hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

6536 Commits

Author SHA1 Message Date
Nick Rolfe
83b3312467 Merge pull request #11207 from github/nickrolfe/arel-sql 
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
 2022-11-14 10:21:37 +00:00
Taus
f92d836607 Python: Fix test failure 
Casting to `ImportExpr` caused the `typetracking_imports` test to fail.
 2022-11-11 16:03:14 +00:00
Taus
a08253b6d0 Python: Fix typo 2022-11-11 14:50:04 +00:00
Taus
a8a7a59ae8 Python: Add test for attribute name clash 2022-11-11 14:47:35 +00:00
Taus
b540eb094c Python: Various small fixes 
- Swaps `module_reference_in_scope` and `module_name_in_scope`.
- uses `AttrRead::accesses` instead of `getObject`, etc.
- Removes an errant `none()`.
- Expands the QLDoc for some of the predicates.
 2022-11-11 14:00:36 +00:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Taus
7f790432cc Python: More review suggestions 
I could have sworn I added all of them to the batch, but somehow these slipped through.

Co-authored-by: yoff <lerchedahl@gmail.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-11 14:40:58 +01:00
Taus
131fc986b4 Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-11-11 13:49:46 +01:00
Rasmus Wriedt Larsen
ab42521906 Python: Port CallGraph-implicit-init tests 
to the new call-graph test setup. Nice that we can write `MISSING:` now!
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
b60504f404 Python: Delete CallGraph-xfail 
No longer needed since we're using an established testing framework now
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
6d9745e5c3 Python: Rewrite call-graph tests to be inline expectation (2/2) 
I ported the predicates showing difference between points-to and
type-tracking, since it's helpful to see the list of differences,
instead of having to parse expectations!
 2022-11-11 10:34:28 +01:00
Rasmus Lerchedahl Petersen
71335a1a97 python: update users of try 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
7d05ba38d5 python: convenience methods for handler types 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
e67515fae7 python: dataflow tests names in exception handlers 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
a7e394b2be python: SSA for names in except* 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
30b58e7921 python: control flow node ExceptGroupStmt 
- wrap `getType` and `getName`, considering dominance
- do not implement all the handles predicates
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f9a962c03 python: wrap autogenerated ExceptGroupStmt_ 
also widen type of `Try::getHandler` to `Stmt`.
`ExceptStmt` is now too narrow,
as a handler can also be of type `ExceptGroupStmt`.
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
24d22ccb6e python: regenerated AST 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f89325ca7 python: dummy stats for ExceptGroupStmt 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
1fd76f02fd python: db uprade and downgrade scripts 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
856e48c414 python: new dbscheme 2022-11-10 22:20:27 +01:00
Rasmus Wriedt Larsen
88f703af1f DataFlow: Accept changes to .expected 2022-11-10 22:13:34 +01:00
Rasmus Wriedt Larsen
4caaa3a396 Python: Rewrite call-graph tests to be inline expectation (1/2) 
This adds inline expectations, next commit will remove old annotations
code... but I thought it would be easier to review like this.
 2022-11-10 21:08:29 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Nick Rolfe
9f31ef851f Python: fix spelling of SqlExecution class in comment 2022-11-10 11:53:12 +00:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
erik-krogh
c8b7eccc6f sync files 2022-11-09 11:31:13 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
erik-krogh
c89016b181 use instead of a fixed version number 2022-11-07 14:32:20 +01:00
erik-krogh
c733648dc6 add change-note 2022-11-07 14:31:53 +01:00
erik-krogh
618438642a update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-07 14:31:52 +01:00
erik-krogh
4f11e2d25f port the Python regex/redos queries to use the shared pack 2022-11-07 14:31:51 +01:00
erik-krogh
05605480ae drive-by simplification of the python regex-tree 2022-11-07 14:31:27 +01:00
erik-krogh
1aeaefca7f add a Python implementation of RegexTreeViewSig 2022-11-07 14:31:27 +01:00
erik-krogh
5fbcbbc584 move existing regex-tree into a module 2022-11-07 14:31:27 +01:00
erik-krogh
2b139924cd add codeql/regex as a dependency 2022-11-07 14:31:27 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Michael Nebel
3c8fb0520e C#: Sync files. 2022-11-04 08:20:53 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
Rasmus Lerchedahl Petersen
0a7cfad048 python: inline query tests for command injection 
note how the test file is partially annotated
and those annotations can now be expressed

In this particular test file, absolute line numbers
might have been better than relative ones.
We might remove line numbers altogether,
but should check more querries to see how it looks.
 2022-11-02 16:21:59 +01:00
Rasmus Lerchedahl Petersen
f486c44b00 python: library for inline query tests 
similar to the consistency queires used in js
but based on the inline expectations framework
 2022-11-02 16:18:36 +01:00
erik-krogh
c15f63ce62 sync files 2022-11-01 21:35:27 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Rasmus Wriedt Larsen
ead0844174 Merge pull request #10998 from RasmusWL/essa-use-use-test 
Python: Add failing ESSA use-use test
 2022-10-31 10:38:26 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00