hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,334 Commits 1,673 Branches 157 Tags
d1c4e772f0a43866e901895d3b498bfe8bc1ef12
Commit Graph

7965 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
4e0cca9a41 Merge pull request #14353 from GeekMasher/py-restframework 
Python: support `*args` and `**kwargs` in request handlers
 2023-11-23 14:04:36 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
3d46129bbf Python: Remove intermediary steps from taint-test 
These were leftovers from old way of propagating taint
 2023-11-23 10:40:25 +01:00
Rasmus Wriedt Larsen
30891ca4aa Merge pull request #14861 from yoff/python/demonstrate-def-use-explosion 
Python: test demonstrating the need for phi nodes
 2023-11-22 09:57:10 +01:00
Rasmus Lerchedahl Petersen
d288c4a709 Python: rename folder 2023-11-21 16:48:41 +01:00
yoff
4f7fde7b87 Merge pull request #14858 from yoff/python/demonstrate-use-use-explosion 
Python: Test demonstrating the need for phi-read-nodes
 2023-11-21 16:44:11 +01:00
Rasmus Wriedt Larsen
63fcaca82f Python: add change-note 2023-11-21 16:02:41 +01:00
Rasmus Wriedt Larsen
a0867b4f66 Python: More HTTP request handler *args/**kwargs modeling 
I looked through all `override Parameter getARoutedParameter() {` in our
codebase, and we now modeling *args/**kwargs for all of them 👍
 2023-11-21 16:02:40 +01:00
Rasmus Lerchedahl Petersen
c552bc5eb1 Python: fix test output 2023-11-21 15:48:22 +01:00
Rasmus Lerchedahl Petersen
077e51c6c6 Python: fix test output 2023-11-21 15:47:18 +01:00
Rasmus Lerchedahl Petersen
4857960f72 Python: test demonstrating the need for phi nodes 
or a dataflow node playing that role, at least.
 2023-11-21 15:40:05 +01:00
Rasmus Lerchedahl Petersen
f138fc0d2d Python: Test demonstrating need for phi-read-nodes 
Or for a data flow node filling that role, at least.
 2023-11-21 13:54:02 +01:00
Rasmus Wriedt Larsen
37d03ee0f3 Python: Accept .expected changes 
Note that in this case, since there is a known `django.urls.path`
route-setup, we know that the request-handler will only be passed
keyword arguments, so it is not a mistake that `*args` is not considered
a routed-parameter here (although it certainly wouldn't have hurt us if
we did consider it a routed-parameter either).
 2023-11-21 13:46:55 +01:00
Rasmus Wriedt Larsen
1bc8a6de61 Python: Fixup mistaken modelling 2023-11-21 13:46:23 +01:00
Rasmus Wriedt Larsen
36a846ee32 Python: Fix django regex path handling 2023-11-21 13:08:45 +01:00
Rasmus Wriedt Larsen
c51c15ae74 Python: Add test of routed parameters to *args 
Also move the **kwargs and *args test to a more appropriate file
 2023-11-21 13:01:01 +01:00
Rasmus Wriedt Larsen
5f26790b90 Merge branch 'main' into py-restframework 2023-11-21 11:57:48 +01:00
Rasmus Wriedt Larsen
71c017f053 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-11-21 10:07:42 +01:00
Rasmus Wriedt Larsen
c8301fc5f0 Merge pull request #14851 from RasmusWL/variable-caputre-list-comprehension 
Python: Add test for variable reference in list comprehension
 2023-11-20 17:10:34 +01:00
Rasmus Wriedt Larsen
db1499d5b0 Python: Add test for variable reference in list comprehension 2023-11-20 16:41:34 +01:00
Taus
10b72a0c39 Python: Fix scope of type parameters 
This takes care of scoping for type parameters on functions, but not
type aliases or classes.

For classes, the _type parameters_ now have the correct `Class` as scope,
but all their child nodes do not (e.g. the `Name` inside a `TypeParameter`).
This has to do with how the `py_scopes` relation is emitted by the extractor,
since `Name`s are expressions.
 2023-11-20 13:31:21 +00:00
Taus
36201105b9 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-20 13:27:54 +00:00
Chris Campbell
27a2781954 Merge branch 'github:main' into main 2023-11-20 12:15:45 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
Chris Campbell
114b694553 Remove @precision values, correct missing tags 2023-11-16 15:50:41 +00:00
Taus
216cd88225 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 15:25:06 +00:00
Taus
635bcd4fa2 Python: Add change note 2023-11-16 15:14:30 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
0c1fb8c881 Merge pull request #14811 from github/henrymercer/remove-lines-of-non-user-code-from-summary 
Remove LoC metrics from the analysis summary
 2023-11-16 12:30:55 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Rasmus Wriedt Larsen
25d3af9236 Merge branch 'main' into clean-tests 2023-11-16 11:21:01 +01:00
Taus
fd750a3bf0 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 09:59:44 +00:00
Rasmus Wriedt Larsen
71ef98584d Merge pull request #14791 from RasmusWL/python-3.12 
Python: Update `.expected` to support Python 3.12
 2023-11-16 10:42:48 +01:00
Rasmus Wriedt Larsen
df144f3a1e Merge pull request #14406 from amammad/amammad-python-FileSystemAccess 
Python: New FileSystem Access
 2023-11-16 10:25:34 +01:00
Rasmus Wriedt Larsen
e349891cff Python: Apply suggestions from code review 2023-11-15 14:35:52 +01:00
Rasmus Wriedt Larsen
e02c32f3d4 Python: options file was not enough, split into 2/3 
I reckon this is due to the Python 3 version used by the Python 2 tests
is different from 3.12, so even with --lang=3 the tests are still using
an incompatible version :(
 2023-11-15 14:24:11 +01:00
Rasmus Wriedt Larsen
0f1dc9b2d9 Python: Add missing options file 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
ae6c95ff95 Python: Fix asyncio.coroutine deprecation 
Was removed in 3.11, see https://docs.python.org/3.10/library/asyncio-task.html#asyncio.coroutine

I couldn't make the __awwait__ actually give the result to the agen function...

I also tried looking into
https://docs.python.org/3/library/types.html#types.coroutine, but also
failed to make that work.

Without the Future, such as doing `yield SOURCE` inside `__await__` it
complains `RuntimeError: Task got bad yield: 'source'`
 2023-11-15 13:24:08 +01:00
Rasmus Wriedt Larsen
4256fbf11a Python: Accept changes from Python 3.12 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f3dd002ba9 Python: Copy tests to Python 3 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
f9e9ae91f7 Python: Move tests that would change under Python 3.12 to lang specific directory 
This moves the tests to Python 2, next we copy them to Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
23419ee634 Python: Update .expected to support Python 3.12 
You might wonder why the number of lines changed, but it's due to `tty`
module receiving its' first update since 2001, so the actual number of
lines DID change :phew:

https://github.com/python/cpython/commits/3.12/Lib/tty.py

Since there is now a difference between Python 2 and Python 3, we need to restrict the lines of code test to only run as Python 3.
 2023-11-15 11:42:38 +01:00
Rasmus Wriedt Larsen
69453aa144 Python: Fix missing newline in .expected 2023-11-15 10:10:23 +01:00
Rasmus Wriedt Larsen
55f5b26ba6 Python: Accept new ordering of query predicates in .expected 2023-11-15 10:09:54 +01:00
Rasmus Wriedt Larsen
721bde1ce8 Python: Delete orphaned .expected files 2023-11-15 09:59:26 +01:00
Taus
cfdeb0edf5 Python: Define getScope and getAChildNode for new nodes 2023-11-13 15:19:54 +00:00
Rasmus Wriedt Larsen
e1c47f5584 Python: Reorganize taint tests of re 
Mostly to highlight that with flow-summary modeling, we don't expect
taint for a lot of these.

I aslo opted to make `finditer()` tainted for consistency.
 2023-11-13 10:56:29 +01:00
Rasmus Wriedt Larsen
ffc27b5301 Python: Solve problems with missing TTupleElementContent 
Ruby uses 10 as their number. I considered doing the same, but didn't
really care _too_ much about it 🤷

14cfb82a8c/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll (L636)
 2023-11-13 10:48:51 +01:00
Rasmus Wriedt Larsen
c3fa3f26a7 Python: Fix problems with missing TAttributeContent 2023-11-13 10:46:40 +01:00
Rasmus Wriedt Larsen
943b2a2ed1 Python: Highlight problem with flow summaries and TAttributeContent 2023-11-13 10:42:13 +01:00