hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
9f614b1d98 Merge pull request #7016 from RasmusWL/django-rest-framework 
Python: Model Django REST framework
 2021-11-12 14:27:56 +01:00
Rasmus Wriedt Larsen
b11d11c0c9 Python: Add change-note 2021-11-12 14:27:01 +01:00
Tom Hvitved
19e6da517b Ruby: Fix bad join-order in resolveConstant 
```
[2021-11-09 11:35:47] (99s) Starting to evaluate predicate Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6
[2021-11-09 11:35:58] (111s) Tuple counts for Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6 after 11.5s:
                      165960683 ~0%     {4} r1 = JOIN Module::Cached::resolveConstant#ff#shared WITH Module::constantDefinition0#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg1', Lhs.0 'arg0', Lhs.2 'arg2'

                      0         ~0%     {3} r2 = JOIN r1 WITH Module::ClassDeclaration::getSuperclassExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2'

                      0         ~0%     {3} r3 = JOIN r1 WITH Constant::ConstantAccess::getScopeExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2'

                      0         ~0%     {3} r4 = r2 UNION r3
                                        return r4
```
 2021-11-12 14:08:11 +01:00
Tom Hvitved
9ee1c49bac C#: Replace localFlow with localFlowStep in recursive predicate 2021-11-12 14:04:38 +01:00
Rasmus Wriedt Larsen
491f72bb2a Python: Adjust generated code to be more familiar 2021-11-12 13:30:03 +01:00
Rasmus Wriedt Larsen
de69e4c645 Python: Expand on SubclassFinder implementation note 2021-11-12 13:29:03 +01:00
Rasmus Wriedt Larsen
f7b53321b9 Python: Remove copy-pasted comment 2021-11-12 13:19:20 +01:00
Tom Hvitved
67ebebbaeb C#: Add consistency queries 2021-11-12 13:10:46 +01:00
Taus
55ea715ce9 Merge pull request #7033 from RasmusWL/flask-admin 2021-11-12 12:18:56 +01:00
Nick Rolfe
9034d74663 Ruby: add file-level qldoc 2021-11-12 11:12:27 +00:00
Rasmus Wriedt Larsen
860b1a5cc3 Python: Other minor QLDoc adjustment 2021-11-12 11:46:45 +01:00
Erik Krogh Kristensen
80919e39a2 Merge branch 'main' into extractBigReg 2021-11-12 11:45:49 +01:00
Rasmus Wriedt Larsen
99081ea7e0 Python: Minor adjustment in QLDoc 2021-11-12 11:42:36 +01:00
Rasmus Wriedt Larsen
5e4b866f2b Python: Model rest_framework.exceptions.APIException 2021-11-12 11:37:54 +01:00
Rasmus Wriedt Larsen
62e58b534c Python: SubclassFinder: reorder + comment 2021-11-12 11:11:13 +01:00
Rasmus Wriedt Larsen
f48ecb1dc8 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-11-12 10:57:56 +01:00
Benjamin Muskalla
a0b7f267ff Only capture taint from own fields 
Also exclude `Charset` as relevant taint-carrying type. This is generally
what we want to lets us avoid tracking arguments that lead to FP.
 2021-11-12 10:15:15 +01:00
Benjamin Muskalla
0234e77d2f Let sink node be pluggable in any call context 2021-11-12 09:43:05 +01:00
Benjamin Muskalla
b8809a20d8 Support propagating taint of inner object 2021-11-12 09:39:59 +01:00
Tom Hvitved
b5cf4c2f82 Merge pull request #7111 from michaelnebel/csharp-move-printast 
Csharp move PrintAst query to test directory.
 2021-11-12 09:19:13 +01:00
Rasmus Wriedt Larsen
06cae3dac2 Merge pull request #7104 from yoff/python/model-aiomysql 
Python: model aiomysql
 2021-11-11 16:58:01 +01:00
Tom Hvitved
004144bbef Merge pull request #7028 from hvitved/ruby/api-graphs-prune 
Ruby: Prune nodes before computing `trackUseNode`
 2021-11-11 15:57:21 +01:00
Michael Nebel
9ea320c53c Update all PrintAst.qlref to point to new location of PrintAst.ql 2021-11-11 15:19:15 +01:00
Mathias Vorreiter Pedersen
982de28b89 Update cpp/ql/lib/semmle/code/cpp/commons/Printf.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-11 13:19:13 +00:00
Erik Krogh Kristensen
e09c12430d Merge pull request #7105 from erik-krogh/flagJqueryUI 
JS: have the aliasPropertyPresenceStep step over extend calls
 2021-11-11 14:05:11 +01:00
Erik Krogh Kristensen
b639a8d183 update ruby example 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-11-11 14:04:38 +01:00
CodeQL CI
34cc61e51f Merge pull request #7083 from asgerf/js/type-track-object-literals-with-methods 
Approved by erik-krogh
 2021-11-11 04:35:55 -08:00
Michael Nebel
5a4557f588 Move PrintAst.ql and update import statement 2021-11-11 13:27:12 +01:00
Rasmus Lerchedahl Petersen
e2a2a42d59 Python: Fix api references 2021-11-11 13:20:57 +01:00
Geoffrey White
ea580cd9c0 C++: Add explanatory comments. 2021-11-11 11:49:51 +00:00
Erik Krogh Kristensen
b513033e0f Merge pull request #7021 from erik-krogh/cwe326 
JS: Add insufficient key size query
 2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen
891694b50a Merge pull request #5908 from erik-krogh/protoLib 
JS: Add library input as source to js/prototype-polluting-assignment
 2021-11-11 12:04:05 +01:00
Erik Krogh Kristensen
140a70f9df Merge pull request #7029 from erik-krogh/cwe384 
JS: add js/session-fixation query
 2021-11-11 11:59:52 +01:00
Erik Krogh Kristensen
0bf055fbec Merge pull request #7103 from erik-krogh/add-cwe532-to-cleartextlogging 
JS: add CWE-532 to the js/clear-text-logging query
 2021-11-11 11:59:16 +01:00
Erik Krogh Kristensen
9a11c13e11 update expected output 2021-11-11 11:56:30 +01:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Anders Schack-Mulligen
7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Asger F
7d8284a41c Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-11-11 10:42:49 +01:00
Geoffrey White
901919f7ff C++: Add tests expanding on the issue with (global) variables. 2021-11-11 09:40:03 +00:00
Geoffrey White
43ff3b1c80 C++: Address review comment. 2021-11-11 09:39:59 +00:00
Mathias Vorreiter Pedersen
bf9b8cfff0 Merge pull request #6947 from ihsinme/ihsinme-patch-077 
CPP: Add query for CWE-377 Insecure Temporary File
 2021-11-11 09:02:04 +00:00
Geoffrey White
9a1b98e1d9 C++: Fix qhelp example link. 2021-11-10 17:54:05 +00:00
Erik Krogh Kristensen
5d901ef728 move extend aliasing to getAnAliasedSourceNode 2021-11-10 18:08:50 +01:00
Geoffrey White
c29011a5cf C++: Add more sinks. 2021-11-10 16:43:28 +00:00
Benjamin Muskalla
2d4176bec0 Ignore Number-derived types 2021-11-10 16:30:27 +01:00
Benjamin Muskalla
dbd393b77a Support flow into field of referenced objects 2021-11-10 16:30:27 +01:00
Benjamin Muskalla
974c7b0898 Avoid cross-class flow for field writes 2021-11-10 16:30:26 +01:00
Benjamin Muskalla
74ac234f1c Restrict field access to same type 2021-11-10 16:30:26 +01:00
Benjamin Muskalla
8740e879b4 Fix docs 2021-11-10 16:30:26 +01:00
Benjamin Muskalla
a546b38ee0 Restrict field access to corresponding type 2021-11-10 16:30:26 +01:00