hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-01 07:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,684 Branches 159 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan Brandauer
f4104e2b72 Merge pull request #8886 from kaeluka/add-rest-parameter-flowstep 
JS: Add flow step to `...rest` parameters
 2022-04-28 08:39:50 +01:00
Tony Torralba
1f1581cc97 Merge pull request #8913 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-04-28 09:34:52 +02:00
Jonas Jensen
0c65e67d18 QL language reference: variables must be lowerId 
To prepare for a future QL language change where variable names must
start with a lower-case letter, this commit updates the QL language
reference (including the language specification) to change the variable
name grammar from `simpleId` to `lowerId`.
 2022-04-28 09:13:36 +02:00
dependabot[bot]
8c4e92d065 Bump actions/download-artifact from 2 to 3 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-28 03:32:59 +00:00
dependabot[bot]
c8fd94a830 Bump actions/setup-python from 2 to 3 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-28 03:32:57 +00:00
dependabot[bot]
6526ee797d Bump actions/setup-dotnet from 1 to 2 
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1 to 2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-28 03:32:55 +00:00
github-actions[bot]
018558b823 Add changed framework coverage reports 2022-04-28 00:18:25 +00:00
Harry Maclean
ba1d43dd42 Merge pull request #8658 from hmac/hmac/insecure-download 
Ruby: Add InsecureDownload query
 2022-04-28 11:07:35 +12:00
Harry Maclean
f4453f4da2 Merge pull request #8573 from hmac/hmac/missing-regexp-anchor 
Ruby: Add MissingRegExpAnchor query
 2022-04-28 11:06:33 +12:00
luchua-bc
590b9d8519 Standardize the query and update qldoc 2022-04-27 22:17:17 +00:00
Chris Smowton
bb049bffbd Merge pull request #8765 from artem-smotrakov/cover-jms 
Java: Add flow sources and steps for RabbitMQ and JMS
 2022-04-27 21:27:05 +01:00
Taus
b4a31e572f Python: Add global attribute writes 2022-04-27 16:45:00 +00:00
Taus
f71cf2e1fc Python: Add test 2022-04-27 15:48:11 +00:00
Paolo Tranquilli
f95b5853c1 Merge pull request #8788 from AlexDenisov/alexdenisov/swift-first-extractor-test 
Swift: file extraction
 2022-04-27 17:47:17 +02:00
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2 
C++: Add support for createLSParser to the CWE-611 XXE query.
 2022-04-27 16:24:27 +01:00
Anna Railton
00b74d8b1c Merge pull request #8895 from github/annarailton-patch-1 
ATM: Update `TaintedPathInjection` -> `TaintedPath`
 2022-04-27 16:15:46 +01:00
Mathias Vorreiter Pedersen
abbb7f861f Merge pull request #8904 from MathiasVP/sync-swift-schema 
Swift: Sync schema after extractor changes
 2022-04-27 16:14:46 +01:00
Alex Denisov
272aa594cc Swift: compiler options moved to .bazelrc 2022-04-27 17:11:16 +02:00
Mathias Vorreiter Pedersen
75c1e56bbd Revert "Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars" 
This reverts commit 800e4ea7df, reversing
changes made to 7ce040f331.
 2022-04-27 16:04:28 +01:00
Henry Mercer
897bc2374a Merge pull request #8906 from github/henrymercer/workflow-codeowners 
Add CODEOWNERS for Actions workflows
 2022-04-27 15:47:11 +01:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Geoffrey White
d04078f989 C++: Fix. 2022-04-27 15:45:23 +01:00
Henry Mercer
c39eaf64ca Merge pull request #8901 from github/dependabot/github_actions/actions/checkout-3 
Bump actions/checkout from 2 to 3
 2022-04-27 15:40:07 +01:00
Henry Mercer
6777090f36 Add CODEOWNERS for Actions workflows 2022-04-27 15:26:15 +01:00
Stephan Brandauer
ee280cda32 Improve docs after PR comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-04-27 16:24:20 +02:00
dependabot[bot]
c63a0e7010 Bump actions/checkout from 2 to 3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 14:13:33 +00:00
Henry Mercer
3e80c78612 Merge pull request #8903 from github/dependabot/github_actions/actions/stale-5 
Bump actions/stale from 3 to 5
 2022-04-27 15:13:03 +01:00
Henry Mercer
b6a787d4a0 Merge pull request #8902 from github/dependabot/github_actions/actions/cache-3 
Bump actions/cache from 2 to 3
 2022-04-27 15:12:58 +01:00
Henry Mercer
f876ef91a3 Merge pull request #8900 from github/dependabot/github_actions/actions/labeler-4 
Bump actions/labeler from 2 to 4
 2022-04-27 15:12:52 +01:00
Henry Mercer
52475cd917 Merge pull request #8899 from github/dependabot/github_actions/actions/upload-artifact-3 
Bump actions/upload-artifact from 2 to 3
 2022-04-27 15:12:39 +01:00
Paolo Tranquilli
cde5ba7987 Merge pull request #8889 from redsun82/swift-codegen-unit-tests 
Swift: add unit tests to code generation
 2022-04-27 16:07:54 +02:00
Stephan Brandauer
4964f2df9a add flow step to rest parameters 2022-04-27 16:03:19 +02:00
Chris Smowton
db90bf9900 Move change note 2022-04-27 15:00:26 +01:00
Michael Nebel
52b59d0eed C#: Add auto generated comment to generated models as data files. 2022-04-27 15:40:23 +02:00
Mathias Vorreiter Pedersen
141e8fcd5b Swift: Sync schema. 2022-04-27 14:39:13 +01:00
Tony Torralba
51bb33ae65 Merge pull request #8876 from atorralba/atorralba/externalflow-import-private 
Java: Make all imports of ExternalFlow private
 2022-04-27 15:24:55 +02:00
dependabot[bot]
c71c6f6dbe Bump actions/stale from 3 to 5 
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:41 +00:00
dependabot[bot]
2c1ee564aa Bump actions/cache from 2 to 3 
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:37 +00:00
dependabot[bot]
70ba8e3a5c Bump actions/labeler from 2 to 4 
Bumps [actions/labeler](https://github.com/actions/labeler) from 2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:30 +00:00
dependabot[bot]
e1e68e96dc Bump actions/upload-artifact from 2 to 3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:17:28 +00:00
Henry Mercer
295c0fcbb5 Merge pull request #8896 from github/henrymercer/dependabot-actions-updates 
Enable Dependabot updates for Actions
 2022-04-27 14:16:46 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-27 13:06:02 +01:00
yoff
39753d5a0b Merge pull request #8693 from erik-krogh/pyApi 
PY: more API-graphs refactorings
 2022-04-27 13:19:50 +02:00
Taus
d3a05b8b7e Python: Fix bad join in MethodCallsiteRefinement 
Observed on `FreeCAD/FreeCAD`:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@274967ic after 34.5s:
638284     ~0%     {2} r1 = SCAN Essa::TEssaNodeRefinement#24e22a14#ffff OUTPUT In.0, In.3 'this'
636521     ~0%     {2} r2 = r1 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.1 'this')
1579493668 ~0%     {2} r3 = JOIN r2 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.2
266673     ~3%     {1} r4 = JOIN r3 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.0 'this'
                    return r4
```

After a bit of unbinding, we have:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@d73d8e27 after 66ms:
215168 ~1%     {2} r1 = SCAN Definitions::SsaSourceVariable#class#486534ab#f OUTPUT In.0, In.0
283965 ~2%     {2} r2 = JOIN r1 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1
401274 ~0%     {2} r3 = JOIN r2 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'this'
266671 ~2%     {1} r4 = JOIN r3 WITH Essa::TEssaNodeRefinement#24e22a14#ffff_03#join_rhs ON FIRST 2 OUTPUT Lhs.1 'this'
266671 ~2%     {1} r5 = r4 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.0 'this')
                return r5
```
(I'm somewhat confused about the slight difference in tuples, but it's
probably just because the compiler moved some stuff around.)
 2022-04-27 11:13:37 +00:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Henry Mercer
60ebf4d9b7 Enable Dependabot updates for Actions 
This will automatically create update PRs for workflow files referencing Actions that have since had a major update.
 2022-04-27 11:37:22 +01:00
yoff
9d774463f5 Merge pull request #8859 from tausbn/python-fix-bad-essa-joins 
Python: Fix a bunch of bad joins
 2022-04-27 12:27:50 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath 
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
 2022-04-27 11:27:43 +01:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00