hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
86e5e4c4bc Accept test changes 2022-10-06 12:40:04 +01:00
Chris Smowton
020f29a1ab Add visibility tests 2022-10-06 12:40:03 +01:00
Chris Smowton
764c139e3e Visibility consistency query: allow $default methods to have package-private (default) visibility 2022-10-06 12:40:03 +01:00
Chris Smowton
34b83f01d0 Fix naming of internal default methods 2022-10-06 12:40:03 +01:00
Chris Smowton
5e182755a5 Fix generated $default method visibilities 2022-10-06 12:40:03 +01:00
Chris Smowton
bec948682d Fix calls to static methods defined in association with local functions 
These are a bit weird since they involve static calls to unnamed synthetic class members, but while unwriteable as Java they ought to work as a database description.
 2022-10-06 12:40:03 +01:00
Chris Smowton
b79d273de4 When calling a $default method, ensure the real method gets extracted 2022-10-06 12:40:02 +01:00
Chris Smowton
3452dcbced Fix class type parameter erasure within $default methods 2022-10-06 12:40:02 +01:00
Chris Smowton
be655432d6 Use new terse extraction functions where applicable 2022-10-06 12:40:02 +01:00
Chris Smowton
03c895853b Clarify test and accept test changes 2022-10-06 12:40:02 +01:00
Chris Smowton
6119670be8 Suppress use of function type parameters in the context of building a $defaults method 
These methods have erased signatures and no type parameters, so anything that refers to one must itself be erased. For signatures this would be easy, but for potentially deep default expressions these types can occur in various places and need erasing at each occurence.
 2022-10-06 12:40:02 +01:00
Chris Smowton
720cf5682b Exclude enum constructor invocations from defaults handling 
These seem to provide null arguments even though the constructor doesn't provide defaults, presumably for completion by a later compiler phase.
 2022-10-06 12:40:01 +01:00
Chris Smowton
6cc74da004 Defaults function extraction: respect the extract-type-accesses flag 2022-10-06 12:39:57 +01:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
erik-krogh
169965cfb9 make rb/meta/taint-steps into a @kind problem query 2022-10-06 13:28:10 +02:00
gregxsunday
9960d11042 added RequestBody source to Beego framework 2022-10-06 13:23:56 +02:00
Geoffrey White
c6b7bb436d C++: Make the ql-for-ql checks happy. 2022-10-06 11:25:22 +01:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Mathias Vorreiter Pedersen
a856bc8678 Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one 
C++: prototype for off-by-one in array-typed field
 2022-10-06 11:04:12 +01:00
Tom Hvitved
48bdf13c89 Ruby: Take overrides into account for singleton methods defined on modules 2022-10-06 11:56:26 +02:00
Mathias Vorreiter Pedersen
0065a5af96 Swift: Accept path-explanation test changes. 2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a Swift: Add an example with flow through a callback function. 2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
197f036797 Swift: Support local MaD steps in both dataflow and taintflow. 2022-10-06 10:30:04 +01:00
Mathias Vorreiter Pedersen
9d069b32b0 Swift: Create ArgumentNodes and OutNodes for MaD. 2022-10-06 10:29:59 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea Swift: Create explicit parameter nodes for source parameters and MaD parameters. 2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
bba70a70fb Swift: Support selecting fields in Swift MaD. 2022-10-06 10:29:45 +01:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
Mathias Vorreiter Pedersen
32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Tom Hvitved
7608276397 Ruby: Add more call graph tests 2022-10-06 10:38:02 +02:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
erik-krogh
db056aae1b add some more meta queries for Ruby evaluations 2022-10-06 10:14:28 +02:00
Geoffrey White
86756538f2 C++: Change note. 2022-10-06 09:14:25 +01:00
Geoffrey White
3f78a244b9 C++: Make the tests use more repetitions. 2022-10-06 09:14:24 +01:00
Geoffrey White
9a365d83cf C++: Tighten up the heuristic in cpp/unterminated-variadic-call. 2022-10-06 09:14:16 +01:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Tamas Vajk
0bbc7adca0 Accept test changes 2022-10-06 08:45:57 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more 
Ruby: more type-tracking steps
 2022-10-05 19:16:56 +02:00
Alex Ford
a28d7b64ea Merge branch 'main' into rb/sensitive-get-query 2022-10-05 15:59:02 +01:00
Alex Ford
fa58c51810 Ruby: switch rb/sensitive-get-query back to using local flow 2022-10-05 15:58:05 +01:00
Tamas Vajk
46fb9865ac Add lateinit test to print the extracted AST 2022-10-05 16:09:00 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c Kotlin: Extract lateinit modifier 2022-10-05 15:25:49 +02:00
Tamas Vajk
61a05c2b6c Kotlin: add lateinit declarations to modifiers test 2022-10-05 15:25:15 +02:00
Asger F
decd4c93c7 Ruby: update type tracking test 2022-10-05 15:15:52 +02:00
Asger F
c9c36985b2 Ruby: address review comments 2022-10-05 14:59:37 +02:00
Nora Dimitrijević
29df69742c Swift: Docs review response: consistent naming 2022-10-05 14:42:11 +02:00
Alex Ford
71670a4f75 Ruby: add RequestInputAccess#getKind predicate 2022-10-05 13:38:31 +01:00