hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

13682 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
783560cff6 C++: Add a subclass of PostUpdateNodes and ensure that 'node.asExpr() instanceof ClassAggregateLiteral' holds for this new node subclass. 2025-05-15 17:23:32 +01:00
Mathias Vorreiter Pedersen
0f21075722 C++: Add a test that demonstrate missing asExpr for aggregate literals. 2025-05-15 17:18:55 +01:00
Mathias Vorreiter Pedersen
e75dcd27f5 C++: Accept test changes. 2025-05-15 15:28:13 +01:00
Mathias Vorreiter Pedersen
69a1a87aa4 C++: Update semantics of picking the static call target in dataflow. 2025-05-15 15:25:29 +01:00
Mathias Vorreiter Pedersen
c6df9505c0 C++: Add tests to exercise the upcoming behavior of function dispatch when there are model-generated summaries AND source definitions. 2025-05-15 15:05:17 +01:00
Mathias Vorreiter Pedersen
e80c3b5c0b C++: Exclude tests (by matching paths) in model generation. 2025-05-15 13:24:32 +01:00
Jeroen Ketema
401281331f C++: Fix IR edge case where there are no function calls taking an argument 2025-05-14 13:44:29 +02:00
Jeroen Ketema
96bd9a96e5 C++: Add test case for IR edge case 2025-05-14 13:36:52 +02:00
Mathias Vorreiter Pedersen
e903d76fa0 Merge pull request #19443 from MathiasVP/generate-more-value-preserving-summaries-2 
Shared: Generate more value-preserving flow summaries
 2025-05-14 09:12:28 +01:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Mathias Vorreiter Pedersen
fa7942393d Merge pull request #19477 from MathiasVP/fix-infinite-range-analysis-on-incomplete-ssa 
C++: Fix infinite range analysis loop on invalid SSA
 2025-05-13 16:59:11 +01:00
Mathias Vorreiter Pedersen
f255fc2fd5 C++: Drive-by join order fix. Before: 
```
Evaluated relational algebra for predicate SsaInternals::getDefImpl/1#1ed4f567@65628fbv with tuple counts:
          4935102  ~5%    {4} r1 = SCAN `SsaInternals::SsaImpl::Definition.definesAt/3#dispred#7eea4c8f` OUTPUT In.2, In.3, In.0, In.1
        104274503  ~1%    {3}    | JOIN WITH `SsaInternals::DefImpl.hasIndexInBlock/2#dispred#30a6c29f_120#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.3, Lhs.2
          4921319  ~2%    {2}    | JOIN WITH `SsaInternals::DefImpl.getSourceVariable/0#dispred#72437659` ON FIRST 2 OUTPUT Lhs.2, Lhs.0
                          return r1
```
After:
```
Evaluated relational algebra for predicate SsaInternals::SsaImpl::Definition.definesAt/3#dispred#7eea4c8f_1230#join_rhs@b280fb5h with tuple counts:
        4935102  ~3%    {4} r1 = SCAN `SsaInternals::SsaImpl::Definition.definesAt/3#dispred#7eea4c8f` OUTPUT In.1, In.2, In.3, In.0
                        return r1

Evaluated relational algebra for predicate SsaInternals::DefImpl.hasIndexInBlock/3#dispred#31d295aa_1230#join_rhs@2be655s4 with tuple counts:
        5634706  ~1%    {4} r1 = SCAN `SsaInternals::DefImpl.hasIndexInBlock/3#dispred#31d295aa` OUTPUT In.1, In.2, In.3, In.0
                        return r1

Evaluated relational algebra for predicate SsaInternals::getDefImpl/1#1ed4f567@8afa36uu with tuple counts:
        4921319  ~2%    {2} r1 = JOIN `SsaInternals::SsaImpl::Definition.definesAt/3#dispred#7eea4c8f_1230#join_rhs` WITH `SsaInternals::DefImpl.hasIndexInBlock/3#dispred#31d295aa_1230#join_rhs` ON FIRST 3 OUTPUT Lhs.3, Rhs.3
                        return r1
```
 2025-05-13 14:21:28 +01:00
Michael Nebel
fcecc5a3af Cpp: Update model generator implementation. 2025-05-13 13:44:44 +01:00
Mathias Vorreiter Pedersen
0836f0b413 C++: Cache and fix join order in 'hasIncompleteSsa'. 2025-05-13 13:41:15 +01:00
Mathias Vorreiter Pedersen
c3c18bdbd2 C++: Add change note. 2025-05-13 11:28:25 +01:00
Mathias Vorreiter Pedersen
9d2eb3d9b8 C++: Filter out instructions with incomplete SSA in range analysis. 2025-05-13 10:54:22 +01:00
Mathias Vorreiter Pedersen
510df38da2 C++: Add an 'hasIncompleteSsa' predicate to check whether a function has correctly modelled SSA information. 2025-05-13 10:54:20 +01:00
Simon Friis Vindum
4cc9c24940 Merge pull request #19452 from paldepind/shared-model-generator-script 
Shared: Remove the language-specific model generator scripts
 2025-05-13 10:17:37 +02:00
Mathias Vorreiter Pedersen
f1b4e05579 C++: Expose 'isBusyDef'. 2025-05-12 19:45:19 +01:00
Mathias Vorreiter Pedersen
e51cb478af C++: Expose 'MemoryLocation0'. 2025-05-12 19:43:19 +01:00
Nicolas Will
ab3f62eed1 Add missing tags to PrintCBOMGraph.ql queries 2025-05-12 14:34:16 +02:00
Nicolas Will
cd59ce5b04 Rename shared pack to quantum from experimental 2025-05-09 14:36:12 +02:00
Nicolas Will
64e40715ee Merge branch 'quantum-experimental' of https://github.com/nicolaswill/codeql into quantum-experimental 2025-05-08 16:11:15 +02:00
Nicolas Will
c6077947a7 Update cpp and java not_included_in_qls.expected 2025-05-08 16:10:28 +02:00
Nicolas Will
d0510bc672 Merge branch 'main' into quantum-experimental 2025-05-08 04:37:37 +02:00
Nicolas Will
0c6e124b01 Delete development test query 2025-05-08 03:02:59 +02:00
Nicolas Will
1135fbe950 Fix EVP_Hash_Initializer typo 2025-05-08 02:58:43 +02:00
Nicolas Will
1d8a57e7da Fix EVP Cipher class, predicate, and comment typos 2025-05-08 02:56:52 +02:00
Nicolas Will
e956d041dc Format LibraryDetector.qll 2025-05-08 02:51:53 +02:00
Nicolas Will
7339dd0077 Rename "Quantum" to "quantum" in dir structure 2025-05-08 02:39:40 +02:00
Nicolas Will
ac72abd3a6 Refactor directory structure (shared experimental) 2025-05-08 02:35:09 +02:00
Nicolas Will
c19291be88 Refactor 'cryptography' and 'Quantum' to 'quantum' 2025-05-08 01:38:53 +02:00
REDMOND\brodes
4042081539 Missing files, should have been part of last commit. 2025-05-02 16:35:27 -04:00
REDMOND\brodes
0a0be41527 Intermediate progress towards getting hashing upgraded. Still need to handle the final and update mechanics, matching the JCA. Similarly need to update cipher to follow the JCA for update/final as well. 2025-05-02 16:33:52 -04:00
REDMOND\brodes
94632931ba Clean up 2025-05-02 14:11:10 -04:00
REDMOND\brodes
09d473674b Working refactor for cipher, padding, block mode. Still haven't completed connecting padding to algorithm instances if through a set padding interface. 2025-05-02 14:10:38 -04:00
REDMOND\brodes
c08525ad81 Additional cleanup 2025-05-02 14:07:13 -04:00
REDMOND\brodes
5694f029de Misc. cleanup 2025-05-02 14:03:50 -04:00
Mathias Vorreiter Pedersen
bce5f2539f C++/C#/Java/Rust: Fixup tests. 2025-05-02 16:52:05 +01:00
Mathias Vorreiter Pedersen
4d2f2b89e7 Shared/Java/C#/Rust/C++: Rename 'captureHeuristicFlow' to 'captureFlow'. 2025-05-02 14:02:41 +01:00
Simon Friis Vindum
c6d95ceeb0 Shared: Remove the language-specific model generator scripts 2025-05-02 13:21:10 +02:00
Mathias Vorreiter Pedersen
d5bc95daeb Merge branch 'main' into generate-more-value-preserving-summaries-2 2025-05-02 10:51:11 +01:00
Michael Nebel
74669cb0cb Merge pull request #19382 from michaelnebel/shared/modelgenrefactor 
Shared: Re-factor summary, source and sink model generators into separate modules.
 2025-05-02 09:38:24 +02:00
Tamás Vajk
cb1c3736fe Merge pull request #19413 from tamasvajk/quality/query-suite-selector 
Add code quality suite selector and use that in the code quality suites
 2025-05-02 08:18:48 +02:00
Jeroen Ketema
8ad6938a82 Merge pull request #19434 from jketema/array-barrier 
C++: Limit flow through sinks and sources in `cpp/upcast-array-pointer-arithmetic`
 2025-05-01 16:42:53 +02:00
Owen Mansel-Chan
e0549483fd Merge pull request #19429 from owen-mc/fix-cwe-tags-missing-leading-zero 
Fix cwe tags to include leading zero
 2025-05-01 14:09:54 +01:00
Owen Mansel-Chan
0863c87572 Add change notes 2025-05-01 10:33:24 +01:00
Mathias Vorreiter Pedersen
d8eafbb9e2 C++: Fixup queries and accept test changes. 2025-04-30 20:34:35 +01:00
Jeroen Ketema
2ed48ae571 C++: Update expected test results after barrier introduction 2025-04-30 20:51:27 +02:00