hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,699 Commits 1,671 Branches 157 Tags
f5a06bef4a84f4cff07b06a9e45220e6e8b15801
Commit Graph

9501 Commits

Author SHA1 Message Date
Taus
f5a06bef4a Merge pull request #19929 from github/tausbn/python-update-tree-sitter-dependency 
Python: Update `tree-sitter` dependency
 2025-09-17 13:40:13 +02:00
Taus
8fd62252fd Python: Fix bad join in globalVariableNestedFieldJumpStep 2025-09-16 18:12:29 +02:00
Napalys Klicius
431fc8880e Python: Add change note 2025-09-16 18:08:53 +02:00
Napalys Klicius
e82fe9d919 Python: Updated doc string and removed redundant predicate. 2025-09-16 18:08:53 +02:00
Taus
e228aac61f Python: Use AttrWrite.writes 
Also applies @napalys' fix to the base case.
 2025-09-16 18:08:53 +02:00
Taus
6f9e06c59e Python: Add AttrWrite.writes and AttrRead.reads 
The latter of these is identical to `AttrRef.accesses`, but makes the
API a bit more intuitive.
 2025-09-16 18:08:53 +02:00
Napalys Klicius
8393ccf39d Python: Update globalVariableAttrPathAtDepth base case 2025-09-16 18:08:53 +02:00
Taus
6133f01c81 Python: Rewrite access path computation 2025-09-16 18:08:53 +02:00
Taus
69b5853477 Python: Keep track of access path 2025-09-16 18:08:53 +02:00
Napalys Klicius
e60d0c88f1 Python: Add global variable nested field jump steps 2025-09-16 18:08:53 +02:00
Napalys Klicius
9d4b168977 Python: Added extra test for global variable nested attribute reads/writes. 2025-09-16 18:08:53 +02:00
Napalys Klicius
6c779c7fa5 Python: Added extra test cases for path injection with FastAPI 2025-09-16 18:08:53 +02:00
Napalys Klicius
f209e3a0fe Python: Updated PathInjection tests to use inline test expectations 2025-09-16 18:08:53 +02:00
Joe Farebrother
869b7e09d7 Merge pull request #19932 from joefarebrother/python-qual-init-del-calls 
Python: Modernize 4 queries for missing/multiple calls to init/del methods
 2025-09-08 09:29:38 +01:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Taus
f6732a927b Python: Bump extractor version 2025-09-03 11:56:54 +00:00
Taus
13a93c7e32 Python: Add suggestions from Copilot 2025-09-03 11:55:49 +00:00
Joe Farebrother
cd6a151d9b Add missing predicate + update test output 2025-09-03 09:48:07 +01:00
Joe Farebrother
2dcf3c7c45 Remove erronous private 2025-09-02 22:16:41 +01:00
Taus
9802ad77dc Python: Update types_new.py and test output 2025-09-02 12:41:57 +00:00
Taus
235822d782 Python: Improve handling of syntax errors 
Rather than relying on matching arbitrary nodes inside tree-sitter-graph
and then checking whether they are of type ERROR or MISSING (which seems
to have stopped working in later versions of tree-sitter), we now
explicitly go through the tree-sitter tree, locating all of the error
and missing nodes along the way. We then add these on to the graph
output in the same format as was previously produced by
tree-sitter-graph.

Note that it's very likely that some of the syntax errors will move
around a bit as a consequence of this change. In general, we don't
expect syntax errors to have stable locations, as small changes in the
grammar can cause an error to appear in a different position, even if
the underlying (erroneous) code has not changed.
 2025-09-02 12:41:57 +00:00
Taus
b108d47b26 Python: Update parser test output 
It seems that with a newer version of tree-sitter, we no longer parse
the (not actually valid!) syntax `Spam[**P2]` as if the `**` is an
exponentiation operation (with a missing left operand).
 2025-09-02 12:41:55 +00:00
Taus
76f15a890c Python: Update tree-sitter dependency 
Updates the Python extractor to depend on version 0.24.7 of tree-sitter
(and 0.12.0 of tree-sitter-graph).

A few changes were needed in order to make the code build and run after
updating the dependencies:

- In `main.rs`, the `Language` parameter is now passed as a reference.
- In `python.tsg`, many queries had captures that were not actually used
in the body of the stanza. This is no longer allowed (unless the
captures start with an underscore), as it may indicate an error. To fix
this, I added underscores in the appropriate places (and verified that
none of these unused captures were in fact bugs).
 2025-09-02 12:40:20 +00:00
Michael Nebel
31852985e5 Merge pull request #20335 from michaelnebel/shared/ql4ql 
Shared and Sync: Fix some Ql4Ql violations.
 2025-09-02 14:37:34 +02:00
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
d3d737b383 Merge pull request #20330 from michaelnebel/python/ql4ql 
Python: Fix some Ql4Ql violations.
 2025-09-02 14:01:54 +02:00
Michael Nebel
7490d8ddd2 Shared and Sync: Fix some Ql4Ql violations. 2025-09-02 13:54:22 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
90caded4fe Apply suggestion from @aschackmull 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-02 13:08:31 +02:00
Joe Farebrother
f7097136f1 Rank multiple calls so only the first 2 calls are alerted 2025-09-01 16:23:42 +01:00
Henry Mercer
d71991fdc0 Merge pull request #20320 from github/henrymercer/default-queries 
Specify default queries in `codeql-extractor.yml`
 2025-09-01 15:52:47 +01:00
Joe Farebrother
8545c7d36f Fix doc typo 2025-09-01 15:12:52 +01:00
Joe Farebrother
8c9c66c002 Fix typo in example 2025-09-01 15:12:52 +01:00
Joe Farebrother
ba68fe9a0f Adress review suggestions - cleanups 2025-09-01 15:12:52 +01:00
Joe Farebrother
fb0380bfbc Inline locationBefore 2025-09-01 15:12:52 +01:00
Joe Farebrother
cc486ddb08 Remove tostring 2025-09-01 15:12:51 +01:00
Joe Farebrother
72df584e9b Update integration test outout and fix qhelp 2025-09-01 15:12:51 +01:00
Joe Farebrother
c9dc54abf8 Fix typos 2025-09-01 15:11:59 +01:00
Joe Farebrother
58f2bd4000 Fix changenote formatting 2025-09-01 15:11:59 +01:00
Joe Farebrother
5992dc3b0a Add qldoc 2025-09-01 15:11:59 +01:00
Joe Farebrother
e01519f547 Add change note 2025-09-01 15:11:59 +01:00
Joe Farebrother
74a312735c Update integration test output 2025-09-01 15:11:58 +01:00
Michael Nebel
dbd31259b3 Python: Fix some Ql4Ql violations. 2025-09-01 15:16:25 +02:00
Joe Farebrother
ba8658491a Update qhelp + alert messages 2025-09-01 14:11:01 +01:00
Joe Farebrother
86bb0e8af2 qhelp: move examples to subfolder 2025-09-01 14:10:58 +01:00
Joe Farebrother
daa5525a10 Update tests and add an additional test 2025-09-01 14:10:55 +01:00
Joe Farebrother
b4b20d7d3f Update multiple calls queries to include call targets in alert message 2025-09-01 14:10:53 +01:00
Joe Farebrother
18b949c0a9 Remove case excluding classes with a __new__ method; as it doesn't make much sense (__init__ is still called anyway) 2025-09-01 14:10:50 +01:00