hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,499 Commits 1,673 Branches 157 Tags
d909f2bc4f77fc5b73500c39f48dff0733e52410
Commit Graph

1100 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
3716b8c6a0 Python: update test to reflect correct behaviour 
also add comments
 2024-04-26 14:21:15 +02:00
Rasmus Lerchedahl Petersen
9f7edf378e Python: fix tests 
The way to expose the `self` arguemnt
is to call an instance method on the class,
not on the instance...
 2024-04-26 14:21:15 +02:00
Rasmus Lerchedahl Petersen
4f46ce1133 Python: add test for Argument[0, self, self:] for instance methods 2024-04-26 14:21:15 +02:00
Rasmus Wriedt Larsen
1bc085c8f7 Python: Fixup for callGraphConfig 2024-04-23 09:42:35 +02:00
Rasmus Wriedt Larsen
bb00d6919a Python: Move dataflow TestUtil to importable location 2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen
e0e405bb31 Python: replace dataflow-test location in files 2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen
ce711f7d2f Python: Move dataflow tests out of experimental 2024-04-23 09:40:44 +02:00
Taus
58eaddf627 Python: Update all .expected files 
I'm beginning to realise why I didn't do the `toString` overriding way
back when. Thankfully, now that all of our tests are in the same place,
this is actually not a terrible ordeal.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Tom Hvitved
ceb5b4c56e Python: No longer use models-as-data CSV interface 2024-04-12 13:40:15 +02:00
Anders Schack-Mulligen
bfcfedab8c Python: Update expected output (uninteresting). 2024-04-12 09:20:30 +02:00
Rasmus Wriedt Larsen
78ca691912 Python: remove deprecated points-to test for zope 2024-04-10 13:12:17 +02:00
Rasmus Wriedt Larsen
00f2a6a65e Python: Update ssa-compute test expectations 2024-03-15 10:14:45 +01:00
Rasmus Wriedt Larsen
87b6592dbc Python: Accept inconsistency for missing use-use flow 
At least until we have a proper fix
 2024-03-08 13:34:26 +01:00
Rasmus Wriedt Larsen
8fe483d9d8 Python: Add example of missing use-use flow 
(see PR for more detailed description)
 2024-03-08 13:26:01 +01:00
Rasmus Wriedt Larsen
cbb9a64bbb Merge pull request #15457 from RasmusWL/psycopg 
Python: Model the `psycopg` package
 2024-02-12 15:59:16 +01:00
Anders Schack-Mulligen
088a0a54ba Python: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Rasmus Wriedt Larsen
c265c15f3f Merge pull request #15398 from RasmusWL/html-escape 
Python: Add `html.escape` as HTML sanitizer
 2024-01-30 16:06:01 +01:00
Rasmus Wriedt Larsen
c70b32f7eb Python: Require quote escaping for html.escape 2024-01-30 12:17:01 +01:00
Rasmus Wriedt Larsen
3f0dc2b022 Python: Model the psycopg package 2024-01-29 14:30:20 +01:00
Marcono1234
1ad08efe08 Python: Support a (ASCII) inline regex flag 2024-01-26 22:18:49 +01:00
Rasmus Wriedt Larsen
cbed6e861d Python: Add html.escape as HTML sanitizer 2024-01-22 17:32:28 +01:00
Rasmus Wriedt Larsen
95c24275f2 Merge pull request #15044 from RasmusWL/automated-subclass-models 
Python: Automated subclass models
 2024-01-05 10:43:48 +01:00
Rasmus Lerchedahl Petersen
169d7a3c98 Python: Add scope entry definition nodes 
otherwise we confuse captured variables
in the single scope entry cfg node. Now
we have one for each defined variable.
 2023-12-20 12:09:00 +01:00
Rasmus Lerchedahl Petersen
3b7e29bed6 Python: add test for crosstalk 2023-12-20 12:08:05 +01:00
Rasmus Wriedt Larsen
72687e0368 Merge branch 'main' into automated-subclass-models 2023-12-19 17:08:25 +01:00
Rasmus Wriedt Larsen
933938d926 Python: Make rest_framework tests runnable again 2023-12-19 17:07:01 +01:00
Rasmus Lerchedahl Petersen
75f9eeb4e9 Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-19 17:07:01 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Rasmus Wriedt Larsen
419130be21 Merge pull request #15030 from yoff/python/remove-module-entry-definitions 
Python: Remove control flow nodes for module entry definitions from the dataflow graph.
 2023-12-11 11:40:17 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Rasmus Lerchedahl Petersen
263c0aade7 Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-06 23:00:51 +01:00
Rasmus Lerchedahl Petersen
9e1c818db6 Python: address review comments 2023-12-04 17:49:26 +01:00
Rasmus Wriedt Larsen
c952f6a648 Python: Update rest of tests to new dataflow lib 
I had missed these originally, since I had just fixed the ones that were
highlighted in the actions logs, thinking they had covered everything :(
 2023-12-04 14:49:40 +01:00
Rasmus Lerchedahl Petersen
e091ae84ab Merge branch 'main' of https://github.com/github/codeql into python/remove-ssa-nodes-from-dataflow-graph 2023-12-04 14:05:40 +01:00
Rasmus Wriedt Larsen
2fed0adde7 Merge pull request #8457 from RasmusWL/add-dataflow-consistency-query 
Python: Add dataflow consistency query
 2023-12-04 12:50:46 +01:00
Rasmus Wriedt Larsen
4dd3ea3798 Python: Update tests to new dataflow lib 
Avoids some deprecation warnings :)
 2023-12-04 12:36:57 +01:00
Rasmus Wriedt Larsen
4e0cca9a41 Merge pull request #14353 from GeekMasher/py-restframework 
Python: support `*args` and `**kwargs` in request handlers
 2023-11-23 14:04:36 +01:00
Rasmus Wriedt Larsen
d056706af5 Merge pull request #14725 from RasmusWL/re-modeling 
Python: Add taint-flow modeling for `re` module
 2023-11-23 11:35:36 +01:00
Rasmus Wriedt Larsen
3d46129bbf Python: Remove intermediary steps from taint-test 
These were leftovers from old way of propagating taint
 2023-11-23 10:40:25 +01:00
Rasmus Wriedt Larsen
37d03ee0f3 Python: Accept .expected changes 
Note that in this case, since there is a known `django.urls.path`
route-setup, we know that the request-handler will only be passed
keyword arguments, so it is not a mistake that `*args` is not considered
a routed-parameter here (although it certainly wouldn't have hurt us if
we did consider it a routed-parameter either).
 2023-11-21 13:46:55 +01:00
Rasmus Wriedt Larsen
36a846ee32 Python: Fix django regex path handling 2023-11-21 13:08:45 +01:00
Rasmus Wriedt Larsen
c51c15ae74 Python: Add test of routed parameters to *args 
Also move the **kwargs and *args test to a more appropriate file
 2023-11-21 13:01:01 +01:00
Rasmus Wriedt Larsen
2ec1822e9c Python: Accept consistency-errors in django-orm 2023-11-21 12:44:42 +01:00
Rasmus Wriedt Larsen
5f26790b90 Merge branch 'main' into py-restframework 2023-11-21 11:57:48 +01:00
Rasmus Wriedt Larsen
df9fb141b8 Python: Remove old manual consistency query tests 2023-11-21 11:50:23 +01:00
Rasmus Wriedt Larsen
71c017f053 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-11-21 10:07:42 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Taus
216cd88225 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 15:25:06 +00:00