Skip to content

Commit 770099f

Browse files
atorralbaatorralba
authored
Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks
2 parents 4606df5 + ac1df4d commit 770099f

File tree

1,736 files changed

+117872
-89044
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,736 files changed

+117872
-89044
lines changed

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"extensions": [
3-
"rust-lang.rust",
3+
"rust-lang.rust-analyzer",
44
"bungcip.better-toml",
55
"github.vscode-codeql",
66
"hbenl.vscode-test-explorer",

.github/workflows/tree-sitter-extractor-test.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
name: Test tree-sitter-extractor
2+
3+
on:
4+
push:
5+
paths:
6+
- "shared/tree-sitter-extractor/**"
7+
- .github/workflows/tree-sitter-extractor-test.yml
8+
branches:
9+
- main
10+
- "rc/*"
11+
pull_request:
12+
paths:
13+
- "shared/tree-sitter-extractor/**"
14+
- .github/workflows/tree-sitter-extractor-test.yml
15+
branches:
16+
- main
17+
- "rc/*"
18+
19+
env:
20+
CARGO_TERM_COLOR: always
21+
22+
defaults:
23+
run:
24+
working-directory: shared/tree-sitter-extractor
25+
26+
jobs:
27+
test:
28+
runs-on: ubuntu-latest
29+
steps:
30+
- uses: actions/checkout@v3
31+
- name: Check formatting
32+
run: cargo fmt --all -- --check
33+
- name: Run tests
34+
run: cargo test --verbose
35+
fmt:
36+
runs-on: ubuntu-latest
37+
steps:
38+
- uses: actions/checkout@v3
39+
- name: Check formatting
40+
run: cargo fmt --check
41+
clippy:
42+
runs-on: ubuntu-latest
43+
steps:
44+
- uses: actions/checkout@v3
45+
- name: Run clippy
46+
run: cargo clippy -- --no-deps -D warnings -A clippy::new_without_default -A clippy::too_many_arguments

config/identical-files.json

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,15 +40,13 @@
4040
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
4141
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
4242
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
43-
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll",
4443
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll",
4544
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll",
4645
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll",
4746
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll",
4847
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
4948
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
5049
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
51-
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll",
5250
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll",
5351
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll",
5452
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll",

cpp/ql/lib/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
## 0.7.1
2+
3+
No user-facing changes.
4+
15
## 0.7.0
26

37
### Breaking Changes

cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: feature
3+
---
4+
* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.

cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.

cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: majorAnalysis
3+
---
4+
* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.

cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: feature
3+
---
4+
* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.

cpp/ql/lib/change-notes/released/0.7.1.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
## 0.7.1
2+
3+
No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
---
2-
lastReleaseVersion: 0.7.0
2+
lastReleaseVersion: 0.7.1

0 commit comments

Comments
 (0)