hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 01:41:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,784 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
cd57cd0d8a C++: Add qhelp reference. 2024-03-06 21:15:27 -08:00
Mathias Vorreiter Pedersen
cf4c8eb517 C++: Add more tests. 2024-03-06 21:15:25 -08:00
Mathias Vorreiter Pedersen
6dc0fa515d C++: Add change note. 2024-03-06 21:11:36 -08:00
Mathias Vorreiter Pedersen
8ae6fa5366 C++: Add a new query 'cpp/type-confusion' for detecting type confusion vulnerabilities. 2024-03-06 21:11:32 -08:00
dependabot[bot]
f0a5183a3f Bump chrono from 0.4.34 to 0.4.35 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.34 to 0.4.35.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.34...v0.4.35)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-07 03:59:07 +00:00
Angela P Wen
31f1f50a64 Merge pull request #15834 from github/post-release-prep/codeql-cli-2.16.4 
Post-release preparation for codeql-cli-2.16.4
 2024-03-06 18:40:08 -08:00
Mathias Vorreiter Pedersen
4c9876b008 C++: Accept test changes. 2024-03-06 18:18:36 -08:00
Mathias Vorreiter Pedersen
cf162aa412 C++: Add an explicit definition of the address of an IRVariable. 2024-03-06 18:18:33 -08:00
Mathias Vorreiter Pedersen
84797b9091 C++: Refactor the address out of 'DefImpl' and into a new abstract class 'OperandBasedDef'. 2024-03-06 18:15:52 -08:00
Mathias Vorreiter Pedersen
cc754858c6 C++: Add a testcase with missing flow out of the address of 'a' and to the argument of 'sink'. 2024-03-06 18:15:49 -08:00
Mathias Vorreiter Pedersen
a60afef923 C++: Add a local flow test file for IR dataflow. 2024-03-06 18:10:08 -08:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
Angela P Wen
2daf50500c Merge pull request #15833 from github/release-prep/2.16.4 
Release preparation for version 2.16.4
codeql-cli/v2.16.4 		2024-03-06 13:00:06 -08:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
711c474049 Merge pull request #15832 from github/revert-15814-release-prep/2.16.4 
Revert "Release preparation for version 2.16.4"
 2024-03-06 12:53:52 -08:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Ian Lynagh
e58b6e86b2 Kotlin 2: Accept more loc changes in exprs test 2024-03-06 17:57:44 +00:00
Geoffrey White
23fd3f62ac C++: Add models-as-data case to allowParameterReturnInSelf. 2024-03-06 16:12:46 +00:00
Geoffrey White
26ef1bc249 Swift: comment models-as-data implementation. 2024-03-06 16:12:46 +00:00
Geoffrey White
18d9573b6a C++: Add summaryLocalStep as well. 2024-03-06 16:12:46 +00:00
Geoffrey White
0edfafeb06 Shared: Correct and clarify doc for SemBound.getExpr. 2024-03-06 16:00:36 +00:00
Ed Minnix
a87df5459f Fix flow summary tests 2024-03-06 10:39:32 -05:00
Ed Minnix
527041348e Add comment about Memory<T> 2024-03-06 10:39:31 -05:00
Ed Minnix
e065390185 Add .Element modifier to Memory<T> arguments in MaD models 2024-03-06 10:39:30 -05:00
Ed Minnix
27ba51cf9d Change note 2024-03-06 10:39:28 -05:00
Ed Minnix
94a941115f Fix FlowSummaries test results 2024-03-06 10:39:27 -05:00
Ed Minnix
ca55b92281 Change System.IO.TextReader models to transfer taint to out parameter instead of return value 
Some of the `System.IO.TextReader` models transfered taint to
`ReturnValue`, when there is a more relevant out-parameter/array.
 2024-03-06 10:39:25 -05:00
Owen Mansel-Chan
0ebe045cd8 Merge pull request #15819 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-06 15:35:14 +00:00
Tamas Vajk
c4f2bbda2a Simplify task counter incrementing 2024-03-06 16:12:14 +01:00
Tamas Vajk
34308eee8d C#: Improve buildless progress reporting 2024-03-06 16:11:19 +01:00
Geoffrey White
8c0f02ac4b C++: Add summary jumpStep, readStep, storeStep. 2024-03-06 14:51:48 +00:00
Owen Mansel-Chan
4e5a6d770a Merge branch 'main' into workflow/coverage/update 2024-03-06 13:43:05 +00:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
f4c2e65614 Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Asger F
a54a73c9a2 JS: Detect more FunctionStyleClasses 2024-03-06 11:37:20 +01:00
Anders Schack-Mulligen
caa45058ae Dataflow: Improve join-order. 
Join with the functional getApprox before filtering with revFlow as this
is always better.
 2024-03-06 11:29:08 +01:00
Anders Schack-Mulligen
55e6255e05 Dataflow: Extend the first join to also include argApa. 
Improves from
2024-03-04 13:29:20] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 in 126ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 with tuple counts:
              1  ~0%    {2} r1 = SCAN `DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::TAccessPathApproxNone#dom#04382804` OUTPUT _, _
              1  ~0%    {0}    | REWRITE WITH Tmp.0 := true, Tmp.1 := false, TEST Tmp.0 != Tmp.1 KEEPING 0
          83798  ~0%    {4}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/8#ffafcf14` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.3, Rhs.1, Rhs.2
        4044102  ~3%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2013#join_rhs` ON FIRST 1 OUTPUT Rhs.2, Lhs.2, Lhs.3, Rhs.3, Lhs.1, Lhs.0, Rhs.1
         398332  ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
         398332  ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
to
[2024-03-04 15:20:26] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u in 35ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u with tuple counts:
         83798   ~0%    {7} r1 = SCAN `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/9#53894c55` OUTPUT In.0, In.1, In.2, In.3, In.4, _, _
                        {5}    | REWRITE WITH Tmp.5 := true, Tmp.6 := false, TEST Tmp.5 != Tmp.6 KEEPING 5
         83798   ~3%    {5}    | SCAN OUTPUT In.0, In.3, In.4, In.1, In.2
        416847   ~2%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2301#join_rhs` ON FIRST 2 OUTPUT Rhs.3, Lhs.3, Lhs.4, Lhs.1, Lhs.2, Lhs.0, Rhs.2
        398332   ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
        398332   ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
 2024-03-06 11:29:08 +01:00
Owen Mansel-Chan
316273c7f3 Merge branch 'main' into workflow/coverage/update 2024-03-06 10:14:46 +00:00
Jeroen Ketema
66d2a8499d Merge pull request #15816 from MathiasVP/remove-ssa-pruning-stage 
C++: Remove the pruning stage from dataflow SSA
 2024-03-06 11:04:05 +01:00
Malayke
02bab4c15a Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
Anders Schack-Mulligen
0dbe8c3d8a Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity 
Data flow: prune context-sensitivity relations
 2024-03-06 10:04:48 +01:00
Jeroen Ketema
d13ea0b6c9 Merge pull request #15817 from github/rdmarsh2/suppress-expr-destructors 
C++: Suppress implicit destructors on expr in preparation for destructors on temporaries
 2024-03-06 09:54:50 +01:00
Jeroen Ketema
6972f9b31d C++: Update syntax-zoo expected test results 2024-03-06 09:34:47 +01:00
Harry Maclean
350dab4621 Merge pull request #15722 from hmac/mad-sinks 2024-03-06 08:18:19 +00:00
Edward Minnix III
6ba6b12b9f Docs review suggestion 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-05 22:31:25 -05:00
github-actions[bot]
b71074f9c4 Add changed framework coverage reports 2024-03-06 00:16:26 +00:00
Robert Marsh
fbbd57b34f C++: Suppress epxr destructors in preparation for temporaries 2024-03-05 21:12:12 +00:00
Mathias Vorreiter Pedersen
f400228037 C++: Remove the pruning stage from SSA. 2024-03-05 12:55:55 -08:00
Alvaro Muñoz
e5527d7a18 Refactor ast nodes 2024-03-05 19:59:43 +01:00
Angela P Wen
727a38a409 Merge pull request #15814 from github/release-prep/2.16.4 
Release preparation for version 2.16.4
 2024-03-05 10:16:21 -08:00