hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,271 Commits 1,712 Branches 163 Tags
bbcbcefedcbff4cfd7a16cbfa904b42462f1ee88
Commit Graph

24271 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
bbcbcefedc Python: Add false negative test case. 2021-07-20 12:54:06 +00:00
Taus
233ae5a54b Python: Fix FP in py/unused-local-variable 
This is only a temporary fix, as indicated by the TODO comment.

The real underlying issue is the fact that `isUnused` is defined in
terms of the underlying SSA variables (as these are only created
for variables that are actually used), and the fact that annotated
assignments are always considered to redefine their targets, which may
not actually be the case.

Thus, the correct fix would be to change the extractor to _disregard_
mere type annotations for the purposes of figuring out whether an
SSA variable should be created or not.

However, in the short term the present fix is likely sufficient.
 2021-07-20 12:13:44 +00:00
Taus
8b3fa789da Python: Add AnnAssign DefinitionNode 
This was a source of false positives for the
`py/uninitialized-local-variable` query, as exemplified by the test
case.
 2021-07-20 11:57:26 +00:00
Taus
f91e826781 Python: Add test case 2021-07-20 11:57:12 +00:00
CodeQL CI
d282f6a356 Merge pull request #6218 from tausbn/python-add-typetrackingnode 
Approved by RasmusWL
 2021-07-15 07:04:50 -07:00
Taus
dd03d8102b Merge pull request #6300 from RasmusWL/redos-tests 
Python: Fix `py/polynomial-redos`
 2021-07-15 15:59:01 +02:00
Chris Smowton
712b0d866e Merge pull request #6297 from aschackmull/java/query-metadata4 
Java: More missing metadata.
 2021-07-15 14:32:47 +01:00
Arthur Baars
a47002c6d8 Merge pull request #6302 from github/aibaars/drop-spaces 
C# remove spurious spaces in <code> tag
 2021-07-15 14:57:21 +02:00
Arthur Baars
e387d602b2 C# remove spurious spaces in <code> tag 2021-07-15 14:38:01 +02:00
Rasmus Wriedt Larsen
900cbc9a2f Merge pull request #6265 from tausbn/python-performance-fixes 
Python: Fix a few performance issues.
 2021-07-15 14:19:37 +02:00
Rasmus Wriedt Larsen
a5834c4d78 Python: Fix py/polynomial-redos 2021-07-15 14:16:19 +02:00
Rasmus Wriedt Larsen
76caf43b54 Python: Add tests for py/polynomial-redos 2021-07-15 14:15:44 +02:00
Rasmus Wriedt Larsen
1be0dc0876 Python: Move test for ReDoS 2021-07-15 14:15:24 +02:00
Anders Schack-Mulligen
5b7c2d133f Merge pull request #6291 from aschackmull/java/csv-synthfield 
Java: Add support for synthetic fields in csv rows.
 2021-07-15 13:43:56 +02:00
Anders Schack-Mulligen
9b2b593cb4 Java: More missing metadata. 2021-07-15 13:41:12 +02:00
Geoffrey White
e3e7b00986 Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Anders Schack-Mulligen
8ccdd4fb9f Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check 
Dataflow: Refactor call context check
 2021-07-15 12:27:23 +02:00
Anders Schack-Mulligen
7339bd89ba Java: Add support for synthetic fields in csv rows. 2021-07-15 12:19:34 +02:00
Anders Schack-Mulligen
d34e748c83 Merge pull request #6290 from aschackmull/java/query-metadata3 
Java: Add metadata.
 2021-07-15 09:59:45 +02:00
Anders Schack-Mulligen
60b3dbd217 Java: Add metadata. 2021-07-15 09:16:56 +02:00
Anders Schack-Mulligen
bf0877c5cb Merge pull request #6289 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-07-15 09:15:51 +02:00
Anders Schack-Mulligen
e18a20fedb Merge pull request #6285 from smowton/smowton/feature/spring-jdbc-object 
Add models for org.springframework.jdbc.object
 2021-07-15 09:06:56 +02:00
Robert Marsh
4d8e882214 Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
github-actions[bot]
d6186e8d0f Add changed framework coverage reports 2021-07-15 00:06:37 +00:00
Chris Smowton
f2b232f276 Add change note 2021-07-14 17:39:58 +01:00
Chris Smowton
0b2750828e Add models for org.springframework.jdbc.object 
Also add tests for the existing Spring JDBC SQL injection sinks in the process
 2021-07-14 17:25:00 +01:00
Taus
fb57c5f6f0 Merge pull request #6143 from RasmusWL/concepts-private-import-python 
Python: Make `import python` private in Concepts.qll
 2021-07-14 17:49:06 +02:00
Taus
5c5ee85332 Merge pull request #6122 from RasmusWL/mention-mysqlclient 
Python: Mention modeling of `mysqlclient` PyPI package
 2021-07-14 17:48:40 +02:00
Taus
30d61045d2 Python: Mention nameIndicatesSensitiveData 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-14 17:33:39 +02:00
Aditya Sharad
e0a123cbd0 Merge pull request #6257 from github/rneatherway/summary-docs 
Add docs for summary type queries
 2021-07-14 07:54:18 -07:00
Taus
2bb44d49d9 Python: Perform more deduplication 
This cut the evaluation time on `django` down from 1.2 seconds to ~0.8
seconds (but the impact will likely be greater on bigger projects).
 2021-07-14 13:38:05 +00:00
Anders Schack-Mulligen
a0481bda91 Merge pull request #6282 from aschackmull/java/query-metadata2 
Java: Add missing metadata.
 2021-07-14 15:17:27 +02:00
Anders Schack-Mulligen
11fc23ba09 Merge pull request #6030 from smowton/smowton/admin/test-generator 
Add test-generator script + add generated models for Spring summary steps
 2021-07-14 14:44:07 +02:00
Anders Schack-Mulligen
9034b03c7b Java: Add missing metadata. 2021-07-14 14:40:50 +02:00
Anders Schack-Mulligen
3a3398508c Merge pull request #5895 from github/sauyon/java/spring 
Add models for some Spring pseudo-collections
 2021-07-14 14:40:24 +02:00
Sauyon Lee
d7bfc2eebf Remove redundant model lines 2021-07-14 05:05:17 -07:00
Sauyon Lee
671243c15d Add change note 2021-07-14 05:05:17 -07:00
Sauyon Lee
1f97ac88c8 Fix tests 2021-07-14 05:05:17 -07:00
Sauyon Lee
eaef1c146c Add generated tests 2021-07-14 05:05:16 -07:00
Sauyon Lee
16931e5de8 Add necessary stubs for Spring 
Co-Authored-By: smowton <smowton@github.com>
 2021-07-14 04:57:56 -07:00
Sauyon Lee
fc7e062deb Java: Add models for the Spring cache package 2021-07-14 04:57:56 -07:00
Sauyon Lee
d9fb09d132 Java: Add models for the Spring ui package. 2021-07-14 04:57:56 -07:00
Anders Schack-Mulligen
04244b3c45 Merge pull request #5974 from github/sauyon/java/spring-webmultipart 
Model Spring `web.multipart`
 2021-07-14 13:57:24 +02:00
Anders Schack-Mulligen
3c4cd15738 Merge pull request #5505 from joefarebrother/android-sql-convert 
Java: Convert Android SQL-related flow steps to CSV format
 2021-07-14 13:56:55 +02:00
Chris Smowton
e9390cb3eb Remove superfluous conjunct 2021-07-14 12:42:28 +01:00
Taus
09993406f1 Python: Add explanatory QLDoc comment 2021-07-14 10:42:07 +00:00
Mathias Vorreiter Pedersen
0b21caa9ae Merge pull request #6280 from MathiasVP/restrict-call-context-relation 
C++: Potentially improve performance of call-context calculation
 2021-07-14 12:15:26 +02:00
Mathias Vorreiter Pedersen
1480ac7c1d C++: Potentially improve performance by restricting the size of the call-context relation. 2021-07-14 11:23:56 +02:00
Robin Neatherway
c9e642fb06 Merge branch 'main' into rneatherway/summary-docs 2021-07-14 10:13:32 +01:00
Chris Smowton
3ae99b93ca Merge pull request #6215 from aschackmull/java/fix-csv-subtype-interpretation 
Java: Fix CSV subtype interpretation
 2021-07-14 09:57:21 +01:00