hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Rasmus Lerchedahl Petersen
72986e1e28 Python: Add some comments on the booelan sweep 
pattern
 2021-06-30 12:50:36 +02:00
Rasmus Lerchedahl Petersen
4ca0ee87f0 Merge branch 'main' of github.com:github/codeql into python-port-ReDoS 2021-06-30 12:28:54 +02:00
Rasmus Lerchedahl Petersen
52d91917aa Merge branch 'python-port-ReDoS' of github.com:yoff/codeql into python-port-ReDoS 2021-06-30 12:25:59 +02:00
Rasmus Lerchedahl Petersen
09e71cfdfd Python: update test expectations 2021-06-30 12:25:29 +02:00
Rasmus Lerchedahl Petersen
6dfbf80494 Python: Disable use of toUnicode 
until supporting CLI is released
 2021-06-30 12:21:52 +02:00
Rasmus Wriedt Larsen
e5d65992b4 Python: Use DefinitionNode instead of Assign 
Based on https://github.com/github/codeql/pull/6155#discussion_r660964666:

> Hmm... Would it be better to do this using DefinitionNode instead of
> Assign? The latter is fairly limited in what it can represent, and also
> raises questions of whether this definition is sound with regard to
> control-flow splitting.
 2021-06-30 12:08:32 +02:00
yoff
c19522e921 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-30 11:49:45 +02:00
Tamas Vajk
0946ae2ae9 Fix review findings 2021-06-30 11:39:51 +02:00
Anders Schack-Mulligen
e235e151f1 Java: Fix bad magic. 2021-06-30 11:09:08 +02:00
Geoffrey White
4a8299e5d0 C++: Change note. 2021-06-30 09:21:10 +01:00
Tony Torralba
9d64cadb50 Adapt tests after applying changes from code review 2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-30 09:52:22 +02:00
Anders Schack-Mulligen
374859efb4 Merge pull request #6156 from smowton/smowton/feature/jax-rs-content-type-sensitivity 
Jax RS XSS Tests
 2021-06-30 09:52:07 +02:00
Tamás Vajk
a0e768bb43 Merge pull request #6172 from tamasvajk/fix/csv-comment-again 
Fix CSV framework coverage commenter workflow
 2021-06-30 09:10:47 +02:00
Tom Hvitved
22dd53f245 Merge pull request #6167 from hvitved/csharp/trap-stack-preprocessor-conditions 
C#: Add active preprocessor conditions as suffix in all TRAP `.push` instructions
 2021-06-30 08:34:47 +02:00
thank_you
0be2c6b765 Add SQLEscapySanitizerCall class 2021-06-29 19:39:46 -04:00
thank_you
986f2f4302 Add SQLEscape module 2021-06-29 19:39:26 -04:00
${sleep,5}
2a65917bb5 Merge pull request #1 from RasmusWL/python-use-sqlalchemy 
Minor updates to SQL alchemy PR
 2021-06-29 18:15:44 -04:00
jorgectf
e02a63a27a Delete trivial *_good.py tests 2021-06-29 23:03:41 +02:00
Sauyon Lee
52d1901d6e Adjust validation models to reflect array parameters 2021-06-29 12:01:24 -07:00
Sauyon Lee
52b24118b3 Add tests for Spring validation.Errors 2021-06-29 12:01:23 -07:00
Geoffrey White
dcc7a6360f C++: Simplify a bit and remove two noopts that don't seem to make a difference. 2021-06-29 19:05:13 +01:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Geoffrey White
5bf7e453e6 C++: Tidy up WrongTypeFormatArguments.ql somewhat. 2021-06-29 16:45:47 +01:00
Geoffrey White
6e49891ed9 C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform. 2021-06-29 16:45:46 +01:00
Chris Smowton
bb5fefa47f Sync FlowSummaryImpl.qll 2021-06-29 15:59:55 +01:00
Chris Smowton
47ccb19b84 SSV -> CSV everywhere 
While these are semicolon-delimited, we use CSV as a generic term for delimited values
 2021-06-29 15:59:43 +01:00
Chris Smowton
92ab650b7d Use new interpretSpec/2 predicate where appropriate 2021-06-29 15:59:43 +01:00
Chris Smowton
28ab4c083b Make interpretSpec/3 private again 2021-06-29 15:59:43 +01:00
Chris Smowton
c94c69415f Document Content::hasLocationInfo 2021-06-29 15:59:43 +01:00
Chris Smowton
cf7c966ea7 GenerateFlowTestCase: make imports private 2021-06-29 15:59:43 +01:00
Chris Smowton
5a71812001 Adjust import 
Type Content has moved into DataFlowUtil
 2021-06-29 15:59:43 +01:00
Chris Smowton
95b640db20 Resolve missing qldoc errors 
Document some, make some private, and delete the needless modules surrounding the spring models.
 2021-06-29 15:59:43 +01:00
Chris Smowton
036733d3e7 Sync FlowSummaryImpl.qll 2021-06-29 15:59:43 +01:00
Chris Smowton
eda7bb6aa2 Fix: restrict generated test cases to requested rows 2021-06-29 15:59:14 +01:00
Chris Smowton
bd1bd8cf08 Switch to an abstract unit / predicate approach to specifying rows to generate tests for 
This enables moving this code into the qll file, rather than having to specify a query predicate in the .ql
 2021-06-29 15:59:14 +01:00
Chris Smowton
f3868887b8 Test case generator: rework to use a less-invasive ExternalFlow API 
Some predicate/type names and docs are also improved
 2021-06-29 15:59:14 +01:00
Chris Smowton
59725d635b Test case generator: improve error reporting 
We now distinguish cases where SSV rows are not in scope at all from those where they don't identify a known type or method, or where input or output specs could not be parsed.
 2021-06-29 15:59:14 +01:00
Chris Smowton
dff9c717bc Fix test case generation when no auxiliary support functions are required 2021-06-29 15:59:14 +01:00
Chris Smowton
c49d5253f0 Revise ExternalFlow and FlowSummaryImpl API used for test generation 2021-06-29 15:59:14 +01:00
Chris Smowton
b1af90991d Add help text to GenerateFlowTestCase.py 2021-06-29 15:59:14 +01:00
Chris Smowton
5f1a491516 Fix test-generation when a type variable's bound is itself a type variable 
For example, class G<A, B extends A>
 2021-06-29 15:59:14 +01:00
Chris Smowton
e542e71cf5 Fix testing methods with 2-qualifier or deeper input specifications 
For example, an identity function on lists-of-maps, which might convey MapValue of Element of Argument[0] to MapValue of Element of ReturnValue, requiring `newWithElement(newWithMapValue(source())` on the input side but `getMapValue(getElement(out))` on the output side.
 2021-06-29 15:59:13 +01:00
Chris Smowton
0d8124bc95 Document test generator 2021-06-29 15:59:13 +01:00
Chris Smowton
617201930d Always use source declarations (i.e, raw types) when naming types in tests 2021-06-29 15:59:13 +01:00
Chris Smowton
e8acfec070 Fix formatting of instance variables 2021-06-29 15:59:13 +01:00
Chris Smowton
e2cfc17bfe Fix output of nested and generic type names, and disambiguate overloads where necessary 2021-06-29 15:59:11 +01:00
Chris Smowton
6d9661f412 Fix open-for-writing statement 2021-06-29 15:58:39 +01:00
Chris Smowton
d6edfd50da Determine when a model row didn't produce any tests; fix the model specifications revealed defective by this feature. 2021-06-29 15:55:34 +01:00