hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,460 Commits 1,684 Branches 159 Tags
fd73f4094f08dbefa7748550e4950fcd74438d19
Commit Graph

28460 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
fd73f4094f Update FindIncorrectlyUsedExceptions.ql 2021-11-19 10:54:02 +03:00
Anders Schack-Mulligen
5709365c0f Merge pull request #6921 from igfoo/igfoo/types 
Java: Replace @type with more specific types
 2021-10-25 13:15:12 +02:00
Arthur Baars
afc7867c98 Merge pull request #6942 from github/aibaars/patch-10 
Merge codeql-ruby into codeql
 2021-10-25 12:33:34 +02:00
Arthur Baars
4f79398342 Merge branch 'main' of github.com:github/codeql into 'main' 
Conflicts:
	docs/codeql/query-help/codeql-cwe-coverage.rst
 2021-10-22 21:51:25 +02:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Nick Rolfe
3851a27fc1 Merge pull request #358 from github/external-control-file-path 
Add rb/path-injection query
 2021-10-22 15:38:39 +01:00
Tom Hvitved
7648815f1f Merge pull request #6936 from hvitved/csharp/delegate-conversion-join-order 
C#: Improve join-order in `defaultDelegateConversion`
 2021-10-22 15:10:20 +02:00
Tom Hvitved
61d7cdeec0 Data flow: Assign empty locations to summary nodes 2021-10-22 14:48:33 +02:00
Harry Maclean
87df3a0a99 Minor refactor 2021-10-22 11:44:38 +01:00
hubwriter
12e56ec9e6 Merge pull request #6887 from github/hubwriter/codeql-ruby-support 
Docs: Updates for Ruby support
 2021-10-22 11:21:49 +01:00
Nick Rolfe
d4cee73720 Add taint summaries for ActiveStorage::Filename 2021-10-22 11:15:42 +01:00
Henry Mercer
02b1fe27d2 Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries 
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
 2021-10-22 11:02:09 +01:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
336bd15d2f Override isCapturedAccess for self variables 
Many `self` reads are synthesised from method calls with an implicit
`self` receiver. Synthesised nodes have no `toGenerated` result, which
the default definition of `isCapturedAccess` uses to determine if a
variable's scope matches the access's scope.

Hence we override the definition to properly identify accesses like the
call `puts` (below) as captured reads of a `self` variable defined in a
parent scope.

In other words, `puts x` is short for `self.puts x` and the `self`
refers to its value in the scope of the module `Foo`.

```ruby
module Foo
  MY_PROC = -> (x) { puts x }
end
```

We also have to update the SSA `SelfDefinition` to exclude captured
`self` variables.
 2021-10-22 10:56:34 +01:00
Harry Maclean
f1add388a0 Synthesise writes to self for classes/modules 
This requires changing the CFG trees for classes and modules from
post-order to pre-order so that we can place the writes at the root node
of the tree, to prevent them overlapping with reads in the body of the
class/module.

We need to do this because classes and modules don't define their own
basic block, but re-use the surrounding one. This problem doesn't occur
for `self` variables in methods because each method has its own basic
block and we can place the write on the entry node of the bock.
 2021-10-22 10:56:34 +01:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Tom Hvitved
4e40337d02 C#: Improve join-order in defaultDelegateConversion 2021-10-22 10:12:18 +02:00
Arthur Baars
4f72d0853a Merge pull request #375 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-21 18:16:57 +02:00
Taus
562a57b75b Merge pull request #6928 from RasmusWL/diagnostic-as-warning 
Python: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-21 13:54:01 +02:00
Nick Rolfe
5734f51792 Merge remote-tracking branch 'origin/main' into external-control-file-path 2021-10-21 10:58:38 +01:00
Rasmus Wriedt Larsen
852e9875bd Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-21 10:24:34 +02:00
Edoardo Pirovano
1fe772a2ab Merge pull request #6896 from edoardopirovano/fix-version-trailing 
Language reference: Fix when trailing commas are allowed
 2021-10-21 00:02:02 +01:00
Aditya Sharad
174df98762 Merge pull request #6929 from github/esbena-patch-5 
Mention default JavaScript Autobuilder excludes
 2021-10-20 15:47:51 -07:00
Esben Sparre Andreasen
a1ce81c3d7 Update creating-codeql-databases.rst 2021-10-20 23:00:46 +02:00
Arthur Baars
f9f0fab0d0 Merge pull request #374 from github/aibaars/sync-codeql 
Sync with `github/codeql:main`
 2021-10-20 22:38:46 +02:00
Ian Lynagh
830f81bfdb Java: Autoformat 2021-10-20 17:45:01 +01:00
Rasmus Wriedt Larsen
8167e83ae5 Python: Fix tests 2021-10-20 17:58:03 +02:00
Rasmus Wriedt Larsen
d0fd907582 Python: Add change-note 
I reworded this slightly from what was done in C++, such that I can
completely stand behind what it says.
 2021-10-20 17:03:55 +02:00
Rasmus Wriedt Larsen
8f28684d10 Python: Rename ExtractionErrors.ql -> ExtractionWarnings.ql 2021-10-20 17:01:33 +02:00
Rasmus Wriedt Larsen
605494c3d1 Python: Treat SyntaxErrors as warnings in diagnostics 
Rename going to happen in second commit, so git doesn't get too confused

I don't actually recall where to lookup that warning is 1, and error is
2, but I took this from
https://github.com/github/codeql/pull/6830/files#diff-460fc20823ced3b074784db804f2d4d6cfcad4f23fe5d264dc7496c782629a2eR121-R123
 2021-10-20 16:59:00 +02:00
Arthur Baars
62d25b6e12 Merge pull request #373 from github/aibaars/warn-ruby-beta 
Ruby: warn that Ruby is still in Beta
codeql-cli/v2.7.0 		2021-10-20 16:14:29 +02:00
Arthur Baars
74ba532a8b Ruby: warn that Ruby is still in Beta 2021-10-20 15:59:26 +02:00
Mathias Vorreiter Pedersen
7feab27bf4 Merge pull request #6926 from geoffw0/setliterals2 
C++: Use set literals (more).
 2021-10-20 14:58:06 +01:00
Arthur Baars
630ee17613 Ruby: sync-files and add allowParameterReturnInSelf() 2021-10-20 15:39:46 +02:00
Arthur Baars
0bec8987b6 Merge remote-tracking branch 'codeql/main' into 'main' 2021-10-20 15:38:59 +02:00
Geoffrey White
da412178ce C++: Use set literals (more). 2021-10-20 14:18:27 +01:00
Harry Maclean
356828cd51 Update stored XSS fixture 
The change to `self` modelling finds more true positives in this query.
 2021-10-20 13:30:51 +01:00
Nick Rolfe
16c62d22de Add change-note for rb/path-injection 2021-10-20 13:19:49 +01:00
Nick Rolfe
e367832637 Import Frameworks.qll in Summaries module 2021-10-20 13:11:50 +01:00
hubwriter
8f15dc4bd0 Add 'requires glibc 2.17' in supported languages table 2021-10-20 12:48:20 +01:00
Nick Rolfe
86da3c2db3 Add rb/path-injection query 2021-10-20 12:31:16 +01:00
Tom Hvitved
19589bef27 Merge pull request #6777 from hvitved/dataflow/summary-clear-modelling 
Data flow: Rework `SummarizedCallable::clearsContent/2`
 2021-10-20 13:23:56 +02:00
Ian Lynagh
25b5601da9 Java: Add a changenote to RefType -> ClassOrInterface 2021-10-20 12:21:08 +01:00
Ian Lynagh
25fcae1c51 Java: Make some types more specific 
Where we used to use RefType, we now use ClassOrInterface.
 2021-10-20 12:18:20 +01:00
hubwriter
aaa5046533 Add beta note to page Calum added 2021-10-20 11:17:38 +01:00
Tom Hvitved
f9fb046e9f C#: Update expected test output after rebase 2021-10-20 12:15:27 +02:00
Tom Hvitved
29cdc8a49a Java: Update expected test output after rebase 2021-10-20 12:11:59 +02:00
hubwriter
dd31d5ffb3 Merge branch 'main' into hubwriter/codeql-ruby-support 2021-10-20 11:08:59 +01:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
53d4d72fe5 C#: Simplify SummarizedCallableDefaultClearsContent 2021-10-20 12:08:58 +02:00