hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
3a46db3f81 Swift: make C++ code generation more self-contained 
This is solving a papercut, where the C++ build was relying on the
local dbscheme file to be up-to-date, even if all the information for
building is actually in `schema.yml`. This made a pure C++ development
cycle with changes to `schema.yml` clumsy, as it required a further
dbscheme generation step.

Now for C++ the dbscheme is generated internally in the build files, and
thus a change in `schema.yml` is reflected immediately in the C++ build.

A `swift/codegen` step for checked in generated code (including the
dbscheme) is still required, but a developer can do it just before
running QL tests or committing, instead of during each C++
recompilation.

Some directory reorganization was also carried out, moving specific
generator modules to a new `generators` python package, and only leaving
the two drivers at the top level.
 2022-05-17 17:05:16 +02:00
Paolo Tranquilli
fbe7c5be81 Swift: move TBD code to ql 
This allows to avoid bypassing label type correcness in the extractor,
and allows to independently resolve TBD extractions, as with this
approach TBD nodes do have the correctly typed trap label. The TBD
status is now a predicate on the QL side.

This requires:
* a default visit using the correct type, which is achieved via macro
  metaprogramming in `VisitorBase.h`, following the way
  `swift::ASTVisitor` is programmed
* a mapping from labels to corresponding binding trap entries. The
  functor is defined in `TrapTagTraits.h` and instantiated in generated
  `TrapEntries.h`
* Binding trap entries for TBD unknown entities must not have any other
  field than the `id` (after all, we are supposed to not extract them
  yet). This is why all unextracted fields in `schema.yml` have been
  commented out, and will be uncommentend when visitors are added
 2022-05-17 16:31:10 +02:00
Alex Ford
4bb6d1db3a Add missing qldoc 2022-05-17 15:01:28 +01:00
Alex Ford
f92782d4e7 Ruby: fix some cases where we assume that a CryptographicOperation is using CBC when it is not 2022-05-17 14:57:11 +01:00
Alex Ford
c620fceb82 Ruby: remove unnecessary line from test 2022-05-17 14:57:11 +01:00
Alex Ford
6b496c78ef Ruby: failing crypto op test 2022-05-17 14:57:11 +01:00
Tony Torralba
53f32f5a97 Merge pull request #9186 from atorralba/atorralba/kotlin-inline-expectations-tests 
Kotlin: Add support for InlineExpectationsTest
 2022-05-17 15:28:03 +02:00
Cornelius Riemenschneider
3b4d04dcc4 Update Lua tracing config. 2022-05-17 13:18:56 +00:00
Cornelius Riemenschneider
3836d1550a Update Lua tracing configs. 2022-05-17 13:18:28 +00:00
Taus
ea32299ab0 Python: Use API-graph flow for boolean tracking 
Introduces a false positive, but arguably that false positive should
have been there with the local flow as well.
 2022-05-17 13:14:55 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Taus
ba8d73c2be Python: Use API::CallNode 2022-05-17 12:00:17 +00:00
Geoffrey White
629e90f14b Merge pull request #9176 from geoffw0/xxe9 
C++: Clean up the XXE query QL.
 2022-05-17 12:40:39 +01:00
Erik Krogh Kristensen
440e6214f0 CPP: correctly escape underscores in calls to .matches() 2022-05-17 13:21:02 +02:00
Erik Krogh Kristensen
e32a04fc06 QL: add use-string-compare query 2022-05-17 13:20:49 +02:00
Tony Torralba
dbf249b199 Accept only EOL comments as Kotlin expectation comments 2022-05-17 13:05:51 +02:00
Tom Hvitved
f1f96b7e5c Ruby: Force cached taint tracking predicates to be evaluated in data flow stage 2022-05-17 12:54:26 +02:00
Tom Hvitved
284357d2a0 Data flow: Do not materialize summaryArgParam 2022-05-17 12:50:01 +02:00
Erik Krogh Kristensen
03da62713c fix typo identified by QL-for-QL 2022-05-17 12:32:40 +02:00
Erik Krogh Kristensen
bb289e29b9 sync typo fix to JS/RB 2022-05-17 12:26:31 +02:00
Erik Krogh Kristensen
818975dc56 sync upstream typo fixes 2022-05-17 12:25:52 +02:00
Erik Krogh Kristensen
5d1c41c269 Merge branch 'main' into pyMaD 2022-05-17 12:23:03 +02:00
Erik Krogh Kristensen
2868eb61ea add test for Parameter[any] and Parameter[any-named] 2022-05-17 12:08:53 +02:00
Geoffrey White
246093d375 C++: Move the two implementation imports. 2022-05-17 11:03:21 +01:00
Arthur Baars
fcb3b82bde Merge pull request #9178 from aibaars/update-tree-sitter-ruby 
Ruby: update tree-sitter-ruby
 2022-05-17 11:47:41 +02:00
Erik Krogh Kristensen
f273ccf73b add explicit test of what Parameter[0] matches 2022-05-17 11:17:15 +02:00
Erik Krogh Kristensen
ce21d7e5a8 use test-sink for sinks in the MaD test 2022-05-17 11:13:59 +02:00
Erik Krogh Kristensen
aef592fec8 make a more realistic test for self-parameter 2022-05-17 11:13:35 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Mathias Vorreiter Pedersen
0b0161f261 Merge pull request #737 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:21 +01:00
Tony Torralba
2b6d7bb3d8 Add support for InlineExpectationsTest to Kotlin 2022-05-17 10:55:00 +02:00
Tamás Vajk
3b07fe70a1 Merge pull request #9174 from tamasvajk/kotlin-fix-isUnspecialised 
Kotlin: Fix parent class lookup from field initializers in `isUnspecialised`
 2022-05-17 10:48:52 +02:00
Erik Krogh Kristensen
55ffdb4aa1 make most imports in ApiGraphModelsSpecific.qll private 2022-05-17 10:34:17 +02:00
Erik Krogh Kristensen
1f8e7c39f4 fix typo in comment 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-17 10:32:31 +02:00
Erik Krogh Kristensen
7abb7552a7 Merge pull request #9184 from erik-krogh/actionInjection 
JS: change @id from js/actions/injection to js/actions/command-injection
 2022-05-17 10:24:51 +02:00
Anders Schack-Mulligen
4f5ccfd76c Merge pull request #9181 from Marcono1234/marcono1234/FloatingPointLiteral-rename 
Java: Rename `FloatingPointLiteral` to `FloatLiteral`
 2022-05-17 10:08:49 +02:00
Tom Hvitved
f2e28c311a Merge pull request #9180 from hvitved/csharp/entity-framework-sql-sinks 
C#: Add missing EntityFramework SQL sinks
 2022-05-17 09:50:49 +02:00
Erik Krogh Kristensen
2550988006 change @id from js/actions/injection to js/actions/command-injection 2022-05-17 09:25:05 +02:00
Tamás Vajk
350d137b2e Merge pull request #9145 from tamasvajk/kotlin-useless-param 
Kotlin: Respect `override` modifier in useless parameter query
 2022-05-17 08:43:59 +02:00
Tamás Vajk
fcb3d78eae Merge pull request #9146 from tamasvajk/kotlin-inner-class-static 
Kotlin: exclude Kotlin source from 'inner class could be static' check
 2022-05-17 08:43:39 +02:00
Tamás Vajk
26553cefc5 Merge pull request #9149 from tamasvajk/kotlin-maybe-null 
Kotlin: Exclude operands of `NotNullExpr` from NullMaybe query
 2022-05-17 08:43:24 +02:00
Tamás Vajk
d8c22901c9 Merge pull request #9150 from tamasvajk/kotlin-MissingInstanceofInEquals 
Kotlin: Add more type check casts to MissingInstanceofInEquals query
 2022-05-17 08:43:06 +02:00
Marcono1234
4e1a73f4d9 Java: Rename FloatingPointLiteral to FloatLiteral 
"Floating point" refers to both `double` and `float`, and is also used by
the JLS in this way. Therefore the old CodeQL class name for `float` literals
was misleading.
 2022-05-16 22:06:04 +02:00
Tom Hvitved
15449b701f C#: Add missing EntityFramework SQL sinks 2022-05-16 20:57:40 +02:00
Arthur Baars
05dce09037 Ruby: update tree-sitter-ruby 2022-05-16 19:08:46 +02:00
ihsinme
1a375ec653 Update cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-16 19:55:33 +03:00
Geoffrey White
cf932eb21c C++: Repair typo fix from main. 2022-05-16 16:46:14 +01:00
Geoffrey White
7b1cd70300 Merge branch 'main' into xxe9 2022-05-16 16:45:24 +01:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Alex Ford
0cc0494586 codeql format 2022-05-16 15:54:31 +01:00