Merge master into docs-preparation#2863
Merged
semmle-qlci merged 110 commits intogithub:docs-preparationfrom Feb 18, 2020
Merged
Merge master into docs-preparation#2863semmle-qlci merged 110 commits intogithub:docs-preparationfrom
semmle-qlci merged 110 commits intogithub:docs-preparationfrom
Conversation
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but more of a warmup excersize for me
This changes the location from the import statement, to the actual expression
$ python2 -W default -c 'import posixfile' -c:1: DeprecationWarning: The posixfile module is deprecated; fcntl.lockf() provides better locking https://docs.python.org/2.7/library/posixfile.html
The predicate ``` argumentValueFlowsThrough(ArgumentNode arg, OutNode out, CallContext cc) ``` has been generalized to ``` argumentValueFlowsThrough( DataFlowCall call, ArgumentNode arg, Node out, ContentOption contentIn, ContentOption contentOut ) ``` This enables us to summarize normal flow-through (as before), getters, setters, as well as getter-setters.
With internal update to qltest it will not actually do something. - also remove it from the tests that never needed it.
…own-module Python: Fix FP for py/import own module
…packing Python: Handle iterable unpacking in taint tracking
…ated-module Python: fix alerts for py/import-deprecated-module
Approved by erik-krogh, max-schaefer
docs: expand QL book entry on monotonic aggregates
Java: Add String.format as default taint step.
…summaries Approved by aschackmull
JS: add query js/unsafe-jquery-plugin
Contributor
|
Many thanks for creating this merge PR @shati-patel. I guess we should wait for the tests to complete, but otherwise this looks great. JMOG |
felicitymay
approved these changes
Feb 18, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There's another small change to the QL handbook here, but this mergeback hopefully won't affect any of the other CodeQL documentation topics people are working on!
@felicitymay - could you review/approve please? 🙏