hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
864b61a804 Merge pull request #7766 from hvitved/csharp/extractor/type-param-constraints 
C#: Make `TypeParameterConstraints` a `CachedEntity`
 2022-01-28 12:39:31 +01:00
Tom Hvitved
28702dff82 Merge pull request #7779 from hvitved/csharp/initial-downgrade-scheme 
C#: Add initial downgrade DB scheme for use in tests
 2022-01-28 12:38:07 +01:00
Nick Rolfe
8248a942ce Ruby: enable taint checking for array-flow test 2022-01-28 11:33:59 +00:00
Nick Rolfe
c0e1384f4a Ruby: move Array/Enumerable flow summaries to their own file 2022-01-28 11:33:59 +00:00
Nick Rolfe
6c0eb8beee Ruby: update array flow summaries to use getConstantValue() 2022-01-28 11:33:59 +00:00
Nick Rolfe
693ff6a904 Ruby: add flow summaries for remaining Array methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
030cfa36da Ruby: add flow summaries for all remaining Enumerable methods 2022-01-28 11:33:59 +00:00
Erik Krogh Kristensen
7b925604df update expected output 2022-01-28 12:21:33 +01:00
Nick Rolfe
588e60e230 Merge pull request #7775 from github/nickrolfe/graph_test_ordering 
Ruby/C#: more stable graph test ordering
 2022-01-28 11:16:02 +00:00
Erik Krogh Kristensen
7aa59ca233 Merge pull request #7633 from erik-krogh/CWE-300 
JS: add js/http-dependency query
 2022-01-28 12:10:14 +01:00
Taus
47a57e0c0a Merge pull request #7635 from github/python/support-match 
Python/support match
 2022-01-28 11:55:46 +01:00
yoff
74d57bbb1a Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-28 11:38:29 +01:00
Arthur Baars
cada7ef1a4 Ruby: add downgrade scripts to prepare-db-upgrade.sh 2022-01-28 11:07:56 +01:00
Rasmus Lerchedahl Petersen
ab43f041c3 python: rename files 2022-01-28 11:00:17 +01:00
Erik Krogh Kristensen
b5198bdaca apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-28 10:46:27 +01:00
Erik Krogh Kristensen
bf9bcc9600 add a js/file-system-race query 2022-01-28 09:41:12 +01:00
Erik Krogh Kristensen
179c26da9a apply suggestions from review 2022-01-28 09:37:46 +01:00
Tony Torralba
f3e034b2be Merge pull request #7764 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-28 09:35:54 +01:00
Harry Maclean
0428b8ee20 Split Ruby CI into multiple parallel jobs 
Run format, compile and db upgrade checks in parallel, along with the
main tests, which run in two parallel halves.
 2022-01-28 21:23:34 +13:00
Rasmus Lerchedahl Petersen
4c3c4deb34 python: Move over query and tests 2022-01-28 09:19:11 +01:00
Esben Sparre Andreasen
ee52774e90 Merge pull request #7760 from erik-krogh/CWE-184 
JS: add CWE-184 to incomplete-scheme-check and bad-tag-filter
 2022-01-28 09:18:41 +01:00
Tom Hvitved
ee5495ce65 C#: Add initial downgrade DB scheme for use in tests 2022-01-28 09:05:42 +01:00
Rasmus Lerchedahl Petersen
a026120c52 Python: Move configuration over and refine it 
The original configuration did not match sinks with sanitizers.
Here it is resolved using flow state,
it could also be done by using two configurations.
 2022-01-28 09:00:40 +01:00
Rasmus Lerchedahl Petersen
d539920661 Python: Update list of frameworks 2022-01-28 08:58:30 +01:00
Harry Maclean
b01f81aab3 Use modified getAPath predicate for test 2022-01-28 19:45:52 +13:00
Harry Maclean
a1b0f02e6e Ruby: Introduce API::getAnImmediateSubclass() 
class A; end
    class B < A; end
    class C < B; end

In the example above, `getMember("A").getAnImmediateSubclass()` will
select only uses of B, whereas `getMember("A").getASubclass()` will
select uses of A, B and C. This is usually the behaviour you want.
 2022-01-28 16:44:03 +13:00
github-actions[bot]
c6130ea2d4 Add changed framework coverage reports 2022-01-28 00:11:49 +00:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Rasmus Lerchedahl Petersen
c60df7d69c Merge branch 'main' of github.com:github/codeql into python/support-match 2022-01-27 16:45:17 +01:00
yoff
4632c14280 Merge pull request #7654 from RasmusWL/remove-old-pointsto-queries 
Python: Cleanup: Remove old points-to versions of queries
 2022-01-27 16:39:01 +01:00
Nick Rolfe
cd5010fe11 C#: sync changes from Ruby to improve ordering of graph test output 2022-01-27 15:34:01 +00:00
Tom Hvitved
b7fb9e8b95 Merge pull request #7768 from hvitved/csharp/extractor-diagnostics-query 
C#: Add internal extractor diagnostics query
 2022-01-27 16:33:32 +01:00
Chris Smowton
17656fc12b Merge pull request #7771 from Dig2/main 
Fix typo in CodeQL-query-help-for-JavaScript
 2022-01-27 15:03:35 +00:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Rasmus Lerchedahl Petersen
b93c04bb79 python: Add reverse flow in some patterns 
Particularly in value and literal patterns.
This is getting a little bit into the guards aspect of matching.
We could similarly add reverse flow in terms of
sub-patterns storing to a sequence pattern,
a flow step from alternatives to an-or-pattern, etc..
It does not seem too likely that sources are embedded in patterns
to begin with, but for secrets perhaps?

It is illustrated by the literal test. The value test still fails.
I believe we miss flow in general from the static attribute.
 2022-01-27 15:20:23 +01:00
Tom Hvitved
cdfe239016 C#: Guard against AssociatedSymbol not being an IEventSymbol 
Apply same logic as for property/indexer accessors to account for cases where
the associated event cannot be determined. I have not been able to reproduce
such cases locally, though we have seen reports of it happening.
 2022-01-27 15:14:03 +01:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Dig2
516bed391a Fix CodeQL-query-help-for-JavaScript typo 2022-01-27 21:33:20 +08:00
Benjamin Muskalla
5c9c83d331 Revert "Enable on my repo" 
This reverts commit b9c3e6a052.
 2022-01-27 14:24:41 +01:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
47528dd8c0 C++: Autoformat. 2022-01-27 12:56:16 +00:00
Tamás Vajk
50f546043a Merge pull request #7769 from github/release-prep/2.8.0 
Release preparation for version 2.8.0
codeql-cli/v2.8.0 		2022-01-27 13:36:59 +01:00
Tom Hvitved
d9a1046e0e Merge pull request #7683 from hvitved/ruby/qltest-4-threads 
Ruby: Use multiple threads in QL test CI job
 2022-01-27 13:11:39 +01:00
Benjamin Muskalla
39a853b5e4 Remove unused models 2022-01-27 12:27:37 +01:00
Benjamin Muskalla
1cfb088634 rely on defaults 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
e5acc6b54b use default sha for pr 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
3646ae0995 Skip diff install if not needed 2022-01-27 12:26:58 +01:00
Geoffrey White
1bf9c19638 C++: Autoformat. 2022-01-27 11:26:18 +00:00
Geoffrey White
f090a3b440 C++: Add to and clarify some taint library QLDoc. 2022-01-27 11:26:00 +00:00
Benjamin Muskalla
10aa7a7982 Better name 2022-01-27 12:02:42 +01:00