hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,394 Commits 1,671 Branches 157 Tags
1600825679d81e8b97ff9693a86158d3f8e54dfd
Commit Graph

45394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Soref
1600825679 spelling: implicit 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
f5ff522a50 spelling: implicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
c5c9f4d746 spelling: dependencies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
474aef438b spelling: connection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
4c6454971f spelling: compound 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Josh Soref
8ff24bc3b9 spelling: additional 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
Tom Hvitved
6208071575 Merge pull request #10874 from hvitved/ruby/fix-test-syntax-error 
Ruby: Fix syntax error in a test
 2022-10-18 19:28:17 +02:00
Tom Hvitved
61b9065135 Ruby: Fix syntax error in a test 2022-10-18 16:49:32 +02:00
Geoffrey White
73f977c98c Merge pull request #10510 from geoffw0/staticfn 
C++: Fix FPs for cpp/unused-static-function in files that were not extracted completely
 2022-10-18 14:53:49 +01:00
Tony Torralba
1d745a6365 Merge pull request #10774 from atorralba/atorralba/swift/url-field-summaries 
Swift: Add summaries for tainted URL fields
 2022-10-18 15:32:23 +02:00
Arthur Baars
14f150c1f3 Merge pull request #10872 from aibaars/set-output 
CI: update actions/cache to v3
 2022-10-18 15:09:29 +02:00
Jean Helie
e2462d8a2e Merge pull request #10871 from github/atm-model-pack-update/f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d 
ATM: Update model pack to version 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d
 2022-10-18 14:55:21 +02:00
Paolo Tranquilli
fd46592dfb Merge pull request #10869 from github/redsun82/swift-no-base-suffix 
Swift: replace `Base` suffix with `Generated::` module
 2022-10-18 14:28:08 +02:00
AlexDenisov
5e17861066 Merge pull request #10870 from github/redsun82/swift-rm-schema.yml 
Swift: remove obsolete `schema.yml`
 2022-10-18 14:23:48 +02:00
Arthur Baars
f56e155080 CI: update actions/cache to v3 2022-10-18 14:07:52 +02:00
github-actions[bot]
fa274e4375 ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d 2022-10-18 11:53:42 +00:00
Paolo Tranquilli
8a839c8b96 Swift: remove obsolete schema.yml 2022-10-18 12:51:56 +02:00
Paolo Tranquilli
9c7eec5e44 Swift: remove debug print from qlgen.py 2022-10-18 12:48:18 +02:00
Tony Torralba
0eeaf71716 Simplify models by introducing TaintInheritingContent 2022-10-18 12:36:18 +02:00
Paolo Tranquilli
e29fe54b3c Swift: remove redudant import 2022-10-18 12:35:35 +02:00
Paolo Tranquilli
f4f5e3e382 Swift: remove redundant module namespace 2022-10-18 12:32:31 +02:00
Paolo Tranquilli
af3f782ad5 Swift: fix TypeDecl.qll 2022-10-18 12:21:06 +02:00
Paolo Tranquilli
581939d139 Swift: replace non-genereated Base suffixes 
This is the effect of running
```
find swift/ql/lib/codeql/swift/elements -type f | xargs sed -ri 's/\b([A-Z]\w+)Base\b/Generated::\1/g'
```
followed by reformatting.
 2022-10-18 12:21:06 +02:00
Paolo Tranquilli
307c885c1f Swift: use Generated:: instead of Base suffix 
This commit changes `codegen` and the generated classes.
 2022-10-18 12:21:06 +02:00
Calum Grant
643cfced6a Merge pull request #10837 from github/calumgrant/ruby-frameworks2 
Ruby: Add more frameworks to the list of supported frameworks
 2022-10-18 11:06:14 +01:00
Tamás Vajk
0069fd9681 Merge pull request #10860 from tamasvajk/kotlin-clinit-static 
Kotlin: Add `static` modifier to `clinit`
 2022-10-18 11:39:34 +02:00
Chris Smowton
67aa6c7737 Merge pull request #10822 from smowton/smowton/feature/kotlin-collection-literals 
Koltin: support collection literals
 2022-10-18 09:45:59 +01:00
Tom Hvitved
19bcd287cb Merge pull request #10867 from hvitved/ruby/orm-tracking-redundant-additional-step 
Ruby: Remove redundant additional flow step from `OrmTracking::Configuration`
 2022-10-18 10:03:51 +02:00
Tom Hvitved
d362296f1c Merge pull request #10864 from hvitved/ruby/get-a-barrier-node-join-fix 
Ruby: Fix bad join-order in `BarrierGuard::getABarrierNode`
 2022-10-18 10:03:02 +02:00
Tom Hvitved
1266d248ed Ruby: Remove redundant additional flow step from OrmTracking::Configuration 2022-10-18 09:33:29 +02:00
Tamas Vajk
b67a8877a7 Kotlin: Add static modifier to clinit 2022-10-18 09:26:06 +02:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Tom Hvitved
6c765a95ff Ruby: Fix bad join-order in BarrierGuard::getABarrierNode 
Before
```
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@6c9d334e with tuple counts:
                 0   ~0%    {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0

            554860   ~0%    {2} r2 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

                 1   ~0%    {1} r3 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

                 1   ~0%    {1} r4 = r1 UNION r3

                 7   ~0%    {1} r5 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

           3045081   ~1%    {3} r6 = JOIN DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           3045081   ~1%    {3} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
            554860   ~1%    {3} r8 = JOIN r7 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        1462917146   ~0%    {3} r9 = JOIN r8 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
           5082692   ~1%    {4} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Rhs.2, Lhs.1

                33   ~0%    {1} r11 = JOIN r10 WITH BarrierGuards#2462899b::stringConstArrayInclusionCall#3#fff ON FIRST 3 OUTPUT Lhs.3

                57   ~0%    {1} r12 = JOIN r10 WITH BarrierGuards#2462899b::stringConstCompare#3#fff ON FIRST 3 OUTPUT Lhs.3

                90   ~0%    {1} r13 = r11 UNION r12
                97   ~0%    {1} r14 = r5 UNION r13
                98   ~0%    {1} r15 = r4 UNION r14
                            return r15
```

After
```
[2022-10-17 20:35:01] Evaluated non-recursive predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar in 65ms (size: 98).
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar with tuple counts:
             0   ~0%    {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0

            33   ~0%    {1} r2 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3

            33   ~0%    {1} r3 = r1 UNION r2

            57   ~1%    {1} r4 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3

        554860   ~0%    {2} r5 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

             1   ~0%    {1} r6 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

             7   ~0%    {1} r7 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

             8   ~0%    {1} r8 = r6 UNION r7
            65   ~2%    {1} r9 = r4 UNION r8
            98   ~1%    {1} r10 = r3 UNION r9
                        return r10
```
 2022-10-17 20:39:30 +02:00
Chris Smowton
595a66a3a4 Fix extraction of primitive-typed arrays 2022-10-17 18:29:59 +01:00
Geoffrey White
040d72e7f1 Merge pull request #10857 from geoffw0/locationstring 
Swift: Give Location a useful toString
 2022-10-17 18:10:51 +01:00
Paolo Tranquilli
3a99b9845e Merge pull request #10856 from github/redsun82/swift-show-ql-class-in-collapsed-hierarchy-tests 
Swift: show QL class in generated tests on collapsed hierarchies
 2022-10-17 16:38:24 +02:00
Chris Smowton
eb97735568 Merge pull request #10797 from smowton/smowton/fix/byte-short-inversion 
Kotlin: fix bit-inversion operator for Byte and Short types
 2022-10-17 15:05:57 +01:00
Chris Smowton
e1c93c9284 Merge pull request #10816 from smowton/smowton/fix/kotlin-adapted-function-references 
Kotlin: extract function references using compiler-generated adapters
 2022-10-17 15:05:16 +01:00
Geoffrey White
dcf254a9e3 Swift: Make QL-for-QL happy. 2022-10-17 14:23:28 +01:00
Taus
f5b2eb94a6 Merge pull request #10783 from yoff/python/subscript-nodes 
Python: API graph improvements for subscripts
 2022-10-17 15:21:56 +02:00
Geoffrey White
0281bfedda Merge pull request #10689 from d10c/swift/cleartext-storage-nsuserdefaults 
Swift: Query for CWE-312: Exposure of sensitive information using NSUserDefaults
 2022-10-17 14:05:17 +01:00
Geoffrey White
13f9834fde Merge pull request #10780 from karimhamdanali/swift-hardcoded-key 
Swift: detect hardcoded encryption keys
 2022-10-17 14:02:31 +01:00
Arthur Baars
7af4c08055 Merge pull request #10803 from hmac/actiondispatch-response 
Ruby: Model ActionDispatch::Response
 2022-10-17 14:51:25 +02:00
Geoffrey White
85e164d4f6 Swift: QLDoc some stuff while we're here. 2022-10-17 13:22:44 +01:00
Geoffrey White
3b9151cb24 Swift: Restore UnknownLocation.toString(), it seems helpful. 2022-10-17 13:11:22 +01:00
Paolo Tranquilli
e49268d036 Swift: show QL class in generated tests on collapsed hierarchies 
In those kinds of tests the results may have different final classes
that are not necessarily visible (or tested) solely through the string
representation. For better testing and reading of expected results,
`getQlPrimaryClasses` is added in these cases.
 2022-10-17 14:08:04 +02:00
Geoffrey White
9c8bbe384b Swift: Add Location.toString. 2022-10-17 12:48:17 +01:00
Paolo Tranquilli
c3968a2166 Merge pull request #10854 from github/redsun82/swift-extract-implicit-conversions 
Swift: extract all `ImplicitConversionExpr`
 2022-10-17 13:46:10 +02:00
Geoffrey White
4d0c23c4da Swift: Add a test of Location.qll. 2022-10-17 12:45:26 +01:00
Chris Smowton
efd7b6e692 Use isFunction 2022-10-17 12:27:58 +01:00