hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 01:38:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,525 Commits 1,721 Branches 163 Tags
c7e552b343ea0cf8ea595c6742fb5b7f11eef7b8
Commit Graph

49525 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
c7e552b343 Python: Fix grammar in qldoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2023-01-30 09:45:45 +01:00
Rasmus Wriedt Larsen
a1c2f4c138 Python: Small rewrite of **kwargs getParameter logic 2023-01-30 09:42:43 +01:00
Rasmus Wriedt Larsen
cef933f813 Python: Add comment explaining SINK3_F(kwargs["c"]) test 
Co-authored-by: yoff <yoff@github.com>
 2023-01-27 15:48:59 +01:00
Rasmus Wriedt Larsen
c099dbd04c Python: Expand notes around bound methods self argument passing 2023-01-27 15:27:45 +01:00
Rasmus Wriedt Larsen
02b3a1b515 Python: At most one **kwargs ParameterNode per callable 
Similar to the Ruby changes from
https://github.com/github/codeql/pull/11461

I feel the change to `DataFlowFunciton.getParameter` where we use
`not exists(func.getArgByName(_))` is not very great, but I was not allowed
to use `not exists(this.getParameter(any(ParameterPosition _).isKeyword(_)))`
because of negative recursion.
 2023-01-27 11:14:42 +01:00
Rasmus Wriedt Larsen
f262dc68f8 Python: Reword note about debugging getNextClassInMro 2023-01-25 10:08:43 +01:00
Rasmus Wriedt Larsen
63b2bd0871 Python: Fixup test_only_starargs addition 
validTest.py did not pass, since we use `SINK3_F`.

I initially tried swapping the order

```
args = (arg1, arg2) # $ arg1 arg2 func=starargs_only
more_args = (arg4, arg3)
starargs_only(*args, *more_args)
```

But then asked myself, what is it _actually_ we're testing here? and it
seems to be the way we handle multiple *args arguments in the same call,
so I converted the test to be that instead! (and it matches what we do
in test_stararg_mixed)
 2023-01-25 09:37:07 +01:00
Rasmus Wriedt Larsen
0879c8f8e1 Python: Expand comments on C3 MRO 2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
80324735bb Python: Fixup annotation for CWE-022-PathInjection/pathlib_use.py 2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
753192bb4d Merge branch 'main' into call-graph-code 2023-01-23 11:25:02 +01:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Erik Krogh Kristensen
1ee9957838 Merge pull request #9807 from erik-krogh/endFilter 
JS: recognize "-->" as a bad tag filter
 2023-01-23 10:06:50 +01:00
Arthur Baars
99148244a4 Merge pull request #11856 from aibaars/update-grammars 
Update grammars
 2023-01-23 09:46:50 +01:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Mathias Vorreiter Pedersen
e664662df9 Merge pull request #11944 from github/post-release-prep/codeql-cli-2.12.1 
Post-release preparation for codeql-cli-2.12.1
 2023-01-20 21:52:55 +00:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Sarita Iyer
f5406570f7 Merge pull request #11817 from github/saritai/docs-contributing-info 
Add CONTRIBUTING.MD file for contributing to docs
 2023-01-20 12:41:20 -05:00
Rasmus Wriedt Larsen
25a68c4d71 Python: Include @yoff's suggestion on synthetic *args handling 2023-01-20 16:49:33 +01:00
Rasmus Wriedt Larsen
41ebb4fb55 Python: Add p2 in QLDoc example code for synthetic **kwargs 2023-01-20 16:40:39 +01:00
Rasmus Wriedt Larsen
d9fbe58ad5 Python: Expand starargs_only test 2023-01-20 16:34:59 +01:00
Jean Helie
9e6f9c2705 Merge pull request #11709 from github/jhelie/add-shell-command-injection 
ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query
 2023-01-20 16:03:30 +01:00
Mathias Vorreiter Pedersen
3059ce3070 Merge pull request #11938 from github/release-prep/2.12.1 
Release preparation for version 2.12.1
codeql-cli/v2.12.1 		2023-01-20 14:30:42 +00:00
Rasmus Wriedt Larsen
0df3dd68d6 Python: Remove (now) redundant cast 2023-01-20 15:13:02 +01:00
Rasmus Wriedt Larsen
1bd969c219 Merge branch 'main' into call-graph-code 2023-01-20 15:11:49 +01:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
Jeroen Ketema
cddaa0c8fa Apply suggestions from code review 2023-01-20 14:10:27 +01:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Geoffrey White
976b0401be Merge pull request #11876 from geoffw0/coredata 
Swift: Improve Core Data sinks for swift/cleartext-storage-database
 2023-01-20 11:02:03 +00:00
Ian Lynagh
05c80b3f3c Merge pull request #11894 from igfoo/igfoo/make-private 
Kotlin: Make a couple of functions private
 2023-01-19 20:59:32 +00:00
Sarita Iyer
3a8479614b fix link 2023-01-19 15:13:34 -05:00
Ian Lynagh
c2d5281e73 Merge pull request #11930 from igfoo/igfoo/fetch-codeql 
CI: fetch-codeql: Set $CODEQL_FETCHED_CODEQL_PATH in the enivironment
 2023-01-19 15:33:08 +00:00
Sarita Iyer
a83a98226c Update README.rst 2023-01-19 09:45:43 -05:00
Sarita Iyer
27a5051282 Update README.md 2023-01-19 09:45:01 -05:00
Sarita Iyer
894a494186 Apply suggestions from code review 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2023-01-19 09:39:55 -05:00
Paolo Tranquilli
c2c14cdddb Merge pull request #11929 from github/redsun82/swift-expand-ref-in-auto-docs 
Swift: expand `ref` in autogenerated docs
 2023-01-19 15:24:05 +01:00
Michael B. Gale
14cc27e49b Merge pull request #11910 from owen-mc/go/log-injection-sanitizer-newreplacer-replace 
Add missing string replacement sanitizers to log-injection and string-break
 2023-01-19 14:23:03 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Chris Smowton
9a5e1f5e28 Make import private 2023-01-19 14:10:17 +00:00
Michael Nebel
9cd1dc70e5 C#: Remove the Csv postfix of some predicates. 2023-01-19 15:02:52 +01:00
Owen Mansel-Chan
13d1c88a11 Make new data flow copy for StringOps.StringsNewReplacer 2023-01-19 13:05:31 +00:00
Ian Lynagh
3a5bec5778 CI: fetch-codeql: Set $CODEQL_FETCHED_CODEQL_PATH in the enivironment 2023-01-19 11:37:05 +00:00
Paolo Tranquilli
490bd051cd Swift: expand ref in autogenerated docs 2023-01-19 09:27:44 +00:00
Michael Nebel
e6aebd9df0 Merge pull request #11814 from michaelnebel/csharp/genericattributes 
C# 11: Generic attributes
 2023-01-19 07:35:17 +01:00
Mathias Vorreiter Pedersen
14468b64fb Merge pull request #11924 from atorralba/atorralba/optbinding-getters 
Swift: Support more CFG node types in optional binding flow
 2023-01-18 16:37:11 +00:00
Owen Mansel-Chan
3fda9f6e65 Add change note 2023-01-18 15:42:42 +00:00
Owen Mansel-Chan
30f0dd8c03 Add string replacement sanitizer to log injection 2023-01-18 15:24:39 +00:00
Owen Mansel-Chan
015ef4c3ef Add use of strings.Replacer to replace sanitizer 2023-01-18 15:20:14 +00:00
Owen Mansel-Chan
2b1a7898d9 Move ReplaceAll sanitizer to shared code 2023-01-18 15:12:52 +00:00
AlexDenisov
5173f10e68 Merge pull request #11925 from github/alexdenisov/swift-drop-dead-code 
Swift: drop dead code
 2023-01-18 16:10:25 +01:00
Alex Denisov
35620c4c86 Swift: drop dead code 2023-01-18 15:35:40 +01:00