hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

2856 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
0cb8e121e9 Python: Fix flask request modeling 
This takes us part of the way. We still get multiple paths for the same
alert, but that will be fixed in a different PR.
 2022-09-29 17:41:21 +02:00
Asger F
ed36f1983b Python: sync TypeTracker.qll 2022-09-29 15:57:09 +02:00
Asger F
dc03557aea Merge branch 'main' into rb/summarize-loads-v2 2022-09-29 12:07:30 +02:00
Rasmus Lerchedahl Petersen
a11948bea0 Python: make toString follow member predicate name 2022-09-28 16:13:04 +02:00
Rasmus Lerchedahl Petersen
d122a64e74 Python: do not commit to CfgNode 2022-09-28 16:12:29 +02:00
Asger F
24f2a3cdff Sync ApiGraphModels.qll 2022-09-28 12:17:44 +02:00
Rasmus Lerchedahl Petersen
05102f9007 Python: add change note 2022-09-28 12:06:05 +02:00
Rasmus Lerchedahl Petersen
b1ae3bfdb2 Python: less eager tracking of flow 2022-09-28 11:46:26 +02:00
yoff
70d47f313e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-28 11:33:00 +02:00
Asger F
9c93ad904f Python: sync 2022-09-28 10:49:34 +02:00
Asger F
e47deaffbf Ruby: More QLDoc police 2022-09-28 10:49:34 +02:00
Asger F
7737e75427 Update some QLDoc comments 2022-09-28 10:49:34 +02:00
Asger F
576e320bf5 Python: sync 2022-09-28 10:49:34 +02:00
Asger F
e104b65106 Python: sync TypeTracker.qll and adapt accordingly 
fixup python
 2022-09-28 10:49:33 +02:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Rasmus Lerchedahl Petersen
441fc1bb28 Python: type trackers to API graph 
base on new subscript in the API graph

There are a few more uses of type tracking
through `SubscriptNode`s, but these start
from an instance given by a data flow node.
 2022-09-26 15:05:50 +02:00
Rasmus Lerchedahl Petersen
bc963b2386 Python: subscript on API::Node 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
6114d71d3d Python: subscript on local source nodes 
and adjust comment on awaited
 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
7f610405a0 Python: move code and harmonize comments 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
69640f3c20 Python: refactor awaited 2022-09-26 13:39:59 +02:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Rasmus Wriedt Larsen
71da217b82 Merge pull request #10535 from RasmusWL/flask-jsonify 
Python: Model `flask.jsonify`
 2022-09-23 12:18:27 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Rasmus Wriedt Larsen
d3f811cab3 Python: Accept any arg to flask.jsonify 
Thanks @tausbn 👍
 2022-09-22 14:59:06 +02:00
Rasmus Wriedt Larsen
8174120916 Python: Model flask.jsonify 2022-09-22 14:43:39 +02:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Tom Hvitved
db8b6ac69a Data flow: Sync files 2022-09-21 11:02:24 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
yoff
6b589c5d5d Merge pull request #10387 from RasmusWL/getStarArg-always-first 
Python: `getStarArg` gives first `*args` argument
 2022-09-20 20:01:07 +02:00
yoff
ea743173d5 Merge pull request #8781 from yoff/python-dataflow/flow-summaries-from-scratch 
Python dataflow: flow summaries restart
 2022-09-20 14:08:31 +02:00
Rasmus Lerchedahl Petersen
318e3290f2 Python: use "extracted" instead of "source" 
The precedence for the use of "source" to denote elements of source code
is found in `EssaVariable::getSourceVariable` as well as in the Ruby
code base. But it clashes with the many uses of source to mean
"source of flow" found in the data flow library.
 2022-09-20 13:26:04 +02:00
Rasmus Lerchedahl Petersen
9a7afa9d8d Python: more idiomatic cartesian product 2022-09-20 12:47:56 +02:00
Asger F
51618b46a8 Sync ApiGraphModels.qll 2022-09-20 11:47:37 +02:00
Rasmus Wriedt Larsen
556e93ae68 Merge pull request #10384 from RasmusWL/callnode-getargbyname 
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
 2022-09-19 15:05:59 +02:00
yoff
f7cbcb2fef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-19 14:52:18 +02:00
Rasmus Lerchedahl Petersen
6377e6c575 Python: move summary to Stdlib.qll 2022-09-19 14:36:36 +02:00
Rasmus Lerchedahl Petersen
f560719a88 Python: expand comment on flow summaries 2022-09-19 14:30:53 +02:00
Rasmus Lerchedahl Petersen
da39c14e46 Python: comment out SummarizedCallableFromModel 2022-09-19 14:06:21 +02:00
Rasmus Lerchedahl Petersen
37fb27fa1c Python: change type of LibraryCallable::getACall 
The other callables return control flow nodes,
so it is slightly inconsistent for this to return a
data flow node, but it does make models based
on API graphs nicer.
 2022-09-19 14:02:52 +02:00