Skip to content

fix: [pull] main from github:main #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 552 commits into
base: main
Choose a base branch
from
Open

fix: [pull] main from github:main #10

wants to merge 552 commits into from

Conversation

pull[bot]
Copy link

@pull pull bot commented Apr 28, 2021
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

MathiasVP and others added 30 commits April 14, 2021 16:30
@MathiasVP
C++: Make sure missingGuardAgainstOverflow (and underflow) holds when…
bb447d7 
… range analysis fails to deduce a bound.
@MathiasVP
C++: Fix duplicate names.
53a320a
@jbj
Merge pull request #5578 from MathiasVP/ast-flow-smart-pointers
b4f01c9 
C++: AST dataflow through smart pointers
@MathiasVP
C++: Make exprMightOverflowPositively/exprMightOverFlowNegatively hol…
ed64ed3 
…d for unanalyzable expressions. This hopefully means that expressions that do not satisfy these predicates will never overflow/underflow.
@geoffw0
Merge pull request #5677 from MathiasVP/fix-duplicate-ids-in-experime…
64fed4c 
…ntal

C++: Fix duplicate names in experimental queries
@dbartol
Fix formatting
b29f35f
@aeisenberg
Workflows: Remove dry-run flag for labeller
392adf2
@tausbn
Python: Fix bad join in total_cost
a7fcf52 
The recent change to `appliesTo` lead to a perturbation in the join
order of this predicate, which resulted in a cartesian product between
`call` and `ctx` being created (before being filtered by `appliesTo`).

By splitting the intermediate result into its own helper predicate,
suitably marked to prevent inlining/magic, we prevent this from
happening again.
@aeisenberg
Merge pull request #5659 from github/aeisenberg/mark-as-stale
56ba0f0 
Actions: Add workflow for marking stale questions
@artem-smotrakov
Added comments for tests
97186b3
@tausbn
Python: Prevent bad join in isinstanceEvaluatesTo
897d124 
In some cases, we were joining the result of `val.getClass()` against
the first argument of `Types::improperSubclass` before filtering out the
vast majority of tuples by the call to `isinstance_call`.

To fix this, we let `isinstance_call` take care of figuring out the
class of the value being tested. As a bonus, this cleans up the only
other place where `isinstance_call` is used, where we _also_ want to
know the class of the value being tested in the `isinstance` call.
@rdmarsh2
Merge pull request #5643 from dbartol/smart-pointers/side-effect-refa…
fe57876 
…ctor

C++: Refactor some side effect generation code
@ihsinme
Update InsufficientControlFlowManagementAfterRefactoringTheCode.ql
b30ae39
@codeql-ci
Merge pull request #5675 from erik-krogh/libXss
4be183c 
Approved by esbena
@haby0
rm VerificationMethodFlowConfig, use springframework-5.2.3 stub
b3bdf89
@smowton
Fix documentation of Modifier.qll
bd3b317
@asgerf
JS: Fix extraction of non-substitution template literal types
b4a2a9d
@hvitved
Merge pull request #5673 from hvitved/csharp/customizations
972cc47 
C#: Add `Customizations.qll`
@asgerf
JS: Change note
cb736c8
@asgerf
JS: Update TRAP
f8570bb
@hvitved
C#: Improve performance of SsaImpl::CallGraph::SimpleDelegateAnalysis
0f24db8
@haby0 @smowton
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLi…
5d05e4d 
…b.qll

Co-authored-by: Chris Smowton <smowton@github.com>
@haby0
delete tomcat-embed-core stub, update the ServletGetMethod class
583d088
@haby0
delete FilterClass
216f204
@haby0
CWE-598 reduction
d269a7e
@smowton
Merge pull request #5471 from artem-smotrakov/el-injection
fa36ba9 
Java: Query for detecting Jakarta Expression Language injections
@haby0
Finish comment
0e183ab
@MathiasVP
C++: Accept test changes after making the exprMightOverFlow predicate…
7fbc623 
…s more sound.
@codeql-ci
Merge pull request #5683 from asgerf/js/typescript-template-literal-t…
578ce1e 
…ype-crash

Approved by erik-krogh
@RasmusWL
Python: Add taint tests for .get() in flask
b359205
tamasvajk and others added 17 commits April 27, 2021 15:47
@tamasvajk
Fix error severity
51e08d4
@erik-krogh
add support for the anser library
9178f4b
@tamasvajk
Merge pull request #5557 from tamasvajk/feature/java-sinks-csv
4cc8866 
Java: convert sinks to CSV
@aeisenberg
Merge pull request #5775 from aeisenberg/aeisenberg/codeql-action-main
c6db90e 
Actions: Use the main branch of the codeql action
@hvitved
Merge pull request #5781 from hvitved/java/predictable-seed-df6
3737764 
Java: Use separate data-flow copy for `PredictableSeedFlowConfiguration`
@MathiasVP
Merge pull request #5737 from dbartol/dbartol/smart-pointers/work
0f141ed 
C++: IR Alias Analysis for smart pointers
@cklin
Fix inconsistencies in information about the thief
c27363c 
The find-the-thief exercise is inconsistent.  The first part lists 10 answered questions about the thief, but later discussion silently adds a new question as question 8, so there are a total of 11 answered questions.

This commit updates the first list of answered questions so that it matches later discussions and the sample solution.
@codeql-ci
Merge pull request #5786 from erik-krogh/anser
2b9fb79 
Approved by esbena
@tausbn
Python: Limit absolute imports
4ae3a23 
Limits the behaviour of #5614 in two ways:

First, we only consider files that are contained in the source archive.
This prevents unnecessary computation involving files in e.g. the
standard library.

Secondly, we ignore any relative imports (e.g. `from .foo import ...`),
as these only work inside packages anyway.

This fixes an observed performance regression on projects that include
`google-cloud-sdk` as part of their source code.
@tamasvajk
Merge pull request #5740 from tamasvajk/feature/diag
310baab 
C#: Add extraction error diagnostic query
@erik-krogh
add global replacements using inverted char classes as a sanitizer fo…
e60628d 
…r DOM based XSS
@erik-krogh
move InfiniteRepetitionQuantifier to Regexp.qll
160fa14
@erik-krogh
unlimited repetition of a wildcard is also a wildcard
d07c71c
@erik-krogh
use isWildcardLike in MetacharEscapeSanitizer
d5450f1
@yoff
Merge pull request #5791 from tausbn/python-limit-absolute-imports
73521e2 
Python: Limit absolute imports
@codeql-ci
Merge pull request #5782 from erik-krogh/domFP
9c5ad44 
Approved by esbena
@shati-patel
Merge pull request #5790 from github/cklin-find-the-thief-conditions-…
d288b92 
…sync

Fix inconsistency in the find-the-thief exercise
@pull pull bot added the ⤵️ pull label Apr 28, 2021
@atomist atomist bot added the auto-branch-delete:on-close Delete branch when pull request gets closed label Apr 28, 2021
@github-actions github-actions bot added documentation Improvements or additions to documentation C++ C# Java JS Python labels Apr 28, 2021
@atomist atomist bot added auto-merge-method:merge Auto-merge with merge commit auto-merge:on-bpr-success Auto-merge on passed branch protection rule labels Apr 28, 2021
@delete-merged-branch delete-merged-branch bot deleted the branch majacQ:main April 28, 2021 23:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@J-Vin J-Vin

Labels
⤵️ pull auto-branch-delete:on-close Delete branch when pull request gets closed auto-merge:on-bpr-success Auto-merge on passed branch protection rule auto-merge-method:merge Auto-merge with merge commit C++ C# changelog:fixed Add this issue or pull request to fixed changelog section changelog:security Add this issue or pull request to security changelog section documentation Improvements or additions to documentation enhancement New feature or request Java JS Python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.