Skip to content
Permalink
main
Switch branches/tags

Commits on Sep 30, 2022

  1. Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods 

    Ruby: Account for `protected` methods in call graph
    @hvitved
    hvitved committed Sep 30, 2022
    292bc67

  2. Ruby: Add more call graph tests for protected methods

    @hvitved
    hvitved committed Sep 30, 2022
    dd7458a

  3. Merge pull request #10627 from hvitved/ruby/synthesis-reduce-non-line… 

    …ar-rec

Ruby: Reduce size of input predicate for non-linear recursion
    @hvitved
    hvitved committed Sep 30, 2022
    32d002e

  4. Merge pull request #10617 from tamasvajk/kotlin-op-calls 

    Kotlin: extract operator expression when operator is in method call form
    @tamasvajk
    tamasvajk committed Sep 30, 2022
    5017b21

  5. Merge pull request #10642 from github/aibaars-patch-2 

    Run QLHelp preview for all languages
    @aibaars
    aibaars committed Sep 30, 2022
    d54a305

  6. Merge pull request #10375 from asgerf/rb/summarize-loads-v2 

    Ruby: type-tracking and API edges through simple library callables
    @asgerf
    asgerf committed Sep 30, 2022
    6e1914a

  7. Kotlin: extract operator expression when operator is in method call form

    @tamasvajk
    tamasvajk committed Sep 30, 2022
    121a564

  8. Kotlin: Add test cases for operators being called by name

    @tamasvajk
    tamasvajk committed Sep 30, 2022
    0f9b6d4

  9. Merge pull request #10641 from github/nickrolfe/a_an 

    JS/Python/Ruby: s/a HTML/an HTML/
    @nickrolfe
    nickrolfe committed Sep 30, 2022
    ef8ec08

  10. Merge pull request #10634 from yoff/python/rewrite-typetrackers 

    Approved by tausbn
    @codeql-ci
    codeql-ci committed Sep 30, 2022
    b66e5c5

  11. Run QLHelp preview for all languages

    @aibaars
    aibaars committed Sep 30, 2022
    c7b0197

  12. Merge pull request #10624 from tamasvajk/kotlin-java-fn-equivalence-r… 

    …emove

Kotlin: find java-kotlin equivalent functions by erased parameter types
    @tamasvajk
    tamasvajk committed Sep 30, 2022
    ee59bda

  13. Merge pull request #10630 from igfoo/igfoo/ver0 

    Kotlin: Make newerThan symmetric
    @igfoo
    igfoo committed Sep 30, 2022
    9be2ca2

  14. JS/Python/Ruby: s/a HTML/an HTML/

    @nickrolfe
    nickrolfe committed Sep 30, 2022
    ed74e0a

  15. Merge pull request #10625 from github/henti/ql_jobrunson 

    Added job.getRunsOn
    @henti
    henti committed Sep 30, 2022
    476960e

  16. Merge pull request #10636 from erik-krogh/fixHardcoded 

    JS: recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
    @erik-krogh
    erik-krogh committed Sep 30, 2022
    06ea829

  17. Ran autoformatter on Actions.qll

    @henti
    henti committed Sep 30, 2022
    074fac8

  18. Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr 

    Ruby: Postupdate notes for assignment expressions.
    @michaelnebel
    michaelnebel committed Sep 30, 2022
    82294c1

  19. Merge pull request #10594 from michaelnebel/csharp/postupdatenotes 

    C#: Postupdate notes for ternary expressions.
    @michaelnebel
    michaelnebel committed Sep 30, 2022
    c867f2b

  20. Merge pull request #10598 from hmac/hmac/actioncontroller-metal 

    Ruby: Identify ActionController::Metal controllers
    @hmac
    hmac committed Sep 30, 2022
    4a39bc8

Commits on Sep 29, 2022

  1. update expected output

    @erik-krogh
    erik-krogh committed Sep 29, 2022
    9f2d7df

  2. recognize another kind of dummy passwords to fix an FP in hardcoded-c… 

    …redentials
    @erik-krogh
    erik-krogh committed Sep 29, 2022
    0a5ff1b

  3. Merge pull request #10539 from yoff/python/improve-API-graphs 

    Python: add subscript to API graphs
    @yoff
    yoff committed Sep 29, 2022
    8ab5617

  4. python: rewrite type tracker for ldap operations 

    There are several other clean ups I would like to do in this file,
but this can wait until we promote the query.
    @yoff
    yoff committed Sep 29, 2022
    84ab860

  5. python: rewrite type tracker for compiled regexes 

    we have the option to use `regex.getAValueReachingSink`
rather than `regex.asSink`, but it will likely be used as a
sink for data flow.
    @yoff
    yoff committed Sep 29, 2022
    0654e39

  6. Merge pull request #10632 from jf205/lgtm-updates 

    Remove a mentions of LGTM.com from the README and style guides
    @jf205
    jf205 committed Sep 29, 2022
    7ffbc73

  7. Merge pull request #10613 from github/henrymercer/atm-update-expected… 

    …-output

ATM: Update expected test output
    @henrymercer
    henrymercer committed Sep 29, 2022
    35e9e7d

  8. Merge branch 'main' into lgtm-updates

    @jf205
    jf205 committed Sep 29, 2022
    8f6de12

  9. remove a few mentions of LGTM.com

    @jf205
    jf205 committed Sep 29, 2022
    d75b1e3

  10. Kotlin: Make newerThan symmetric 

    "0.0 last-modified 0" and "0.0 last-modified 123" were giving
different comparisons depending on which way round they were.
    @igfoo
    igfoo committed Sep 29, 2022
    66a8bc5

  11. Merge pull request #10609 from MathiasVP/overrun-write-only-flag-over… 

    …running-write

C++: Make `OverrunWriteProductFlow` raise alerts on overflows
    @rdmarsh2
    rdmarsh2 committed Sep 29, 2022
    9b03e1c

  12. Ruby: Reduce size of input predicate for non-linear recursion 

    Before, we would be recursive in all of `MethodCall::getMethodName`:

```
Evaluated named local Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi in 9803ms on iteration 14 (size: 31006941).
Evaluated relational algebra for predicate Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi on iteration 14 running pipeline main with tuple counts:
          256419  ~1%    {2} r1 = SCAN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta OUTPUT In.1, In.0
        31006941  ~8%    {4} r2 = JOIN r1 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2, Rhs.3
                         return r2
```

Now, we have restricted that to only the relevant method names.
    @hvitved
    hvitved committed Sep 29, 2022
    a5fbe75

  13. Python: sync TypeTracker.qll

    @asgerf
    asgerf committed Sep 29, 2022
    ed36f19

  14. Ruby: ensure pruning works with startInContent

    @asgerf
    asgerf committed Sep 29, 2022
    ae60b0a

  15. Added JobRunson

    @henti
    henti committed Sep 29, 2022
    700eaf5
Older