hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,689 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
5709365c0f Merge pull request #6921 from igfoo/igfoo/types 
Java: Replace @type with more specific types
 2021-10-25 13:15:12 +02:00
Rasmus Lerchedahl Petersen
e5b68d68cb Python: Use SqlConstruction in Asyncpg.qll 2021-10-25 13:15:09 +02:00
Rasmus Lerchedahl Petersen
03ada6e97a Python: Add concept test for SqlConstruction 2021-10-25 13:09:43 +02:00
Rasmus Lerchedahl Petersen
ed5a386618 Python: add concept SqlCopnstruction 2021-10-25 12:48:24 +02:00
dependabot[bot]
e9da027539 Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor 
Updates the requirements on [tracing-subscriber](https://github.com/tokio-rs/tracing) to permit the latest version.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.0...tracing-subscriber-0.3.0)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-25 10:40:34 +00:00
dependabot[bot]
4cedb43a54 Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator 
Updates the requirements on [tracing-subscriber](https://github.com/tokio-rs/tracing) to permit the latest version.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.0...tracing-subscriber-0.3.0)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-25 10:40:28 +00:00
Arthur Baars
afc7867c98 Merge pull request #6942 from github/aibaars/patch-10 
Merge codeql-ruby into codeql
 2021-10-25 12:33:34 +02:00
Asger Feldthaus
bfb1da55d6 JS: Bump extractor version string 2021-10-25 11:49:56 +02:00
Asger Feldthaus
f3e2b0b946 JS: Avoid using non-existent attribute as parent 2021-10-25 11:49:56 +02:00
Asger Feldthaus
ac62379b17 JS: Add TRAP test 2021-10-25 11:49:39 +02:00
Rasmus Wriedt Larsen
f5464b79e4 Merge branch 'main' into fastapi 2021-10-25 09:49:42 +02:00
github-actions[bot]
2257d0475a Add changed framework coverage reports 2021-10-25 00:09:34 +00:00
Arthur Baars
4f79398342 Merge branch 'main' of github.com:github/codeql into 'main' 
Conflicts:
	docs/codeql/query-help/codeql-cwe-coverage.rst
 2021-10-22 21:51:25 +02:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Jonathan Leitschuh
5eb28398f0 Remove non-ASCII characters from Promise.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-22 10:52:46 -04:00
Nick Rolfe
3851a27fc1 Merge pull request #358 from github/external-control-file-path 
Add rb/path-injection query
 2021-10-22 15:38:39 +01:00
Tom Hvitved
7648815f1f Merge pull request #6936 from hvitved/csharp/delegate-conversion-join-order 
C#: Improve join-order in `defaultDelegateConversion`
 2021-10-22 15:10:20 +02:00
Tom Hvitved
61d7cdeec0 Data flow: Assign empty locations to summary nodes 2021-10-22 14:48:33 +02:00
Harry Maclean
87df3a0a99 Minor refactor 2021-10-22 11:44:38 +01:00
hubwriter
12e56ec9e6 Merge pull request #6887 from github/hubwriter/codeql-ruby-support 
Docs: Updates for Ruby support
 2021-10-22 11:21:49 +01:00
Nick Rolfe
d4cee73720 Add taint summaries for ActiveStorage::Filename 2021-10-22 11:15:42 +01:00
Henry Mercer
02b1fe27d2 Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries 
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
 2021-10-22 11:02:09 +01:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
336bd15d2f Override isCapturedAccess for self variables 
Many `self` reads are synthesised from method calls with an implicit
`self` receiver. Synthesised nodes have no `toGenerated` result, which
the default definition of `isCapturedAccess` uses to determine if a
variable's scope matches the access's scope.

Hence we override the definition to properly identify accesses like the
call `puts` (below) as captured reads of a `self` variable defined in a
parent scope.

In other words, `puts x` is short for `self.puts x` and the `self`
refers to its value in the scope of the module `Foo`.

```ruby
module Foo
  MY_PROC = -> (x) { puts x }
end
```

We also have to update the SSA `SelfDefinition` to exclude captured
`self` variables.
 2021-10-22 10:56:34 +01:00
Harry Maclean
f1add388a0 Synthesise writes to self for classes/modules 
This requires changing the CFG trees for classes and modules from
post-order to pre-order so that we can place the writes at the root node
of the tree, to prevent them overlapping with reads in the body of the
class/module.

We need to do this because classes and modules don't define their own
basic block, but re-use the surrounding one. This problem doesn't occur
for `self` variables in methods because each method has its own basic
block and we can place the write on the entry node of the bock.
 2021-10-22 10:56:34 +01:00
Joe Farebrother
c89178c0e8 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2021-10-22 10:54:57 +01:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Tom Hvitved
4e40337d02 C#: Improve join-order in defaultDelegateConversion 2021-10-22 10:12:18 +02:00
Porcuiney Hairs
f70d808e2f fix testcases 2021-10-22 00:58:59 +05:30
Porcuiney Hairs
9fe822f41c Include suggestions from review 2021-10-22 00:55:01 +05:30
Arthur Baars
4f72d0853a Merge pull request #375 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-21 18:16:57 +02:00
Joe Farebrother
2d368a7d9a Remove redundant imports from ExternalFlow 2021-10-21 16:48:53 +01:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Geoffrey White
9009dac9ea Merge branch 'main' into nullterm2 2021-10-21 13:14:15 +01:00
Taus
562a57b75b Merge pull request #6928 from RasmusWL/diagnostic-as-warning 
Python: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-21 13:54:01 +02:00
Chris Smowton
efecc9ab80 Merge pull request #591 from owen-mc/update-inline-expectations-test 
Update inline expectations test
 2021-10-21 12:41:57 +01:00
Owen Mansel-Chan
f4d9f2f2fa Remove unused test comments 
These were introduced in 68dca955. Currently they aren't doing anything
as there isn't an inline expectation test for the tag "source" in this
folder. It seems they were originally intended to indicate untrusted flow
sources, but they aren't needed as we are using "noflow" to only mark the
places where there isn't a flow.
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
e01291f880 Put space after MISSING: and SPURIOUS: 
This is the preferred style now
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
f38fd5722f Only one dollar sign in each comment 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
09ef621b2f Put space after first dollar sign 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
b8bd40463e Reorder MISSING labels 
The behaviour has changed: previously, "f+:" and "f-:" only affected the
following entry, but "MISSING:" and "SPURIOUS:" affect all following
 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
f28539928a Quote expected values that have spaces 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
5f0f04de1c Update labels for missing and spurious results 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
7961ba6b93 Add hasActualResult predicate not using Location 2021-10-21 11:07:50 +01:00
Nick Rolfe
5734f51792 Merge remote-tracking branch 'origin/main' into external-control-file-path 2021-10-21 10:58:38 +01:00
Rasmus Wriedt Larsen
852e9875bd Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-21 10:24:34 +02:00
Owen Mansel-Chan
a9165ce4a6 Sync InlineExpectationsTest.qll 2021-10-21 05:21:18 +01:00
Edoardo Pirovano
1fe772a2ab Merge pull request #6896 from edoardopirovano/fix-version-trailing 
Language reference: Fix when trailing commas are allowed
 2021-10-21 00:02:02 +01:00
Aditya Sharad
174df98762 Merge pull request #6929 from github/esbena-patch-5 
Mention default JavaScript Autobuilder excludes
 2021-10-20 15:47:51 -07:00
Esben Sparre Andreasen
a1ce81c3d7 Update creating-codeql-databases.rst 2021-10-20 23:00:46 +02:00