hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
aa3000df1310b332ba1c84afec3bacb0aeb4dbbd
Commit Graph

9547 Commits

Author SHA1 Message Date
Henry Mercer
b737bccb07 Python: Fix "be be" typos in qhelp 2025-10-14 11:33:24 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Taus
e592fd60ff Merge pull request #20495 from github/tausbn/python-fix-unmatchable-dollar-in-lookahead 
Python: Fix false positive for unmatchable dollar/caret
 2025-09-25 15:27:32 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Taus
b9f073e596 Python: Update test output 2025-09-19 15:39:12 +00:00
Taus
95a84ad655 Python: Fix false positive for unmatchable dollar/caret 
Our previous modelling did not account for the fact that a lookahead can
potentially extend all the way to the end of the input (and similarly,
that a lookbehind can extend all the way to the beginning).

To fix this, I extended `firstPart` and `lastPart` to handle lookbehinds
and lookaheads correctly, and added some test cases (all of which yield
no new results).

Fixes #20429.
 2025-09-19 15:06:46 +00:00
Joe Farebrother
2cd1d2fd2f Merge pull request #20392 from joefarebrother/python-qual-file-not-closed 
Python: Improve File Not Closed query to reduce false positives and provide clearer alerts
 2025-09-18 09:33:08 +01:00
Joe Farebrother
f3802ec60f Merge pull request #20217 from joefarebrother/python-qual-signature-mismatch 
Python: Modernize the Signature Mismatch query
 2025-09-17 13:29:33 +01:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
Michael Nebel
34ebed1a24 Merge pull request #20402 from michaelnebel/python/code-quality-extended 
Python: Add most `medium` precision queries to the `code-quality-extended` suite.
 2025-09-17 13:48:35 +02:00
Taus
f5a06bef4a Merge pull request #19929 from github/tausbn/python-update-tree-sitter-dependency 
Python: Update `tree-sitter` dependency
 2025-09-17 13:40:13 +02:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Taus
8fd62252fd Python: Fix bad join in globalVariableNestedFieldJumpStep 2025-09-16 18:12:29 +02:00
Napalys Klicius
431fc8880e Python: Add change note 2025-09-16 18:08:53 +02:00
Napalys Klicius
e82fe9d919 Python: Updated doc string and removed redundant predicate. 2025-09-16 18:08:53 +02:00
Taus
e228aac61f Python: Use AttrWrite.writes 
Also applies @napalys' fix to the base case.
 2025-09-16 18:08:53 +02:00
Taus
6f9e06c59e Python: Add AttrWrite.writes and AttrRead.reads 
The latter of these is identical to `AttrRef.accesses`, but makes the
API a bit more intuitive.
 2025-09-16 18:08:53 +02:00
Napalys Klicius
8393ccf39d Python: Update globalVariableAttrPathAtDepth base case 2025-09-16 18:08:53 +02:00
Taus
6133f01c81 Python: Rewrite access path computation 2025-09-16 18:08:53 +02:00
Taus
69b5853477 Python: Keep track of access path 2025-09-16 18:08:53 +02:00
Napalys Klicius
e60d0c88f1 Python: Add global variable nested field jump steps 2025-09-16 18:08:53 +02:00
Napalys Klicius
9d4b168977 Python: Added extra test for global variable nested attribute reads/writes. 2025-09-16 18:08:53 +02:00
Napalys Klicius
6c779c7fa5 Python: Added extra test cases for path injection with FastAPI 2025-09-16 18:08:53 +02:00
Napalys Klicius
f209e3a0fe Python: Updated PathInjection tests to use inline test expectations 2025-09-16 18:08:53 +02:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Michael Nebel
c2628fe1df Python: Update integration tests expected output. 2025-09-11 08:44:18 +02:00
Michael Nebel
a774c65162 Python: Remove py/missing-docstring from code-quality-extended. 2025-09-11 08:41:33 +02:00
Michael Nebel
7c58098f12 Python: Update integration tests expected output. 2025-09-10 16:08:14 +02:00
Michael Nebel
7c0aa78e39 Python: Add many medium precision queries to the code-quality-extended suite. 2025-09-10 16:06:38 +02:00
Joe Farebrother
f9e094de61 Simplify choosaASignatureMismatchWitness for improved performance 2025-09-09 17:25:48 +01:00
Joe Farebrother
ea562de3e6 Fix tests 2025-09-09 15:17:16 +01:00
Joe Farebrother
ec40ea800d Update qldoc 2025-09-09 13:46:52 +01:00
Joe Farebrother
b01b40b51b Update test output 2025-09-09 13:44:03 +01:00
Joe Farebrother
e382f7cd43 Improve check for containment in with statement 2025-09-09 11:26:17 +01:00
Joe Farebrother
eb246f6f71 Performance experiment - add getFunctionFIle for better join order 2025-09-08 09:43:22 +01:00
Joe Farebrother
869b7e09d7 Merge pull request #19932 from joefarebrother/python-qual-init-del-calls 
Python: Modernize 4 queries for missing/multiple calls to init/del methods
 2025-09-08 09:29:38 +01:00
Joe Farebrother
ff4c11f503 Update test output. Accepting some FNs due to dataflow issue. 2025-09-06 00:45:15 +01:00
Joe Farebrother
0b293eaba5 Update test output 2025-09-05 22:43:21 +01:00
Joe Farebrother
bd3fa7fb21 Switch to dataflow check for guards exceptions 
This reduces some confusing FPs, though appears to introduce another
 2025-09-05 16:03:55 +01:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Taus
f6732a927b Python: Bump extractor version 2025-09-03 11:56:54 +00:00
Taus
13a93c7e32 Python: Add suggestions from Copilot 2025-09-03 11:55:49 +00:00
Joe Farebrother
71dec0b23e Fix typos 2025-09-03 11:22:46 +01:00
Joe Farebrother
9fa630faf5 Add comments documenting helper predicates, and add call resolve condition to callMatchesSignature to avoid cartesian product 2025-09-03 11:00:59 +01:00
Joe Farebrother
cd6a151d9b Add missing predicate + update test output 2025-09-03 09:48:07 +01:00
Joe Farebrother
2dcf3c7c45 Remove erronous private 2025-09-02 22:16:41 +01:00