hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
50,804 Commits 1,740 Branches 165 Tags
7b596f4928922b535db331d405efb99c357702ee
Commit Graph

50804 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Paolo Tranquilli
1a19909abf Merge pull request #12373 from github/redsun82/swift-qldoc 
Swift: turn on QLdoc check
 2023-03-03 08:26:39 +01:00
Geoffrey White
764a52354e Merge pull request #12367 from geoffw0/nsstring2 
Swift: Additional NSString taint test cases
 2023-03-02 15:56:15 +00:00
Paolo Tranquilli
162b995428 Swift: turn on QLdoc check 2023-03-02 16:16:12 +01:00
Mathias Vorreiter Pedersen
a1a2d7c469 Merge pull request #12355 from geoffw0/splittest 
Swift: Split the taint flow test.
 2023-03-02 12:53:07 +00:00
Michael B. Gale
fd9b279ef9 Merge pull request #12217 from github/mbg/csharp/tsp-support 2023-03-02 11:47:30 +00:00
Geoffrey White
730532f96a Swift: Add some (limited) test coverage for NSString <-> Data conversion. 2023-03-02 10:33:57 +00:00
Geoffrey White
1332309f59 Swift: Add some (limited) test coverage for String <-> NSString conversions. 2023-03-02 10:33:57 +00:00
Arthur Baars
9e5ef9cf9d Merge pull request #12216 from aibaars/diagnostics-2 
Ruby: improve diagnostic messages
 2023-03-02 10:30:58 +01:00
Tony Torralba
7705d5f513 Merge pull request #12357 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-03-02 09:30:38 +01:00
Michael Nebel
2525ac3dd2 C#: Use dependency injection in the auto builder for Diagnostic classifier. 2023-03-02 09:18:56 +01:00
github-actions[bot]
3b9de22af9 Add changed framework coverage reports 2023-03-02 00:18:47 +00:00
Geoffrey White
8e069b7686 Swift: Split the taint flow test. 2023-03-01 20:45:46 +00:00
yoff
65acf16ecc Merge pull request #12320 from yoff/python/document-api-call-node 
Python: Document `API::CallNode`
 2023-03-01 20:19:30 +01:00
Geoffrey White
bf6f6eec34 Merge pull request #12225 from geoffw0/nsstring 
Swift: Taint models for NSString
 2023-03-01 16:30:06 +00:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Geoffrey White
f8079056ec Swift: Fix test on Linux. 2023-03-01 15:47:30 +00:00
Michael B. Gale
93a45fce5e Simplify DiagnosticClassifier in CSharpAutobuilder 2023-03-01 14:58:49 +00:00
AlexDenisov
fed504c1d0 Merge pull request #12348 from github/alexdenisov/extract-emission-body-decisions 
Swift: move decision making out of dispatcher. NFC
 2023-03-01 15:18:44 +01:00
Alex Denisov
8194fe3743 Swift: do not make module depend on itself for linkage awareness 2023-03-01 14:30:06 +01:00
Paolo Tranquilli
37438599de Merge branch 'main' into alexdenisov/extract-emission-body-decisions 2023-03-01 13:47:12 +01:00
Paolo Tranquilli
c0f9b111a0 Merge pull request #12347 from github/alexdenisov/move-location-extraction 
Swift: move location extraction logic into a separate class. NFC
 2023-03-01 13:46:52 +01:00
Arthur Baars
2c611d3fef Address review comments 2023-03-01 13:30:02 +01:00
Michael Nebel
2db588f72e Merge pull request #12322 from michaelnebel/csharp/operatorexplicitinterface 
C# 11: Support for explicit interface implementations of operators.
 2023-03-01 12:55:21 +01:00
Erik Krogh Kristensen
64dad3db8a Merge pull request #12333 from kaspersv/kaspersv/fix-join-order 
ReflectedXss: Prevent bad join order
 2023-03-01 12:48:30 +01:00
AlexDenisov
5701798f1c Merge branch 'main' into alexdenisov/move-location-extraction 2023-03-01 12:24:41 +01:00
AlexDenisov
bb8d195607 Merge pull request #12337 from github/alexdenisov/extract-mangler 
Swift: extract mangler into a separate class. NFC
 2023-03-01 12:23:24 +01:00
Alex Denisov
def9831180 Swift: move decision making out of dispatcher 2023-03-01 12:02:58 +01:00
Alex Denisov
b1aef82117 Swift: move location extraction logic into a separate class 2023-03-01 11:32:50 +01:00
Tom Hvitved
16fa8b2914 Merge pull request #12051 from hmac/actioncontroller-filter-flow-steps 
Ruby: flow steps for ActionController filters
 2023-03-01 10:51:09 +01:00
Michael Nebel
ad5a45e465 C#: Add change note. 2023-03-01 10:42:29 +01:00
Michael Nebel
477b4566ed C#: Update expected test output. 2023-03-01 10:42:29 +01:00
Michael Nebel
f209eed91c C#: Extractor- and library support for explicit interface implementations for operators. 2023-03-01 10:42:28 +01:00
Michael Nebel
51be175111 C#: Add public members testcase and expected output. 2023-03-01 10:42:28 +01:00
Michael Nebel
363dd49a3c C#: Add explicit interface implementation examples and update expected test output. 2023-03-01 10:42:28 +01:00
Michael Nebel
0dc6ada616 Merge pull request #12234 from michaelnebel/csharp/filescopedtypes 
C# 11: Support for `file` scoped types.
 2023-03-01 10:39:46 +01:00
Geoffrey White
b6db0de437 Swift: Add inline expectation results. 2023-03-01 09:26:30 +00:00
Geoffrey White
228c0e221d Merge branch 'main' into nsstring 2023-03-01 09:12:36 +00:00
Geoffrey White
11e0efee68 Merge pull request #12308 from geoffw0/taintplusequals2 
Swift: Model assignment operators (+= etc)
 2023-03-01 09:02:29 +00:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Tony Torralba
4e7dbbf5f0 Add stubs 2023-03-01 09:48:33 +01:00
Tom Hvitved
92359e539b Fix another bad join 
Before
```
[2023-03-01 08:19:51] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 in 6751ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 with tuple counts:
         3872025  ~3%    {2} r1 = JOIN _CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_DataFlowPrivate#462ff392::Cached::TExprNode#ff#shared WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         3637917  ~0%    {2} r2 = JOIN r1 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          679799  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Method#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
         3069328  ~0%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        22039083  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10051483  ~0%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~5%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10057538  ~5%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::SelfVariableAccessCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~0%    {3} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10033937  ~1%    {3} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           83281  ~2%    {2} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                         return r11
```

After
```
[2023-03-01 08:31:20] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q in 161ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q with tuple counts:
         23680  ~2%    {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0
         23680  ~2%    {1} r2 = STREAM DEDUP r1
         23680  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.0
         54790  ~4%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        202490  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         98332  ~5%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         83491  ~1%    {2} r7 = JOIN r6 WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
         83584  ~0%    {2} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83584  ~0%    {2} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83265  ~2%    {2} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                       return r10
```
 2023-03-01 08:34:07 +01:00
Aditya Sharad
aa6c60abfc Merge pull request #12342 from github/codeql-cli-2.12.3-mergeback 
Mergeback: codeql-cli-2.12.3 into main
 2023-02-28 10:30:51 -08:00
Felicity Chapman
6224d6ce31 Merge branch 'codeql-cli-2.12.3' into codeql-cli-2.12.3-mergeback 2023-02-28 17:08:49 +00:00
Michael B. Gale
49039246e1 Apply ql-for-ql suggestion 2023-02-28 15:55:50 +00:00
Michael B. Gale
f22c86442e Fix expected test output for Windows tests 2023-02-28 15:53:52 +00:00
Michael B. Gale
fea29d5172 Refactor to avoid public setters 2023-02-28 15:22:36 +00:00
Erik Krogh Kristensen
f3f5f6eacf Merge pull request #12190 from erik-krogh/fix-erb 
JS: Actually extract `.html.erb` files.
 2023-02-28 16:11:32 +01:00
Felicity Chapman
770326e770 Merge pull request #12321 from github/fc-7775-docs-update 
CodeQL extension for VS Code docs update
 2023-02-28 14:59:46 +00:00
Alex Denisov
97d5401118 Swift: extract mangler into a separate class 2023-02-28 15:29:44 +01:00