hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,176 Commits 1,673 Branches 157 Tags
58bf283023edab01a0f61c78225d8c53b3b9f448
Commit Graph

44176 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
58bf283023 C#: Add suppress nullable warning expressions example. 2022-09-29 11:35:35 +02:00
Michael Nebel
940e925c31 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
b24fd13946 C#: Add postupdate note support for switch expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
d54406d599 C#: Add switch example. 2022-09-29 11:35:35 +02:00
Michael Nebel
65b32b665d C#: Update test expected output. 2022-09-29 11:35:35 +02:00
Michael Nebel
6b74e433ee C#: Support postupdate notes for NullCoalescing expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
11d67744f7 C#: Add NullCoalescing example. 2022-09-29 11:35:35 +02:00
Michael Nebel
2e5fc19e38 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
3c6f538d5c C#: Support Cast expressions to have post update notes. 2022-09-29 11:35:35 +02:00
Michael Nebel
ba4794790e C#: Add Cast example. 2022-09-29 11:35:35 +02:00
Michael Nebel
d3530b0083 C#: Re-factor nested exists into a single exists. 2022-09-29 11:35:35 +02:00
Michael Nebel
c49a16c840 C#: Update expected test output for the local flow testcases. 2022-09-29 11:35:21 +02:00
Michael Nebel
a36bba94f1 C#: Base the getAPostUpdateNote predicate purely on cfg. 2022-09-28 14:35:49 +02:00
Michael Nebel
c07c10a808 C#: Address review comments. 2022-09-28 14:35:09 +02:00
Michael Nebel
2d0a377b7a C#: Update dataflow consistency queries to cater for non unique post and pre unique update notes for conditional branches. 2022-09-28 14:35:09 +02:00
Michael Nebel
e8fd2bfc78 C#: Update expected test output. 2022-09-28 14:35:09 +02:00
Michael Nebel
e5711380f8 C#: Make postupdate notes for conditional branches. 2022-09-28 14:35:09 +02:00
Michael Nebel
7b6e684eaf C#: Update test expected output (no new flow is identified). 2022-09-28 14:35:09 +02:00
Michael Nebel
51daae01f1 C#: Add test case. 2022-09-28 14:35:09 +02:00
Robert Marsh
82bbe67267 Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Mathias Vorreiter Pedersen
549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Erik Krogh Kristensen
162edd6883 Merge pull request #10586 from erik-krogh/pyRegFix 
ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
 2022-09-27 14:41:18 +02:00
Erik Krogh Kristensen
b9937269b9 Merge pull request #10584 from erik-krogh/csharp-unqueryable 
C#: deprecate/delete some unused code
 2022-09-27 14:26:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tamás Vajk
9358070ae9 Merge pull request #10506 from tamasvajk/kotlin-enum-type-access 
Kotlin: Fix type access expressions in enum constructor calls
 2022-09-27 12:42:30 +02:00
Tamás Vajk
8a6d56a57d Merge pull request #10520 from tamasvajk/kotlin-fix-anonymous-object-comment 
Kotlin: Fix comment extraction for anonymous objects
 2022-09-27 12:42:05 +02:00
erik-krogh
ae6dd05249 deprecate unused class in query specific file 2022-09-27 12:40:05 +02:00
erik-krogh
d23b128457 delete unused code in an internal file 2022-09-27 12:31:58 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Tom Hvitved
1273db5a22 Data flow: Fix bad join-order when getAReadContent has large fan-in 
Before (terminated before completion)
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@e5ef07bh with tuple counts:
            151500     ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
            150500     ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
            149500     ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
            148500     ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2003849000     ~0%    {5} r5 = JOIN r4 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         105066500  ~9036%    {5} r6 = JOIN r5 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                              return r6
```

After
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff@302620cn with tuple counts:
        1461867  ~0%    {2} r1 = SCAN DataFlowPrivate#462ff392::Cached::TContent#f OUTPUT In.0, In.0
        3549054  ~1%    {2} r2 = JOIN r1 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        5772824  ~5%    {2} r3 = JOIN r2 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                        return r3

Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@016cd9o1 with tuple counts:
         267905  ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
         267905  ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
         267905  ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
         267905  ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2109240  ~0%    {5} r5 = JOIN r4 WITH DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                        return r5
```
 2022-09-26 20:37:53 +02:00
erik-krogh
0f1a8a6f5b deleted unused internal code 2022-09-26 20:20:52 +02:00
erik-krogh
b83ca08854 deprecate class documented as deprecated 2022-09-26 20:09:54 +02:00
Tom Hvitved
88baf0883a Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx 
Ruby: Context sensitive instance method resolution
 2022-09-26 19:55:10 +02:00
Mathias Vorreiter Pedersen
11b2a12392 Merge pull request #10572 from MathiasVP/add-cwe-193-fp 
C++: Add FP test for `CWE-193`
 2022-09-26 17:22:47 +01:00
Michael Nebel
40a75fdd12 Merge pull request #9406 from JarLob/controller 
Extend aspnetcore controller definition
 2022-09-26 16:34:39 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Anders Schack-Mulligen
17dba00264 Dataflow: Minor visibility cleanup. 2022-09-26 16:09:42 +02:00
Jaroslav Lobačevski
57fcfd5e7d Apply suggestions from code review 2022-09-26 14:55:29 +02:00
Jaroslav Lobačevski
fa503ec3f2 Create 2022-08-24-aps-net-core-controllers.md 2022-09-26 14:55:29 +02:00
Michael Nebel
37795226a4 C#: Exclude stub implementation in test results. 2022-09-26 14:55:29 +02:00
Michael Nebel
29639a0ad5 C#: ControllerBase should still be considered a controller as we need Redirect methods to be considered sinks. 2022-09-26 14:55:29 +02:00