github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
62 518 коммитов 1 538 Ветки 130 Теги 478 MiB
Граф коммитов

8189 Коммитов

Автор SHA1 Сообщение Дата
Chuan-kai Lin 2924be554c
Python: Fix typo in upgrade script 2024-01-05 07:15:21 -08:00
Rasmus Wriedt Larsen 95c24275f2
Merge pull request #15044 from RasmusWL/automated-subclass-models 
Python: Automated subclass models
 2024-01-05 10:43:48 +01:00
Aditya Sharad b1803d0ac2
Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Rasmus Lerchedahl Petersen da4aef80e9 Revert "Python: make it a real consistency check" 
This reverts commit 45411f4a93.
 2023-12-20 16:15:17 +01:00
Rasmus Lerchedahl Petersen 0f89f69555 Python: fix VariableWrite and remove unneded step 2023-12-20 15:45:18 +01:00
Rasmus Lerchedahl Petersen d039ceb689 Python: add test for fields 2023-12-20 15:23:45 +01:00
Rasmus Lerchedahl Petersen 706e9dc896 Python: fix compilation 2023-12-20 15:23:33 +01:00
Rasmus Lerchedahl Petersen 45411f4a93 Python: make it a real consistency check 2023-12-20 14:53:37 +01:00
Rasmus Lerchedahl Petersen 215b146f06 Python: remove unused member predicate 2023-12-20 14:45:00 +01:00
Rasmus Lerchedahl Petersen 491ca3f1e6 Python: hide synthetic variable node 2023-12-20 14:42:45 +01:00
Rasmus Lerchedahl Petersen afb3d1da6f Python: move capture node to DataFlowPrivate 2023-12-20 14:41:17 +01:00
Rasmus Lerchedahl Petersen 3cea46fe7b Python: fix typos 2023-12-20 14:35:10 +01:00
Rasmus Lerchedahl Petersen f8417b0dd8 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-basic 2023-12-20 13:16:42 +01:00
Rasmus Lerchedahl Petersen 7749b8e60e Python: add change-note 2023-12-20 12:53:37 +01:00
Rasmus Lerchedahl Petersen 07c88dc0be Python: remove unnecessary post-processing 
also, it is slightly incorrect...
 2023-12-20 12:09:15 +01:00
Rasmus Lerchedahl Petersen 169d7a3c98 Python: Add scope entry definition nodes 
otherwise we confuse captured variables
in the single scope entry cfg node. Now
we have one for each defined variable.
 2023-12-20 12:09:00 +01:00
Rasmus Lerchedahl Petersen 3b7e29bed6 Python: add test for crosstalk 2023-12-20 12:08:05 +01:00
Rasmus Wriedt Larsen 72687e0368
Merge branch 'main' into automated-subclass-models 2023-12-19 17:08:25 +01:00
Rasmus Wriedt Larsen 56d86f9980
Revert "NEVER MERGE: Ensure we don't use site-packages stuff" 
This reverts commit 0ed363bd79f9d3f9e9a905c1192adfe88f1faffb.
 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen 9863309631
Python: auto subclass capture 
(locally done with split + 5 x modeling runs + join, but squashed into one commit)
 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen ca7b69ec1f
NEVER MERGE: Ensure we don't use site-packages stuff 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen de2a563a8e
Python: Delete old auto subclass capture files 
In the final git history this only deletes one file, but when working
locally I deleted ALL files.
 2023-12-19 17:07:21 +01:00
Rasmus Wriedt Larsen bf271d7f0f
Python: refactor how subclasses are specified 
A little more explicit, so less prone to be overlooked when adding a new spec
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen 32251a041b
Python: Fill `getFullyQualifiedName` for rest of subclassing specs 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen a78f13cb2e
Python: Ignore known subclass models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen 24a3a23c9c
Python: Regenerate rest_framework models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen 3e878f5a0b
Python: Model django response subclass relationship 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen abe6f1639a
Python: Add example of models subclassing problem 
In reality, we only want to model this as a `rest_framework.response.Response`, since our .qll modeling is more precise for rest-framework responses than if we also modeled it as a basic django http response. (specifically, that default mime-type handling is way different).
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen 5c89c38c92
Python: Add the `rest_framework` models for demonstration purposes 
Although it might be hidden by github UI by default, it could be
interesting for a reviewer to notice the effect changes in the modeling
query has to the results in this file.
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen ee3319b7b0
Python: Make split/join executable (chmod +x) 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen cfd3f8938e
Python: Highlight split/join subclass files usage 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen 933938d926
Python: Make rest_framework tests runnable again 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen 3e6423a13c
Python: Add ability to split and join autogenerated yml files 
Verified by joining all files, splitting again, and observing no diff in
git.

(these operations only take a few seconds on my local machine, so
shouldn't be too much of an issue)
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen f30a3b0aba
Python: Script: Improve performance by using C++ impl 
these changes took performance for loading and writing all files locally
29.60s to 3.17s

(that is, using `gather_from_existing`)
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen 13c2378b58
Python: Update a few QLdocs 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen 937af906fd
Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen 0fe29b6a86
Python: Recover subclass finder .expected after cherry picking commits from https://github.com/github/codeql/pull/15030 2023-12-19 17:07:01 +01:00
Rasmus Lerchedahl Petersen 75f9eeb4e9
Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-19 17:07:01 +01:00
Rasmus Lerchedahl Petersen c563c7fbe4
Python: remove control flow nodes 
for module entry definitions from the dataflow graph.
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen e050f2e998
Python: Adjust subclass finder to no ESSA nodes 
But the new test results looks very strange indeed!
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen 60b784a919
Python: Don't filter subclass tests away 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen a9a0216c43
Python: Add change-note 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen fa3e16adea
Python: Refactor taint-sinks meta queries 2023-12-19 17:07:01 +01:00
github-actions[bot] 8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
Rasmus Wriedt Larsen 2305d55967
Merge pull request #15101 from yoff/python/update-InlineTaintTestPaths-to-new-api 
Python: update to new API update is in a comment, so compilation never failed in CI.
 2023-12-19 11:10:55 +01:00
yoff 1417c2cdd5
Update python/ql/lib/change-notes/2023-12-18-support-variable-capture.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-12-19 10:08:59 +01:00
yoff a60c52b8b7
Merge branch 'main' into python/captured-variables-basic 2023-12-18 23:44:46 +01:00
Rasmus Lerchedahl Petersen 8b7b58279a Python: add change-note 
I chose `category: majorAnalysis`, the description is
"An API has changed in a way that may affect the results produced
by a query that consumes the API."
The API in question here is `flowPath` which is used by all our
data flow queries.
 2023-12-18 23:42:39 +01:00
Rasmus Lerchedahl Petersen 78c484faab Python: remove support for capturing callbacks 
This will be added in a follow-up PR instead.
 2023-12-18 23:24:57 +01:00
Rasmus Lerchedahl Petersen 6e4011d2ae Python: rename sythetic nodes 
Avoid the term "closure" as it is somewhat academic.
 2023-12-18 23:16:51 +01:00