hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,679 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
2bd151ba9c Copyedit Java changelog 2022-11-17 16:54:33 +00:00
Chris Smowton
7c74350d5e Copyedit Java changelog 2022-11-17 16:51:21 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Arthur Baars
4e88b8453a Ruby: add flow summary for Enumerable#index_with 2022-11-17 16:22:32 +01:00
Owen Mansel-Chan
ac54da7d93 Merge pull request #11002 from owen-mc/dataflow/sync-go-libraries 
Update go libraries to 55e052a
 2022-11-17 15:22:31 +00:00
Owen Mansel-Chan
4073d77635 Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
ab15a19028 Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
166a3688f8 Use standard variable names for hasLocationInfo 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
1a65a27fde Update test expectations 
In https://github.com/github/codeql/pull/8641, `localFlowExit` was
changed to use `Stage2::readStepCand` instead of `read`, which means
that the big-step relation is broken up less. This causes test result
changes. Nothing is lost from the `select` clause, but some results may
have fewer paths, and fewer nodes and edges are output in the test
results.
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
71aeeee7c8 Accept trivial change to test output 
In the `subpaths` section, the last node is now printed without its type
if it is the sink of the path.

This comes from the commit "Dataflow: Bugfix: include subpaths ending at
a sink. " in https://github.com/github/codeql/pull/7526
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
f2e2c02db6 Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
1718ef88be Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
736435adda Go: Add stub expectsContent 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
50210a9d24 Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
83a3af2fff Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
10ed4ad3df Go: Split summaryThroughStep into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
1ee5d3e80e Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
e5829201e1 Go: Implement ContentSet 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
282699e5b5 Go: Refactor SummarizedCallable. 
Equivalent of https://github.com/github/codeql/pull/9210
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
c768f04e32 Go: Introduce generated flag as a part of the kind column for flow summaries 
Equivalent of https://github.com/github/codeql/pull/8628
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
dae60c9deb Update data flow libraries to 55e052af26 2022-11-17 14:27:02 +00:00
Taus
811426c586 Python: Remove manual magic entirely 
This was causing issues with imports with many "dots" in the name.

Previously, the test added in this commit would not have the desired
result for the `check` call.
 2022-11-17 14:15:55 +00:00
Tom Hvitved
9f13cdadcb C#: Add use-use stress test 2022-11-17 13:42:56 +01:00
Chris Smowton
254a5b0928 Merge pull request #11293 from smowton/smowton/admin/exclude-kotlin-metadata-annotation 
Java: Remove no-longer-needed expected diagnostics
 2022-11-17 11:50:21 +00:00
Tom Hvitved
bbcef98e06 Merge pull request #11317 from hvitved/cpp/update-autobuilder-nuget-packages 
C++: Update auto-builder nuget packages
 2022-11-17 12:38:26 +01:00
Tamás Vajk
d8b5a04f97 Merge pull request #11291 from tamasvajk/kotlin-confusing-overload 
Kotlin: Add test case for confusing overloading query
 2022-11-17 11:11:33 +01:00
Tamás Vajk
c92989ca04 Merge pull request #11289 from tamasvajk/kotlin-empty-block 
Kotlin: Exclude .kt files from empty block query
 2022-11-17 11:11:25 +01:00
Chris Smowton
659f86cecf Merge pull request #11310 from tamasvajk/kotlin-dead-code 
Kotlin: Exclude .kt files from dead code queries
 2022-11-17 10:10:51 +00:00
Chris Smowton
95fdea8b77 Merge pull request #11308 from tamasvajk/kotlin-non-serializable-field 
Kotlin: Exclude .kt files from non serializable field query
 2022-11-17 10:10:05 +00:00
Chris Smowton
11188304a7 Merge pull request #11306 from tamasvajk/kotlin-equals-missing 
Kotlin: Exclude .kt files from missing `instanceof` in `equals` query
 2022-11-17 10:09:35 +00:00
Tom Hvitved
780297152c C#: Downgrade Microsoft.Build nuget package 
17.4.0 does not officially support .NET 6 (it supports .NET 7), so downgrade
to avoid warnings.
 2022-11-17 11:00:25 +01:00
Tom Hvitved
5ab77600b8 C++: Update auto-builder nuget packages 2022-11-17 10:44:23 +01:00
Erik Krogh Kristensen
45d4318e0e Merge pull request #11272 from erik-krogh/clean-cache 
CI: clean up the cache when compiling on main
 2022-11-17 10:37:08 +01:00
Tom Hvitved
f24fa402f3 Adjust CFG 2022-11-17 10:32:28 +01:00
Erik Krogh Kristensen
ba894e21e8 Merge pull request #11146 from mbaluda-org/main 
JS: Improved Hapi support
 2022-11-17 10:22:48 +01:00
Mauro Baluda
a7dc29bad4 Merge branch 'main' into main 2022-11-16 23:53:16 +01:00
Mauro Baluda
49f476d3b4 Update javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-16 23:53:07 +01:00
Taus
8ed8161d5c Python: Fix tests for Python 2 
This should make it so that the `prints3` tag is skipped when running
then Python 2 Language tests.
 2022-11-16 22:20:08 +00:00
tiferet
4a1382925e Remove some imports that are no longer used 2022-11-16 14:01:16 -08:00
yoff
505f454878 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2022-11-16 22:20:19 +01:00
tiferet
ccbf1ca2a9 Add a comment 2022-11-16 13:05:06 -08:00
tiferet
38c40a7192 isEffectiveSink can't be final because ExtractMisclassifiedEndpointFeatures overrides it. 2022-11-16 12:12:50 -08:00
tiferet
8fee9cb0d5 Fix CodeQL warnings 2022-11-16 12:06:52 -08:00
Taus
81348049df Python: Fix missing module resolution 
This was due to bad manual magic: restricting the attribute name makes
sense when we're talking about submodules of a package, but it doesn't
when we're talking about reexported modules.

Also (hopefully) fixes the tests so that the Python 3-specific bits are
ignored under Python 2.
 2022-11-16 19:58:32 +00:00
tiferet
c2035e85d2 Be explicit in requiring that each ATM config set its endpoint type. 2022-11-16 11:55:23 -08:00
tiferet
0fd013f9fd Update the reason names in FilteredTruePositives.expected. 
This is needed because we changed the names of three endpoint filters that were all called "not a direct argument to a likely external library call or a heuristic sink" in order to disambiguate them (fc56c5a022).
 2022-11-16 11:54:10 -08:00
tiferet
eab270eb84 Move the definitions of isEffectiveSink and getAReasonSinkExcluded to the base class. 
They can now be implemented generically for all sink types.
 2022-11-16 11:47:24 -08:00
erik-krogh
de2ebe3618 QL: fix the same QLDoc being QLDoc for multiple things 2022-11-16 20:35:39 +01:00
Harry Maclean
a6f6936719 Merge pull request #11058 from hmac/actioncontroller-logger 
Ruby: Model various ActionController methods
 2022-11-17 08:21:00 +13:00
tiferet
fc56c5a022 Implement the type-specific endpoint filters as EndpointCharacteristics. 
Also disambiguate three filters from three different sink types that all have the same name, "not a direct argument to a likely external library call or a heuristic sink".
 2022-11-16 11:14:25 -08:00