22 +01:00
Rasmus Lerchedahl Petersen
416ba6a709 Python: use updated API 2023-12-15 21:26:05 +01:00