codeql

mirror of https://github.com/github/codeql.git synced 2026-06-25 06:37:07 +02:00

Author	SHA1	Message	Date
Tom Hvitved	71cd973b42	Ruby: Fix bad join in `DestructuredAssignDesugar` ``` Evaluated relational algebra for predicate Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff@0c55fb0w on iteration 4 running pipeline order_500000 with tuple counts: 0 ~0% {2} r1 = JOIN Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev_delta WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 0 ~0% {2} r2 = JOIN r1 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.0, Lhs.1 0 ~0% {4} r3 = JOIN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1, false, Rhs.1, Lhs.0 0 ~0% {2} r4 = JOIN r3 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 3 OUTPUT Lhs.3, Rhs.3 0 ~0% {2} r5 = r2 UNION r4 336618 ~3% {1} r6 = SCAN Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev_delta OUTPUT In.0 336618 ~0% {2} r7 = JOIN r6 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 0 ~0% {2} r8 = JOIN r7 WITH Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1 0 ~0% {3} r9 = SCAN Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev_delta OUTPUT false, In.1, In.0 0 ~0% {3} r10 = JOIN r9 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev ON FIRST 2 OUTPUT Lhs.2, Rhs.2, Rhs.3 0 ~0% {2} r11 = JOIN r10 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2 2119 ~2% {3} r12 = JOIN Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev_delta WITH const_false ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3 2657005103 ~5% {3} r13 = JOIN r12 WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#reorder_1_0#prev ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 1184200 ~0% {2} r14 = JOIN r13 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2 1184200 ~0% {2} r15 = r11 UNION r14 1184200 ~0% {2} r16 = r8 UNION r15 1184200 ~0% {2} r17 = r5 UNION r16 1184200 ~0% {2} r18 = r17 AND NOT Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff#prev(Lhs.0, Lhs.1) return r18 ```	2023-04-24 13:44:18 +02:00
Kasper Svendsen	361b15b2c7	Merge branch 'main' into kaspersv/prevent-python-join-order-regression	2023-04-24 13:35:07 +02:00
Kasper Svendsen	bfe5db20a3	Merge pull request #12891 from kaspersv/kaspersv/prevent-ruby-join-regression2 Prevent Ruby join order regression	2023-04-24 13:27:33 +02:00
Edward Minnix III	ba4d326768	Merge pull request #12902 from egregius313/egregius313/java/dataflow/refactor-integration-tests Java: Refactor Kotlin Integration tests to new DataFlow API	2023-04-24 06:51:40 -04:00
Michael Nebel	8ade7247a1	Merge pull request #12885 from michaelnebel/mergepathgraph3 Dataflow: Introduce param module for merging three path graphs.	2023-04-24 12:49:28 +02:00
Rasmus Wriedt Larsen	7453533ba4	Python: Expand `setdefault` tests	2023-04-24 12:29:58 +02:00
Rasmus Wriedt Larsen	7fa84a3613	Python: Only test UnsafeUnpacking with Python 3 Apparently the fixup of .expected in the latest commit was only required when extracting as Python 3, but not as Python 2... I honestly don't understand why.	2023-04-24 12:29:58 +02:00
Rasmus Lerchedahl Petersen	a25c7f7549	Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking	2023-04-24 11:50:32 +02:00
Rasmus Wriedt Larsen	bfbbb5277d	Merge pull request #12888 from lcartey/mcafee-trojan-fp Update `SimpleXmlRpcServer.ql` to avoid incorrect detection as a trojan by Mcafee	2023-04-24 11:17:52 +02:00
Erik Krogh Kristensen	b0efff0110	Merge pull request #12904 from github/dependabot/cargo/ql/tracing-subscriber-0.3.17 Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql	2023-04-24 11:05:36 +02:00
Erik Krogh Kristensen	b16444dd22	Merge pull request #12903 from github/dependabot/cargo/ql/regex-1.8.1 Bump regex from 1.8.0 to 1.8.1 in /ql	2023-04-24 11:05:13 +02:00
Geoffrey White	1f126b60ff	Swift: Touch UnsafeWebViewFetch.qhelp.	2023-04-24 09:35:32 +01:00
Alex Ford	edf48f4839	Ruby: add sqlite3 to Frameworks.qll	2023-04-24 09:11:14 +01:00
Paolo Tranquilli	1ed5f6ac96	Swift: flush log files on log flushing	2023-04-24 10:08:37 +02:00
Paolo Tranquilli	f9a52f894e	Merge branch 'main' into redsun82/swift-logging-assertions-and-prints	2023-04-24 09:58:19 +02:00
Paolo Tranquilli	c04ac9c04e	Swift: demote wrong assertion	2023-04-24 09:57:51 +02:00
dependabot[bot]	5e274c9664	Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.16 to 0.3.17. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.16...tracing-subscriber-0.3.17) --- updated-dependencies: - dependency-name: tracing-subscriber dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-24 04:12:25 +00:00
dependabot[bot]	a5e919b6cb	Bump regex from 1.8.0 to 1.8.1 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/commits/1.8.1) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-24 04:12:06 +00:00
Harry Maclean	9ea0b19ead	Replace deprecated extension in devcontainer	2023-04-23 06:05:25 +00:00
Harry Maclean	3f6087e179	Shared: formatting	2023-04-23 06:04:55 +00:00
Harry Maclean	690c243987	Shared: add CI check for shared extractor	2023-04-23 05:50:22 +00:00
Harry Maclean	9005684b10	Shared: Add integration test for shared extractor This is a very basic test but provides some confidence that the extractor is working.	2023-04-23 05:29:22 +00:00
Ed Minnix	19e6a9a1d3	Fix version of PathGraph used	2023-04-21 19:08:56 -04:00
Ed Minnix	40aed29858	Refactor Java Integration tests to new API	2023-04-21 18:22:28 -04:00
jarlob	6e9f54ef55	Use double curly braces	2023-04-21 19:03:38 +02:00
Arthur Baars	b919547e31	Add change note	2023-04-21 17:42:02 +02:00
Arthur Baars	bc44b9e4fb	Python: update stats for YAML tables	2023-04-21 17:42:02 +02:00
Arthur Baars	c4a7353583	Python: upgrade/downgrade scripts	2023-04-21 17:42:02 +02:00
Arthur Baars	f61565cab1	Python: add YAML library	2023-04-21 17:42:02 +02:00
Arthur Baars	9c25c150a3	Python: add YAML dbscheme fragment	2023-04-21 17:42:02 +02:00
Rasmus Wriedt Larsen	b60cab254a	Python: Accept `.expected` change	2023-04-21 15:25:47 +02:00
Joe Farebrother	a4d7570788	Add more sources	2023-04-21 14:23:01 +01:00
Joe Farebrother	9881fdfe27	Convert sources to MaD	2023-04-21 14:19:17 +01:00
Rasmus Wriedt Larsen	4094ec5fcc	Python: Change additional dict store/read steps to not affect taint-tracking	2023-04-21 14:43:24 +02:00
Rasmus Wriedt Larsen	f80a0916ac	Python: Don't report get/setdefault as unresolved calls for dict tests	2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen	e0e978bd3e	Python: Fix ql4ql alerts	2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen	b56869551d	Python: Support more dictionary read/store steps The `setdefault` behavior is kinda strange, but no reason not to support it.	2023-04-21 14:18:50 +02:00
Rasmus Wriedt Larsen	6e31f64aaa	Python: Add test for dictionary flow	2023-04-21 14:18:46 +02:00
Erik Krogh Kristensen	4bf03e7962	Merge pull request #12897 from github/dependabot/cargo/ql/regex-1.8.0 Bump regex from 1.7.3 to 1.8.0 in /ql	2023-04-21 12:57:33 +02:00
Asger F	f3b14e13b2	Merge pull request #12841 from asgerf/rb/api-graph-class-nodes Ruby: add API node representing a module/class object	2023-04-21 10:59:51 +02:00
Harry Maclean	ac1d250596	Shared: fix language prefix in extractor	2023-04-21 15:07:47 +07:00
Paolo Tranquilli	55f23ffa6f	Merge branch 'main' into redsun82/swift-logging-assertions-and-prints	2023-04-21 09:18:48 +02:00
Michael Nebel	239a763ef9	Merge pull request #12845 from michaelnebel/csharp/xssrefactor C#: Re-factor Xss to use the new data flow API.	2023-04-21 08:55:07 +02:00
dependabot[bot]	149753c052	Bump regex from 1.7.3 to 1.8.0 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.7.3 to 1.8.0. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/commits) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-21 04:03:04 +00:00
Ed Minnix	64ea4833d9	Erase generics in `typeAsModel`	2023-04-20 17:09:36 -04:00
Jami Cogswell	85542638d7	Java: refactor CaptureModelsSpecific; resolve conflict for isInTestFile	2023-04-20 16:23:12 -04:00
Jami Cogswell	94f11029ee	Java: refactor ExternalApi	2023-04-20 16:19:15 -04:00
Jami Cogswell	2ae4b646a0	Java: adjust genVsMan query test cases	2023-04-20 16:19:15 -04:00
Jami Cogswell	2ca8103a7e	Java: remove isImplicitlyPublic predicate since not needed for this use-case	2023-04-20 16:19:15 -04:00
Jami Cogswell	5dbd11a584	Java: move veryPublic predicate	2023-04-20 16:19:15 -04:00

... 651 652 653 654 655 ...

86439 Commits