codeql

mirror of https://github.com/github/codeql.git synced 2026-01-10 13:10:26 +01:00

Author	SHA1	Message	Date
Asger F	080acdbfff	JS: remove links to docs file... again	2023-03-28 17:29:26 +02:00
Asger F	02da09c7d8	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-28 11:36:24 +02:00
Asger F	d62b944b93	JS: Explain difference between type and member	2023-03-28 10:49:28 +02:00
Asger F	aec82f6ef8	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2023-03-28 10:12:38 +02:00
Asger F	04b28c5118	Merge branch 'main' into js/extension-docs	2023-03-28 10:12:22 +02:00
Asger F	a5b1677cca	Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2023-03-28 10:03:07 +02:00
Asger F	32bab0b8b2	Merge pull request #12654 from asgerf/rb/always-resolve-toplevel-namespace RB: always resolve toplevel namespaces to their locally qualified name	2023-03-28 09:54:59 +02:00
yoff	a1a2eb356c	Merge pull request #11515 from yoff/py/port-comparison-using-is python: port `py/comparison-using-is`	2023-03-28 09:42:34 +02:00
Michael Nebel	730848cee8	Merge pull request #12648 from michaelnebel/csharp/cs-web-debug-binary C#: Improve cs/web/debug-binary to repect the RemoveAttributes transformation.	2023-03-28 09:40:46 +02:00
yoff	a034f89d9d	Merge pull request #12517 from yoff/python/fix-documentation-redirect-type-inference python: Fix link to type inference	2023-03-28 09:38:55 +02:00
Michael Nebel	7283002dfa	Merge pull request #12410 from michaelnebel/java/docs-models-as-data Java: Docs MaD using extensions.	2023-03-28 09:21:07 +02:00
Tom Hvitved	e3799adbe0	Merge pull request #12612 from hvitved/ruby/print-ast-desugar-reorder Ruby: Order synthetic children in PrintAST based on their index instead of location	2023-03-28 09:13:03 +02:00
Mathias Vorreiter Pedersen	58c7148669	Merge pull request #12655 from jketema/range-rem	2023-03-28 08:01:16 +01:00
Jeroen Ketema	12da4f7814	C++: Address review comment	2023-03-28 00:33:46 +02:00
Jeroen Ketema	9303055013	C++: Address review comment	2023-03-28 00:33:46 +02:00
Jeroen Ketema	99c6111b05	C++: Add support for bounded modulus operations	2023-03-28 00:33:43 +02:00
Robert Marsh	62d2f23904	Merge pull request #12673 from MathiasVP/range-analysis-of-add-expr C++: IR-based range analysis of addition	2023-03-27 15:31:11 -04:00
Taus	df192383b2	Merge pull request #9722 from ahmed-farid-dev/timing-attack-py	2023-03-27 18:09:35 +02:00
Mathias Vorreiter Pedersen	889dcfe2b2	Merge pull request #12674 from jketema/overrunning-join C++: Fix join-order problem in cpp/overrun-write	2023-03-27 15:36:33 +01:00
Taus	a3c40a3ae4	Python: Add `experimental` tags	2023-03-27 14:23:36 +00:00
Rasmus Wriedt Larsen	0b9d16a43e	Merge pull request #12636 from RasmusWL/sql-modeling Python: Some more SQL modeling	2023-03-27 15:52:30 +02:00
Mathias Vorreiter Pedersen	9a57536f9f	Merge branch 'main' into range-analysis-of-add-expr	2023-03-27 14:49:01 +01:00
Taus	af060e8c6b	Merge branch 'main' into timing-attack-py	2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen	d3c3f2dc90	Merge pull request #12628 from erik-krogh/betterReDoS ReDoS: better super-linear algorithm	2023-03-27 15:26:49 +02:00
Jeroen Ketema	213c4b0818	C++: Fix join-order problem in cpp/overrun-write Before on Wireshark: ``` [2023-03-27 12:59:25] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 in 99742ms (size: 52640). Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 with tuple counts: 1047588019 ~1% {3} r1 = JOIN DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2 67558965 ~0% {4} r2 = JOIN r1 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.2, Rhs.1 613572640 ~0% {5} r3 = JOIN r2 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Rhs.2 52640 ~0% {4} r4 = JOIN r3 WITH Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3 52640 ~0% {4} r5 = JOIN r4 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3, Lhs.0 52640 ~0% {5} r6 = JOIN r5 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1 52640 ~0% {5} r7 = JOIN r6 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.4, Lhs.1, Lhs.2, Rhs.1 return r7 ``` After: ``` [2023-03-27 13:56:36] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd in 777ms (size: 52640). Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd with tuple counts: 565480 ~5% {2} r1 = SCAN Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff OUTPUT In.1, In.0 4420 ~1% {3} r2 = JOIN r1 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2 4420 ~0% {3} r3 = JOIN r2 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.0 4420 ~0% {4} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1 4420 ~0% {4} r5 = JOIN r4 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Rhs.1 4420 ~3% {4} r6 = JOIN r5 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2, Lhs.3 52825 ~0% {5} r7 = JOIN r6 WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Rhs.2 52640 ~0% {5} r8 = JOIN r7 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1, Lhs.4, Lhs.3 return r8 ```	2023-03-27 14:28:22 +02:00
Taus	700eb04487	Python: Lower precision of non-header queries cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014	2023-03-27 12:22:17 +00:00
Mathias Vorreiter Pedersen	1a6186496f	C++: Accept test changes.	2023-03-27 13:20:17 +01:00
Mathias Vorreiter Pedersen	87c144d33b	C++: Throw away the sign analysis when analyzing add expressions: instead, we now recursively analyze both operands.	2023-03-27 13:19:47 +01:00
Taus	eaf2930205	Python: Accept test changes (These look like they were the result of changes elsewhere in the analysis.)	2023-03-27 12:17:13 +00:00
Taus	0b4c85f8d2	Python: Autoformat and fix broken module reference	2023-03-27 12:16:44 +00:00
Erik Krogh Kristensen	af8e44186c	Merge pull request #12667 from github/dependabot/cargo/ql/regex-1.7.3 Bump regex from 1.7.2 to 1.7.3 in /ql	2023-03-27 13:59:18 +02:00
Geoffrey White	28998ccafe	Merge pull request #12471 from geoffw0/dbsinks2 Swift: Better sinks for swift/cleartext-storage-database	2023-03-27 12:51:13 +01:00
Tony Torralba	907053f281	Merge pull request #12591 from github/java/update-mad-decls-after-triage-2023-03-20T12-45-37 Java: Update MaD Declarations after Triage	2023-03-27 13:23:55 +02:00
Joe Farebrother	489ce3d40a	Merge pull request #12049 from joefarebrother/netty-models Java: Model the Netty framework	2023-03-27 11:38:11 +01:00
Stephan Brandauer	6d91458586	Merge pull request #12506 from github/java/update-mad-decls-after-triage-2023-03-13T13-21-27 Java: Update MaD Declarations after Triage	2023-03-27 12:30:21 +02:00
Tony Torralba	7a9f1a5705	Add change note	2023-03-27 11:51:59 +02:00
Tony Torralba	95cc99c625	Apply suggestions from code review	2023-03-27 11:50:27 +02:00
Rasmus Wriedt Larsen	dab0abb563	Merge pull request #12428 from yoff/python/rewrite-InsecureContextConfiguration Python: Clean up insecure context query	2023-03-27 11:46:01 +02:00
Tom Hvitved	f8c28bee6a	Ruby: Order synthetic children in PrintAST based on their index instead of location	2023-03-27 11:38:30 +02:00
dependabot[bot]	f92f390457	Bump regex from 1.7.2 to 1.7.3 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.7.2...1.7.3) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-27 09:34:18 +00:00
Arthur Baars	7e7cd54793	Merge pull request #12546 from hmac/extractor-shared-library Introduce a shared extractor library	2023-03-27 11:32:33 +02:00
Arthur Baars	4964f86df5	Merge pull request #12540 from aibaars/destructured-assign Ruby: change evaluation order of destructured assignments	2023-03-27 11:30:44 +02:00
Michael Nebel	4a64479551	C#: Add change note.	2023-03-27 10:42:14 +02:00
Michael Nebel	32ea8420a9	C#: Move the existing tests into separate folders to emulate separate projects and add some more tests.	2023-03-27 10:42:14 +02:00
Michael Nebel	9f88a72d9f	C#: Make cs/web/debug-binary respect transformation file RemoveAttribute.	2023-03-27 10:39:44 +02:00
Tony Torralba	ea1ca03bf1	Add change note	2023-03-27 10:30:47 +02:00
Tony Torralba	9a18043d9f	Apply suggestions from code review	2023-03-27 10:28:13 +02:00
yoff	2121ed784f	Merge branch 'main' into python/rewrite-InsecureContextConfiguration	2023-03-27 10:20:53 +02:00
Tony Torralba	6b265104cf	Merge pull request #12662 from github/workflow/coverage/update Update CSV framework coverage reports	2023-03-27 09:33:27 +02:00
Jeroen Ketema	d65b9ef32c	Merge pull request #12661 from geoffw0/elementstests C++: Restrict tests that output all elements	2023-03-27 09:04:11 +02:00

1 2 3 4 5 ...

52605 Commits