hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Edoardo Pirovano
662675ebf0 Merge pull request #7739 from github/edoardo/3.4-mergeback 
Merge `rc/3.4` into `main`
 2022-01-25 17:44:13 +00:00
Shati Patel
1c711e05be Merge pull request #7661 from shati-patel/vscode-pack-commands 
Docs: Mention packaging commands in CodeQL extension
 2022-01-25 16:55:37 +00:00
Andrew Eisenberg
e722121be8 Merge pull request #7618 from github/aeisenberg/getting-started-docs 
Docs: Simplify getting started docs
 2022-01-25 08:30:06 -08:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Mathias Vorreiter Pedersen
5d0f7efe84 Merge pull request #7743 from jketema/doc-fixes 
CodeQL documentation fixes
 2022-01-25 16:11:08 +00:00
Henry Mercer
70f7535988 JS: Move experimental notice to the bottom of the ML-powered query help 
The Code Scanning UI shows just the first paragraph of the query help
as a summary, until a user chooses to expand the help.
We decided it was more useful to display the standard query help in this
summary compared to the experimental query notice, since there is
already a notice about experimental queries on the alert show page.
 2022-01-25 15:52:09 +00:00
Tom Hvitved
afd6f58fe8 Merge pull request #7741 from hvitved/csharp/compilation-args-exclude-extractor-args 
C#: Exclude extractor arguments from `compilation_args` relation
 2022-01-25 16:31:46 +01:00
Geoffrey White
63ff17b3c1 Merge pull request #7737 from geoffw0/clrtxt5 
C++: Upgrade cpp/cleartext-storage-file
 2022-01-25 15:09:13 +00:00
Jeroen Ketema
082c712843 Replace Block by BlockStmt in basic C/C++ query documentation 
`Block` has be deprecated in favor of `BlockStmt`.
 2022-01-25 15:21:34 +01:00
Jeroen Ketema
1cfd222770 Remove redundant can 2022-01-25 15:21:06 +01:00
Michael Nebel
f1d5d3af9d C#: Add change note for extended property patterns. 2022-01-25 15:13:11 +01:00
Michael Nebel
44cc044a3d C#: Add testcase for extended property patterns (to indicate that they are de-sugared correctly). 2022-01-25 15:13:11 +01:00
Michael Nebel
833e8e4f1d C#: Add some examples with the extended property pattern syntax. 2022-01-25 15:13:11 +01:00
Michael Nebel
83e7fae578 C#: Desugar property patterns that uses member access syntax. 2022-01-25 15:13:11 +01:00
Tom Hvitved
d7a91fdbe6 C#: Exclude extractor arguments from compilation_args relation 2022-01-25 15:09:29 +01:00
Geoffrey White
e4a3e9ee23 C++: Change note. 2022-01-25 13:55:01 +00:00
Geoffrey White
340b40e8f3 C++: Modernize cpp/cleartext-storage-buffer. 2022-01-25 13:54:42 +00:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Stephan Brandauer
20ea825e4a test for 'node:' prefix for importing node modules 2022-01-25 13:43:16 +01:00
shati-patel
1462565810 Clarify "download packs" usage 2022-01-25 12:37:17 +00:00
Erik Krogh Kristensen
cc527bdecd Merge pull request #7721 from erik-krogh/CWE-1275 
JS: add a js/samesite-none-cookie cookie
 2022-01-25 13:28:08 +01:00
Shati Patel
9e1e2ba442 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-01-25 12:27:00 +00:00
Tom Hvitved
49488fa0a0 Ruby: Fix bad join in ActionControllerHelperMethod 
```
[2022-01-25 12:35:14] (234s) Tuple counts for ActionController::ActionControllerHelperMethod#class#ff/2@ef816fil after 1.5s:
                      7685     ~0%     {3} r1 = JOIN ActionController::ActionControllerContextCall#ff#shared WITH Method::Method::getName_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'controllerClass', Lhs.0 'this'
                      13198    ~0%     {3} r2 = JOIN r1 WITH Constant::ConstantValue::getStringOrSymbol_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'controllerClass', Lhs.2 'this', Rhs.1
                      15835365 ~4%     {5} r3 = JOIN r2 WITH AST::AstNode::getEnclosingModule_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, "helper_method", Lhs.0 'controllerClass', Lhs.1 'this', Lhs.2
                      12943    ~1%     {4} r4 = JOIN r3 WITH Call::MethodCall::getMethodName_dispred#ff ON FIRST 2 OUTPUT Lhs.4, Lhs.2 'controllerClass', Lhs.3 'this', Lhs.0
                      1146184  ~0%     {4} r5 = JOIN r4 WITH Expr::Expr::getConstantValue_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'controllerClass', Lhs.2 'this'
                      212      ~0%     {2} r6 = JOIN r5 WITH project#Call::Call::getArgument_dispred#fff ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'controllerClass'
                                       return r6
```

Joining on enclosing module and name simultaneously yields a much better join.
 2022-01-25 13:00:13 +01:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Erik Krogh Kristensen
caaee5e4e5 make a utility predicate for extracting sameSite values 2022-01-25 12:32:04 +01:00
Erik Krogh Kristensen
9f9dee5d18 apply documentation suggestions 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-25 12:14:16 +01:00
Tom Hvitved
67962cb93d Ruby: Fix bad join in access predicate 
Joining on variable name alone is a bad thing:

```
[2022-01-25 11:13:20] (228s) Tuple counts for Variable::Cached::access#ff#shared/3@868b54tu after 3m37s:
                      112554    ~0%     {3} r1 = JOIN Variable::VariableReal::getNameImpl_dispred#ff WITH Variable::VariableReal::getDeclaringScopeImpl_dispred#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'arg2', Rhs.1 'arg1'
                      561015756 ~1%     {3} r2 = JOIN r1 WITH Variable::variableName#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.2 'arg1', Lhs.1 'arg2'
                                        return r2
```

This change ensures that we join on name and scope simultaneously.
 2022-01-25 11:37:38 +01:00
Michael Nebel
26d9848fca Merge pull request #7730 from michaelnebel/csharp/csharp10-release-notes 
C#: Add change notes for the already implemented C# 10 features.
 2022-01-25 11:31:02 +01:00
Geoffrey White
d70b813949 Merge pull request #7732 from MathiasVP/security-severity-for-return-stack-allocated-memory 
C++: Add security-severity to `cpp/return-stack-allocated-memory`
 2022-01-25 10:13:49 +00:00
Stephan Brandauer
9825136e58 add support for the 'node:' prefix for importing internal modules 2022-01-25 10:55:34 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Tom Hvitved
0299b4603f Merge pull request #7677 from hvitved/ruby/constant-value 
Ruby: Replace `getValueText` with `getConstantValue`
 2022-01-25 10:31:02 +01:00
Harry Maclean
962d0213b5 Ruby extractor: stop using deprecated function 2022-01-25 22:04:24 +13:00
Tony Torralba
82ad79f55f Merge pull request #7728 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-25 09:53:12 +01:00
Mathias Vorreiter Pedersen
72241886bf C++: Add security-severity to 'cpp/return-stack-allocated-memory'. 2022-01-25 08:49:00 +00:00
Michael Nebel
f6a8d50593 C#: Add change notes for the already implemented C# 10 features. 2022-01-25 09:46:57 +01:00
Stephan Brandauer
35cc5ff0e2 Merge pull request #7715 from kaeluka/recognize-fs-extra-path-args 
JS: add a predicate to recognize path arguments in calls to the fs-extra lib
 2022-01-25 09:36:59 +01:00
Tom Hvitved
06776d19ee Merge pull request #4949 from luchua-bc/cs/hash-without-salt 
C#: Query to detect hash without salt
 2022-01-25 09:04:23 +01:00
Tom Hvitved
fdd787b89c Merge pull request #7658 from hvitved/csharp/dataflow/no-negative-positions 
C#: Get rid of negative parameter/argument data-flow positions
 2022-01-25 09:01:44 +01:00
dependabot[bot]
6543b1a3a9 Update clap requirement from 2.33 to 3.0 
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.

Apply this update in both the generator and extractor.
 2022-01-25 16:53:39 +13:00
Harry Maclean
c5904b7410 Add inline tests for API Graph subclassing 2022-01-25 16:41:49 +13:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
Harry Maclean
d0a274c1e8 Use API graph subclassing in GraphQL modelling 
This simplifies some of the code.
 2022-01-25 16:41:24 +13:00
Harry Maclean
5e7a29a979 Ruby: Use API graph subclassing in Rails modelling 
Now that API graphs have basic subclassing support, we can simplify some
of the ActiveRecord and ActionController code.
 2022-01-25 16:40:14 +13:00
github-actions[bot]
1c2f4e79ff Add changed framework coverage reports 2022-01-25 00:10:23 +00:00
Dave Bartolomeo
9183a4d7e7 Merge remote-tracking branch 'upstream/main' into dbartol/side-effect-reorder/work 2022-01-24 15:56:38 -05:00
CodeQL CI
8d1e22bc38 Merge pull request #7632 from erik-krogh/CWE-862 
Approved by esbena, felicitymay
 2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen
d4bac887cf add a js/samesite-none-cookie cookie 2022-01-24 21:39:41 +01:00
yo-h
364f07e3c5 Merge pull request #7725 from github/turbo-go-117-update 
Update supported Go version
 2022-01-24 15:23:00 -05:00
Robert Marsh
6d3381cb89 Merge pull request #7718 from MathiasVP/move-return-stack-allocated-memory-into-code-scanning 
C++: Add `security` tag to `cpp/return-stack-allocated-memory`
 2022-01-24 14:52:23 -05:00