hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,688 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
28c0906886 Update ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-06-13 09:41:41 +01:00
Mathias Vorreiter Pedersen
9d7afab185 Swift: Fix completion for patterns that occur outside 'CaseLabelItems'. Previously we'd add an unnecessary 'no-match' completion to these patterns even though they were always matching. This caused some confusing output in the graph tests in particular. 2022-06-13 09:24:18 +01:00
AlexDenisov
e1c7de98e8 Merge pull request #9427 from github/redsun82/swift-macos-arm-workaround 
Swift: build x86_64 on arm64 macOS
 2022-06-13 06:30:54 +02:00
thiggy1342
038e6363a9 update severity 2022-06-11 00:09:50 +00:00
thiggy1342
c7e67eb2e2 expand test coverage for sanitizers 2022-06-10 21:30:41 +00:00
Ian Lynagh
669c1faf29 Kotlin: Do each build in its own directory 
This can make life easier when debugging.
 2022-06-10 15:01:37 +01:00
Donatas Abraitis
3174c4fa9b doc: Add missing closing bracket in basic-query-for-cpp-code 
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
 2022-06-10 09:49:52 +03:00
Robert Marsh
97815bfa61 Swift: fix implicit this usage 2022-06-09 18:50:40 +00:00
Robert Marsh
755c56dafe Swift: autoformat 2022-06-09 18:50:39 +00:00
Robert Marsh
fca1afa493 Swift: fix inout parameter conflation at return 2022-06-09 17:09:49 +00:00
Robert Marsh
8d4830cd23 Swift: make dataflow test a path-problem 2022-06-09 17:09:49 +00:00
Robert Marsh
a7663adf90 Swift: add flow through inout parameters 2022-06-09 17:09:49 +00:00
Robert Marsh
21ba73138d Swift: add CallExprCfgNode 2022-06-09 17:09:49 +00:00
Robert Marsh
cb3da0eedd Swift: add some ParamDecl methods 2022-06-09 17:09:48 +00:00
Robert Marsh
776a2965ca Swift: extract isInOut for parameters 2022-06-09 17:09:48 +00:00
Ian Lynagh
6055aaf048 Kotlin: Put overloads together 
Makes it easier when reading the code.

The substituteTypeArguments functions aren't actually overloads, but I
think the same applies.
 2022-06-09 17:43:11 +01:00
Dave Bartolomeo
5780f156d1 Merge pull request #9456 from dbartol/dbartol/go-suite-helpers/work 
Fix `codeql/suite-helpers` dependency for Go
 2022-06-09 12:04:15 -04:00
Rasmus Wriedt Larsen
d91b92511f Python: Add change-note 2022-06-08 17:46:51 +02:00
Rasmus Wriedt Larsen
5b2d799fde Python: Model certificate disabling in urllib3 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
0d02ca07d7 Python: Add certificate disable test of urllib/urllib2 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
049e87201c Python: Model certificate disabling in httpx 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
1a2a4232a8 Python: Refactor httpx tests 
and improve QLDocs a bit
 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
f72a1d98bb Python: Model certificate disabling in aiohttp.client 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen
4b07a7b7be Python: Add missing QLDoc for requests 
Also fix links
 2022-06-08 17:41:42 +02:00
Rasmus Wriedt Larsen
f37d1775f1 Python: Improve requests tests 2022-06-08 17:41:11 +02:00
Rasmus Wriedt Larsen
c21e05aa44 Python: Use HTTP::Client::Request request for py/request-without-cert-validation 
This is very much like the Ruby query, except we also have the origin
that does the disabling.

976daddd36/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql (L18-L20)
 2022-06-08 15:42:32 +02:00
Rasmus Wriedt Larsen
9cb249fc2f Python: Add test we don't handle for py/request-without-cert-validation 2022-06-08 15:39:37 +02:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
Paolo Tranquilli
8b52bb0c31 Swift: build x86_64 on arm64 macOS 
This is a temporary workaround. At a later stage we will add
* a Swift/LLVM prebuilt package for arm64
* universal binary for the extractor
 2022-06-08 10:25:38 +02:00
Dave Bartolomeo
5e5e2646e2 Fix codeql/suite-helpers dependency for Go 2022-06-07 10:55:49 -04:00
Ian Lynagh
5c9fea2283 Kotlin: Remove unused idOverride argument to extractFunction 2022-06-07 11:34:43 +01:00
Ian Lynagh
33e11b3014 Kotlin: Simplify samMember computation 2022-06-07 11:11:00 +01:00
thiggy1342
62291124ff remove constraint for Zip::File.open 2022-06-06 21:20:44 +00:00
thiggy1342
3c62271dba fix casing of Api 2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8 add archive api file open query and test 2022-06-06 21:09:57 +00:00
Ian Lynagh
763f869e3f Kotlin: Remove some redundant code 2022-06-06 20:49:36 +01:00
thiggy1342
c5db11ee2e use select placeholder correctly 2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07 Fix test syntax for sanitizer tests 2022-06-04 16:33:18 +00:00
thiggy1342
5ada3b76ed Merge branch 'main' into experimental-decompression-api 2022-06-03 16:45:53 -04:00
thiggy1342
54fd7809fe tweak metadata 2022-06-03 18:22:50 +00:00
thiggy1342
c5dc8779d1 Increased query robustness and test coverage 2022-06-03 18:05:56 +00:00
jorgectf
171239b78f Format FlaskMail.qll and Sendgrid.qll 2022-06-03 18:27:45 +02:00
Paolo Tranquilli
a0acb19b68 Swift: remove redundant import 2022-06-03 15:28:48 +02:00
Paolo Tranquilli
01e1c13c29 Swift: add UnknownLocation 
`getLocation()` will now exists for all entities. When there is no
valid location, the location will still not be emitted in the DB, but
on the QL side we will then assign a special `UnknownLocation` with
empty filename and 0 for line/column start/end.

This unknown location is currently emitted (with a unique `@` key) at
the start of every extraction, but we can move it elsewhere (and
possibly in a unique global trap file) at a later stage, possibly after
or when we rework the trap file strategy.

This should solve flakiness that was observed on the control flow tests,
which is probably caused by the `nodes` predicate in the `TestOutput`
class in `ControlFlowGraphImplShared.qll` not able to assign a proper
rank when the node does not have a location.
 2022-06-03 14:59:22 +02:00
Tamás Vajk
4a025053cc Merge pull request #9400 from tamasvajk/kotlin-fix-parcelize-symbols 
Kotlin: Fix fake raw type symbols used by the Parcelize plugin
 2022-06-03 13:34:22 +02:00
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen
07c22a857f Merge pull request #9420 from RasmusWL/sync-go-inline 
Go: Sync InlineExpectationsTest
 2022-06-03 11:37:13 +02:00
Rasmus Wriedt Larsen
aa78ce3c75 Merge pull request #9413 from github/RasmusWL/query-list-cli-tags 
Misc: query-list should run on `codeql-cli/*` tags
 2022-06-03 11:36:52 +02:00
Rasmus Wriedt Larsen
cceeaef6bf Merge pull request #9412 from github/RasmusWL/labeler-permissions 
Misc: Set permissions for labeler Action
 2022-06-03 11:36:37 +02:00