hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,816 Commits 1,689 Branches 160 Tags
codeql-cli/v2.12.4
Commit Graph

50816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bas van Schaik
8147d2048e Remove issue template for LGTM.com false positive reports 2022-11-11 10:36:26 +00:00
Mauro Baluda
25ac3499c2 Merge branch 'github:main' into main 2022-11-11 11:20:01 +01:00
Michael Nebel
ef50e57317 Merge pull request #11083 from michaelnebel/csharp/telemetry 
C#: Telemetry query updates.
 2022-11-11 10:57:54 +01:00
erik-krogh
887062d339 update cs/assembly-path-injection and cs/hardcoded-key to path-problems 2022-11-11 10:55:36 +01:00
erik-krogh
03a479fd60 use find in the format check to fix it 2022-11-11 10:50:42 +01:00
Rasmus Wriedt Larsen
ab42521906 Python: Port CallGraph-implicit-init tests 
to the new call-graph test setup. Nice that we can write `MISSING:` now!
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
b60504f404 Python: Delete CallGraph-xfail 
No longer needed since we're using an established testing framework now
 2022-11-11 10:34:28 +01:00
Rasmus Wriedt Larsen
6d9745e5c3 Python: Rewrite call-graph tests to be inline expectation (2/2) 
I ported the predicates showing difference between points-to and
type-tracking, since it's helpful to see the list of differences,
instead of having to parse expectations!
 2022-11-11 10:34:28 +01:00
Erik Krogh Kristensen
313f600432 Merge pull request #11214 from erik-krogh/oneFormatToRuleThemAll 
CI: remove langauge specific format checks
 2022-11-11 10:10:36 +01:00
ihsinme
0fb1dedbb2 Update DivideByZeroUsingReturnValue.ql 2022-11-11 11:38:48 +03:00
Jeroen Ketema
ba00a0f370 C++: Share parameter logic in std::string model 2022-11-11 08:48:11 +01:00
Jeroen Ketema
23e29e993b C++: Split std::string::insert off in a separate class 
The `insert` function has two different return types: `iterator` and
`basic_string&`.
 2022-11-11 08:48:01 +01:00
AlexDenisov
ecd8921dcd Merge pull request #11211 from github/redsun82/swift-drop-impossible-nodes 
Swift: fix printing of unextracted entities
 2022-11-11 08:06:54 +01:00
Harry Maclean
2b4217b8a4 Ruby: Update test fixture 2022-11-11 18:41:55 +13:00
Harry Maclean
b16cecc8db Ruby: Add missing doc 2022-11-11 18:41:42 +13:00
Harry Maclean
62ea1f0a05 Ruby: Fix performance of string comparison guard 
The `or` case ran extremely slowly before this change. Also exclude
string interpolations from consideration, for correctness, and add some
more tests.
 2022-11-11 18:24:20 +13:00
github-actions[bot]
dcebe930e7 Add changed framework coverage reports 2022-11-11 00:21:31 +00:00
Harry Maclean
e25e192ef3 Ruby: Change the CFG for while clauses 
The `when` node now acts as a join point for patterns in the when
clause, with match/no-match completions. This is similar to how `or`
expressions work.

The result of this is that the `when` clause "controls" the body of the
`when`, which allows us to model barrier guards for multi-pattern when
clauses.

For this code

case x
when 1, 2
  y
end

The old CFG was

x --> when --> 1 --no-match--> 2 ---no-match---> case
                \               \                  ^
                  \               \                |
                   \                --match----+   |
                     \                         |   |
                       \                       |   |
                         ------match---------> y --+

The new CFG is

x --> 1 --no-match--> 2 --no-match--> [no-match] when --no-match--> case
       \               \                                             ^
         \               \                                           |
           \               --match--> [match] when --match--> y -----+
             \                       /
               \                   /
                 -------match-----

i.e. all patterns flow to the `when` node, which is split based on
whether the pattern matched or not. The body of the when clause then has
a single predecessor `[match] when`, which acts as condition block that
controls `y`.
 2022-11-11 11:52:27 +13:00
Rasmus Lerchedahl Petersen
71335a1a97 python: update users of try 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
7d05ba38d5 python: convenience methods for handler types 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
e67515fae7 python: dataflow tests names in exception handlers 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
a7e394b2be python: SSA for names in except* 2022-11-10 22:20:28 +01:00
Rasmus Lerchedahl Petersen
30b58e7921 python: control flow node ExceptGroupStmt 
- wrap `getType` and `getName`, considering dominance
- do not implement all the handles predicates
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f9a962c03 python: wrap autogenerated ExceptGroupStmt_ 
also widen type of `Try::getHandler` to `Stmt`.
`ExceptStmt` is now too narrow,
as a handler can also be of type `ExceptGroupStmt`.
 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
24d22ccb6e python: regenerated AST 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
9f89325ca7 python: dummy stats for ExceptGroupStmt 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
1fd76f02fd python: db uprade and downgrade scripts 2022-11-10 22:20:27 +01:00
Rasmus Lerchedahl Petersen
856e48c414 python: new dbscheme 2022-11-10 22:20:27 +01:00
Rasmus Wriedt Larsen
88f703af1f DataFlow: Accept changes to .expected 2022-11-10 22:13:34 +01:00
Ian Lynagh
e00f87045e Java: Add up/downgrade scripts 2022-11-10 20:31:13 +00:00
Ian Lynagh
fac839f481 Java/Kotlin: Add a changenote for Compilation.getInfo 2022-11-10 20:29:04 +00:00
Ian Lynagh
a6b8f4b674 Java/Kotlin: Update stats 2022-11-10 20:29:04 +00:00
Ian Lynagh
2fb78565a7 Kotlin: Write version information to the database 2022-11-10 20:29:04 +00:00
Ian Lynagh
d0dfb4926b Kotlin/Java: Add compilation_info table 2022-11-10 20:29:04 +00:00
Rasmus Wriedt Larsen
4caaa3a396 Python: Rewrite call-graph tests to be inline expectation (1/2) 
This adds inline expectations, next commit will remove old annotations
code... but I thought it would be easier to review like this.
 2022-11-10 21:08:29 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
erik-krogh
866e92558c broaden the file pattern used in the format check to ensure js-ml is included 2022-11-10 17:57:45 +01:00
Paolo Tranquilli
f5b198b8b7 Swift: fix dangling test reference 2022-11-10 17:50:22 +01:00
erik-krogh
fbb2dcf7a8 remove langauge specific format checks 2022-11-10 17:47:14 +01:00
Paolo Tranquilli
88dc65cb3c Swift: extract or ignore last remaining types 2022-11-10 17:38:32 +01:00
Paolo Tranquilli
04d042308b Swift: fix QL compilation 2022-11-10 17:05:03 +01:00
Tom Hvitved
bda4b52395 Merge pull request #11206 from hvitved/ruby/self-toplevel-def 
Ruby: Fix SSA entry definitions for `self` in top-level
 2022-11-10 17:01:59 +01:00
Jeroen Ketema
f7c55a3258 Merge pull request #11202 from jketema/fix-accept-prototype 
C++: Fix the `accept` prototype in the dataflow taint tests
 2022-11-10 17:00:07 +01:00
Nick Rolfe
20f76e50c3 Ruby: actually call the isPublic() predicate I added 2022-11-10 15:53:04 +00:00
Geoffrey White
887d1893e7 Swift: Make ql-for-ql happy. 2022-11-10 15:51:02 +00:00
Paolo Tranquilli
458fb3a4a2 Swift: fix printing of unextracted entities 
This was still printing explicitly ignored classes.
 2022-11-10 16:49:32 +01:00
Paolo Tranquilli
30bbae3c22 Merge pull request #11209 from github/redsun82/swift-drop-impossible-nodes 
Swift: drop impossible nodes from schema
 2022-11-10 16:47:23 +01:00
Michael Nebel
2a26c8f340 Merge pull request #10628 from michaelnebel/java/typebasedmodels 
Java: Type based summary models.
 2022-11-10 16:34:52 +01:00
Geoffrey White
d97682991d Swift: Add Alamofire sink for cpp/cleartext-transmission. 2022-11-10 15:33:00 +00:00
Nick Rolfe
b91b3148a4 Ruby: add missing qldoc comments for SQL injection query 2022-11-10 15:26:42 +00:00