hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,891 Commits 1,673 Branches 157 Tags
2d44724acd49aaa35f0254d4b47a358b18f3fa7c
Commit Graph

58891 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
2d44724acd Merge pull request #14281 from aibaars/aibaars/java-standalone-test 
Java: standalone: add basic integration tests
 2023-09-21 20:09:02 +02:00
Chris Smowton
ffd0a72e74 Merge pull request #14285 from smowton/smowton/test/module-in-wrongly-named-file 
Java: Test module definition in a file not named module-info.java in a buildless extraction
 2023-09-21 19:03:35 +01:00
Chris Smowton
04258f8cfc Remove actual file 2023-09-21 16:41:17 +01:00
Alex Ford
67019c6784 Merge pull request #14274 from alexrford/rb/dataflow-tidy 
Ruby: Minor fixes for dataflow queries
 2023-09-21 16:33:34 +01:00
Chris Smowton
14998606b7 Add test for the case of a module definition in a file not named module-info.java in a buildless extraction 2023-09-21 14:40:42 +01:00
Alex Ford
4031623fda Ruby: delete identical-files refs to deleted files 2023-09-21 14:22:34 +01:00
Alex Ford
840b1e0a73 Ruby: delete DataFlowImplForHttpClientLibraries 2023-09-21 14:11:46 +01:00
Alex Ford
a64d37211d Ruby: use new dataflow api in Typhoeus.qll 2023-09-21 14:11:09 +01:00
Alex Ford
699f752ded Ruby: use new dataflow api in RestClient.qll 2023-09-21 14:09:41 +01:00
Arthur Baars
722ee165d7 Java: standalone: add basic integration tests 2023-09-21 15:09:40 +02:00
Alex Ford
25203d98c3 Ruby: use new dataflow api in OpenURI.qll 2023-09-21 14:08:22 +01:00
Alex Ford
09782296df Ruby: use new dataflow api in NetHttp.qll 2023-09-21 14:06:40 +01:00
Alex Ford
fc7e753035 Ruby: use new dataflow api in Httparty.qll 2023-09-21 14:04:46 +01:00
Paolo Tranquilli
e9e58d97be Merge pull request #14280 from github/revert-14011-revert-13991-redsun82/swift-use-concepts 
Revert "Revert "Swift: use C++20 constraints and concepts to simplify code""
 2023-09-21 15:04:30 +02:00
Alex Ford
92941a45f9 Ruby: use new dataflow api in HttpClient.qll 2023-09-21 14:03:09 +01:00
Geoffrey White
05309810b8 Merge pull request #14266 from geoffw0/quickfix 
Swift: Improve taint models for NSString
 2023-09-21 13:09:01 +01:00
Alex Ford
1ffcf4b9c4 Ruby: use new dataflow api in Faraday.qll 2023-09-21 13:07:06 +01:00
Alex Ford
1dbba19238 Ruby: use new dataflow api in Excon.qll 2023-09-21 13:00:17 +01:00
Alex Ford
489f598551 Ruby: delete DataFlowImplForPathname 2023-09-21 12:50:12 +01:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
13f7daf71e Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning 
Dataflow: Add type-based call-edge pruning.
 2023-09-21 13:33:08 +02:00
Alex Ford
4cb91e022f Ruby: deprecate some flow states 2023-09-21 12:24:15 +01:00
Alex Ford
9d421ffa8d Ruby: configsig rb/improper-ldap-auth 2023-09-21 12:24:15 +01:00
Anders Schack-Mulligen
3dadfa2243 Dataflow: review fixes 2023-09-21 11:52:41 +02:00
Mathias Vorreiter Pedersen
3d8231be1b Merge pull request #14269 from MathiasVP/add-getParameter-to-parameter-node 2023-09-21 09:20:57 +01:00
Paolo Tranquilli
60b7d79fba Revert "Revert "Swift: use C++20 constraints and concepts to simplify code"" 2023-09-21 10:17:22 +02:00
Tamás Vajk
40bf5c17fb Merge pull request #14273 from tamasvajk/standalone/remove-runtime-nuget-packages 
C#: Remove platform-specific runtime nuget packages from the reference list in Standalone
 2023-09-21 09:50:10 +02:00
Erik Krogh Kristensen
0783d7b271 Merge pull request #14278 from github/dependabot/cargo/ql/rayon-1.8.0 
Bump rayon from 1.7.0 to 1.8.0 in /ql
 2023-09-21 08:30:41 +02:00
Tamás Vajk
011391bd27 Merge pull request #14243 from tamasvajk/parallelize-restore 
C#: Parallelize restore logic of missing packages
 2023-09-21 08:04:27 +02:00
dependabot[bot]
d0554a05f9 Bump rayon from 1.7.0 to 1.8.0 in /ql 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.7.0 to 1.8.0.
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.7.0...rayon-core-v1.8.0)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-21 03:10:09 +00:00
Tamas Vajk
d29585c8b7 C#: Remove platform-specific runtime nuget packages from the reference list in Standalone 2023-09-20 15:24:01 +02:00
Anders Schack-Mulligen
d285afba08 Typetracking: minor perf fix. 2023-09-20 14:52:49 +02:00
Tom Hvitved
455cde2f64 Merge pull request #14267 from hvitved/ruby/fix-join 
Ruby: Fix bad join
 2023-09-20 13:49:51 +02:00
Chris Smowton
07dbad509c Merge pull request #14265 from phillmv/patch-1 
s/Replace/ReplaceAll/ in LogInjectionGood.go
 2023-09-20 11:06:15 +01:00
Chris Smowton
a8afa05b1d Correct ReplaceAll params 
ReplaceAll doesn't take a count argument
 2023-09-20 10:00:53 +01:00
Mathias Vorreiter Pedersen
22d66b6d81 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2023-09-20 09:56:10 +01:00
Mathias Vorreiter Pedersen
fb1ce2ab70 C++: Lift 'getParameter' to 'ParameterNode'. 2023-09-20 09:51:35 +01:00
Rasmus Wriedt Larsen
8e864ab84a Merge pull request #14262 from RasmusWL/dataflow-labeler 
Misc: Update auto labeler for shared dataflow pack
 2023-09-20 10:26:44 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Anders Schack-Mulligen
d7e965f863 Dataflow: Add lightweight api based on TypeTracking. 2023-09-20 10:21:21 +02:00
Anders Schack-Mulligen
d7bd8c7ffd Shared/TypeTracking: Add support for flow from non-LocalSourceNode source and bugfix in smallstep. 2023-09-20 10:19:33 +02:00
Tom Hvitved
1442bddf36 Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@3c903abq with tuple counts:
          280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
          280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          103843  ~5%    {3} r4 = JOIN r3 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        19665045  ~0%    {3} r5 = JOIN r4 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
        19497860  ~0%    {3} r6 = JOIN r5 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        19496808  ~0%    {3} r9 = JOIN r8 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, true, In.1, In.2
           49434  ~7%    {3} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3
             117  ~4%    {3} r12 = JOIN r11 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
               0  ~0%    {1} r13 = JOIN r12 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 2 OUTPUT Lhs.2
                         return r13
```

After
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@137a23jm with tuple counts:
        280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
        280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        102517  ~1%    {2} r4 = JOIN r3 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r5 = JOIN r4 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r6 = JOIN r5 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        102378  ~0%    {2} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~0%    {3} r8 = SCAN r7 OUTPUT In.0, true, In.1
          7417  ~5%    {2} r9 = JOIN r8 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
            22  ~0%    {2} r10 = JOIN r9 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r11 = JOIN r10 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r12 = JOIN r11 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             0  ~0%    {1} r13 = JOIN r12 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0
                       return r13
```
 2023-09-20 09:51:15 +02:00
Geoffrey White
af315c5072 Swift: Change note. 2023-09-19 23:02:14 +01:00
Geoffrey White
1b74b49bb3 Swift: Improve NSString models for varargs functions. 2023-09-19 23:02:14 +01:00
Phill MV
11218f79c6 s/Replace/ReplaceAll/ in LogInjectionGood.go 2023-09-19 14:43:54 -04:00
Geoffrey White
f8c5a9a264 Swift: Test localizedStringWithFormat a bit better. 2023-09-19 18:43:54 +01:00
Geoffrey White
8354439d8d Merge pull request #14263 from geoffw0/typos 
CPP / Swift: Typos
 2023-09-19 18:02:33 +01:00
Geoffrey White
a3579f6e38 Merge branch 'main' into typos 2023-09-19 16:44:13 +01:00
Owen Mansel-Chan
650d8069f6 Merge pull request #14131 from omahs/patch-1 
Docs: fix minor typos
 2023-09-19 15:53:07 +01:00
Geoffrey White
935b7600ca Swift: Fix typos. 2023-09-19 15:19:00 +01:00