hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 18:04:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,683 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
56d86f9980 Revert "NEVER MERGE: Ensure we don't use site-packages stuff" 
This reverts commit 0ed363bd79f9d3f9e9a905c1192adfe88f1faffb.
 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen
9863309631 Python: auto subclass capture 
(locally done with split + 5 x modeling runs + join, but squashed into one commit)
 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen
ca7b69ec1f NEVER MERGE: Ensure we don't use site-packages stuff 2023-12-19 17:07:40 +01:00
Rasmus Wriedt Larsen
de2a563a8e Python: Delete old auto subclass capture files 
In the final git history this only deletes one file, but when working
locally I deleted ALL files.
 2023-12-19 17:07:21 +01:00
Rasmus Wriedt Larsen
bf271d7f0f Python: refactor how subclasses are specified 
A little more explicit, so less prone to be overlooked when adding a new spec
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
32251a041b Python: Fill getFullyQualifiedName for rest of subclassing specs 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
a78f13cb2e Python: Ignore known subclass models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
24a3a23c9c Python: Regenerate rest_framework models 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
3e878f5a0b Python: Model django response subclass relationship 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
abe6f1639a Python: Add example of models subclassing problem 
In reality, we only want to model this as a `rest_framework.response.Response`, since our .qll modeling is more precise for rest-framework responses than if we also modeled it as a basic django http response. (specifically, that default mime-type handling is way different).
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
5c89c38c92 Python: Add the rest_framework models for demonstration purposes 
Although it might be hidden by github UI by default, it could be
interesting for a reviewer to notice the effect changes in the modeling
query has to the results in this file.
 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
ee3319b7b0 Python: Make split/join executable (chmod +x) 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
cfd3f8938e Python: Highlight split/join subclass files usage 2023-12-19 17:07:02 +01:00
Rasmus Wriedt Larsen
933938d926 Python: Make rest_framework tests runnable again 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
3e6423a13c Python: Add ability to split and join autogenerated yml files 
Verified by joining all files, splitting again, and observing no diff in
git.

(these operations only take a few seconds on my local machine, so
shouldn't be too much of an issue)
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
f30a3b0aba Python: Script: Improve performance by using C++ impl 
these changes took performance for loading and writing all files locally
29.60s to 3.17s

(that is, using `gather_from_existing`)
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
13c2378b58 Python: Update a few QLdocs 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
2f5d51c752 Python: treat auto subclass capture models as auto-generated 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
937af906fd Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
0fe29b6a86 Python: Recover subclass finder .expected after cherry picking commits from https://github.com/github/codeql/pull/15030 2023-12-19 17:07:01 +01:00
Rasmus Lerchedahl Petersen
75f9eeb4e9 Python: adjust test expectations 
mostly removing of nodes from the graph.
One result lost:
```
check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr
```
 2023-12-19 17:07:01 +01:00
Rasmus Lerchedahl Petersen
c563c7fbe4 Python: remove control flow nodes 
for module entry definitions from the dataflow graph.
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
e050f2e998 Python: Adjust subclass finder to no ESSA nodes 
But the new test results looks very strange indeed!
 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
60b784a919 Python: Don't filter subclass tests away 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
a9a0216c43 Python: Add change-note 2023-12-19 17:07:01 +01:00
Rasmus Wriedt Larsen
fa3e16adea Python: Refactor taint-sinks meta queries 2023-12-19 17:07:01 +01:00
Koen Vlaswinkel
0f71df9c41 C#: Extend TestFile instead of separate class 2023-12-19 16:37:49 +01:00
Ed Minnix
a93d6dd956 Change note 2023-12-19 10:28:23 -05:00
Ed Minnix
ce130c6ed5 Add replace to MapMutator 2023-12-19 10:23:06 -05:00
Jeroen Ketema
4009b42891 Merge pull request #15146 from jketema/almost-empty-pch 
C++: Update test after extractor changes
 2023-12-19 16:20:35 +01:00
Max Schaefer
dc8be7bbf0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-19 15:09:42 +00:00
Benjamin Rodes
f26330e6bd Removing redundant/bad string type check. 2023-12-19 09:41:29 -05:00
Benjamin Rodes
6fb01925d0 Updating test ql file and applying formatting. 2023-12-19 09:39:46 -05:00
Tamas Vajk
278d9b1dfb Fix integration tests 2023-12-19 15:33:46 +01:00
Benjamin Rodes
48866e5358 Updates to address PR comments. 2023-12-19 09:33:07 -05:00
Michael Nebel
681ac7e5f0 C#: Update tests (and expected output) to use the generated EntityFramework stubs. 2023-12-19 15:22:45 +01:00
Michael Nebel
80f3c6cc2b C#: Manual changes to the project dependecies to avoid conflicts when multiple projects are loaded from source. 2023-12-19 15:21:56 +01:00
Michael Nebel
272f3265ea C#: Delete the handwritten EntityFramework stubs. 2023-12-19 15:20:53 +01:00
Tamas Vajk
016d200355 Fix unit tests 2023-12-19 15:14:47 +01:00
Tony Torralba
c8a369d9ef Update java/ql/lib/ext/jakarta.persistence.model.yml 2023-12-19 14:58:07 +01:00
Ben Rodes
387eddadad Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:48:51 -05:00
Ben Rodes
29a0da6cd9 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:48:20 -05:00
Ben Rodes
49728571cf Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:47:58 -05:00
Ben Rodes
66f725dd05 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:47:48 -05:00
Mathias Vorreiter Pedersen
cfaa2d881a Merge pull request #15152 from MathiasVP/fix-unnecessary-evaluation-of-debug-strings 
C++: Fix unnecessary evaluation of debug strings
 2023-12-19 13:59:20 +01:00
Koen Vlaswinkel
d22acfb449 C#: Classify test support files in model editor queries 2023-12-19 13:49:53 +01:00
Tamas Vajk
ad394a0d84 C#: Download dotnet-install.sh to the scratch dir 2023-12-19 13:11:22 +01:00
Tamas Vajk
dd64b436c0 C#: Fix working directory structures in standalone 2023-12-19 12:54:00 +01:00
Max Schaefer
71dbd1a059 C#: Mention more XSS sanitisation options in query help. 2023-12-19 11:33:26 +00:00
Mathias Vorreiter Pedersen
95cd31fce3 C++: Silence warnings. 2023-12-19 12:29:16 +01:00