hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,569 Commits 1,693 Branches 161 Tags
6509c19aad5d8994aedca3dbca6d8e97b54d910f
Commit Graph

44569 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
6509c19aad Merge pull request #10692 from aibaars/fix-splats 
Ruby: fix CFG and toString for anonymous '*' and '**'
 2022-10-05 13:25:29 +02:00
Mathias Vorreiter Pedersen
5984b8db4d Merge pull request #10682 from MathiasVP/fix-future-bad-join-after-use-use-ir-flow 
C++: Fix potentially bad join
 2022-10-05 11:30:46 +01:00
Arthur Baars
a080f498be Ruby: fix CFG and toString for anonymous '*' and '**' 2022-10-05 11:50:37 +02:00
Arthur Baars
4ff85d5275 Ruby: add test case 2022-10-05 10:57:53 +02:00
Mathias Vorreiter Pedersen
fcd69a005f C++: Remove redundant pragma. 2022-10-05 09:56:24 +01:00
Nick Rolfe
525fe12671 Merge pull request #10585 from github/nickrolfe/libxml-xxe 
Ruby: detect uses of LibXML with entity substitution enabled by default
 2022-10-05 09:51:39 +01:00
Tom Hvitved
1496c4f0e2 Merge pull request #10686 from hvitved/ruby/remove-value-pair-content 
Ruby: Remove `PairValueContent`
 2022-10-05 09:41:14 +02:00
Tamás Vajk
ecfbd5edfe Merge pull request #10674 from tamasvajk/kotlin-implements 
Kotlin: extract `implInterface`
 2022-10-05 09:11:41 +02:00
yoff
ad83fc8a98 Merge pull request #10687 from RasmusWL/flask-debug 
Python: Rewrite `py/flask-debug` to use API graphs instead of type-trackers
 2022-10-05 09:08:41 +02:00
Tamás Vajk
d0ea7ea2e3 Merge pull request #10677 from tamasvajk/kotlin-param-modifiers 
Kotlin: Extract parameter modifiers (`noinline`, `crossinline`)
 2022-10-04 21:53:48 +02:00
Tamás Vajk
c45a04a2c8 Merge pull request #10675 from tamasvajk/kotlin-enum-constants 
Kotlin: extract `isEnumConstant` relation
 2022-10-04 21:53:22 +02:00
Tom Hvitved
321c858cd1 Merge pull request #10667 from hvitved/csharp/dotnet-run-tracer-fix2 
C#: Recognize options to `dotnet run` in tracer when injecting `-p:UseSharedCompilation=false`
 2022-10-04 21:43:31 +02:00
Arthur Baars
c1c16e44ee Merge pull request #10559 from aibaars/cve-2019-3881 
Ruby: some improvements
 2022-10-04 21:24:14 +02:00
Rasmus Wriedt Larsen
2541af6587 Python: Rewrite py/flask-debug 2022-10-04 20:41:18 +02:00
Rasmus Wriedt Larsen
05bca0249c Python: Expand test for py/flask-debug 
(I couldn't see one using positional argument)
 2022-10-04 20:39:08 +02:00
Tom Hvitved
aae9a58ca3 Ruby: Remove ValuePairContent 2022-10-04 20:10:51 +02:00
Nick Rolfe
d69a658e06 Merge pull request #10673 from github/nickrolfe/no_abstract 
Ruby: remove public abstract classes for Action{View,Controller}
 2022-10-04 17:49:59 +01:00
Mathias Vorreiter Pedersen
4d697cd369 C++: Rephrase QLDoc. 2022-10-04 17:15:08 +01:00
Nick Rolfe
2e80926951 Ruby: fix a couple of references to deprecated names 2022-10-04 16:45:08 +01:00
Mathias Vorreiter Pedersen
32839021f8 C++: Fix join that might blow up in the future. 2022-10-04 16:43:02 +01:00
Nick Rolfe
445241fd95 Ruby: add missing qldoc comment 2022-10-04 16:31:54 +01:00
Nick Rolfe
2315a177fe Ruby: add changenote for ActionView/Controller class renames 2022-10-04 16:22:11 +01:00
Nick Rolfe
227100d883 Ruby: make old class names available as deprecated aliases 2022-10-04 16:11:43 +01:00
Geoffrey White
6380cc82ce Merge pull request #10681 from geoffw0/classorstruct 
Swift: Use ClassOrStructDecl
 2022-10-04 15:44:28 +01:00
Geoffrey White
0ed89fb11a Swift: Use ClassOrStructDecl. 2022-10-04 15:10:41 +01:00
Geoffrey White
d4742d22a0 Swift: 'Data' should be a struct. 2022-10-04 15:10:41 +01:00
Geoffrey White
e196caa7bd Merge pull request #10595 from MathiasVP/swift-class-or-struct 
Swift: Add `ClassOrStructDecl` class
 2022-10-04 14:56:53 +01:00
Erik Krogh Kristensen
264d74f996 Merge pull request #10676 from erik-krogh/kernelOpenMsg 
RB: add a link to the source in the alert-message for `rb/kernel-open`
 2022-10-04 15:18:15 +02:00
Ian Lynagh
db673c0355 Merge pull request #10646 from tamasvajk/kotlin-java-kotlin-function-mapping 
Kotlin: Simplify `kotlinFunctionToJavaEquivalent`
 2022-10-04 13:46:22 +01:00
erik-krogh
dedbe66619 update expected output 2022-10-04 14:16:07 +02:00
Tamas Vajk
81fffce79b Kotlin: Extract parameter modifiers (noinline, crossinline) 2022-10-04 14:02:06 +02:00
Erik Krogh Kristensen
5ba7c13ecd fix alert-message by adding the link 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e simplify the where clause of rb/kernel-open 2022-10-04 13:49:50 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00
Tamas Vajk
09051e76cf Kotlin: extract isEnumConstant relation 2022-10-04 13:30:02 +02:00
Tamas Vajk
876bea653d Kotlin: Add test case for missing enum constants 2022-10-04 13:29:15 +02:00
Tamas Vajk
d2861361d9 Kotlin: extract implInterface 2022-10-04 13:12:01 +02:00
Tamas Vajk
d50be83f57 Kotlin: add test to distinguish implements vs extends 2022-10-04 13:10:19 +02:00
Arthur Baars
88b5d4da16 Ruby: extend may have multiple arguments 2022-10-04 12:58:50 +02:00
Arthur Baars
ab3a62de3c Update ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll 2022-10-04 12:58:50 +02:00
Tom Hvitved
6e61ef10b8 Ruby: Add another dataflow copy 2022-10-04 12:58:50 +02:00
Tom Hvitved
9d7d6c29f9 Review comments 2022-10-04 12:58:50 +02:00
Tom Hvitved
77c47bc856 Ruby: Add another call graph test 2022-10-04 12:58:49 +02:00
Arthur Baars
44cc6f7350 Ruby: improve tracking of regular expressions 
There are two flavours of `match?`. If the receiver of `match?` has type String
then the argument to `match?` is a regular expression. However, if the receiver of
`match?` has type Regexp then the argument is the text.

The role of receiver and argument flips depending on the type of the receiver, this
caused a lot of false positives when looking for string-like literals that are
used as a regular expression.

This commit attempts to improve things by trying to determine whether the type of the
receiver is known to be of type Regexp. In such cases we know that the argument
is unlikely to be  regular expression.
 2022-10-04 12:58:49 +02:00
Arthur Baars
0160c374e4 Ruby: add flow summaries for Object#dup and Kernel#tap 2022-10-04 12:58:49 +02:00
Arthur Baars
5d55daa491 Ruby: use resolveConstantReadAccess instead of trackModuleAccess for 'extend' calls 
This avoids non-linear recursion at the cost of losing some results.
 2022-10-04 12:58:49 +02:00
Arthur Baars
c2b98a4761 Ruby: add support for 'extend' method 2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Arthur Baars
e95b5468d9 Ruby: use Dataflow for Pathname instead of TypeTracking 2022-10-04 12:58:49 +02:00
Arthur Baars
f9b952f04f Ruby: Pathname use TypeTracker instead of local flow 2022-10-04 12:58:49 +02:00