hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

29991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
712d71856b Merge pull request #7401 from github/release-prep/2.7.4 
Release preparation for version 2.7.4
 2021-12-14 16:42:33 -05:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Dave Bartolomeo
6664a3814a Merge pull request #7398 from github/dbartol/fix-change-notes 
Fix change notes
 2021-12-14 13:53:08 -05:00
Dave Bartolomeo
fa40d59332 Move older change notes to old-change-notes 
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there.

I'm working on a document to describe how and when to create change notes for packs separately.
 2021-12-14 12:35:04 -05:00
Dave Bartolomeo
a62f181d42 Move new change notes to appropriate packs 2021-12-14 12:05:15 -05:00
Erik Krogh Kristensen
de4458346f Merge pull request #7344 from SZFsir/main 
JS: Improve inter-procedural type inference for FunctionExpr
 2021-12-13 21:58:53 +01:00
Nick Rolfe
dc27089714 Merge pull request #7375 from github/nickrolfe/cargo_update 
Ruby: update crate versions
 2021-12-13 18:16:29 +00:00
Dave Bartolomeo
7732c0885f Merge pull request #7374 from aeisenberg/aesenberg/upgrades-semver 
Fix semver for upgrades references
 2021-12-13 13:06:59 -05:00
Andrew Eisenberg
0669ef505e Fix semver for upgrades references 
Ensure the version range is flexible enough to handle
future version changes.
 2021-12-13 09:03:33 -08:00
Aditya Sharad
372f099850 Merge pull request #7323 from adityasharad/atm/perf-debugging-std-lib 
JS: Performance improvements to libraries using regex matching
 2021-12-13 08:53:11 -08:00
Nick Rolfe
b18f7a9bd7 Ruby: update crate versions 2021-12-13 15:37:35 +00:00
Michael Nebel
c0b61d7f73 Merge pull request #7370 from michaelnebel/csharp-mad-textreader 
C#: Flow summaries for virtual members in abstract classes should also apply to overrides.
 2021-12-13 15:00:54 +01:00
Alex Ford
124aac23c6 Merge pull request #7371 from github/ruby/comment-new-syntax 
Ruby: use Ruby object instantiation syntax in a comment
 2021-12-13 13:23:03 +00:00
Alex Ford
4ae92667e1 Ruby: use Ruby object instantiation syntax in a comment 2021-12-13 12:54:45 +00:00
Michael Nebel
ba23393c0d C#: Update test as we now also implicitly gets flow summary for StreamReader. 2021-12-13 13:51:53 +01:00
Michael Nebel
a6eba04793 C#: Convert System.IO.TextReader flow to CSV format. 2021-12-13 13:51:18 +01:00
Michael Nebel
88bb8a2704 C#: Update flow summaries test cases. 2021-12-13 13:14:49 +01:00
Michael Nebel
d699ca9aa8 C#: Flow summaries should also apply for overides or virtual members in abstract classes. 2021-12-13 13:09:40 +01:00
Michael Nebel
7ff2ee695d Merge pull request #7348 from michaelnebel/csharp-mad-as-csv-json 
C#: Convert flow summaries for JSon.NET
 2021-12-13 11:57:55 +01:00
JrXnm
efc9e67ec2 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Fix multiple declare may mismatch issue

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:36:06 +08:00
JrXnm
fad95d8935 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Commit coding style suggestion

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:32:11 +08:00
Michael Nebel
f32d464c0f C#: Ensure bi-directional import for External flow. 2021-12-13 10:50:49 +01:00
Michael Nebel
327cf444f4 C#: Convert Newtonsoft.JSon.Linq.JObject and Newtonsoft.JSon.Linq.JToken flow to CSV format. 2021-12-13 10:50:49 +01:00
Michael Nebel
f3c0eadbce C#: Fix the existing callableFlow for JObject to target the inherited ToString methods from JToken. 2021-12-13 10:50:49 +01:00
Michael Nebel
58f36e4b31 C#: Convert NewtonSoft.Json.JSonSerializer flow to CSV format. 2021-12-13 10:50:49 +01:00
Michael Nebel
90e49508a3 C#: Convert Newtonsoft.Json.JsonConvert flow to CSV format. 2021-12-13 10:50:48 +01:00
Michael Nebel
a4bea05fa7 Merge pull request #7342 from michaelnebel/csharp-mad-as-csv3 
C#: More Flow summaries in CSV format.
 2021-12-13 10:32:28 +01:00
Michael Nebel
be1e75471e C#: Ensure bi-directional import for external flow. 2021-12-13 09:23:11 +01:00
Michael Nebel
1cab177f8a C#: Convert System.Web.HttpUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
0e0c3e3937 C#: Convert System.Web.HttpServerUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
6301e726ee C#: Update HttpServerUtility stub with HtmlEncode method and update flow summaries test. 2021-12-13 09:19:41 +01:00
Michael Nebel
1cd37dddf5 C#: Convert System.Net.WebUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
07a4f5f748 C#: Update FlowSummaries test as the bogus flow summaries for the KeyValuePair default constructor has been removed. 2021-12-13 09:19:41 +01:00
Michael Nebel
679aad138e C#: Convert System.Collections.Generic.KeyValuePair flow to CSV format. 2021-12-13 09:19:36 +01:00
Michael Nebel
42bf866fb3 C#: Convert System.Web.UI.WebControls.Textbox flow to CSV format. 2021-12-13 09:18:34 +01:00
Michael Nebel
9604ed883c C#: Convert System.NET.IPHostEntry flow to CSV format. 2021-12-13 09:17:27 +01:00
Michael Nebel
d804893a49 C#: Convert System.Net.Cookie flow to CSV format. 2021-12-13 09:16:05 +01:00
Michael Nebel
03fb244545 C#: Convert System.Web.HttpCookie flow to CSV format. 2021-12-13 09:13:14 +01:00
Michael Nebel
a6360215f3 Merge pull request #7304 from michaelnebel/csharp-mad-as-csv2 
C#: Convert flow summaries to CSV format.
 2021-12-13 08:56:06 +01:00
Harry Maclean
0ca9852cc8 Merge pull request #7325 from github/hmac/action-controller-private-methods 
Ruby: Don't count private methods as Rails actions
 2021-12-13 20:47:22 +13:00
Harry Maclean
e1d290d4c0 Ruby: Don't count private methods as Rails actions 
Private instance methods on ActionController classes aren't valid
request handlers. Routing to them will raise an exception.
 2021-12-13 15:36:55 +13:00
Aditya Sharad
1857de1f33 JS: Speed up detection of jQuery marker comments 
Combine two regexes into a single one.
This saves up to 5s on large databases by reducing the number
of separate scans of the comments table before regex matching.

The combined regex is slightly more permissive than the
original two, since it allows a combination of the two
matched formats. A string that matches one of the original
regexes will match the combined regex.
 2021-12-10 15:30:02 -08:00
Nick Rolfe
b80a84c156 Merge pull request #7341 from github/nickrolfe/cookies 2021-12-10 19:52:23 +00:00
Aditya Sharad
6a1aea740f JS: Avoid scanning individual comment lines to find generated code markers 
Some subclasses of GeneratedCodeMarkerComment regex match against `getLine(_)`.
When evaluated, this results in multiple scans (one per subclass that uses it)
of all comment lines in the database, before regex matching against those lines.

To make these scans smaller, regex match against the entire comment text
without splitting them into lines.
This is achieved using `?m` (multiline) and line boundaries in the regexes.
 2021-12-10 11:41:54 -08:00
Aditya Sharad
c9a87234ef JS: Factor helper predicate to improve SensitiveWrite performance 2021-12-10 11:41:53 -08:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Nick Rolfe
b6c5b4d213 Ruby: define ActionViewCookiesCall 2021-12-10 16:36:26 +00:00
yoff
d8857c7ce8 Merge pull request #7246 from tausbn/python/import-star-flow 
Python: Support flow through `import *`
 2021-12-10 16:34:32 +01:00
Henry Mercer
a46787ea07 Merge pull request #7351 from github/henrymercer/js-atm-heuristic-sinks-improvements 
JS: Improve handling of heuristic sinks in endpoint filters
 2021-12-10 14:56:45 +00:00
Rasmus Wriedt Larsen
bd9b96e154 Merge pull request #7331 from tausbn/python-fix-bad-callsite-points-to-join 
Python: Fix bad `callsite_points_to` join
 2021-12-10 15:39:49 +01:00