hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,010 Commits 1,673 Branches 157 Tags
421d4f3497dcefaf77ad11dcf8d3ab191069cf48
Commit Graph

61010 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
421d4f3497 Python: filter more sinks in stdlib 
Rename variable to reflect larger scope

We had test results inside `os.py`, I suppose we have found a little extra flow.
 2023-11-20 21:35:52 +01:00
Rasmus Lerchedahl Petersen
11c71fdd18 Python: remove EssaNodes 
This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as
```python
  x = expr
  y = x + 2
```
we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2.

Specific changes:
- `EssaNode` from the data flow layer no longer exists.
- Several glue steps between `EssaNode`s and `CfgNode`s have been deleted.
- Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before).
- Entry nodes now have a new `toString` taking into account that the module name may be ambigous.
- Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes.
- Comments have been updated
- Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly.
 2023-11-20 21:35:32 +01:00
Mathias Vorreiter Pedersen
75f860595a Merge pull request #14838 from MathiasVP/no-dtt-in-arithmetic-with-extreme-values 
C++: Convert `cpp/arithmetic-with-extreme-values` away from `DefaultTaintTracking`
 2023-11-20 16:39:58 +00:00
Rasmus Wriedt Larsen
c8301fc5f0 Merge pull request #14851 from RasmusWL/variable-caputre-list-comprehension 
Python: Add test for variable reference in list comprehension
 2023-11-20 17:10:34 +01:00
Rasmus Wriedt Larsen
db1499d5b0 Python: Add test for variable reference in list comprehension 2023-11-20 16:41:34 +01:00
Max Schaefer
b5c92408f4 Merge pull request #14845 from github/max-schaefer/minor 
Automodel: Fix a few nits.
 2023-11-20 15:24:45 +00:00
Tom Hvitved
620e8dcb37 Merge pull request #14787 from hvitved/ruby/prune-dataflow-nodes 
Ruby: Prune irrelevant data flow nodes and edges
 2023-11-20 16:03:00 +01:00
Taus
5b4a8884b4 Merge pull request #14636 from github/tausbn/python-add-support-for-python-3.12-type-syntax 
Python: Add support for Python 3.12 type syntax
 2023-11-20 15:52:48 +01:00
Mathias Vorreiter Pedersen
ab6260600e Merge pull request #14822 from MathiasVP/fix-global-variable-flow-for-arrays 
C++: Fix global-variable flow for array types
 2023-11-20 13:46:05 +00:00
Taus
10b72a0c39 Python: Fix scope of type parameters 
This takes care of scoping for type parameters on functions, but not
type aliases or classes.

For classes, the _type parameters_ now have the correct `Class` as scope,
but all their child nodes do not (e.g. the `Name` inside a `TypeParameter`).
This has to do with how the `py_scopes` relation is emitted by the extractor,
since `Name`s are expressions.
 2023-11-20 13:31:21 +00:00
Taus
36201105b9 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-20 13:27:54 +00:00
Rasmus Wriedt Larsen
9bdc2d1c02 Merge pull request #14847 from ctcampbell/main 
Update cryptography bill of materials queries
 2023-11-20 14:08:11 +01:00
Mathias Vorreiter Pedersen
dcba8e5408 C++: Fix global variable flow for array types. 2023-11-20 12:15:55 +00:00
Mathias Vorreiter Pedersen
8039e117ba C++: Add more global-variable flow tests. 2023-11-20 12:15:52 +00:00
Chris Campbell
27a2781954 Merge branch 'github:main' into main 2023-11-20 12:15:45 +00:00
Ian Lynagh
b8a2716ced Merge pull request #14835 from igfoo/igfoo/findTopLevelFunctionOrWarn 
Kotlin: Fix findTopLevelFunctionOrWarn for Kotlin 2
 2023-11-20 12:11:58 +00:00
Max Schaefer
1bed9f9003 Automodel: Fix a few nits. 2023-11-20 11:06:02 +00:00
Tom Hvitved
fab6813a49 Merge pull request #14815 from hvitved/type-tracking/param-consistency-checks 
Type tracking: Parameterize consistency checks
 2023-11-20 11:05:06 +01:00
Michael Nebel
cf696f2639 Merge pull request #14843 from michaelnebel/csharp/postreviewcomments 
C#: In Assets parser let TryReadAllText return null on read error.
 2023-11-20 10:18:34 +01:00
Michael Nebel
a9a55dfcd6 C#: In Assets parser let TryReadAllText return null on read error. 2023-11-20 08:35:50 +01:00
Michael Nebel
d3e047f078 Merge pull request #14834 from michaelnebel/csharp/robustassetsfileread 
C#: Make assets file reading more robust.
 2023-11-20 08:28:07 +01:00
Arthur Baars
db180d9872 Merge pull request #14823 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-19 12:13:42 +01:00
Mathias Vorreiter Pedersen
c65c2489cf C++: Rewrite 'cpp/arithmetic-with-extreme-values' away from 'DefaultTaintTracking'. 2023-11-17 16:38:35 +00:00
Ian Lynagh
5c36e63dfe Kotlin: Fix findTopLevelFunctionOrWarn for Kotlin 2 
The AST when the parent class is a file class is different in
Kotlin 2 mode.
 2023-11-17 15:25:53 +00:00
Michael Nebel
7531852ea6 C#: Log information about asset file read errors. 2023-11-17 15:40:58 +01:00
Michael Nebel
cd9786a952 C#: Assets paths should contain at least one character. 2023-11-17 15:36:15 +01:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
Tamás Vajk
7c3122aade Merge pull request #14828 from tamasvajk/docs/insecure-randomness 
C#: Update insecure randomness query description to match implementation
 2023-11-17 15:31:33 +01:00
Tamás Vajk
b2c8049a77 Merge branch 'main' into docs/insecure-randomness 2023-11-17 13:37:27 +01:00
Arthur Baars
ff65ffafb0 Merge pull request #14830 from aibaars/csharp/fixintegrationtests 
C# fix integration tests
codeql-cli/v2.15.3 		2023-11-17 11:17:31 +01:00
Michael B. Gale
97402fdf36 C#: Fix dotnet_test_mstest 2023-11-17 10:35:14 +01:00
Michael Nebel
2662a4c651 C#: Fix the dotnet pack integration test. 2023-11-17 10:35:14 +01:00
Ian Lynagh
8a8031df0e Merge pull request #14814 from igfoo/igfoo/build_ver 
Kotlin: Build: Refactor version handling
 2023-11-17 09:32:06 +00:00
Michael Nebel
20b31d0b4e Merge pull request #14825 from michaelnebel/csharp/fixintegrationtests 
C#: Fix integration test failures after dotnet upgrade on runners.
 2023-11-17 08:53:42 +01:00
Tamas Vajk
9a8ad7d590 C#: Update insecure randomness query description to match implementation 2023-11-17 08:48:38 +01:00
Michael B. Gale
d7760de4c6 C#: Fix dotnet_test_mstest 2023-11-16 19:56:01 +00:00
Michael Nebel
cca78ca190 C#: Fix the dotnet pack integration test. 2023-11-16 19:05:59 +01:00
Arthur Baars
dce03569e5 Merge pull request #14813 from github/release-prep/2.15.3 
Release preparation for version 2.15.3
 2023-11-16 18:42:17 +01:00
Arthur Baars
93eaeaec75 Merge pull request #14816 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-16 18:20:48 +01:00
Paolo Tranquilli
9b840aa20c Merge pull request #14820 from github/redsun82/rename-cc_binary_add_features 
Bazel/CMake: small compatibility fix
 2023-11-16 17:47:27 +01:00
Shati Patel
8b6a9180dc Merge pull request #14819 from p-/p--fix-doc-vscode-ext-property 
Doc: Fix name of VS Code settings property to use extension packs
 2023-11-16 16:23:54 +00:00
Stephan Brandauer
cb7213d87a Merge pull request #14818 from github/kaeluka/application-mode-erase-type-signatures-of-generic-types 
Java Automodel extraction: fix extracted meta information by using Object for the type of generic parameters
 2023-11-16 17:17:47 +01:00
Paolo Tranquilli
9a4b56162e Bazel/CMake: small compatibility fix 2023-11-16 17:16:14 +01:00
Paolo Tranquilli
f3482684a6 Merge pull request #14805 from github/redsun82/rename-cc_binary_add_features 
Bazel/CMake: support new internal transition rules
 2023-11-16 17:10:40 +01:00
Mathias Vorreiter Pedersen
a10f94af81 Merge pull request #14810 from MathiasVP/fix-ref-deref-duplication 
C++: Fix dataflow duplication from `ReferenceDereference` expressions
 2023-11-16 16:10:07 +00:00
Peter Stöckli
de3d15b277 Doc: Fix name of VS Code settings property to use extension packs 2023-11-16 16:53:12 +01:00
Chris Campbell
114b694553 Remove @precision values, correct missing tags 2023-11-16 15:50:41 +00:00
Taus
216cd88225 Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax 2023-11-16 15:25:06 +00:00
Mathias Vorreiter Pedersen
c5d2866948 Merge pull request #14812 from MathiasVP/no-dtt-in-Integer-overflow-tainted 
C++: Convert `cpp/integer-overflow-tainted` away from DefaultTaintTracking
 2023-11-16 15:24:13 +00:00
Taus
635bcd4fa2 Python: Add change note 2023-11-16 15:14:30 +00:00