hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 03:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
3bcf6d68ce Python: Refactor os FileSystemAccess change-note 
I think it's more readable to have only one to cover all of these
changes, even though they came in through different PRs.
 2021-11-29 15:08:18 +01:00
Arthur Baars
f8a62c4c82 Address comments 2021-11-29 15:06:16 +01:00
Rasmus Wriedt Larsen
58f92764f7 Python: Model more file access from os module 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
fd23fa94a5 Python: Remove dubious fstat* modeling 
These operate on file descriptors, and not on paths. file descriptors
doesn't fit into the rest of our modeling, so I would rather remove them
than to make it look like it's properly handled.

I also did not include any of the functions that work on file
descriptors when looking through all of `os`. So this keeps everything
consistent at least ;)
 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
e79b8f3e23 Python: Treat os.exec*, os.spawn*, and os.posix_spawn* as FileSystemAccess 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
d2d5cce787 Python: Recognize keyword arguments for os.*spawn* calls 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
14590436f9 Python: Expand tests for os.exec*, os.spawn*, and os.posix_spawn* 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
50d3592ad3 Python: Add more complete tests of os module 
I went through https://docs.python.org/3.10/library/os.html in order,
and added all the functions that works on paths.

`lstat` and `statvfs` were already modeled, but did not have any tests.
 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
a91208fd2c Python: Fix kwarg modeling for os.path.isdir 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
36f14b31bc Python: Add explicit tests for kwargs 
I also renamed the arguments to match what the keyword argument is
called. It doesn't matter too much for these specific tests, but for the
tests I'm about to add, it makes things a lot easier to get an overview
of.

Oh, and a test failure :O
 2021-11-29 14:54:02 +01:00
Rasmus Wriedt Larsen
82602014ad Python: Minor refactor to use os.path.<func> 
Since that's the idiomatic way to use this module
 2021-11-29 14:54:02 +01:00
Geoffrey White
88fb1a18cb C++: Correct the doc. 2021-11-29 13:09:12 +00:00
Erik Krogh Kristensen
fdcc144a98 add test for import assertions 2021-11-29 13:51:28 +01:00
Erik Krogh Kristensen
591aeff906 add TypeScript test for new private field syntax 2021-11-29 13:51:28 +01:00
Erik Krogh Kristensen
19bbe6d276 add JavaScript support for new private fields syntax 2021-11-29 13:51:25 +01:00
Erik Krogh Kristensen
d1a7feebc4 disable import resolution on type-only import specifiers 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
d946802057 add support for type-only import specifiers 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
57399b733e add test for String types as Discriminants 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
0e890fd788 add test for the Awaited type 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
eef3905c46 update expected output. The TypeScript compiler now emits types in more cases 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
9ce248c829 update to TypeScript 4.5.2 2021-11-29 13:49:10 +01:00
Erik Krogh Kristensen
c13cad7e87 Merge branch 'main' into apiLabel2 2021-11-29 13:43:11 +01:00
Geoffrey White
d79337774d Update cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-29 12:33:05 +00:00
Chris Smowton
b37fa9c447 Merge pull request #614 from owen-mc/always-extract-empty-interface-type 
Always extract empty interface type
 2021-11-29 12:15:52 +00:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
Michael Nebel
e476cde985 Merge pull request #7255 from michaelnebel/csharp-effecpublic-flowsummary 
C#: Only include effectively public declarations in flow summaries
 2021-11-29 12:52:26 +01:00
Michael Nebel
e1539889ef C#: Update flow summaries tests 2021-11-29 11:35:02 +01:00
Michael Nebel
e24b15bbe7 C#: Only create flow summaries for declarations that are effectively public 2021-11-29 11:34:21 +01:00
Erik Krogh Kristensen
8e1b4e3a58 bump the severity of ql/implicit-this 2021-11-29 10:55:59 +01:00
Erik Krogh Kristensen
da5c2fb415 QL: bump the severity of ql/implicit-this 2021-11-29 10:55:59 +01:00
Michael Nebel
9239d4042e Merge pull request #7230 from michaelnebel/csharp-update-netcoreapp-stub 
C#: Update the Microsoft.NETCore.App stub
 2021-11-29 10:08:59 +01:00
Tom Hvitved
fdc94365b4 Merge pull request #7178 from michaelnebel/csharp-flowsummary-pp-csv 
C#: Initial implementation of csv printing in FlowSummaries test
 2021-11-29 09:59:33 +01:00
liangjinhuang
d0ac11817e add insecureRandomness 2021-11-28 20:47:06 +08:00
haby0
db04a0dadf New model: SQL injection in MyBatis annotations 2021-11-28 14:43:57 +08:00
Pavel Lobashov
6d339e50a3 Fix ruby incorrect version in some readme files 
There is no `ruby 3.02` version - there is `ruby 3.0.2`
 2021-11-27 22:44:27 +03:00
Erik Krogh Kristensen
74158f1e3a revert explicit-this that caused non-monotonic recursion 2021-11-26 21:37:46 +01:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Owen Mansel-Chan
d35a46e2f3 Always extract an empty interface type 2021-11-26 15:04:05 -05:00
Taus
09a11f4166 Python: Update ImpliesDataflow test 
Turns out that now we can resolve the convoluted imports. Hurray!
 2021-11-26 14:47:25 +00:00
Michael Nebel
d4f3a6d4bb C#: Review comments. Keep the TContent type pribate 2021-11-26 15:38:33 +01:00
Taus
6c3aabe1df Python: Support flow through import * 
Adds result for `ModuleVariableNode::getARead` corresponding to reads
that go through (chains of) `import *`.

This required a bit of a change to _which_ module variables we define.
Previously, we only included variables that were accessed elsewhere in
the same file, but now we must ensure to also include variables that may
be accessed through `import *`.
 2021-11-26 13:49:08 +00:00
Taus
c3e495efe9 Python: Refactor built-ins and import * logic 
Moves this from the API graphs implementation into separate files.
 2021-11-26 13:49:08 +00:00
Taus
03b6ee3833 Python: Add import * test 
This test shows off a few things:

- transitive chains of `import *`
- multiple modules exporting the same name (to test for cross-talk)
 2021-11-26 13:49:08 +00:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Anders Schack-Mulligen
00ee34c0a0 Merge pull request #7237 from hvitved/dataflow/consistency-config 
Data flow: Introduce `ConsistencyConfiguration` class
 2021-11-26 12:49:25 +01:00
Anders Schack-Mulligen
57fd397cb3 Merge pull request #7239 from smowton/smowton/fix/useless-comparison-surrogates 
Range analysis and useless-comparison query: don't treat all unicode surrogates as if they are U+FFFD
 2021-11-26 09:00:36 +01:00
Chris Smowton
d3a4dadc7d Merge pull request #7240 from smowton/smowton/admin/derecognise-xxe-secure-processing 
Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE
 2021-11-25 19:31:06 +00:00
Henry Mercer
aa9a8a0e22 Merge pull request #7244 from github/henrymercer/atm-specify-ml-models-globs 
JS: [Internal only] Add ML models specification to ATM query pack definition
 2021-11-25 18:20:45 +00:00
Chris Smowton
36bb84d97f Copyedit change note 2021-11-25 12:55:55 -05:00
Jonathan Leitschuh
1ddf5fb133 Java: Ratpack HTTP Framework Additional Modeling 
Adds models for `ratpack.func.Pair`, and `ratpack.exec.Result`.
Improve moels for `ratpack.exec.Promise`.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-11-25 12:55:32 -05:00