Merge branch 'zrax:master' into master
This commit is contained in:
28
.github/workflows/codeql-analysis.yml
vendored
28
.github/workflows/codeql-analysis.yml
vendored
@@ -18,35 +18,41 @@ jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# Override automatic language detection by changing the below list
|
||||
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
|
||||
language: ['cpp', 'python']
|
||||
# Learn more...
|
||||
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
|
||||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
||||
# Use only 'java' to analyze code written in Java, Kotlin or both
|
||||
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
|
||||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v1
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
||||
# queries: security-extended,security-and-quality
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- if: matrix.language == 'python'
|
||||
name: Autobuild Python
|
||||
uses: github/codeql-action/autobuild@v1
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
|
||||
- if: matrix.language == 'cpp'
|
||||
name: Build C++
|
||||
@@ -56,4 +62,6 @@ jobs:
|
||||
make
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v1
|
||||
uses: github/codeql-action/analyze@v2
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
|
14
ASTree.cpp
14
ASTree.cpp
@@ -474,6 +474,7 @@ PycRef<ASTNode> BuildFromCode(PycRef<PycCode> code, PycModule* mod)
|
||||
stack.push(new ASTTuple(values));
|
||||
}
|
||||
break;
|
||||
case Pyc::CALL_A:
|
||||
case Pyc::CALL_FUNCTION_A:
|
||||
{
|
||||
int kwparams = (operand & 0xFF00) >> 8;
|
||||
@@ -546,6 +547,9 @@ PycRef<ASTNode> BuildFromCode(PycRef<PycCode> code, PycModule* mod)
|
||||
}
|
||||
PycRef<ASTNode> func = stack.top();
|
||||
stack.pop();
|
||||
if (opcode == Pyc::CALL_A && stack.top() == nullptr)
|
||||
stack.pop();
|
||||
|
||||
stack.push(new ASTCall(func, pparamList, kwparamList));
|
||||
}
|
||||
break;
|
||||
@@ -1033,8 +1037,6 @@ PycRef<ASTNode> BuildFromCode(PycRef<PycCode> code, PycModule* mod)
|
||||
}
|
||||
break;
|
||||
case Pyc::GET_ITER:
|
||||
/* We just entirely ignore this */
|
||||
break;
|
||||
case Pyc::GET_YIELD_FROM_ITER:
|
||||
/* We just entirely ignore this */
|
||||
break;
|
||||
@@ -2547,14 +2549,18 @@ PycRef<ASTNode> BuildFromCode(PycRef<PycCode> code, PycModule* mod)
|
||||
case Pyc::SETUP_ANNOTATIONS:
|
||||
variable_annotations = true;
|
||||
break;
|
||||
case Pyc::PRECALL_A:
|
||||
case Pyc::RESUME_A:
|
||||
/* We just entirely ignore this / no-op */
|
||||
break;
|
||||
case Pyc::CACHE:
|
||||
/* These "fake" opcodes are used as placeholders for optimizing
|
||||
certain opcodes in Python 3.11+. Since we have no need for
|
||||
that during disassembly/decompilation, we can just treat these
|
||||
as no-ops. */
|
||||
break;
|
||||
case Pyc::RESUME_A:
|
||||
/* Treated as no-op for decompyle purposes */
|
||||
case Pyc::PUSH_NULL:
|
||||
stack.push(nullptr);
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "Unsupported opcode: %s\n", Pyc::OpcodeName(opcode & 0xFF));
|
||||
|
BIN
tests/compiled/test_calls.3.1.pyc
Normal file
BIN
tests/compiled/test_calls.3.1.pyc
Normal file
Binary file not shown.
BIN
tests/compiled/test_calls.3.10.pyc
Normal file
BIN
tests/compiled/test_calls.3.10.pyc
Normal file
Binary file not shown.
BIN
tests/compiled/test_calls.3.11.pyc
Normal file
BIN
tests/compiled/test_calls.3.11.pyc
Normal file
Binary file not shown.
BIN
tests/compiled/test_calls.3.5.pyc
Normal file
BIN
tests/compiled/test_calls.3.5.pyc
Normal file
Binary file not shown.
BIN
tests/compiled/test_calls.3.8.pyc
Normal file
BIN
tests/compiled/test_calls.3.8.pyc
Normal file
Binary file not shown.
9
tests/input/test_calls.py
Normal file
9
tests/input/test_calls.py
Normal file
@@ -0,0 +1,9 @@
|
||||
import sys
|
||||
import os
|
||||
|
||||
sys.stdout.write('Test\n')
|
||||
sys.stdout.write(os.path.join('foo', 'bar'))
|
||||
|
||||
print('\n')
|
||||
print(eval('4 * 13'))
|
||||
print()
|
7
tests/tokenized/test_calls.txt
Normal file
7
tests/tokenized/test_calls.txt
Normal file
@@ -0,0 +1,7 @@
|
||||
import sys <EOL>
|
||||
import os <EOL>
|
||||
sys . stdout . write ( 'Test\n' ) <EOL>
|
||||
sys . stdout . write ( os . path . join ( 'foo' , 'bar' ) ) <EOL>
|
||||
print ( '\n' ) <EOL>
|
||||
print ( eval ( '4 * 13' ) ) <EOL>
|
||||
print ( ) <EOL>
|
Reference in New Issue
Block a user