hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,760 Commits 1,714 Branches 163 Tags
649c2ce188239bb8d2e75cb60401ce83de314e0e
Commit Graph

25760 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
649c2ce188 Merge pull request #6586 from hvitved/dataflow/stage2-precise-call-ctx-take2 
Data flow: Add precise call contexts to stage 2
 2021-09-10 11:34:35 +02:00
CodeQL CI
0673355f31 Merge pull request #6649 from rhysd/discussion-untrusted-inputs 
Approved by erik-krogh
 2021-09-10 01:44:54 -07:00
Anders Peter Fugmann
1bbadb57a2 Merge pull request #6568 from andersfugmann/andersfugmann/improve_upper_bound 
C++: Improve predicate upperBound in SimpleRangeAnalysis
 2021-09-10 09:49:48 +02:00
Tom Hvitved
296d10fe2a Data flow: Adjust callMayFlowThroughFwd pragmas 2021-09-10 09:21:24 +02:00
Anders Schack-Mulligen
3e17fdcaa3 Merge pull request #6407 from bmuskalla/charSeqSubSeq 
Java: Track taint for CharSequence#subSequence
 2021-09-10 09:01:29 +02:00
rhysd
97ed9edd32 JS: Detect untrusted inputs in 'discussion' and 'discussion_comment' payloads 2021-09-10 10:42:58 +09:00
Chris Smowton
5b8b27a2aa Merge pull request #6651 from smowton/smowton/admin/functional-interface-tests 
Add tests for functional interfaces
 2021-09-09 22:02:16 +01:00
Tamás Vajk
ad04099ac2 Merge pull request #6630 from tamasvajk/feature/interface-runtimecallable 
C# Extend runtime callables to cover interface members with default implementation
 2021-09-09 17:24:55 +02:00
Andrew Eisenberg
4c74709019 Merge pull request #6606 from github/aeisenberg/docs 
Update the docs about qlpacks
 2021-09-09 07:42:24 -07:00
Anders Schack-Mulligen
13c4b93d3d Merge pull request #6648 from aschackmull/java/func-interface 
Java: Fix FunctionalInterface.
 2021-09-09 16:14:14 +02:00
Benjamin Muskalla
9d5e48430e Merge branch 'main' into charSeqSubSeq 2021-09-09 16:04:36 +02:00
Chris Smowton
a0bf170d02 Add test for functional interfaces 2021-09-09 15:00:42 +01:00
Anders Schack-Mulligen
ec3990c619 Java: Fix FunctionalInterface. 2021-09-09 15:04:22 +02:00
Anders Schack-Mulligen
c4956a4ade Merge pull request #6376 from bmuskalla/thirdpartyapitelemtry 
Java: Introduce queries to capture information about 3rd party API usage
 2021-09-09 13:55:47 +02:00
Anders Fugmann
270dbd2bf7 C++: Revert peer review suggestion. 
The suggested change has a severe impact on row counts, as cpp does not cache
the results for `bbDominates`. Since the `getGuardedUpperBound` predicate the
cost of runtime complexity is considered higher than the benefit of this change.
 2021-09-09 13:26:42 +02:00
Anders Fugmann
6c44b0e6e7 C++: Add test case where a guarded block has two predecessors which are both in the dominance domain of the guard 2021-09-09 13:18:49 +02:00
Benjamin Muskalla
c0e65e71b4 Revert "Java: Fix external flow perofrmance with future optimiser." 
This reverts commit be1d4c04f2.
 2021-09-09 13:06:23 +02:00
Benjamin Muskalla
eef044f4d0 Add test to capture expected parameter format 2021-09-09 13:05:15 +02:00
Benjamin Muskalla
a1b7437f8d Merge branch 'main' into thirdpartyapitelemtry 2021-09-09 11:11:42 +02:00
Andrew Eisenberg
fb90bb4241 Remove outdated section 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-09-08 10:45:50 -07:00
Andrew Eisenberg
ec5435befd Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-09-08 08:13:15 -07:00
Benjamin Muskalla
96a34b6165 Fix value flow for fluent api 2021-09-08 16:12:52 +02:00
Anders Schack-Mulligen
5d58edb3b9 Merge pull request #6641 from aschackmull/dataflow/edges-fasttc 
Dataflow: Only calculate fastTC for the relevant part of edges.
 2021-09-08 15:45:46 +02:00
Benjamin Muskalla
b47507293a Minor fixes for fluent apis 2021-09-08 15:32:41 +02:00
Tamas Vajk
9ab6c29cd3 Extend runtime callables to cover interface members with default implementation 2021-09-08 15:07:49 +02:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Chris Smowton
5d37748973 Merge pull request #6631 from github/Claim-Java-16-support 
Claim Java 16 support
 2021-09-08 12:31:28 +01:00
Benjamin Muskalla
67eaa1b735 Fix qldoc 2021-09-08 13:08:28 +02:00
Anders Schack-Mulligen
1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Schack-Mulligen
2e9876f58f Dataflow: Only calculate fastTC for the relevant part of edges. 2021-09-08 13:01:29 +02:00
Anders Fugmann
f91bd91d02 C++: Apply suggested change from code review 2021-09-08 12:38:53 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Anders Schack-Mulligen
3f5b9d0f54 Merge pull request #6637 from github/alexet/imporve-query 
Java: Fix performance issues with future versions of codeql.
 2021-09-08 11:16:19 +02:00
Anders Fugmann
e93dc0b4c4 C++: Fix comment in getGuardedUpperBound 2021-09-08 11:06:58 +02:00
alexet
81f4822b8d Java: Fix performance with future optimiser by caching a predicate 2021-09-07 16:38:40 +01:00
alexet
be1d4c04f2 Java: Fix external flow perofrmance with future optimiser. 2021-09-07 16:38:39 +01:00
alexet
726feb3f4d Java: Fix magic in TC with future optimiser. 2021-09-07 16:38:39 +01:00
Tamás Vajk
f90d1fd70e Merge pull request #6636 from tamasvajk/fix/stubbing-2 
C#: Fix member order (yet again) in stubbing
 2021-09-07 17:37:29 +02:00
Rasmus Wriedt Larsen
995a8192a9 Merge pull request #6635 from github/RasmusWL/fix-csharp-cwe-tag 
C#: Fix CWE tag for `cs/insufficient-key-size`
 2021-09-07 15:54:42 +02:00
Tom Hvitved
3d4db42da4 Merge pull request #6634 from hvitved/csharp/codeql-manual-build-command 
C#: Use explicit Code Analysis build command
 2021-09-07 15:31:20 +02:00
Tamas Vajk
469993f6d3 C#: Fix member order (yet again) in stubbing 
With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order
for these members.
 2021-09-07 15:26:03 +02:00
CodeQL CI
5b229e9392 Merge pull request #6574 from asgerf/js/vue-api-graphs 
Approved by erik-krogh
 2021-09-07 05:53:30 -07:00
Tamás Vajk
d7934865c9 Merge pull request #6628 from tamasvajk/feature/fix-stub-escaping 
C#: improve stubbing to escape more member names (not just fields)
 2021-09-07 14:29:44 +02:00
Benjamin Muskalla
f7ad894495 Fix name of api filter predicate 2021-09-07 14:28:58 +02:00
Benjamin Muskalla
22df141761 Rename API name predicate 2021-09-07 14:17:13 +02:00
Taus
b99c075282 Merge pull request #6460 from yoff/python-regex-parsing-consistency-checks 
Python: Add regex parsing consistency checks
 2021-09-07 13:33:59 +02:00
Tom Hvitved
bef05f885c C#: Update CIL data flow tests 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f6541811d2 Dataflow: Update more tests. 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Rasmus Wriedt Larsen
8f52089475 C#: Fix CWE tag for cs/insufficient-key-size 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
 2021-09-07 12:59:10 +02:00