hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
4a6bceccf5 Merge pull request #7017 from github/nickrolfe/extractor_options 
Ruby: expose TRAP compression option
 2023-03-10 21:46:53 +13:00
Anders Schack-Mulligen
3640b6d3a8 Shared: Autoformat 2023-03-10 09:41:20 +01:00
Anders Schack-Mulligen
711d7057f7 Swift: Autoformat 2023-03-10 09:41:20 +01:00
Anders Schack-Mulligen
08c658e66b Go: Autoformat 2023-03-10 09:41:20 +01:00
Anders Schack-Mulligen
a5d229903d Ruby: Autoformat 2023-03-10 09:41:20 +01:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
Anders Schack-Mulligen
21d5fa836b Python: Autoformat 2023-03-10 09:41:17 +01:00
Anders Schack-Mulligen
ef97e539ec C/C++: Autoformat 2023-03-10 09:39:41 +01:00
Anders Schack-Mulligen
5ad7ed49dd C#: Autoformat 2023-03-10 09:39:41 +01:00
Anders Schack-Mulligen
730eae9521 Java: Autoformat 2023-03-10 09:39:41 +01:00
Harry Maclean
9cf2acface Ruby: Make trap option title consistent with C# 2023-03-10 21:11:58 +13:00
Harry Maclean
cf64e0e85f Ruby: trap_compression -> trap.compression 
Change the trap_compression extractor option to be an object `trap` with
a nested option `compression`. This means that on the command line you
would supply the option as follows:

    codeql database create --extractor-option trap.compression=gzip

This is a little less jarring than the previous design, which would use
underscores amonst the hyphens:

    codeql database create --extractor-option trap_compression=gzip
 2023-03-10 19:18:49 +13:00
Nick Rolfe
7649772935 Expose TRAP compression option via the new extractor options feature. 2023-03-10 19:09:51 +13:00
Arthur Baars
348165205c Merge pull request #12442 from aibaars/diagnostics-tests 
Ruby: add some integration tests for diagnostic messages
 2023-03-09 21:58:42 +01:00
Henry Mercer
a816b813d1 Merge pull request #12470 from github/codeql-ci/atm/release-0.4.9 
JS: Bump version numbers of ML-powered packs after 0.4.9 release
 2023-03-09 18:40:31 +00:00
Mathias Vorreiter Pedersen
d25a312557 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-09 18:38:00 +00:00
Mathias Vorreiter Pedersen
d89b8ba446 Merge pull request #12469 from MathiasVP/speedup-CleartextSqliteDatabase 
C++: Restrict sinks in `cpp/cleartext-storage-database`
 2023-03-09 18:33:51 +00:00
Michael B. Gale
d627358f7e Merge pull request #12453 from github/mbg/csharp/fix-env-prop 2023-03-09 17:55:48 +00:00
Henry Mercer
079451142e Merge branch 'main' into codeql-ci/atm/release-0.4.9 2023-03-09 16:08:22 +00:00
Jeroen Ketema
67a07e98a2 Merge pull request #12339 from jketema/new-docs 
C++: Add copy of dataflow docs for new use-use dataflow library
 2023-03-09 16:56:43 +01:00
yoff
b3fa844322 Merge pull request #12461 from yoff/python/add-api-test-captured 
python: add test documenting effect of scopes
 2023-03-09 16:55:27 +01:00
github-actions[bot]
a82aaea514 JS: Bump version of ML-powered library and query packs to 0.4.10 2023-03-09 15:54:49 +00:00
Jeroen Ketema
13483be5ed Merge pull request #12465 from jketema/get-a-use-2 
C++: Use `getAUse` in `getIRRepresentationOfIndirectOperand`
 2023-03-09 16:54:32 +01:00
Owen Mansel-Chan
250a0a71e1 Merge pull request #12466 from owen-mc/update-go-diagnostics 
The source name of a diagnostic should not change
 2023-03-09 15:51:32 +00:00
Edward Minnix III
3ee14f914b Merge pull request #50 from egregius313/egregius313/refactor-apk-query-using-dataflow-modules 
Convert dataflow configurations in Arbitrary APK Installation query to use new module-configuration
 2023-03-09 10:50:02 -05:00
github-actions[bot]
f0bb25bfce JS: Bump patch version of ML-powered library and query packs 2023-03-09 15:46:31 +00:00
Edward Minnix III
e8f1f364c5 Refactor to module api for PathNodes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-09 10:45:55 -05:00
Ed Minnix
cb53ff70a6 Remove unused imports 2023-03-09 10:44:59 -05:00
Mathias Vorreiter Pedersen
84a61d1e02 C++: No need for 'matches'. 2023-03-09 15:36:26 +00:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Arthur Baars
eadc605c0e Merge pull request #12460 from github/dependabot/cargo/ql/serde-1.0.154 
Bump serde from 1.0.152 to 1.0.154 in /ql
 2023-03-09 16:25:18 +01:00
Jeroen Ketema
a40a578576 Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst 2023-03-09 16:24:13 +01:00
Mathias Vorreiter Pedersen
2931e5dea8 C++: Reduce duplication by blocking flow into sources (since we'll already be considering flow starting at those sources) and out of sinks (since we'll already be alerting on this sink if it's relevant). 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
03ba7ea851 C++: Move the weird global property 'not sqlite_encryption_used()' from the sink definition to the source definition. The dataflow library starts tracking flow from the sources, so it's better to to rule out the entire database in the source definition than in the sink definition. 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
7819a7d2bc C++: Severely restrict the set of sinks in 'cpp/cleartext-storage-database'. This reduces the number of sinks considered on the 'sysown/proxysql' from > 62000 sinks to ~1000 sinks. 2023-03-09 14:59:13 +00:00
Alex Ford
5ef71f9d28 Merge pull request #12306 from alexrford/rb/more-expr-nodes 
Ruby: ensure that all Ast `Expr`s have a dataflow node type more precise than `ExprNode`
 2023-03-09 14:54:34 +00:00
Rasmus Wriedt Larsen
293f791611 Python: Remove solved consistency work-around 
This has not been needed for some time now, but hadn't been removed
before now.
 2023-03-09 15:45:20 +01:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Jeroen Ketema
de97ae38dc C++: C++: Use getAUse in getIRRepresentationOfIndirectOperand 2023-03-09 15:15:00 +01:00
Rasmus Wriedt Larsen
38fe9b71b9 Ruby: Use new parameter position for synthetic hash-splat instead 
We wanted to ensure that a callable did not have multiple parameters
with same parameter position. Originally we fixed this with
e0bd210797. This commit reverts that and
solves it by introducing a new parameter position instead.
 2023-03-09 15:05:07 +01:00
Owen Mansel-Chan
f87b307ddb The source name of a diagnostic should not change 2023-03-09 14:00:52 +00:00
Rasmus Wriedt Larsen
bdda0f574b Python: Use new parameter position for synthetic **kwargs instead 
We wanted to ensure that a callable did not have multiple parameters
with same parameter position. Originally we fixed this with
02b3a1b515 (like Ruby). This commit
reverts that and solves it by introducing a new parameter position
instead.
 2023-03-09 15:00:20 +01:00
Jeroen Ketema
30ad113d4c Merge pull request #12454 from jketema/get-a-use 
C++: Use `getAUse` in `getIRRepresentationOfOperand`
 2023-03-09 14:14:23 +01:00
dependabot[bot]
dd3e357ad3 Bump serde from 1.0.152 to 1.0.154 in /ql 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.152 to 1.0.154.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.152...v1.0.154)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-09 12:30:57 +00:00
dependabot[bot]
a731a82a10 Merge pull request #12459 from github/dependabot/cargo/ruby/serde-1.0.154 2023-03-09 12:28:57 +00:00
Arthur Baars
c98e0fa0b4 Ruby: fix comment 2023-03-09 13:14:57 +01:00
Arthur Baars
8096f86224 Ruby: lower severity of parse error to warning 2023-03-09 13:14:57 +01:00
Arthur Baars
942cd7c275 Merge pull request #12113 from erik-krogh/diagnostics 
JS: Implement diagnostics
 2023-03-09 12:57:06 +01:00
Mathias Vorreiter Pedersen
2bbeb7383f Merge pull request #12452 from MathiasVP/inline-this-could-access-member 
C++: Inline `thisCouldAccessMember`
 2023-03-09 11:38:50 +00:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00