hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,524 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.5
Commit Graph

42524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
f876ef91a3 Merge pull request #8900 from github/dependabot/github_actions/actions/labeler-4 
Bump actions/labeler from 2 to 4
 2022-04-27 15:12:52 +01:00
Henry Mercer
52475cd917 Merge pull request #8899 from github/dependabot/github_actions/actions/upload-artifact-3 
Bump actions/upload-artifact from 2 to 3
 2022-04-27 15:12:39 +01:00
Paolo Tranquilli
cde5ba7987 Merge pull request #8889 from redsun82/swift-codegen-unit-tests 
Swift: add unit tests to code generation
 2022-04-27 16:07:54 +02:00
Stephan Brandauer
4964f2df9a add flow step to rest parameters 2022-04-27 16:03:19 +02:00
Chris Smowton
db90bf9900 Move change note 2022-04-27 15:00:26 +01:00
Michael Nebel
52b59d0eed C#: Add auto generated comment to generated models as data files. 2022-04-27 15:40:23 +02:00
Mathias Vorreiter Pedersen
141e8fcd5b Swift: Sync schema. 2022-04-27 14:39:13 +01:00
Tony Torralba
51bb33ae65 Merge pull request #8876 from atorralba/atorralba/externalflow-import-private 
Java: Make all imports of ExternalFlow private
 2022-04-27 15:24:55 +02:00
dependabot[bot]
c71c6f6dbe Bump actions/stale from 3 to 5 
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:41 +00:00
dependabot[bot]
2c1ee564aa Bump actions/cache from 2 to 3 
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:37 +00:00
dependabot[bot]
70ba8e3a5c Bump actions/labeler from 2 to 4 
Bumps [actions/labeler](https://github.com/actions/labeler) from 2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:30 +00:00
dependabot[bot]
e1e68e96dc Bump actions/upload-artifact from 2 to 3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:28 +00:00
Henry Mercer
295c0fcbb5 Merge pull request #8896 from github/henrymercer/dependabot-actions-updates 
Enable Dependabot updates for Actions
 2022-04-27 14:16:46 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-27 13:06:02 +01:00
yoff
39753d5a0b Merge pull request #8693 from erik-krogh/pyApi 
PY: more API-graphs refactorings
 2022-04-27 13:19:50 +02:00
Taus
d3a05b8b7e Python: Fix bad join in MethodCallsiteRefinement 
Observed on `FreeCAD/FreeCAD`:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@274967ic after 34.5s:
638284     ~0%     {2} r1 = SCAN Essa::TEssaNodeRefinement#24e22a14#ffff OUTPUT In.0, In.3 'this'
636521     ~0%     {2} r2 = r1 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.1 'this')
1579493668 ~0%     {2} r3 = JOIN r2 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.2
266673     ~3%     {1} r4 = JOIN r3 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.0 'this'
                    return r4
```

After a bit of unbinding, we have:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@d73d8e27 after 66ms:
215168 ~1%     {2} r1 = SCAN Definitions::SsaSourceVariable#class#486534ab#f OUTPUT In.0, In.0
283965 ~2%     {2} r2 = JOIN r1 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1
401274 ~0%     {2} r3 = JOIN r2 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'this'
266671 ~2%     {1} r4 = JOIN r3 WITH Essa::TEssaNodeRefinement#24e22a14#ffff_03#join_rhs ON FIRST 2 OUTPUT Lhs.1 'this'
266671 ~2%     {1} r5 = r4 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.0 'this')
                return r5
```
(I'm somewhat confused about the slight difference in tuples, but it's
probably just because the compiler moved some stuff around.)
 2022-04-27 11:13:37 +00:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Henry Mercer
60ebf4d9b7 Enable Dependabot updates for Actions 
This will automatically create update PRs for workflow files referencing Actions that have since had a major update.
 2022-04-27 11:37:22 +01:00
yoff
9d774463f5 Merge pull request #8859 from tausbn/python-fix-bad-essa-joins 
Python: Fix a bunch of bad joins
 2022-04-27 12:27:50 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath 
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
 2022-04-27 11:27:43 +01:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00
Tom Hvitved
790d97714f Ruby: Replace Element with Element[any] 
To make it look more like `Argument` tokens.
 2022-04-27 11:53:25 +02:00
Tom Hvitved
d1c9d68e14 Ruby: Generalize ArrayElementContent to ElementContent 2022-04-27 11:53:21 +02:00
Tom Hvitved
597424809f Merge pull request #8893 from hvitved/ruby/simplify-fetch-summary 
Ruby: Simplify flow summary for `fetch`
 2022-04-27 11:47:11 +02:00
Paolo Tranquilli
0100c7171d Swift: testing non-trivial dataclass properties 2022-04-27 10:17:49 +02:00
Paolo Tranquilli
7f0476049f Swift: removed spurious mock import 2022-04-27 09:11:14 +02:00
Paolo Tranquilli
68231bfc27 Swift: bump python version to 3.8 in workflow 2022-04-27 08:55:27 +02:00
Tom Hvitved
3b7fe06858 Ruby: Simplify flow summary for fetch 2022-04-27 08:26:24 +02:00
Paolo Tranquilli
f171ce6341 Swift: add unit tests to code generation 
Tests can be run with
```
bazel test //swift/codegen:tests
```

Coverage can be checked installing `pytest-cov` and running
```
pytest --cov=swift/codegen swift/codegen/test
```
 2022-04-27 08:24:11 +02:00
Harry Maclean
992cc517a8 Ruby: Minor changes to InsecureDownload 2022-04-27 18:04:21 +12:00
Harry Maclean
f35379bf8c Ruby: Add change note for rb/insecure-download 2022-04-27 12:47:09 +12:00
Harry Maclean
a85811ad69 Remove unused field 2022-04-27 12:47:09 +12:00
Harry Maclean
6998608257 Ruby: Document missing test result 2022-04-27 12:47:09 +12:00
Harry Maclean
bb3fb0325b Ruby: Add InsecureDownload query 
This query finds cases where a potentially unsafe file is downloaded
over an unsecured connection.
 2022-04-27 12:47:09 +12:00
Harry Maclean
ce7675ef43 Ruby: Identify domain in Net::HTTP requests 2022-04-27 12:47:09 +12:00
Harry Maclean
bbc3043836 Add change note for rb/regex/missing-regexp-anchor 2022-04-27 10:12:33 +12:00
Harry Maclean
af2965c2a0 Explain anchors in MissingRegExpAnchor qlhelp 2022-04-27 10:12:33 +12:00
Harry Maclean
6f9dc5eb7e Ruby: Update import for file move 2022-04-27 10:12:33 +12:00
Harry Maclean
2feb4a48be Ruby: Add hasMisleadingAnchorPrecedence to MissingRegExpAnchor 2022-04-27 10:12:33 +12:00
Harry Maclean
3f8b27c0cd Ruby: Add RegExpNonWordBoundary to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
e3c3c00c68 Ruby: Add MissingRegExpAnchor query 2022-04-27 10:12:33 +12:00
Harry Maclean
debc57b417 Ruby: Add RegExpAnchor to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
d95f533d19 Ruby: Add getLastChild to RegExpParent 2022-04-27 10:12:33 +12:00
Nick Rolfe
2d05ea3519 Merge pull request #8885 from SukkaW/replace-git-io-link 2022-04-26 20:29:32 +01:00
Mathias Vorreiter Pedersen
800e4ea7df Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars 
C++: generate IR for global variables with initializers
 2022-04-26 18:17:13 +01:00
Geoffrey White
7ce040f331 Merge pull request #8736 from geoffw0/xxe 
C++: New query for CWE-611 / XML External Entity Expansion (XXE)
 2022-04-26 17:21:06 +01:00
Nick Rolfe
649d7dd022 Merge pull request #8607 from github/nickrolfe/incomplete_sanitization 
Ruby: port of `js/incomplete-sanitization`
 2022-04-26 17:10:24 +01:00
Geoffrey White
742949154b C++: Apply code style suggestion. 2022-04-26 16:53:24 +01:00
Taus
7d736952db Python: Update expected output 2022-04-26 15:49:40 +00:00