hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,048 Commits 1,741 Branches 165 Tags
00a0b93172e552d0c6d391563cabecb5fd192697
Commit Graph

1048 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
b154c936c3 Improve performance of ExprChildMapping::reachesBasicBlock() 
Since all expressions are now post-order, the logic of `reachesBasicBlock` can
be simplified, and performance can be improved as well.
 2021-06-14 11:58:24 +02:00
Arthur Baars
88fb3c7097 Merge pull request #203 from github/aibaars/pack-qhelp-samples 
Query pack: include .rb and .erb sample files from queries directory
 2021-06-11 13:50:17 +02:00
Arthur Baars
909e6d5a62 Query pack: include .rb and .erb sample files from queries directory 
These are required by the qhelp files.
 2021-06-11 13:42:43 +02:00
Arthur Baars
78a6ed43c3 Merge pull request #202 from github/aibaars-patch-2 
HardCodedCredentials: fix query metadata comment
 2021-06-11 12:05:44 +02:00
Arthur Baars
661d6e8e38 HardCodedCredentials: fix query metadata comment 2021-06-11 11:59:46 +02:00
Tom Hvitved
8860b8adf0 Merge pull request #198 from github/hvitved/desugar-compound-assignment 2021-06-10 19:39:54 +02:00
Alex Ford
f74dff560b Merge pull request #187 from github/hardcoded-credentials 
Add rb/hardcoded-credentials query
 2021-06-10 16:12:32 +01:00
Alex Ford
8839d4c584 limit additional flow steps in rb/hardcoded-credentials to string concatenation 2021-06-10 14:59:28 +01:00
Alex Ford
fe45dadd55 set precision to high for rb/hardcoded-credentials 2021-06-10 14:52:26 +01:00
Alex Ford
e26afe91b5 move rb/hardcoded-credential alert location to the source 2021-06-07 14:53:04 +01:00
Alex Ford
5d79a8cec0 account for keyword args in rb/hardcoded-credentials and simplify query 2021-06-07 14:49:49 +01:00
Tom Hvitved
962768e7c0 Disambiguate toStrings for nested synthetic local variables 2021-06-04 19:20:11 +02:00
Tom Hvitved
82fbc03889 Merge pull request #200 from github/hvitved/dataflow/call-sensitivity 
Data flow: Call-sensitive resolution of lambda/block calls
 2021-06-04 16:25:13 +02:00
Alex Ford
ec326bfcb7 Merge pull request #201 from github/perm-file-report-source 
Report rb/weak-file-permission alerts at source rather than sink and improve alert message
 2021-06-04 14:52:48 +01:00
Alex Ford
8a3ffb6dca add missing toString 2021-06-04 13:25:03 +01:00
Alex Ford
b2d36babc4 report rb/weak-file-permission alerts at source rather than sink and improve alert message 2021-06-04 13:10:18 +01:00
Nick Rolfe
523a0b1f12 Merge pull request #197 from github/upgrade-pack 2021-06-04 13:03:39 +01:00
Nick Rolfe
6203c9019a Remove reference to deleted upgrades qlpack from manifest 2021-06-04 12:15:36 +01:00
Tom Hvitved
61e35ddae1 Data flow: Call-sensitive resolution of lambda/block calls 2021-06-04 12:58:38 +02:00
Tom Hvitved
77146e4e04 Data flow: Reduce caching 
These predicates are now cached in the shared implementation.
 2021-06-04 12:53:47 +02:00
Tom Hvitved
f9eecfb59f Bump codeql submodule 2021-06-04 12:52:05 +02:00
Tom Hvitved
6678ac0347 Desugar compound assignments 2021-06-04 10:39:06 +02:00
Tom Hvitved
da9adfbab4 Improve performance of desugaring transformations 2021-06-04 10:34:00 +02:00
Tom Hvitved
57eee0368d Add CFG tests for compound assignments 2021-06-04 10:34:00 +02:00
Tom Hvitved
dfcf4c90ab Merge pull request #199 from github/hvitved/splat-expr 
Rename `(Hash)SplatArgument` to `(Hash)SplatExpr` and make them `UnaryOperation`s
 2021-06-04 10:33:42 +02:00
Tom Hvitved
1007f2aaff Rename (Hash)SplatArgument to (Hash)SplatExpr and make them UnaryOperations 2021-06-04 10:04:06 +02:00
Tom Hvitved
372f8645a9 Add (hash)splat AST tests 2021-06-04 09:53:14 +02:00
Nick Rolfe
8b987757c6 Merge upgrades qlpack into ql/src 2021-06-03 18:28:20 +01:00
Tom Hvitved
2094aa983a Merge pull request #194 from github/hvitved/desugar-child 2021-06-03 18:07:33 +02:00
Arthur Baars
03ef1261d3 Merge pull request #192 from github/aibaars/release-workflow 
Build workflow: create release
 2021-06-03 16:52:50 +02:00
Tom Hvitved
908e9ff3b5 Include desugared node in AstDesugar.ql 2021-06-03 14:46:32 +02:00
Arthur Baars
63475dc692 Merge pull request #195 from github/escape_field_name 
Escape field names with table storage
 2021-06-01 14:55:46 +02:00
Nick Rolfe
1388d82f1d Escape field names with table storage 2021-06-01 13:32:13 +01:00
Nick Rolfe
9c199b6c2a Merge pull request #193 from github/tausbn/autogenerate-qldoc 
Autogenerate QLDoc for `TreeSitter.qll`
 2021-06-01 13:31:32 +01:00
Tom Hvitved
5bafc0c708 Merge pull request #183 from github/hvitved/assign-op-desugar 
Desugar setter assignments
 2021-06-01 14:00:04 +02:00
Alex Ford
f27dd45e4c run formatter 2021-06-01 12:29:45 +01:00
Alex Ford
907bb9b556 add a comment 2021-06-01 12:22:04 +01:00
Alex Ford
1f931d6f76 rb/hardcoded-credentials: fix bad bracketing 2021-06-01 12:22:04 +01:00
Alex Ford
fdd4f7f616 attempt to use typetracker in rb/hardcoded-credentials 2021-06-01 12:22:04 +01:00
Alex Ford
c530ba5b11 format ql 2021-06-01 12:22:04 +01:00
Alex Ford
f1303e0ced remove WIP files 2021-06-01 12:22:04 +01:00
Alex Ford
10175e1398 remove WIP files 2021-06-01 12:22:04 +01:00
Alex Ford
4fdd072603 WIP: HardcodedCredentials query 2021-06-01 12:22:04 +01:00
Taus
53b7492aa3 Generate QLDoc for getChild 2021-06-01 10:57:39 +00:00
Taus
6cf7a12c8c Undo field name escaping 2021-06-01 10:56:45 +00:00
Taus
d38520dc73 Escape field names correctly 
This should make `field('unique', $.whatever)` valid again.
 2021-05-31 20:56:29 +00:00
Taus
64090b086c Autogenerate QLDoc for TreeSitter.qll 
It's not quite perfect, as there's still some QLDoc missing on the
various `getChild` methods, but it wasn't immediately clear to me how
to get this working (especially since the QLDoc would ideally be
different depending on whether there was a child index or not).

Then again, `getChild` probably has a pretty intuitive meaning...
 2021-05-31 20:54:10 +00:00
Tom Hvitved
3ffef634d7 More synthesis refactoring 
- Join `TElementReferenceSynth` and `TMethodCallSynth`.
- Move arity and setter information into `MethodCallKind`.
- Add `Synthesis::methodCall` for specifying which method calls need synthesis.
 2021-05-31 16:29:41 +02:00
Tom Hvitved
e8841e6482 Simplify getSynthChild 2021-05-27 10:20:31 +02:00
Tom Hvitved
f8b99291a7 Improve desugaring of setter assignments 2021-05-26 18:41:21 +02:00