hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
d6f8342431 Kotlin: Write the log file as Line-delimited JSON 2022-05-20 12:07:35 +01:00
Ian Lynagh
b5ad6f9c04 Kotlin: Add a LogMessage class 2022-05-20 12:07:35 +01:00
Ian Lynagh
d900c3d994 Merge pull request #9221 from smowton/smowton/admin/handle-missing-kotlinc-gracefully 
Kotlin: Handle missing kotlinc gracefully
 2022-05-20 12:06:06 +01:00
Erik Krogh Kristensen
204e01fc24 change getNumArgument to only count positional arguments 2022-05-20 12:43:06 +02:00
Ian Lynagh
d2cb1aa89c Merge pull request #9218 from igfoo/igfoo/geninst 
Kotlin: Avoid "generic specialisation" label collisions
 2022-05-20 11:42:22 +01:00
Ian Lynagh
9844ae703e Merge pull request #9219 from igfoo/igfoo/livelits 
Improve LiveLiterals
 2022-05-20 11:42:16 +01:00
Anders Schack-Mulligen
8beef45599 Merge pull request #9195 from aschackmull/java/perf-local-flow 
Java: Performance fixes for local flow relation
 2022-05-20 12:38:02 +02:00
Tony Torralba
775b53b7b4 Fix test to correctly highlight lack of flow from field init 2022-05-20 12:36:10 +02:00
Paolo Tranquilli
09967bfd42 Swift: add comment about CRTP 2022-05-20 12:35:58 +02:00
Paolo Tranquilli
f5b2c31a3c Swift: rename DispatcherWrapper to VisitorBase 2022-05-20 12:25:45 +02:00
Paolo Tranquilli
da00bf99a1 Swift: move TBD code to ql 
This allows to avoid bypassing label type correcness in the extractor,
and allows to independently resolve TBD extractions, as with this
approach TBD nodes do have the correctly typed trap label. The TBD
status is now a predicate on the QL side.

This requires:
* a default visit using the correct type, which is achieved via macro
  metaprogramming in `VisitorBase.h`, following the way
  `swift::ASTVisitor` is programmed
* a mapping from labels to corresponding binding trap entries. The
  functor is defined in `TrapTagTraits.h` and instantiated in generated
  `TrapEntries.h`
* Binding trap entries for TBD unknown entities must not have any other
  field than the `id` (after all, we are supposed to not extract them
  yet). This is why all unextracted fields in `schema.yml` have been
  commented out, and will be uncommentend when visitors are added
 2022-05-20 09:52:27 +02:00
Michael Nebel
20af134ff0 Merge pull request #9210 from michaelnebel/dataflow/summarizedcallablerefactor 
DataFlow - SummarizedCallable refactor
 2022-05-20 09:32:30 +02:00
Tamás Vajk
3407b0f055 Merge pull request #9152 from tamasvajk/kotlin-fix-parcelize-reflection-1 
Kotlin: Fix extraction of reflective call generated by Parcelize
 2022-05-20 09:06:21 +02:00
Chris Smowton
d9f65fe34f Handle missing kotlinc gracefully 2022-05-19 21:54:18 +01:00
Chris Smowton
e80254b0a6 Fix generated implementation of an inherited single abstract method 
For example, UnaryOperator<T> extends Function<T, T> without overriding / defining its own `apply` method.
 2022-05-19 20:57:54 +01:00
Erik Krogh Kristensen
a5b11e88b4 update doc to make it clear that moduleImport(..) does not refer to PyPI names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 20:00:43 +02:00
Ian Lynagh
f918b2e763 Merge pull request #9217 from igfoo/igfoo/tweak_logging 
Kotlin: Tweak logging
 2022-05-19 18:31:40 +01:00
Tony Torralba
5498f41248 Apply code review suggestion to increase precision in getValue 2022-05-19 17:35:34 +01:00
Tony Torralba
bc84ff2031 Improve docs of LiveLiteral 
Also remove transitive closure from calls
 2022-05-19 17:35:27 +01:00
Ian Lynagh
e153f30c01 Kotlin: Avoid "generic specialisation" label collisions 
We had a global set of labels for generic specialisations that we'd
extracted, but these labels could contain references to other labels,
and thus you can get false collisions between labels for different TRAP
files. We now only keep the set for a single TRAP file, and live with
the extra TRAP duplication that we get from that.
 2022-05-19 17:29:41 +01:00
Ian Lynagh
9e3cde001a Kotlin: Tweak logging 
Makes it easier to filter out the peak memory info
 2022-05-19 16:59:52 +01:00
Chris Smowton
01aaa6ccbf Merge pull request #9123 from smowton/smowton/fix/type-variable-in-scope-consistency 
Kotlin: fix cases where type variables were used out of scope
 2022-05-19 16:57:41 +01:00
Alex Ford
6b7abef405 Ruby: remove unnecessary CryptographicOperation#isWeak override 2022-05-19 16:01:34 +01:00
Alex Ford
8b7bb7c358 Ruby: add missing qldoc 2022-05-19 15:55:48 +01:00
Alex Ford
fb53fc5373 Javascript: add missing import in ConceptsImports.qll 2022-05-19 15:51:25 +01:00
Alex Ford
d3662cf54a Deprecate CryptographicOperation#isWeak and add a default implementation 2022-05-19 15:46:13 +01:00
Alex Ford
3d66905dc6 Share the CryptographicOperation and BlockMode concepts between dynamic langs 2022-05-19 15:46:03 +01:00
Rasmus Wriedt Larsen
5d6fbcec64 Ruby: Autoformat 2022-05-19 16:30:12 +02:00
Rasmus Wriedt Larsen
e810ba4ef6 Ruby: Expand flowToAnyArg test 2022-05-19 16:27:04 +02:00
Tom Hvitved
3ebd4af24e C#: Fix another test 2022-05-19 16:23:31 +02:00
Alex Ford
f8576fb05b Python: avoid missing cryptography uses due to unhandled encryption modes 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 15:22:49 +01:00
Chris Smowton
c9232c075c Autoformat 2022-05-19 15:18:10 +01:00
Rasmus Wriedt Larsen
0879b6ae12 Ruby: Fix Argument[any,any-named] handling for path component in MaD 2022-05-19 15:51:30 +02:00
Rasmus Wriedt Larsen
7784b9f879 Ruby: WIP: Make Argument[any] and any-named work 
It's not fully working I think the problem is that the code below ties
up `Argument[x]` with parameter positions, and `Parameter[x]` with
argument positions. This flip might be correct for flow-summaries, but
it does NOT seem to be correct for the `path` component  in MaD.

Specifically, quick-eval for ParameterPosition does NOT include `keyword key` while
quick-eval for ArgumentPosition DOES include `keyword key`!

For the test `Foo.sinkAnyNamedArg(key: tainted) # $ MISSING: hasValueFlow=tainted`

c8be8d30b3/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll (L130-L133)
 2022-05-19 15:51:25 +02:00
Stephan Brandauer
67697e1066 update meta information and release note for typescript 4.7 upgrade 2022-05-19 15:45:27 +02:00
Stephan Brandauer
0f3448dc24 update tests for typescript 4.7 2022-05-19 15:45:19 +02:00
Rasmus Wriedt Larsen
df83a51e1e Ruby: Add anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb6e5c24fc Ruby: Prepare for anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
a7f627af0c Ruby: Add test for Argument[any] and any-named 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb5ad8b775 Ruby: Don't include Argument[self] in Argument[any] 
For flow-sumamries
 2022-05-19 15:42:41 +02:00
Tom Hvitved
909ad2a61a Address review comment 2022-05-19 15:37:18 +02:00
Alex Ford
9e483ac4e0 Fix change note formatting 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 14:25:44 +01:00
Tom Hvitved
f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Tom Hvitved
a18aef23f9 Data flow: Do not discard call context when computing reverse lambda flow through jumps 2022-05-19 15:19:41 +02:00
Tom Hvitved
ea703bc49a Ruby: Add test that illustrates false negative lambda flow 2022-05-19 15:19:34 +02:00
Ian Lynagh
d18e03cf9a Merge pull request #9212 from igfoo/igfoo/kotlin_mem 
Kotlin: Log peak memory usge before and after extractor
 2022-05-19 14:01:07 +01:00
Ian Lynagh
e319ab1b70 Kotlin: Format a query 2022-05-19 13:56:04 +01:00
Chris Smowton
1039e29b90 Adjust test result 2022-05-19 13:42:28 +01:00
Michael Nebel
575b8376f3 C#: Update Flow summaries QL test code based on refactor. 2022-05-19 14:41:24 +02:00
Chris Smowton
4f08981586 Expand warning message to note that there are known Java extractor bugs relating to this query 2022-05-19 13:37:18 +01:00