hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3455 Commits

Author SHA1 Message Date
Harry Maclean
4d228bcddf Ruby: Recognise more string-valued variables 
This increases the sensitivity of our barrier guards.
 2023-01-04 11:45:10 +13:00
Harry Maclean
0fbb6bf608 Ruby: Make array inclusion barrier more sensitive 2023-01-04 11:45:09 +13:00
Aditya Sharad
9988c19a42 Merge branch 'main' into tutorial/library-pack 2023-01-03 14:08:37 -08:00
Harry Maclean
b70ca77afc Merge pull request #10899 from hmac/flow-summary-docs 
Ruby: Document flow summary syntax
 2022-12-28 10:47:38 +13:00
Jami
c9258effb6 Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis 
Java: model top 100 JDK APIs
 2022-12-20 09:13:53 -05:00
Erik Krogh Kristensen
b1e6a86a4b Merge pull request #11757 from erik-krogh/treesitter-qldoc 
QL/RB: make top TreeSitter.qll comment into a qldoc
 2022-12-20 13:36:31 +01:00
erik-krogh
2ff23a6fc0 make top TreeSitter.qll comment into a qldoc 2022-12-20 11:39:06 +01:00
Aditya Sharad
ed29b3e4d6 Shared packs: Depend on codeql/tutorial from all language libraries 
This allows `import tutorial` from queries targeting
any language, just like before, while removing the
duplicate copies of `tutorial.qll`.
 2022-12-19 15:52:11 -08:00
Erik Krogh Kristensen
f136651384 Merge pull request #11575 from erik-krogh/kernelLoad 
Rb: add Kernel methods as sinks to path-injection
 2022-12-19 15:09:21 +01:00
erik-krogh
d0af30b40a cleanup the implementation of toString() for `SuperCall 2022-12-19 14:28:01 +01:00
erik-krogh
db49cfb723 Merge branch 'main' into kernelLoad 2022-12-19 09:46:25 +01:00
erik-krogh
ba7321ac5c add qldoc to RegExpCharEscape 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
355499ea52 move getACommonTld to the shared pack 2022-12-17 17:26:18 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Jami
ff652f7dee Merge branch 'main' into jcogs33/model-top-jdk-apis 2022-12-16 15:32:50 -05:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Tom Hvitved
e629568eda Merge pull request #11720 from hvitved/ruby/call-sensitive-initialize-bug-fix 
Ruby: Fix bug in call-sensitivity logic for `initialize` calls
 2022-12-16 16:36:31 +01:00
Tom Hvitved
5fba5e4895 Merge pull request #11718 from hvitved/ruby/self-allocate 
Ruby: Recognize custom `self.new` methods that return `self.allocate`
 2022-12-16 14:46:08 +01:00
Tom Hvitved
bfc257147c Ruby: Fix bug in call-sensitivity logic for initialize calls 2022-12-16 11:17:15 +01:00
Tom Hvitved
e45edcc159 Merge pull request #11674 from hvitved/dataflow/param-context 
Data flow: Track callable in flow-through pruning
 2022-12-16 09:25:15 +01:00
Tom Hvitved
accf4ca364 Ruby: Recognize custom self.new methods that return self.allocate 2022-12-16 09:23:36 +01:00
Jami Cogswell
f01ee9e4c2 Java: remove PR-merging comment 2022-12-15 22:56:15 -05:00
Jami
fd63348549 Merge pull request #11585 from jcogs33/jcogs33/mad-metrics-query 
Java: add MaD metrics query
 2022-12-15 19:26:51 -05:00
Tom Hvitved
f8571dd0b6 Data flow: Work around functionality-induced misoptimization 2022-12-15 15:29:14 +01:00
Tom Hvitved
6eda042229 Data flow: Sync files 2022-12-15 15:29:13 +01:00
Tom Hvitved
adc738cb15 Data flow: Simplify reverse flow-through pruning 2022-12-15 15:29:12 +01:00
Tom Hvitved
d34901ac8c Data flow: Track return position instead of return kind 
Reverts bdb205a318.
 2022-12-15 15:29:12 +01:00
Tom Hvitved
1820bb4b0b Data flow: Simplify forwards flow-through pruning 2022-12-15 15:29:11 +01:00
Tom Hvitved
cb84b557cf Data flow: Track parameter instead of parameter position 
Reverts 70d2a0df8a.
 2022-12-15 15:29:11 +01:00
Tom Hvitved
d7e44a5426 Merge pull request #10714 from hvitved/ruby/initialize 
Ruby: Model flow through `initialize` constructors
 2022-12-15 13:42:59 +01:00
Alex Ford
1b49bfe605 Merge pull request #11497 from alexrford/ruby/rails_globalid 
Ruby: model `rails/globalid` component
 2022-12-15 10:35:15 +00:00
Tom Hvitved
b3feb4f295 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2022-12-15 10:46:06 +01:00
Jami Cogswell
46b8fbc4c9 Java: update remaining models, resolve merge conflict 2022-12-15 00:33:06 -05:00
Jami
359e49044f Merge branch 'main' into jcogs33/mad-metrics-query 2022-12-14 15:33:29 -05:00
Tom Hvitved
c04b90bc6b Add change note 2022-12-14 16:30:18 +01:00
Alex Ford
2af5925f38 Ruby: improve coverage of GlobalID::Identification modelling 2022-12-14 15:21:19 +00:00
Tom Hvitved
5d9c64ba6f Ruby: Model flow through initialize constructors 2022-12-14 12:57:39 +01:00
Tom Hvitved
25b2d11368 Merge pull request #11635 from hvitved/dataflow/approx-content 
Data flow: Introduce `ApproxContent` in a new pruning stage between stages 2 and 3
 2022-12-14 12:56:50 +01:00
Henry Mercer
a3933fbf4f Bump minor versions of packs we regularly release 2022-12-13 18:59:24 +00:00
Henry Mercer
7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
erik-krogh
ccf520a5cd Merge branch 'main' into unsafeCodeConstruction 2022-12-13 18:31:49 +01:00
Jami Cogswell
a33436a39b Java: update hasProvenance 2022-12-13 11:26:23 -05:00
Tom Hvitved
0c2eee2a72 Data flow: Sync files 2022-12-13 09:52:55 +01:00
Tom Hvitved
410ef4d713 Data flow: Rename stages 2022-12-13 09:52:46 +01:00
Tom Hvitved
d11cb2ee0f Data flow: Introduce ApproxContent in a new pruning stage between existing stages 2 and 3 2022-12-13 09:52:45 +01:00
Jami
93d8a03e73 Merge branch 'main' into jcogs33/mad-metrics-query 2022-12-12 20:31:53 -05:00
Jami Cogswell
623068c4b9 Java: add hasProvenance predicate, remove isManuallyGenerated and isBothAutoAndManuallyGenerated 2022-12-12 11:23:46 -05:00
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
Erik Krogh Kristensen
4ff823c36b Merge pull request #11366 from p-/p--ruby-kernel-open-addition 
Ruby: Add additional sinks to the `rb/kernel-open` query
 2022-12-12 15:56:01 +01:00