hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,553 Commits 1,723 Branches 164 Tags
46736a137c7dcfbc2380040dc3b15909bd5e15c8
Commit Graph

31553 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00
Chris Smowton
2c37885f6e Sync dataflow 2022-01-18 10:30:09 +01:00
Chris Smowton
7c9b44b4cb Don't include arg -> param edges in PathGraph::edges whose arg is not reachable 
This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.
 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
c41ec1f8ec Merge pull request #7619 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-18 09:17:40 +01:00
github-actions[bot]
b8959f7bdb Add changed framework coverage reports 2022-01-18 00:10:52 +00:00
Erik Krogh Kristensen
d63f4bfd94 Merge pull request #7615 from erik-krogh/super-charpred 
QL: support this.method() calls in the charpred that references non-extending supertypes
 2022-01-17 18:32:10 +01:00
Erik Krogh Kristensen
a4cfb80b81 QL: update comment 2022-01-17 17:19:15 +00:00
Erik Krogh Kristensen
85c273a413 QL: support this.method() calls in the charpred that references non-extending supertypes 2022-01-17 17:42:35 +01:00
Owen Mansel-Chan
065043b311 Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates 
Dataflow: Add language-specific NeedsReference predicates
 2022-01-17 15:51:34 +00:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem 
Java: Create new query Cleartext storage of sensitive information in Android filesystem
 2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection 
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
 2022-01-17 14:02:15 +01:00
Tom Hvitved
3c837c322b Merge pull request #7514 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:33 +01:00
Tony Torralba
7beab7cb59 Apply code review suggestions 2022-01-17 12:02:27 +01:00
Mathias Vorreiter Pedersen
78642aaae2 Merge pull request #7593 from MathiasVP/fix-join-order-in-get-conversion-type 
C++: Fix join order in 'getConversionType4'
 2022-01-17 11:01:08 +00:00
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:20:39 +01:00
Tony Torralba
ba3a4fb717 Rename filesystemStore predicate after d9e6e5aa04 2022-01-17 11:13:41 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
d9e6e5aa04 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2022-01-17 11:11:04 +01:00
Tony Torralba
9bbba3c96f Adjust UnsupportedExternalAPIs test 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Paolo Tranquilli
6a53b7b233 Merge pull request #7543 from github/rdmarsh2/cpp/hex-format-range-analysis 
C++: Use range analysis for maximum lengths of `%x` formats
 2022-01-17 08:32:34 +01:00
Tom Hvitved
2ecf0d3264 Merge pull request #7550 from michaelnebel/csharp/global-using 
C#: Support for identifying whether a using directive is "global".
 2022-01-14 20:03:18 +01:00
Robert Marsh
5df6bcf952 C++: change note for hex format range analysis 2022-01-14 13:18:58 -05:00
Dave Bartolomeo
bce2a810a3 Merge pull request #7400 from github/dbartol/change-note-instructions 
Add instructions for creating change notes.
 2022-01-14 13:10:44 -05:00
Robert Marsh
9de63b2812 Merge branch 'main' into rdmarsh2/cpp/hex-format-range-analysis 
Accept test changes from query split
 2022-01-14 12:53:52 -05:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Ian Lynagh
bba8e45e74 Merge pull request #7602 from igfoo/igfoo/typos 
Fix a couple of typos: clases / clasess
 2022-01-14 15:56:04 +00:00
Henry Mercer
ed28b7f174 Merge pull request #7575 from github/henrymercer/atm-remove-code-to-features 
JS: Remove ATM `CodeToFeatures` library
 2022-01-14 15:31:34 +00:00
Michael Nebel
e09009cd8e Merge pull request #7118 from michaelnebel/csharp-primary-ql-class 
C#: PrimaryQlClass
 2022-01-14 16:14:28 +01:00
Ian Lynagh
22dc24629f Fix a couple of typos: clases / clasess 2022-01-14 14:28:29 +00:00
Michael Nebel
8c6c8b0adb C#: Remove un-needed ql doc comment. 2022-01-14 12:55:54 +01:00
Mathias Vorreiter Pedersen
b51c85597b Merge pull request #7529 from erik-krogh/fixup-library-deps 
QL: recognize dependecies of the form: libraryPathDependencies: library-name
 2022-01-14 11:13:56 +00:00
Erik Krogh Kristensen
b02fecf125 Merge pull request #7600 from erik-krogh/ql-for-ql-team 
QL: change reviewers of QL-for-QL to a newly created team
 2022-01-14 11:45:40 +01:00
Erik Krogh Kristensen
47e56365c4 QL: change reviewers of QL-for-QL to a newly created team 2022-01-14 11:32:09 +01:00
Henry Mercer
d55e6d1ca7 Merge pull request #7594 from github/henrymercer/js-atm-rename-queries 
JS: Update names, IDs, and tags for ML-powered queries
 2022-01-14 10:28:24 +00:00
Mathias Vorreiter Pedersen
6d95d47467 Merge branch 'main' into fix-join-order-in-get-conversion-type 2022-01-14 09:53:17 +00:00
Michael Nebel
6009d71e9a C#: Add getAPrimaryQlClass override to UnknownExpr. 2022-01-14 10:41:44 +01:00
Mathias Vorreiter Pedersen
68385dfab5 Merge pull request #7386 from github/redsun82/cpp-overrunning-write-precision-split 
C++: split `cpp/overrunning-write` into two
 2022-01-14 09:11:39 +00:00
Tom Hvitved
6c20585fc7 C#: Eliminate bad magic optimization 
```
[2022-01-14 08:57:14] (253s) Tuple counts for Stmt::getAChild#bbf/3@8dfbc66f after 1m53s:
                      4922010396 ~5%     {3} r1 = JOIN ControlFlowElement::ControlFlowElement::getEnclosingCallable_dispred#ff_10#join_rhs WITH ControlFlowElement::ControlFlowElement::getEnclosingCallable_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'cfe', Rhs.1 'cfe', Lhs.0 'c'
                      1597068    ~2%     {3} r2 = JOIN r1 WITH Element::Element::getAChild_dispred#ff ON FIRST 2 OUTPUT Lhs.0 'cfe', Lhs.2 'c', Lhs.1 'result'
                                         return r2
```
 2022-01-14 10:10:23 +01:00
Tom Hvitved
411d2b2876 C#: Update stats 2022-01-14 10:10:23 +01:00
Michael Nebel
f025db0371 C#: Add downgrade script for deleting using_global relation. 2022-01-14 10:10:23 +01:00
Michael Nebel
dcd6a6be40 C#: Add database upgrade script for adding the using_global relation. 2022-01-14 10:10:22 +01:00
Michael Nebel
a1eff1603a C#: Add test for global using directive. 2022-01-14 10:10:22 +01:00
Michael Nebel
c118d9bf6f C#: Add support for the global modifier for using directives. 2022-01-14 10:10:22 +01:00
Michael Nebel
e305a8a6c5 C#: Refactor Tuples to use expression body syntax. 2022-01-14 10:10:22 +01:00
Michael Nebel
6e72f6e2c4 C#: Refactor to re-use code to extract modifier tokens. 2022-01-14 10:10:13 +01:00
Edoardo Pirovano
f2818ebb5e Merge pull request #7489 from edoardopirovano/fix-example 
Fix example in JavaScript query
 2022-01-14 08:58:28 +00:00