hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,685 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
0a484aadf1 Improve code quality based on PR review 2022-06-03 11:17:13 +02:00
Tamas Vajk
ba5cf5b1b2 Kotlin: Fix fake raw type symbols used by the Parcelize plugin 2022-06-03 11:17:13 +02:00
AlexDenisov
0a861ff616 Merge pull request #9410 from github/alexdenisov/swift-extract-only-primary-files 
Swift: extract only primary files
 2022-06-03 10:44:18 +02:00
Alex Denisov
14384b7696 Swift: switch back to references 2022-06-03 10:22:25 +02:00
Paolo Tranquilli
87234938ef Swift: correct typo 2022-06-03 08:45:59 +02:00
Chris Smowton
04422eeaee Merge pull request #9378 from porcupineyhairs/goJwtSign 
Golang : Add query to detect JWT signing vulnerabilities
 2022-06-02 20:53:03 +01:00
Chris Smowton
d5ac7190cc Remove duplicate function 2022-06-02 17:02:54 +01:00
Chris Smowton
e54b29a846 Autoformat 2022-06-02 15:58:29 +01:00
Chris Smowton
602495df4c Replace cases accidentally handled by CompareExprSanitizer with ReturnedAlongsideErrorSanitizerGuard 2022-06-02 15:53:41 +01:00
Chris Smowton
70c74bfcc0 Merge pull request #9418 from smowton/smowton/admin/test-java-kotlin-map-entries 
Kotlin: add test for Java and Kotlin both extending Map.Entry
 2022-06-02 15:52:59 +01:00
Robert Marsh
43907b6a30 Merge pull request #9409 from github/alexdenisov/swift-fix-ctor-dtor-tostring 
Swift: fix ctor/dtor names in toString
 2022-06-02 10:34:03 -04:00
Chris Smowton
b48a07e7b8 Tighten up CompareExprSanitizer 
- Document
- Only actually consider comparisons
- Don't sanitize literals
 2022-06-02 15:18:38 +01:00
Chris Smowton
3155771abe Rename empty-string sanitizer to reflect what it actually does. 2022-06-02 15:10:02 +01:00
Chris Smowton
bfbc1d48b7 Simplify redundant sanitizer 2022-06-02 15:02:41 +01:00
Chris Smowton
3d63cec1e8 Autoformat 2022-06-02 14:45:28 +01:00
Porcupiney Hairs
361b7037c6 Include suggested changes from review. 2022-06-02 19:11:44 +05:30
Paolo Tranquilli
ede6bd8ffe Swift: document and partially simplify codegen 
This adds:
* a base `README.md` file to `codegen`
* module docstrings for the modules in `generators`
* help strings on all command line flags

Moreover some unneeded command line flags (`--namespace`,
`--include-dir` and `--trap-affix`) have been dropped.
 2022-06-02 15:28:57 +02:00
AlexDenisov
2187bf5dde Merge pull request #9419 from github/revert-9373-cfg-for-key-paths 
Revert "Swift: Control-flow for key paths"
 2022-06-02 15:26:07 +02:00
Rasmus Wriedt Larsen
0b486ade9b Go: Autoformat 2022-06-02 15:12:13 +02:00
Rasmus Wriedt Larsen
aadf7aefb0 Go: Use new location in hasLocationInfo 2022-06-02 15:05:58 +02:00
Paolo Tranquilli
c9d109ddd3 Revert "Swift: Control-flow for key paths" 2022-06-02 14:55:52 +02:00
Rasmus Wriedt Larsen
3f857e113c Go: Adjust hasActualResult overrides 2022-06-02 14:55:27 +02:00
Rasmus Wriedt Larsen
86caf747f3 Go: Sync InlineExpectationsTest 2022-06-02 14:54:51 +02:00
Chris Smowton
ebb52adba6 Kotlin: add test for Java and Kotlin both extending Map.Entry 2022-06-02 13:30:39 +01:00
Chris Smowton
8b1605a617 Merge pull request #9405 from smowton/smowton/fix/restore-wildcard-types 
Kotlin: Introduce / restore implied wildcard types
 2022-06-02 13:26:11 +01:00
ihsinme
9d12f1be53 Update DangerousUseMbtowc.ql 2022-06-02 14:34:38 +03:00
ihsinme
77e4d05ea3 Update test.cpp 2022-06-02 14:33:59 +03:00
ihsinme
872dd0d59f Update DangerousUseMbtowc.expected 2022-06-02 14:33:06 +03:00
Anders Schack-Mulligen
4e6e595b3a Java: Add qldoc. 2022-06-02 13:30:27 +02:00
Chris Smowton
efc534abe7 Add implied wildcards when extracting type parameter bounds 
kotlinc seems to always insert wildcards where type parameter variance implies them, and ignores @JvmSuppressWildcards at least in 1.6.20.
 2022-06-02 11:37:15 +01:00
Porcupiney Hairs
1ef42a11ad Include suggested changes from review. 2022-06-02 16:04:29 +05:30
Anders Schack-Mulligen
9f42ca8d14 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:37 +02:00
Anders Schack-Mulligen
002c456989 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:09 +02:00
Rasmus Wriedt Larsen
a3c4a2c3e0 Misc: query-list should run on codeql-cli/* tags 
Since go doesn't need to be cloned with the same tag, that makes this change much easier to implement in practice 💪
 2022-06-02 11:57:39 +02:00
Chris Smowton
c1592cb1dc Accept test changes 2022-06-02 10:31:35 +01:00
Chris Smowton
910bb51094 Extract WildcardTypeAccesses 
Their absence became more noticeable now that more implicit wildcards are being produced.
 2022-06-02 10:31:08 +01:00
Rasmus Wriedt Larsen
b646195d14 Misc: Set permissions for labeler Action 
Like in the example on 
https://github.com/actions/labeler#create-workflow
 2022-06-02 10:27:48 +02:00
Tamás Vajk
d7b06aa2ba Merge pull request #9401 from tamasvajk/kotlin-cleanup 
Kotlin: Reuse `codeQlWithHasQuestionMark`
 2022-06-02 10:24:17 +02:00
Anders Schack-Mulligen
7214990762 Merge pull request #9408 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-06-02 10:01:15 +02:00
Mathias Vorreiter Pedersen
927aceb420 Merge pull request #9373 from MathiasVP/cfg-for-key-paths 2022-06-02 08:32:29 +01:00
Erik Krogh Kristensen
7c5ac63254 Merge branch 'main' into fieldUnusedInDisjunct 2022-06-02 09:06:46 +02:00
Paolo Tranquilli
3b57d4830b Merge pull request #9402 from github/redsun82/swift-codegen-tweaks 
Swift: merge `codegen` and `cppcodegen`
 2022-06-02 09:02:47 +02:00
Paolo Tranquilli
c52d19d821 Merge pull request #9403 from redsun82/build-codeowners 
CODEOWNERS: remove `BUILD.bazel` from codeql-ci-reviewers
 2022-06-02 09:02:17 +02:00
Alex Denisov
6419af39f3 Swift: extract only primary files 
While the (removed) comment is correct and the frontend can be called in
different modes, both `swift build` and `xcodebuild` always use
`-primary-files` when compiling Swift projects.
The other mode was present only within our test runner (`qltest.sh`), so
removing it and doing what the official build systems do simplifies our
code base.

Additionally, file archival is now a separate function/operation.
 2022-06-02 08:57:03 +02:00
Alex Denisov
1dab01a31c Swift: fix ctor/dtor names in toString 2022-06-02 08:28:46 +02:00
github-actions[bot]
ab4b7d8509 Add changed framework coverage reports 2022-06-02 00:18:51 +00:00
Erik Krogh Kristensen
536d226a6b fix bad CP in the charPred for CipherOperation 2022-06-01 23:36:11 +02:00
Chris Smowton
dc7d07ff46 Extract correct implied wildcards for Java classes and @JvmSuppressWildcards-annotated entities 
For Java classes this means following the structure of the underlying Java type to determine where the wildcard was really present and where the Java signature ruled it out. The annotation tracking simply means looking for @JvmSuppressWildcards on any surrounding class or function to turn off wildcard introduction by default.
 2022-06-01 20:00:22 +01:00
Chris Smowton
37fce6ace9 Restore implicit wildcard types 
The Kotlin compiler represents types like List<out CharSequence> internally as List<CharSequence> due to the fact that List's type parameter is covariant, and similarly Comparable<in CharSequence> where Comparable's type parameter is contravariant. However it restores use-site variance when emitting class files, so we must do the same thing for
compatability with Java code.

Note this is a partial solution because it will also add wildcards to Java .class files that *could* have a variance / wildcard but don't -- for example, a Java method could really take an invariant Comparable<CharSequence>, which is only achievable in Kotlin via the @JvmSuppressWildcards annotation. We also don't yet support
@JvmSuppressWildcards given on a surrounding class or function.
 2022-06-01 19:58:40 +01:00
Mathias Vorreiter Pedersen
cde2880392 Swift: Add getEnclosingFunction to AstNode. 2022-06-01 16:40:08 +01:00