Chris Smowton
6d321e0151
Add change note
2022-10-29 11:40:57 +01:00
Chris Smowton
5c66d87ed6
gofmt
2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967
Go: exclude protobuf read steps from cleartext-logging query
...
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.
However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.
On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
2022-10-29 11:40:57 +01:00
Chris Smowton
8266a22332
Kotlin: fix method types when an inherited method implements a collection type
...
In this circumstance the compiler seems to generate a specialised version of the implementing function with its argument type replaced by the interface-implementing child class' type parameter. However it stores a back-pointer to the real declared function, which we should use as the call target.
2022-10-29 11:29:04 +01:00
Dave Bartolomeo
85790fcade
Merge pull request #10964 from smowton/smowton/admin/modernise-qlpacks
...
qlpacks: libraryPathDependencies -> dependencies
2022-10-28 16:44:22 -04:00
Mathias Vorreiter Pedersen
18d3801c92
Merge pull request #11033 from MathiasVP/exclude-void-calls
...
C++: Don't create `DataFlow::Node`s for `void`-typed instructions
2022-10-28 20:46:33 +02:00
Chris Smowton
d9744c81b7
Merge pull request #11017 from smowton/smowton/fix/kotlin-wildcard-suppression-annotation
...
Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument.
2022-10-28 18:33:07 +01:00
Ian Lynagh
84427e132e
Kotlin: Move the logs test to all-platforms
2022-10-28 17:56:41 +01:00
Geoffrey White
840b74dbb5
Swift: Add and use ApplyExpr.getArgumentByParamName.
2022-10-28 17:55:11 +01:00
Geoffrey White
f122005aaf
Swift: Simplify out some variables.
2022-10-28 17:26:17 +01:00
Tony Torralba
2402504a4c
Add missing SummaryPostUpdateNode
2022-10-28 18:24:17 +02:00
Geoffrey White
b4d939a620
Swift: Correct a comment.
2022-10-28 17:11:24 +01:00
Chris Smowton
f9e811bddf
Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete.
2022-10-28 16:47:30 +01:00
Chris Smowton
1914a114a2
Merge pull request #11018 from smowton/smowton/fix/kotlin-extension-specialisation
...
Kotlin: specialise extension receivers the same as other function parameters
2022-10-28 16:15:41 +01:00
Chris Smowton
d6e2f5f4a8
Use ?.not() to negate a nullable boolean
2022-10-28 16:13:55 +01:00
Chris Smowton
1e1c9f639c
Avoid Kotlin 1.5+ function firstNotNullOfOrNull
2022-10-28 16:13:55 +01:00
Chris Smowton
24f87ac963
Kotlin: fix wildcard suppression where the annotation applies to a parent type/argument.
...
In the process I also fix the missed case where suppression can be switched off using a parameterized annotation.
2022-10-28 16:13:55 +01:00
Ian Lynagh
2796d60d79
Merge pull request #11019 from igfoo/igfoo/win_integ
...
Kotlin: Get some integration tests running on Windows
2022-10-28 16:12:15 +01:00
Chris Smowton
5ad5cdce47
Swift integration-test runner: use --additional-packs
2022-10-28 16:07:38 +01:00
Chris Smowton
ee63e60bb7
qlpacks: libraryPathDependencies -> dependencies
2022-10-28 16:07:36 +01:00
Geoffrey White
648c2d09f9
Swift: Simplify InsecureTLS.ql.
2022-10-28 15:56:03 +01:00
Tony Torralba
baf7986cfa
Rework types exported through JSContext
...
Better model the JSExport protocol logic
2022-10-28 15:56:05 +02:00
Rasmus Wriedt Larsen
a04c78ab94
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2022-10-28 15:31:42 +02:00
Asger F
06ec03de74
Ruby: add convenience-accessors for ConstantValue
2022-10-28 15:16:14 +02:00
Asger F
046e669c78
Ruby: add getAncestorExpr
2022-10-28 15:16:14 +02:00
Asger F
77d1788619
Ruby: add data flow versions of ArrayLiteral, HashLiteral, Pair
2022-10-28 15:16:14 +02:00
Asger F
2546d09fe2
Ruby: add SetterCallNode
2022-10-28 15:16:14 +02:00
Asger F
515b8366d2
Ruby: add getAnAncestor, getADescendent
2022-10-28 15:16:14 +02:00
Asger F
c8f7519cee
Ruby: add Module.getNamespaceOrTopLevel
2022-10-28 15:16:14 +02:00
Asger F
1f644a9c1d
Ruby: add getEnclosingToplevel
2022-10-28 15:16:14 +02:00
Asger F
436cc60138
Ruby: update some uses of getConstantValue()
2022-10-28 15:16:14 +02:00
Asger F
156964bfc9
Ruby: add getEnclosingModule and getNestedModule
2022-10-28 15:16:14 +02:00
Asger F
67772bbc43
Ruby: Accessors for attributes and elements
2022-10-28 15:16:14 +02:00
Asger F
8976ba5583
Ruby: Add CallableNode, MethodNode, and accessors
2022-10-28 15:16:13 +02:00
Ian Lynagh
49425e6c2a
Kotlin: Integration tests: Make a couple more posix-only for now
2022-10-28 13:59:36 +01:00
Geoffrey White
cf9c3afc86
Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate.
2022-10-28 13:57:24 +01:00
Tamas Vajk
d745381ebe
Remove unneeded consistency test output
2022-10-28 14:56:25 +02:00
Tamas Vajk
803a97df7f
Kotlin: Resugar for loops with tuples as loop variables
2022-10-28 14:55:50 +02:00
Tamas Vajk
841340b266
Kotlin: Resugar for loops
2022-10-28 14:55:50 +02:00
Tamas Vajk
1e3060598f
Kotlin: Add for loop tests
2022-10-28 14:55:50 +02:00
Mathias Vorreiter Pedersen
f3be58e2ba
C++: Accept more test changes.
2022-10-28 14:53:24 +02:00
Alex Ford
bb9205226a
Ruby: fix whitespace in basic query doc table
2022-10-28 13:36:45 +01:00
Mathias Vorreiter Pedersen
20b188ff42
Merge pull request #11020 from rdmarsh2/rdmarsh2/repair-365-days-per-year
...
C++: repair Adding365DaysPerYear.ql
2022-10-28 14:35:05 +02:00
Mathias Vorreiter Pedersen
f6ff9c9c66
Update cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2022-10-28 14:32:08 +02:00
Paolo Tranquilli
3dcdc739de
Swift: add possibility to run the extractor under an env-specified tool
...
if `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER` env variable is set, and either
* `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER_FILTER` is not set, or
* it is set to a regexp matching any substring of the extractor call
then the extractor process is substituted with the command (and possibly
options) stated in `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER`, followed by the
system arguments of the extractor itself (which should include the
extractor program itself at the start).
Before calling `exec`, `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER` is unset to
avoid unpleasant loops.
An example usage is to run the extractor under `gdbserver :1234` when
the arguments match a given source file.
2022-10-28 14:12:27 +02:00
Tamás Vajk
caf9ac50d9
Merge pull request #11026 from tamasvajk/kotlin-remove-kotlin-java-eq-test
...
Kotlin: Remove `javaEquivalent` consistency query
2022-10-28 14:08:53 +02:00
Chris Smowton
366410ee9e
Fix incorrect parameter ordering
2022-10-28 12:58:23 +01:00
Mathias Vorreiter Pedersen
0a3d0c4f56
Merge pull request #11031 from geoffw0/simplify
...
Swift: Simplify queries using MethodDecl.hasQualifiedName
2022-10-28 13:58:08 +02:00
Mathias Vorreiter Pedersen
9888de8acb
Merge branch 'replace-ast-with-ir-use-usedataflow' into rdmarsh2/repair-365-days-per-year
2022-10-28 13:48:12 +02:00
Mathias Vorreiter Pedersen
42e8ec32d7
Merge pull request #11030 from MathiasVP/fix-ql-for-ql-errors
...
C++: Fix QL-for-QL in #10817
2022-10-28 13:39:50 +02:00