hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 05:43:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,697 Branches 161 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
a8f93cac05 JS: Remove obsolete comment 
The test case actually has the correct result now
 2025-01-09 09:39:32 +01:00
Asger F
dd37c474d8 JS: Remove mention of results from comments 2025-01-09 09:39:30 +01:00
Asger F
fb54a3bde8 JS: Remove obsolete TODO comment 2025-01-09 09:39:29 +01:00
Asger F
b29ee2acde JS: Remove references to localFieldStep 
These are tracked in https://github.com/github/codeql-javascript-team/issues/456
 2025-01-09 09:39:27 +01:00
Asger F
7766f97232 JS: Remove obsolete TODO 2025-01-09 09:39:26 +01:00
Asger F
8ac08db5c2 JS: Remove TODOs about WithArrayElement not being a taint step 
This isn't going to become a taint step, the workaround is the permanent solution
 2025-01-09 09:39:23 +01:00
Tom Hvitved
07910b09d0 Ruby: Add more callback flow tests 2025-01-09 09:30:08 +01:00
Asger F
3cc1525985 JS: Remove obsolete TODOs 2025-01-09 09:19:30 +01:00
Asger F
1997e0a7b6 Merge pull request #18427 from asgerf/jss/change-note 
JS: Add migration guide and change note
 2025-01-09 09:13:16 +01:00
Paolo Tranquilli
ca05697365 Merge pull request #18429 from github/redsun82/rust-ast-generator-mustache 
Rust: make ast-generator use mustache templates
 2025-01-09 08:37:07 +01:00
Jeroen Ketema
f08d10065c C++: Add upgrade and downgrade scripts 2025-01-09 00:44:39 +01:00
Jeroen Ketema
7cba263bc4 C++: Update dbscheme stats file 2025-01-09 00:44:38 +01:00
Jeroen Ketema
033f35fe42 C++: Improve PrintAST for concept ids 
If a type would be used in multiple places in the AST, rendering of the
AST would be broken. Hence, we cannot directly use types as AST nodes.
 2025-01-09 00:44:37 +01:00
Jeroen Ketema
f8458f6025 C++: Add change note 2025-01-09 00:44:36 +01:00
Jeroen Ketema
c48fcf1fb2 C++: Support concept id expressions 2025-01-09 00:44:26 +01:00
Dave Bartolomeo
554ea29547 Merge pull request #18437 from github/post-release-prep/codeql-cli-2.20.1 
Post-release preparation for codeql-cli-2.20.1
 2025-01-08 14:33:34 -05:00
Geoffrey White
3363235b1c Merge pull request #18414 from geoffw0/sensitive 
Rust: Sensitive data library
 2025-01-08 17:38:18 +00:00
aegilops
4b57d5feb2 Added XSS sink for innerHTML/outerHTML using new Angular attribute def 2025-01-08 16:36:46 +00:00
aegilops
2dc9e7bab7 Moved def from AngularJSCore to Angular2 2025-01-08 16:36:10 +00:00
Edward Minnix III
af15ebad7e Merge pull request #18426 from egregius313/egregius313/go/mad/database/sqlx 
Go: Add `database` source models for the `jmoiron/sqlx` package
 2025-01-08 11:31:36 -05:00
Owen Mansel-Chan
0f8f5d2793 Merge branch 'main' into post-release-prep/codeql-cli-2.20.1 2025-01-08 16:28:23 +00:00
Owen Mansel-Chan
5cc34a16d1 Merge pull request #18439 from egregius313/egregius313/go/mad/database-sql/revert-varargs 
Go: Revert MaD models for `database/sql` to use QL instead
 2025-01-08 16:24:04 +00:00
Paolo Tranquilli
53b0a3464d Merge branch 'main' into redsun82/rust-ast-generator-mustache 2025-01-08 17:09:39 +01:00
Paolo Tranquilli
3bf2416e56 Merge pull request #18313 from github/redsun82/rust-mute-warnings-in-uncompiled-blocks 
Rust: exclude extraction of code excluded by `cfg`
 2025-01-08 17:03:29 +01:00
Taus
8808f0f824 Misc: Add script for calculating MRVA totals 
Use this script if you want to quickly calculate the totals of some
query across all the queries in a MRVA run.

For an example of such a query, see e.g.
`python/ql/src/Metrics/Internal/TypeAnnotations.ql`

The script expects the query to produce an output table of the form
```
| header0  | header1  | header2  | header3  | ...
|----------|----------|----------|----------|----
| message1 | value11  | value12  | value13  | ...
| message2 | value21  | value22  | value23  | ...
...
```
where all of the `values` are numbers. For each `(message, header)`
pair, it then calculates the total of all the values in that cell,
across all of the repos in the MRVA run.

To use the script, simply pass it the URL of the exported Gist of the
MRVA run. After calculating the totals, the script will then
(optionally, but by default) add the totals to the `_summary.md` file,
and push these changes to the Gist.
 2025-01-08 16:01:11 +00:00
Taus
4141b4fb8a Python: Add metrics query for type annotations 
Adds a query that counts the number of type annotations of various
kinds. Intended to be used with something like MRVA to inform our
modelling decisions.

Currently the query counts the following "interesting" types in addition
to the total number of types:
- Built-in types (which are less likely to be interesting from a
modelling perspective)
- Forward declarations (i.e. annotations inside strings) which will
require a fair bit of QL machinery to interpret.
- Simple types (stuff like `foo` or `foo.bar.baz`)
- Optional types (stuff like `Optional[foo]` which from a modelling
perspective should likely be treated the same as `foo`)
- Complex types (anything that contains more complex type constructions
such as instantiations of generic types)
 2025-01-08 15:41:31 +00:00
yoff
21e7a0e828 Merge branch 'main' into shared/locations-in-range-analysis 2025-01-08 16:40:59 +01:00
Ed Minnix
8e4939ee5d Add tests for Conn 2025-01-08 10:25:57 -05:00
Ed Minnix
a4afff2c3c Add extra variable for tracking flow 2025-01-08 10:25:55 -05:00
Ed Minnix
e7f99cdfb7 Order DB, NamedStmt, Stmt, Tx in tests 2025-01-08 10:25:54 -05:00
Ed Minnix
4ed0f7fc40 Alphabetical ordering 2025-01-08 10:25:52 -05:00
Ed Minnix
cc54e75235 Remove duplicate stubs 2025-01-08 10:25:51 -05:00
Ed Minnix
67070e0f2a Change note 2025-01-08 10:25:49 -05:00
Ed Minnix
22a4cd3698 sqlx tests 2025-01-08 10:25:48 -05:00
Ed Minnix
89a68fed7c Vendor sqlx stubs for test 2025-01-08 10:25:42 -05:00
Ed Minnix
4966ed1280 Add missing models 2025-01-08 10:24:12 -05:00
Ed Minnix
b916a7b5a7 Remove duplicate models 2025-01-08 10:24:10 -05:00
Ed Minnix
05ffffe651 jmoiron/sqlx models 2025-01-08 10:24:06 -05:00
Ed Minnix
bc68e4456a Fix test results 2025-01-08 10:22:00 -05:00
Edward Minnix III
7a589c4081 Merge pull request #18405 from egregius313/egregius313/go/mad/database/gorm 
Go: Model sources from the `gorm.io/gorm` package
 2025-01-08 10:20:10 -05:00
Edward Minnix III
6ac82d6af2 Merge pull request #18440 from egregius313/egregius313/csharp/blazor/traced-integration-tests 
C#: Traced-mode integration tests for Blazor
 2025-01-08 10:19:12 -05:00
Tom Hvitved
9e5a814f72 Merge pull request #18315 from hvitved/ruby/dataflow-types 
Ruby: Track types in data flow
 2025-01-08 15:26:38 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
Asger F
10d5d09ad1 JS: Polish taint-tracking section in response to review comment 2025-01-08 14:45:31 +01:00
Tom Hvitved
0dccbb9349 Rust: Add two more AST consistency checks 2025-01-08 14:30:01 +01:00
Tom Hvitved
033cd1778e Rust: Include index in Format.getArgument 2025-01-08 14:04:48 +01:00
Nora Dimitrijević
b5935fcd2d Language reference: mention BigInt.bitLength() 2025-01-08 14:01:01 +01:00
yoff
f02995d72b shared: add qldoc 2025-01-08 13:33:03 +01:00
yoff
aca5a51a78 Merge branch 'main' into shared/add-location-to-typetracking-nodes 2025-01-08 12:47:05 +01:00
Asger F
ecccc7ce8c Update docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-01-08 12:26:42 +01:00