hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 11:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,587 Commits 1,738 Branches 164 Tags
cf33db78ccdcd8e3d3daf1cb22e75bfbe353c23f
Commit Graph

76587 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
cf33db78cc JS: Fix the spurious flow 2025-02-28 13:28:02 +01:00
Asger F
c051b4c98d JS: Add spurious alert marker 2025-02-28 13:28:00 +01:00
Asger F
b095fe2a19 JS: Fix some bugs in a test case 
'args' was a redeclared block-level variable, and 'myArgs' was not used when clearly intended to be used
 2025-02-28 13:27:59 +01:00
Asger F
22c218d665 JS: Mark a 'good' test as 'bad' and add Alert marker 
The lack of whitespace around '&&' is problematic
 2025-02-28 13:27:58 +01:00
Asger F
a9b263f465 JS: Remove incorrect alert expectation 
This is not flagged and AFAICT it shouldn't be
 2025-02-28 13:27:57 +01:00
Asger F
287753187e JS: Remove invalid syntax from test 
TS decorators may not appear on functions and enums
 2025-02-28 13:27:56 +01:00
Asger F
426a871405 JS: Remove incorrect Alert marker 
This is expected, based on a comment earlier in the file about the 'y' variable
 2025-02-28 13:27:54 +01:00
Asger F
2c46e10678 JS: Mark an alert as missing 2025-02-28 13:27:53 +01:00
Asger F
e026b9e048 JS: Mark regressions due to lack of local field steps 2025-02-28 13:27:52 +01:00
Asger F
e5bee19b19 JS: Accept a double-flagged line 
This is flagged by two queries but for two separate issues. Seems valid to flag it twice.
 2025-02-28 13:27:51 +01:00
Asger F
68fae9ded8 JS: Accept alerts about newline replacement 2025-02-28 13:27:49 +01:00
Asger F
1f3c49638b JS: Accept some less obvious alerts 
These are listed in a function called 'good' but it's difficult to say in isolation whether they should be flagged or not. Accepting the changes as they seem reasonable.
 2025-02-28 13:27:48 +01:00
Asger F
f395651807 JS: Mark alert as MISSING 
See https://github.com/github/codeql-javascript-team/issues/447
 2025-02-28 13:27:47 +01:00
Asger F
07a876b4e9 JS: Accept some alerts at the SystemCommandExecution location 2025-02-28 13:27:46 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
0453ded338 JS: Add query ID to some alerts 2025-02-28 13:27:41 +01:00
Asger F
86932c51bc JS: Move some alerts to their correct location 
One of the diffs look confusing but:
Previously parameter {2,3} where flagged, now parameter {1,2} are flagged.

Note that for command injection, the SystemCommandExecution is flagged
despite the test file claiming otherwise.
 2025-02-28 13:27:40 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
795c1100fc JS: Disable for SyntaxError 
The presence of a syntax error sometimes prevents us from parsing the inline comment correctly.
 2025-02-28 13:27:37 +01:00
Asger F
789a7bdb48 JS: Disable for test with alerts in a JSON file 
JSON does not support comments so we can't use inline expectations
 2025-02-28 13:27:36 +01:00
Asger F
ac6547fd01 JS: Disable for comment-related alerts 2025-02-28 13:27:35 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
7e5c24a8ec JS: Remove uses of old inline expectation test library 2025-02-28 13:27:26 +01:00
Asger F
79e2a758d7 JS: Allow more kinds of expectation comments 2025-02-28 13:27:25 +01:00
Geoffrey White
2f2c9f8943 Merge pull request #18895 from geoffw0/docimplicit 
Data flow: Improve doc for defaultImplicitTaintRead.
 2025-02-28 12:18:11 +00:00
Chris Smowton
4f810df53c Merge pull request #18861 from smowton/smowton/admin/jdk24-upgrade-test-expectations 
Java: Update test expectations for JDK24 upgrade
 2025-02-28 11:56:49 +00:00
Chris Smowton
ad732a8f57 Docs: note JDK 24 support 2025-02-28 11:23:11 +00:00
Chris Smowton
79e581f555 Change note 2025-02-28 11:23:10 +00:00
Chris Smowton
1577b40b45 Accept test changes 2025-02-28 11:23:07 +00:00
Chris Smowton
178e90c2f1 Update test expectations for JDK24 upgrade 2025-02-28 11:23:06 +00:00
Owen Mansel-Chan
94505af49e Merge pull request #18891 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-02-28 11:14:06 +00:00
Chris Smowton
ec2982f3df Merge branch 'main' into workflow/coverage/update 2025-02-28 10:48:08 +00:00
Michael Nebel
7015a0af38 Merge pull request #18893 from michaelnebel/csharp/pindotnetfornugetconfigerror 
C#: Pin .NET for the integration test standalone_dependencies_nuget_c…
 2025-02-28 10:56:10 +01:00
Geoffrey White
1b35c0b7c9 Data flow: Improve doc for defaultImplicitTaintRead. 2025-02-28 09:43:57 +00:00
Paolo Tranquilli
3c7fe264d1 Merge pull request #18881 from github/redsun82/rust-fix-test 
Rust: fix dataflow test failure by pinning the toolchain version
 2025-02-28 10:17:04 +01:00
Michael Nebel
5af7630841 C#: Pin .NET for the integration test standalone_dependencies_nuget_config_error. 2025-02-28 10:07:11 +01:00
Paolo Tranquilli
b73e8dc74b Merge branch 'main' into redsun82/rust-fix-test 2025-02-28 09:31:25 +01:00
github-actions[bot]
ce82cb6424 Add changed framework coverage reports 2025-02-28 00:21:17 +00:00
Owen Mansel-Chan
93b11146d8 Merge pull request #18886 from owen-mc/go/gitignore-make-test-artifacts 
Go: Add .gitignore for artifacts of `make test`
 2025-02-27 19:47:28 +00:00
Dave Bartolomeo
6c0aadfb57 Merge pull request #18887 from github/dbartol/immutable-actions 
Move list of immutable actions into internal model pack for now.
 2025-02-27 14:04:01 -05:00
Edward Minnix III
28770c526d Merge pull request #18863 from egregius313/egregius313/go/mad/database/rqlite 
Go: Add `database` sources for the `gorqlite` package
 2025-02-27 12:41:39 -05:00
Dave Bartolomeo
2dde9ab6b9 Move immutable-actions-list pack to codeql org 2025-02-27 12:30:11 -05:00
Dave Bartolomeo
abc174858e Remove octokit as trusted Actions owner 2025-02-27 12:15:40 -05:00
Dave Bartolomeo
160346f51b Add warnOnImplicitThis: true 2025-02-27 12:05:00 -05:00
Dave Bartolomeo
4e47da463e Add change note 2025-02-27 12:04:09 -05:00
Owen Mansel-Chan
e08ae22ceb Merge pull request #18885 from owen-mc/go/change-note/1.24 
Go: Add belated change note for go 1.24
 2025-02-27 17:00:13 +00:00
Dave Bartolomeo
86c5d9f1cd Move list of immutable actions into internal model pack for now. 2025-02-27 11:48:27 -05:00
Owen Mansel-Chan
59e94521bc Add .gitignore for artifacts of make test 2025-02-27 16:34:38 +00:00