hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,941 Commits 1,742 Branches 166 Tags
dcdff7a995c2293f8762203fde5a92142e6cc2dd
Commit Graph

43941 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
52305da5a3 Ruby: move string getAQualifiedName() up to ConstantAccess 2022-09-19 21:03:05 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Alex Ford
8d264e7e65 Ruby: add ConstanReadAcess#getAQualifiedName() predicate 2022-09-19 21:03:05 +01:00
Andrew Eisenberg
714e95ea57 Merge pull request #10468 from github/aeisenberg/docs-redirect 2022-09-19 12:27:04 -07:00
Tom Hvitved
01a043ddbd Merge pull request #10464 from michaelnebel/csharp/remove-dotnet-run-support 
C#: Remove `dotnet run` support in LUA tracer.
 2022-09-19 20:25:54 +02:00
Michael Nebel
6e3bc38acf C#: Fix minor issues in QL doc. 2022-09-19 16:03:50 +02:00
erik-krogh
0645b11cb1 ruby: remove unused predicate from NfaUtilsSpecific 2022-09-19 15:25:00 +02:00
erik-krogh
49d1e584a8 deprecate a source class that wasn't used anywhere 2022-09-19 15:07:18 +02:00
erik-krogh
f6ada6e022 use sanitizer class in the insecure-randomness query 2022-09-19 15:07:00 +02:00
Rasmus Wriedt Larsen
556e93ae68 Merge pull request #10384 from RasmusWL/callnode-getargbyname 
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
 2022-09-19 15:05:59 +02:00
yoff
f7cbcb2fef Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-09-19 14:52:18 +02:00
Rasmus Lerchedahl Petersen
6377e6c575 Python: move summary to Stdlib.qll 2022-09-19 14:36:36 +02:00
Rasmus Lerchedahl Petersen
f560719a88 Python: expand comment on flow summaries 2022-09-19 14:30:53 +02:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Rasmus Lerchedahl Petersen
da39c14e46 Python: comment out SummarizedCallableFromModel 2022-09-19 14:06:21 +02:00
Rasmus Lerchedahl Petersen
37fb27fa1c Python: change type of LibraryCallable::getACall 
The other callables return control flow nodes,
so it is slightly inconsistent for this to return a
data flow node, but it does make models based
on API graphs nicer.
 2022-09-19 14:02:52 +02:00
Tamas Vajk
9a6b17df0e Kotlin: Add async-await dataflow test case 2022-09-19 13:38:48 +02:00
Tamas Vajk
85d883c647 Kotlin: add test to show suspend function inconsistency between source and bytecode extraction 2022-09-19 13:38:43 +02:00
erik-krogh
58851aefd6 don't mention classes that don't exist in TaintTracking.qll 2022-09-19 13:37:06 +02:00
Tamas Vajk
a6e44ed1cf Kotlin: extract suspend modifier and handle suspend SAM conversions 2022-09-19 13:36:28 +02:00
Tamas Vajk
3e58605e8e Kotlin: Add tests with suspend functions 2022-09-19 13:28:20 +02:00
erik-krogh
fb5a04a71d filter out "file read after existence check" from js/file-system-race 2022-09-19 13:26:10 +02:00
Tamas Vajk
aae8f393fe Kotlin: Adjust test to reduce overhead of listing modifiers of lambdas 2022-09-19 13:22:00 +02:00
erik-krogh
ccae0933c7 try to parse JS files without using the supported extensions 2022-09-19 12:20:20 +02:00
erik-krogh
a16233aa7d add failing parse test 2022-09-19 12:16:45 +02:00
Michael Nebel
d0c6837a79 C#: Do not recognize 'run' as supported dotnet command for tracing. 2022-09-19 11:37:46 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Alex Denisov
3c12644ab1 Swift: add a guard around hashing to aboid use-after-destructor 2022-09-19 10:37:26 +02:00
CodeQL CI
b48808778f Merge pull request #10264 from yoff/python/port-RaisesTuple 
Approved by tausbn
 2022-09-19 00:51:29 -07:00
CodeQL CI
ed4b64b1c4 Merge pull request #10265 from yoff/python/port-UnguardedNextInGenerator 
Approved by tausbn
 2022-09-19 00:50:52 -07:00
CodeQL CI
36f8b0554d Merge pull request #10266 from yoff/python/port-CatchingBaseException 
Approved by tausbn
 2022-09-19 00:50:05 -07:00
Asger F
ab296d4d62 Merge pull request #10396 from asgerf/js/regexp-always-matches-fp 
JS: Fix FP in js/regexp/always-matches
 2022-09-19 09:32:00 +02:00
Andrew Eisenberg
e6eaf37e22 Add redirect for removed 'About QL packs' article 
Note that sphinx gives an error if you have a document to build that
is not part of a toctree. In order to avoid this error and not show
the document in any toctree that users will see, I added a hidden
toctree to the redirect article.
 2022-09-18 10:45:59 -07:00
Tom Hvitved
a8cc669251 Ruby: Address review comments 2022-09-18 19:34:54 +02:00
Tom Hvitved
9004e82820 Ruby: Add another call graph test 2022-09-18 19:34:00 +02:00
Mathias Vorreiter Pedersen
02076074ff C++: Add more comments. 2022-09-18 12:48:13 +01:00
Mathias Vorreiter Pedersen
3e6576bfaf C++: Add example of missing result. 2022-09-18 12:18:04 +01:00
Mathias Vorreiter Pedersen
d1cf688abf C++: Fix test function naming. 2022-09-18 12:17:46 +01:00
Mathias Vorreiter Pedersen
78535dc70b C++: Autoformat. 2022-09-18 12:02:32 +01:00
Michael Nebel
a464e5be72 C#: Address review comments. 2022-09-17 13:51:03 +02:00
Andrew Eisenberg
13d4c4a5b9 Merge pull request #10460 from github/aeisenberg/lang-spec-packs 
Updates the library path section of the CodeQL spec
 2022-09-16 15:01:43 -07:00
Andrew Eisenberg
867e31693d Updates the library path section of the CodeQL spec 
- Remove references to `queries.xml`. It is still supported, but we
  don't want people using it.
- Add reference to `codeql-pack.yml`. It is just an alias for
  `qlpack.yml` and not being used.
- Remove reference to `libraryPathDependencies` and use `dependencies`
  instead.

Note that this section does not give a complete description of library
paths. That will be a part of the "Developing a codeql pack" article
that is forthcoming.
 2022-09-16 14:31:17 -07:00
Tom Hvitved
29bfb4d185 Ruby: Revert changes to isLocalSourceNode and localFlowStepTypeTracker 
Instead, use small-step type tracking, as suggested by @rasmuswl offline.
 2022-09-16 19:38:26 +02:00
Chris Smowton
3fa1f17b83 Java: really return a unique location for non-source entities 
This was always supposed to pick one of several candidate non-source locations (usually for a generic type instantiation), but since `getFile().toString()` just produces the basename of the class file actually the results would almost always tie and all of the candidate locations would be returned. Use the full class file path as a tiebreaker instead.
 2022-09-16 18:23:31 +01:00
Ian Lynagh
4a4cd8a770 Merge pull request #10456 from github/post-release-prep/codeql-cli-2.10.5 
Post-release preparation for codeql-cli-2.10.5
 2022-09-16 17:18:05 +01:00
Mathias Vorreiter Pedersen
dc00643ad1 C++: More QLDoc. 2022-09-16 17:14:29 +01:00
Mathias Vorreiter Pedersen
031f20a0eb C++: Respond to review comments. 2022-09-16 16:19:06 +01:00
Chris Smowton
0ab5d466f6 Update test expectations now that the Java extractor's nested annotation handling has been fixed 2022-09-16 15:50:54 +01:00
Anders Schack-Mulligen
1945f185ed Apply suggestions from code review 
Autoformat
 2022-09-16 15:49:16 +01:00