hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,672 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

9181 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
30b58e7921 python: control flow node ExceptGroupStmt 
- wrap `getType` and `getName`, considering dominance
- do not implement all the handles predicates
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f9a962c03 python: wrap autogenerated ExceptGroupStmt_ 
also widen type of `Try::getHandler` to `Stmt`.
`ExceptStmt` is now too narrow,
as a handler can also be of type `ExceptGroupStmt`.
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
24d22ccb6e python: regenerated AST 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f89325ca7 python: dummy stats for ExceptGroupStmt 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
1fd76f02fd python: db uprade and downgrade scripts 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
856e48c414 python: new dbscheme 2022-11-10 22:20:27 +01:00
Rasmus Wriedt Larsen
88f703af1f DataFlow: Accept changes to .expected 2022-11-10 22:13:34 +01:00
Rasmus Wriedt Larsen
4caaa3a396 Python: Rewrite call-graph tests to be inline expectation (1/2) 
This adds inline expectations, next commit will remove old annotations
code... but I thought it would be easier to review like this.
 2022-11-10 21:08:29 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Nick Rolfe
9f31ef851f Python: fix spelling of SqlExecution class in comment 2022-11-10 11:53:12 +00:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
erik-krogh
c8b7eccc6f sync files 2022-11-09 11:31:13 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
erik-krogh
c89016b181 use instead of a fixed version number 2022-11-07 14:32:20 +01:00
erik-krogh
c733648dc6 add change-note 2022-11-07 14:31:53 +01:00
erik-krogh
618438642a update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-07 14:31:52 +01:00
erik-krogh
4f11e2d25f port the Python regex/redos queries to use the shared pack 2022-11-07 14:31:51 +01:00
erik-krogh
05605480ae drive-by simplification of the python regex-tree 2022-11-07 14:31:27 +01:00
erik-krogh
1aeaefca7f add a Python implementation of RegexTreeViewSig 2022-11-07 14:31:27 +01:00
erik-krogh
5fbcbbc584 move existing regex-tree into a module 2022-11-07 14:31:27 +01:00
erik-krogh
2b139924cd add codeql/regex as a dependency 2022-11-07 14:31:27 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Michael Nebel
3c8fb0520e C#: Sync files. 2022-11-04 08:20:53 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
Rasmus Lerchedahl Petersen
0a7cfad048 python: inline query tests for command injection 
note how the test file is partially annotated
and those annotations can now be expressed

In this particular test file, absolute line numbers
might have been better than relative ones.
We might remove line numbers altogether,
but should check more querries to see how it looks.
 2022-11-02 16:21:59 +01:00
Rasmus Lerchedahl Petersen
f486c44b00 python: library for inline query tests 
similar to the consistency queires used in js
but based on the inline expectations framework
 2022-11-02 16:18:36 +01:00
erik-krogh
c15f63ce62 sync files 2022-11-01 21:35:27 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Rasmus Wriedt Larsen
ead0844174 Merge pull request #10998 from RasmusWL/essa-use-use-test 
Python: Add failing ESSA use-use test
 2022-10-31 10:38:26 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Rasmus Wriedt Larsen
a04c78ab94 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-10-28 15:31:42 +02:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Rasmus Wriedt Larsen
e8fdff7a3b Python: Expand ExternalAPIs test 
We never had a showcase of how keyword arguments were handled
 2022-10-28 09:38:02 +02:00
Rasmus Wriedt Larsen
6577281bed Python: Add crosstalk fieldflow test 2022-10-28 09:31:16 +02:00
Rasmus Wriedt Larsen
c1b2561598 Python: Extend fieldflow tests with bound method call 2022-10-28 09:31:16 +02:00
Rasmus Wriedt Larsen
0f34752f8f Python: Delete classesCallGraph.ql 
I don't see the value from this, so just going to outright delete it.
(it actually stayed alive for quite some time in the original git history,
but never seemed to be that useful.)
 2022-10-28 09:31:01 +02:00
Rasmus Wriedt Larsen
7d8c0c663f Python: Remove dataflow/coverage/dataflow.ql 
The selected edges is covered by `NormalDataflowTest.ql` now... and
reading the test-output changes in `edges` is just going to make commits
larger while not providing any real value.
 2022-10-28 09:29:32 +02:00
Rasmus Wriedt Larsen
609a4cfd42 Python: validate tests in datamodel.py 
And adopt argument passing tests as well.

turns out that `C.staticmethod.__func__` doesn't actually work :O
 2022-10-28 09:29:32 +02:00
Rasmus Wriedt Larsen
39081e9c1c Python: Fix staticmethod datamodel test 2022-10-28 09:29:32 +02:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Rasmus Wriedt Larsen
adf109b624 Merge branch 'main' into inline-fail-tag 2022-10-27 13:42:32 +02:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Rasmus Wriedt Larsen
dbd84b2d37 InlineExpectationsTest: Add quote around missing tag 
To aid with quickly scanning where the missing tag is. I just had to do
this myself looking over some test failures, and it all just blurred
into each other in the logs.

see https://github.com/github/codeql/actions/runs/3332266045/jobs/5512944867#step:5:467
 2022-10-27 09:02:28 +02:00
Rasmus Wriedt Larsen
76e84ef63a InlineExpectationsTest: Fail if missing getARelevantTag 2022-10-26 18:20:37 +02:00
Rasmus Wriedt Larsen
bfe9aa1225 InlineExpectationsTest: Add test showing what happens if you leave out getARelevantTag 2022-10-26 18:00:03 +02:00