hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,491 Commits 1,671 Branches 157 Tags
ab672ded6aad6ffb51a5c091f243200edb8b9b4e
Commit Graph

6113 Commits

Author SHA1 Message Date
Tom Hvitved
e57c3bec63 Sync files 2022-10-03 20:29:39 +02:00
Tom Hvitved
d52d3d7b75 Merge pull request #10644 from hvitved/ruby/prevent-reevaluation 
Ruby: Prevent reevaluation of expensive predicates
 2022-10-03 13:10:39 +02:00
Rasmus Wriedt Larsen
a0fcd4a9bf Merge pull request #10631 from RasmusWL/cleanup-options-files 
Python: Remove last `-p ../lib/` in `options` files
 2022-10-03 11:09:59 +02:00
Tom Hvitved
dc432c7774 Sync shared files 2022-09-30 14:56:56 +02:00
Asger F
6e1914ad01 Merge pull request #10375 from asgerf/rb/summarize-loads-v2 
Ruby: type-tracking and API edges through simple library callables
 2022-09-30 14:25:17 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
CodeQL CI
b66e5c5aee Merge pull request #10634 from yoff/python/rewrite-typetrackers 
Approved by tausbn
 2022-09-30 03:55:35 -07:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
yoff
8ab5617b51 Merge pull request #10539 from yoff/python/improve-API-graphs 
Python: add subscript to API graphs
 2022-09-29 21:05:22 +02:00
Rasmus Lerchedahl Petersen
84ab860600 python: rewrite type tracker for ldap operations 
There are several other clean ups I would like to do in this file,
but this can wait until we promote the query.
 2022-09-29 20:32:19 +02:00
Rasmus Lerchedahl Petersen
0654e39e72 python: rewrite type tracker for compiled regexes 
we have the option to use `regex.getAValueReachingSink`
rather than `regex.asSink`, but it will likely be used as a
sink for data flow.
 2022-09-29 20:30:29 +02:00
Rasmus Wriedt Larsen
ea27f4e20f Python: Remove last -p ../lib/ in options files 
These were only needed for points-to.

If they only contained `--max-import-depth`, I've removed the `options`
file entirely.
 2022-09-29 18:05:51 +02:00
Asger F
ed36f1983b Python: sync TypeTracker.qll 2022-09-29 15:57:09 +02:00
Asger F
dc03557aea Merge branch 'main' into rb/summarize-loads-v2 2022-09-29 12:07:30 +02:00
Rasmus Lerchedahl Petersen
a11948bea0 Python: make toString follow member predicate name 2022-09-28 16:13:04 +02:00
Rasmus Lerchedahl Petersen
d122a64e74 Python: do not commit to CfgNode 2022-09-28 16:12:29 +02:00
Asger F
24f2a3cdff Sync ApiGraphModels.qll 2022-09-28 12:17:44 +02:00
Rasmus Lerchedahl Petersen
05102f9007 Python: add change note 2022-09-28 12:06:05 +02:00
Rasmus Lerchedahl Petersen
b1ae3bfdb2 Python: less eager tracking of flow 2022-09-28 11:46:26 +02:00
Rasmus Lerchedahl Petersen
63ee51a4e2 Python: inline mongoCollectionMethod 2022-09-28 11:40:06 +02:00
yoff
70d47f313e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-28 11:33:00 +02:00
Asger F
9c93ad904f Python: sync 2022-09-28 10:49:34 +02:00
Asger F
e47deaffbf Ruby: More QLDoc police 2022-09-28 10:49:34 +02:00
Asger F
7737e75427 Update some QLDoc comments 2022-09-28 10:49:34 +02:00
Asger F
576e320bf5 Python: sync 2022-09-28 10:49:34 +02:00
Asger F
e104b65106 Python: sync TypeTracker.qll and adapt accordingly 
fixup python
 2022-09-28 10:49:33 +02:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Rasmus Lerchedahl Petersen
441fc1bb28 Python: type trackers to API graph 
base on new subscript in the API graph

There are a few more uses of type tracking
through `SubscriptNode`s, but these start
from an instance given by a data flow node.
 2022-09-26 15:05:50 +02:00
Rasmus Lerchedahl Petersen
9b1ec03d70 Python: type tracking to API graph 
using the new subscript node
 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
bc963b2386 Python: subscript on API::Node 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
6114d71d3d Python: subscript on local source nodes 
and adjust comment on awaited
 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
7f610405a0 Python: move code and harmonize comments 2022-09-26 13:39:59 +02:00
Rasmus Lerchedahl Petersen
69640f3c20 Python: refactor awaited 2022-09-26 13:39:59 +02:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Rasmus Wriedt Larsen
71da217b82 Merge pull request #10535 from RasmusWL/flask-jsonify 
Python: Model `flask.jsonify`
 2022-09-23 12:18:27 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Tom Hvitved
f4b82cb2e8 Python: Update expected test output 2022-09-22 15:01:40 +02:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Rasmus Wriedt Larsen
d3f811cab3 Python: Accept any arg to flask.jsonify 
Thanks @tausbn 👍
 2022-09-22 14:59:06 +02:00
Rasmus Wriedt Larsen
8174120916 Python: Model flask.jsonify 2022-09-22 14:43:39 +02:00
Rasmus Wriedt Larsen
078d3d0062 Python: Add stacktrace exposure example 2022-09-22 14:27:49 +02:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00