hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,913 Commits 1,742 Branches 165 Tags
7dba2b58684a2ee3dedde0bbe805d73bf86a4de5
Commit Graph

34913 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
64496b4c97 Swift: cleanup and some docstrings for codegen 
Also added code generation and clang formatting to the pre-commit
configuration.
 2022-04-14 11:27:41 +02:00
Paolo Tranquilli
91fd83a554 Swift: dbscheme generator 
This patch introduces the basic infrastructure of the code generation
suite and the `dbscheme` generator.

Notice that the checked in `schema.yml` should reflect swift 5.6 but
might need some tweaking.

Closes https://github.com/github/codeql-c-team/issues/979
 2022-04-14 11:27:41 +02:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
 2022-04-14 11:21:18 +02:00
Harry Maclean
cf0611d1e7 Pass args to jq via --arg 2022-04-14 13:50:41 +12:00
Harry Maclean
a90647798e Fail workflow if COMMENT_ID fails validation 
And print an error message to STDERR.
 2022-04-14 13:21:38 +12:00
Harry Maclean
c9a5cb4bf6 Distinguish between validated and raw COMMENT_ID 2022-04-14 13:19:14 +12:00
Harry Maclean
c3f1fba985 Merge pull request #8598 from hmac/hmac/insecure-dep-resolution 
Ruby: Add rb/insecure-dependency query
 2022-04-14 02:09:44 +02:00
Erik Krogh Kristensen
4c97f68a3d remove postmessage events as source for js/resource-exhaustion 2022-04-13 23:14:42 +02:00
Erik Krogh Kristensen
51a0b6d501 remove client-side remote-flow from js/resource-exhaustion 2022-04-13 23:05:59 +02:00
Jean Helie
1e39a9caae ML: update regression test output following fix to getAnUnknown predicate 2022-04-13 18:14:16 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
f2b813a6e7 ML: add regression test for effective sink that is also NotASink 2022-04-13 18:14:16 +02:00
Henry Mercer
6603f8ab94 Merge pull request #8734 from github/henrymercer/non-extending-subtypes-minor-fixes 
Docs: Fix typo and formatting in "Non-extending subtypes"
 2022-04-13 17:11:33 +01:00
Henry Mercer
54b3d4d0d7 Docs: Fix typo and formatting in "Non-extending subtypes" 
- Fix typo `select any(Foo f) would yield bar` -> `select any(Foo f).foo() would yield bar`
- Fix inline code formatting
- Change `foo_method` to `fooMethod` to follow QL style guide
 2022-04-13 16:12:42 +01:00
AlexDenisov
df2cc181a0 Merge pull request #8726 from redsun82/swift-prebuilt-fetching 
Swift: fetch prebuilt swift and link against it
 2022-04-13 16:58:36 +02:00
Paolo Tranquilli
aaf9e7da2f turn off universal_binaries for now 2022-04-13 16:45:23 +02:00
Paolo Tranquilli
9e3401ce59 make self repository name parametric 
In a workspace macro we must use the exact repository name, and this
can be different when importing the workspace (it is different in
semmle-code).
 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
73d5691d91 update swift package 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
e68172f4b0 Swift: fetch prebuilt swift and link against it 
This is known to break linux integration in sembuild.
 2022-04-13 16:22:27 +02:00
Rasmus Wriedt Larsen
a271e17f04 Python: Move dataflow call-graph to new qll file 
Seems like all other languages use a file called `DataFlowDispatch`. I
want to introduce a setup where we have (old) points-to based approach
in one file, and can develop a type-tracking based approach in another
file, so that's the reason for the naming differing slightly.

For which predicates go in which files, I have taken mostly inspiration
from C# and Ruby.
 2022-04-13 15:56:57 +02:00
Rasmus Wriedt Larsen
3d15205084 Python: Autoformat 2022-04-13 15:36:16 +02:00
Rasmus Wriedt Larsen
ded4e9250c Python: Move IterableUnpacking to own file 2022-04-13 15:36:05 +02:00
Rasmus Wriedt Larsen
c740894408 Python: Move MatchUnpacking to own file 
I had hoped that git would be able to see this as a rename, and
therefore I haven't done autoformat
 2022-04-13 15:36:05 +02:00
AlexDenisov
058ac5bcae Merge pull request #8717 from AlexDenisov/alexdenisov/swift-ql-ci 
Swift: enable QL tests on CI
 2022-04-13 14:42:27 +02:00
Jean Helie
407a8a7715 ML: fix ATM expected tests outputs 2022-04-13 14:02:12 +02:00
Rasmus Wriedt Larsen
2e60172bfa Python: Delete old dataflow readme 2022-04-13 12:09:38 +02:00
Paolo Tranquilli
6166f0601c Merge pull request #8727 from redsun82/bazel_workspace_rename 
Bazel: rename workspace to codeql
 2022-04-13 10:51:10 +02:00
Alex Denisov
60c6241382 Swift: run QL tests on macOS 2022-04-13 10:35:15 +02:00
Asger Feldthaus
a5ad4c8263 QL: Update printAst output 
Annotations are not longer their own children/parent.
 2022-04-13 10:29:21 +02:00
Erik Krogh Kristensen
41bdd8f4da minor fixes 2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen
b13e7c055b move the sanitizer-guard to the Query.qll file 2022-04-13 09:58:33 +02:00
Erik Krogh Kristensen
96e4633dfe remove more code that did nothing 2022-04-13 09:57:32 +02:00
Erik Krogh Kristensen
a9595af01e update expected output 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
d35604ed82 remove the length sanitizer from loop-bound-injection - it did nothing 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
dd28157d0a add test of a length check 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
8e47a9b242 add sanitizer step for .length in js/resource-exhaustion 2022-04-13 09:30:09 +02:00
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Asger Feldthaus
c1827cfd30 QL: Add test for getAStringValue 2022-04-13 08:45:25 +02:00
Asger Feldthaus
4c72c31a5a QL: Add InlineExpectationsTest 2022-04-13 08:45:25 +02:00
Asger Feldthaus
b0801c9b2f QL: Add some missing qldoc 2022-04-13 08:45:25 +02:00
Asger Feldthaus
8188e2876c QL: Autoformat 2022-04-13 08:45:25 +02:00
Asger Feldthaus
6632b7da1c QL: Add FrameworkCoverage query 2022-04-13 08:45:25 +02:00
Alex Denisov
b8c1f1a6e1 Swift: run QL tests on Linux 2022-04-13 07:44:19 +02:00
Paolo Tranquilli
141ba2e039 Bazel: rename workspace to codeql 2022-04-12 17:37:29 +02:00
Paolo Tranquilli
03ebf8b049 Merge pull request #8700 from redsun82/swift-skeleton 
Swift: first skeleton extractor
dsp-testing/codeql-swift-artifacts 		2022-04-12 17:14:42 +02:00
Paolo Tranquilli
8ef28787b6 Swift: do not fail pack creation if dir does not exist 2022-04-12 17:05:26 +02:00
Erik Krogh Kristensen
a2d2626c9c add security severity 2022-04-12 16:34:00 +02:00
Erik Krogh Kristensen
d64df30724 reintroduce the reverted qhelp 2022-04-12 16:33:06 +02:00
Erik Krogh Kristensen
ebf9ba7250 remove the type-overloaded new Buffer() as a sink 2022-04-12 16:29:58 +02:00
Erik Krogh Kristensen
e2b7f7d05d reintroduce the number sinks 2022-04-12 16:26:10 +02:00