hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-22 21:27:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,783 Branches 169 Tags
codeql-cli-2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
da54751d85 C++: Add testcase that demonstrate the need for self-flow out of indirect parameters. 2023-06-22 19:33:13 +01:00
Ian Lynagh
0d05f50aaa Kotlin: Remove an expected-no-getter exception 
We're not sure why it was necessary.
 2023-06-22 18:12:13 +01:00
Geoffrey White
a8aa33510d Shared: QLDoc NfaUtils::Make::State::hasLocationInfo. 2023-06-22 17:19:43 +01:00
Mathias Vorreiter Pedersen
d3bc99a9ee Merge pull request #13533 from MathiasVP/hide-summarized-nodes-from-path-graph 
Swift: Hide summarized nodes from path graphs
 2023-06-22 16:44:19 +01:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Jami
3fed2798c8 Merge pull request #13093 from GeekMasher/csharp-ext 
[CSharp] Additional data extensions for sink models
 2023-06-22 10:22:32 -04:00
Geoffrey White
fe71207475 Merge pull request #13537 from geoffw0/regexqldoc 
Ruby: Fix some QLDoc errors in ParseRegExp.qll
 2023-06-22 14:55:39 +01:00
Geoffrey White
c17de99c86 Swift: Correct QLDoc error. 2023-06-22 13:59:16 +01:00
Geoffrey White
d06f4b9567 Ruby: Correct QLDoc for qualifiedPart. 2023-06-22 13:56:42 +01:00
Geoffrey White
1c1637a886 Ruby: Correct QLDoc for charRange. 2023-06-22 13:56:06 +01:00
Alex Ford
f8140bcad3 Ruby: rack - improve performance of trackRackResponse 2023-06-22 13:45:44 +01:00
Alex Ford
b8f537a437 Ruby: update rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
e8079727ee Ruby: rack - extend rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
4d59181571 Ruby: rack - Rack::Response#finish constructs a valid rack response 2023-06-22 13:45:44 +01:00
Alex Ford
521e65c5bd Ruby: rack - extend rack applications to include instance methods, lambdas, and procs 2023-06-22 13:45:44 +01:00
Alex Ford
7a3b6f107b Ruby: add predicates to DataFlow::ModuleNode to get singleton methods 2023-06-22 13:45:44 +01:00
Alex Ford
24e83165ee Merge pull request #13289 from alexrford/rb/rack-redirect 
Ruby: rack - model redirect responses
 2023-06-22 13:45:02 +01:00
Mathew Payne
0fcc1cb588 Merge branch 'main' into csharp-ext 2023-06-22 13:30:08 +01:00
Ian Lynagh
7efbd8828b Merge pull request #13526 from igfoo/igfoo/diagwriter 
Kotlin: Define DiagnosticTrapWriter, for type safety
 2023-06-22 12:39:48 +01:00
Tom Hvitved
104dab4b66 QL: Improve dead-code query 2023-06-22 13:37:42 +02:00
Geoffrey White
e6695e3780 Merge branch 'main' into swiftregex 2023-06-22 12:21:58 +01:00
Geoffrey White
90499c0b17 Update swift/ql/lib/codeql/swift/regex/internal/ParseRegex.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-06-22 12:09:22 +01:00
AlexDenisov
9ab7a83e3f Merge pull request #13532 from github/alexdenisov/bump-cmake-c++ 
Swift: bump C++ version in CMake
 2023-06-22 12:56:34 +02:00
Joe Farebrother
52841e9005 Apply review suggestions - minor fixes 2023-06-22 11:30:58 +01:00
Joe Farebrother
bdaeeeadee Add good/bad indicators to tests 2023-06-22 11:21:30 +01:00
Joe Farebrother
270bcc3740 fix qhelp and remove commented out code 2023-06-22 11:20:58 +01:00
Mathias Vorreiter Pedersen
fe97572f70 C++: Fix strncpy model. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
273e5bc21f C++: Add testcase demonstrating that the model for 'strncpy' is broken. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
ff3c76c1fa Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
4f1b2c6194 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
a8a04c8588 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
6528985a27 C++: Add QLDoc to 'hasAddressOperandAndIndirectionIndex'. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
c7cff373de C++: Add another testcase with conflation. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
3365ff0d95 C++: Ensure that 'PrintIR' for dataflow still compiles. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
6543da9990 C++: Accept test changes. 2023-06-22 10:59:11 +01:00
Mathias Vorreiter Pedersen
3b0a286d8e C++: Adjust the rest of the library to the new API. 2023-06-22 10:59:11 +01:00
Mathias Vorreiter Pedersen
6034eb07af C++: Change the API for indirect operands and indirection instructions to not allow pointer conflation. 2023-06-22 10:59:11 +01:00
Mathias Vorreiter Pedersen
9e9c811eb3 C++: Fix conflation bug in 'getIRRepresentationOfIndirectInstruction'. 2023-06-22 10:59:11 +01:00
Mathias Vorreiter Pedersen
5816f177c9 C++: Add failing test. 2023-06-22 10:59:11 +01:00
Rasmus Lerchedahl Petersen
2264b119a6 python: more consistent tests 
- do not test taint flow whne dataflow is established
- test taint of both the collection and the expected element
 2023-06-22 11:52:25 +02:00
Owen Mansel-Chan
b3a19ef7b2 Merge pull request #13461 from owen-mc/go/show-functionmodel-steps-to-path-summaries 
Go: show FunctionModel steps in path summaries
 2023-06-22 10:46:12 +01:00
yoff
0f8ebd1519 Update python/ql/test/experimental/dataflow/model-summaries/model_summaries.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-06-22 11:31:21 +02:00
Tom Hvitved
04f388f8c4 QL: Add more dead-code tests 2023-06-22 11:30:38 +02:00
amammad
748e96d852 V1 Bombs 2023-06-22 19:28:27 +10:00
Tom Hvitved
7c2f26e0c3 Merge pull request #13534 from hvitved/ql/fix-bad-join 
QL: Fix bad join
 2023-06-22 11:24:51 +02:00
Mathias Vorreiter Pedersen
d48f7f59c1 Swift: Add change note. 2023-06-22 09:54:00 +01:00
Tom Hvitved
6942925899 QL: Fix bad join 
```
[2023-06-22 10:44:20] (92s) Tuple counts for Predicate#23818b54::Cached::resolveSelfClassCalls#2#ff/2@06fd3bf5 after 1m9s:
                      30500      ~567%     {3} r1 = JOIN Ast#8e1d5bcf::ClassPredicate::getName#0#dispred#ff WITH Ast#8e1d5bcf::PredicateOrBuiltin::getArity#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Lhs.1, Rhs.1
                      26500      ~573%     {4} r2 = JOIN r1 WITH Ast#8e1d5bcf::Class::getAClassPredicate#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'p', Lhs.1, Rhs.1
                      3059915597 ~605%     {4} r3 = JOIN r2 WITH Ast#8e1d5bcf::Call::getNumberOfArguments#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'mc', Lhs.2, Lhs.1 'p', Lhs.3
                      20999389   ~701%     {3} r4 = JOIN r3 WITH Ast#8e1d5bcf::MemberCall::getMemberName#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0 'mc', Lhs.2 'p', Lhs.3
                      20995877   ~711%     {4} r5 = JOIN r4 WITH Ast#8e1d5bcf::MemberCall::getBase#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.0 'mc'
                      1240332    ~700%     {3} r6 = JOIN r5 WITH Ast#8e1d5bcf::ThisAccess#ff ON FIRST 1 OUTPUT Lhs.3 'mc', Lhs.1 'p', Lhs.2
                      1236711    ~716%     {4} r7 = JOIN r6 WITH Ast#8e1d5bcf::AstNode::getEnclosingPredicate#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1 'p', Lhs.0 'mc'
                      4476       ~347%     {2} r8 = JOIN r7 WITH Ast#8e1d5bcf::AstNode::getParent#0#dispred#ff ON FIRST 2 OUTPUT Lhs.3 'mc', Lhs.2 'p'
                                           return r8
```
 2023-06-22 10:53:10 +02:00
Mathias Vorreiter Pedersen
c50a0419e2 Swift: Accept test changes. 2023-06-22 09:46:10 +01:00
Mathias Vorreiter Pedersen
36f980f4bf Swift: Hide summarized nodes from paths. 2023-06-22 09:46:02 +01:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00