hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Maiky
d8aa0e2d7e Remove unnecessary import 2023-10-21 17:29:08 +02:00
Maiky
35d390ad06 Add Insecure Randomness Query (CWE-338) 2023-10-21 17:23:41 +02:00
Peter Stöckli
09cf76a880 Ruby: additional unsafe deserialization sinks for ox, oj 2023-10-19 14:04:48 +02:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Alex Ford
66d230a207 ruby: qlformat 2023-10-16 12:45:46 +01:00
Alex Ford
3dd042c38a Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt 2023-10-16 12:42:19 +01:00
Maiky
e204100701 Resolve conflict in Concepts.qll 2023-10-15 10:37:10 +02:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
Asger F
89bd00a4ec Ruby: port queries to ConfigSig-style 2023-10-11 10:06:19 +02:00
erik-krogh
a7ab9fd93b add change-notes 2023-10-09 09:43:06 +02:00
erik-krogh
e0fefce2a3 Ruby: delete various deprecated predicates 2023-10-09 09:14:54 +02:00
erik-krogh
0d992a3d1f delete old deprecated aliases of various regex libraries 2023-10-09 09:14:54 +02:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
github-actions[bot]
9fe993bec3 Release preparation for version 2.15.0 2023-10-04 14:15:27 +00:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Asger F
0d96ed8aee Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers 
Shared: add in/out barriers with flow state
 2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen
68d05eb342 Ruby: Minor simplification. 2023-09-28 08:58:55 +02:00
Tom Hvitved
c570083163 Ruby: Improve performance of flow through (hash) splats 2023-09-27 11:49:31 +02:00
Harry Maclean
dc2acf5a39 Merge pull request #14090 from hmac/splat-flow-4 
Ruby: More splat flow (alternative)
 2023-09-27 10:22:57 +01:00
Anders Schack-Mulligen
06cb277eb0 Merge pull request #14299 from aschackmull/dataflow/more-defaults 
Dataflow: Make use of defaults for language-specific hooks.
 2023-09-25 11:19:44 +02:00
Asger F
d501856519 Update DataFlowImpl.qll copies 2023-09-25 10:05:29 +02:00
Harry Maclean
2214caef4b Ruby: Identify named graphql params as sources 2023-09-22 17:54:55 +01:00
Anders Schack-Mulligen
66da997b7b Dataflow: Make use of defaults for language-specific hooks. 2023-09-22 14:54:22 +02:00
Tom Hvitved
e417e862a2 Merge pull request #14283 from hvitved/ruby/collapse-stages 
Ruby: Collapse DIL stages
 2023-09-22 10:58:06 +02:00
Alex Ford
67019c6784 Merge pull request #14274 from alexrford/rb/dataflow-tidy 
Ruby: Minor fixes for dataflow queries
 2023-09-21 16:33:34 +01:00
Alex Ford
840b1e0a73 Ruby: delete DataFlowImplForHttpClientLibraries 2023-09-21 14:11:46 +01:00
Alex Ford
a64d37211d Ruby: use new dataflow api in Typhoeus.qll 2023-09-21 14:11:09 +01:00
Alex Ford
699f752ded Ruby: use new dataflow api in RestClient.qll 2023-09-21 14:09:41 +01:00
Alex Ford
25203d98c3 Ruby: use new dataflow api in OpenURI.qll 2023-09-21 14:08:22 +01:00
Alex Ford
09782296df Ruby: use new dataflow api in NetHttp.qll 2023-09-21 14:06:40 +01:00
Alex Ford
fc7e753035 Ruby: use new dataflow api in Httparty.qll 2023-09-21 14:04:46 +01:00
Alex Ford
92941a45f9 Ruby: use new dataflow api in HttpClient.qll 2023-09-21 14:03:09 +01:00
Tom Hvitved
c2306e6713 Ruby: Collapse DIL stages 2023-09-21 14:33:04 +02:00
Alex Ford
1ffcf4b9c4 Ruby: use new dataflow api in Faraday.qll 2023-09-21 13:07:06 +01:00
Alex Ford
1dbba19238 Ruby: use new dataflow api in Excon.qll 2023-09-21 13:00:17 +01:00
Alex Ford
489f598551 Ruby: delete DataFlowImplForPathname 2023-09-21 12:50:12 +01:00
Anders Schack-Mulligen
13f7daf71e Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning 
Dataflow: Add type-based call-edge pruning.
 2023-09-21 13:33:08 +02:00
Alex Ford
4cb91e022f Ruby: deprecate some flow states 2023-09-21 12:24:15 +01:00
Alex Ford
9d421ffa8d Ruby: configsig rb/improper-ldap-auth 2023-09-21 12:24:15 +01:00
github-actions[bot]
3acf5244b0 Post-release preparation for codeql-cli-2.14.6 2023-09-20 10:25:10 +00:00
Tom Hvitved
1442bddf36 Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@3c903abq with tuple counts:
          280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
          280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          103843  ~5%    {3} r4 = JOIN r3 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        19665045  ~0%    {3} r5 = JOIN r4 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
        19497860  ~0%    {3} r6 = JOIN r5 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        19496808  ~0%    {3} r9 = JOIN r8 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, true, In.1, In.2
           49434  ~7%    {3} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3
             117  ~4%    {3} r12 = JOIN r11 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
               0  ~0%    {1} r13 = JOIN r12 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 2 OUTPUT Lhs.2
                         return r13
```

After
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@137a23jm with tuple counts:
        280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
        280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        102517  ~1%    {2} r4 = JOIN r3 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r5 = JOIN r4 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r6 = JOIN r5 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        102378  ~0%    {2} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~0%    {3} r8 = SCAN r7 OUTPUT In.0, true, In.1
          7417  ~5%    {2} r9 = JOIN r8 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
            22  ~0%    {2} r10 = JOIN r9 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r11 = JOIN r10 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r12 = JOIN r11 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             0  ~0%    {1} r13 = JOIN r12 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0
                       return r13
```
 2023-09-20 09:51:15 +02:00
github-actions[bot]
0a3670727f Release preparation for version 2.14.6 2023-09-19 11:40:30 +00:00
Harry Maclean
2053ee00ab Ruby: Add change note 2023-09-18 16:02:09 +01:00
Harry Maclean
18dac9ab8a Ruby: Handle GraphQL array types 2023-09-18 16:00:56 +01:00
Alex Ford
e45edca103 Ruby: remove unused import 2023-09-18 14:55:11 +01:00
Maiky
15b965bb3b rename verifies() to verifiesSignature() 2023-09-15 11:45:19 +02:00