Skip to content

JS: only set the file in the diagnostics message if the file is within the source root #12742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1,136 commits into from
Closed

JS: only set the file in the diagnostics message if the file is within the source root #12742

wants to merge 1,136 commits into from

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Apr 3, 2023
edited
Loading

This should fix #12734

I wasn't able to replicate locally, but the stack-trace in the issue provided enough information.

It was this change that caused the null-pointer: #12113 (comment)

d10c and others added 30 commits March 27, 2023 23:01
@d10c
Swift: move BindingPattern to the hidden AST
feb8243
@d10c
Swift: add NamedPattern.getVarDecl()
5419e65
@d10c
Swift: add EnumElementExpr + Pattern.getMatchingExpr()
c2e9ffa
@d10c
Swift: add Pattern.getEnclosingPattern()
5c79563
@d10c
Swift: Content-based dataflow through case let
052a008
@d10c
Swift: fixes responding to comments
9353549
@d10c
Swift: distinguish Pattern.get(Immediate)EnclosingPattern
a715ebe
@d10c
Swift: introduce Node.asPattern()
7dc7938
@d10c
Swift: distinguish between Pattern.get(Immediate)IdentityPreservingEn…
6a12726 
…closingPattern
@d10c
Swift: fix a bunch of MISSING dataflow test cases
03122d7 
Optional content flow through constructors remains.
@d10c
Swift: add .some enum content to init? calls
41b283c 
Again, this is hacky; we don't distinguish rigorously between an
optional value and its content (similar to how it was before enum
content flow).
@d10c
Swift: fix QLdoc check for EnumElementExpr.qll
239e14b
@MathiasVP
C++: Make sign analysis aware of unsigned'ness and accept test changes.
724d97e
@jketema
C++: Add support for bounded modulus operations
99c6111
@jketema
C++: Address review comment
9303055
@jketema
C++: Address review comment
12da4f7
@github-actions
Add changed framework coverage reports
2573efa
@MathiasVP
Merge pull request github#12655 from jketema/range-rem
58c7148
@hvitved
Merge pull request github#12612 from hvitved/ruby/print-ast-desugar-r…
e3799ad 
…eorder

Ruby: Order synthetic children in PrintAST based on their index instead of location
@michaelnebel
Merge pull request github#12410 from michaelnebel/java/docs-models-as…
7283002 
…-data

Java: Docs MaD using extensions.
@yoff
Merge pull request github#12517 from yoff/python/fix-documentation-re…
a034f89 
…direct-type-inference

python: Fix link to type inference
@michaelnebel
Merge pull request github#12648 from michaelnebel/csharp/cs-web-debug…
730848c 
…-binary

C#: Improve cs/web/debug-binary to repect the RemoveAttributes transformation.
@yoff
Merge pull request github#11515 from yoff/py/port-comparison-using-is
a1a2eb3 
python: port `py/comparison-using-is`
@aschackmull
Java: Support double-recursive range analysis bounds for addition.
b5c66c5
@asgerf
Merge pull request github#12654 from asgerf/rb/always-resolve-topleve…
32bab0b 
…l-namespace

RB: always resolve toplevel namespaces to their locally qualified name
@asgerf @aeisenberg
Update docs/codeql/codeql-language-guides/customizing-library-models-…
a5b1677 
…for-javascript.rst

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
@aschackmull
Dataflow: Remove accidentally exposed predicates.
d406b05
@RasmusWL
Python: Add tests of `py/azure-storage/unsafe-client-side-encryption-…
691ffcd 
…in-use`

Notice that it doesn't find the potentially unsafe version, or the vuln that spans calls.
@RasmusWL
Python: Rewrite azure query to more idiomatic ql
7a17cd2
@RasmusWL
Python: Update `py/azure-storage/unsafe-client-side-encryption-in-use…
8ea6b6f 
…` to use datafow
egregius313 and others added 9 commits March 31, 2023 12:38
@egregius313
Merge pull request github#12563 from egregius313/egregius313/refactor…
2b9daed 
…-java-libs-to-dataflow-modules

Java: Refactor Java query libraries to use dataflow modules
@MathiasVP
C++: Fix join order in 'cpp/unsafe-strncat'.
e5700e0
@jketema
Merge pull request github#12738 from MathiasVP/fix-join-in-suspecious…
69619f1 
…-call-to-strncat

C++: Fix join order in `cpp/unsafe-strncat`
@redsun82
Merge pull request github#12725 from github/redsun82/swift-successful…
5e45377 
…ly-extracted-lines

Swift: add `SuccessfullyExtractedLines` query
@jketema
JS: Fix qhelp after file rename
17bd9c1
@MathiasVP
Merge pull request github#12719 from jketema/typebound-size
9a34a7b
@asgerf
Merge pull request github#12671 from asgerf/ql/class-type
e5d090c 
QL: Make Class.getType() only return ClassType
@jketema
Merge pull request github#12741 from jketema/js-qhelp-example-fix
ecf92f0 
JS: Fix qhelp after file rename
@erik-krogh
only set the file in the diagnostics message if the file is within th…
8e175be 
…e source root
@github-actions github-actions bot added the JS label Apr 3, 2023
@erik-krogh erik-krogh mentioned this pull request Apr 3, 2023
Closed
@erik-krogh erik-krogh requested a review from aibaars April 3, 2023 09:00
@erik-krogh erik-krogh marked this pull request as ready for review April 3, 2023 09:00
@erik-krogh erik-krogh requested a review from a team as a code owner April 3, 2023 09:00
aibaars
aibaars approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@aibaars aibaars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

aibaars
aibaars requested changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@aibaars aibaars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps this should be for the rc/3.9 branch

henrymercer
henrymercer reviewed Apr 3, 2023
View reviewed changes
javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
if (file.startsWith(LGTM_SRC)) {
relativeFilePath = file.subpath(LGTM_SRC.getNameCount(), file.getNameCount()).toString();
builder = builder.setFile(file.subpath(LGTM_SRC.getNameCount(), file.getNameCount()).toString());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we skip diagnostics, or perhaps just diagnostic locations, for files outside the source root? I'm not sure how useful it is to have a location with a range but without a file path.

@erik-krogh erik-krogh changed the base branch from main to codeql-cli-2.12.6 April 3, 2023 10:36
@erik-krogh erik-krogh requested review from a team as code owners April 3, 2023 10:36
@erik-krogh erik-krogh closed this Apr 3, 2023
@erik-krogh
Copy link
Contributor Author

Sorry for the ping, bad change of branch.
I'll reopen another PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrymercer henrymercer

@aibaars aibaars

Assignees
No one assigned
Labels
JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Vue.js + TS] Perform CodeQL Analysis fails when tuple is used as a type in a vue component