hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,866 Commits 1,703 Branches 162 Tags
9f905497a56b9294f85dbb76388f24f040304cda
Commit Graph

58866 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
9f905497a5 Java: Add support for additional read and store steps and additional nodes. 2023-09-21 15:05:30 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
13f7daf71e Merge pull request #13982 from aschackmull/dataflow/typeflow-calledge-pruning 
Dataflow: Add type-based call-edge pruning.
 2023-09-21 13:33:08 +02:00
Anders Schack-Mulligen
3dadfa2243 Dataflow: review fixes 2023-09-21 11:52:41 +02:00
Mathias Vorreiter Pedersen
3d8231be1b Merge pull request #14269 from MathiasVP/add-getParameter-to-parameter-node 2023-09-21 09:20:57 +01:00
Tamás Vajk
40bf5c17fb Merge pull request #14273 from tamasvajk/standalone/remove-runtime-nuget-packages 
C#: Remove platform-specific runtime nuget packages from the reference list in Standalone
 2023-09-21 09:50:10 +02:00
Erik Krogh Kristensen
0783d7b271 Merge pull request #14278 from github/dependabot/cargo/ql/rayon-1.8.0 
Bump rayon from 1.7.0 to 1.8.0 in /ql
 2023-09-21 08:30:41 +02:00
Tamás Vajk
011391bd27 Merge pull request #14243 from tamasvajk/parallelize-restore 
C#: Parallelize restore logic of missing packages
 2023-09-21 08:04:27 +02:00
dependabot[bot]
d0554a05f9 Bump rayon from 1.7.0 to 1.8.0 in /ql 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.7.0 to 1.8.0.
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.7.0...rayon-core-v1.8.0)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-21 03:10:09 +00:00
Tamas Vajk
d29585c8b7 C#: Remove platform-specific runtime nuget packages from the reference list in Standalone 2023-09-20 15:24:01 +02:00
Anders Schack-Mulligen
d285afba08 Typetracking: minor perf fix. 2023-09-20 14:52:49 +02:00
Tom Hvitved
455cde2f64 Merge pull request #14267 from hvitved/ruby/fix-join 
Ruby: Fix bad join
 2023-09-20 13:49:51 +02:00
Chris Smowton
07dbad509c Merge pull request #14265 from phillmv/patch-1 
s/Replace/ReplaceAll/ in LogInjectionGood.go
 2023-09-20 11:06:15 +01:00
Chris Smowton
a8afa05b1d Correct ReplaceAll params 
ReplaceAll doesn't take a count argument
 2023-09-20 10:00:53 +01:00
Mathias Vorreiter Pedersen
22d66b6d81 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2023-09-20 09:56:10 +01:00
Mathias Vorreiter Pedersen
fb1ce2ab70 C++: Lift 'getParameter' to 'ParameterNode'. 2023-09-20 09:51:35 +01:00
Rasmus Wriedt Larsen
8e864ab84a Merge pull request #14262 from RasmusWL/dataflow-labeler 
Misc: Update auto labeler for shared dataflow pack
 2023-09-20 10:26:44 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Anders Schack-Mulligen
d7e965f863 Dataflow: Add lightweight api based on TypeTracking. 2023-09-20 10:21:21 +02:00
Anders Schack-Mulligen
d7bd8c7ffd Shared/TypeTracking: Add support for flow from non-LocalSourceNode source and bugfix in smallstep. 2023-09-20 10:19:33 +02:00
Tom Hvitved
1442bddf36 Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@3c903abq with tuple counts:
          280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
          280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          103843  ~5%    {3} r4 = JOIN r3 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        19665045  ~0%    {3} r5 = JOIN r4 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
        19497860  ~0%    {3} r6 = JOIN r5 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        19496808  ~0%    {3} r9 = JOIN r8 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, true, In.1, In.2
           49434  ~7%    {3} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3
             117  ~4%    {3} r12 = JOIN r11 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
               0  ~0%    {1} r13 = JOIN r12 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 2 OUTPUT Lhs.2
                         return r13
```

After
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@137a23jm with tuple counts:
        280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
        280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        102517  ~1%    {2} r4 = JOIN r3 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r5 = JOIN r4 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r6 = JOIN r5 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        102378  ~0%    {2} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~0%    {3} r8 = SCAN r7 OUTPUT In.0, true, In.1
          7417  ~5%    {2} r9 = JOIN r8 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
            22  ~0%    {2} r10 = JOIN r9 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r11 = JOIN r10 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r12 = JOIN r11 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             0  ~0%    {1} r13 = JOIN r12 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0
                       return r13
```
 2023-09-20 09:51:15 +02:00
Phill MV
11218f79c6 s/Replace/ReplaceAll/ in LogInjectionGood.go 2023-09-19 14:43:54 -04:00
Geoffrey White
8354439d8d Merge pull request #14263 from geoffw0/typos 
CPP / Swift: Typos
 2023-09-19 18:02:33 +01:00
Geoffrey White
a3579f6e38 Merge branch 'main' into typos 2023-09-19 16:44:13 +01:00
Owen Mansel-Chan
650d8069f6 Merge pull request #14131 from omahs/patch-1 
Docs: fix minor typos
 2023-09-19 15:53:07 +01:00
Geoffrey White
935b7600ca Swift: Fix typos. 2023-09-19 15:19:00 +01:00
Geoffrey White
8a0e202b63 CPP: Fix typos. 2023-09-19 15:18:03 +01:00
Rasmus Wriedt Larsen
cc30c062b8 Misc: Update auto labeler for shared dataflow pack 2023-09-19 16:08:43 +02:00
Mathias Vorreiter Pedersen
2ae342c5c1 Merge pull request #14258 from MathiasVP/explicit-size_t 
C++: Use `size_t` explicitly in CWE-193 tests
 2023-09-19 14:50:54 +01:00
Tom Hvitved
7c2df87ea2 Merge pull request #14247 from hvitved/dataflow/fix-consitency-checks 
Data flow: Fix two consistency checks
 2023-09-19 15:45:21 +02:00
omahs
473f17c0e6 fix typo 2023-09-19 14:39:49 +01:00
omahs
884f41b6f0 fix typo 2023-09-19 14:39:49 +01:00
omahs
278d0fb798 fix typo 2023-09-19 14:39:49 +01:00
omahs
f58dd7303c fix typo 2023-09-19 14:39:49 +01:00
Tamas Vajk
c78cd73edf Refactor process starting and stdout and stderr reading 2023-09-19 15:20:09 +02:00
Mathias Vorreiter Pedersen
7ef5971337 C++: Use 'size_t' explicitly in test. 2023-09-19 13:58:08 +01:00
Tamas Vajk
edc93dfeb7 Add managed thread ID to extractor log messages 2023-09-19 14:56:27 +02:00
Mathias Vorreiter Pedersen
9b35202d21 Merge pull request #14249 from MathiasVP/fix-malloc-decl-in-test 
C++: Fix the declaration of `malloc` in test
 2023-09-19 13:53:23 +01:00
Tamas Vajk
dfd7f1e78b C#: Parallelize restore logic of missing packages 2023-09-19 14:43:23 +02:00
Michael Nebel
fc3bc95147 Merge pull request #14218 from michaelnebel/csharp/dotnetdotnet 
Lua: Tracing of `dotnet dotnet`.
 2023-09-19 13:21:34 +02:00
Michael Nebel
43cdbf2f86 Merge pull request #14142 from michaelnebel/csharp/dotnetunittests 
C#: Re-factor Dotnet.cs to enable unit testing.
 2023-09-19 13:19:44 +02:00
Owen Mansel-Chan
45484c78e8 Merge pull request #14057 from data-douser/data-douser-patch-1 
Update codeql-library-for-go.rst
 2023-09-19 11:34:44 +01:00
Mathias Vorreiter Pedersen
8906a37989 Merge pull request #14250 from MathiasVP/reduce-dataflow-duplication-for-allocations 
C++: Reduce dataflow duplication for allocations
 2023-09-19 11:18:20 +01:00
Anders Schack-Mulligen
42054539f4 Dataflow: Minor review fixes. 2023-09-19 12:12:15 +02:00
Alexander Eyers-Taylor
1f4a5301cd Merge pull request #14242 from alexet/simplify-ir-guards 
CPP: Simplify some code in IRGuards.
 2023-09-19 10:35:09 +01:00
yoff
811a7d0671 Merge pull request #14248 from RasmusWL/debug-queries 
Python: Add debug queries
 2023-09-19 11:27:27 +02:00
Michael Nebel
a3da11a962 C#: Rename DotNetCliWrapper to DotNet. 2023-09-19 11:12:36 +02:00
Michael Nebel
6c0afab0aa C#: Rename DotnetVersion to DotNetVersion. 2023-09-19 11:03:26 +02:00
Michael Nebel
31327f4f73 C#: Only access the DotNetCliWrapper using the IDotNet interface. 2023-09-19 11:03:26 +02:00
Michael Nebel
1fd85f4fe3 C#: Rename DotNet to DotNetCliWrapper. 2023-09-19 11:03:26 +02:00