hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,164 Commits 1,672 Branches 157 Tags
aa78a434070fed4bd9dfec8910c2a64abaf3a1a4
Commit Graph

6355 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
aa78a43407 Python: Enable type-tracking in call-graph test 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
c85ccb2003 Python: Add call-graph compare meta-queries 
Also changed the definition of a relevant call-target, so it's only what
is in the actual source code, which is what we want in the future! (so
what we're designing type-tracking to handle)

I also changed terminology from `callee` to `target`. It felt more
natural this way in my opinion.
 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
a98554b6ed Python: Accept tmp changes to flow summaries 
After solving merge conflict
 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
716576b1d6 Python: Minimal type-tracking call-graph 
That does absolutely nothing so far, but compiles
 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
6f5007b810 Python: Rename -> DataFlowDispatch 
So diff can make more sense when introducing blank state for type-tracking based call-graph
 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
f327a3f62a Python: Remove strange-pointsto-interaction-investigation 
These tests are not relevant anymore 💪
 2022-11-22 14:46:29 +01:00
Rasmus Wriedt Larsen
1b30cf8eca Merge branch 'main' into call-graph-tests 2022-11-22 13:39:27 +01:00
Rasmus Wriedt Larsen
84faf49bf0 Python: Add tests for compound arguments field flow 2022-11-22 11:29:00 +01:00
Rasmus Wriedt Larsen
d876acde4c Python: Fix SINK/SINK_F usage for crosstalk tests 
As discussed in PR review
https://github.com/github/codeql/pull/11208#discussion_r1022473421
 2022-11-22 11:29:00 +01:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
Taus
8f4eb7107a Merge pull request #10861 from tausbn/python-clean-up-import-resolution 
Python: Clean up import resolution
 2022-11-21 15:18:08 +01:00
Taus
d79eed533b Python: Remove unwanted recursion 
Depending on `localFlowStep` meant that this predicate ended up being
recursive with itself (by way of flow summaries which depend on API
graphs, which in turn depend on import resolution).

Changing this to use the simple local flow step predicate that we use
for type tracking should fix this issue.
 2022-11-18 13:50:50 +00:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Taus
e76ab8c78c Merge branch 'main' into python-clean-up-import-resolution 2022-11-17 22:47:50 +00:00
erik-krogh
468a879c1f Python: delete dead code. thanks QL-for-QL 2022-11-17 22:12:51 +01:00
erik-krogh
e491b61e09 Python: move the contents of PEP249Impl to PEP249, which is possible now that the deprecations have been deleted 2022-11-17 22:12:50 +01:00
erik-krogh
a7ba693ccb Python: delete old deprecations 2022-11-17 22:12:50 +01:00
Chris Smowton
0deb2d4c5f Copyedit Python release notes 2022-11-17 17:03:09 +00:00
Chris Smowton
63fcbb5969 Copyedit Python release notes 2022-11-17 17:02:55 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Taus
811426c586 Python: Remove manual magic entirely 
This was causing issues with imports with many "dots" in the name.

Previously, the test added in this commit would not have the desired
result for the `check` call.
 2022-11-17 14:15:55 +00:00
Taus
8ed8161d5c Python: Fix tests for Python 2 
This should make it so that the `prints3` tag is skipped when running
then Python 2 Language tests.
 2022-11-16 22:20:08 +00:00
Taus
81348049df Python: Fix missing module resolution 
This was due to bad manual magic: restricting the attribute name makes
sense when we're talking about submodules of a package, but it doesn't
when we're talking about reexported modules.

Also (hopefully) fixes the tests so that the Python 3-specific bits are
ignored under Python 2.
 2022-11-16 19:58:32 +00:00
Taus
19261ecfbf Python: Remove spurious module references 2022-11-16 18:19:54 +00:00
Taus
2717b9a47d Python: Extend import resolution tests 
Extends the tests to

1. Account parts of the test code that may be specific to Python 2 or 3,
2. Also track which arguments passed to `check` are references to
   modules.

The latter revealed a bunch of spurious results, which I have annotated
accordingly.
 2022-11-16 17:58:24 +00:00
Anders Schack-Mulligen
94bca4399a Merge pull request #11183 from aschackmull/dataflow/groupflow 
Dataflow: Introduce support for src/sink grouping in path results.
 2022-11-16 12:59:01 +01:00
Rasmus Wriedt Larsen
e886b53a94 Python: CallGraph tests: remove rest of old annotations 2022-11-15 11:16:10 +01:00
Rasmus Wriedt Larsen
98bf3adc72 Python: Add enclosing-callable test 2022-11-15 11:11:59 +01:00
Rasmus Wriedt Larsen
7ca32ee2b5 Python: Fieldflow: merge assignment tests 2022-11-15 11:11:59 +01:00
Erik Krogh Kristensen
d2857006cf Merge pull request #11247 from erik-krogh/py-redosMod 
Python: use the shared regex pack
 2022-11-14 21:10:43 +01:00
Erik Krogh Kristensen
99636ba344 fix typo 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-11-14 17:35:55 +01:00
Nick Rolfe
83b3312467 Merge pull request #11207 from github/nickrolfe/arel-sql 
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
 2022-11-14 10:21:37 +00:00
Taus
f92d836607 Python: Fix test failure 
Casting to `ImportExpr` caused the `typetracking_imports` test to fail.
 2022-11-11 16:03:14 +00:00
Taus
a08253b6d0 Python: Fix typo 2022-11-11 14:50:04 +00:00
Taus
a8a7a59ae8 Python: Add test for attribute name clash 2022-11-11 14:47:35 +00:00
Taus
b540eb094c Python: Various small fixes 
- Swaps `module_reference_in_scope` and `module_name_in_scope`.
- uses `AttrRead::accesses` instead of `getObject`, etc.
- Removes an errant `none()`.
- Expands the QLDoc for some of the predicates.
 2022-11-11 14:00:36 +00:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Taus
7f790432cc Python: More review suggestions 
I could have sworn I added all of them to the batch, but somehow these slipped through.

Co-authored-by: yoff <lerchedahl@gmail.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-11 14:40:58 +01:00
Taus
131fc986b4 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-11-11 13:49:46 +01:00
Rasmus Wriedt Larsen
ab42521906 Python: Port CallGraph-implicit-init tests 
to the new call-graph test setup. Nice that we can write `MISSING:` now!
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
b60504f404 Python: Delete CallGraph-xfail 
No longer needed since we're using an established testing framework now
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
6d9745e5c3 Python: Rewrite call-graph tests to be inline expectation (2/2) 
I ported the predicates showing difference between points-to and
type-tracking, since it's helpful to see the list of differences,
instead of having to parse expectations!
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
88f703af1f DataFlow: Accept changes to .expected 2022-11-10 22:13:34 +01:00
Rasmus Wriedt Larsen
4caaa3a396 Python: Rewrite call-graph tests to be inline expectation (1/2) 
This adds inline expectations, next commit will remove old annotations
code... but I thought it would be easier to review like this.
 2022-11-10 21:08:29 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Nick Rolfe
9f31ef851f Python: fix spelling of SqlExecution class in comment 2022-11-10 11:53:12 +00:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
erik-krogh
c8b7eccc6f sync files 2022-11-09 11:31:13 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00