hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

331 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
08e9d3391f swift: use shared inline tests 
- add util shared pack to swift
 - remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
b0d7998342 go: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
f28eb6bf31 ql4ql: use shared inline tests 
- add util shared pack to ql
 - remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
0d6c643d77 ruby: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:07 +01:00
Rasmus Lerchedahl Petersen
4667068017 java: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
a9b232bff4 csharp: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
d97e185994 cpp: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:06 +01:00
Rasmus Lerchedahl Petersen
e8d3802ee5 Python: use shared inline tests 
- remove from identical-files
 2022-12-22 10:20:05 +01:00
Jeroen Ketema
0addae81cd Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-20 11:34:41 +01:00
Aditya Sharad
ed29b3e4d6 Shared packs: Depend on codeql/tutorial from all language libraries 
This allows `import tutorial` from queries targeting
any language, just like before, while removing the
duplicate copies of `tutorial.qll`.
 2022-12-19 15:52:11 -08:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Jeroen Ketema
b2091e8632 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-12 11:40:36 +01:00
Asger F
387a673c10 Merge pull request #11567 from asgerf/js/data-extensions2 
JS: Move MaD models to data extensions
 2022-12-09 10:09:24 +01:00
Mathias Vorreiter Pedersen
4fd6ac5657 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-08 13:10:18 +00:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Asger F
5af1b367c7 Support data extensions 2022-12-07 11:35:05 +01:00
Henry Mercer
2627632a41 Java: Fix duplicate IDs 2022-12-05 19:06:03 +00:00
Mathias Vorreiter Pedersen
c563ed3635 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-05 10:27:55 +00:00
Jami Cogswell
0fa05d47e3 add shared key sizes 2022-12-01 11:56:44 -05:00
Owen Mansel-Chan
083a3bae6e Correct headings in identical-files.json 2022-11-29 16:15:01 +00:00
Owen Mansel-Chan
5c5ec8f66a Add go files to identical-files.json 2022-11-29 16:15:01 +00:00
Mathias Vorreiter Pedersen
24542ec84a Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-11-21 15:02:28 +00:00
yoff
dd525a4f9b Merge pull request #11061 from erik-krogh/shared-redosMod 
ReDoS: add a shared regex pack
 2022-11-14 10:53:05 +01:00
Jeroen Ketema
2b37ebd7ed Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-11 17:24:34 +01:00
Michael Nebel
d6ae1ef6f2 Java/C#: Move C# internal implementation for model generation. 2022-11-10 13:57:43 +01:00
Jeroen Ketema
5732c3bca0 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-07 15:03:26 +01:00
erik-krogh
09275a56c1 remove files from identical files that soon won't be identical 2022-11-07 14:22:46 +01:00
Paolo Tranquilli
4702271102 Swift: add cfg.swift to AST tests 2022-11-03 18:16:53 +01:00
Jean Helie
ce1092c33d add test repo 2022-11-01 20:57:58 +01:00
Mathias Vorreiter Pedersen
1c51ad8d26 C++: Update 'identical-files'. 2022-10-14 10:14:53 +02:00
Tom Hvitved
2b75562037 Ruby: Use DataFlow::Configuration in RegExpConfiguration.qll 2022-10-11 11:39:45 +02:00
Tom Hvitved
6e61ef10b8 Ruby: Add another dataflow copy 2022-10-04 12:58:50 +02:00
Mathias Vorreiter Pedersen
9d50fc6aa3 Merge pull request #10487 from MathiasVP/fix-identical-files-for-cpp 
C++: Add shared files in `experimental` to `identical-files.json`.
 2022-09-20 15:43:43 +01:00
Mathias Vorreiter Pedersen
351e517786 Update config/identical-files.json 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-09-20 13:34:31 +01:00
Mathias Vorreiter Pedersen
e661c981e4 C++: Add shared files in experimental to 'identical-files.json'. 2022-09-20 12:53:43 +01:00
Rasmus Lerchedahl Petersen
efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Tom Hvitved
b3653cc3d0 Merge pull request #10216 from hvitved/ssa/shared-lib 
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
 2022-09-08 15:39:29 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Rasmus Wriedt Larsen
528ef0eeaa Ruby: Use separate dataflow copy for HTTP client libs 
As discussed with @hvitved offline. This helps out to ensrue we don't
needlessly evaluate dataflow for configurations that are not needed
anyway. That is, if other library modeling also used the same dataflow
configuration, which ends up being used in query A, then dataflow for
all the `DataFlowImplForLibraries` configurations would be computeted at
once. When we get to evaluate the query `RequestWithoutValidation.ql`
these results mgith have been forgotten since the predicates are not
cached, and everything will have to be computeted again.

In principle we could be added a dataflow copy for each framework.
However, since we know that the `disablesCertificateValidation`
member-predicates for all the HTTP client libraries will all be used at
the same time, and only for the one query, we only add ONE additional
copy.

Note that the only use of `DataFlowImplForLibraries` before this PR is
using `tainttrackingforlibraries.TaintTrackingImpl` (based on
DataFlowImplForLibraries) for regex computation.
c904ba1d16/ruby/ql/lib/codeql/ruby/Regexp.qll (L153)
Since this is currently transitively imported from Frameworks.qll
(through Core.qll, and core/String.qll), the previous approach didn't
actually violate the assumption about all configurations always being in
scope, but it might have been more by accident, than by purpose.
 2022-09-06 10:43:36 +02:00
Tom Hvitved
8e5d6ba4f9 SSA: Create a new shared library pack and move implementation there 2022-09-01 09:36:49 +02:00
Tom Hvitved
2681b88035 C#: Update Pre SSA library to use parameterized module 2022-08-31 11:45:15 +02:00
Tom Hvitved
8725bf0620 C#: Update Base SSA library to use parameterized module 2022-08-31 11:45:15 +02:00
Tom Hvitved
f553001217 C#: Update CIL SSA library to use parameterized module 2022-08-31 11:45:14 +02:00
Paolo Tranquilli
47b905bfaf Swift: add PrintAst 2022-08-30 18:04:55 +02:00
yoff
d9444d8b08 Python: update synced file FlowSummaryImpl.qll 2022-08-25 09:31:45 +00:00
yoff
0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 
synced files have changed
 2022-08-25 09:24:05 +00:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Harry Maclean
b7d9bf4066 Share IncompleteMultiCharacterSanitization JS/Ruby 
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
 2022-08-17 16:03:46 +12:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00