hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

76612 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
a7ac6b137b C++: Second change note. 2025-02-25 17:02:23 +00:00
Geoffrey White
7d7498ee32 C++: Avoid problems when a variable has multiple types. 2025-02-25 16:55:13 +00:00
Geoffrey White
812315df27 C++: Use existing getSize / getRootType to find more generous bounds for arrays inside classes (though it sometimes fails, costing us TPs). 2025-02-25 16:29:49 +00:00
Asger F
ff36d1916f Merge pull request #18810 from asgerf/js/test-related-locations 
Test: Add support for RelatedLocation tag and use in a JS query
 2025-02-25 16:40:41 +01:00
Geoffrey White
07004bd6f9 C++: Test cases motivated by a real world FP. 2025-02-25 15:36:12 +00:00
Tamás Vajk
11d145131f Merge pull request #18835 from tamasvajk/tamasvajk/csharp-ccr 
Add queries to C# CCR suite
 2025-02-25 16:20:35 +01:00
Asger F
baa7e35589 Merge pull request #18834 from Napalys/js/tanstack 
JS: Support 'response' threat model and @tanstack/react-query
 2025-02-25 16:16:06 +01:00
Simon Friis Vindum
26a96d9f65 Rust: Accept changes 2025-02-25 15:56:10 +01:00
Tom Hvitved
0522f3f694 Merge pull request #18856 from hvitved/rust/inline-expectations-update 
Rust: Update some inline expectation comments
 2025-02-25 15:28:28 +01:00
Jeroen Ketema
18a1ef55ea Merge pull request #18859 from jketema/is-before 
C++: Fix join-order problem with `isBefore`
 2025-02-25 15:27:43 +01:00
Napalys
3360829a58 Updated change note with response threat model info. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 15:22:14 +01:00
Simon Friis Vindum
5c997859b0 Merge branch 'main' into rust-core-std-models 2025-02-25 15:07:29 +01:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Asger F
bb8f4529bf Fix bug when RelatedLocation was used with a query ID 2025-02-25 14:52:32 +01:00
Asger F
5f2e5ab8c3 Rename file and ID to match .qlref and other query 2025-02-25 14:52:19 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Anders Schack-Mulligen
28e96449e7 C#: Address review comment. 2025-02-25 14:12:53 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Jeroen Ketema
7eca4b4d82 C++: Fix join-order problem with isBefore 
Reported here: https://github.com/github/codeql/issues/17743

Without this change on the query provided by the user:
```
[2025-02-25 12:42:01] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv in 23846ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv with tuple counts:
                 1   ~0%    {0} r1 = CONSTANT()[]
             27323   ~0%    {2}    | JOIN WITH `Location::Location.getEndLine/0#dispred#83af84ae#bf` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.1
        6162566035   ~0%    {4}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
                            {4}    | REWRITE WITH TEST InOut.1 < InOut.3
        3894825644   ~5%    {2}    | SCAN OUTPUT In.2, In.0
          73148692   ~0%    {3}    | JOIN WITH fun_decls_40#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
          73148692   ~0%    {4}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0, Lhs.2
            864579   ~0%    {2}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 2 OUTPUT Lhs.2, Lhs.3
          13010742   ~1%    {2}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
          20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
          20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                            return r1
```

With this change:
```
[2025-02-25 12:43:10] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 in 928ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 with tuple counts:
            6873   ~3%    {2} r1 = SCAN fun_decls OUTPUT In.4, In.0
            6857   ~0%    {3}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
            6857   ~2%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         6193961   ~0%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        27389714   ~1%    {4}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        27389714   ~1%    {4}    | JOIN WITH locations_default ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Rhs.4
                          {4}    | REWRITE WITH TEST InOut.3 < InOut.1
        13010742   ~1%    {2}    | SCAN OUTPUT In.2, In.0
        20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
        20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
        20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                          return r1
```
 2025-02-25 12:39:11 +01:00
Asger F
92e1023d00 Update line numbers due to addition of new test code 2025-02-25 11:59:11 +01:00
Asger F
ae161f1654 Add meta-tests for inline expectation with related locations 2025-02-25 11:58:54 +01:00
Asger F
694f01ab78 Fix column count and add clarifying comment 2025-02-25 11:57:01 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Geoffrey White
f406914258 Merge pull request #18701 from geoffw0/nth 
Rust: Test and model some string and iterator methods
 2025-02-25 10:42:49 +00:00
Anders Schack-Mulligen
b2a595596b JS: Remove irrelevant comment. 2025-02-25 11:33:16 +01:00
Anders Schack-Mulligen
449150e6b5 JS: Accept fixed FP flow. 2025-02-25 10:42:21 +01:00
Anders Schack-Mulligen
ae3736bc25 C#: Accept test changes showing that we skip over useless input nodes. 2025-02-25 10:37:29 +01:00
Anders Schack-Mulligen
b1b72b73ed SSA: Add qldoc. 2025-02-25 10:35:57 +01:00
Michael Nebel
a35510d937 Merge pull request #18849 from michaelnebel/csharp/tupledefaulttostring 
C#: Proper handling of value tuples in `cs/call-to-object-tostring`.
 2025-02-25 10:24:02 +01:00
Anders Schack-Mulligen
f00f2c6f47 SSA: Deprecate public SsaDefinitionExtNode and SsaInputNode. 2025-02-25 10:03:43 +01:00
Anders Schack-Mulligen
1f628d0f86 Ruby: Remove reference to SsaInputNode. 2025-02-25 10:01:57 +01:00
Anders Schack-Mulligen
95cbd21a62 Ruby: Accept test change following SSA bugfix. 
This is a result of the commit "SSA: Fix bug in guards for ssa input
nodes."
 2025-02-25 09:59:35 +01:00
Tom Hvitved
b40290683e Rust: Update some inline expectation comments 2025-02-25 09:34:50 +01:00
Anders Schack-Mulligen
57c4fd6f25 JS: Combine phi reads and ssa input nodes into SynthReadNode class. 2025-02-25 09:23:53 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Owen Mansel-Chan
0d994c1527 Merge pull request #18831 from owen-mc/go/join-order-fix-2 
Go: Improve bad join order in guardingCall
 2025-02-24 22:16:22 +00:00
Geoffrey White
6437bd692e Merge pull request #18851 from geoffw0/typo 
Fix typo in shared DataFlowImplConsistency.qll
 2025-02-24 18:45:09 +00:00
Alexander Eyers-Taylor
ddfb16899a Merge pull request #18828 from alexet/alexet/fix-flakey-join-order 
CPP: Prevent forced bad join order which is saved by context.
 2025-02-24 17:54:16 +00:00
Simon Friis Vindum
6353dbf3f5 Merge branch 'main' into rust-core-std-models 2025-02-24 16:05:08 +01:00
Anders Schack-Mulligen
22b3dc8f43 Ruby: Remove getDefinitionExt references. 2025-02-24 15:25:53 +01:00
Paolo Tranquilli
22074afafb Merge pull request #18847 from github/redsun82/rust-trait-path 
Rust: fix `<X as Y>` path extraction
 2025-02-24 15:10:41 +01:00
Geoffrey White
24411b61e9 Fix typo. 2025-02-24 13:59:22 +00:00
Anders Schack-Mulligen
7499df43d0 Rust: Remove getDefinitionExt reference. 2025-02-24 14:27:17 +01:00
Anders Schack-Mulligen
0583d85f20 C#: Remove getDefinitionExt references. 2025-02-24 14:22:59 +01:00
Paolo Tranquilli
d8dad7dff0 Merge branch 'main' into redsun82/rust-trait-path 2025-02-24 14:12:53 +01:00
Michael Nebel
e8f86e41f4 C#: Add change note. 2025-02-24 13:58:55 +01:00
Michael Nebel
97f9f0ccc5 C#: Update test expected output. 2025-02-24 13:53:50 +01:00
Michael Nebel
a85131bf0f C#: Better handling of (value) tuple types in cs/call-to-object-tostring. 2025-02-24 13:53:16 +01:00
Anders Schack-Mulligen
db7ec4a781 Java: Remove getDefinitionExt reference 2025-02-24 13:50:08 +01:00