hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 21:56:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Geoffrey White
bce4735062 Rust: Additional test case suggested by copilot. 2025-02-06 14:29:26 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Taus
7124e80f28 Python: Regenerate parser files 2025-02-06 14:05:40 +00:00
Taus
c5be2a3e2d Python: Allow comments in subscripts 
Once again, the interaction between anchors and extras (specifically
comments) was causing trouble.

The root of the problem was the fact that in `a[b]`, we put `b` in the
`index` field of the subscript node, whereas in `a[b,c]`, we
additionally synthesize a `Tuple` node for `b,c` (which matches the
Python AST).

To fix this, we refactored the grammar slightly so as to make that tuple
explicit, such that a subscript node either contains a single expression
or the newly added tuple node. This greatly simplifies the logic.
 2025-02-06 14:04:57 +00:00
yoff
40851aeaef Merge pull request #18687 from github/tausbn/python-print-file-path-on-context-error 
Python: Print file path when logging context errors
 2025-02-06 15:01:06 +01:00
Nicolas Will
cd70acde66 Merge pull request #1 from nicolaswill/brodes/experiments 
Concepts for elliptic curves and misc. updates.
 2025-02-06 14:43:09 +01:00
Geoffrey White
a8a051234e Rust: Model parse. 2025-02-06 12:51:41 +00:00
Geoffrey White
d0f5aad085 Rust: Model to_string. 2025-02-06 12:51:40 +00:00
Geoffrey White
1ff7a521d5 Rust: Add a flow test for some iterator methods. 2025-02-06 12:51:34 +00:00
Anders Schack-Mulligen
57735388e0 Merge pull request #18655 from aschackmull/java/typeflow-joinorder 
TypeFlow: Improve join-order.
 2025-02-06 13:12:52 +01:00
Asger F
7f4facc864 Merge pull request #18661 from asgerf/js/hoist-in-block 
JS: Hoist function declarations to the top of a block statement
 2025-02-06 12:38:51 +01:00
Chris Smowton
269f63d6b1 Format 2025-02-06 11:36:45 +00:00
Chris Smowton
b8a720510c Use root dir license rather than removed Go license 2025-02-06 11:17:23 +00:00
Asger F
d3b9d1d89d JS: Partial SSRF does not select the sink location 2025-02-06 11:30:32 +01:00
Geoffrey White
c597818c4b Rust: Add a flow test for to_string() and parse(). 2025-02-06 10:30:27 +00:00
Asger F
7d6abb4e0a JS: Disable diff-informedness for full SSRF 
Partial SSRF uses its result in a way that prevents diff-informedness
 2025-02-06 11:30:18 +01:00
Geoffrey White
6966c96e7a Rust: Add a test case for parse on a command line arg. 2025-02-06 10:29:53 +00:00
Chris Smowton
ffc6b7abb6 Update license; remove redundant Go qlpack license. 2025-02-06 10:23:37 +00:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Simon Friis Vindum
820d2cbeb8 Shared: Use edge dominance in basic block library 2025-02-06 10:38:32 +01:00
Asger F
d3ee658399 Python: resolve remaining TODOs 2025-02-06 10:27:56 +01:00
Asger F
975ce064fc Python: implement for polynomial redos 2025-02-06 10:27:45 +01:00
Asger F
15c2ccb880 Python: ignore experimental for now 2025-02-06 10:27:43 +01:00
Asger F
9dfd1cc608 Python: Fixup broken patch 2025-02-06 10:27:21 +01:00
Asger F
e4a1847dad Python: mass enable diff-informed data flow 2025-02-06 10:27:19 +01:00
Asger F
6ae06aed9e Update javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-06 10:03:28 +01:00
Asger F
83ccdb76ed Merge pull request #18686 from asgerf/ac/bash-quotation-oom 
Actions: avoid N^2 parsing in common cases
 2025-02-06 09:59:23 +01:00
Asger F
6207e39b5f JS: Change note 2025-02-06 09:58:24 +01:00
Jami Cogswell
d21c8d789b Java: restrict sink to first arg of two-arg constructor call 2025-02-05 21:19:59 -05:00
Kristen Newbury
efcf7eab0c Add broken crypto query 2025-02-05 17:24:25 -05:00
Jami Cogswell
bd47dcc87d Java: check first arg for taint 2025-02-05 16:56:16 -05:00
Lindsay Simpkins
6f2832401c csharp MaD add change note 2025-02-05 16:37:53 -05:00
Lindsay Simpkins
e0034e566f csharp update MaD for HttpRequestMessage and UriBuilder 2025-02-05 15:49:49 -05:00
Jami Cogswell
e8724ab220 Java: sanitize constructor call instead and update test cases 2025-02-05 15:46:10 -05:00
Kristen Newbury
86e51dad8a Improve JCA aes alg model, add test 2025-02-05 13:39:48 -05:00
Remco Vermeulen
7619f1dac9 Merge pull request #18679 from rvermeulen/rvermeulen/ccr-suites 
Add CCR suites
 2025-02-05 09:35:48 -08:00
Jami Cogswell
4a4585a526 Java: move comment 2025-02-05 11:36:58 -05:00
Ed Minnix
0a817eb1da Fix test expectations 2025-02-05 11:25:51 -05:00
Ed Minnix
274a2d8dac Remove remoteFlowSource integration test 2025-02-05 11:24:29 -05:00
Ed Minnix
a783ac1abf Add QL tests for remoteFlowSource 2025-02-05 11:22:23 -05:00
Paolo Tranquilli
d65a704209 Merge pull request #18635 from hvitved/codegen/self-type-alias 
Codegen: Improve return type of self-typed properties
 2025-02-05 17:20:25 +01:00
Jami Cogswell
dce89c5419 Java: update qhelp to align with other csrf queries 2025-02-05 10:57:47 -05:00
Rasmus Lerchedahl Petersen
5feb401607 ruby: Add query for hoisting Rails ActiveRecord calls 
This does not take assicoations into account.
It uses ActiveRecordModelFinderCall to identify relevant calls.
This class has therefor been made public.
 2025-02-05 16:47:48 +01:00
Paolo Tranquilli
e4523ef581 Merge pull request #18684 from github/redsun82/swift-keypath-expr 
Swift: fix `KeyPathExpr` assertion
 2025-02-05 16:40:25 +01:00
Jami Cogswell
c6a71cd3fd Java: minor qhelp updates 2025-02-05 10:20:57 -05:00
Nora Dimitrijević
ab521ff180 Merge pull request #18688 from d10c/d10c/drop-bigint-avg 
Update docs to remove BigInt `avg`
 2025-02-05 16:07:57 +01:00
Tom Hvitved
493953e724 Rust: Extend path resolution to cover type parameters 2025-02-05 15:30:07 +01:00
Tom Hvitved
9319b1848d Merge pull request #18682 from hvitved/dataflow/aliases 
Data flow: Add aliases for removing `DataFlow` prefixes
 2025-02-05 15:04:13 +01:00
Nora Dimitrijević
e455a6c5d7 Update docs to remove BigInt avg 2025-02-05 14:27:21 +01:00