hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 17:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,123 Commits 1,739 Branches 164 Tags
42629b969f56d5cd52cfa71af5efdb91128c92ae
Commit Graph

666 Commits

Author SHA1 Message Date
Dave Bartolomeo
42629b969f Move initial dbscheme 2021-08-26 19:43:06 -04:00
Dave Bartolomeo
2c1620f25e Move missed library file 2021-08-26 18:59:58 -04:00
Dave Bartolomeo
9d7b77496e Use hotfixed version of codeql/suite-helpers with workaround for bug in released CLI 2021-08-26 18:50:04 -04:00
Dave Bartolomeo
11ad664bfb Updated pack versions and lock files 2021-08-26 18:50:04 -04:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Arthur Baars
17fc6ab72c Refactor into separate library and query packs 2021-08-26 18:40:06 -04:00
Alex Ford
ee6c809281 Merge pull request #262 from github/action-view-1 
Start modelling ActionView
 2021-08-26 15:22:55 +01:00
Tom Hvitved
42daf5b6d3 Add DB upgrade script check 2021-08-26 15:55:18 +02:00
Alex Ford
9571e7bccc drop ViewComponent parts from the ActionView library 2021-08-26 14:45:47 +01:00
Alex Ford
a3ae5bcec4 improve ActionControllerHelperMethod doc 2021-08-26 14:12:27 +01:00
Erik Krogh Kristensen
ff27a0c894 use toUnicode in ReDoSUtil.qll 2021-08-26 08:46:51 +00:00
Alex Ford
4a4b2445dc Clean up how we map between Rails actions and default associated template files 2021-08-26 04:57:15 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Nick Rolfe
9c17e00645 Merge pull request #256 from github/syncRedos 
sync ReDoSUtil.qll with python/JS
 2021-08-23 10:11:16 +01:00
Harry Maclean
e82c21d35d Don't include desugared nodes in the printed AST 
The base `PrintAstConfiguration` class already has a predicate for
filtering out desugared nodes - this change just makes use of it in the
query.

This fixes https://github.com/github/codeql-team/issues/408, which was
caused by including nodes representing the desugaring of

    a[b] = c

in the query output. This would result in multiple edges to the same
target node (one from the surface AST and another from the desugared
AST), which the VSCode AST viewer cannot handle.
 2021-08-17 15:20:30 +01:00
Tom Hvitved
394c27a279 CFG: Allow erb top-level scopes 2021-08-17 10:46:15 +02:00
Erik Krogh Kristensen
5e63b0b132 add RegExpSubPattern.getOperand 2021-08-16 12:14:53 +00:00
Erik Krogh Kristensen
8bd663a7ce sync ReDoSUtil.qll with python/JS 2021-08-16 12:04:22 +00:00
Alex Ford
4d6d6a4016 Merge pull request #236 from github/more-concepts 
Port some concepts to Concepts.qll
 2021-08-10 12:42:40 +01:00
Tom Hvitved
c0049bf161 Merge pull request #229 from github/hvitved/api-graphs/remove-mk-module 
API graphs: Remove `MkModule`
 2021-08-09 13:10:17 +02:00
Tom Hvitved
ae837d9f7a API graphs: Remove restriction on top-level constants 2021-08-09 12:59:36 +02:00
Arthur Baars
e8f6cb65b8 Merge pull request #245 from github/aibaars/tweaks 
Move UseDetect.ql to experimental for now
 2021-08-04 16:05:06 +02:00
Arthur Baars
23f423ad66 Merge pull request #242 from github/regex_parsing_fixes 
Regex parsing fixes
 2021-08-04 16:04:54 +02:00
Arthur Baars
9ca0e81953 Move UseDetect to experimental for now 2021-08-04 15:52:48 +02:00
Tom Hvitved
0eaeb3b5a6 Rename moduleImport to getTopLevelMember 2021-08-04 10:57:57 +02:00
Tom Hvitved
8451286754 API graphs: Remove MkModule 2021-08-04 10:28:30 +02:00
Alex Ford
403dee279d add Node#getALocalSource predicate 2021-08-02 15:56:36 +01:00
Alex Ford
56139ccf93 port some concepts to Concepts.qll 2021-08-02 15:56:36 +01:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
Nick Rolfe
4007e85991 Incorporate changes from Python PR 2021-07-29 17:25:39 +01:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Nick Rolfe
5d336d8e1d Make some predicates/classes/imports private 2021-07-29 17:17:11 +01:00
Arthur Baars
cc1bdf1fc3 Add charpred to RubyFile class 2021-07-29 11:48:35 +02:00
Arthur Baars
dacd3f3d19 Update dbscheme stats 2021-07-27 18:43:51 +02:00
Arthur Baars
768a751271 Add upgrade script 2021-07-27 18:43:51 +02:00
Arthur Baars
866ff7b1f6 Replace Generated module with Ruby 2021-07-27 18:43:44 +02:00
Arthur Baars
02bf895a4a Update dbscheme type references 2021-07-27 18:42:21 +02:00
Arthur Baars
2e10f8f054 Prefix dbscheme entries with language name 2021-07-27 18:17:19 +02:00
Arthur Baars
fc8f5919f3 Remove Ruby specific parts from FileSystem.qll 2021-07-27 18:17:15 +02:00
Arthur Baars
3790611ca1 Merge pull request #233 from github/tausbn/bump-typetrackingnode-changes 
Bump `codeql` submodule
 2021-07-20 13:24:30 +02:00
Nick Rolfe
ce35d74447 Move comment so it's not treated as part of the precision metadata 2021-07-19 12:29:16 +01:00
Calum Grant
46a03795c2 Add security-severity metadata 2021-07-16 14:05:54 +01:00
Taus
258f85d6d0 Add defaultImplicitTaintRead 2021-07-15 15:52:59 +00:00
Taus
dc4d353a01 Bump shared dataflow library 2021-07-15 15:08:59 +00:00
Taus
ec645725f0 Bump codeql submodule 
Syncs up the shared type tracking implementation with Python.
 2021-07-15 14:35:33 +00:00
Tom Hvitved
9463927409 Address review comments 2021-07-14 11:05:55 +02:00
Tom Hvitved
23447e6d58 Reduce size of lookupMethodOrConst 2021-07-02 14:02:26 +02:00
Tom Hvitved
bf696df788 Data flow through constants 2021-07-02 14:02:26 +02:00