hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
58,709 Commits 1,741 Branches 165 Tags
6c7833f28cd3fa3dc02605ac8e06950c5c02fbe6
Commit Graph

58709 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
6c7833f28c Merge pull request #14223 from MathiasVP/add-explicit-dereferenced-by-operation-base-case-predicate 
C++: Add a `directDereferencedByOperation` predicate
 2023-09-15 10:19:26 +01:00
Tom Hvitved
14561c414b Merge pull request #14225 from hvitved/ruby/fix-bad-join 
Ruby: Fix a bad join
 2023-09-15 10:59:24 +02:00
Tom Hvitved
c83a29c27f Ruby: Fix a bad join 
Before
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@22c05bb6 with tuple counts:
          212957   ~2195%    {1} r1 = JOIN _Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_Expr#6fb2af19::Expr::getConstantV__#shared WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1
        43862468   ~6045%    {2} r2 = JOIN r1 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0
        43862468   ~6581%    {2} r3 = JOIN r2 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        43844886  ~40661%    {2} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           15004   ~8295%    {3} r5 = JOIN r4 WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Rhs.1
           15004   ~8890%    {3} r6 = SCAN r5 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                             return r6
```

After
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@f6249cga with tuple counts:
         10237       ~0%    {3} r1 = JOIN locations_default_10#join_rhs WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
          4015       ~5%    {3} r2 = JOIN r1 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           825      ~96%    {3} r3 = JOIN r2 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           940       ~0%    {4} r4 = JOIN r3 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
        325402       ~0%    {4} r5 = JOIN r4 WITH Expr#6fb2af19::Expr::getConstantValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
        231819  ~133147%    {3} r6 = JOIN r5 WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.3, Lhs.1
        231819  ~138805%    {3} r7 = SCAN r6 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                            return r7
```
 2023-09-14 21:34:17 +02:00
Ian Lynagh
730480360e Merge pull request #14221 from igfoo/igfoo/gradle_seq 
Kotlin: Add more tests to the "gradle sequential" set
 2023-09-14 18:39:11 +01:00
Mathias Vorreiter Pedersen
8aeb9b9ae0 Merge pull request #14219 from MathiasVP/fix-phi-flow-2 
C++: Fix `phi`->`phi` flow
 2023-09-14 17:22:51 +01:00
Mathias Vorreiter Pedersen
b18de9e641 C++: Add a named base case predicate for 'dereferencedByOperation' that can be used in queries. 2023-09-14 17:12:58 +01:00
Ian Lynagh
e5ac7620e3 Kotlin: Add more tests to the "gradle sequential" set 2023-09-14 15:44:32 +01:00
AlexDenisov
ff7ff6dcfa Merge pull request #14201 from MathiasVP/add-ast-consistency-query 
C++: Add AST consistency query
 2023-09-14 16:34:20 +02:00
Robert Marsh
55546fe61c Merge pull request #14205 from rdmarsh2/rdmarsh2/swift/unify-array-collection-content 
Swift: Unify `ArrayContent` and `CollectionContent`
 2023-09-14 10:08:37 -04:00
Tom Hvitved
c0e600c515 Merge pull request #12672 from hvitved/ruby/implicit-array-reads-at-sinks 
Ruby: Allow for implicit array reads at all sinks during taint tracking
 2023-09-14 15:39:37 +02:00
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Mathias Vorreiter Pedersen
6ce7a56b41 Merge pull request #14190 from github/alexdenisov/await-inconsistencies 
Swift: fix CFG for identity expressions (await, dot_self, parent)
 2023-09-14 14:15:31 +01:00
Robert Marsh
62953cb250 Swift: document "ArrayElement" case in MaD 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-14 09:11:35 -04:00
Robert Marsh
6ad78eba05 Swift: ArrayContent aliased to CollectionContent 2023-09-14 13:08:36 +00:00
Mathias Vorreiter Pedersen
b0566af938 C++: Accept test changes. 2023-09-14 14:04:12 +01:00
Mathias Vorreiter Pedersen
36b7b6cffe C++: Fix phi-phi flow. 2023-09-14 14:02:03 +01:00
Mathias Vorreiter Pedersen
2a55034e55 C++: Add failing test. 2023-09-14 14:01:48 +01:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Michael Nebel
b9acf1a4ee Merge pull request #14111 from michaelnebel/csharp/reduceprojectrestore 
C#: Avoid explicitly restoring projects in solution files.
 2023-09-14 10:06:49 +02:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Erik Krogh Kristensen
111227e763 Merge pull request #14211 from erik-krogh/usingOutOfBounds 
JS: fix out of bounds string access in isUsingDecl
 2023-09-13 22:23:15 +02:00
Robert Marsh
20de4c625c Swift: autoformat DataFlowPrivate 2023-09-13 18:57:27 +00:00
Robert Marsh
86bd2168ec Swift: breaking change note for array content removal 2023-09-13 18:34:30 +00:00
Robert Marsh
0b66be5f07 Swift: restore ArrayElement as an alias for CollectionElement 2023-09-13 18:29:03 +00:00
Robert Marsh
43ca192ceb Swift: remove ArrayContent in UnsafeJsEvalQuery 2023-09-13 18:26:06 +00:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Geoffrey White
e109892388 Merge pull request #14189 from geoffw0/protocol2 
Swift: Consistent additional taint steps between the cleartext-* queries
 2023-09-13 18:44:20 +01:00
Chuan-kai Lin
00c83f185a Merge pull request #14182 from cklin/deprecate-assume-small-delta 
Document assume_small_delta deprecation
 2023-09-13 07:54:33 -07:00
Mathias Vorreiter Pedersen
18fa6f5d64 Merge pull request #14202 from alexet/translated-element-location 
CPP: Add a location to TranslatedElement to help with debugging IR creation
 2023-09-13 15:19:24 +01:00
Michael Nebel
84ec823ac0 C#: Add some explanatory comments about parallel restore. 2023-09-13 16:07:47 +02:00
Alex Ford
79c305c1a1 Merge pull request #14124 from alexrford/rb/dataflow-query-refactor 
Ruby: Use the new dataflow API for checked in queries
 2023-09-13 14:24:47 +01:00
Tom Hvitved
bb7ba7872f Merge pull request #14203 from hvitved/ruby/semantic-merge-fix 
Ruby: Fix semantic merge conflict
 2023-09-13 14:53:18 +02:00
Tom Hvitved
f15cbb9316 Ruby: Simplify viableSourceCallableNonInit 2023-09-13 14:25:28 +02:00
Max Schaefer
e722e3288f Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help 
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
 2023-09-13 13:20:48 +01:00
yoff
62b41799d2 Merge pull request #14178 from yoff/python/broaden-sql-injection-frameworks 
Python: import all frameworks in SQL-injection query
 2023-09-13 14:14:09 +02:00
Mathias Vorreiter Pedersen
177fcacf38 Merge pull request #14134 from MathiasVP/add-surprising-lifetimes-to-experimental 
C++: Copy the Coding Standards' use-after-lifetime-ended query to Experimental
 2023-09-13 13:06:18 +01:00
Tom Hvitved
f3a78efe03 Ruby: Fix semantic merge conflict 2023-09-13 14:04:20 +02:00
yoff
7d931492d8 Update python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-13 13:37:18 +02:00
Michael Nebel
0127b779b5 C#: Address review comments. 2023-09-13 13:31:58 +02:00
Alex Ford
b5ec99cb2f Ruby: fix missing qldoc 2023-09-13 12:28:19 +01:00
Mathias Vorreiter Pedersen
a0018c92e1 Merge pull request #14193 from MathiasVP/fully-converted-expressions-for-flow-after-free 
C++: Use fully converted expressions for `cpp/use-after-free` and `cpp/double-free`
 2023-09-13 12:24:23 +01:00
Alex Eyers-Taylor
0c10fa0c87 CPP: Add a location to TranslatedElement to help with debugging IR creation 2023-09-13 12:21:30 +01:00
Ian Lynagh
bd1d6e1d1e Merge pull request #14188 from igfoo/igfoo/kotlin-1.9.20 
Kotlin: Support 1.9.20
 2023-09-13 12:19:46 +01:00
Mathias Vorreiter Pedersen
0cd4e32ed8 C++: Add AST consistency query. 2023-09-13 12:15:40 +01:00
Erik Krogh Kristensen
cd5973764b Merge pull request #14112 from erik-krogh/pyAllowedHosts 
Py: add sanitizer guard for `url_has_allowed_host_and_scheme`
 2023-09-13 12:59:38 +02:00
Mathias Vorreiter Pedersen
af51a0a9ca C++: Respond to review comments. 2023-09-13 11:43:12 +01:00
Mathias Vorreiter Pedersen
81d20be1ee Update cpp/ql/src/experimental/Security/CWE/CWE-416/UseAfterExpiredLifetime.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-13 11:37:32 +01:00
Rasmus Wriedt Larsen
7292730391 Python: Add change-note 2023-09-13 11:55:48 +02:00
Rasmus Wriedt Larsen
f62c4108ef Python: Move url_has_allowed_host_and_scheme to Django.qll 2023-09-13 11:55:44 +02:00
Tom Hvitved
7400b4741e Merge pull request #14108 from hvitved/dataflow/more-consistency-checks 
Data flow: Add `ArgumentNode` consistency checks
 2023-09-13 11:30:51 +02:00