hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

4740 Commits

Author SHA1 Message Date
Arthur Baars
76f806159c Ruby: desugar safe navigation calls 2022-05-11 12:06:08 +02:00
Arthur Baars
c9f7568ca3 Ruby: add Call::isSafeNavigation 2022-05-11 12:06:08 +02:00
Arthur Baars
a47e429945 Merge pull request #8909 from aibaars/tree-sitter-update 
Tree sitter update
 2022-05-11 12:02:14 +02:00
Rasmus Wriedt Larsen
add6579385 Merge pull request #9022 from RasmusWL/ruby-fix 
Ruby: Fix `isLocalSourceNode` implementation
 2022-05-11 11:52:44 +02:00
Arthur Baars
907c3db5ca Address comments 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-05-11 09:59:42 +02:00
Tom Hvitved
712fe002b9 Data flow: Sync files 2022-05-10 12:41:10 +02:00
Tom Hvitved
bfabfc3601 Data flow: Add Configuration::includeHiddenNodes() 2022-05-10 12:40:46 +02:00
yoff
6c3e2db7fd Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00
Anders Schack-Mulligen
f85e06c2e4 Dataflow: Sync. 2022-05-10 10:12:39 +02:00
Harry Maclean
a6cab022f6 Ruby: Add missing import 2022-05-10 17:32:01 +12:00
Harry Maclean
7b63493fa9 Ruby: Fix identification IO.open args 2022-05-10 17:32:00 +12:00
Harry Maclean
79c6dc1af0 Refactor IO/File modelling 
The main goal here is to get rid of the duplicate definitions of module
`IO`, which currently exist in both `frameworks/core/IO.qll` and
`frameworks/Files.qll`.

We do this by moving the classes inside `Files::IO` to `core/IO.qll`,
but moving most of the actual definitions of those classes to an
internal module `core.internal.FileOrIO`. This means both `Files.qll`
and `IO.qll` can depend on them without leaking them to end users.
 2022-05-10 17:32:00 +12:00
Harry Maclean
2d12ad6238 Ruby: Model IO.popen 
This method is very similar to `Kernel.system`: it executes its
arguments as a system command in various ways.
 2022-05-10 17:32:00 +12:00
Anders Schack-Mulligen
f24364d951 Merge pull request #9045 from hvitved/dataflow/subpaths-perf-take2 
Data flow: Speedup `subpaths` predicate (take 2)
 2022-05-09 15:39:11 +02:00
Michael Nebel
9a45949e8c Merge pull request #9044 from michaelnebel/csharp/flowsummariestest 
C#: Flow summaries test should print, whether a summary is generated or not.
 2022-05-09 10:06:19 +02:00
Michael Nebel
76fd424795 C#: Turn isAutogenerated predicate into a predicate without result. 2022-05-09 07:30:06 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
Alex Ford
4844e4f454 ruby: replace the dataflow layer RBI library with the AST layer version 2022-05-05 18:40:12 +01:00
Alex Ford
bedb1d4584 ruby: Add AST layer version of the RBI library 2022-05-05 18:37:56 +01:00
Alex Ford
961f867bed Ruby: fix getAssociatedMethod predicate to include class methods 2022-05-05 18:09:42 +01:00
Alex Ford
1e3ab52e1f ruby: tidy up methodSignatureSuccessorNodeRanked predicate 2022-05-05 18:09:42 +01:00
Alex Ford
08fa397877 ruby: new rbi test case 2022-05-05 18:09:27 +01:00
Tom Hvitved
2e780154e2 Ruby: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
Joe Farebrother
c1290d9e2b Sync shared redos library files. 2022-05-04 15:41:38 +01:00
Joe Farebrother
0a5268aeb4 Sync shared library changes across languages. 2022-05-04 15:41:38 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Rasmus Wriedt Larsen
7bd7bedb1b Ruby: Simplify isLocalSourceNode implementation 
The need for `SynthReturnNode` goes away if we don't restrict the nodes
that can't be reached from another entry definition or expression to be
`ExprNode`s
 2022-05-04 16:12:20 +02:00
Alex Ford
1af5c680fa ruby: drop the CallableCfgNode classes 2022-05-04 14:07:04 +01:00
Alex Ford
687602b6f1 ruby: drop a TODO 2022-05-04 14:06:37 +01:00
Alex Ford
4210973ade ruby: drop unnecessary getExpr 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-05-04 14:04:34 +01:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Tom Hvitved
a50f18ab50 Data flow: Introduce expectsContent 2022-05-04 09:57:58 +02:00
Rasmus Wriedt Larsen
a7b43f7356 Ruby: Accept changes to TypeTracker tests 
Since this is not using inline-expectation-tests, I'm not entirely sure
whether these changes are OK or not, so hope to get someone else to
signoff on that.
 2022-05-03 14:59:06 +02:00
Rasmus Wriedt Larsen
6cacf7b9a6 Ruby: isLocalSourceNode needs SynthReturnNode 2022-05-03 14:43:57 +02:00
Rasmus Wriedt Larsen
89c4b6c235 Ruby: Fix isLocalSourceNode implementation 
The old code was equivalent with the code below, which seems wrong

```
not n instanceof ExprNode
or
n instanceof ExprNode and
localFlowStepTypeTracker+(..., n)
```

From running on real DB I found that this meant that the following node
types were also included as local source nodes:

- `TReturningNode`
- `TSynthReturnNode`
- `TSummaryNode`
- `TSsaDefinitionNode`

My understanding is that the first 3 should not be included.

I would guess that SsaDefinitionNode should indeed be included as a
LocalSourceNode, but I'm not 100% sure, so I'll see what the test
results say before making further changes.
 2022-05-03 14:16:19 +02:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Nick Rolfe
00bf352b50 Ruby: fix some flow summary join orders 
The flow summaries that are implemented with an abstract base class
restricting the method name, and child classes using that method name,
had unfortunate join orders:

r1 = JOIN Call::MethodCall::getMethodName#dispred#f0820431#ff WITH Call::MethodCall::getMethodName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, (Lhs.1 ++ "_arg"), Rhs.1
 2022-05-03 09:58:40 +01:00
Arthur Baars
19e4d34581 Update ruby/ql/lib/change-notes/2022-04-30-update-grammar.md 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-05-03 10:08:29 +02:00
Erik Krogh Kristensen
f87312d4ba have ApiGraphModelsSpecific.qll mention all the required predicates/types 2022-04-30 20:29:44 +02:00
Arthur Baars
cf4325c86f Add change note 2022-04-29 16:19:11 +02:00
Tom Hvitved
3fd93b460f Merge pull request #8935 from hvitved/ruby/typetracker-kw-test 2022-04-28 18:22:51 +02:00
Tom Hvitved
8d2bf2228b Merge pull request #7914 from hvitved/ruby/generalize-element-content 
Ruby: Generalize `ArrayElementContent` to `ElementContent`
 2022-04-28 14:23:08 +02:00