hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
Harry Maclean
a6cab022f6 Ruby: Add missing import 2022-05-10 17:32:01 +12:00
Harry Maclean
7b63493fa9 Ruby: Fix identification IO.open args 2022-05-10 17:32:00 +12:00
Harry Maclean
79c6dc1af0 Refactor IO/File modelling 
The main goal here is to get rid of the duplicate definitions of module
`IO`, which currently exist in both `frameworks/core/IO.qll` and
`frameworks/Files.qll`.

We do this by moving the classes inside `Files::IO` to `core/IO.qll`,
but moving most of the actual definitions of those classes to an
internal module `core.internal.FileOrIO`. This means both `Files.qll`
and `IO.qll` can depend on them without leaking them to end users.
 2022-05-10 17:32:00 +12:00
Harry Maclean
2d12ad6238 Ruby: Model IO.popen 
This method is very similar to `Kernel.system`: it executes its
arguments as a system command in various ways.
 2022-05-10 17:32:00 +12:00
Anders Schack-Mulligen
f24364d951 Merge pull request #9045 from hvitved/dataflow/subpaths-perf-take2 
Data flow: Speedup `subpaths` predicate (take 2)
 2022-05-09 15:39:11 +02:00
Michael Nebel
9a45949e8c Merge pull request #9044 from michaelnebel/csharp/flowsummariestest 
C#: Flow summaries test should print, whether a summary is generated or not.
 2022-05-09 10:06:19 +02:00
Michael Nebel
76fd424795 C#: Turn isAutogenerated predicate into a predicate without result. 2022-05-09 07:30:06 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
Alex Ford
4844e4f454 ruby: replace the dataflow layer RBI library with the AST layer version 2022-05-05 18:40:12 +01:00
Alex Ford
bedb1d4584 ruby: Add AST layer version of the RBI library 2022-05-05 18:37:56 +01:00
Alex Ford
961f867bed Ruby: fix getAssociatedMethod predicate to include class methods 2022-05-05 18:09:42 +01:00
Alex Ford
1e3ab52e1f ruby: tidy up methodSignatureSuccessorNodeRanked predicate 2022-05-05 18:09:42 +01:00
Tom Hvitved
2e780154e2 Ruby: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
Joe Farebrother
c1290d9e2b Sync shared redos library files. 2022-05-04 15:41:38 +01:00
Joe Farebrother
0a5268aeb4 Sync shared library changes across languages. 2022-05-04 15:41:38 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Rasmus Wriedt Larsen
7bd7bedb1b Ruby: Simplify isLocalSourceNode implementation 
The need for `SynthReturnNode` goes away if we don't restrict the nodes
that can't be reached from another entry definition or expression to be
`ExprNode`s
 2022-05-04 16:12:20 +02:00
Alex Ford
1af5c680fa ruby: drop the CallableCfgNode classes 2022-05-04 14:07:04 +01:00
Alex Ford
687602b6f1 ruby: drop a TODO 2022-05-04 14:06:37 +01:00
Alex Ford
4210973ade ruby: drop unnecessary getExpr 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-05-04 14:04:34 +01:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Tom Hvitved
a50f18ab50 Data flow: Introduce expectsContent 2022-05-04 09:57:58 +02:00
Rasmus Wriedt Larsen
6cacf7b9a6 Ruby: isLocalSourceNode needs SynthReturnNode 2022-05-03 14:43:57 +02:00
Rasmus Wriedt Larsen
89c4b6c235 Ruby: Fix isLocalSourceNode implementation 
The old code was equivalent with the code below, which seems wrong

```
not n instanceof ExprNode
or
n instanceof ExprNode and
localFlowStepTypeTracker+(..., n)
```

From running on real DB I found that this meant that the following node
types were also included as local source nodes:

- `TReturningNode`
- `TSynthReturnNode`
- `TSummaryNode`
- `TSsaDefinitionNode`

My understanding is that the first 3 should not be included.

I would guess that SsaDefinitionNode should indeed be included as a
LocalSourceNode, but I'm not 100% sure, so I'll see what the test
results say before making further changes.
 2022-05-03 14:16:19 +02:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Nick Rolfe
00bf352b50 Ruby: fix some flow summary join orders 
The flow summaries that are implemented with an abstract base class
restricting the method name, and child classes using that method name,
had unfortunate join orders:

r1 = JOIN Call::MethodCall::getMethodName#dispred#f0820431#ff WITH Call::MethodCall::getMethodName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, (Lhs.1 ++ "_arg"), Rhs.1
 2022-05-03 09:58:40 +01:00
Arthur Baars
19e4d34581 Update ruby/ql/lib/change-notes/2022-04-30-update-grammar.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-05-03 10:08:29 +02:00
Erik Krogh Kristensen
f87312d4ba have ApiGraphModelsSpecific.qll mention all the required predicates/types 2022-04-30 20:29:44 +02:00
Arthur Baars
cf4325c86f Add change note 2022-04-29 16:19:11 +02:00
Tom Hvitved
8d2bf2228b Merge pull request #7914 from hvitved/ruby/generalize-element-content 
Ruby: Generalize `ArrayElementContent` to `ElementContent`
 2022-04-28 14:23:08 +02:00
Jeroen Ketema
4a648f3c89 Fix change note items 2022-04-28 14:14:19 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00
Tom Hvitved
f7669815ce Address review comments 2022-04-28 13:50:26 +02:00
Arthur Baars
ccc18640db Ruby: add upgrade and downgrade scripts 2022-04-28 13:47:14 +02:00
Arthur Baars
20a3e3a8ae Update library 2022-04-28 13:00:02 +02:00
Arthur Baars
65989ae564 Update dbscheme stats 2022-04-28 13:00:02 +02:00
Arthur Baars
a848929069 Regenerate QLL library 2022-04-28 13:00:02 +02:00
Harry Maclean
ba1d43dd42 Merge pull request #8658 from hmac/hmac/insecure-download 
Ruby: Add InsecureDownload query
 2022-04-28 11:07:35 +12:00
Harry Maclean
f4453f4da2 Merge pull request #8573 from hmac/hmac/missing-regexp-anchor 
Ruby: Add MissingRegExpAnchor query
 2022-04-28 11:06:33 +12:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Tom Hvitved
790d97714f Ruby: Replace Element with Element[any] 
To make it look more like `Argument` tokens.
 2022-04-27 11:53:25 +02:00
Tom Hvitved
d1c9d68e14 Ruby: Generalize ArrayElementContent to ElementContent 2022-04-27 11:53:21 +02:00