hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,685 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
81ac648065 Swift: flow out of calls via return statements 2022-05-26 16:58:53 +00:00
Alex Ford
4e0e4f9b5b Ruby: make ActiveRecordInstance public 2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f Ruby: fix some misidentification of ActiveRecordModelInstantiations 2022-05-26 17:54:01 +01:00
Robert Marsh
ae6d16a40f Swift: flow into callees via params 2022-05-26 16:53:42 +00:00
Robert Marsh
25c8b8141c Swift: add params to CFG 2022-05-26 16:48:24 +00:00
Harry Maclean
c80a06a6d8 Ruby: Simplify posix-spawn modeling 2022-05-26 14:29:04 +01:00
Anna Railton
4cf3467ad7 Merge pull request #9338 from github/annarailton-patch-1 
ATM: add `workflow_dispatch` to ATM JS tests
 2022-05-26 14:25:48 +01:00
Harry Maclean
ee827604f7 Ruby: Model the posix-spawn gem 
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
 2022-05-26 14:16:08 +01:00
Geoffrey White
2bcf7e17c8 Understand syscalls better. 2022-05-26 14:01:09 +01:00
Anna Railton
202d2e037d Add workflow_dispatch to Action 
This is so we can trigger scheduled runs of these tests
 2022-05-26 13:07:57 +01:00
Geoffrey White
e3ea7751d1 C++: Define sources better so that we catch all the test cases. 2022-05-26 12:44:17 +01:00
Robert Marsh
3213549a73 Merge pull request #9329 from MathiasVP/fixes-for-9291 
Swift: Fixups for #9291
 2022-05-26 07:25:24 -04:00
Chris Smowton
1f2248c1c8 Warn if jar file path not in expected form 2022-05-26 11:59:23 +01:00
Chris Smowton
3bd581a052 Kotlin: use the same mtimes as Java 
Previously Kotlin's use of IntelliJ's VirtualFile interface meant we got the containing JAR file's mtime, not that of the individual file entry.
 2022-05-26 11:59:23 +01:00
Tom Hvitved
ae1f5bbe25 Merge pull request #9334 from hvitved/ruby/dataflow/hash-splat-literal 2022-05-26 10:36:04 +02:00
Mathias Vorreiter Pedersen
df2c1972e9 Swift: Add CFG trees for local declarations and accept test changes. 2022-05-26 09:09:17 +01:00
Mathias Vorreiter Pedersen
b715a6b63b Swift: Add test containing local declarations. 2022-05-26 09:06:13 +01:00
Mathias Vorreiter Pedersen
c7cc8d2592 Swift: Fix copy-paste error. 2022-05-25 21:36:24 +01:00
Robert Marsh
da90440ea3 Merge pull request #9333 from rdmarsh2/rdmarsh2/swift/dataflow-local-flow 
Swift: local dataflow
 2022-05-25 15:59:50 -04:00
Robert Marsh
aa77ea6bef Swift: minimal tests for interprocedural flow 2022-05-25 19:24:34 +00:00
Robert Marsh
9f64622f31 Swift: data flow configurations working 2022-05-25 19:23:43 +00:00
Robert Marsh
d326b3a91c Swift: global dataflow WIP 2022-05-25 18:54:47 +00:00
Robert Marsh
bba3564187 Swift: adjust for changes in main 2022-05-25 18:52:47 +00:00
Robert Marsh
91b34d5e8f Swift: make LambdaCallKind a TODO 2022-05-25 18:26:38 +00:00
Robert Marsh
765e1e1115 Swift: autoformat 2022-05-25 18:26:38 +00:00
Robert Marsh
cf22ade9f3 Swift: initial local data flow implementation 2022-05-25 18:26:37 +00:00
Robert Marsh
117a1ad2f4 Swift: DataFlow expr and parameter nodes 2022-05-25 18:26:37 +00:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Tom Hvitved
47051ec8c9 Merge pull request #9320 from hvitved/ruby/hash-splat-flow 
Ruby: Flow through hash-splat parameters
 2022-05-25 19:31:09 +02:00
Nick Rolfe
d5c8188625 Merge pull request #9330 from github/nickrolfe/ruby-typos 
Ruby: fix spelling errors
 2022-05-25 17:56:50 +01:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Nick Rolfe
385e442f7f Ruby: fix spelling errors 2022-05-25 16:38:48 +01:00
Mathias Vorreiter Pedersen
fafdb016fa Swift: Fixup based on review comments in #9291. 2022-05-25 16:10:44 +01:00
Mathias Vorreiter Pedersen
f17afa8a11 Swift: Accept test changes. 2022-05-25 16:01:42 +01:00
Mathias Vorreiter Pedersen
dc2ba5b410 Swift: Implement better 'toString' overrides for all AST nodes. 2022-05-25 15:59:45 +01:00
Mathias Vorreiter Pedersen
0b6e35a2a9 Merge pull request #9291 from MathiasVP/swift-ipa-the-cfg 
Swift: CFG for property reads and writes
 2022-05-25 15:57:32 +01:00
Erik Krogh Kristensen
361b2aa6bb Merge pull request #9325 from erik-krogh/CWE-940 
JS: add CWE-940 to js/missing-origin-check
 2022-05-25 16:41:40 +02:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
af428a1ac2 Address comments 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00
Asger F
a60caced98 JS: Update TRAP output 2022-05-25 15:59:58 +02:00
Nick Rolfe
79fb9e8fd2 Merge pull request #9159 from github/nickrolfe/join_order_tweak 
Ruby: tweak join order in `API::Impl::edge`
 2022-05-25 14:57:24 +01:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Asger F
893f4ab8fb Merge pull request #9288 from asgerf/js/resource-exhaustion-no-buffer.from 
JS: Remove Buffer.from sink from js/resource-exhaustion
 2022-05-25 15:51:54 +02:00
Tom Hvitved
ce4959287a Ruby: Flow through hash-splat expressions 2022-05-25 15:40:08 +02:00
Nick Rolfe
8cd261af0e Merge pull request #9324 from hvitved/dataflow/prohibits-use-use-fix-join 
Data flow: Fix bad join in `prohibitsUseUseFlow`
codeql-cli/v2.9.3 		2022-05-25 14:39:06 +01:00
Mathias Vorreiter Pedersen
80fad348bb Swift: Implement CFG for property reads, writes, and observers. 2022-05-25 13:46:14 +01:00
Mathias Vorreiter Pedersen
67cc1b503b Swift: Implement step 3 from the previous commit message. 2022-05-25 13:44:59 +01:00
Mathias Vorreiter Pedersen
1f4924f978 Swift: Create a custom "AST" version of the public CFG classes. This is 
necessary because the CFG library doesn't support the following
       two requirements simultaneously:
       1. Traverse AST classes by virtual dispatch
       2. Construct ControlFlowElements from non-AST classes

       Because the CFG trees derive from the a base type that must be a
       subtype of `ControlFlowElement`. So if we make `ControlFlowElement`
       an IPA type, we cannot write:
       ```
       class AssignTree extends PostOrderTree instanceof AssignExpr { ... }
       ```
       because `AssignExpr` is not a subtype of PostOrderTree (since
       PostOrderTree is now a subtype of the new IPA type).

       To fix this, Tom suggested the following (which is implemented in
       this PR):
       1. Create a copy of the CFG tree classes (i.e., Pre/PostOrderTree,
          LeafTree, etc.) and call them AstPreOrderTree/AstPostOrderTree,
          AstLeafTree, etc.
       2. For each tree AstTree from step 1, create a instance of the
          internal CFG library's appropriate class.
       3. In `ControlFlowGraphImpl`, proceed as normal with virtual
          dispatch using `instanceof`, but extend the AstTree classes
          from step 1 instead of the CFG's own tree classes.

       This works because each AstTree implements one of the CFG
       library's tree classes (as per step 2).
       This commit performs step 1 and 2. Step 3 will be the next commit.
 2022-05-25 13:39:48 +01:00
Mathias Vorreiter Pedersen
ab268514a1 Swift: Create a custom IPA type for 'ControlFlowElement's and fixup various type annotations. 2022-05-25 13:39:48 +01:00