github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 946 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

59946 Коммитов

Автор SHA1 Сообщение Дата
Paolo Tranquilli 7cc20587ad Codegen: add `@qltest.test_with` 
This allows to group together related AST classes to reuse the same
test source and extraction. For example this is useful for
`EnumDecl/EnumCaseDecl/EnumElementDecl`, where this is applied to.
 2023-10-23 14:51:22 +02:00
Stephan Brandauer 319b799f95
Merge pull request #14553 from github/kaeluka/fix-positive-example-query 
Java: Automodel Framework Mode Extraction Bug
 2023-10-23 09:48:49 +02:00
Owen Mansel-Chan b46174f464
Merge pull request #14536 from owen-mc/go/amend-library-coverage 
Go: Add Go frameworks for automated coverage reports
 2023-10-20 21:28:30 +01:00
Stephan Brandauer 1d7c2f4799 Java: format 2023-10-20 16:37:46 +02:00
Stephan Brandauer f0c0bbf4c8 remove bug: needless restriction to sink examples in framework mode +examples 2023-10-20 16:34:29 +02:00
Mathias Vorreiter Pedersen 6c10ba2fb1
Merge pull request #14495 from github/calumgrant/comp-generated-this 
C++: Fix ImplicitThisFieldAccess
 2023-10-20 15:25:26 +01:00
Calum Grant 8054a5d086 C++: Add changenote 2023-10-20 14:48:20 +01:00
Erik Krogh Kristensen f562d5319f
Merge pull request #14539 from flyboss/main 
fix typo ('Configration' to ‘Configuration’)
 2023-10-20 14:10:42 +02:00
Paolo Tranquilli c92519ed6b
Merge pull request #14538 from github/redsun82/add-unspecified-element-children 
Swift: add children to `UnspecifiedElement`
 2023-10-20 12:27:05 +02:00
Michael B. Gale 58fe66f5a8
Merge pull request #14550 from github/mbg/docs/bump-to-go1.21 
Bump to Go 1.21 in supported compilers docs
 2023-10-20 11:09:59 +01:00
flyboss ee813c1e61
Update UnsafeHtmlConstructionQuery.qll 
add a deprecated alias in case anyone depends on the misspelled name.
 2023-10-20 17:57:23 +08:00
Michael B. Gale 46aa712c28
Bump to Go 1.21 in supported compilers docs 2023-10-20 10:49:02 +01:00
Esben Sparre Andreasen 1b9b6ae5b5
Merge pull request #14542 from github/esbena/proper-check-change-note 
Improve change note checking
 2023-10-20 11:47:53 +02:00
Ian Lynagh a4ef183a2e
Merge pull request #14529 from igfoo/igfoo/classid_fqname 
Kotlin: Don't convert back and forth between ClassId and FqName
 2023-10-20 10:28:25 +01:00
Dave Bartolomeo 07eb60d044
Merge pull request #14531 from github/post-release-prep/codeql-cli-2.15.1 
Post-release preparation for codeql-cli-2.15.1
 2023-10-19 13:32:33 -04:00
Dave Bartolomeo 712f7758cf
Merge branch 'main' into post-release-prep/codeql-cli-2.15.1 2023-10-19 12:14:07 -04:00
Erik Krogh Kristensen 2a1ca637fd
Merge pull request #14543 from erik-krogh/string-not-int 
move the documentation of codePointAt and codePointCount to the string type instead of the int type
 2023-10-19 14:39:10 +02:00
erik-krogh 5cd732b3c6
move the documentation of codePointAt and codePointCount to the string type instead of the int type 2023-10-19 12:57:06 +02:00
Mathias Vorreiter Pedersen 0ab159f803
Merge pull request #14135 from github/sashabu/frontend-update 
C++: Update for changes in frontend.
 2023-10-19 11:40:24 +01:00
Esben Sparre Andreasen 2c99e2f3d5 improve change note file name checks 2023-10-19 12:16:27 +02:00
Esben Sparre Andreasen 836bb6006c improve env var usage in check-change-note.yml 2023-10-19 12:05:29 +02:00
Mathias Vorreiter Pedersen 0bfa53cfd6
Merge pull request #14524 from MathiasVP/add-more-dataflow-documentation 
C++: Add more documentation about dataflow through indirections
 2023-10-19 10:32:12 +01:00
Mathias Vorreiter Pedersen 4feda50add
Update docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-10-19 11:00:42 +02:00
Mathias Vorreiter Pedersen b5cbd909f7
Update docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-10-19 11:00:33 +02:00
Mathias Vorreiter Pedersen 35702a9fdf
Update docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-10-19 11:00:18 +02:00
Jeroen Ketema a972d0943a
C++: Accept test changes after changes in IR generation 2023-10-19 10:45:14 +02:00
Jeroen Ketema 2a64552979
C++: Add support for C23/C++23 floating-point types 2023-10-19 10:45:14 +02:00
Jeroen Ketema 7e71d9e619
C++: Update expected test results after outputting less loads from the extractor 2023-10-19 10:45:14 +02:00
Jeroen Ketema bec3e62771
C++: Update `cpp/constant-array-overflow` test results after frontend update 2023-10-19 10:45:14 +02:00
Jeroen Ketema 23c6027386
C++: Update expected test changes after frontend update 2023-10-19 10:45:13 +02:00
Jeroen Ketema 8b8a2726d4
C++: Accept semantic range analysis test changes due to extra loads in the IR 2023-10-19 10:45:13 +02:00
Jeroen Ketema 554087161b
C++: Accept sign analysis test changes 
The IR now contains extra loads that need to be accounted for.
 2023-10-19 10:45:13 +02:00
Jeroen Ketema 5036135f01
C++: Fix IR generation for the comma operator 2023-10-19 10:45:13 +02:00
Jeroen Ketema 0fceecee6d
C++: Fix extractor options for `deprecated_with_msg` test 
The previous extractor options no longer work, because the default assumed
compiler versions have changed in the frontend.
 2023-10-19 10:45:13 +02:00
Jeroen Ketema e271c7e5e7
C++: Accept IR GVN test changes a `CopyValue` is now `Load` due to IR changes 2023-10-19 10:45:13 +02:00
Jeroen Ketema 91a98f3512
C++: Accept new dataflow IR inconsistencies 
These are due to additional loads being generated on fields, and should not
cause any problems. Ideally, we should tune the definition of
`TPostFieldUpdateNode` to make these go away.
 2023-10-19 10:45:13 +02:00
Jeroen Ketema 231e9ef098
C++: Accept PrintAST value category changes after frontend update 2023-10-19 10:45:13 +02:00
Jeroen Ketema a6dae91215
C++: Accept IR test changes after value category updates 2023-10-19 10:45:12 +02:00
Jeroen Ketema 3202bcce70
C++: Handle ternary operators whose value category is a prvalue with a load 2023-10-19 10:45:12 +02:00
Jeroen Ketema c60cb136bb
C++: Do not generate loads for `ParenthesisExpr`s 2023-10-19 10:45:12 +02:00
Jeroen Ketema 4339e18ed6
C++: Update IR generation for changes in frontend 2023-10-19 10:45:12 +02:00
Tony Torralba 049ba54948
Merge pull request #14533 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-10-19 08:56:36 +02:00
Erik Krogh Kristensen daca5121f6
Merge pull request #14540 from github/dependabot/cargo/ql/tracing-0.1.40 
Bump tracing from 0.1.39 to 0.1.40 in /ql
 2023-10-19 08:47:56 +02:00
dependabot[bot] 2af1302a4a
Bump tracing from 0.1.39 to 0.1.40 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.39 to 0.1.40.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.39...tracing-0.1.40)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-19 03:33:14 +00:00
flyboss 86336565eb fix typo 2023-10-19 02:34:31 +00:00
github-actions[bot] 065353667f Add changed framework coverage reports 2023-10-19 00:15:51 +00:00
Tony Torralba da44b13fd4
Merge pull request #14515 from atorralba/atorralba/java/spring-csrf-improv 
Java: Improve java/spring-disabled-csrf-protection
 2023-10-18 17:49:10 +02:00
Paolo Tranquilli d55289bf68 Swift: add children to `UnspecifiedElement` 
This will allow better downgrade scripts in the future.
 2023-10-18 16:42:04 +02:00
Michael B. Gale 4246ebf9e0
Merge pull request #14535 from github/mbg/go/dependabot-ignore-tests 
Go: Add Dependabot config for `go/ql/test` which ignores all dependencies
 2023-10-18 14:40:16 +01:00
Michael B. Gale 771b5eca47
No `allow`, only `ignore` 2023-10-18 14:25:38 +01:00