codeql

mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00

Author	SHA1	Message	Date
JrXnm	1a1a7413c2	JS: Improv inter-procedural type inference for FunctionExpr	2021-12-10 01:09:49 +08:00
Michael Nebel	d60b90acd3	C#: Manual update of System.String and System.Convert flow summaries.	2021-12-09 16:34:42 +01:00
Michael Nebel	e879ca7a3b	C#: Convert System.Convert flow to CSV format.	2021-12-09 16:34:42 +01:00
Michael Nebel	15b4b218c8	C#: Convert System.Nullable<> flow to CSV format.	2021-12-09 16:34:42 +01:00
Michael Nebel	bbab0e582a	C#: Convert System.Lazy<> flow to CSV format.	2021-12-09 16:34:42 +01:00
Michael Nebel	9e61dfb41f	C#: Convert System.Text.StringBuilder flow to CSV format.	2021-12-09 16:34:41 +01:00
Michael Nebel	5a26346ba5	C#: Allow the use of pointer types in CSV validation.	2021-12-09 16:34:41 +01:00
Michael Nebel	5376eb89b3	C#: Convert System.String flow to CSV format.	2021-12-09 16:34:41 +01:00
Michael Nebel	df482a9603	Merge pull request #7314 from michaelnebel/csharp-stubs-dataflow-global C#: Update tests dataflow/global tests to use stubs.	2021-12-09 16:31:39 +01:00
Chris Smowton	470256da85	Copyedit	2021-12-09 15:10:07 +00:00
Tony Torralba	8bba3eb2b6	Merge pull request #6823 from atorralba/atorralba/android-notification-models Android: Add models for `android.app.Notification` builders	2021-12-09 16:01:44 +01:00
Henry Mercer	f08f07e19e	JS: Improve handling of heuristic sinks in endpoint filters Previously heuristic sinks were always included, to avoid us filtering them out due to not being an argument to an external library call. In this commit we move the argument to an external library call filtering to the query-specific endpoint filters. This lets us filter out heuristic sinks if they match one of the other endpoint filters, reducing FPs.	2021-12-09 15:00:54 +00:00
Chris Smowton	d0a19fffee	Copyedit	2021-12-09 14:58:29 +00:00
Tom Hvitved	7e99426141	C#: Address review comments	2021-12-09 15:51:54 +01:00
Tom Hvitved	2bf5966fe3	C#: Address review comment	2021-12-09 15:44:43 +01:00
Arthur Baars	fd4915a564	Ruby: CFG: add default implementation for getAnInnerCompatibleCompletion	2021-12-09 15:23:26 +01:00
Arthur Baars	9d288c90a5	Ruby: CFG: better return type for getAMatchingSuccessorType	2021-12-09 15:23:26 +01:00
Arthur Baars	a7b3f1370f	Ruby: CFG: add test case	2021-12-09 15:23:26 +01:00
Arthur Baars	d0aa307bd3	Ruby: CFG: fix multiple successors failure for default parameters	2021-12-09 15:23:26 +01:00
Tom Hvitved	b887165005	Ruby: Code review suggestions	2021-12-09 15:23:26 +01:00
Arthur Baars	3689481c18	Ruby: CFG: make Completion.isValidFor work for getSugared AST nodes	2021-12-09 15:23:26 +01:00
Arthur Baars	660e52f2bf	Ruby: CFG: make VariableReferencePattern a PreOrder node	2021-12-09 15:23:26 +01:00
Arthur Baars	e9e3ef3ea2	Ruby: 'self' is not really a local variable	2021-12-09 15:23:26 +01:00
Arthur Baars	799c945299	Ruby: fix CFG for AsPattern	2021-12-09 15:23:26 +01:00
Arthur Baars	95f8f85aa2	Ruby: fix allowed completions for desugared CasePatterns	2021-12-09 15:23:26 +01:00
Arthur Baars	aacba0b522	Ruby: CFG: add test cases for pattern matching	2021-12-09 15:23:26 +01:00
Arthur Baars	513fe09dbb	Treat class names in array/find/hash patterns as sub-patterns	2021-12-09 15:23:26 +01:00
Arthur Baars	d17c055139	CFG	2021-12-09 15:23:25 +01:00
Arthur Baars	44a615839d	Add test case with rest variable and no prefix elements	2021-12-09 15:23:25 +01:00
Arthur Baars	f08eb8e616	Revert "Temporarily allow CFG inconsistencies" This reverts commit `dca1e34cd8`.	2021-12-09 15:23:25 +01:00
Michael Nebel	69f42b9c74	C#: Update remaining tests.	2021-12-09 15:21:08 +01:00
Tony Torralba	38250b0821	Remove unnecessary implicit read step	2021-12-09 15:18:38 +01:00
Tom Hvitved	cbc96dba8a	Shared CFG: Add another consistency test Finds nodes with multiple normal successors, where one is the special simple successor. For example, this would flag a node that has both a "simple" and a "true" successor.	2021-12-09 15:08:19 +01:00
Tony Torralba	522a4bb9fa	Propagate extras through build methods	2021-12-09 14:56:52 +01:00
yoff	8e11c2c476	Merge pull request #7259 from RasmusWL/even-more-path-injection-sinks Python: Add more path-injection sinks from `os` and `tempfile` modules	2021-12-09 14:46:41 +01:00
Michael Nebel	992801b7cb	C#: Update GetAnOutNode test.	2021-12-09 13:55:04 +01:00
Tom Hvitved	9ffa236c51	Merge pull request #7288 from hvitved/cfg/enclosing-scope Shared CFG: Include CFG scope in `TElementNode`	2021-12-09 13:39:48 +01:00
Tony Torralba	c0c40cc05b	Remove synthetic fields	2021-12-09 13:34:41 +01:00
Tony Torralba	3a3c7fc59e	Fix stub	2021-12-09 13:34:41 +01:00
Tony Torralba	f209ff4f76	Use synthetic fields to improve taint precision	2021-12-09 13:34:39 +01:00
Tony Torralba	b7f7c5ba20	Change format of fluent models to make review easier	2021-12-09 13:33:19 +01:00
Tony Torralba	f63ffb0630	Add models for Notification builders	2021-12-09 13:33:17 +01:00
Tom Hvitved	069cf9d17f	C#: Exclude stubs in `GetAnOutNode.ql` test	2021-12-09 13:33:14 +01:00
Tom Hvitved	cbd21edc99	C#: Override `File::isFromSource` in tests to exclude stubs	2021-12-09 13:33:14 +01:00
Michael Nebel	2f85735b6a	C#: Use stubs instead of dll's in the dataflow global tests.	2021-12-09 13:25:11 +01:00
Tom Hvitved	69ba2e6f8c	Merge pull request #7337 from michaelnebel/csharp-synthetic-field C#: Introduce synthetic fields and use them in Task<>.	2021-12-09 13:18:44 +01:00
Nick Rolfe	d46564caa6	Ruby: treat ActionController#cookies as a remote flow source	2021-12-09 12:13:17 +00:00
Nick Rolfe	f6a8b9a7e5	Ruby: add cookies call to frameworks test	2021-12-09 12:07:04 +00:00
Taus	b871342e83	Python: A small further performance improvement Unrolling the transitive closure had slightly better performance here. Also, we exclude names of builtins, since those will be handled by a separate case of `isDefinedLocally`.	2021-12-09 10:29:55 +00:00
Michael Nebel	13347cd102	C#: Add Ql docs to synthetic fields.	2021-12-09 10:34:31 +01:00

... 59 60 61 62 63 ...

33872 Commits