hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
02b1fe27d2 Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries 
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
 2021-10-22 11:02:09 +01:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
336bd15d2f Override isCapturedAccess for self variables 
Many `self` reads are synthesised from method calls with an implicit
`self` receiver. Synthesised nodes have no `toGenerated` result, which
the default definition of `isCapturedAccess` uses to determine if a
variable's scope matches the access's scope.

Hence we override the definition to properly identify accesses like the
call `puts` (below) as captured reads of a `self` variable defined in a
parent scope.

In other words, `puts x` is short for `self.puts x` and the `self`
refers to its value in the scope of the module `Foo`.

```ruby
module Foo
  MY_PROC = -> (x) { puts x }
end
```

We also have to update the SSA `SelfDefinition` to exclude captured
`self` variables.
 2021-10-22 10:56:34 +01:00
Harry Maclean
f1add388a0 Synthesise writes to self for classes/modules 
This requires changing the CFG trees for classes and modules from
post-order to pre-order so that we can place the writes at the root node
of the tree, to prevent them overlapping with reads in the body of the
class/module.

We need to do this because classes and modules don't define their own
basic block, but re-use the surrounding one. This problem doesn't occur
for `self` variables in methods because each method has its own basic
block and we can place the write on the entry node of the bock.
 2021-10-22 10:56:34 +01:00
Joe Farebrother
c89178c0e8 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-10-22 10:54:57 +01:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Tom Hvitved
4e40337d02 C#: Improve join-order in defaultDelegateConversion 2021-10-22 10:12:18 +02:00
Porcuiney Hairs
f70d808e2f fix testcases 2021-10-22 00:58:59 +05:30
Porcuiney Hairs
9fe822f41c Include suggestions from review 2021-10-22 00:55:01 +05:30
Arthur Baars
4f72d0853a Merge pull request #375 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-21 18:16:57 +02:00
Joe Farebrother
2d368a7d9a Remove redundant imports from ExternalFlow 2021-10-21 16:48:53 +01:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Geoffrey White
9009dac9ea Merge branch 'main' into nullterm2 2021-10-21 13:14:15 +01:00
Taus
562a57b75b Merge pull request #6928 from RasmusWL/diagnostic-as-warning 
Python: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-21 13:54:01 +02:00
Chris Smowton
efecc9ab80 Merge pull request #591 from owen-mc/update-inline-expectations-test 
Update inline expectations test
 2021-10-21 12:41:57 +01:00
Owen Mansel-Chan
f4d9f2f2fa Remove unused test comments 
These were introduced in 68dca955. Currently they aren't doing anything
as there isn't an inline expectation test for the tag "source" in this
folder. It seems they were originally intended to indicate untrusted flow
sources, but they aren't needed as we are using "noflow" to only mark the
places where there isn't a flow.
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
e01291f880 Put space after MISSING: and SPURIOUS: 
This is the preferred style now
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
f38fd5722f Only one dollar sign in each comment 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
09ef621b2f Put space after first dollar sign 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
b8bd40463e Reorder MISSING labels 
The behaviour has changed: previously, "f+:" and "f-:" only affected the
following entry, but "MISSING:" and "SPURIOUS:" affect all following
 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
f28539928a Quote expected values that have spaces 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
5f0f04de1c Update labels for missing and spurious results 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
7961ba6b93 Add hasActualResult predicate not using Location 2021-10-21 11:07:50 +01:00
Nick Rolfe
5734f51792 Merge remote-tracking branch 'origin/main' into external-control-file-path 2021-10-21 10:58:38 +01:00
Rasmus Wriedt Larsen
852e9875bd Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-21 10:24:34 +02:00
Owen Mansel-Chan
a9165ce4a6 Sync InlineExpectationsTest.qll 2021-10-21 05:21:18 +01:00
Edoardo Pirovano
1fe772a2ab Merge pull request #6896 from edoardopirovano/fix-version-trailing 
Language reference: Fix when trailing commas are allowed
 2021-10-21 00:02:02 +01:00
Aditya Sharad
174df98762 Merge pull request #6929 from github/esbena-patch-5 
Mention default JavaScript Autobuilder excludes
 2021-10-20 15:47:51 -07:00
Esben Sparre Andreasen
a1ce81c3d7 Update creating-codeql-databases.rst 2021-10-20 23:00:46 +02:00
Arthur Baars
f9f0fab0d0 Merge pull request #374 from github/aibaars/sync-codeql 
Sync with `github/codeql:main`
 2021-10-20 22:38:46 +02:00
Ian Lynagh
830f81bfdb Java: Autoformat 2021-10-20 17:45:01 +01:00
Joe Farebrother
3e3503a763 Fix failing checks 2021-10-20 17:25:38 +01:00
Joe Farebrother
b6c584cb70 Update docs 2021-10-20 17:09:59 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
54e9c49080 Remove SendBroadcastMethodAccess 2021-10-20 17:09:59 +01:00
Joe Farebrother
e02be6cf93 Add additional sinks 2021-10-20 17:09:59 +01:00
Joe Farebrother
e616122982 Rename parameter 2021-10-20 17:09:59 +01:00
Joe Farebrother
fede77a934 Rename some utility methods 2021-10-20 17:09:59 +01:00
Joe Farebrother
069d6627b5 Improve sanitizers 2021-10-20 17:09:59 +01:00
Joe Farebrother
174ac3d6c3 Move to correct directory 2021-10-20 17:09:59 +01:00
Joe Farebrother
c3d1165c5f Revert change to argument handling 2021-10-20 17:09:58 +01:00
Joe Farebrother
6a2346ec33 Clean up sink definition 2021-10-20 17:09:58 +01:00
Joe Farebrother
daf6ac2584 Update tests to InlineFlowTest 2021-10-20 17:09:58 +01:00
Joe Farebrother
52ca6b93e3 Make things private where possible 2021-10-20 17:09:58 +01:00
Joe Farebrother
351e67c639 Fix qhelp 2021-10-20 17:09:58 +01:00
Joe Farebrother
06a30bf822 Add change note 2021-10-20 17:09:58 +01:00
Joe Farebrother
b112189530 Update docs 2021-10-20 17:09:58 +01:00
Joe Farebrother
224d679722 Add Sticky broadcast sinks 2021-10-20 17:09:57 +01:00
Joe Farebrother
ef7125e21a Simplify sink definitions using local flow 2021-10-20 17:09:57 +01:00
Joe Farebrother
d7c7776495 Add additional models; fix up tests 2021-10-20 17:09:57 +01:00