hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 159 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
3694ed5ed6 JS: Deduplicate union/intersection members 2023-04-25 11:27:40 +02:00
Asger F
cab76507e7 JS: Recognize type vars on anonymous function types 2023-04-25 11:27:40 +02:00
Asger F
ff67118097 JS: Add hanging test case 2023-04-25 11:27:40 +02:00
Alex Denisov
125aab8107 Swift: rework fetching and dispatching 
* visiting now happens in a later stage than fetching labels. While
  fetching a list of entities to be visited is created, and then acted
  upon in actual extraction. This partially flattens the recursive
  nature of `fetchLabel` into a loop inside `SwiftVisitor::extract`.
  Recursion in `fetchLabel` will only happen on labels fetched while
  naming an entity (calling into `SwiftMangler`).
* The choice whether to name a declaration or type has been moved from
  the translators to `SwiftMangler`. Acting on this choice is contained
  in `SwiftDispatcher::createLabel`.
* The choice whether to emit a body of a declaration has been moved from
  `DeclTranslator` to the dispatcher. This choice is also contained in
  `SwiftDispatcher::createLabel`.
* The simple functionality of the `LabelStore` has been moved to the
  `SwiftDispatcher` as well.
 2023-04-25 11:15:27 +02:00
Joe Farebrother
a9d34458de Merge pull request #12658 from joefarebrother/csharp-sensitive-data 
C#: Add local filesystem writes as External Location sinks
 2023-04-25 10:14:48 +01:00
Geoffrey White
0ebb06e185 Merge branch 'main' into flowsources 2023-04-25 10:08:15 +01:00
Geoffrey White
2c28fae7e3 Merge pull request #12836 from geoffw0/precision 
Swift: Downgrade swift/unsafe-js-eval to precision medium.
 2023-04-25 09:58:11 +01:00
Geoffrey White
b0b2d6e05f Swift: Upgrade two queries to @precision high. 2023-04-25 09:42:49 +01:00
AlexDenisov
fcbd211783 Merge pull request #12910 from github/redsun82/swift-hash-lazy-trap-names 
Swift: use hashing for lazy decl trap file names
 2023-04-25 09:54:46 +02:00
Anders Schack-Mulligen
934a455908 Apply suggestions from code review 
Update qldoc.
 2023-04-25 09:35:26 +02:00
Tom Hvitved
65835cdb92 Merge pull request #12907 from hvitved/ruby/destructured-assign-join 
Ruby: Fix bad join in `DestructuredAssignDesugar`
 2023-04-25 08:50:27 +02:00
Alexandre Boulgakov
c88f9bf818 Swift: Use absl::StrJoin to dump arguments for logging. 
This also removes the TODO about using `absl::StrJoin` to dump the environment because we can't easily get a range from a null-terminated `envp`. It also doesn't suffer from the usual awkwardness around inserting a separator *between* elements but not after the last one, so a for loop is clear enough.
 2023-04-24 22:34:14 +01:00
Alexandre Boulgakov
621761b289 Swift: Use absl::bit_width to calculate TRAP label size. 
It's not much cleaner due to arithmetic to convert truncating division to a ceiling, but has two advantages:
 1. It doesn't suffer from rounding issues with large TRAP labels. This is largely theoretical, but does let us handle `undefined` uniformly.
 2. It should be much faster (using LZCNT/BSR instead of floating point arithmetic). This is probably not a performance bottleneck, so *shrug*.
 2023-04-24 22:31:11 +01:00
Ed Minnix
3af72fa28e Remove legacy code from InlineFlowTest 2023-04-24 17:10:32 -04:00
Ed Minnix
59e59125d6 Refactor tests 2023-04-24 17:10:32 -04:00
Alexandre Boulgakov
36d34f199b Bazel: Add Abseil C++ dependency. 2023-04-24 21:59:57 +01:00
Henry Mercer
3d1da8a45d JS: Update message when the file is not located in the source root 2023-04-24 21:08:00 +01:00
Henry Mercer
927522c563 JS: Only populate diagnostic locations within the source root 2023-04-24 20:53:42 +01:00
Owen Mansel-Chan
b47c8e8c4c Merge pull request #12912 from owen-mc/go/fix-invalid-semver-version 
Go: Fix invalid SemVer version by adding "v" to the front
 2023-04-24 16:47:28 +01:00
Sam Browning
0a7e525c16 Update "code-scanning" suite name to "default" 2023-04-24 11:27:34 -04:00
Paolo Tranquilli
14706b42fa Swift: strip parameters from lazy function decl trap names 2023-04-24 17:04:41 +02:00
Joe Farebrother
0ebf529dc4 Add comment + use flowTo 2023-04-24 15:49:05 +01:00
Michael Nebel
8756c031e0 C#: Re-factor the InappropriateEncoding query to use the new API. 2023-04-24 16:06:07 +02:00
Owen Mansel-Chan
1afe845ed3 Add missing "v" to semver version string 
Because it was missing, that function always returned +1,
so we were doing the wrong thing when the Go version
installed was lower than 1.16.
 2023-04-24 14:31:46 +01:00
Tony Torralba
e3d93c3581 Fix FileCopyUtils models 2023-04-24 15:07:19 +02:00
Paolo Tranquilli
e84bdf5bed Swift: use hashing for lazy decl trap file names 
It turns out mangled names can sometimes be too long. While this code
will eventually be replaced by our own mangling, we need to use hashing
to cut down the names.

Module and decl names are preserved in the trap file names for
debuggability.
 2023-04-24 14:36:36 +02:00
Paolo Tranquilli
feb31612f5 Merge pull request #12908 from github/revert-12760-redsun82/swift-logging-compiler 
Revert "Swift: route compiler diagnostics through our log"
 2023-04-24 14:31:18 +02:00
Paolo Tranquilli
95ef7fb3f1 Revert "Swift: route compiler diagnostics through our log" 2023-04-24 13:57:24 +02:00
Tom Hvitved
71cd973b42 Ruby: Fix bad join in DestructuredAssignDesugar 
```
Evaluated relational algebra for predicate Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff@0c55fb0w on iteration 4 running pipeline order_500000 with tuple counts:
                 0   ~0%    {2} r1 = JOIN Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev_delta WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                 0   ~0%    {2} r2 = JOIN r1 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.0, Lhs.1

                 0   ~0%    {4} r3 = JOIN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1, false, Rhs.1, Lhs.0
                 0   ~0%    {2} r4 = JOIN r3 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 3 OUTPUT Lhs.3, Rhs.3

                 0   ~0%    {2} r5 = r2 UNION r4

            336618   ~3%    {1} r6 = SCAN Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev_delta OUTPUT In.0
            336618   ~0%    {2} r7 = JOIN r6 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0
                 0   ~0%    {2} r8 = JOIN r7 WITH Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1

                 0   ~0%    {3} r9 = SCAN Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev_delta OUTPUT false, In.1, In.0
                 0   ~0%    {3} r10 = JOIN r9 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev ON FIRST 2 OUTPUT Lhs.2, Rhs.2, Rhs.3
                 0   ~0%    {2} r11 = JOIN r10 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2

              2119   ~2%    {3} r12 = JOIN Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev_delta WITH const_false ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3
        2657005103   ~5%    {3} r13 = JOIN r12 WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#reorder_1_0#prev ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           1184200   ~0%    {2} r14 = JOIN r13 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2

           1184200   ~0%    {2} r15 = r11 UNION r14
           1184200   ~0%    {2} r16 = r8 UNION r15
           1184200   ~0%    {2} r17 = r5 UNION r16
           1184200   ~0%    {2} r18 = r17 AND NOT Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff#prev(Lhs.0, Lhs.1)
                            return r18
```
 2023-04-24 13:44:18 +02:00
Kasper Svendsen
361b15b2c7 Merge branch 'main' into kaspersv/prevent-python-join-order-regression 2023-04-24 13:35:07 +02:00
Kasper Svendsen
bfe5db20a3 Merge pull request #12891 from kaspersv/kaspersv/prevent-ruby-join-regression2 
Prevent Ruby join order regression
 2023-04-24 13:27:33 +02:00
Edward Minnix III
ba4d326768 Merge pull request #12902 from egregius313/egregius313/java/dataflow/refactor-integration-tests 
Java: Refactor Kotlin Integration tests to new DataFlow API
 2023-04-24 06:51:40 -04:00
Michael Nebel
8ade7247a1 Merge pull request #12885 from michaelnebel/mergepathgraph3 
Dataflow: Introduce param module for merging three path graphs.
 2023-04-24 12:49:28 +02:00
Rasmus Wriedt Larsen
bfbbb5277d Merge pull request #12888 from lcartey/mcafee-trojan-fp 
Update `SimpleXmlRpcServer.ql` to avoid incorrect detection as a trojan by Mcafee
 2023-04-24 11:17:52 +02:00
Erik Krogh Kristensen
b0efff0110 Merge pull request #12904 from github/dependabot/cargo/ql/tracing-subscriber-0.3.17 
Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql
 2023-04-24 11:05:36 +02:00
Erik Krogh Kristensen
b16444dd22 Merge pull request #12903 from github/dependabot/cargo/ql/regex-1.8.1 
Bump regex from 1.8.0 to 1.8.1 in /ql
 2023-04-24 11:05:13 +02:00
Geoffrey White
1f126b60ff Swift: Touch UnsafeWebViewFetch.qhelp. 2023-04-24 09:35:32 +01:00
dependabot[bot]
5e274c9664 Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.16...tracing-subscriber-0.3.17)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-24 04:12:25 +00:00
dependabot[bot]
a5e919b6cb Bump regex from 1.8.0 to 1.8.1 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/commits/1.8.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-24 04:12:06 +00:00
Ed Minnix
19e6a9a1d3 Fix version of PathGraph used 2023-04-21 19:08:56 -04:00
Ed Minnix
40aed29858 Refactor Java Integration tests to new API 2023-04-21 18:22:28 -04:00
Arthur Baars
b919547e31 Add change note 2023-04-21 17:42:02 +02:00
Arthur Baars
bc44b9e4fb Python: update stats for YAML tables 2023-04-21 17:42:02 +02:00
Arthur Baars
c4a7353583 Python: upgrade/downgrade scripts 2023-04-21 17:42:02 +02:00
Arthur Baars
f61565cab1 Python: add YAML library 2023-04-21 17:42:02 +02:00
Arthur Baars
9c25c150a3 Python: add YAML dbscheme fragment 2023-04-21 17:42:02 +02:00
Joe Farebrother
a4d7570788 Add more sources 2023-04-21 14:23:01 +01:00
Joe Farebrother
9881fdfe27 Convert sources to MaD 2023-04-21 14:19:17 +01:00
Erik Krogh Kristensen
4bf03e7962 Merge pull request #12897 from github/dependabot/cargo/ql/regex-1.8.0 
Bump regex from 1.7.3 to 1.8.0 in /ql
 2023-04-21 12:57:33 +02:00
Asger F
f3b14e13b2 Merge pull request #12841 from asgerf/rb/api-graph-class-nodes 
Ruby: add API node representing a module/class object
 2023-04-21 10:59:51 +02:00