hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,688 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
a0acb19b68 Swift: remove redundant import 2022-06-03 15:28:48 +02:00
Paolo Tranquilli
01e1c13c29 Swift: add UnknownLocation 
`getLocation()` will now exists for all entities. When there is no
valid location, the location will still not be emitted in the DB, but
on the QL side we will then assign a special `UnknownLocation` with
empty filename and 0 for line/column start/end.

This unknown location is currently emitted (with a unique `@` key) at
the start of every extraction, but we can move it elsewhere (and
possibly in a unique global trap file) at a later stage, possibly after
or when we rework the trap file strategy.

This should solve flakiness that was observed on the control flow tests,
which is probably caused by the `nodes` predicate in the `TestOutput`
class in `ControlFlowGraphImplShared.qll` not able to assign a proper
rank when the node does not have a location.
 2022-06-03 14:59:22 +02:00
Tamás Vajk
4a025053cc Merge pull request #9400 from tamasvajk/kotlin-fix-parcelize-symbols 
Kotlin: Fix fake raw type symbols used by the Parcelize plugin
 2022-06-03 13:34:22 +02:00
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
07c22a857f Merge pull request #9420 from RasmusWL/sync-go-inline 
Go: Sync InlineExpectationsTest
 2022-06-03 11:37:13 +02:00
Rasmus Wriedt Larsen
aa78ce3c75 Merge pull request #9413 from github/RasmusWL/query-list-cli-tags 
Misc: query-list should run on `codeql-cli/*` tags
 2022-06-03 11:36:52 +02:00
Rasmus Wriedt Larsen
cceeaef6bf Merge pull request #9412 from github/RasmusWL/labeler-permissions 
Misc: Set permissions for labeler Action
 2022-06-03 11:36:37 +02:00
Tamas Vajk
0a484aadf1 Improve code quality based on PR review 2022-06-03 11:17:13 +02:00
Tamas Vajk
ba5cf5b1b2 Kotlin: Fix fake raw type symbols used by the Parcelize plugin 2022-06-03 11:17:13 +02:00
AlexDenisov
0a861ff616 Merge pull request #9410 from github/alexdenisov/swift-extract-only-primary-files 
Swift: extract only primary files
 2022-06-03 10:44:18 +02:00
Alex Denisov
14384b7696 Swift: switch back to references 2022-06-03 10:22:25 +02:00
Paolo Tranquilli
87234938ef Swift: correct typo 2022-06-03 08:45:59 +02:00
Chris Smowton
04422eeaee Merge pull request #9378 from porcupineyhairs/goJwtSign 
Golang : Add query to detect JWT signing vulnerabilities
 2022-06-02 20:53:03 +01:00
Chris Smowton
d5ac7190cc Remove duplicate function 2022-06-02 17:02:54 +01:00
Chris Smowton
e54b29a846 Autoformat 2022-06-02 15:58:29 +01:00
Chris Smowton
602495df4c Replace cases accidentally handled by CompareExprSanitizer with ReturnedAlongsideErrorSanitizerGuard 2022-06-02 15:53:41 +01:00
Chris Smowton
70c74bfcc0 Merge pull request #9418 from smowton/smowton/admin/test-java-kotlin-map-entries 
Kotlin: add test for Java and Kotlin both extending Map.Entry
 2022-06-02 15:52:59 +01:00
Robert Marsh
43907b6a30 Merge pull request #9409 from github/alexdenisov/swift-fix-ctor-dtor-tostring 
Swift: fix ctor/dtor names in toString
 2022-06-02 10:34:03 -04:00
Chris Smowton
b48a07e7b8 Tighten up CompareExprSanitizer 
- Document
- Only actually consider comparisons
- Don't sanitize literals
 2022-06-02 15:18:38 +01:00
Chris Smowton
3155771abe Rename empty-string sanitizer to reflect what it actually does. 2022-06-02 15:10:02 +01:00
Chris Smowton
bfbc1d48b7 Simplify redundant sanitizer 2022-06-02 15:02:41 +01:00
Chris Smowton
3d63cec1e8 Autoformat 2022-06-02 14:45:28 +01:00
Porcupiney Hairs
361b7037c6 Include suggested changes from review. 2022-06-02 19:11:44 +05:30
Paolo Tranquilli
ede6bd8ffe Swift: document and partially simplify codegen 
This adds:
* a base `README.md` file to `codegen`
* module docstrings for the modules in `generators`
* help strings on all command line flags

Moreover some unneeded command line flags (`--namespace`,
`--include-dir` and `--trap-affix`) have been dropped.
 2022-06-02 15:28:57 +02:00
AlexDenisov
2187bf5dde Merge pull request #9419 from github/revert-9373-cfg-for-key-paths 
Revert "Swift: Control-flow for key paths"
 2022-06-02 15:26:07 +02:00
Rasmus Wriedt Larsen
0b486ade9b Go: Autoformat 2022-06-02 15:12:13 +02:00
Rasmus Wriedt Larsen
aadf7aefb0 Go: Use new location in hasLocationInfo 2022-06-02 15:05:58 +02:00
Paolo Tranquilli
c9d109ddd3 Revert "Swift: Control-flow for key paths" 2022-06-02 14:55:52 +02:00
Rasmus Wriedt Larsen
3f857e113c Go: Adjust hasActualResult overrides 2022-06-02 14:55:27 +02:00
Rasmus Wriedt Larsen
86caf747f3 Go: Sync InlineExpectationsTest 2022-06-02 14:54:51 +02:00
Chris Smowton
ebb52adba6 Kotlin: add test for Java and Kotlin both extending Map.Entry 2022-06-02 13:30:39 +01:00
Chris Smowton
8b1605a617 Merge pull request #9405 from smowton/smowton/fix/restore-wildcard-types 
Kotlin: Introduce / restore implied wildcard types
 2022-06-02 13:26:11 +01:00
Anders Schack-Mulligen
4e6e595b3a Java: Add qldoc. 2022-06-02 13:30:27 +02:00
Chris Smowton
efc534abe7 Add implied wildcards when extracting type parameter bounds 
kotlinc seems to always insert wildcards where type parameter variance implies them, and ignores @JvmSuppressWildcards at least in 1.6.20.
 2022-06-02 11:37:15 +01:00
Porcupiney Hairs
1ef42a11ad Include suggested changes from review. 2022-06-02 16:04:29 +05:30
Anders Schack-Mulligen
9f42ca8d14 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:37 +02:00
Anders Schack-Mulligen
002c456989 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:09 +02:00
Rasmus Wriedt Larsen
a3c4a2c3e0 Misc: query-list should run on codeql-cli/* tags 
Since go doesn't need to be cloned with the same tag, that makes this change much easier to implement in practice 💪
 2022-06-02 11:57:39 +02:00
Chris Smowton
c1592cb1dc Accept test changes 2022-06-02 10:31:35 +01:00
Chris Smowton
910bb51094 Extract WildcardTypeAccesses 
Their absence became more noticeable now that more implicit wildcards are being produced.
 2022-06-02 10:31:08 +01:00
Rasmus Wriedt Larsen
b646195d14 Misc: Set permissions for labeler Action 
Like in the example on 
https://github.com/actions/labeler#create-workflow
 2022-06-02 10:27:48 +02:00
Tamás Vajk
d7b06aa2ba Merge pull request #9401 from tamasvajk/kotlin-cleanup 
Kotlin: Reuse `codeQlWithHasQuestionMark`
 2022-06-02 10:24:17 +02:00
Anders Schack-Mulligen
7214990762 Merge pull request #9408 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-06-02 10:01:15 +02:00
Mathias Vorreiter Pedersen
927aceb420 Merge pull request #9373 from MathiasVP/cfg-for-key-paths 2022-06-02 08:32:29 +01:00
Erik Krogh Kristensen
7c5ac63254 Merge branch 'main' into fieldUnusedInDisjunct 2022-06-02 09:06:46 +02:00
Paolo Tranquilli
3b57d4830b Merge pull request #9402 from github/redsun82/swift-codegen-tweaks 
Swift: merge `codegen` and `cppcodegen`
 2022-06-02 09:02:47 +02:00
Paolo Tranquilli
c52d19d821 Merge pull request #9403 from redsun82/build-codeowners 
CODEOWNERS: remove `BUILD.bazel` from codeql-ci-reviewers
 2022-06-02 09:02:17 +02:00
Alex Denisov
6419af39f3 Swift: extract only primary files 
While the (removed) comment is correct and the frontend can be called in
different modes, both `swift build` and `xcodebuild` always use
`-primary-files` when compiling Swift projects.
The other mode was present only within our test runner (`qltest.sh`), so
removing it and doing what the official build systems do simplifies our
code base.

Additionally, file archival is now a separate function/operation.
 2022-06-02 08:57:03 +02:00
Alex Denisov
1dab01a31c Swift: fix ctor/dtor names in toString 2022-06-02 08:28:46 +02:00