hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 08:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,687 Branches 159 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexandre Boulgakov
36d34f199b Bazel: Add Abseil C++ dependency. 2023-04-24 21:59:57 +01:00
Henry Mercer
3d1da8a45d JS: Update message when the file is not located in the source root 2023-04-24 21:08:00 +01:00
Henry Mercer
927522c563 JS: Only populate diagnostic locations within the source root 2023-04-24 20:53:42 +01:00
Owen Mansel-Chan
b47c8e8c4c Merge pull request #12912 from owen-mc/go/fix-invalid-semver-version 
Go: Fix invalid SemVer version by adding "v" to the front
 2023-04-24 16:47:28 +01:00
Sam Browning
0a7e525c16 Update "code-scanning" suite name to "default" 2023-04-24 11:27:34 -04:00
Paolo Tranquilli
14706b42fa Swift: strip parameters from lazy function decl trap names 2023-04-24 17:04:41 +02:00
Joe Farebrother
0ebf529dc4 Add comment + use flowTo 2023-04-24 15:49:05 +01:00
Michael Nebel
8756c031e0 C#: Re-factor the InappropriateEncoding query to use the new API. 2023-04-24 16:06:07 +02:00
Owen Mansel-Chan
1afe845ed3 Add missing "v" to semver version string 
Because it was missing, that function always returned +1,
so we were doing the wrong thing when the Go version
installed was lower than 1.16.
 2023-04-24 14:31:46 +01:00
Geoffrey White
5f0d334b8d Swift: Add basic-query-for-swift-code.rst. 2023-04-24 14:18:23 +01:00
Tony Torralba
e3d93c3581 Fix FileCopyUtils models 2023-04-24 15:07:19 +02:00
Paolo Tranquilli
e84bdf5bed Swift: use hashing for lazy decl trap file names 
It turns out mangled names can sometimes be too long. While this code
will eventually be replaced by our own mangling, we need to use hashing
to cut down the names.

Module and decl names are preserved in the trap file names for
debuggability.
 2023-04-24 14:36:36 +02:00
Paolo Tranquilli
feb31612f5 Merge pull request #12908 from github/revert-12760-redsun82/swift-logging-compiler 
Revert "Swift: route compiler diagnostics through our log"
 2023-04-24 14:31:18 +02:00
Paolo Tranquilli
95ef7fb3f1 Revert "Swift: route compiler diagnostics through our log" 2023-04-24 13:57:24 +02:00
Tom Hvitved
71cd973b42 Ruby: Fix bad join in DestructuredAssignDesugar 
```
Evaluated relational algebra for predicate Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff@0c55fb0w on iteration 4 running pipeline order_500000 with tuple counts:
                 0   ~0%    {2} r1 = JOIN Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev_delta WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                 0   ~0%    {2} r2 = JOIN r1 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.0, Lhs.1

                 0   ~0%    {4} r3 = JOIN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1, false, Rhs.1, Lhs.0
                 0   ~0%    {2} r4 = JOIN r3 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 3 OUTPUT Lhs.3, Rhs.3

                 0   ~0%    {2} r5 = r2 UNION r4

            336618   ~3%    {1} r6 = SCAN Constant#c70e4e0a::ScopeResolutionConstantAccess::getScopeExpr#0#dispred#ff#prev_delta OUTPUT In.0
            336618   ~0%    {2} r7 = JOIN r6 WITH Constant#c70e4e0a::ScopeResolutionConstantAccess::getName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0
                 0   ~0%    {2} r8 = JOIN r7 WITH Synthesis#d9ff06b1::ConstantWriteAccessKind#ff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1

                 0   ~0%    {3} r9 = SCAN Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#prev_delta OUTPUT false, In.1, In.0
                 0   ~0%    {3} r10 = JOIN r9 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev ON FIRST 2 OUTPUT Lhs.2, Rhs.2, Rhs.3
                 0   ~0%    {2} r11 = JOIN r10 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2

              2119   ~2%    {3} r12 = JOIN Synthesis#d9ff06b1::MethodCallKind#ffff#reorder_1_2_0_3#prev_delta WITH const_false ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3
        2657005103   ~5%    {3} r13 = JOIN r12 WITH Call#841c84e8::Call::getNumberOfArguments#0#dispred#ff#reorder_1_0#prev ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           1184200   ~0%    {2} r14 = JOIN r13 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev ON FIRST 2 OUTPUT Lhs.0, Lhs.2

           1184200   ~0%    {2} r15 = r11 UNION r14
           1184200   ~0%    {2} r16 = r8 UNION r15
           1184200   ~0%    {2} r17 = r5 UNION r16
           1184200   ~0%    {2} r18 = r17 AND NOT Synthesis#d9ff06b1::DestructuredAssignDesugar::LhsWithReceiver::getSynthKind#0#dispred#ff#prev(Lhs.0, Lhs.1)
                            return r18
```
 2023-04-24 13:44:18 +02:00
Kasper Svendsen
361b15b2c7 Merge branch 'main' into kaspersv/prevent-python-join-order-regression 2023-04-24 13:35:07 +02:00
Kasper Svendsen
bfe5db20a3 Merge pull request #12891 from kaspersv/kaspersv/prevent-ruby-join-regression2 
Prevent Ruby join order regression
 2023-04-24 13:27:33 +02:00
Edward Minnix III
ba4d326768 Merge pull request #12902 from egregius313/egregius313/java/dataflow/refactor-integration-tests 
Java: Refactor Kotlin Integration tests to new DataFlow API
 2023-04-24 06:51:40 -04:00
Michael Nebel
8ade7247a1 Merge pull request #12885 from michaelnebel/mergepathgraph3 
Dataflow: Introduce param module for merging three path graphs.
 2023-04-24 12:49:28 +02:00
Rasmus Wriedt Larsen
7453533ba4 Python: Expand setdefault tests 2023-04-24 12:29:58 +02:00
Rasmus Wriedt Larsen
7fa84a3613 Python: Only test UnsafeUnpacking with Python 3 
Apparently the fixup of .expected in the latest commit was only required
when extracting as Python 3, but not as Python 2... I honestly don't
understand why.
 2023-04-24 12:29:58 +02:00
Rasmus Lerchedahl Petersen
a25c7f7549 Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking 2023-04-24 11:50:32 +02:00
Rasmus Wriedt Larsen
bfbbb5277d Merge pull request #12888 from lcartey/mcafee-trojan-fp 
Update `SimpleXmlRpcServer.ql` to avoid incorrect detection as a trojan by Mcafee
 2023-04-24 11:17:52 +02:00
Erik Krogh Kristensen
b0efff0110 Merge pull request #12904 from github/dependabot/cargo/ql/tracing-subscriber-0.3.17 
Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql
 2023-04-24 11:05:36 +02:00
Erik Krogh Kristensen
b16444dd22 Merge pull request #12903 from github/dependabot/cargo/ql/regex-1.8.1 
Bump regex from 1.8.0 to 1.8.1 in /ql
 2023-04-24 11:05:13 +02:00
Geoffrey White
1f126b60ff Swift: Touch UnsafeWebViewFetch.qhelp. 2023-04-24 09:35:32 +01:00
Alex Ford
edf48f4839 Ruby: add sqlite3 to Frameworks.qll 2023-04-24 09:11:14 +01:00
Paolo Tranquilli
1ed5f6ac96 Swift: flush log files on log flushing 2023-04-24 10:08:37 +02:00
Paolo Tranquilli
f9a52f894e Merge branch 'main' into redsun82/swift-logging-assertions-and-prints 2023-04-24 09:58:19 +02:00
Paolo Tranquilli
c04ac9c04e Swift: demote wrong assertion 2023-04-24 09:57:51 +02:00
dependabot[bot]
5e274c9664 Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.16 to 0.3.17.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.16...tracing-subscriber-0.3.17)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-24 04:12:25 +00:00
dependabot[bot]
a5e919b6cb Bump regex from 1.8.0 to 1.8.1 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/commits/1.8.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-24 04:12:06 +00:00
Harry Maclean
9ea0b19ead Replace deprecated extension in devcontainer 2023-04-23 06:05:25 +00:00
Harry Maclean
3f6087e179 Shared: formatting 2023-04-23 06:04:55 +00:00
Harry Maclean
690c243987 Shared: add CI check for shared extractor 2023-04-23 05:50:22 +00:00
Harry Maclean
9005684b10 Shared: Add integration test for shared extractor 
This is a very basic test but provides some confidence that the extractor is
working.
 2023-04-23 05:29:22 +00:00
Ed Minnix
19e6a9a1d3 Fix version of PathGraph used 2023-04-21 19:08:56 -04:00
Ed Minnix
40aed29858 Refactor Java Integration tests to new API 2023-04-21 18:22:28 -04:00
jarlob
6e9f54ef55 Use double curly braces 2023-04-21 19:03:38 +02:00
Arthur Baars
b919547e31 Add change note 2023-04-21 17:42:02 +02:00
Arthur Baars
bc44b9e4fb Python: update stats for YAML tables 2023-04-21 17:42:02 +02:00
Arthur Baars
c4a7353583 Python: upgrade/downgrade scripts 2023-04-21 17:42:02 +02:00
Arthur Baars
f61565cab1 Python: add YAML library 2023-04-21 17:42:02 +02:00
Arthur Baars
9c25c150a3 Python: add YAML dbscheme fragment 2023-04-21 17:42:02 +02:00
Rasmus Wriedt Larsen
b60cab254a Python: Accept .expected change 2023-04-21 15:25:47 +02:00
Joe Farebrother
a4d7570788 Add more sources 2023-04-21 14:23:01 +01:00
Joe Farebrother
9881fdfe27 Convert sources to MaD 2023-04-21 14:19:17 +01:00
Rasmus Wriedt Larsen
4094ec5fcc Python: Change additional dict store/read steps to not affect taint-tracking 2023-04-21 14:43:24 +02:00
Rasmus Wriedt Larsen
f80a0916ac Python: Don't report get/setdefault as unresolved calls for dict tests 2023-04-21 14:42:20 +02:00
Rasmus Wriedt Larsen
e0e978bd3e Python: Fix ql4ql alerts 2023-04-21 14:18:50 +02:00