Commit Graph

8963 Commits

Author SHA1 Message Date
Taus
b4ecc7937d Python: Fix some more async parsing problems
Turns out we were not setting the `is_async` field on anything except
`async for` statements. This commit makes it so that we also do this for
`async def` and `async with`, and adds a test that this produces the
same behaviour as the old parser.
2024-10-28 14:44:02 +00:00
Taus
e710c0a6bf Python: Regenerate parser files 2024-10-28 14:44:01 +00:00
Taus
ac87868097 Python: Fix parsing of await inside expressions
Found when parsing `Lib/test/test_coroutines.py` using the new parser.

For whatever reason, having `await` be an `expression` (with an argument
of the same kind) resulted in a bad parse. Consulting the official
grammar, we see that `await` should actually be a `primary_expression`
instead. This is also more in line with the other unary operators, whose
precedence is shared by the `await` syntax.
2024-10-28 14:44:01 +00:00
Taus
1e51703ce9 Python: Allow escaped quotes/backslashes in raw strings
Quoting the Python documentation (last paragraph of
https://docs.python.org/3/reference/lexical_analysis.html#escape-sequences):

"Even in a raw literal, quotes can be escaped with a backslash, but the
backslash remains in the result; for example, r"\"" is a valid string
literal consisting of two characters: a backslash and a double quote;
r"\" is not a valid string literal (even a raw string cannot end in an
odd number of backslashes)."

We did not handle this correctly in the scanner, as we only consumed the
backslash but not the following single or double quote, resulting in
that character getting interpreted as the end of the string.

To fix this, we do a second lookahead after consuming the backslash, and
if the next character is the end character for the string, we advance
the lexer across it as well.

Similarly, backslashes in raw strings can escape other backslashes.
Thus, for a string like '\\' we must consume the second backslash,
otherwise we'll interpret it as escaping the end quote.
2024-10-28 14:40:24 +00:00
Taus
5db601af3c Python: Allow comments in comprehensions
A somewhat complicated solution that necessitated adding a new custom
function to `tsg-python`. See the comments in `python.tsg` for why this
was necessary.
2024-10-23 14:24:47 +00:00
Taus
4f60494019 Python: Support assignments of the form [x,y,z] = w
Surprisingly, the new parser did not support these constructs (and the
relevant test was missing this case), so on files that required the new
parser we were unable to parse this construct.

To fix it, we add `list_pattern` (not to be confused with
`pattern_list`) as a `tree-sitter-python` node that results in a `List`
node in the AST.
2024-10-22 16:06:35 +00:00
Taus
89ea4b8200 Python: Regenerate parser files 2024-10-22 15:39:41 +00:00
Taus
9c913902c5 Python: Allow except* to be written as except *
Turns out, `except*` is actually not a token on its own according to the
Python grammar. This means it's legal to write `except *foo: ...`, which
we previously would consider a syntax error.

To fix it, we simply break up the `except*` into two separate tokens.
2024-10-22 15:39:29 +00:00
Taus
7ceefb509b Python: Regenerate parser files 2024-10-22 15:17:34 +00:00
Taus
8053e0ed44 Python: Allow list_splats as type annotations
That is, the `*T` in `def foo(*args : *T): ...`.

This is apparently a piece of syntax we did not support correctly until
now.

In terms of the grammar, we simply add `list_splat` as a possible
alternative for `type` (which could previously only be an `expression`).
We also update `python.tsg` to not specify `expression` those places (as
the relevant stanzas will then not work for `list_splat`s).

This syntax is not supported by the old parser, hence we only add a new
parser test for it.
2024-10-22 15:17:12 +00:00
Taus
fcec8e0256 Python: Fail tests when errors/warnings are logged
This is primarily useful for ensuring that errors where a node does not
have an appropriate context set in `python.tsg` actually have an effect
on the pass/fail status of the parser tests. Previously, these would
just be logged to stdout, but test could still succeed when there were
errors present.

Also fixes one of the logging lines in `tsg_parser.py` to be more
consistent with the others.
2024-10-22 15:11:51 +00:00
Arthur Baars
08af7d0007 Merge pull request #17810 from github/post-release-prep/codeql-cli-2.19.2
Post-release preparation for codeql-cli-2.19.2
2024-10-18 18:28:07 +02:00
github-actions[bot]
272f6c2541 Post-release preparation for codeql-cli-2.19.2 2024-10-18 15:56:02 +00:00
Arthur Baars
aaf220d41e Fix typos in changelogs 2024-10-18 15:28:05 +00:00
github-actions[bot]
ca0345324e Release preparation for version 2.19.2 2024-10-18 15:16:21 +00:00
Arthur Baars
eb515f884b Revert "Release preparation for version 2.19.2" 2024-10-18 17:06:20 +02:00
Rasmus Lerchedahl Petersen
30e5a12230 Python: udate expectations 2024-10-18 15:14:51 +02:00
Rasmus Lerchedahl Petersen
30053da70d Python: extra modelling of stdlib
as a reaction to the latest QA run
2024-10-18 13:49:33 +02:00
Taus
65dbc1de91 Python: Add copy.replace test to list of runnable tests 2024-10-15 18:17:00 +02:00
Taus
28f8874243 Merge pull request #17688 from github/tausbn/python-3.13-default-type-parser-support
Python: Add support for type parameter defaults
2024-10-15 18:01:51 +02:00
Taus
d4e0cb2ffa Merge pull request #17767 from github/tausbn/python-3.13-model-flow-in-replace
Python: Model `copy.replace`
2024-10-15 18:01:28 +02:00
github-actions[bot]
079ab77a38 Post-release preparation for codeql-cli-2.19.2 2024-10-15 12:16:59 +00:00
Taus
3b60d8302b Python: Add change note 2024-10-15 12:14:20 +00:00
Taus
778b96aa39 Python: Update test expectations 2024-10-15 12:14:19 +00:00
Taus
eaef783f4b Python: Add partial model for copy.replace
Extends our modelling to partially cover the behaviour of
`copy.replace`. In particular, we model this in two ways:

Firstly, we extend the existing Models-as-Data row for `copy` and
`deepcopy` to also cover `replace`. This means that we treat the result
of `replace` as containing all of the fields of the original object.
This is somewhat _more_ than we want, as strictly speaking the fields
that are overwritten should _not_ propagate flow through the `replace`
call, but currently we don't have a good way of modelling this blocking
of flow.

Secondly, we add a flow summary that adds flow from named arguments of
the `replace` call to the corresponding fields on the base object. This
ensures that we at least have the new flow arising from the `replace`
call.

Note that the flow summary adds this flow for _all_ named arguments of
_all_ `replace` calls throughout the codebase. However, since any
particular `replace` call will only populate a subset of these (the
subset consisting of exactly those named arguments that are in that
particular call), this does not cause any unwanted crosstalk between
different `replace` calls.§
2024-10-15 12:14:19 +00:00
Taus
6f2cfa0ba8 Python: Update CopySummary to use getMaDRepresentation
Demonstrates the somewhat more ergonomic way to use
`getMaDRepresentation` when specifying summaries.

Note that this slightly extends the previous definition, in that
`DictionaryContentAny` is now _also_ propagated by a call to the
`.copy()` method, but I think this is correct.
2024-10-15 11:52:37 +00:00
Taus
ce914019c5 Python: Add getMaDRepresentation()
This adds a convenient way of getting the Models-as-Data representation
of a particular type of content. This avoids repeating the same
construction over and over in our various summaries. Currently this is
defined for all types of content except the captured variable content,
which to my knowledge doesn't have any representation in Models-as-Data.
2024-10-15 11:50:38 +00:00
Taus
e16405c675 Python: Add test for copy.replace
This test demonstrates the current state of affairs: that `copy.replace`
essentially blocks all flow of taint through it, because it has not been
modelled yet.
2024-10-15 11:48:43 +00:00
Taus
417e60a466 Python: Update extractor version 2024-10-15 11:22:54 +00:00
Taus
d905010aa8 Python: Add change note 2024-10-15 11:22:34 +00:00
Taus
8630f57710 Python: Add up-/downgrade scripts
Adds up- and downgrade scripts for the support for type parameter
defaults.

In the upgrade direction we do nothing, matching the behaviour of
`getDefault` not having a result for old databases.

In the downgrade direction, we explicitly remove the relevant child (via
the `py_exprs` database relation) for `TypeVar`, `TypeVarTuple`, and
`ParamSpec` parameters.
2024-10-15 11:22:33 +00:00
Taus
819b3d77ab Python: Update test expectations
Note that this still includes the somewhat puzzling parsing of
`Spam[**P2]` as an exponentiation with an empty left hand side. When we
fix that bug, we should also update this test to contain actually valid
syntax.
2024-10-15 11:22:33 +00:00
Taus
182a192cc0 Python: Regenerate dbscheme/AST 2024-10-15 11:22:33 +00:00
Taus
36d89745f9 Python: Fix dbscheme/AST autogeneration
There was an errant `ql` in the relevant paths, a leftover from the move
from the internal repo. Also, we can no longer rely on an intree version
of the CodeQL CLI, so from now on we'll just assume it's present in the
path. (On Codespaces, `gh codeql` is a decent replacement, especially if
using the `install-stub` functionality.
2024-10-15 11:22:32 +00:00
Taus
2af0d78435 Python: Add default field to the relevant AST nodes 2024-10-15 11:22:32 +00:00
Taus
55ee3eb36b Python: Add TSG support for type defaults 2024-10-15 11:22:31 +00:00
Taus
6545bfffa7 Python: Regenerate parser files
Two new files -- alloc.h and array.h -- suddenly appeared. Presumably
they are used by the somewhat newer version of tree-sitter. To be safe,
I included them in this commit.
2024-10-15 11:22:31 +00:00
Taus
882249ef82 Python: Add grammar support for type defaults
Also fixes an oversight in the grammar: starred expressions should be
allowed inside the subscript of an `Index` expression.
2024-10-15 11:22:30 +00:00
Taus
1ced5b44d7 Python: Add test for type parameter defaults 2024-10-15 11:22:30 +00:00
Arthur Baars
9ba8045837 Fix typos in changelog entries 2024-10-15 11:06:20 +00:00
github-actions[bot]
255f55cf1a Release preparation for version 2.19.2 2024-10-15 10:29:25 +00:00
yoff
da5e9ac18c python: more adjustments... 2024-10-14 14:54:33 +00:00
yoff
9d8d7ab237 python: update extractor expectations 2024-10-14 14:14:40 +00:00
Rasmus Lerchedahl Petersen
3402a729d0 Python: adjust test expectations for extractor test 2024-10-14 12:36:56 +02:00
yoff
8f681154ce Merge pull request #17683 from yoff/python/flip-default-for-stdlib-extraction
Python: Flip default for stdlib extraction
2024-10-11 18:34:44 +02:00
Rasmus Lerchedahl Petersen
5650694313 Python: update tests 2024-10-11 15:36:44 +02:00
Rasmus Lerchedahl Petersen
e2eb08b543 Python: improve messaging 2024-10-11 15:36:44 +02:00
Rasmus Lerchedahl Petersen
22588c9f85 Python: update ectractor version 2024-10-11 15:36:44 +02:00
Rasmus Lerchedahl Petersen
c013d4a59c Python: update test expectations 2024-10-11 15:36:44 +02:00
Rasmus Lerchedahl Petersen
4a291147e0 Python: only look for the py2 stdlib if we extract std lib 2024-10-11 15:36:44 +02:00