hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

1029 Commits

Author SHA1 Message Date
Owen Mansel-Chan
64432215a9 Make "reverse-dns" pass validation 2024-07-08 15:16:14 +01:00
Owen Mansel-Chan
8526510783 Add ungrouped threat models to threat-model-grouping.model.yml 2024-07-08 15:15:40 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Tom Hvitved
4ae8720930 SSA: Add BasicBlock.{getNode/1,length/0} to the input signature 2024-07-03 11:32:35 +02:00
Michael Nebel
25b20186af Merge pull request #16861 from michaelnebel/modelgen/sourcesinklift 
C#/Java: Do not lift source and sink models.
 2024-07-02 08:50:31 +02:00
Owen Mansel-Chan
60b9d19d72 Add explicit relation between "reverse-dns" and "all" 2024-06-29 21:29:21 +01:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Tom Hvitved
e1c1314824 Shared: Generate mermaid output in View CFG query 2024-06-28 09:45:22 +02:00
Michael Nebel
64ac52e918 C#: Only lift summary models in the model generator. 2024-06-27 09:54:00 +02:00
Anders Schack-Mulligen
9d8ee99c1c Merge pull request #16806 from aschackmull/dataflow/debug-stages 
Dataflow: Add path-problem view of intermediate stages for debug purposes.
 2024-06-26 12:53:12 +02:00
Anders Schack-Mulligen
1cc49af454 Dataflow: Address review comments. 2024-06-25 15:19:55 +02:00
Asger F
551743e000 Shared: add location for 'this' CaptureContainer 
Only has an effect for debugging purposes
 2024-06-25 10:34:28 +02:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
Owen Mansel-Chan
8458bde51e Add comment that "reverse-dns" is an ungrouped threat model 2024-06-24 21:23:52 +01:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
fdf6e30888 Dataflow: Handle non-trivial type systems with stores into a top type. 2024-06-24 13:35:50 +02:00
Anders Schack-Mulligen
a26132e818 Dataflow: Replace stage 3 type pruning with flow-insensitive type pruning. 2024-06-24 13:35:50 +02:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Anders Schack-Mulligen
06a7e3f3ee Dataflow: Cache typeStrongerThan. 2024-06-24 13:35:48 +02:00
Anders Schack-Mulligen
bd99f32a4b Dataflow: Check types on ParamReturnNode. 2024-06-24 13:35:47 +02:00
Michael Nebel
65e150b416 Add parameterized module for MaD model printing. 2024-06-24 11:48:33 +02:00
Anders Schack-Mulligen
accc73d1d0 Dataflow: Add debug graph for pruning stages. 2024-06-21 14:25:32 +02:00
Anders Schack-Mulligen
bbdae5188d Dataflow: Add ArgNodeEx column to fwdFlowIsEntered. 2024-06-21 14:10:37 +02:00
Anders Schack-Mulligen
fa13861e53 Dataflow: Add Debug module with stage references. 2024-06-21 14:02:07 +02:00
Michael Nebel
197cdab43d Merge pull request #16752 from michaelnebel/shared/sourcesinkcallables 
C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink
 2024-06-17 14:58:27 +02:00
Anders Schack-Mulligen
0e8af39b77 Merge pull request #16719 from aschackmull/shared/fix-qldoc 
Shared: Fix file-module qldoc.
 2024-06-17 13:26:57 +02:00
Michael Nebel
57925373c6 Address review comment. 2024-06-17 13:02:25 +02:00
Michael Nebel
3d53ddf919 DataFlow: Add some shared classes for Neutrals, Source and Sink callables. 2024-06-17 12:53:03 +02:00
Mathias Vorreiter Pedersen
0150269503 Merge branch 'rc/3.14' into rc-3.14-mergeback-2 2024-06-13 09:14:40 +01:00
Mathias Vorreiter Pedersen
5b3403c4b1 C++: Fix bad join in 'lastRefRedefExt'. 2024-06-12 15:24:58 +01:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Anders Schack-Mulligen
939ae4a561 Dataflow: Remove unused import. 2024-06-11 08:55:44 +02:00
Anders Schack-Mulligen
87316784ad Shared: Fix file-module qldoc. 2024-06-11 08:49:15 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
7e980d9524 Add a bit more qldoc. 2024-06-07 11:47:50 +02:00
Anders Schack-Mulligen
4ec4da4c8c Dataflow/Java: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:45:13 +02:00
Mathias Vorreiter Pedersen
5deb9002bf Merge pull request #16665 from geoffw0/yml 
C++: Support for extension models (.yml)
 2024-06-06 14:21:42 +01:00
Geoffrey White
894497218d Shared: Recognize 'remote-sink' in ModelValidation.qll. 2024-06-06 12:49:13 +01:00
Tom Hvitved
e6dc36b2c4 Merge pull request #16636 from hvitved/tree-sitter/verbosity-fix 
Tree-sitter: Verbosity fixes
 2024-06-04 08:33:28 +02:00
Tom Hvitved
58ce3e805e Merge pull request #16633 from hvitved/dataflow/inline-pred 
Data flow: Inline `isUnreachableInCall1`
 2024-05-31 20:12:14 +02:00
Tom Hvitved
beeae69845 Tree-sitter: Verbosity fixes 2024-05-31 20:10:19 +02:00
Tom Hvitved
be4fce26c0 Merge pull request #16631 from hvitved/tree-sitter/multi-file-lists 
Tree-sitter: Allow for multiple file lists in simple extractor
 2024-05-31 12:47:11 +02:00
Tom Hvitved
42d87f6d19 Data flow: Inline isUnreachableInCall1 2024-05-31 12:25:11 +02:00
Tom Hvitved
d6a3765597 Tree-sitter: Allow for multiple file lists in simple extractor 2024-05-31 11:15:21 +02:00
Tom Hvitved
775625968a Merge pull request #16602 from hvitved/dataflow/fix-bad-join 
Data flow: Fix bad join
 2024-05-29 09:53:56 +02:00
Anders Schack-Mulligen
2f95851537 Merge pull request #16603 from aschackmull/dataflow/location 
Dataflow/Go: Add getLocation to DataFlowCall and DataFlowCallable for easier debugging.
 2024-05-29 08:58:22 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
Tom Hvitved
059ce1ba15 Data flow: Fix bad join 
Before
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox__#count_range@9acc2d7t with tuple counts:
              875   ~0%    {3} r1 = SCAN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` OUTPUT _, In.0, In.1
              875   ~0%    {3}    | REWRITE WITH Tmp.0 := 1, Out.0 := (InOut.2 - Tmp.0)
        113896125   ~1%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        113896125   ~7%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
             2404   ~9%    {5}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2, Lhs.3, _
             2404  ~14%    {5}    | REWRITE WITH Out.4 := 1
                           return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@c47f87cq with tuple counts:
        365  ~0%    {2} r1 = JOIN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f_102#join_rhs` WITH `__DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathAppro__#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Rhs.2
                    return r1
```

After
```
Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854@46e7620j with tuple counts:
        848899   ~5%    {3} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d` OUTPUT In.0, _, In.1
        848899   ~0%    {2}    | REWRITE WITH Tmp.1 := 1, Out.1 := (Tmp.1 + In.2) KEEPING 2
        848899   ~0%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
         12961  ~14%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.2, Lhs.1
                        return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range@a0e570ci with tuple counts:
        11548  ~1%    {5} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854` OUTPUT In.0, In.3, In.1, In.2, _
        11548  ~3%    {5}    | REWRITE WITH Out.4 := 1
                      return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@e0e6143p with tuple counts:
        3981  ~0%    {3} r1 = AGGREGATE `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range`, `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range` ON  WITH COUNT OUTPUT In.0, In.1, Agg.0
         365  ~0%    {2}    | JOIN WITH `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` ON FIRST 2 OUTPUT Rhs.2, Lhs.2
                     return r1
```
 2024-05-28 19:59:30 +02:00