hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
53,783 Commits 1,741 Branches 165 Tags
cf1e87de9e2b512e822f4bfdb68bd7bf58db8bf9
Commit Graph

53783 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
cf1e87de9e JS: Track DOM elements out of collections 2023-04-26 14:55:34 +02:00
Asger F
1f228a049f JS: Add test for iterating over DOM collections 2023-04-26 14:54:38 +02:00
Asger F
0d74d88b7b JS: Add new sink to test 2023-04-26 14:33:04 +02:00
Asger F
4df05b4e74 JS: Shift line numbers in test 2023-04-26 14:33:04 +02:00
Asger F
cb04df49eb JS: Treat Angular2 ElementRef.nativeElement as a DOM value 2023-04-26 14:33:04 +02:00
Asger F
b696936d10 Merge pull request #12921 from asgerf/js/typescript-compiler-crash 
JS: Fix extractor crash related to recursive generic type alias
 2023-04-26 14:21:57 +02:00
Anders Schack-Mulligen
8ca5484dcf Merge pull request #12933 from aschackmull/ruby/no-pp-dataflowtype 
Ruby: Remove empty string DataFlowType in PathNode.
 2023-04-26 14:03:56 +02:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen
90f84bb516 Ruby: Update expected output. 2023-04-26 13:08:16 +02:00
Anders Schack-Mulligen
81ce6c7779 Ruby: Remove empty string DataFlowType in PathNode. 2023-04-26 12:54:41 +02:00
Asger F
c9c281cb9a JS: Change note 2023-04-26 12:50:59 +02:00
Asger F
a446c5452d JS: Update test output 2023-04-26 11:44:56 +02:00
Asger F
799d92b218 TS: Fix self-reference check for alias types 2023-04-26 11:44:56 +02:00
Michael Nebel
bc08d67f19 Merge pull request #12925 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-26 10:11:15 +02:00
Paolo Tranquilli
9d80a43d6a Merge pull request #12500 from github/redsun82/swift-dispatcher-rework 
Swift: rework fetching and dispatching
 2023-04-26 09:58:19 +02:00
Erik Krogh Kristensen
6110b7aca5 Merge pull request #12926 from github/dependabot/cargo/ql/tracing-0.1.38 
Bump tracing from 0.1.37 to 0.1.38 in /ql
 2023-04-26 09:49:55 +02:00
dependabot[bot]
738e3857e7 Bump tracing from 0.1.37 to 0.1.38 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.37 to 0.1.38.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.38)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-26 04:04:15 +00:00
github-actions[bot]
cb82bd62e7 Add changed framework coverage reports 2023-04-26 00:15:23 +00:00
Edward Minnix III
e50f56cc56 Merge pull request #12917 from egregius313/egregius313/java/dataflow/refactor-inline-flow-test 
Java: Refactor `InlineFlowTest` to remove usage of `DataFlow::Configuration` API
 2023-04-25 16:18:56 -04:00
Rasmus Wriedt Larsen
95b8a22529 Merge pull request #12889 from kaspersv/kaspersv/prevent-python-join-order-regression 
Prevent Python join order regression
 2023-04-25 18:02:13 +02:00
Ed Minnix
d98723c35a Fix naming of OkHttpFlowConfig in test 2023-04-25 10:31:27 -04:00
Jami
cff7f63193 Merge pull request #12838 from jcogs33/jcogs33/add-class-for-callables-interesting-for-modeling 
Java: add class that represents callables that are interesting for MaD models
 2023-04-25 09:28:56 -04:00
Alexandre Boulgakov
909f40b6ea Merge pull request #12918 from github/sashabu/absl 
Swift: Fix some TODOs with Abseil.
 2023-04-25 14:05:12 +01:00
Geoffrey White
84ddfe9c3f Merge pull request #12919 from geoffw0/precision2 
Swift: Upgrade two queries to precision high.
 2023-04-25 14:04:52 +01:00
Geoffrey White
b1712d33fe Merge pull request #12837 from geoffw0/flowsources 
Swift: widen swift/predicate-injection sources
 2023-04-25 14:03:58 +01:00
yoff
b35637e1c5 Merge pull request #12858 from RasmusWL/paramiko-modeling 
Python: Expand modeling of `paramiko`
 2023-04-25 14:04:50 +02:00
Tony Torralba
89ee2b9ace Merge pull request #12911 from atorralba/atorralba/java/filecopyutils-file-sinks 
Java: Fix FileCopyUtils.copy models
 2023-04-25 12:06:13 +02:00
Asger F
c3c3faa4b5 JS: Alias references are not always safe to expand 2023-04-25 11:27:40 +02:00
Asger F
3694ed5ed6 JS: Deduplicate union/intersection members 2023-04-25 11:27:40 +02:00
Asger F
cab76507e7 JS: Recognize type vars on anonymous function types 2023-04-25 11:27:40 +02:00
Asger F
ff67118097 JS: Add hanging test case 2023-04-25 11:27:40 +02:00
Alex Denisov
125aab8107 Swift: rework fetching and dispatching 
* visiting now happens in a later stage than fetching labels. While
  fetching a list of entities to be visited is created, and then acted
  upon in actual extraction. This partially flattens the recursive
  nature of `fetchLabel` into a loop inside `SwiftVisitor::extract`.
  Recursion in `fetchLabel` will only happen on labels fetched while
  naming an entity (calling into `SwiftMangler`).
* The choice whether to name a declaration or type has been moved from
  the translators to `SwiftMangler`. Acting on this choice is contained
  in `SwiftDispatcher::createLabel`.
* The choice whether to emit a body of a declaration has been moved from
  `DeclTranslator` to the dispatcher. This choice is also contained in
  `SwiftDispatcher::createLabel`.
* The simple functionality of the `LabelStore` has been moved to the
  `SwiftDispatcher` as well.
 2023-04-25 11:15:27 +02:00
Joe Farebrother
a9d34458de Merge pull request #12658 from joefarebrother/csharp-sensitive-data 
C#: Add local filesystem writes as External Location sinks
 2023-04-25 10:14:48 +01:00
Geoffrey White
0ebb06e185 Merge branch 'main' into flowsources 2023-04-25 10:08:15 +01:00
Geoffrey White
2c28fae7e3 Merge pull request #12836 from geoffw0/precision 
Swift: Downgrade swift/unsafe-js-eval to precision medium.
 2023-04-25 09:58:11 +01:00
Geoffrey White
b0b2d6e05f Swift: Upgrade two queries to @precision high. 2023-04-25 09:42:49 +01:00
AlexDenisov
fcbd211783 Merge pull request #12910 from github/redsun82/swift-hash-lazy-trap-names 
Swift: use hashing for lazy decl trap file names
 2023-04-25 09:54:46 +02:00
Anders Schack-Mulligen
934a455908 Apply suggestions from code review 
Update qldoc.
 2023-04-25 09:35:26 +02:00
Tom Hvitved
65835cdb92 Merge pull request #12907 from hvitved/ruby/destructured-assign-join 
Ruby: Fix bad join in `DestructuredAssignDesugar`
 2023-04-25 08:50:27 +02:00
Alexandre Boulgakov
c88f9bf818 Swift: Use absl::StrJoin to dump arguments for logging. 
This also removes the TODO about using `absl::StrJoin` to dump the environment because we can't easily get a range from a null-terminated `envp`. It also doesn't suffer from the usual awkwardness around inserting a separator *between* elements but not after the last one, so a for loop is clear enough.
 2023-04-24 22:34:14 +01:00
Alexandre Boulgakov
621761b289 Swift: Use absl::bit_width to calculate TRAP label size. 
It's not much cleaner due to arithmetic to convert truncating division to a ceiling, but has two advantages:
 1. It doesn't suffer from rounding issues with large TRAP labels. This is largely theoretical, but does let us handle `undefined` uniformly.
 2. It should be much faster (using LZCNT/BSR instead of floating point arithmetic). This is probably not a performance bottleneck, so *shrug*.
 2023-04-24 22:31:11 +01:00
Ed Minnix
3af72fa28e Remove legacy code from InlineFlowTest 2023-04-24 17:10:32 -04:00
Ed Minnix
59e59125d6 Refactor tests 2023-04-24 17:10:32 -04:00
Alexandre Boulgakov
36d34f199b Bazel: Add Abseil C++ dependency. 2023-04-24 21:59:57 +01:00
Owen Mansel-Chan
b47c8e8c4c Merge pull request #12912 from owen-mc/go/fix-invalid-semver-version 
Go: Fix invalid SemVer version by adding "v" to the front
 2023-04-24 16:47:28 +01:00
Paolo Tranquilli
14706b42fa Swift: strip parameters from lazy function decl trap names 2023-04-24 17:04:41 +02:00
Joe Farebrother
0ebf529dc4 Add comment + use flowTo 2023-04-24 15:49:05 +01:00
Owen Mansel-Chan
1afe845ed3 Add missing "v" to semver version string 
Because it was missing, that function always returned +1,
so we were doing the wrong thing when the Go version
installed was lower than 1.16.
 2023-04-24 14:31:46 +01:00
Tony Torralba
e3d93c3581 Fix FileCopyUtils models 2023-04-24 15:07:19 +02:00
Paolo Tranquilli
e84bdf5bed Swift: use hashing for lazy decl trap file names 
It turns out mangled names can sometimes be too long. While this code
will eventually be replaced by our own mangling, we need to use hashing
to cut down the names.

Module and decl names are preserved in the trap file names for
debuggability.
 2023-04-24 14:36:36 +02:00