hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
a035c9b4d1 C++: Also update source-sink tests. 2025-03-14 20:04:45 +00:00
Tom Hvitved
a56493cbbc Merge pull request #19028 from hvitved/rust/crate-locatable 2025-03-14 20:27:33 +01:00
Mathias Vorreiter Pedersen
b7d1c56372 C++: Add change note. 2025-03-14 18:53:09 +00:00
Mathias Vorreiter Pedersen
636150ea4f C++: Adjust tests and accept test changes. 2025-03-14 18:43:33 +00:00
Mathias Vorreiter Pedersen
78697903fc C++: Move ATL models to ATL namespace. 2025-03-14 18:43:06 +00:00
Aditya Sharad
c5b35b0976 Merge pull request #19022 from adityasharad/actions/paths-ignore-test-dir 
Code scanning config: Exclude actions test directory
 2025-03-14 23:44:16 +05:30
Taus
ef9b229023 Python: Actually get rid of points-to 
Also adds `quality` to the list of tags for the query.
 2025-03-14 16:51:48 +00:00
Taus
c9e9deb41e Python: Adapt to a points-to-less world 
Technically we still depend on points-to in that we still mention
`PythonFunctionValue` and `ClassValue` in the query. However, we
immediately move to working with the corresponding `Function` and
`Class` AST nodes, and so we're not really using points-to. (The reason
for doing things this way is that otherwise the `.toString()` for all of
the alerts would change, which would make the diff hard to interpret.
This way, it should be fairly simple to see which changes are actually
relevant.)

We do lose some precision when moving away from points-to, and this is
reflected in the changes in the `.expected` file. In particular we no
longer do complicated tracking of values, but rather look at the
syntactic structure of the classes in question. This causes us to lose
out on some results where a special method is defined elsewhere, and
causes a single FP where a special method initially has the wrong
signature, but is subsequently overwritten with a function with the
correct signature.

We also lose out on results having to do with default values, as these
are now disabled.

Finally, it was necessary to add special handling of methods marked with
the `staticmethod` decorator, as these expect to receive fewer
arguments. This was motivated by a MRVA run, where e.g. sympy showed a
lot of examples along the lines of
```
@staticmethod
def __abs__():
   return ...
```
 2025-03-14 16:49:33 +00:00
Taus
bf688b88a9 Python: Add missing special methods 2025-03-14 16:29:54 +00:00
Paolo Tranquilli
622aa7c170 Swift: simplify codeql workflow 
* remove ql test running and upgrade/downgrade scripts checking (now
  done internally)
* removed all the bazel caching stuff, that never really worked any way
* moved `misc/codegen` generic testing to a separate workflow, as it's
  not swift specific any more
* reinstanted checking that the extractor can be built locally from
  the `codeql` repo.
 2025-03-14 16:13:58 +01:00
Michael B. Gale
284f612965 C#: Use StringBuilder for feed arguments in GetRestoreArgs 2025-03-14 14:06:48 +00:00
Michael B. Gale
b6c74fe306 C#: Narrow Exception to JsonException 2025-03-14 14:05:27 +00:00
Michael B. Gale
95605935fa C#: Fix .ToList() being called on null 2025-03-14 14:02:38 +00:00
Napalys
c93be70053 Rename validation methods for type expressions and added recursive call for type validation. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 14:58:27 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Tom Hvitved
89f6245772 Rust: Add telemetry for comparing against rust-analyzer 2025-03-14 14:48:15 +01:00
Michael B. Gale
a8dde15a87 C#: Only provide feeds on command line if Dependabot proxy is enabled 2025-03-14 13:47:05 +00:00
Aditya Sharad
28f40f1d45 Merge pull request #19023 from adityasharad/actions/env-var-query-names 
Actions: Fix typos in query names for env var injection
 2025-03-14 19:11:11 +05:30
Michael B. Gale
6b15f77168 C#: Fix test failures 2025-03-14 13:39:28 +00:00
Michael B. Gale
0db6a269e4 C#: Propagate explicit feeds to RestoreProjects 2025-03-14 13:39:27 +00:00
Michael B. Gale
726123c0cb C#: Allow specifying package feeds for dotnet restore as command line arguments 2025-03-14 13:39:26 +00:00
Michael B. Gale
11efb55aa1 C#: Parse environment variables to obtain list of registry URLs 2025-03-14 13:39:26 +00:00
Michael B. Gale
63d5517d7c C#: Add list of registries to DependabotProxy 2025-03-14 13:39:25 +00:00
Michael B. Gale
6b2f348c4c C#: Add CODEQL_PROXY_URLS environment variable 2025-03-14 13:39:23 +00:00
Napalys Klicius
70232a34f3 Merge pull request #19006 from Napalys/js/vue_tanstack_model 
Js: Added support for `@tanstack/vue-query`
 2025-03-14 14:36:35 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
d40ef0ddae Changed from taint to value steps. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 13:48:15 +01:00
Napalys
1468e81c55 Ensure interface extends valid expr. 2025-03-14 13:41:37 +01:00
Anders Schack-Mulligen
474b8a5a31 Merge pull request #18942 from aschackmull/cpp/refactor-ssa 
C++: Refactor SSA usage in data flow.
 2025-03-14 13:31:32 +01:00
Simon Friis Vindum
5a3bf90b1f Rust: Add qldoc comments 2025-03-14 13:31:03 +01:00
Simon Friis Vindum
a96a5fc737 Rust: Address PR comments 2025-03-14 13:24:16 +01:00
Tom Hvitved
0dd59cbb25 Rust: Make Crate a sub class of Locatable 2025-03-14 13:18:02 +01:00
Simon Friis Vindum
60f96eee7e Merge pull request #19026 from paldepind/rust-expr-type-eq 
Rust: Handle type equality for a few more expression types
 2025-03-14 13:14:52 +01:00
Tamas Vajk
d4955a0747 Fix failing test and add new test case 2025-03-14 13:07:56 +01:00
Owen Mansel-Chan
7702e9da7d Address review comments 2025-03-14 11:44:01 +00:00
Owen Mansel-Chan
5c7588822d Fix test output 2025-03-14 11:44:00 +00:00
Simon Friis Vindum
c17c0458dd Rust: Handle type equality for a few more expression types 2025-03-14 11:59:34 +01:00
Tom Hvitved
dcd01befc2 Swift: Cache Element.toString 2025-03-14 11:58:42 +01:00
Tom Hvitved
d1ad65ae09 Rust: Cache Element.toString 2025-03-14 11:58:38 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys
c4b717b86c Added test case for escape. 2025-03-14 11:40:23 +01:00
Tamas Vajk
9662b47464 Move likely test method logic to library 2025-03-14 11:36:15 +01:00
Tamas Vajk
05502bc74e Change severity and precision 2025-03-14 11:36:14 +01:00
Tamás Vajk
30ff68dc71 Update java/ql/src/Language Abuse/EmptyMethod.md 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-03-14 11:36:14 +01:00
Tamas Vajk
2538ba82cc Revert message 2025-03-14 11:36:13 +01:00
Tamás Vajk
050ef405c1 Improve query help 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-03-14 11:36:12 +01:00
Tamas Vajk
24f129c12c Fix typo in QL help 2025-03-14 11:36:12 +01:00
Tamas Vajk
17aa3fc428 Add compliant/non-compliant comments back to the test file 2025-03-14 11:36:11 +01:00