hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 13:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,673 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
bf20b7dfc5 add change note for the ReDoS renamings 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
Anders Schack-Mulligen
4a317a25d3 Dataflow: Sync. 2022-06-23 14:34:52 +02:00
Anders Schack-Mulligen
c27290563a Dataflow: Perf fix, avoid node scans. 2022-06-23 14:34:05 +02:00
Ian Lynagh
1713c416c0 Kotlin: Remove unused function getDiagnosticLocation 2022-06-23 13:07:09 +01:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Tamas Vajk
cf18a9a04b Fix bad join order in Shadowing::shadows 
Fixes the bad join order in `Shadowing::shadows`:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@c4b8a90j:
           182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
           182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
           182915  ~3%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
           182833  ~0%    {4} r4 = JOIN r3 WITH classes ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.0
           182833  ~3%    {5} r5 = JOIN r4 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0, Lhs.1, Lhs.3, Rhs.1
        183352620  ~5%    {5} r6 = JOIN r5 WITH Member::Field::getType#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2, Lhs.4
            40529  ~0%    {5} r7 = JOIN r6 WITH Member::Field::getDeclaringType#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3, Lhs.1
              678  ~4%    {4} r8 = JOIN r7 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0
              670  ~4%    {4} r9 = r8 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
              670  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, In.2, In.3, In.1
                          return r10

After the fix:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@95ca976v:
        182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
        182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
        182915  ~0%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
        182915  ~7%    {5} r4 = JOIN r3 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.2, Lhs.0, Lhs.1
           678  ~4%    {4} r5 = JOIN r4 WITH Shadowing::getField#f4fb89a3#ffff ON FIRST 3 OUTPUT Lhs.3, Lhs.4, Lhs.0, Rhs.3
           670  ~4%    {4} r6 = r5 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
           670  ~3%    {4} r7 = SCAN r6 OUTPUT In.0, In.2, In.3, In.1
                       return r7
 2022-06-23 10:30:39 +02:00
Tamas Vajk
e65a046235 Fix test file after rebase 2022-06-23 09:51:48 +02:00
Tamas Vajk
579bfc22f3 Fix performance change in SecurityFlag 2022-06-23 08:46:33 +02:00
Tamas Vajk
79ec998636 Fix DB change compatibility to backwards 2022-06-23 08:45:11 +02:00
Tamas Vajk
7dad2f7fcb Fix DB upgrade properties 2022-06-23 08:45:11 +02:00
Tamas Vajk
074b90ea1a Add change note 2022-06-23 08:45:11 +02:00
Tamas Vajk
053ca2e940 Update DB stats file 2022-06-23 08:45:11 +02:00
Tamas Vajk
e03b48f293 Add DB upgrade folder 2022-06-23 08:45:11 +02:00
Tamas Vajk
dabc956dbf Unify loop break/continue statement handling between java and kotlin 2022-06-23 08:45:11 +02:00
Chris Smowton
46e6203493 Merge pull request #9626 from smowton/smowton/fix/dont-emit-synthetic-parameter-names 
Kotlin: don't emit synthetic parameter names
 2022-06-22 15:30:54 +01:00
Chris Smowton
00b4070866 Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query 
Java: Report log-injection at the source rather than the sink
 2022-06-22 14:27:50 +01:00
Chris Smowton
44cf260762 Merge pull request #9571 from smowton/smowton/fix/array-variance-lowering 
Kotlin: Implement array type variance lowering
 2022-06-22 13:38:21 +01:00
Chris Smowton
1f9f6d7c33 Java: Report log-injection at the source rather than the sink 
This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.
 2022-06-22 13:05:20 +01:00
Tony Torralba
cc354caa1f Merge pull request #9319 from atorralba/atorralba/add-editable-valueof-step 
Kotlin: Add taint step for String.valueOf(Editable)
 2022-06-22 13:50:30 +02:00
Tamás Vajk
c0e115700d Merge pull request #9647 from tamasvajk/kotlin-when-branch-encl-stmt 
Kotlin: Fix enclosing statement of `when` branches
 2022-06-22 13:18:56 +02:00
Ian Lynagh
c7a6b1e9a7 Merge pull request #9640 from igfoo/igfoo/vis 
Kotlin/Java: Add the beginnings of a "visibility" consistency query
 2022-06-22 11:34:15 +01:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00
Tamas Vajk
a50e062b3c Kotlin: Fix enclosing statement of when branches 2022-06-22 09:10:27 +02:00
Tamas Vajk
640026d387 Kotlin: add enclosing statement test 2022-06-22 09:09:57 +02:00
Michael Nebel
2b892bc000 Merge pull request #9553 from michaelnebel/csharp/narrowtelemetry 
C#/Java: Only display 1k most relevant results for ExternalApi telemetry queries.
 2022-06-22 07:35:56 +02:00
Ian Lynagh
52b229052d Kotlin/Java: Add the beginnings of a "visibility" consistency query 2022-06-21 17:24:37 +01:00
Anders Schack-Mulligen
f8f9b7d3b4 Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
d7d409f125 Merge pull request #9565 from github/post-release-prep/codeql-cli-2.9.4 
Post-release preparation for codeql-cli-2.9.4
 2022-06-21 11:51:29 +02:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Chris Smowton
4b825df60c Kotlin: don't emit synthetic parameter names 
The QL library already expects these to be missing in some cases and generates its own names when they are absent. Writing synthetic names to the database can produce inconsistencies if the true name is seen later.
 2022-06-20 19:19:35 +01:00
Ian Lynagh
875776d91d Merge pull request #9581 from igfoo/igfoo/redundant_cast 
Kotlin: Remove a redundant cast
 2022-06-20 17:28:49 +01:00
Michael Nebel
b4457de58c C#/Java: Fix typo in the QL doc comment. 2022-06-20 16:26:07 +02:00
Michael Nebel
b6ccaf14f6 Java: Update Log4J models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
733fc16902 Java: Update ThreadResourceAbuse specific models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
0d4321666a Java: Update fragment injection sinkmodels. 2022-06-20 16:20:02 +02:00
Michael Nebel
2cfeffcc17 Java: Update model generator tests with provenance column. 2022-06-20 16:20:02 +02:00
Michael Nebel
e851b03c6f Java: Add source and sink kind model validation. 2022-06-20 16:20:02 +02:00
Michael Nebel
8e7e6c4c6f Java: Update FlowTestCase generator with provenance wildcard. 2022-06-20 16:20:02 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Michael Nebel
4622b69c5d Java: Update flow summary impl and external flow to support provenance and include testing in Csv model validation. 2022-06-20 16:20:02 +02:00
Michael Nebel
649757c27f Java/Ruby: Sync files. 2022-06-20 16:20:01 +02:00