hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,715 Commits 1,672 Branches 157 Tags
daf274314331318ecffd16e1bf7de399fe06cadc
Commit Graph

55715 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
5a2ac1b5ca Java: Add more negation context to reduce string ops and improve perf. 2023-06-08 14:04:57 +02:00
Asger F
d6741f655d Ruby: restrict ORM tracking to calls 2023-06-08 14:01:51 +02:00
Mathias Vorreiter Pedersen
a357eeedac C++: Accept test changes. 2023-06-08 12:50:16 +01:00
Mathias Vorreiter Pedersen
afb1129f27 C++: Ensure that postfix crement operations are handled properly in dataflow SSA. 2023-06-08 12:50:05 +01:00
Mathias Vorreiter Pedersen
57ae1e9ff7 C++: Add a testcase that started to fail in #13326. 2023-06-08 12:49:08 +01:00
Geoffrey White
5727d49cce Swift: Take out common code for lines of code. 2023-06-08 12:03:03 +01:00
Geoffrey White
a3ef5c6918 Swift: QLDoc Diagnostics.qll. 2023-06-08 12:03:02 +01:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Geoffrey White
e0f16f46d2 Swift: Add compile errors / warnings to SummaryStats.ql. 2023-06-08 11:48:57 +01:00
Geoffrey White
dc7a286948 Swift: Add lines of code to SummaryStats.ql. 2023-06-08 11:29:04 +01:00
Alex Ford
22b9ab43c6 Merge pull request #13259 from alexrford/rb/actiondispatch-refactor 
Ruby: Refactor and slightly expand `ActionDispatch` modelling
 2023-06-08 11:08:36 +01:00
Erik Krogh Kristensen
d9e3569fe5 Merge pull request #13350 from erik-krogh/once-again-deps-not-py 
C++: delete old deprecations
 2023-06-08 12:08:09 +02:00
Nora Dimitrijević
e93022d649 Merge branch 'main' into swift/brace-stmt-variables 2023-06-08 12:04:25 +02:00
Nora Dimitrijević
a5e0669981 Swift: fix bad join order in NamedPattern.getVarDecl() 
Ideally the EDB itself should contain a direct
reference from NamedPattern to VarDecl, not just a name,
but oh well, this join order works fine.

BEFORE:

```
[2023-06-08 11:40:01] Evaluated non-recursive predicate quick_eval#ff@60fe07kr in 6533ms (size: 91309).
Evaluated relational algebra for predicate quick_eval#ff@60fe07kr with tuple counts:
          1209062   ~3%    {2} r1 = SCAN VarDecl#914e0d1e::Generated::VarDecl::getName#0#dispred#ff OUTPUT In.1, In.0
        234687793   ~0%    {2} r2 = JOIN r1 WITH NamedPattern#c3d26570::Generated::NamedPattern::getName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
         19112791   ~0%    {3} r3 = JOIN r2 WITH VarDecl#914e0d1e::Generated::VarDecl::getImmediateParentPattern#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1

         19112791   ~0%    {3} r4 = JOIN r3 WITH Element#e67432df::Generated::Element::resolve#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1
            24647   ~0%    {2} r5 = JOIN r4 WITH Element#d22cfd66::Element::getFullyUnresolved#bf ON FIRST 2 OUTPUT Lhs.1, Lhs.2

         19112791   ~0%    {3} r6 = JOIN r3 WITH Element#e67432df::Generated::Element::resolve#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         19112791   ~3%    {3} r7 = JOIN r6 WITH Element#d22cfd66::Element::getFullyUnresolved#bf ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
            66662   ~4%    {2} r8 = JOIN r7 WITH #Pattern#19b8cf65::Pattern::getImmediateEnclosingPattern#0#dispredPlus#bf ON FIRST 2 OUTPUT Lhs.0, Lhs.2

            91309   ~2%    {2} r9 = r5 UNION r8
                           return r9
```

AFTER:

```
[2023-06-08 11:55:26] Evaluated non-recursive predicate quick_eval#ff@fe906afo in 26ms (size: 91309).
Evaluated relational algebra for predicate quick_eval#ff@fe906afo with tuple counts:
         92048   ~0%    {3} r1 = SCAN NamedPattern#c3d26570::Generated::NamedPattern::getName#0#dispred#ff OUTPUT In.0, In.1, In.0

         82893   ~0%    {2} r2 = SCAN #Pattern#19b8cf65::Pattern::getImmediateEnclosingPattern#0#dispredPlus#fb#flipped OUTPUT In.1, In.0
         66417   ~1%    {3} r3 = JOIN r2 WITH NamedPattern#c3d26570::Generated::NamedPattern::getName#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0

        158465   ~0%    {3} r4 = r1 UNION r3
         94246   ~3%    {3} r5 = JOIN r4 WITH VarDecl#914e0d1e::Generated::VarDecl::getImmediateParentPattern#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         91309   ~2%    {2} r6 = JOIN r5 WITH VarDecl#914e0d1e::Generated::VarDecl::getName#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.0
                        return r6
```
 2023-06-08 12:03:58 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
Asger F
76a8e9827e Merge pull request #13283 from asgerf/js/restrict-regex-search-function 
JS: Be more conservative about flagging "search" call arguments as regex
 2023-06-08 10:50:51 +02:00
erik-krogh
39438c6196 add change-note 2023-06-08 10:15:32 +02:00
yoff
d59263af0e Merge pull request #13398 from github/tausbn/python-update-syntax-error-expected-files 
Python: Update expected output for syntax error queries
 2023-06-08 10:10:42 +02:00
erik-krogh
2241350d32 wait with deprecating Container::getURL() 2023-06-08 10:10:21 +02:00
erik-krogh
a4ef8619c6 delete old deprecations 2023-06-08 10:10:21 +02:00
Tom Hvitved
cee70883f0 Merge pull request #12964 from hvitved/ruby/remove-synth-returns 
Ruby: Remove canonical return nodes
 2023-06-08 10:07:48 +02:00
Tony Torralba
fd8112f692 Merge pull request #13400 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-06-08 10:04:26 +02:00
Michael Nebel
2fece9d721 C#: Add MSTEST test project and check that the call to vstest doesn't get the UseSharedCompilation=false flag forwarded. 2023-06-08 10:01:00 +02:00
Anders Schack-Mulligen
f004fcf926 Merge pull request #13388 from hvitved/type-back-tracking-inline-late 
Type tracking: Use `noopt`+`inline_late` in `TypeBackTracker::[small]step`
 2023-06-08 09:55:18 +02:00
Michael Nebel
65e651506c C#: Address review comments. 2023-06-08 08:51:21 +02:00
github-actions[bot]
cbbd885e22 Add changed framework coverage reports 2023-06-08 00:17:14 +00:00
Arthur Baars
dcd254adf8 Merge pull request #13399 from aibaars/update-ruby-grammar 
Ruby: update tree-sitter-ruby
 2023-06-07 19:53:33 +02:00
Arthur Baars
0efa212c40 Ruby: update tree-sitter-ruby 2023-06-07 19:27:46 +02:00
Owen Mansel-Chan
55fe318f5a Merge pull request #13397 from owen-mc/go/document-build-environment-recommendations 
Add Go version table for --identify-environment
 2023-06-07 17:06:13 +01:00
Ian Lynagh
1b83aeb25d Merge pull request #13393 from igfoo/igfoo/remove_explorer 
Kotlin: Remove kotlin-explorer
 2023-06-07 16:32:00 +01:00
Ian Lynagh
c4e829f1d4 Merge pull request #13385 from igfoo/igfoo/kotlin_version_relax 
Kotlin: Relax version requirements
 2023-06-07 16:31:49 +01:00
Taus
19e1bab102 Python: Update expected output for syntax error queries 2023-06-07 15:26:52 +00:00
Owen Mansel-Chan
69854638b6 Add Go version table for --identify-environment 2023-06-07 15:51:21 +01:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Stephan Brandauer
2921df41da Java: fix import 2023-06-07 15:22:59 +02:00
Stephan Brandauer
ec3a7e39ad Java: qldoc style 2023-06-07 14:57:38 +02:00
Stephan Brandauer
715b1351f3 Java: share considerSubtypes predicate between Java modes 2023-06-07 14:55:00 +02:00
Michael Nebel
f9c890be35 C#: Address review comments. 2023-06-07 14:53:41 +02:00
Stephan Brandauer
7e77e2ea82 Java: comment why we're using erased types in MaD 2023-06-07 14:42:20 +02:00
Stephan Brandauer
a8799fe981 Java: share getCallable interface between automodel extraction modes 2023-06-07 14:38:52 +02:00
Tamás Vajk
ccb622348b Merge pull request #13382 from tamasvajk/feature/standalone-dll-unsafe 
C#: Change standalone extraction to allow unsafe code
 2023-06-07 14:37:11 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
yoff
911835c30e Merge pull request #13392 from yoff/java/test-type-tracking-through-flow-summaries 
java: test type tracking through flow summaries
 2023-06-07 14:10:23 +02:00
Stephan Brandauer
92ad02a752 Java: update getRelatedLocation qldoc 2023-06-07 14:09:07 +02:00
Stephan Brandauer
be6b1d8aaf Java: remove SkipFrameworkModeling characteristic in favour of later evaluation 2023-06-07 13:58:56 +02:00
Stephan Brandauer
2e16b71215 Java: update qldoc of ClassQualifierCharacteristic 2023-06-07 13:52:57 +02:00
Stephan Brandauer
1bfbfec1bc Java: use problem.severity in automodel extraction queries 2023-06-07 13:44:52 +02:00
Ian Lynagh
d6ac5cdc94 Kotlin: Remove kotlin-explorer 
This was an exploration tool that I don't think has been used for some
time.
 2023-06-07 12:39:00 +01:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00