hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,703 Branches 162 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
ac87868097 Python: Fix parsing of await inside expressions 
Found when parsing `Lib/test/test_coroutines.py` using the new parser.

For whatever reason, having `await` be an `expression` (with an argument
of the same kind) resulted in a bad parse. Consulting the official
grammar, we see that `await` should actually be a `primary_expression`
instead. This is also more in line with the other unary operators, whose
precedence is shared by the `await` syntax.
 2024-10-28 14:44:01 +00:00
Taus
1e51703ce9 Python: Allow escaped quotes/backslashes in raw strings 
Quoting the Python documentation (last paragraph of
https://docs.python.org/3/reference/lexical_analysis.html#escape-sequences):

"Even in a raw literal, quotes can be escaped with a backslash, but the
backslash remains in the result; for example, r"\"" is a valid string
literal consisting of two characters: a backslash and a double quote;
r"\" is not a valid string literal (even a raw string cannot end in an
odd number of backslashes)."

We did not handle this correctly in the scanner, as we only consumed the
backslash but not the following single or double quote, resulting in
that character getting interpreted as the end of the string.

To fix this, we do a second lookahead after consuming the backslash, and
if the next character is the end character for the string, we advance
the lexer across it as well.

Similarly, backslashes in raw strings can escape other backslashes.
Thus, for a string like '\\' we must consume the second backslash,
otherwise we'll interpret it as escaping the end quote.
 2024-10-28 14:40:24 +00:00
Geoffrey White
eb79bcbc34 Rust: Remove unnecessary line. 2024-10-28 14:36:45 +00:00
Geoffrey White
bf5a0b7bd0 Rust: Rewrite UnreachableCode.ql to be more robust. 2024-10-28 14:36:42 +00:00
Geoffrey White
41df9ae4fc Merge pull request #17854 from geoffw0/cleanuptest 
Rust: Clean up unreachable test
 2024-10-28 14:29:42 +00:00
Paolo Tranquilli
f5d14dbe07 Merge pull request #17856 from github/redsun82/rust-defaultSuiteFile 
Rust: add `defaultSuiteFile`
 2024-10-28 15:27:51 +01:00
Simon Friis Vindum
8f8564ddfd Rust: Address PR comments 2024-10-28 15:15:38 +01:00
Anders Schack-Mulligen
fba4d09e65 TypeFlow: Simplify interface. 2024-10-28 15:09:09 +01:00
Anders Schack-Mulligen
3939eff260 TypeFlow: Rename step to uniqStep. 2024-10-28 15:00:05 +01:00
Dave Bartolomeo
3228447544 Fix bash nit 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2024-10-28 09:58:11 -04:00
Paolo Tranquilli
5420e52afa Rust: add defaultSuiteFile 2024-10-28 14:56:09 +01:00
Tom Hvitved
cfa1ed38b4 Merge pull request #17844 from hvitved/rust/location-impl 
Rust: Cache `Locatable.getLocation` and `Location`
 2024-10-28 14:41:36 +01:00
Paolo Tranquilli
5a84d290e6 Rust: ignore test directory 2024-10-28 14:32:53 +01:00
Tom Hvitved
7910af159c C#: Take mapped locations into account in Comments.qll 2024-10-28 14:21:10 +01:00
Paolo Tranquilli
dd4fe2a32b Rust: change analysis config 2024-10-28 14:21:07 +01:00
Tom Hvitved
c93e4385f2 C#: Add a test for a comment with a mapped location 2024-10-28 14:20:24 +01:00
Arthur Baars
2326861b23 Merge pull request #17805 from github/aibaars/local-defs 
Rust: Rust: add jump to definition for format arguments
 2024-10-28 14:17:40 +01:00
Cornelius Riemenschneider
1972532f1c Merge pull request #17732 from github/criemen/bazel-8 
Bazel: Upgrade to 8.0.0rc1
 2024-10-28 14:03:20 +01:00
Michael Nebel
058fcc1a51 Merge pull request #17853 from michaelnebel/csharp/madtests 
C#: Re-factor test for CWE-611/UntrustedDataInsecureXml.ql to pretty print models.
 2024-10-28 13:38:26 +01:00
Tom Hvitved
711dfc3592 Rust: Cache Locatable.getLocation and Location 2024-10-28 13:33:49 +01:00
Arthur Baars
b6c26debef Rust: create single Semantics object for each workspace 2024-10-28 13:29:04 +01:00
Arthur Baars
57cdda3405 Rust: no longer reload files into the RootDatabase 
Files were reloaded to handle cases were there was no content
for a file_id, causing a panic. Missing contents was caused by
files that did not contain valid UTF-8 data. These are skipped
by rust-analyzer when it is loading data into the RootDatabase.
 2024-10-28 13:29:03 +01:00
Paolo Tranquilli
9c95a17882 Rust: add block ids to canonical paths, making them "extended" 2024-10-28 12:41:05 +01:00
Simon Friis Vindum
cab916453d Rust: Update unused value expected test result 2024-10-28 12:18:00 +01:00
Alvaro Muñoz
aecb478e1c Bump qlpack versions 2024-10-28 11:58:45 +01:00
Alvaro Muñoz
18137f58c2 fix: take trigger events into consideration 
Code Injection remote flow sources should be triggerable by the
privileged event
 2024-10-28 11:58:14 +01:00
Alvaro Muñoz
792e8555af fix: remove context 2 events mappings 
client_paylaod (dispatch), commits (push), head_commit (push) and
merge_group are not under external attacker control so remove them
 2024-10-28 11:56:59 +01:00
Alvaro Muñoz
62d9302e8b chore: remove leftover commented out code 2024-10-28 11:55:44 +01:00
Alvaro Muñoz
e34835f71a fix: AstNode.getATriggerEvent() 
getATriggerEvent did not work for nodes outside a Job.
If there is no enclosing job, get the trigger from the enclosing
workflow
 2024-10-28 11:55:23 +01:00
Alvaro Muñoz
6136a98764 Add getEvent to RemoteFlowSource for events able to trigger the source 2024-10-28 11:54:04 +01:00
Simon Friis Vindum
b86a5810b3 Rust: Small refactor based on PR feedback 2024-10-28 11:45:46 +01:00
Simon Friis Vindum
c5b01eb629 Merge branch 'main' into rust-saa-additions 2024-10-28 11:42:32 +01:00
Geoffrey White
e5818f6f2e Rust: Fix unused value cases in the unreachable test (they're not interesting, just distract from the point of these tests. 2024-10-28 10:29:31 +00:00
Arthur Baars
fdf99e2f50 Rust: filter out definitions that are inside expanded macros 2024-10-28 11:27:59 +01:00
Geoffrey White
72606d5a59 Rust: Add missing annotations to unreachable test. 2024-10-28 10:22:46 +00:00
Arthur Baars
c4126e4410 Rust: add tests for Definitions.qll 2024-10-28 11:17:48 +01:00
Rasmus Wriedt Larsen
e3c400b0c8 Add auto labeler support for 'Actions' 2024-10-28 10:46:05 +01:00
Rasmus Wriedt Larsen
01fa95f98a Actions: autoformat 2024-10-28 10:43:46 +01:00
Michael Nebel
b112a9b31e Merge pull request #17851 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-10-28 10:38:27 +01:00
Michael Nebel
82ff545424 C#: Re-factor test for CWE-611/UntrustedDataInsecureXml.ql to pretty print models in test case. 2024-10-28 10:36:32 +01:00
Óscar San José
3e77629477 Merge pull request #17838 from github/oscarsj/deprecate-macos-12 
Remove macos-12 and its variants, deprecated
 2024-10-28 10:32:49 +01:00
Paolo Tranquilli
2fa1c5ebcd Merge branch 'main' into redsun82/rust-analysis 2024-10-28 10:30:08 +01:00
Arthur Baars
40ef9ad805 Rust: make TDef cached 2024-10-28 10:21:43 +01:00
github-actions[bot]
0e5ba2b23e Add changed framework coverage reports 2024-10-28 00:21:56 +00:00
Dave Bartolomeo
8840f91503 Fix formatting 2024-10-25 20:32:01 -04:00
Dave Bartolomeo
4a567344f5 Fix style alerts 2024-10-25 17:59:49 -04:00
Dave Bartolomeo
dffc9e2e31 Create placeholder Actions QL packs 2024-10-25 17:45:05 -04:00
Dave Bartolomeo
47a7d24a1a Implement Actions extractor 2024-10-25 17:44:46 -04:00
Jeroen Ketema
655fa53cdd Merge pull request #17848 from jketema/wrong-format 
C++: Add wrong format type builtin function test
 2024-10-25 19:11:22 +02:00
Chris Smowton
fa4cc83753 Merge pull request #17837 from smowton/smowton/admin/trim-java-web-jsp-test 
Java: Trim JSP test
 2024-10-25 17:23:51 +01:00