hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,158 Commits 1,671 Branches 157 Tags
319b781ce32b998474570b20e98f96f5965a4a00
Commit Graph

77158 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Óscar San José
319b781ce3 Add reference to official codeql system requirements doc 2025-03-17 15:57:32 +01:00
Óscar San José
258794a57e Add python and npm to Dockerfile.codespaces 2025-03-17 12:37:47 +01:00
Tom Hvitved
0e3907b2a8 Merge pull request #19035 from hvitved/rust/type-inference-path-limit 
Rust: Limit `TypePath`s to at most length 10
 2025-03-17 12:01:31 +01:00
Jeroen Ketema
43a03de195 Merge pull request #19030 from MathiasVP/atl-namespace-fix 
C++: Fix ATL models' namespace column
 2025-03-17 11:28:16 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Napalys Klicius
9134f79fd2 Merge pull request #18984 from Napalys/js/extractor_error_handler 
JS: Extractor handle error instead of exiting.
 2025-03-17 10:11:26 +01:00
Simon Friis Vindum
72346cc392 Merge pull request #19004 from paldepind/rust-data-flow-split 
Rust: Extract data flow node and content into separate files
 2025-03-17 07:02:35 +01:00
Tom Hvitved
dfc39272b4 Rust: Limit TypePaths to at most length 10 2025-03-16 20:35:16 +01:00
Aditya Sharad
996bc47ae8 Merge pull request #19032 from adityasharad/docs/remove-semmle-training-slide-template 
Docs: Remove old CodeQL training slide template
 2025-03-15 06:17:42 +05:30
Aditya Sharad
9e8a3145ac Docs: Remove old CodeQL training slide template 
The slide contents (images and RST) remain.
Remove the HTML/JS/CSS templates since we're not maintaining them,
and this creates unnecessary burden keeping the JS libraries up to date
with security patches.
 2025-03-14 15:16:59 -07:00
Owen Mansel-Chan
f0af5af015 Merge pull request #19015 from owen-mc/java/toctou-sync-methods 
Java: Fix FP in "Time-of-check time-of-use race condition" (`java/toctou-race-condition`)
 2025-03-14 21:35:51 +00:00
Mathias Vorreiter Pedersen
a035c9b4d1 C++: Also update source-sink tests. 2025-03-14 20:04:45 +00:00
Tom Hvitved
a56493cbbc Merge pull request #19028 from hvitved/rust/crate-locatable 2025-03-14 20:27:33 +01:00
Mathias Vorreiter Pedersen
b7d1c56372 C++: Add change note. 2025-03-14 18:53:09 +00:00
Mathias Vorreiter Pedersen
636150ea4f C++: Adjust tests and accept test changes. 2025-03-14 18:43:33 +00:00
Mathias Vorreiter Pedersen
78697903fc C++: Move ATL models to ATL namespace. 2025-03-14 18:43:06 +00:00
Aditya Sharad
c5b35b0976 Merge pull request #19022 from adityasharad/actions/paths-ignore-test-dir 
Code scanning config: Exclude actions test directory
 2025-03-14 23:44:16 +05:30
Napalys
c93be70053 Rename validation methods for type expressions and added recursive call for type validation. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 14:58:27 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Aditya Sharad
28f40f1d45 Merge pull request #19023 from adityasharad/actions/env-var-query-names 
Actions: Fix typos in query names for env var injection
 2025-03-14 19:11:11 +05:30
Napalys Klicius
70232a34f3 Merge pull request #19006 from Napalys/js/vue_tanstack_model 
Js: Added support for `@tanstack/vue-query`
 2025-03-14 14:36:35 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
d40ef0ddae Changed from taint to value steps. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 13:48:15 +01:00
Napalys
1468e81c55 Ensure interface extends valid expr. 2025-03-14 13:41:37 +01:00
Anders Schack-Mulligen
474b8a5a31 Merge pull request #18942 from aschackmull/cpp/refactor-ssa 
C++: Refactor SSA usage in data flow.
 2025-03-14 13:31:32 +01:00
Simon Friis Vindum
5a3bf90b1f Rust: Add qldoc comments 2025-03-14 13:31:03 +01:00
Simon Friis Vindum
a96a5fc737 Rust: Address PR comments 2025-03-14 13:24:16 +01:00
Tom Hvitved
0dd59cbb25 Rust: Make Crate a sub class of Locatable 2025-03-14 13:18:02 +01:00
Simon Friis Vindum
60f96eee7e Merge pull request #19026 from paldepind/rust-expr-type-eq 
Rust: Handle type equality for a few more expression types
 2025-03-14 13:14:52 +01:00
Owen Mansel-Chan
7702e9da7d Address review comments 2025-03-14 11:44:01 +00:00
Owen Mansel-Chan
5c7588822d Fix test output 2025-03-14 11:44:00 +00:00
Simon Friis Vindum
c17c0458dd Rust: Handle type equality for a few more expression types 2025-03-14 11:59:34 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys
c4b717b86c Added test case for escape. 2025-03-14 11:40:23 +01:00
Simon Friis Vindum
82304832e8 Rust: Add type inference examples 2025-03-14 11:13:16 +01:00
Anders Schack-Mulligen
c2309442d5 C++: Accept qltest changes. 2025-03-14 10:51:28 +01:00
Mathias Vorreiter Pedersen
90774c03be C++: Remove yet another DefinitionExt reference. 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
35687ea698 C++: Merge two cached stages. 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
7bfd47a924 C++: Fix bad join order. 
Before:

[2025-03-12 10:27:53] Evaluated non-recursive predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@e87543ui in 935ms (size: 8905695).
Evaluated relational algebra for predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@e87543ui with tuple counts:
                          {3} r1 = SsaInternals::DirectUseImpl#a58aae88 AND NOT `_ArithmeticOperation::PostfixCrementOperation#17623ada_Expr::UnaryOperation.getOperand/0#dispred#990__#antijoin_rhs`(FIRST 3)
         8579337   ~4%    {2}    | SCAN OUTPUT In.1, In.0
         8579337   ~0%    {2}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         8579337   ~0%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

           48215   ~2%    {2} r2 = SCAN SsaInternals::GlobalUse#9cd323b4 OUTPUT In.2, In.0
        35467318   ~3%    {2}    | JOIN WITH `SSAConstruction::getInstructionEnclosingIRFunction/1#5443f355_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

           48189   ~0%    {2} r3 = JOIN r2 WITH Instruction::ReturnInstruction#28bfb7eb ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           12332   ~0%    {2} r4 = JOIN r2 WITH Instruction::UnreachedInstruction#774c7a34 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           60521   ~0%    {2} r5 = r3 UNION r4
           60521   ~2%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

           39316   ~0%    {2} r6 = JOIN SsaInternals::FinalParameterUse#c1f84700_10#join_rhs WITH `Parameter::Parameter.getFunction/0#dispred#803faca2` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        43821265   ~0%    {2}    | JOIN WITH `Instruction::Instruction.getEnclosingFunction/0#dispred#cb8ccc56_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

           39194   ~0%    {2} r7 = JOIN r6 WITH Instruction::ReturnInstruction#28bfb7eb ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           21255   ~2%    {2} r8 = JOIN r6 WITH Instruction::UnreachedInstruction#774c7a34 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           60449   ~0%    {2} r9 = r7 UNION r8
           60449   ~3%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

         8784725   ~1%    {5} r10 = JOIN `_SsaInternals::DirectUseImpl#a58aae88_SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0_SsaInte__#shared` WITH `SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3
         8784725   ~0%    {5}    | JOIN WITH `cached_SSAConstruction::getInstructionAst/1#d0d95b50` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
          210435   ~4%    {5}    | JOIN WITH `Expr::UnaryOperation.getOperand/0#dispred#990de484#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
          205388   ~0%    {4}    | JOIN WITH ArithmeticOperation::PostfixCrementOperation#17623ada ON FIRST 1 OUTPUT Lhs.4, Lhs.3, Lhs.2, Lhs.1
          205388   ~4%    {3}    | JOIN WITH `__IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs__ArithmeticOperation::PostfixCrementOperat__#join_rhs` ON FIRST 3 OUTPUT Rhs.4, Lhs.3, Rhs.3
          205388   ~0%    {3}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
          205388   ~1%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2

         8905695   ~0%    {3} r11 = r1 UNION r5 UNION r9 UNION r10
                          return r11

After:

[2025-03-12 11:12:48] Evaluated non-recursive predicate SsaInternals::hasReturnPosition/3#02f7eab8@bc405c4l in 3ms (size: 49368).
Evaluated relational algebra for predicate SsaInternals::hasReturnPosition/3#02f7eab8@bc405c4l with tuple counts:
        49368  ~3%    {1} r1 = Instruction::ReturnInstruction#28bfb7eb UNION Instruction::UnreachedInstruction#774c7a34
        49368  ~0%    {2}    | JOIN WITH `cached_SSAConstruction::getInstructionEnclosingIRFunction/1#5443f355` ON FIRST 1 OUTPUT Lhs.0, Rhs.1
        49368  ~2%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
                      return r1

[2025-03-12 11:12:54] Evaluated non-recursive predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@6e30cduo in 549ms (size: 8905695).
Evaluated relational algebra for predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@6e30cduo with tuple counts:
          48215   ~2%    {2} r1 = SCAN SsaInternals::GlobalUse#9cd323b4 OUTPUT In.2, In.0
          60521   ~2%    {3}    | JOIN WITH `SsaInternals::hasReturnPosition/3#02f7eab8` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

          50725   ~0%    {2} r2 = JOIN `IRFunctionBase::IRFunctionBase.getFunction/0#dispred#b024672e_10#join_rhs` WITH `Parameter::Parameter.getFunction/0#dispred#803faca2_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          39231   ~2%    {2}    | JOIN WITH SsaInternals::FinalParameterUse#c1f84700_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          60449   ~3%    {3}    | JOIN WITH `SsaInternals::hasReturnPosition/3#02f7eab8` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

                         {3} r3 = SsaInternals::DirectUseImpl#a58aae88 AND NOT `_ArithmeticOperation::PostfixCrementOperation#17623ada_Expr::UnaryOperation.getOperand/0#dispred#990__#antijoin_rhs`(FIRST 3)
        8579337   ~1%    {2}    | SCAN OUTPUT In.1, In.0
        8579337   ~0%    {2}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        8579337   ~1%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

        8784725   ~0%    {5} r4 = JOIN `_SsaInternals::DirectUseImpl#a58aae88_SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0_SsaInte__#shared` WITH `SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3
        8784725   ~0%    {5}    | JOIN WITH `cached_SSAConstruction::getInstructionAst/1#d0d95b50` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         210435   ~0%    {5}    | JOIN WITH `Expr::UnaryOperation.getOperand/0#dispred#990de484#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         205388   ~2%    {4}    | JOIN WITH ArithmeticOperation::PostfixCrementOperation#17623ada ON FIRST 1 OUTPUT Lhs.4, Lhs.3, Lhs.2, Lhs.1
         205388   ~0%    {3}    | JOIN WITH `__IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs__ArithmeticOperation::PostfixCrementOperat__#join_rhs` ON FIRST 3 OUTPUT Rhs.4, Lhs.3, Rhs.3
         205388   ~0%    {3}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
         205388   ~0%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2

        8905695   ~0%    {3} r5 = r1 UNION r2 UNION r3 UNION r4
                         return r5
 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
ba13d7fffe C++: Remove superfluous disjunct. 2025-03-14 10:51:26 +01:00
Anders Schack-Mulligen
ecb5e7ad07 C++: Fix spurious ExprNode fanout in DataFlowIntegration. 2025-03-14 10:51:26 +01:00
Anders Schack-Mulligen
b5a2f5d3ff C++: Remove useless ipa wrapper. 2025-03-14 10:51:25 +01:00
Anders Schack-Mulligen
4bd35b10fc C++: Delete dead code. 2025-03-14 10:51:25 +01:00
Anders Schack-Mulligen
6ba1d2ef14 C++: Replace DefinitionExt usage with Definition. 2025-03-14 10:51:24 +01:00
Anders Schack-Mulligen
9375e571b1 C++: Use SSA data flow integration module. 2025-03-14 10:51:24 +01:00
Anders Schack-Mulligen
c7ff2f55b5 C++: Remove yet another DefinitionExt reference. 2025-03-14 10:51:23 +01:00
Anders Schack-Mulligen
e01552c3f0 C++: Remove another DefinitionExt reference. 2025-03-14 10:51:23 +01:00