hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,691 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
32c93e70e2 Include simple interpolations in getValueText 
When calculating `StringlikeLiteral.getValueText`, include results from
interpolations where we can determine their string value. For example:

    b = "b" # local variable
    D = "d" # constant

    "a#{b}c"     # getValueText() = "abc"
    "a#{b}c{D}"  # getValueText() = "abcd"
    /#a#{b}c{D}/ # getValueText() = "abcd"
 2022-01-06 12:27:03 +13:00
Harry Maclean
3df3fb092b Make room for new test code 
This change is split over several commits so it is easier to see.
This change adds some extra lines, which will be populated in the next
commit.
 2022-01-06 12:26:51 +13:00
Harry Maclean
b4b91e84a3 Ruby: Fix ConstantAccessCfgNode.getValueText 
The superclass definition uses SSA, which doesn't track constants.
 2022-01-06 12:25:19 +13:00
Andrew Eisenberg
0a2f23f6f9 Update pack references in solorigate tests 2022-01-05 10:37:15 -08:00
Taus
ea538a1ee8 Merge pull request #7416 from github/not-that-kind-of-experimental 
Remove experimental tag from non-ATM queries
 2022-01-05 18:08:15 +01:00
Taus
5d4db3af15 Python: Extend unreachable statement test 
Adds a test demostrating the false positive observed by andersfugmann.

Note that this does not change the `.expected` file, and so the tests
will fail. This is expected.
 2022-01-05 16:45:38 +00:00
Michael Nebel
53000cf9f0 C#: Update the XSS expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
7e6d88d959 C#: Only use stubs for XSS test. 2022-01-05 16:44:03 +01:00
Michael Nebel
24543a2245 C#: Update the UrlRedirect expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
47ab2061d8 C#: Replace StringValues stub from stubs.cs with the stub in Microsoft.Extensions.Primitives. 2022-01-05 16:44:03 +01:00
Michael Nebel
b3f3c2de24 C#: Convert and cleanup flow summaries for Microsoft.Extensions.Primitives.StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
48651a6113 C#: Update flow summaries for StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
c36bf3cebc C#: Reduce the amount of trash flow summaries produced for StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
9a355c1050 C#: Add stubs for Microsoft.Extensions.Primitives. 2022-01-05 16:41:30 +01:00
Michael Nebel
586fddb0ce Merge pull request #7509 from hvitved/csharp/stubs-from-source 
C#: Treat QL test stubs as not from source
 2022-01-05 16:40:19 +01:00
Mathias Vorreiter Pedersen
f5062c7d80 C++: Remove a bunch of bad self joins from 'cpp/toctou-race-condition'. 2022-01-05 15:28:53 +00:00
Alex Ford
f935df9865 Merge pull request #7313 from github/ruby/rails-cookie-config 
Ruby: Add `rb/weak-cookie-configuration` query
 2022-01-05 15:20:40 +00:00
Michael Nebel
83c05f72d9 C#: Update the expected output from MinimalStubsFromSource as the stubs are now considered library code and thus produced as a part of the minimal stub. 2022-01-05 15:35:42 +01:00
Alex Ford
da8c745bd8 Ruby: Restrict Rails Setting nodes to SetterMethodCalls 2022-01-05 14:11:07 +00:00
Asger Feldthaus
a7698b8727 JS: Fix double space 2022-01-05 14:35:02 +01:00
Asger Feldthaus
486beda2fa JS: Factor out common regexp in AccessPathToken 2022-01-05 14:35:02 +01:00
Asger Feldthaus
d33200ea83 JS: Add test for WithArity 2022-01-05 14:35:02 +01:00
Asger Feldthaus
21928bee6c JS: Rename padded -> inversePad 2022-01-05 14:35:01 +01:00
Asger Feldthaus
1989d51942 JS: Update documentation in Impl.qll 2022-01-05 14:35:01 +01:00
Asger Feldthaus
3ced5c9269 JS: Resolve first N tokens instead of constructing each prefix 2022-01-05 14:35:01 +01:00
Asger Feldthaus
772681d249 JS: Initial support for models as data 2022-01-05 14:34:52 +01:00
Anders Schack-Mulligen
ef714f7328 Dataflow: Sync 2022-01-05 14:25:35 +01:00
Anders Schack-Mulligen
6b6a9df0eb Dataflow: Remove abstract class 2022-01-05 14:13:26 +01:00
Tom Hvitved
433e373e41 C#: Remove restriction in CFG implementation to work with stubs 2022-01-05 14:12:17 +01:00
Michael Nebel
6fb112f8ec C#: Update tests to comply with Csv validation rules for kind. 2022-01-05 13:44:47 +01:00
Michael Nebel
45469a4fe6 C#: Fix error message. 2022-01-05 13:44:47 +01:00
Michael Nebel
c88355ea13 C#: Introduce Csv validation for kind. 2022-01-05 12:48:24 +01:00
Arthur Baars
e96fcf8568 Merge pull request #7498 from github/dependabot/cargo/ruby/generator/clap-3.0 
Update clap requirement from 2.33 to 3.0 in /ruby/generator
 2022-01-05 12:24:42 +01:00
Mathias Vorreiter Pedersen
a48d5dcf48 Merge pull request #7459 from MathiasVP/promote-arithmetic-uncontrolled 
C++: Increase precision of `cpp/arithmetic-uncontrolled` to `high`
 2022-01-05 11:24:09 +00:00
Henry Mercer
19933262c4 Java: Fix copy/paste error in existing queries 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-01-05 10:50:22 +00:00
Mathias Vorreiter Pedersen
23b8b776ab C++: Add change-note. 2022-01-05 10:12:20 +00:00
Michael Nebel
9983c1cbfb C#: Remove generated comment checks in stub files as these are not present in handwritten stubs. 2022-01-05 10:37:37 +01:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00
Anders Schack-Mulligen
fdb3cd03ef Merge pull request #7513 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-05 08:54:46 +01:00
github-actions[bot]
0aa1152899 Add changed framework coverage reports 2022-01-05 00:10:19 +00:00
Erik Krogh Kristensen
c7da8df03c Merge pull request #7511 from erik-krogh/dedup-spaces 
Python: remove duplicated spaces in qldoc
 2022-01-04 21:39:15 +01:00
Erik Krogh Kristensen
fe1107ccac remove duplicated spaces in qldoc 2022-01-04 21:03:06 +01:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs 
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
 2022-01-04 11:30:25 -08:00
Tom Hvitved
fd60c6e1ad Merge pull request #7510 from github/release-prep/2.7.5 
Release preparation for version 2.7.5
 2022-01-04 18:57:43 +01:00
Alex Ford
712972cb82 Ruby: formatting 2022-01-04 16:41:23 +00:00
Alex Ford
36ea360b25 Ruby: behaviour -> behavior 2022-01-04 15:43:38 +00:00
Mathias Vorreiter Pedersen
8f843209a8 Merge pull request #7493 from MrAnno/relax-ambiguously-signed-bit-field 
C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
 2022-01-04 16:18:46 +01:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Mathias Vorreiter Pedersen
e31185fea4 C++: add change-note for cpp/ambiguously-signed-bit-field. 2022-01-04 14:31:19 +00:00
László Várady
6496bf8c1d C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean 
The gboolean type of GLib (a widely used C library) is a typedef to int.
It is meant to represent a simple true/false value.

Resolves #7491
 2022-01-04 14:22:48 +00:00