mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
e812eb777d
Really, this boils down to "Port `re` library model to use API graphs instead of points-to", which is what this PR actually does. Instead of using points-to to track flags, we use a type tracker. To handle multiple flags at the same time, we add additional flow from `x` to `x | y` and `y | x` and, as an added bonus, the above with `+` instead of `|`, neatly fixing https://github.com/github/codeql/issues/4707 I had to modify the `Qualified.ql` test slightly, as it now had a result stemming from the standard library (in `warnings.py`) that points-to previously ignored. It might be possible to implement this as a type tracker on `LocalSourceNode`s, but with the added steps for the above operations, this was not obvious to me, and so I opted for the simpler "`smallstep`" variant.
14 lines
226 B
Plaintext
14 lines
226 B
Plaintext
| 11 | MULTILINE |
|
|
| 47 | VERBOSE |
|
|
| 48 | VERBOSE |
|
|
| 49 | DOTALL |
|
|
| 49 | VERBOSE |
|
|
| 50 | IGNORECASE |
|
|
| 50 | VERBOSE |
|
|
| 51 | UNICODE |
|
|
| 52 | UNICODE |
|
|
| 54 | DOTALL |
|
|
| 54 | VERBOSE |
|
|
| 56 | VERBOSE |
|
|
| 68 | MULTILINE |
|