hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,971 Commits 1,673 Branches 157 Tags
f141336f64286e09fe0c4645c651e7155f70e09c
Commit Graph

36971 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
1039e29b90 Adjust test result 2022-05-19 13:42:28 +01:00
Michael Nebel
575b8376f3 C#: Update Flow summaries QL test code based on refactor. 2022-05-19 14:41:24 +02:00
Chris Smowton
4f08981586 Expand warning message to note that there are known Java extractor bugs relating to this query 2022-05-19 13:37:18 +01:00
Ian Lynagh
9b40724dcb Kotlin: Log peak memory usge before and after extractor 
Ideally this would be in a more JSON-friendly format, and also in the
database, but this at least makes the information available.
 2022-05-19 13:36:11 +01:00
AlexDenisov
480c6b985b Merge pull request #9211 from github/redsun82/swift-no-pip-install 
remove `pip install` mention from README.md
 2022-05-19 13:55:14 +02:00
Michael Nebel
ff1e6637ac C#: Fix issue with summaryElement predicate. 2022-05-19 13:06:24 +02:00
Chris Smowton
e722c99218 Autoformat 2022-05-19 11:55:31 +01:00
Chris Smowton
4f54bb66b8 Accept consistency check failure 
The Java extractor assigns a type with unbound type variables to the result of ImmutableSortedMap.of calls.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ea9aa59627 Add test 2022-05-19 11:55:31 +01:00
Chris Smowton
8a90ddefbb Accept test changes 
These are mainly moving the source locations and type specialisations in SAM-converted methods.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ada31f3075 Distinguish result type parameter names 
This makes debugging a little easier.
 2022-05-19 11:55:31 +01:00
Chris Smowton
49c9c36daf Type-variable-in-scope consistency query: account for all enclosing elements that declare type parameters. 2022-05-19 11:55:31 +01:00
Chris Smowton
4e15f5f8c7 Fix extracted type arguments of kotlin.jvm.functions.FunctionN 
Previously we accidentally extracted an argument type instead of the result type.
 2022-05-19 11:55:31 +01:00
Chris Smowton
102cdcdab8 Fix type substitution and source locations in SAM-converted generic interface implementations 
For example, in implementing Producer<T> by an actual lambda of type () -> Int, the return type should be Int, not T. This produced type-variable-out-of-scope consistency check failures.
 2022-05-19 11:55:31 +01:00
Chris Smowton
048a530aac Type parameter scoping check: distinguish type arguments from type parameters 
I had forgotten that the Java QL lib regards a ParameterizedType as either an instantiation Generic<String>, or the unbound declaration Generic<T>.
 2022-05-19 11:55:31 +01:00
Chris Smowton
b09b769932 Extract type parameters without substituting their parent functions 
Otherwise references to type variables declared on kotlin.Xyz.someFunction can refer to its Java equivalent java.Xyz.someFunction if it has one.
 2022-05-19 11:55:31 +01:00
Chris Smowton
d291e0cf10 Fix typeParametersInScope consistency query 
The selection of type variables mentioned in a particular class previously didn't work as intended, so the consistency query would always pass.
 2022-05-19 11:55:31 +01:00
Paolo Tranquilli
b66f1b27b0 remove pip install mention from README.md 
It is not needed any more since pip requirements were coded in bazel.
 2022-05-19 12:47:20 +02:00
Anders Schack-Mulligen
651d9d0a44 Java: Ensure cached predicates are in the same stage. 2022-05-19 11:39:41 +02:00
Michael Nebel
22b9ef2e7b Java: Adapt ExternalApi to refactor. 2022-05-19 11:30:36 +02:00
Anders Schack-Mulligen
0e830f6052 C#/Ruby/Java: Fix pragmas. 2022-05-19 11:26:38 +02:00
Michael Nebel
94a72ec051 Java: Refactor SummarizedCallable. 2022-05-19 11:10:58 +02:00
Michael Nebel
73802cbd6d Ruby: Refactor SummarizedCallable. 2022-05-19 11:04:18 +02:00
Michael Nebel
be79f20ef1 C#: Refactor SummarizedCallable. 2022-05-19 11:03:50 +02:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Anders Schack-Mulligen
a4dac9fd2b Merge pull request #9201 from Marcono1234/marcono1234/NumericType-type-qll 
Java: Move `NumericType` to `Type.qll`
 2022-05-18 10:31:40 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-18 10:26:55 +02:00
Tom Hvitved
5e57e82997 Merge pull request #9191 from hvitved/ruby/taint-tracking-stage 
Ruby: Force cached taint tracking predicates to be evaluated in data flow stage
 2022-05-18 09:54:38 +02:00
Anders Schack-Mulligen
af7df79289 Autoformat 2022-05-18 09:38:11 +02:00
Anders Schack-Mulligen
a4a004a322 Java: Simplify recursion prevention. 2022-05-18 09:27:55 +02:00
Anders Schack-Mulligen
d4c9fddae3 Java: Use fastTC. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
48ab5b2403 C#/Ruby/Java: Fix references. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
829eb7f7a5 C#/Ruby: Sync FlowSummaryImpl. 2022-05-18 09:27:48 +02:00
Anders Schack-Mulligen
25fda206b2 Java: Prevent accidental recursion through AdditionalValueStep. 2022-05-18 09:25:23 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize 
Data flow: Do not materialize `summaryArgParam`
 2022-05-18 09:17:57 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00