hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,703 Branches 162 Tags
codeql-cli/latest
Commit Graph

86161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
4f3149d865 Python: Fix error after merge conflict 2020-02-19 16:27:31 +01:00
Rasmus Wriedt Larsen
74345b1c05 Python: Make library-tests/taint/strings tests more transparent 
Following the setup I invented for library-tests/taint/unpacking.

TestStep is still a bit annoying, since the output is not easy to eyeball; but
for now I guess we can live with it :)

I honestly didn't get the point of DistinctStringKinds.ql, other than showing we
can handle multiple taint kinds
 2020-02-19 16:24:22 +01:00
Rasmus Wriedt Larsen
e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Tom Hvitved
ddf6b4a342 Merge pull request #2862 from calumgrant/cs/project-rids 
C#: Add runtime identifiers to project files
 2020-02-19 16:11:10 +01:00
Geoffrey White
89bbb975f9 C++: Effects on tests. 2020-02-19 14:52:49 +00:00
Geoffrey White
4e2a45cd3e C++: Correct SideEffectFunction model for PureStrFunction. 2020-02-19 14:38:43 +00:00
Geoffrey White
22cba0f26e C++: Delete TODO. 2020-02-19 14:38:43 +00:00
Geoffrey White
5f7085937e C++: Improve the SideEffect library QLDoc. 2020-02-19 14:38:43 +00:00
Geoffrey White
c014ca6ed7 C++: Rename some tests for clarity / less emphasis on the AST. 2020-02-19 14:33:57 +00:00
Geoffrey White
3e49e12126 C++ Repair GlobalValueNumbering (AST) test. 2020-02-19 14:28:46 +00:00
Anders Schack-Mulligen
c6016bb08c Java/C++/C#: Improve join-order in pathStep predicate 2020-02-19 14:47:39 +01:00
Rasmus Wriedt Larsen
e7fdfd3d3e Python: Move subprocess.call so super-class detection works 
This is a temporary fix!

Added minimal working example (MWE) as a regression, so it's easier to fix the
real problem.

only Python 3 is facing the problem -- and without --max-import-depth=1 the test
times out at 10 minutes :O
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
d7b803a859 Python: Fix modernisation of py/iteration-string-and-sequence 
Introduced a regression, since the old code was:

```
predicate is_a_string_type(ClassObject seqtype) {
    seqtype = theBytesType() and major_version() = 2
    or
    seqtype = theUnicodeType()
}
```

but *now* we're good!
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
0509228296 Python: Make ModelUsage test language agnostic 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
87eff7f062 Python: More iterator => iterable renaming 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
82b29b5698 Python: Recognize shebangs in module usage detection 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
01f5b3dc63 Python: Add a script that we can't classify usage of 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
3e7e9636ea Python: Add ModuleValue.{isUsedAsModule, isUsedAsScript} 
and a few test cases
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
b4ab0b55be Python: Modernise Statements/RedundantAssignment 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
79a4d7e9cc Python: Add some confusing (but valid) property tests 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
67e9edb820 Python: Add PropertyValue 
+ Extend PropertyInternal.getSetter to handle non-decorator
+ Add PropertyInternal.getDeleter

It seems like a bit hacky way to do things, since we're not using the
PropertySetterOrDeleter class at all, but for now I'll leave it be.
 2020-02-19 14:12:22 +01:00
Rasmus Wriedt Larsen
e747add485 Python: Descriptor tests fixup (3/3) 
Better tests for properties
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
aed7bfb820 Python: Descriptor tests fixup (2/3) 
Test format improved
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
3f49aeecfe Python: Descriptor tests fixup (1/3) 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
13568b7b9f Python: Modernise Statements/ queries 
Almost. Left out a few things marked with TODO
 2020-02-19 14:10:29 +01:00
Rasmus Wriedt Larsen
83d40f167b Python: Update py/ineffectual-statement 
e.(StrConst).isDocString() can only hold if e instanceof StrConst, since we have
that condition on the line above, we can safely remove this condition.
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
6e349eb6e7 Python: Make py/side-effect-in-assert handle example 
Also removed parantheses
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
ae8dbd81f3 Python: Update test-file for py/redundant-assignment 
now the test code can be pasted, and actually works ;)
 2020-02-19 14:05:55 +01:00
Rasmus Wriedt Larsen
381668871d Python: Autoformat statements 2020-02-19 14:05:55 +01:00
Geoffrey White
df29143b7e C++: Fix a test that should be working on the AST dataflow. 2020-02-19 13:02:24 +00:00
Alistair Christie
fab7955c75 Make small editorial changes 2020-02-19 12:54:58 +00:00
Geoffrey White
c94582a1c0 Merge pull request #2861 from MathiasVP/gvn-use-impl 
C++: Import AST GVN module for tests
 2020-02-19 11:16:11 +00:00
james
6ff1c99ae3 docs: a few content updates 2020-02-19 11:08:18 +00:00
semmle-qlci
5e0f21a162 Merge pull request #2854 from max-schaefer/js/regexp-bounded-quantifier-fix 
Approved by esbena
 2020-02-19 10:12:13 +00:00
Mathias Vorreiter Pedersen
59a19679ea C++/C#: Sync identical files after merge 2020-02-19 11:06:00 +01:00
Mathias Vorreiter Pedersen
bbcc1e1c37 Merge branch 'master' into sync-ir-valuenumbering-internals 2020-02-19 10:43:48 +01:00
Sauyon Lee
1b7186347d Merge pull request #25 from max-schaefer/library-overview 
Add library overview
 2020-02-19 01:39:14 -08:00
Mathias Vorreiter Pedersen
3a05a82c1d C++: Accept output 2020-02-19 10:35:03 +01:00
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Mathias Vorreiter Pedersen
246ef694f6 Merge branch 'master' into gvn-use-impl 2020-02-19 10:29:46 +01:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
Max Schaefer
4b371ac85a Remove rogue full stop. 2020-02-19 08:14:15 +00:00
james
d3eb5334b8 docs: update titles, some links, add intros 2020-02-19 07:37:35 +00:00
james
2245d64c52 docs: tidy up ql-for-cpp 2020-02-19 07:09:01 +00:00
Rebecca Valentine
2fa20eb805 Fixes bug introduced by merge of foresight additions. 2020-02-18 21:37:52 -08:00
Rebecca Valentine
7997e1dc98 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-02-18 21:33:12 -08:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine
810efef9de Adds python3 test 2020-02-18 15:02:47 -08:00
Rebecca Valentine
e55f01d905 Adds new UseofApply test case and results to the Python2 tests dir 2020-02-18 12:12:25 -08:00