hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,173 Commits 1,673 Branches 157 Tags
c752777022dc4aaecbdb2894f7b08c8ed2ef1567
Commit Graph

53173 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
c752777022 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c011e013e1 fixup restoration of variadic models 2023-04-12 14:19:01 +01:00
Chris Smowton
7c8db6eace Restore QL modelling for the built-in append function. 2023-04-12 14:19:01 +01:00
Chris Smowton
a796ddb95b Accept paths-only test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
77b8103cc1 Adapt tests not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
2e70fada8d Bump Go version on test referencing go 1.20 methods 
This turned out not to matter for the extractor, but it means we can check the build using `go build`.
 2023-04-12 14:19:01 +01:00
Chris Smowton
a673610e18 Adapt query not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
c8407ba323 Revert variadic functions to use non-MaD models 2023-04-12 14:19:01 +01:00
Chris Smowton
16e3acf592 Restore old-style taint models for the unsafe package 
These functions don't have proper signature types, so are not suited to MaD models
 2023-04-12 14:19:00 +01:00
Chris Smowton
2c65e68c5f Adapt HTTP response body association to MaD models 2023-04-12 14:19:00 +01:00
Chris Smowton
2677a945f3 Autoformat 2023-04-12 14:19:00 +01:00
Chris Smowton
53723479c8 Enable model inheritence by subinterfaces 
Previously only a concrete (non-interface) method could inherit such a model
 2023-04-12 14:19:00 +01:00
Chris Smowton
9c45192a4e Remove spurious duplicate models 2023-04-12 14:19:00 +01:00
Chris Smowton
c242c28af9 Use $ANYVERSION to allow applying a model to all versions of a given package 2023-04-12 14:19:00 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
bfc8db90af Accept test changes 
This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel
 2023-04-12 14:19:00 +01:00
Chris Smowton
d49840ee8e Restore mistakenly-deleted models 2023-04-12 14:19:00 +01:00
Chris Smowton
11b457d5bf Allow - character in Go package names 2023-04-12 14:19:00 +01:00
Chris Smowton
e98c70c482 Restore mistakenly deleted model 2023-04-12 14:19:00 +01:00
Chris Smowton
1b7f529949 Restore reverse-flow models 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Chris Smowton
51ebc0bef2 Amend test now that DataFlowCallable != Callable 2023-04-12 14:15:54 +01:00
Chris Smowton
a5e5a5780d Use FlowSummaryImpl::Private::summaryParameterNodeRange 2023-04-12 14:15:54 +01:00
Chris Smowton
4ea4e0dcca Go: seperate real and synthetic callables 
This means that when a function has a real body and a summary (usually because it has a real definition in source, and implements an interface that has a model), two callables are created and dispatch considers both possible paths.

This specifically overcomes the difficulty with ParameterNodes when the real callable, if any, may or may not define an SsaNode, either because the real parameter is unused or because it is anonymous. Now the synthetic callable will always have parameter nodes, while the real one may or may not depending on whether a definition is present and
whether or not it names or uses its parameter.
 2023-04-12 14:15:54 +01:00
Erik Krogh Kristensen
cfb273ae01 Merge pull request #12799 from erik-krogh/oneColumn 
JS: use 1-based column locations for diagnostics
 2023-04-12 14:48:20 +02:00
Alexandre Boulgakov
f4b79ea07d Merge pull request #12784 from github/sashabu/keypaths 
Swift: Extract structured keypath components.
 2023-04-12 13:12:22 +01:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
Alexandre Boulgakov
b890e2ef96 Swift: Use camelCase in KeyPathComponent predicates. 2023-04-12 12:50:50 +01:00
erik-krogh
d3cc1d6991 update expected output of diagnostics test 2023-04-12 13:42:05 +02:00
Erik Krogh Kristensen
8cb54b748b Merge pull request #12787 from tyage/add-router-sink 
JS: Add New XSS sink - Next.js router.push/replace
 2023-04-12 13:30:21 +02:00
Alexandre Boulgakov
64443dfdcf Swift: Add named predicates for known KeyPathComponent kinds. 2023-04-12 12:06:14 +01:00
Michael Nebel
b5b0d60074 Merge pull request #12731 from michaelnebel/csharp/refactorcleatextstorage 
C#: Re-factor CleartextStorage to use the new API.
 2023-04-12 09:32:56 +02:00
Tony Torralba
cc6a923eef Merge pull request #12798 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-12 09:04:53 +02:00
erik-krogh
fe5e4845b1 use 1-based column locations for diagnostics 2023-04-12 08:14:15 +02:00
github-actions[bot]
a55f5ed933 Add changed framework coverage reports 2023-04-12 00:15:16 +00:00
Alexandre Boulgakov
b900185ae3 Swift: Add db upgrade/downgrade scripts for key-path component extraction. 
I've marked both scripts as "partial" since we're extracting different AST components for key-paths and don't have a good way to convert between them in QL. Each deletes the corresponding tables, but leaves non-key-path functionality intact.
 2023-04-11 14:00:13 +01:00
Alexandre Boulgakov
35a2d55d18 Swift: Extract structured keypath components. 
Changes in swift/ql/lib are generated by swift/codegen without manual intervention.
 2023-04-11 13:34:17 +01:00
Alexandre Boulgakov
2b1dea56b5 Swift: Add error query to AST tests. 
Preexisting errors are left to be fixed later.
 2023-04-11 13:34:16 +01:00
Jami
b7c7449b08 Merge pull request #12739 from jcogs33/jcogs33/add-one-more-top500-model 
Java: add summary model for `UnsupportedOperationException(String)` constructor
 2023-04-11 08:25:36 -04:00
Asger F
aef0fa3c8a JS: Expand QLDoc 2023-04-11 14:16:36 +02:00
Asger F
d702c7b990 Merge pull request #12759 from asgerf/js/getset-in-pattern 
JS: Fix parsing of 'get' or 'set' pattern with a default value
 2023-04-11 14:03:00 +02:00
Asger F
2c65a49d7c JS: Add getForwardingFunction() to API graphs 2023-04-11 14:00:30 +02:00
Asger F
4ce03d4dc4 JS: Restrict useSelector steps to local callbacks 2023-04-11 13:33:46 +02:00
Asger F
3cc931306f JS: Add test for selector nodes with multiple access paths 2023-04-11 13:33:27 +02:00
Chris Smowton
f6f22c0cec Merge pull request #12783 from smowton/smowton/feature/golang-hide-summary-nodes 
Go: hide summary nodes from path explanations
 2023-04-11 10:47:25 +01:00
Henry Mercer
227aee84fe Merge pull request #12768 from github/henrymercer/merge-back-3.9 
Merge `rc/3.9` back to `main`
 2023-04-11 10:44:29 +01:00
Tony Torralba
075c0f94ac Merge pull request #12785 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-11 11:34:37 +02:00
Tony Torralba
3b11b7c9fd Merge pull request #12726 from github/java/update-mad-decls-after-triage-2023-03-31T08-30-31 
Java: Update MaD Declarations after Triage
 2023-04-11 11:33:36 +02:00
Tony Torralba
944bdfde45 Apply suggestions from code review 2023-04-11 09:47:47 +02:00
Stephan Brandauer
cb8506d51a Update MaD Declarations after Triage 2023-04-11 09:25:39 +02:00