hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,805 Commits 1,673 Branches 157 Tags
708f6b51f391fd9488bc510c4e9ad42cc4762f15
Commit Graph

44805 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Asger F
9bbbece8a7 Merge pull request #10670 from tyage/property-stringify 
JS: Improve detection of XSS when JSON.stringify()
 2022-10-10 18:16:09 +02:00
Chris Smowton
5756a33604 Merge pull request #10737 from smowton/smowton/fix/type-instance-within-default-value-erasure 
Kotlin: fix type variable erasure inside default function values
 2022-10-10 16:31:07 +01:00
Tamás Vajk
70b8224a8b Merge pull request #10723 from tamasvajk/kotlin-generated-files 
Kotlin: Recognize generated files
 2022-10-10 16:24:42 +02:00
Asger F
b1a165ee98 JS: Edit change note 2022-10-10 16:08:21 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
Chris Smowton
dfdfd39bcc Merge pull request #10732 from smowton/smowton/fix/kotlin-enum-corresponding-classes 
Koltin: Extract the corresponding classes of enum entries
 2022-10-10 15:04:02 +01:00
Arthur Baars
b597896bf2 Merge pull request #10753 from aibaars/fix-qhelp-job 
CI: fix qhelp preview
 2022-10-10 15:44:17 +02:00
Arthur Baars
f7203bfcb8 CI: fix qhelp preview 
The command to gather the changed files uses NULL character terminated "lines",
therefore we should supply the `-z` flag to `basename` as well. Otherwise we
end up calling `git grep -l "\n"` which would list all files containing a newline.
 2022-10-10 15:27:48 +02:00
Rasmus Wriedt Larsen
13cb4f9241 Merge pull request #10750 from RasmusWL/pyhton-typo 
Python: Fix typo in qldoc
 2022-10-10 15:11:09 +02:00
Erik Krogh Kristensen
8cc52a4b55 Merge pull request #10704 from erik-krogh/rbMeta 
RB: add some more meta queries for Ruby evaluations
 2022-10-10 14:57:37 +02:00
Tamas Vajk
544e2e4107 Remove path based generated file classification 2022-10-10 14:42:15 +02:00
Geoffrey White
fd571538fb Merge pull request #10706 from geoffw0/vaheuristic 
C++: Tune cpp/unterminated-variadic-call
 2022-10-10 13:39:40 +01:00
Tom Hvitved
60fe370f2a Merge pull request #10744 from hvitved/dataflow/has-flow-to-no-fast-tc 
Data flow: Avoid call to `pathSuccPlus` in `Configuration::hasFlowTo(Expr)`
 2022-10-10 14:02:39 +02:00
Tom Hvitved
099251a30a Merge pull request #10741 from hvitved/ruby/no-full-fast-tc 
Ruby: Avoid computing full `fastTC` for `AstNode::getParent`
 2022-10-10 14:01:56 +02:00
Tamás Vajk
1cf2db1a0b Merge pull request #10718 from tamasvajk/kotlin-internal-repr 
Kotlin: ignore properties in `java/internal-representation-exposure` check
 2022-10-10 13:58:55 +02:00
Tamás Vajk
87b971c78f Merge pull request #10728 from tamasvajk/kotlin-missing-override-sam 
Kotlin: Extract `override` modifier on SAM methods
 2022-10-10 13:58:28 +02:00
Tamás Vajk
cd8ac1a835 Merge pull request #10720 from tamasvajk/kotlin-equals-fix 
Kotlin: Consider `::class` type check in `java/unchecked-cast-in-equals`
 2022-10-10 13:58:15 +02:00
Rasmus Wriedt Larsen
08d6b2f30a Python: Fix typo in qldoc 2022-10-10 13:46:18 +02:00
Tom Hvitved
9f2f6ac491 Merge pull request #10745 from hvitved/ruby/cache-library-flow 
Ruby: Cache use of `DataFlowImplFor(Pathname|HttpClientLibraries)`
 2022-10-10 13:08:36 +02:00
erik-krogh
38c17c5d0c Merge branch 'main' into rbMeta 2022-10-10 12:22:56 +02:00
Geoffrey White
059864587e C++: Add 'mremap' to whitelist. 2022-10-10 11:00:18 +01:00
Rasmus Wriedt Larsen
4b1f6f0865 Merge pull request #10629 from RasmusWL/fix-flask-source 
Python: Fix flask request modeling
 2022-10-10 09:56:22 +02:00
Tom Hvitved
efa6b3c0c6 Ruby: Cache uses of DataFlowImplForHttpClientLibraries 2022-10-09 19:59:56 +02:00
Tom Hvitved
9f34bf80fd Ruby: Cache use of DataFlowImplForPathname 2022-10-09 19:59:05 +02:00
Tom Hvitved
296ec94a2a Data flow: Sync files 2022-10-09 19:48:45 +02:00
Tom Hvitved
d1c8c40c17 Data flow: Avoid call to pathSuccPlus in Configuration::hasFlowTo(Expr) 2022-10-09 19:48:44 +02:00
Tom Hvitved
02192acd5f Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Synthesis#d9ff06b1::Desugared::getADescendant#0#dispred#ff(/* Synthesis::Desugared */ AST#87953007::Cached::TAstNode this,
                                                           /* AST::AstNode */ AST#87953007::Cached::TAstNode result)
:-
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    result = this
  );
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(this, result)
  )
.
```

DIL after
```
incremental
Synthesis#d9ff06b1::Desugared::getADescendant#ff(/* Synthesis::Desugared */ AST#87953007::Cached::TAstNode this,
                                                 /* AST::AstNode */ AST#87953007::Cached::TAstNode result)
:-
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    result = this
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, call_result#2),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, _, result)
    )
  )
| [base_case]
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
  ),
  result = this
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    delta previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this,
                                                                        call_result#2),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, result)
  ),
  not(
    previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, result)
  )
| [delta_order_up_to_500000]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    delta previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this,
                                                                        call_result#2),
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, result)
  ),
  not(
    previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, result)
  )
.
```
 2022-10-09 11:12:24 +02:00
Tom Hvitved
d39b0fd3f4 Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Synthesis#d9ff06b1::isInDesugaredContext#1#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode n)
:-
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, call_result#2)
    ),
    #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(call_result#2, n)
  )
.
```

DIL after
```
incremental
Synthesis#d9ff06b1::isInDesugaredContext#1#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode n)
:-
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode any#expr##2 |
    rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(any#expr##2),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(any#expr##2, _, n)
    )
  )
| [base_case]
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  )
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode any#expr##2 |
    delta previous rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(any#expr##2),
    project#AST#a6718388::AstNode::getAChild#1#dispred(any#expr##2, n)
  ),
  not(previous rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(n))
.
``
 2022-10-09 11:11:48 +02:00
Tom Hvitved
262a74d03d Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Completion#445d5844::mayRaise#1#f(/* Call::Call */ unique AST#87953007::Cached::TAstNode c)
:-
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
      (
        (
          project#Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst),
          ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
        );
        (
          exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
            Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
          ),
          ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
        )
      ),
      ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
      project#ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                                  call_result#2)
    ),
    (
      (c = call_result#2, Call#841c84e8::Call#f(c));
      (
        #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(call_result#2, c),
        Call#841c84e8::Call#f(c)
      )
    )
  )
.
```

DIL after
```
incremental
Completion#445d5844::getARescuableBodyChild#0#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode result)
:-
  exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
    (
      (
        exists(dontcare int _,
               /* Expr::RescueClause */ dontcare AST#87953007::Cached::TAstNode _1 |
          Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst, _, _1)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      );
      (
        exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
          Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      )
    ),
    ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
    exists(boolean arg2, dontcare int _ |
      arg2 = true,
      ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                          _,
                                                                                          arg2,
                                                                                          result)
    )
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#5 |
    rec Completion#445d5844::getARescuableBodyChild#0#f(call_result#5),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(call_result#5, _, result)
    )
  )
| [base_case]
  exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
    (
      (
        project#Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      );
      (
        exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
          Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      )
    ),
    ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
    project#ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                                result)
  )
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#5 |
    delta previous rec Completion#445d5844::getARescuableBodyChild#0#f(call_result#5),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#5, result)
  ),
  not(previous rec Completion#445d5844::getARescuableBodyChild#0#f(result))
.
```
 2022-10-09 11:10:39 +02:00
Tom Hvitved
d707c526e5 Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                  /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(Module#fe82a56b::parent#1#ff/2)
.

Module#fe82a56b::enclosingModule#1#ff(/* AST::AstNode */ AST#87953007::Cached::TAstNode node,
                                      /* Module::ModuleBase */ AST#87953007::Cached::TAstNode result)
:-
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    Module#2a43f566::ModuleBase#f(result),
    project#AST#a6718388::AstNode::getAChild#1#dispred(result, call_result#2),
    (
      node = call_result#2;
      #Module#fe82a56b::parent#1Plus#ff(node, call_result#2)
    )
  )
.
```

DIL after
```
incremental
Module#fe82a56b::enclosingModule#1#ff(/* AST::AstNode */ AST#87953007::Cached::TAstNode node,
                                      /* Module::ModuleBase */ AST#87953007::Cached::TAstNode result)
:-
  (
    Module#2a43f566::ModuleBase#f(result),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(result, _, node)
    )
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    Module#2a43f566::ModuleBase#f(result),
    rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(mid, _, node)
    )
  )
| [base_case]
  Module#2a43f566::ModuleBase#f(result),
  project#AST#a6718388::AstNode::getAChild#1#dispred(result, node)
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    Module#2a43f566::ModuleBase#f(result),
    delta previous rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    project#AST#a6718388::AstNode::getAChild#1#dispred(mid, node)
  ),
  not(previous rec Module#fe82a56b::enclosingModule#1#ff(node, result))
| [delta_order_up_to_500000]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    delta previous rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    Module#2a43f566::ModuleBase#f(result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    project#AST#a6718388::AstNode::getAChild#1#dispred(mid, node)
  ),
  not(previous rec Module#fe82a56b::enclosingModule#1#ff(node, result))
.
```
 2022-10-09 11:10:33 +02:00
Chris Smowton
5cadd3c0e6 Merge pull request #10712 from smowton/smowton/admin/kotlin-allow-single-embeddable-version 
Kotlin: allow building a single embeddable plugin version
 2022-10-07 20:33:06 +01:00
Jami
bb0f2f7d36 Merge pull request #10368 from jcogs33/android-deeplink-analysis 
Java: Android deeplink analysis
 2022-10-07 14:32:05 -04:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
Chris Smowton
5dcb70e482 Make method private 2022-10-07 18:10:52 +01:00
Chris Smowton
9c0cdfde6b Note store_true params default to False not None 2022-10-07 18:02:32 +01:00
Chris Smowton
68967c40bc Remove whitespace 2022-10-07 17:49:51 +01:00
Chris Smowton
85f92ff80a Require --single-version with --single-version-embeddable 2022-10-07 17:49:03 +01:00
Chris Smowton
bef4011947 Kotlin: fix type variable erasure inside default function values 
Previously because extractClassInstance didn't use the declaration stack, we wouldn't notice that it was legal to refer to its type variable in the context of extracting a specialised method <-> method source-decl edge. This led to erasing the types of the source-decl, so that e.g. Map.put(...) would have signature (Object, Object) not (K, V)
as it should.
 2022-10-07 17:31:38 +01:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
Ian Lynagh
b4510200b4 Merge pull request #10734 from github/smowton/fix/move-overloads-together 
Kotlin: keep method overloads together
 2022-10-07 16:02:38 +01:00
Erik Krogh Kristensen
dd50fe3c10 Merge pull request #10726 from erik-krogh/go-last-msg 
Go: fix some more style-guide violations in the alert-messages
 2022-10-07 16:16:29 +02:00
Chris Smowton
115d4de0e0 Kotlin: keep method overloads together 2022-10-07 13:50:27 +01:00
Nick Rolfe
4d75d885cb Merge pull request #10733 from github/nickrolfe/deprecated_paramscall_fix 
Ruby: fix use of deprecated class
 2022-10-07 13:45:07 +01:00
Mathias Vorreiter Pedersen
be95b91878 Merge pull request #10725 from erik-krogh/cpp-last-msg 
C: fix some more style-guide violations in the alert-messages
 2022-10-07 13:22:06 +01:00
Nick Rolfe
a6674a5313 Ruby: fix uses of deprecated class name 2022-10-07 13:17:05 +01:00
Erik Krogh Kristensen
e8b9dc2e83 Merge pull request #10724 from erik-krogh/csharp-last-msg 
C#: fix some more style-guide violations in the alert-messages
 2022-10-07 13:48:23 +02:00
erik-krogh
99b7c77abc add change-note 2022-10-07 13:44:36 +02:00
Tom Hvitved
b065d2d3ab Merge pull request #10705 from hvitved/ruby/singleton-overrides 
Ruby: Take overrides into account for singleton methods defined on modules
 2022-10-07 13:33:59 +02:00