hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 13:53:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
5d6fbcec64 Ruby: Autoformat 2022-05-19 16:30:12 +02:00
Rasmus Wriedt Larsen
e810ba4ef6 Ruby: Expand flowToAnyArg test 2022-05-19 16:27:04 +02:00
Tom Hvitved
3ebd4af24e C#: Fix another test 2022-05-19 16:23:31 +02:00
Alex Ford
f8576fb05b Python: avoid missing cryptography uses due to unhandled encryption modes 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 15:22:49 +01:00
Chris Smowton
c9232c075c Autoformat 2022-05-19 15:18:10 +01:00
Rasmus Wriedt Larsen
0879b6ae12 Ruby: Fix Argument[any,any-named] handling for path component in MaD 2022-05-19 15:51:30 +02:00
Rasmus Wriedt Larsen
7784b9f879 Ruby: WIP: Make Argument[any] and any-named work 
It's not fully working I think the problem is that the code below ties
up `Argument[x]` with parameter positions, and `Parameter[x]` with
argument positions. This flip might be correct for flow-summaries, but
it does NOT seem to be correct for the `path` component  in MaD.

Specifically, quick-eval for ParameterPosition does NOT include `keyword key` while
quick-eval for ArgumentPosition DOES include `keyword key`!

For the test `Foo.sinkAnyNamedArg(key: tainted) # $ MISSING: hasValueFlow=tainted`

c8be8d30b3/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll (L130-L133)
 2022-05-19 15:51:25 +02:00
Stephan Brandauer
67697e1066 update meta information and release note for typescript 4.7 upgrade 2022-05-19 15:45:27 +02:00
Stephan Brandauer
0f3448dc24 update tests for typescript 4.7 2022-05-19 15:45:19 +02:00
Rasmus Wriedt Larsen
df83a51e1e Ruby: Add anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb6e5c24fc Ruby: Prepare for anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
a7f627af0c Ruby: Add test for Argument[any] and any-named 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb5ad8b775 Ruby: Don't include Argument[self] in Argument[any] 
For flow-sumamries
 2022-05-19 15:42:41 +02:00
Tom Hvitved
909ad2a61a Address review comment 2022-05-19 15:37:18 +02:00
Alex Ford
9e483ac4e0 Fix change note formatting 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 14:25:44 +01:00
Tom Hvitved
f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Tom Hvitved
a18aef23f9 Data flow: Do not discard call context when computing reverse lambda flow through jumps 2022-05-19 15:19:41 +02:00
Tom Hvitved
ea703bc49a Ruby: Add test that illustrates false negative lambda flow 2022-05-19 15:19:34 +02:00
Ian Lynagh
d18e03cf9a Merge pull request #9212 from igfoo/igfoo/kotlin_mem 
Kotlin: Log peak memory usge before and after extractor
 2022-05-19 14:01:07 +01:00
Ian Lynagh
e319ab1b70 Kotlin: Format a query 2022-05-19 13:56:04 +01:00
Chris Smowton
1039e29b90 Adjust test result 2022-05-19 13:42:28 +01:00
Michael Nebel
575b8376f3 C#: Update Flow summaries QL test code based on refactor. 2022-05-19 14:41:24 +02:00
Chris Smowton
4f08981586 Expand warning message to note that there are known Java extractor bugs relating to this query 2022-05-19 13:37:18 +01:00
Ian Lynagh
9b40724dcb Kotlin: Log peak memory usge before and after extractor 
Ideally this would be in a more JSON-friendly format, and also in the
database, but this at least makes the information available.
 2022-05-19 13:36:11 +01:00
Rasmus Wriedt Larsen
051754cf7e Ruby: Add test of what Argument[any] for input/output includes 
and an explicit test of what `Argument[self]` includes.
 2022-05-19 14:02:22 +02:00
AlexDenisov
480c6b985b Merge pull request #9211 from github/redsun82/swift-no-pip-install 
remove `pip install` mention from README.md
 2022-05-19 13:55:14 +02:00
Tom Hvitved
0a52420581 C#: Add ContentDataFlow test 2022-05-19 13:28:56 +02:00
Tom Hvitved
2b2ac06128 Data flow: Sync files 2022-05-19 13:28:56 +02:00
Tom Hvitved
bd9b6567c7 Data flow: Introduce ContentDataFlow.qll 2022-05-19 13:28:56 +02:00
Michael Nebel
ff1e6637ac C#: Fix issue with summaryElement predicate. 2022-05-19 13:06:24 +02:00
Chris Smowton
e722c99218 Autoformat 2022-05-19 11:55:31 +01:00
Chris Smowton
4f54bb66b8 Accept consistency check failure 
The Java extractor assigns a type with unbound type variables to the result of ImmutableSortedMap.of calls.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ea9aa59627 Add test 2022-05-19 11:55:31 +01:00
Chris Smowton
8a90ddefbb Accept test changes 
These are mainly moving the source locations and type specialisations in SAM-converted methods.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ada31f3075 Distinguish result type parameter names 
This makes debugging a little easier.
 2022-05-19 11:55:31 +01:00
Chris Smowton
49c9c36daf Type-variable-in-scope consistency query: account for all enclosing elements that declare type parameters. 2022-05-19 11:55:31 +01:00
Chris Smowton
4e15f5f8c7 Fix extracted type arguments of kotlin.jvm.functions.FunctionN 
Previously we accidentally extracted an argument type instead of the result type.
 2022-05-19 11:55:31 +01:00
Chris Smowton
102cdcdab8 Fix type substitution and source locations in SAM-converted generic interface implementations 
For example, in implementing Producer<T> by an actual lambda of type () -> Int, the return type should be Int, not T. This produced type-variable-out-of-scope consistency check failures.
 2022-05-19 11:55:31 +01:00
Chris Smowton
048a530aac Type parameter scoping check: distinguish type arguments from type parameters 
I had forgotten that the Java QL lib regards a ParameterizedType as either an instantiation Generic<String>, or the unbound declaration Generic<T>.
 2022-05-19 11:55:31 +01:00
Chris Smowton
b09b769932 Extract type parameters without substituting their parent functions 
Otherwise references to type variables declared on kotlin.Xyz.someFunction can refer to its Java equivalent java.Xyz.someFunction if it has one.
 2022-05-19 11:55:31 +01:00
Chris Smowton
d291e0cf10 Fix typeParametersInScope consistency query 
The selection of type variables mentioned in a particular class previously didn't work as intended, so the consistency query would always pass.
 2022-05-19 11:55:31 +01:00
Paolo Tranquilli
b66f1b27b0 remove pip install mention from README.md 
It is not needed any more since pip requirements were coded in bazel.
 2022-05-19 12:47:20 +02:00
Anders Schack-Mulligen
651d9d0a44 Java: Ensure cached predicates are in the same stage. 2022-05-19 11:39:41 +02:00
Michael Nebel
22b9ef2e7b Java: Adapt ExternalApi to refactor. 2022-05-19 11:30:36 +02:00
Anders Schack-Mulligen
0e830f6052 C#/Ruby/Java: Fix pragmas. 2022-05-19 11:26:38 +02:00
Michael Nebel
94a72ec051 Java: Refactor SummarizedCallable. 2022-05-19 11:10:58 +02:00
Michael Nebel
73802cbd6d Ruby: Refactor SummarizedCallable. 2022-05-19 11:04:18 +02:00
Michael Nebel
be79f20ef1 C#: Refactor SummarizedCallable. 2022-05-19 11:03:50 +02:00
Stephan Brandauer
b928ca518f update dependency version to 4.7.1-rc 2022-05-19 10:47:08 +02:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00