hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,685 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
cdceb66b07 add test for moduleSuffixes 2022-05-20 15:10:13 +02:00
Ian Lynagh
6652c27591 Merge pull request #9236 from igfoo/igfoo/kotlinc 
Kotlin: Use 'which' to find kotlinc
 2022-05-20 14:06:59 +01:00
Tamas Vajk
7aafc5f88c Kotlin: Adjust diagnostic message severity 
Make extraction messages `warning` if code is still extracted regardless of the reported issue. Make extraction messages `error` if some code is not extracted.
 2022-05-20 14:55:16 +02:00
Ian Lynagh
73759705ae Merge pull request #9121 from github/igfoo/mjson 
Kotlin: Write the log file as Line-delimited JSON
 2022-05-20 13:51:20 +01:00
Tony Torralba
98f70dc7d3 Remove org.dom4j.DocumentHelper:parseText as XXE sink 2022-05-20 14:45:26 +02:00
Tony Torralba
aba4a9aa4a Merge pull request #9233 from atorralba/atorralba/fix-field-init-test 
Kotlin: Fix test to correctly highlight lack of flow from field init
 2022-05-20 14:37:22 +02:00
Stephan Brandauer
d6abb2e6bd add new supported file types to versions-compilers.rst 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-20 14:34:53 +02:00
Stephan Brandauer
cb4b2e983b delete test of removed feature 2022-05-20 14:33:07 +02:00
Ian Lynagh
3fd61581b3 Kotlin: Call the right kotlinc 2022-05-20 12:59:04 +01:00
Ian Lynagh
44efb34447 Kotlin: Use 'which' to find kotlinc 
This means we handle kotlinc.batr and kotlinc.cmd on Windows.
 2022-05-20 12:44:55 +01:00
Stephan Brandauer
813fbf27de support for .mts and .cts file extensions 2022-05-20 13:33:52 +02:00
Ian Lynagh
4eddb6224b Kotlin: Format a query 2022-05-20 12:07:35 +01:00
Ian Lynagh
df9f75832c Kotlin: Fix diagnostics test 2022-05-20 12:07:35 +01:00
Ian Lynagh
f7fa00ef6c Kotlin: Accept test output 2022-05-20 12:07:35 +01:00
Ian Lynagh
d6f8342431 Kotlin: Write the log file as Line-delimited JSON 2022-05-20 12:07:35 +01:00
Ian Lynagh
b5ad6f9c04 Kotlin: Add a LogMessage class 2022-05-20 12:07:35 +01:00
Ian Lynagh
d900c3d994 Merge pull request #9221 from smowton/smowton/admin/handle-missing-kotlinc-gracefully 
Kotlin: Handle missing kotlinc gracefully
 2022-05-20 12:06:06 +01:00
Erik Krogh Kristensen
204e01fc24 change getNumArgument to only count positional arguments 2022-05-20 12:43:06 +02:00
Ian Lynagh
d2cb1aa89c Merge pull request #9218 from igfoo/igfoo/geninst 
Kotlin: Avoid "generic specialisation" label collisions
 2022-05-20 11:42:22 +01:00
Ian Lynagh
9844ae703e Merge pull request #9219 from igfoo/igfoo/livelits 
Improve LiveLiterals
 2022-05-20 11:42:16 +01:00
Anders Schack-Mulligen
8beef45599 Merge pull request #9195 from aschackmull/java/perf-local-flow 
Java: Performance fixes for local flow relation
 2022-05-20 12:38:02 +02:00
Tony Torralba
775b53b7b4 Fix test to correctly highlight lack of flow from field init 2022-05-20 12:36:10 +02:00
Paolo Tranquilli
09967bfd42 Swift: add comment about CRTP 2022-05-20 12:35:58 +02:00
Paolo Tranquilli
f5b2c31a3c Swift: rename DispatcherWrapper to VisitorBase 2022-05-20 12:25:45 +02:00
Paolo Tranquilli
da00bf99a1 Swift: move TBD code to ql 
This allows to avoid bypassing label type correcness in the extractor,
and allows to independently resolve TBD extractions, as with this
approach TBD nodes do have the correctly typed trap label. The TBD
status is now a predicate on the QL side.

This requires:
* a default visit using the correct type, which is achieved via macro
  metaprogramming in `VisitorBase.h`, following the way
  `swift::ASTVisitor` is programmed
* a mapping from labels to corresponding binding trap entries. The
  functor is defined in `TrapTagTraits.h` and instantiated in generated
  `TrapEntries.h`
* Binding trap entries for TBD unknown entities must not have any other
  field than the `id` (after all, we are supposed to not extract them
  yet). This is why all unextracted fields in `schema.yml` have been
  commented out, and will be uncommentend when visitors are added
 2022-05-20 09:52:27 +02:00
Michael Nebel
20af134ff0 Merge pull request #9210 from michaelnebel/dataflow/summarizedcallablerefactor 
DataFlow - SummarizedCallable refactor
 2022-05-20 09:32:30 +02:00
Tamás Vajk
3407b0f055 Merge pull request #9152 from tamasvajk/kotlin-fix-parcelize-reflection-1 
Kotlin: Fix extraction of reflective call generated by Parcelize
 2022-05-20 09:06:21 +02:00
Chris Smowton
d9f65fe34f Handle missing kotlinc gracefully 2022-05-19 21:54:18 +01:00
Chris Smowton
e80254b0a6 Fix generated implementation of an inherited single abstract method 
For example, UnaryOperator<T> extends Function<T, T> without overriding / defining its own `apply` method.
 2022-05-19 20:57:54 +01:00
Erik Krogh Kristensen
a5b11e88b4 update doc to make it clear that moduleImport(..) does not refer to PyPI names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 20:00:43 +02:00
Ian Lynagh
f918b2e763 Merge pull request #9217 from igfoo/igfoo/tweak_logging 
Kotlin: Tweak logging
 2022-05-19 18:31:40 +01:00
Tony Torralba
5498f41248 Apply code review suggestion to increase precision in getValue 2022-05-19 17:35:34 +01:00
Tony Torralba
bc84ff2031 Improve docs of LiveLiteral 
Also remove transitive closure from calls
 2022-05-19 17:35:27 +01:00
Ian Lynagh
e153f30c01 Kotlin: Avoid "generic specialisation" label collisions 
We had a global set of labels for generic specialisations that we'd
extracted, but these labels could contain references to other labels,
and thus you can get false collisions between labels for different TRAP
files. We now only keep the set for a single TRAP file, and live with
the extra TRAP duplication that we get from that.
 2022-05-19 17:29:41 +01:00
Ian Lynagh
9e3cde001a Kotlin: Tweak logging 
Makes it easier to filter out the peak memory info
 2022-05-19 16:59:52 +01:00
Chris Smowton
01aaa6ccbf Merge pull request #9123 from smowton/smowton/fix/type-variable-in-scope-consistency 
Kotlin: fix cases where type variables were used out of scope
 2022-05-19 16:57:41 +01:00
Alex Ford
6b7abef405 Ruby: remove unnecessary CryptographicOperation#isWeak override 2022-05-19 16:01:34 +01:00
Alex Ford
8b7bb7c358 Ruby: add missing qldoc 2022-05-19 15:55:48 +01:00
Alex Ford
fb53fc5373 Javascript: add missing import in ConceptsImports.qll 2022-05-19 15:51:25 +01:00
Alex Ford
d3662cf54a Deprecate CryptographicOperation#isWeak and add a default implementation 2022-05-19 15:46:13 +01:00
Alex Ford
3d66905dc6 Share the CryptographicOperation and BlockMode concepts between dynamic langs 2022-05-19 15:46:03 +01:00
Rasmus Wriedt Larsen
5d6fbcec64 Ruby: Autoformat 2022-05-19 16:30:12 +02:00
Rasmus Wriedt Larsen
e810ba4ef6 Ruby: Expand flowToAnyArg test 2022-05-19 16:27:04 +02:00
Tom Hvitved
3ebd4af24e C#: Fix another test 2022-05-19 16:23:31 +02:00
Alex Ford
f8576fb05b Python: avoid missing cryptography uses due to unhandled encryption modes 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 15:22:49 +01:00
Chris Smowton
c9232c075c Autoformat 2022-05-19 15:18:10 +01:00
Rasmus Wriedt Larsen
0879b6ae12 Ruby: Fix Argument[any,any-named] handling for path component in MaD 2022-05-19 15:51:30 +02:00
Rasmus Wriedt Larsen
7784b9f879 Ruby: WIP: Make Argument[any] and any-named work 
It's not fully working I think the problem is that the code below ties
up `Argument[x]` with parameter positions, and `Parameter[x]` with
argument positions. This flip might be correct for flow-summaries, but
it does NOT seem to be correct for the `path` component  in MaD.

Specifically, quick-eval for ParameterPosition does NOT include `keyword key` while
quick-eval for ArgumentPosition DOES include `keyword key`!

For the test `Foo.sinkAnyNamedArg(key: tainted) # $ MISSING: hasValueFlow=tainted`

c8be8d30b3/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll (L130-L133)
 2022-05-19 15:51:25 +02:00
Stephan Brandauer
67697e1066 update meta information and release note for typescript 4.7 upgrade 2022-05-19 15:45:27 +02:00
Stephan Brandauer
0f3448dc24 update tests for typescript 4.7 2022-05-19 15:45:19 +02:00