hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
960 Commits 1,740 Branches 165 Tags
bee94757dd2674ebe1ff953708ef75fe6fd67621
Commit Graph

238 Commits

Author SHA1 Message Date
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Nick Rolfe
17a59ef824 Add basic test for regex parsing 2021-06-24 18:06:08 +01:00
Nick Rolfe
51b0ffdaf8 Fix printAst to support adding edges in AstDesugar test 2021-06-24 17:14:23 +01:00
Tom Hvitved
9438885776 Merge pull request #216 from github/hvitved/synthesis-location 
AST synthesis: Move location information into a separate predicate
 2021-06-23 16:50:17 +02:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Tom Hvitved
1dde5b8ef9 AST synthesis: Move location information into a separate predicate 2021-06-23 08:46:07 +02:00
Alex Ford
dbf1805c8b Merge pull request #196 from github/active-record-1 
Start modelling some potential SQL fragment sinks in ActiveRecord
 2021-06-22 16:05:26 +01:00
Nick Rolfe
65aa97c07c Use RegExp prefix instead of Regex, for consistency with other languages. 2021-06-18 15:56:19 +01:00
Alex Ford
214532516b try to avoid a future merge conflict 2021-06-17 14:41:51 +01:00
Alex Ford
bf43a77df5 Include some more types of expressions as possible active record SQL sink arguments 2021-06-15 12:41:42 +01:00
Alex Ford
c1b9952517 account for chained method calls when constructing ActiveRecord SQL queries 2021-06-15 11:39:48 +01:00
Alex Ford
f8a77b9854 format QL 2021-06-15 11:39:48 +01:00
Alex Ford
57c04266e3 rename SqlExecutingMethodCall as PotentiallyUnsafeSqlExecutingMethodCall 2021-06-15 11:39:48 +01:00
Alex Ford
2d4bb61789 limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument 2021-06-15 11:39:48 +01:00
Alex Ford
c641d12259 add shell ActiveRecord library tests 2021-06-15 11:39:48 +01:00
Tom Hvitved
8860b8adf0 Merge pull request #198 from github/hvitved/desugar-compound-assignment 2021-06-10 19:39:54 +02:00
Tom Hvitved
962768e7c0 Disambiguate toStrings for nested synthetic local variables 2021-06-04 19:20:11 +02:00
Tom Hvitved
82fbc03889 Merge pull request #200 from github/hvitved/dataflow/call-sensitivity 
Data flow: Call-sensitive resolution of lambda/block calls
 2021-06-04 16:25:13 +02:00
Tom Hvitved
61e35ddae1 Data flow: Call-sensitive resolution of lambda/block calls 2021-06-04 12:58:38 +02:00
Tom Hvitved
6678ac0347 Desugar compound assignments 2021-06-04 10:39:06 +02:00
Tom Hvitved
da9adfbab4 Improve performance of desugaring transformations 2021-06-04 10:34:00 +02:00
Tom Hvitved
57eee0368d Add CFG tests for compound assignments 2021-06-04 10:34:00 +02:00
Tom Hvitved
1007f2aaff Rename (Hash)SplatArgument to (Hash)SplatExpr and make them UnaryOperations 2021-06-04 10:04:06 +02:00
Tom Hvitved
372f8645a9 Add (hash)splat AST tests 2021-06-04 09:53:14 +02:00
Tom Hvitved
908e9ff3b5 Include desugared node in AstDesugar.ql 2021-06-03 14:46:32 +02:00
Tom Hvitved
5bafc0c708 Merge pull request #183 from github/hvitved/assign-op-desugar 
Desugar setter assignments
 2021-06-01 14:00:04 +02:00
Tom Hvitved
3ffef634d7 More synthesis refactoring 
- Join `TElementReferenceSynth` and `TMethodCallSynth`.
- Move arity and setter information into `MethodCallKind`.
- Add `Synthesis::methodCall` for specifying which method calls need synthesis.
 2021-05-31 16:29:41 +02:00
Tom Hvitved
f8b99291a7 Improve desugaring of setter assignments 2021-05-26 18:41:21 +02:00
Arthur Baars
ec905e0866 Merge pull request #168 from github/aibaars/typetrack-method 
Call graph
 2021-05-26 14:19:21 +02:00
Tom Hvitved
abcabeef06 Remove *Real predicates and enable recursive desugaring 2021-05-25 21:27:39 +02:00
Tom Hvitved
3f412e4fad Desugar setter assignment operations 2021-05-25 21:27:39 +02:00
Tom Hvitved
b173cc332a Desugar setter assignments 2021-05-25 21:27:39 +02:00
Tom Hvitved
b812012b71 Add CFG setter assignment test 2021-05-25 21:27:39 +02:00
Tom Hvitved
e85677a040 Adjust locations of synthesized AST nodes 2021-05-25 21:27:34 +02:00
Arthur Baars
ce23ae33e7 Fix Scope::parentOf for HereDocBody 2021-05-25 11:27:45 +02:00
Arthur Baars
bb62564c9e Add test for heredoc with variables 2021-05-25 11:16:55 +02:00
Arthur Baars
0ccca47b01 Dataflow for implicit self argument of methods 2021-05-20 14:27:13 +02:00
Arthur Baars
eb8b2558da Add types of lambdas and methods 2021-05-20 14:27:13 +02:00
Arthur Baars
e787d99cd1 Resolve yield calls to blocks 2021-05-20 14:27:13 +02:00
Arthur Baars
66b2c39985 More tests 2021-05-20 14:27:13 +02:00
Arthur Baars
da88661746 Add SSA flow step for parameters 2021-05-20 14:27:13 +02:00
Arthur Baars
f157f1f359 Fix superclass of Class 2021-05-20 14:27:13 +02:00
Arthur Baars
1ba94beb01 Fix types of true/false 2021-05-20 14:27:13 +02:00
Arthur Baars
af19cc5fae Add test cases 2021-05-20 14:27:13 +02:00
Arthur Baars
7f520e7899 Add types of literals 2021-05-20 14:27:13 +02:00
Tom Hvitved
6b6aeb10c7 Improve performance of internal/Module.qll 2021-05-19 14:33:52 +02:00
Tom Hvitved
c866f88410 CFG: Add missing propagatesAbnormal overrides 2021-05-18 20:39:46 +02:00
Tom Hvitved
9871698cee Add more CFG tests 2021-05-18 20:39:08 +02:00