hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,795 Commits 1,671 Branches 157 Tags
e13bb0f8660a49df1c799b31c1cb6e31bbb39407
Commit Graph

4673 Commits

Author SHA1 Message Date
Arthur Baars
4f72d0853a Merge pull request #375 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-21 18:16:57 +02:00
Nick Rolfe
5734f51792 Merge remote-tracking branch 'origin/main' into external-control-file-path 2021-10-21 10:58:38 +01:00
Arthur Baars
630ee17613 Ruby: sync-files and add allowParameterReturnInSelf() 2021-10-20 15:39:46 +02:00
Harry Maclean
356828cd51 Update stored XSS fixture 
The change to `self` modelling finds more true positives in this query.
 2021-10-20 13:30:51 +01:00
Nick Rolfe
e367832637 Import Frameworks.qll in Summaries module 2021-10-20 13:11:50 +01:00
Nick Rolfe
86da3c2db3 Add rb/path-injection query 2021-10-20 12:31:16 +01:00
Tom Hvitved
f1f7930529 Make all self nodes LocalSourceNodes 2021-10-20 11:43:50 +02:00
Tom Hvitved
94f0f8daf2 Make SelfVariableAccess a sub type of LocalVariableAccess 2021-10-20 11:43:44 +02:00
Harry Maclean
e0b2d88377 Remove redundant import 2021-10-20 10:41:17 +01:00
Harry Maclean
c437fd50a4 Update test fixtures 
Some of these look a bit suspicious, so need to double check them before
merging.
 2021-10-20 10:39:36 +01:00
Harry Maclean
c71f538a5a Extend the scope of self variables 
`self` variables are scoped to methods, modules, classes and the
top-level of the program. Prior to this change, they were treated as
being scoped just to methods.

This change means we (once again) correctly synthesise `self` receivers
for method calls in class bodies, module bodies and at the top-level.
 2021-10-20 09:43:23 +01:00
Harry Maclean
647485acde Don't omit self from uninitialized writes 
We can safely create uninitialized writes for `self` variables, because
they appear at index -1 in the entry block of a method, and are
immediately overwritten by a write to `self` at index 0. As a result,
they are not live and will be pruned from the CFG.
 2021-10-20 09:43:22 +01:00
Tom Hvitved
446eb13471 Minor adjustments to SSA library for self variables 2021-10-20 09:43:21 +01:00
Harry Maclean
0d39a15786 Model implicit reads of self variables 
We already synthesise `self` nodes for method calls with no receiver.
This change creates read accesses for each of these synthesised nodes.
 2021-10-20 09:43:20 +01:00
Harry Maclean
e7a3050fb2 Improve the modelling of self variables. 
We model `self` variables by inserting a write at the start of every
method body. We then treat them as local variables that are alive for
the extent of the method body.
 2021-10-20 09:43:19 +01:00
Tom Hvitved
c57b7c5b2b Data flow: Restrict ExprReturnNode to nodes from the body of the callable 2021-10-18 17:01:30 +02:00
Tom Hvitved
397b8345e0 Data flow: Fix bug for sugared call arguments 2021-10-18 13:48:11 +02:00
Tom Hvitved
0de27bbc7e Data flow: Add ArgumentNode test 2021-10-18 13:47:50 +02:00
shati-patel
83a1260769 Move queries.xml to src 2021-10-18 11:18:00 +01:00
Arthur Baars
e26cf7c354 Merge pull request #369 from github/rc/3.3 
Merge 3.3 into main
 2021-10-15 23:04:12 +02:00
shati-patel
c37cf71766 Add a queries.xml file (for CWE coverage) docs 2021-10-15 20:33:16 +02:00
Arthur Baars
ceecb23118 Merge remote-tracking branch 'rc/3.3' into 'main' 2021-10-15 15:21:48 +02:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00