hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
28,594 Commits 1,746 Branches 166 Tags
e75448ebb0830ac663bcdfb22c73e937dae165fa
Commit Graph

28594 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
4b137ede0e Ruby: Sync identical files. 2021-10-25 22:03:44 +01:00
Mathias Vorreiter Pedersen
e2d3474563 Merge branch 'main' into fix-join-order-in-in-def-dominance-frontier 2021-10-25 22:02:35 +01:00
Mathias Vorreiter Pedersen
9145382660 C#: Sync identical files. 2021-10-25 21:55:28 +01:00
Mathias Vorreiter Pedersen
ff35100d52 C#: Fix join order in 'inDefDominanceFrontier'. 2021-10-25 21:55:09 +01:00
Henry Mercer
3284953192 Merge pull request #6958 from github/henrymercer/rename-atm-query-pack 
JS: [Internal only] Rename ATM query pack for consistency with other packs
 2021-10-25 20:16:40 +01:00
Ian Lynagh
f73f418a97 Java: Make a test output a bit more readable 
Now the nodes are in index order, and the indices are aligned.
 2021-10-25 18:48:19 +01:00
Henry Mercer
7e0e35f364 Rename ATM query pack for consistency with other packs 2021-10-25 17:32:25 +01:00
Jonathan Leitschuh
ebe2c26f4d Remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-25 11:30:12 -04:00
Nick Rolfe
db3c99d64d Merge pull request #6954 from github/nickrolfe/ruby-labeler 
Automatically label Ruby PRs
 2021-10-25 15:44:30 +01:00
Nick Rolfe
096c207b3e Automatically label Ruby PRs 2021-10-25 15:29:20 +01:00
CodeQL CI
3fc6e2b294 Merge pull request #6941 from RasmusWL/add-missing-noinline 
Approved by tausbn
 2021-10-25 15:23:37 +01:00
CodeQL CI
b5554da496 Merge pull request #6924 from asgerf/js/skip-files-with-unsupported-encoding 
Approved by esbena
 2021-10-25 14:48:38 +01:00
Nick Rolfe
7308f75b78 Merge pull request #6951 from github/nickrolfe/remove-workspace 
Ruby: remove VS Code workspace
 2021-10-25 14:29:06 +01:00
Joe Farebrother
6dac86b9be Fix unneeded import and spelling mistake 2021-10-25 14:11:00 +01:00
Arthur Baars
dcf71c4f9a Ruby: update generate-code-scanning-query-list.py 2021-10-25 15:04:34 +02:00
Arthur Baars
a6ac2e73a1 Speed up generate-code-scanning-query-list.py 
Use 'codeql execute cli-server' to avoid repeated JVM startup overhead
 2021-10-25 15:03:28 +02:00
Nick Rolfe
779e24eb73 Ruby: remove VS Code workspace 2021-10-25 13:12:31 +01:00
Nick Rolfe
fb79886fe7 Merge pull request #6944 from github/dependabot/cargo/ruby/extractor/tracing-subscriber-0.3 
Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor
 2021-10-25 12:50:48 +01:00
Nick Rolfe
b93be42421 Merge pull request #6943 from github/dependabot/cargo/ruby/generator/tracing-subscriber-0.3 
Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator
 2021-10-25 12:50:26 +01:00
Anders Schack-Mulligen
c48dd57d85 Merge pull request #6938 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-10-25 13:43:54 +02:00
Joe Farebrother
0c1af2411b Write intent in lowercase consistently 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-10-25 12:22:49 +01:00
Anders Schack-Mulligen
5709365c0f Merge pull request #6921 from igfoo/igfoo/types 
Java: Replace @type with more specific types
 2021-10-25 13:15:12 +02:00
dependabot[bot]
e9da027539 Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor 
Updates the requirements on [tracing-subscriber](https://github.com/tokio-rs/tracing) to permit the latest version.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.0...tracing-subscriber-0.3.0)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-25 10:40:34 +00:00
dependabot[bot]
4cedb43a54 Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator 
Updates the requirements on [tracing-subscriber](https://github.com/tokio-rs/tracing) to permit the latest version.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.0...tracing-subscriber-0.3.0)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-25 10:40:28 +00:00
Arthur Baars
afc7867c98 Merge pull request #6942 from github/aibaars/patch-10 
Merge codeql-ruby into codeql
 2021-10-25 12:33:34 +02:00
Asger Feldthaus
bfb1da55d6 JS: Bump extractor version string 2021-10-25 11:49:56 +02:00
Asger Feldthaus
f3e2b0b946 JS: Avoid using non-existent attribute as parent 2021-10-25 11:49:56 +02:00
Asger Feldthaus
ac62379b17 JS: Add TRAP test 2021-10-25 11:49:39 +02:00
github-actions[bot]
2257d0475a Add changed framework coverage reports 2021-10-25 00:09:34 +00:00
Arthur Baars
4f79398342 Merge branch 'main' of github.com:github/codeql into 'main' 
Conflicts:
	docs/codeql/query-help/codeql-cwe-coverage.rst
 2021-10-22 21:51:25 +02:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Jonathan Leitschuh
5eb28398f0 Remove non-ASCII characters from Promise.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-22 10:52:46 -04:00
Nick Rolfe
3851a27fc1 Merge pull request #358 from github/external-control-file-path 
Add rb/path-injection query
 2021-10-22 15:38:39 +01:00
Tom Hvitved
7648815f1f Merge pull request #6936 from hvitved/csharp/delegate-conversion-join-order 
C#: Improve join-order in `defaultDelegateConversion`
 2021-10-22 15:10:20 +02:00
Tom Hvitved
61d7cdeec0 Data flow: Assign empty locations to summary nodes 2021-10-22 14:48:33 +02:00
Harry Maclean
87df3a0a99 Minor refactor 2021-10-22 11:44:38 +01:00
hubwriter
12e56ec9e6 Merge pull request #6887 from github/hubwriter/codeql-ruby-support 
Docs: Updates for Ruby support
 2021-10-22 11:21:49 +01:00
Nick Rolfe
d4cee73720 Add taint summaries for ActiveStorage::Filename 2021-10-22 11:15:42 +01:00
Henry Mercer
02b1fe27d2 Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries 
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
 2021-10-22 11:02:09 +01:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
336bd15d2f Override isCapturedAccess for self variables 
Many `self` reads are synthesised from method calls with an implicit
`self` receiver. Synthesised nodes have no `toGenerated` result, which
the default definition of `isCapturedAccess` uses to determine if a
variable's scope matches the access's scope.

Hence we override the definition to properly identify accesses like the
call `puts` (below) as captured reads of a `self` variable defined in a
parent scope.

In other words, `puts x` is short for `self.puts x` and the `self`
refers to its value in the scope of the module `Foo`.

```ruby
module Foo
  MY_PROC = -> (x) { puts x }
end
```

We also have to update the SSA `SelfDefinition` to exclude captured
`self` variables.
 2021-10-22 10:56:34 +01:00
Harry Maclean
f1add388a0 Synthesise writes to self for classes/modules 
This requires changing the CFG trees for classes and modules from
post-order to pre-order so that we can place the writes at the root node
of the tree, to prevent them overlapping with reads in the body of the
class/module.

We need to do this because classes and modules don't define their own
basic block, but re-use the surrounding one. This problem doesn't occur
for `self` variables in methods because each method has its own basic
block and we can place the write on the entry node of the bock.
 2021-10-22 10:56:34 +01:00
Joe Farebrother
c89178c0e8 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-10-22 10:54:57 +01:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Tom Hvitved
4e40337d02 C#: Improve join-order in defaultDelegateConversion 2021-10-22 10:12:18 +02:00
Arthur Baars
4f72d0853a Merge pull request #375 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-21 18:16:57 +02:00
Joe Farebrother
2d368a7d9a Remove redundant imports from ExternalFlow 2021-10-21 16:48:53 +01:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Taus
562a57b75b Merge pull request #6928 from RasmusWL/diagnostic-as-warning 
Python: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-21 13:54:01 +02:00
Nick Rolfe
5734f51792 Merge remote-tracking branch 'origin/main' into external-control-file-path 2021-10-21 10:58:38 +01:00