hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 10:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
70,534 Commits 1,673 Branches 157 Tags
2b6aab108d1721691e2bb265f2452182d2c4f8dc
Commit Graph

70534 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
2b6aab108d Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll 
Co-authored-by: Taus <tausbn@github.com>
 2024-10-01 12:36:20 +02:00
Rasmus Lerchedahl Petersen
e0a3c8a1c4 Python: add change note 2024-10-01 10:12:39 +02:00
Rasmus Lerchedahl Petersen
dacc0ab8fe Python: docs and a simplification 2024-09-30 16:06:30 +02:00
Rasmus Lerchedahl Petersen
438e664116 Python: add missing qldoc 
More doc is needed, but this should turn the tests green
 2024-09-30 15:43:19 +02:00
Rasmus Lerchedahl Petersen
a22ea6c1c8 Python: use known sanitiser 
- also adjust test expectations in experimental
 2024-09-30 14:22:17 +02:00
Rasmus Lerchedahl Petersen
7392d186bc Python: use yield step also for taint 
Using the comprehension store step meant that all comprehensions would receive taint.
This because comprehension flow now goes via a callable, meaning they share the return node.
 2024-09-30 13:49:01 +02:00
Rasmus Lerchedahl Petersen
fb07a56de6 Python: adjust test expectations 2024-09-30 13:26:59 +02:00
Rasmus Lerchedahl Petersen
ded39749a7 Python: allow comp arg as argumentnode 2024-09-30 13:02:20 +02:00
Rasmus Lerchedahl Petersen
f9f46f0f98 Python: update test expectations 
We now have a new callable, yielding new enclosing callables
 2024-09-30 12:00:38 +02:00
Rasmus Lerchedahl Petersen
3ef05a628f Python: add location to node 2024-09-30 11:56:36 +02:00
Rasmus Lerchedahl Petersen
310819d392 Python: fix dataflow inconsistencies 
- adjust scope of argument, the argument is outside the called function
- add missing post-update nodes for the new arguments
 2024-09-30 10:31:36 +02:00
Rasmus Lerchedahl Petersen
d4ea62edec Python: flow through yield 
- add yield as a dataflow return
- replace comprehension store step
   with a store step to the yield
 2024-09-30 09:01:29 +02:00
Rasmus Lerchedahl Petersen
72530a8312 Python: use synthetic node for comprehension capture argument 
We used to use the CfgNode for the comprehension itself.
In cases where that is also an argument, say
```python
",".join([x for x in l])
```
that would be an argument to two different calls causing a dataflow consistency violation.
 2024-09-27 12:15:03 +02:00
Rasmus Lerchedahl Petersen
294092b671 Python: use comprehension function argument 
For a comprehension `[x for x in l]
- `l` is now a legal argument (in DataFlowPublic)
- `l` is the argument of the comprehension function (in DataFlowDispatch)
- the parameter of the comprehension function is being read rather than `l` (in IterableUnpacking)
Thus the read that used to cross callable boundaries is now split into a arg-param edge and a read from that param.
 2024-09-27 09:44:39 +02:00
Rasmus Lerchedahl Petersen
fc2dc28f87 python: capture flow through comprehensions 
- add comprehension functions as `DataFlowCallable`s
- add comprehension call as `DataFlowCall`
- create capture argument node for comprehension calls
 2024-09-25 10:02:31 +02:00
Ian Lynagh
4dbb15ddda Merge pull request #17503 from igfoo/igfoo/fields 
Java/Kotlin: Deprecate Field.getSourceDeclaration(), Field.isSourceDeclaration()
 2024-09-24 15:15:21 +01:00
Taus
8c015b0784 Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette 
Python: Add Support for CORS Middlewares
 2024-09-24 15:51:49 +02:00
Arthur Baars
47953339db Merge pull request #17543 from github/aibaars/rust-gen-extractor 
Rust: generate the extractor
 2024-09-24 15:47:28 +02:00
Ian Lynagh
9b8152a44b Java: Add up/downgrade scripts 2024-09-24 14:06:56 +01:00
Ian Lynagh
76662a6002 Java: Add changenote for deprecation of Field.getSourceDeclaration() and Field.isSourceDeclaration() 2024-09-24 14:06:55 +01:00
Ian Lynagh
bda779a58d Java: Deprecate Field.getSourceDeclaration() and Field.isSourceDeclaration() 
Also follows the removal of the sourceid column of fields.
 2024-09-24 14:06:54 +01:00
Ian Lynagh
0be52f9660 Kotlin: Follow removal of sourceid column of the fields relation 2024-09-24 14:06:53 +01:00
Ian Lynagh
300864a38b Java: dbscheme: Remove sourceid column of fields/5 
It was always the same as the id column.
 2024-09-24 14:06:53 +01:00
Tom Hvitved
5b45d36610 Merge pull request #17300 from hvitved/dataflow/node-ex-cached 
Data flow: Cache `TNodeEx`
 2024-09-24 15:04:35 +02:00
Tom Hvitved
300fdc344d Go: Update expected test output 2024-09-24 14:21:42 +02:00
Tom Hvitved
6a11120e50 Address review comments 2024-09-24 14:21:40 +02:00
Tom Hvitved
16925355a8 Data flow: Cache TNodeEx 2024-09-24 14:21:39 +02:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Tom Hvitved
37490de4a2 Data flow: Remove Boolean column from TNodeImplicitRead 2024-09-24 14:21:37 +02:00
Arthur Baars
d14e77ba48 Address comments 2024-09-24 14:09:23 +02:00
Owen Mansel-Chan
d7614a71f4 Merge pull request #17529 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-09-24 11:37:12 +01:00
github-actions[bot]
15bb670b3f Add changed framework coverage reports 2024-09-24 00:20:17 +00:00
Kevin Stubbings
01aa63e170 Add tests 2024-09-23 16:47:10 -07:00
Chris Smowton
7e8da94d9a Merge pull request #17216 from smowton/smowton/feature/golang-test-extraction 
Go: support extracting test code
 2024-09-23 16:43:42 +01:00
Chuan-kai Lin
1cd8af54f2 Merge pull request #17190 from github/cklin/diff-informed-java-queries 
Java: add support for alert location restrictions
 2024-09-23 08:39:24 -07:00
Chris Smowton
209f9ec93d Amend comments per review 2024-09-23 15:20:18 +01:00
yoff
e7bc71f2da Merge pull request #17540 from joefarebrother/python-const-compare 
Python: Expand `StringConstCompareBarrier` sanitizer gaurds to cover additional constants
 2024-09-23 16:14:09 +02:00
Joe Farebrother
48f9e0efe5 Adress review comments: Add missing deprecation + additional test case 2024-09-23 10:57:04 +01:00
Arthur Baars
04e3b39ffb Merge pull request #17537 from github/redsun82/rust-doctest-gen 
Rust: take test code also from property descriptions
 2024-09-23 11:41:32 +02:00
Arthur Baars
05173fa7ac Merge pull request #17539 from github/redsun82/rust-codegen-detach 
Rust/Codegen: allow to "detach" property emission
 2024-09-23 11:40:11 +02:00
Chris Smowton
e528a08794 Autoformat 2024-09-21 22:12:24 +01:00
Chris Smowton
bb44a2fc8c Populate pkgInfoMapping for test packages if relevant 2024-09-21 13:38:41 +01:00
Arthur Baars
7b4137fbc8 Rust: generate the extractor 2024-09-20 19:24:55 +02:00
Paolo Tranquilli
e48e18af20 Merge pull request #17527 from github/aibaars/rust-annotations 
Rust: add QL doc annotations to schema
 2024-09-20 18:08:37 +02:00
Arthur Baars
45d9d8a25a Address comments 2024-09-20 17:53:27 +02:00
Arthur Baars
1f21d75399 Merge pull request #17533 from github/redsun82/codegen-parametrized-pragmas 
Codegen: introduce inherited pragmas and move remaining decorations
 2024-09-20 17:53:05 +02:00
Chuan-kai Lin
75ec8ce58e Java: apply query alert restrictions 2024-09-20 07:47:58 -07:00
Joe Farebrother
7aa2816570 Add changenote 2024-09-20 15:19:54 +01:00
Anders Schack-Mulligen
3a1e50dcf9 Dataflow: Simplify diff-informed implementation and tweak flag name. 2024-09-20 07:07:10 -07:00
Paolo Tranquilli
c74b6be136 Rust/Codegen: allow to "detach" property emission 
By using the `rust.detach` pragma on a property, we make that property
not appear in the generated struct as a field, and provide instead
a `generated::Class::emit_property` function that can be used to emit
the corresponding TRAP entry independently.
 2024-09-20 16:06:22 +02:00