github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 348 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

47348 Коммитов

Автор SHA1 Сообщение Дата
Nora Dimitrijević 8f5af3fca6
Merge branch 'main' into swift/js-injection 2022-11-18 17:07:20 +01:00
Paolo Tranquilli 2cd58817d7 Swift: skip QL code generation on untouched files 
This is a developer QoL improvement, where running codegen will skip
writing (and especially formatting) any files that were not changed.

**Why?** While code generation in itself was pretty much instant, QL
formatting of generated code was starting to take a long time. This made
unconditionally running codegen quite annoying, for example before each
test run as part of an IDE workflow or as part of the pre-commit hook.

**How?** This was not completely straightforward as we could not work
with the contents of the file prior to code generation as that was
already post-processed by the QL formatting, so we had no chance of
comparing the output of template rendering with that. We therefore store
the hashes of the files _prior_ to QL formatting in a checked-in file
(`swift/ql/.generated.list`). We can therefore load those hashes at
the beginning of code generation, use them to compare the template
rendering output and update them in this special registry file.

**What else?** We also extend this mechanism to detect accidental
modification of generated files in a more robust way. Before this patch,
we were doing it with a rough regexp based heuristic. Now, we just store
the hashes of the files _after_ QL formatting in the same checked file,
so we can check that and stop generation if a generated file was
modified, or a stub was modified without removing the `// generated`
header.
 2022-11-18 16:56:01 +01:00
Taus 07969260c8
Merge pull request #11132 from erik-krogh/parentQl 
QL: fix non-attached annotations for newtype branches
 2022-11-18 15:45:02 +01:00
Chris Smowton f589ba8b9c
Merge pull request #11327 from github/post-release-prep/codeql-cli-2.11.4 
Post-release preparation for codeql-cli-2.11.4
 2022-11-18 14:42:51 +00:00
Taus d79eed533b Python: Remove unwanted recursion 
Depending on `localFlowStep` meant that this predicate ended up being
recursive with itself (by way of flow summaries which depend on API
graphs, which in turn depend on import resolution).

Changing this to use the simple local flow step predicate that we use
for type tracking should fix this issue.
 2022-11-18 13:50:50 +00:00
erik-krogh 3cdfed9483
CI: delete language specific codeql query compile checks 2022-11-18 14:41:29 +01:00
Erik Krogh Kristensen e777934290
Merge pull request #11316 from erik-krogh/examplesComp 
CI: Also compile the `examples` folder
 2022-11-18 12:29:03 +01:00
github-actions[bot] 5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Geoffrey White 2cf302f9df Merge branch 'main' into alamofire2 2022-11-18 10:48:53 +00:00
erik-krogh 7c091fa6cd
also compile the examples folders as part of the compilation check 2022-11-18 10:31:42 +01:00
erik-krogh 23dc977d48
add a severity to incompleteswitchoverenum.ql to fix a compiler warning 2022-11-18 10:29:42 +01:00
Geoffrey White 16a84bd94a Merge branch 'main' into alamofire2 2022-11-18 09:28:46 +00:00
Taus e76ab8c78c Merge branch 'main' into python-clean-up-import-resolution 2022-11-17 22:47:50 +00:00
erik-krogh 468a879c1f
Python: delete dead code. thanks QL-for-QL 2022-11-17 22:12:51 +01:00
erik-krogh ba2734909f
JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh 3635db8244
JS: delete the deprecated [queryName].qll files 2022-11-17 22:12:50 +01:00
erik-krogh 635b8772d7
JS: delete old deprecations 2022-11-17 22:12:50 +01:00
erik-krogh e491b61e09
Python: move the contents of `PEP249Impl` to `PEP249`, which is possible now that the deprecations have been deleted 2022-11-17 22:12:50 +01:00
erik-krogh a7ba693ccb
Python: delete old deprecations 2022-11-17 22:12:50 +01:00
erik-krogh a4e5d752e1
Java: delete old deprecations 2022-11-17 22:12:50 +01:00
erik-krogh d5ec781d4c
C#: delete old deprecations 2022-11-17 22:12:50 +01:00
erik-krogh a5a244fc53
CPP: delete old deprecations 2022-11-17 22:12:50 +01:00
Chris Smowton e83cc59cba
Merge pull request #11296 from smowton/smowton/fix/kotlin-string-literal-formatting 
Kotlin: format string literals like the Java annotaton extractor
 2022-11-17 20:04:09 +00:00
Chris Smowton 29c47ad515
Merge pull request #11320 from github/release-prep/2.11.4 
Release preparation for version 2.11.4
 2022-11-17 18:57:14 +00:00
Geoffrey White 2780d9a9a3 Merge branch 'main' into optionals2 2022-11-17 18:16:46 +00:00
Chris Smowton cf34dbd276 Kotlin: format string literals like the Java annotaton extractor 
Java's regular strings are formatted as they appear in source, but we don't easily have this information available in Kotlin. During annotation extraction however it guesses a source rendering because the source is not necessarily available. By formatting to match the annotation extractor, we prepare to ensure consistency with a Java database
when extracting annotations as seen by Kotlin.
 2022-11-17 17:28:17 +00:00
Nora Dimitrijević 8b332778e3 Swift: update `@security-severity` 2022-11-17 18:08:06 +01:00
Chris Smowton 0deb2d4c5f
Copyedit Python release notes 2022-11-17 17:03:09 +00:00
Chris Smowton 63fcbb5969
Copyedit Python release notes 2022-11-17 17:02:55 +00:00
Chris Smowton 0219c2b02b
Copyedit Javascript changelog 2022-11-17 17:02:01 +00:00
Chris Smowton 80b2f0d3cd
Coopyedit Javascript changelog 2022-11-17 17:01:43 +00:00
Chris Smowton d45c35a02e
Copyedit the Java src qlpack 0.4.4 release nnotes 2022-11-17 16:57:08 +00:00
Chris Smowton 47f07d83b8
Copyedit Java src qlpack changelog 2022-11-17 16:56:39 +00:00
Chris Smowton e13eb79f5b
Java: edit 0.4.4 release notes to match the changelog 2022-11-17 16:55:26 +00:00
Chris Smowton 2bd151ba9c
Copyedit Java changelog 2022-11-17 16:54:33 +00:00
Chris Smowton 7c74350d5e
Copyedit Java changelog 2022-11-17 16:51:21 +00:00
github-actions[bot] e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Owen Mansel-Chan ac54da7d93
Merge pull request #11002 from owen-mc/dataflow/sync-go-libraries 
Update go libraries to 55e052a
 2022-11-17 15:22:31 +00:00
Owen Mansel-Chan 4073d77635
Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan ab15a19028
Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan 166a3688f8
Use standard variable names for `hasLocationInfo` 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan 1a65a27fde
Update test expectations 
In https://github.com/github/codeql/pull/8641, `localFlowExit` was
changed to use `Stage2::readStepCand` instead of `read`, which means
that the big-step relation is broken up less. This causes test result
changes. Nothing is lost from the `select` clause, but some results may
have fewer paths, and fewer nodes and edges are output in the test
results.
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan 71aeeee7c8
Accept trivial change to test output 
In the `subpaths` section, the last node is now printed without its type
if it is the sink of the path.

This comes from the commit "Dataflow: Bugfix: include subpaths ending at
a sink. " in https://github.com/github/codeql/pull/7526
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan f2e2c02db6
Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan 1718ef88be
Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 736435adda
Go: Add stub `expectsContent` 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 50210a9d24
Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 83a3af2fff
Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan 10ed4ad3df
Go: Split `summaryThroughStep` into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan 1ee5d3e80e
Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00