hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
17cce6bd18 Add change note 2021-06-16 13:01:39 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
f9e6b3c3d2 Add new URL(tainted) as taint step 2021-06-16 13:01:39 +02:00
Tony Torralba
7ff4d368be Fix tests 2021-06-16 13:01:39 +02:00
Tony Torralba
6f926e1e80 Refine sinks and add more taint steps 2021-06-16 13:01:39 +02:00
Tony Torralba
5d56eb6ea1 Add stubs 2021-06-16 13:01:39 +02:00
Tony Torralba
4b491dcc50 Add codehaus sink and taint steps 2021-06-16 13:01:39 +02:00
Tony Torralba
7883549c25 Use InlineExpectationsTest 2021-06-16 13:01:39 +02:00
Tony Torralba
7031e0a91d Refactor to use CSV sink models 2021-06-16 13:01:38 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
Taus
e647403948 Python: Avoid __main__.py files as entry points. 
According to the official documentation, the purpose of `__main__.py`
files is that their presence in a package (say, `foo`) means one can
execute the package directly using `python -m foo` (which will run the
aforementioned `foo/__main__.py` file).

In principle this means that adding `if __name__ == "__main__"` in these
files is superfluous, as they are only intended to be executed (and not
imported by some other file).

However, in practice people often _do_ include the above construct.
Here are some instances of this on LGTM.com:
https://lgtm.com/query/7521266095072095777/

In particular, 10 out of 33 files in `cpython` have this construct.

This causes some confusion in our module naming, as we usually see the
presence of `__name__ == "__main__"` as an indication that a file may
be run directly (and hence with "absolute import" semantics). However,
when run with `python -m`, the interpreter uses the usual package
semantics, and this leads to modules getting multiple names.

For this reason, I think it makes sense to simply exclude `__main__.py`
files from consideration. Note that if there is a `#!` line mentioning
the Python interpreter, then they will still be included as entry
points.
 2021-06-16 10:59:56 +00:00
Tamás Vajk
eaa69dfa5d Merge pull request #6084 from tamasvajk/feature/effective-publicness 
C#: Fix isEffectively* visibility predicates
 2021-06-16 12:52:38 +02:00
Tom Hvitved
872c7edfc8 Merge pull request #207 from github/bump-codeql 
Bump `codeql` submodule
 2021-06-16 12:33:40 +02:00
Anders Schack-Mulligen
75d5fe67ea Merge pull request #6090 from atorralba/atorralba/move-httpsurls-tests 
Java: Move/tweak some tests
 2021-06-16 12:00:55 +02:00
Tom Hvitved
84d79ccae9 Bump codeql submodule 2021-06-16 11:55:38 +02:00
Tamas Vajk
28ef0e86f6 Apply code review findings 2021-06-16 10:51:52 +02:00
Tamas Vajk
c5b8acf216 Add change notes 2021-06-16 10:51:52 +02:00
Tamas Vajk
db8a777aa9 Fix isEffectively* predicates to members extracted from multiple assemblies 2021-06-16 10:51:52 +02:00
Tamas Vajk
77f8f3fa8a Adjust comments on isEffectively* 2021-06-16 10:51:52 +02:00
Tamas Vajk
eea96a5585 Fix effective publicness of protected private and protected internal 2021-06-16 10:51:52 +02:00
Tamas Vajk
f715445c7a Fix effective privateness of explicitly implemented members 2021-06-16 10:51:08 +02:00
Tamas Vajk
a24006239b C#: Add more tests to effective visibility 2021-06-16 10:50:15 +02:00
Taus
96d8fc78f8 Merge pull request #6078 from hvitved/type-tracker-caching 
Python: Move cached predicates in type tracker library to same stage
 2021-06-16 10:45:02 +02:00
Tamás Vajk
9f44bc575f Merge pull request #6089 from tamasvajk/feature/interface-member-modifier 
C#: Allow abstract modifier on interface members
 2021-06-16 10:44:43 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
Tamás Vajk
386d88ab93 Merge pull request #6085 from tamasvajk/feature/unsafe 
C#: Fix `Modifiable::isUnsafe` to handle declarations extracted from assemblies
 2021-06-16 10:30:09 +02:00
Tony Torralba
e2918d55b5 Move tests back from internal repo 2021-06-16 10:09:44 +02:00
Tamas Vajk
66835651fe C#: Allow abstract modifier on interface members 2021-06-16 09:56:36 +02:00
Tamas Vajk
dacb044790 C#: Add tests for abstract/virtual modifier of interface members 2021-06-16 09:54:34 +02:00
Asger Feldthaus
5838e54a46 JS: Sharpen recognition of string 'match' calls 2021-06-16 09:27:02 +02:00
haby0
9badd7aa27 change name 2021-06-16 11:29:37 +08:00
jorgectf
5123b8f4e3 Update .expected 2021-06-15 20:29:33 +02:00
jorgectf
e61cf9a58d Simplify tests 2021-06-15 19:32:02 +02:00
Taus
359bc5eff9 Python: Autoformat 2021-06-15 15:56:40 +00:00
Tamas Vajk
74c4765ab9 Add change note 2021-06-15 17:30:48 +02:00
Tamas Vajk
44b30b70da C#: Fix Modifiable::isUnsafe to handle declarations extracted from assemblies 2021-06-15 17:30:48 +02:00
Asger Feldthaus
af9cc07066 JS: Change note 2021-06-15 17:19:39 +02:00
Asger Feldthaus
9f052a2ecd JS: Add Knex model 2021-06-15 17:19:39 +02:00
CodeQL CI
847faf536d Merge pull request #6070 from asgerf/js/script-with-tsx-lang 
Approved by erik-krogh
 2021-06-15 08:17:53 -07:00
Taus
b55c034502 Python: Fix up getAMethodCall 
Now that we have a `MethodCallNode` class, it would be silly not to use
that as the return type.
 2021-06-15 15:13:54 +00:00
Taus
92063dc191 Python: Add change note 2021-06-15 15:13:03 +00:00
Taus
41ee325bc9 Python: Clean up Stdlib.qll 
Not as many opportunities to clean stuff up here.
 2021-06-15 15:04:30 +00:00
Taus
e90ec807ef Python: Clean up Ssl.qll 2021-06-15 15:04:29 +00:00
Taus
82fab3ba75 Python: Clean up Cryptography.qll 2021-06-15 15:04:29 +00:00
Taus
d4b05547ba Python: Add MethodCallNode class 
Roughly patterned after the JS equivalent.
 2021-06-15 15:04:29 +00:00
Calum Grant
975e4d7284 Add security-severity scores 2021-06-15 15:56:57 +01:00
jorgectf
6bed8594f2 Match sanitizer inputs' naming 2021-06-15 16:27:32 +02:00
ihsinme
b118817fb8 Add files via upload 2021-06-15 16:52:39 +03:00
ihsinme
f5008d31f5 Add files via upload 2021-06-15 16:51:38 +03:00
ihsinme
4f2703e0aa Add files via upload 2021-06-15 16:43:57 +03:00