Skip to content

Python: Promote experimental queries #4583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Nov 2, 2020
Merged

Python: Promote experimental queries #4583

merged 10 commits into from
Nov 2, 2020

Conversation

tausbn
Copy link
Contributor

@tausbn tausbn commented Oct 30, 2020
edited
Loading

DO NOT MERGE

Also adds performance fix to python.qll.

@tausbn
Python: Promote experimental queries
f903e4f 
DO NOT MERGE

Also adds performance fix to `python.qll`.
tausbn added 6 commits November 2, 2020 11:44
@tausbn
Python: Fixup CWE-502 tests.
52dc905
@tausbn
Python: Fixup CWE-078 tests.
7a395bf
@tausbn
Python: Fixup CWE-089 tests
ebb5934
@tausbn
Python: Fixup CWE-094 tests
57b5109
@tausbn
Python: Fixup CWE-079 tests
af7626a
@tausbn
Python: Fixup CWE-022 tests
b620b9b 
This was a bit of a mess, since there was crosstalk between the
TarSlip and PathInjection queries. (Also one of these needs the
`options` file to be in one way, and the other not). To fix this, I
split these out into separate directories.
@tausbn tausbn marked this pull request as ready for review November 2, 2020 10:50
@tausbn tausbn requested a review from a team as a code owner November 2, 2020 10:50
RasmusWL
RasmusWL reviewed Nov 2, 2020
View reviewed changes
python/ql/test/experimental/query-tests/Security-old-dataflow/CWE-502/options Outdated
@@ -0,0 +1 @@
semmle-extractor-options: --max-import-depth=2 -p ../lib
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the tests will fail due to ../lib not being resolved in the same way as it used to.

For our purposes, I would be happy to accept not having any tests of the old queries. It might be controversial, but that is how I feel about it right now 😄

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hah, I was anticipating the opposite, hence the inclusion of the tests.

Anyway, at least this is better than my first attempt, which only included the tests! 🤦

@RasmusWL RasmusWL requested a review from yoff November 2, 2020 12:56
RasmusWL
RasmusWL previously approved these changes Nov 2, 2020
View reviewed changes
Copy link
Member

@RasmusWL RasmusWL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides the fact that I think the tests will fail, I think his PR looks good 👍 (and I'm happy to accept the easy from removing qhelp and other non .ql files)

RasmusWL
RasmusWL approved these changes Nov 2, 2020
View reviewed changes
Copy link
Member

@RasmusWL RasmusWL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 👍

yoff
yoff approved these changes Nov 2, 2020
View reviewed changes
Copy link
Contributor

@yoff yoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
possibly 'deprecated' would be more appropriate than 'experimental', but I do not really care.
I am also fine with not having tests for the old queries, I mainly expect to run them locally on downloaded snapshots.

@calumgrant calumgrant merged commit cb527ca into github:main Nov 2, 2020
@tausbn tausbn deleted the python-test-2 branch February 12, 2021 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yoff yoff yoff approved these changes

@RasmusWL RasmusWL RasmusWL approved these changes

Assignees
No one assigned
Labels
Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tausbn @yoff @RasmusWL @calumgrant