codeql

mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00

Author	SHA1	Message	Date
Andrew Eisenberg	43ae5d4285	Merge pull request #9838 from github/aeisenberg/python-local-ref-def Move python contextual queries to lib folders	2022-07-25 09:00:32 -07:00
Chris Smowton	3f6925e7be	Merge pull request #9875 from smowton/smowton/fix/charat-naming Kotlin: Special-case String.charAt naming	2022-07-25 16:10:13 +01:00
Chris Smowton	715b0b3fb8	Accept test changes	2022-07-25 15:17:14 +01:00
Chris Smowton	3af2e71932	Merge pull request #9874 from smowton/smowton/fix/kotlin-for-loop-iterators Kotlin: fix for-loop iterators over primitive or wildcard types	2022-07-25 15:02:49 +01:00
Jeroen Ketema	8cd0a9d245	Merge pull request #9735 from jketema/inline-yolo C++: Remove `pragma[noinline]` from `ResolveGlobalVariable.ql`	2022-07-25 11:25:26 +02:00
Nick Rolfe	a61ec78f03	Merge pull request #9883 from github/nickrolfe/trap-buffering Ruby/QL: speed up trap writing by putting BufWriter in front of GzEncoder	2022-07-25 08:48:54 +01:00
Paolo Tranquilli	fe73601a4e	Merge pull request #9805 from github/redsun82/swift-type-repr-collapse Swift: collapse `TypeRepr` hierarchy	2022-07-25 09:31:41 +02:00
Harry Maclean	681e58c8e0	Merge pull request #9850 from hmac/hmac/arel Ruby: Model Arel.sql	2022-07-25 12:09:18 +12:00
Harry Maclean	cb3ebeedf9	Merge pull request #9696 from thiggy1342/experimental-strong-params RB: Experimental strong params query	2022-07-25 12:08:55 +12:00
Harry Maclean	db41ce5f76	Merge pull request #9605 from thiggy1342/experimental-manually-check-request-verb RB: Experimental query to manually check request verb	2022-07-25 12:08:11 +12:00
thiggy1342	6cfde70898	Merge branch 'main' into experimental-strong-params	2022-07-22 20:41:33 -04:00
thiggy1342	b4d762fb21	Merge branch 'main' into experimental-manually-check-request-verb	2022-07-22 20:41:23 -04:00
thiggy1342	0c0ba925a7	this one should have no tag	2022-07-22 18:44:03 +00:00
thiggy1342	f39ca1aad2	correct cwe tagged	2022-07-22 18:36:25 +00:00
Robert Marsh	0a35f97074	Merge pull request #9872 from jketema/return-join C++: Fix join-order problem in `cpp/return-stack-allocated-memory`	2022-07-22 14:32:10 -04:00
thiggy1342	c2710fb038	Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-22 13:52:00 -04:00
thiggy1342	2c095cf166	Update ruby/ql/src/change-notes/2022-07-21-weak-params.md Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-22 13:51:38 -04:00
Jeroen Ketema	a9d95a9418	C++: Remove `pragma[noinline]` from `ResolveGlobalVariable.ql`	2022-07-22 17:59:27 +02:00
Jeroen Ketema	23c19311fb	Merge pull request #9700 from jketema/resolve-global-variable C++: Ensure only one `Variable` exists for every global variable	2022-07-22 17:57:21 +02:00
Nick Rolfe	4767d5a1ba	Ruby/QL: speed up trap writing by putting BufWriter in front of GzEncoder	2022-07-22 15:37:53 +01:00
Arthur Baars	43266b75a1	Merge pull request #9866 from aibaars/encoding Ruby: handle magic coding: comments	2022-07-22 14:33:46 +02:00
Taus	5f9a03f103	Merge pull request #9880 from github/nickrolfe/ql-ql-extractor-cleanup QL: sync Ruby extractor changes	2022-07-22 14:15:04 +02:00
Paolo Tranquilli	77401ded4e	Swift: reflow comment	2022-07-22 13:54:32 +02:00
Arthur Baars	d44bf326f0	Update ruby/extractor/src/main.rs Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-07-22 13:36:22 +02:00
Paolo Tranquilli	7e67338fb5	Update swift/extractor/infra/SwiftDispatcher.h Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-07-22 13:34:11 +02:00
thiggy1342	871b6515d5	Merge branch 'main' into experimental-manually-check-request-verb	2022-07-21 18:47:07 -04:00
thiggy1342	1842bde879	add change note	2022-07-21 22:13:53 +00:00
thiggy1342	c1a6ca5f94	add change note	2022-07-21 22:11:14 +00:00
thiggy1342	486a394a7f	Update ruby/ql/src/experimental/weak-params/WeakParams.ql Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-21 17:26:09 -04:00
thiggy1342	8fabc06d37	fix test assertion	2022-07-21 21:25:44 +00:00
thiggy1342	cc958dc171	Update ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-21 17:19:33 -04:00
Arthur Baars	1399610bd4	Merge branch 'main' into encoding	2022-07-21 21:21:17 +02:00
Nick Rolfe	5f96c92fac	QL: sync Ruby extractor changes	2022-07-21 17:38:33 +01:00
Nick Rolfe	ed0325f162	Merge pull request #9878 from github/nickrolfe/extractor-cleanup Ruby: some extractor refactoring	2022-07-21 17:18:24 +01:00
Arthur Baars	7be106d7bb	Ruby: handle magic coding: comments	2022-07-21 16:33:18 +02:00
Arthur Baars	27be3dff54	Merge pull request #9868 from aibaars/update-tree-sitter-ruby-3 Ruby: update tree-sitter-ruby	2022-07-21 16:08:32 +02:00
Nick Rolfe	8dae85e1b1	Ruby: avoid repeated construction of table name strings	2022-07-21 12:21:06 +01:00
Nick Rolfe	0a8ecd3cf7	Ruby: compute path string only once	2022-07-21 10:44:30 +01:00
Nick Rolfe	388c9ffb74	Ruby: separate trap-writer into its own module	2022-07-21 10:44:00 +01:00
Jeroen Ketema	ad8335d6f3	C++: Fix join-order problem in `cpp/return-stack-allocated-memory` Before on Abseil: ``` Evaluated relational algebra for predicate #select#cpe#12356#fffff@3ffb21o1 with tuple counts: 1235939 ~0% {2} r1 = SCAN functions OUTPUT In.0, In.0 1235939 ~0% {2} r2 = JOIN r1 WITH functions ON FIRST 1 OUTPUT Lhs.1, Lhs.0 33500841 ~0% {2} r3 = JOIN r2 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 280683 ~3% {3} r4 = JOIN r3 WITH MustFlow::MkLocalPathNode#0227f5a1#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.0 40970 ~2% {4} r5 = JOIN r4 WITH MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0 40970 ~0% {5} r6 = JOIN r5 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0 40970 ~1% {5} r7 = JOIN r6 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4 40970 ~1% {5} r8 = JOIN r7 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4 40970 ~0% {6} r9 = JOIN r8 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1 40970 ~2% {7} r10 = JOIN r9 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Rhs.1 0 ~0% {6} r11 = JOIN r10 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 2 OUTPUT Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6 0 ~0% {5} r12 = JOIN r11 WITH functions ON FIRST 1 OUTPUT Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4 0 ~0% {5} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.3, Lhs.2, Lhs.4, Rhs.1 return r13 ``` After: ``` Evaluated relational algebra for predicate #select#cpe#12356#fffff@1dbc97kv with tuple counts: 40970 ~0% {2} r1 = SCAN MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23 OUTPUT In.1, In.0 40970 ~0% {3} r2 = JOIN r1 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1 40970 ~7% {4} r3 = JOIN r2 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2 40970 ~2% {4} r4 = JOIN r3 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3 40970 ~2% {4} r5 = JOIN r4 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3 40970 ~0% {5} r6 = JOIN r5 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1 40970 ~1% {6} r7 = JOIN r6 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1 40970 ~0% {6} r8 = JOIN r7 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Lhs.4, Lhs.5 0 ~0% {5} r9 = JOIN r8 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.5, Lhs.2, Lhs.3, Lhs.0, Lhs.4 0 ~0% {5} r10 = JOIN r9 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1 return r10 ```	2022-07-21 11:27:02 +02:00
Jeroen Ketema	466eb4a845	Merge pull request #9870 from jketema/exec-tainted-join C++: Fix join-order problem in `cpp/command-line-injection`	2022-07-21 11:22:02 +02:00
Cornelius Riemenschneider	a437fcbbcc	Merge pull request #9705 from github/criemen/csharp-lua-tracing C#: Implement correct behavior for `dotnet build` tracing	2022-07-21 11:01:33 +02:00
Chris Smowton	9593ceeda5	Kotlin: Special-case String.charAt naming In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.	2022-07-21 09:17:08 +01:00
Chris Smowton	0a351b73cb	Underscore query: tolerate synthetic functions	2022-07-21 09:15:27 +01:00
Chris Smowton	1cbe26a54f	Kotlin: fix for-loop iterators over primitive or wildcard types Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.	2022-07-21 09:13:55 +01:00
Harry Maclean	4d0f6a0b96	Merge pull request #9788 from thiggy1342/add-activerecord-annotate RB: Add ActiveRecord::Relation#annotate to sqlFragmentArgument()	2022-07-21 15:37:03 +12:00
thiggy1342	a10370f813	Merge branch 'main' into experimental-manually-check-request-verb	2022-07-20 16:33:36 -04:00
thiggy1342	b3f2159a7e	Merge branch 'main' into experimental-strong-params	2022-07-20 16:33:32 -04:00
thiggy1342	17c80336f5	Merge branch 'main' into add-activerecord-annotate	2022-07-20 16:33:30 -04:00
Arthur Baars	8d80e0332e	Ruby: update tree-sitter-ruby	2022-07-20 18:16:30 +02:00

... 6 7 8 9 10 ...

41812 Commits