hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,005 Commits 1,673 Branches 157 Tags
a8a2c9e212a7890a105f2bc343d52ef639dc112f
Commit Graph

43005 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Denisov
a8a2c9e212 Swift: CWE-757: update severity 2022-09-08 10:40:16 +02:00
Alex Denisov
d455a557be Swift: CWE-757: update docs and user facing text 2022-09-08 10:31:23 +02:00
Alex Denisov
d18ad665b6 Swift: CWE-757: Insecure TLS configuration 2022-09-08 09:34:04 +02:00
Anders Schack-Mulligen
95a9faf1f9 Merge pull request #10327 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-09-07 09:27:32 +02:00
Tamás Vajk
b1e0d73de8 Merge pull request #10297 from tamasvajk/kotlin-fix-kotlin-to-java-fn-names 
Kotlin: Lookup getter methods based on special JVM method mapping
 2022-09-07 08:56:19 +02:00
Tom Hvitved
987870bb62 Merge pull request #10315 from hvitved/ruby/parameter-match-join 
Ruby: Fix bad join in `parameterMatch`
 2022-09-07 08:43:15 +02:00
github-actions[bot]
6f4806361b Add changed framework coverage reports 2022-09-07 00:18:47 +00:00
Taus
3bb7e28712 Merge pull request #10176 from RasmusWL/import-problem 
Python: Add testcase for import problem
 2022-09-06 18:12:37 +02:00
Tony Torralba
ff731f1d83 Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries 
Java: Add summaries for ContentResolver and adjacent classes
 2022-09-06 16:28:28 +02:00
Tony Torralba
c0dd9dd5d5 Merge pull request #10249 from atorralba/atorralba/regex-dot-bypass-docs 
Java: Documentation fixes in the "Permissive dot regex" experimental query
 2022-09-06 16:18:35 +02:00
Anders Schack-Mulligen
b84dca92cf Merge pull request #10240 from aschackmull/java/scc-typeflow 
Java: Support SCCs in TypeFlow.
 2022-09-06 15:43:20 +02:00
Geoffrey White
d1867b9716 Merge pull request #10284 from geoffw0/stringlengthcleanup 
Swift: Improve swift/string-length-conflation
 2022-09-06 14:07:02 +01:00
Tom Hvitved
f448965953 Merge pull request #10294 from hvitved/csharp/integration-tests 
C#: Add `dotnet build` integration test
 2022-09-06 14:35:17 +02:00
Anders Schack-Mulligen
6ffaa6918a Apply suggestions from code review 2022-09-06 14:11:48 +02:00
Anders Schack-Mulligen
bc57d87303 Java: Address comments. 2022-09-06 13:59:54 +02:00
Tom Hvitved
0353b3ebfc Merge pull request #10308 from github/rc/3.7 
Merge `rc/3.7` into `main`
 2022-09-06 13:32:00 +02:00
Tamas Vajk
57f50725ba Revert formatting change 2022-09-06 13:28:38 +02:00
Tamas Vajk
bbf4563cfe Apply review findings 2022-09-06 13:25:12 +02:00
Tom Hvitved
b2c38b37de Merge pull request #10296 from hvitved/ruby/call-graph-missing-singletons 
Ruby: Add missing edges to the call graph for singleton methods
 2022-09-06 13:23:24 +02:00
Tom Hvitved
66df44f8c9 Merge pull request #10310 from hvitved/csharp/docs/shared-compilation 
Docs: No longer mention required `/p:UseSharedCompilation=false`
 2022-09-06 13:20:59 +02:00
Tom Hvitved
8b8a662c76 Ruby: Fix bad join in parameterMatch 
Before
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@281bdfu5 with tuple counts:
        23338949   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           65011   ~0%    {2} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
           65010   ~0%    {2} r3 = r2 AND NOT DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f(Lhs.1)

        23338949   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

             359   ~3%    {2} r5 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             358   ~3%    {2} r6 = r5 AND NOT DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f(Lhs.0)

           65368   ~0%    {2} r7 = r3 UNION r6

           65011   ~0%    {2} r8 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r9 = JOIN r8 WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~0%    {2} r10 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r11 = JOIN r10 WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~3%    {2} r12 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r13 = JOIN r12 WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

               2   ~0%    {2} r14 = r11 UNION r13
               3   ~0%    {2} r15 = r9 UNION r14
           65371   ~0%    {2} r16 = r7 UNION r15

           65011   ~0%    {2} r17 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
            1645   ~1%    {2} r18 = JOIN r17 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0

             359   ~0%    {2} r19 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             320   ~0%    {2} r20 = JOIN r19 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1

            1965   ~1%    {2} r21 = r18 UNION r20

        20803520   ~1%    {3} r22 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
             320   ~0%    {2} r23 = JOIN r22 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

         2145363   ~0%    {3} r24 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
              33   ~0%    {2} r25 = JOIN r24 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

           65011   ~0%    {3} r26 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           63361   ~0%    {4} r27 = JOIN r26 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
           63360   ~0%    {4} r28 = SELECT r27 ON In.3 >= In.2
           63360   ~0%    {2} r29 = SCAN r28 OUTPUT In.0, In.1

           63393   ~0%    {2} r30 = r25 UNION r29
           63713   ~0%    {2} r31 = r23 UNION r30
           65678   ~0%    {2} r32 = r21 UNION r31
          131049   ~0%    {2} r33 = r16 UNION r32
                          return r33
```

After
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@698b99ci with tuple counts:
             1   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             1   ~0%    {2} r2 = JOIN DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             2   ~0%    {2} r3 = r1 UNION r2

             1   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

         65010   ~0%    {2} r5 = JOIN DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f WITH DataFlowDispatch#36b84300::argumentPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           358   ~3%    {2} r6 = JOIN DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f WITH DataFlowDispatch#36b84300::parameterPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

         65368   ~0%    {2} r7 = r5 UNION r6
         65369   ~0%    {2} r8 = r4 UNION r7
         65371   ~0%    {2} r9 = r3 UNION r8

          1645   ~1%    {2} r10 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.1

           320   ~0%    {2} r11 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0

          1965   ~1%    {2} r12 = r10 UNION r11

            33   ~0%    {2} r13 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

           320   ~0%    {2} r14 = JOIN DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

         63361   ~1%    {4} r15 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
         63360   ~1%    {4} r16 = SELECT r15 ON In.2 >= In.0
         63360   ~0%    {2} r17 = SCAN r16 OUTPUT In.1, In.3

         63680   ~0%    {2} r18 = r14 UNION r17
         63713   ~0%    {2} r19 = r13 UNION r18
         65678   ~0%    {2} r20 = r12 UNION r19
        131049   ~0%    {2} r21 = r9 UNION r20
                        return r21
```
 2022-09-06 13:02:36 +02:00
Erik Krogh Kristensen
c76b6d1782 Merge pull request #10309 from erik-krogh/leftoverTodo 
JS: fix leftover todo in js/insecure-temporary-file
 2022-09-06 12:31:29 +02:00
Taus
810568cf02 Merge pull request #10171 from RasmusWL/variable-accesss 
Python: Fixes for variable access
 2022-09-06 12:18:37 +02:00
Tony Torralba
b94e0d3e69 Merge pull request #10251 from atorralba/atorralba/implicit-pendingintent-sinks 
Java: Add new AlarmManager sinks to Use of implicit PendingIntents
 2022-09-06 11:31:27 +02:00
Tom Hvitved
eff3747eb9 Docs: No longer mention required /p:UseSharedCompilation=false 2022-09-06 10:13:29 +02:00
Rasmus Wriedt Larsen
07457b2b5f Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
d708abfc80 Python: Accept more .expected changes 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
c9cd809ef2 Python: Add change-note 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
e979dffc08 Python: Fix variable access from extractor-change 
These changes are from internal PR.
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
985e87ccde Python: Add variable scope example with subclass 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
0e3d520712 Python: Add variables regression test 
As illustrated when running the python file, the non qualified reads in
the `use` method all refer to the global variables, whereas `ex =
func(baz)` are to the things defined on the class.

The important part of the .expected changes is that the _global_
variable `bar` is used inside the function, whereas it's the local
variable for `foo` (on class scope) that is used inside the function
(which is wrong).
 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
98db1af898 Python: Also show variable access 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
fd4f60dd1b Python: Adjust variables tests 2022-09-06 10:11:37 +02:00
Rasmus Wriedt Larsen
ebd97f4496 Python: Add type-tracking regession example 2022-09-06 10:11:36 +02:00
erik-krogh
0776687991 fix leftover todo in js/insecure-temporary-file 2022-09-06 10:05:50 +02:00
Philip Ginsbach
6674e07eaa Merge pull request #10088 from github/parameterisedModules 
parameterised modules in the QL language reference
 2022-09-06 08:59:31 +01:00
Tom Hvitved
12015928c1 Merge pull request #10295 from hvitved/csharp/code-analysis-shared-compilation 
C#: No longer manually disable shared compilation in `codeql-analysis.yml`
 2022-09-06 09:45:31 +02:00
Tom Hvitved
62986a23f3 C#: Add dotnet build integration test 2022-09-06 09:24:54 +02:00
Tom Hvitved
9fd9a04c2f Merge pull request #10277 from hvitved/csharp/dotnet-publish-inject 
C#: Also inject `/p:UseSharedCompilation=false` into `dotnet publish`
 2022-09-06 09:02:00 +02:00
Tamás Vajk
5f841f71db Merge pull request #10291 from tamasvajk/kotlin-fix-array-set 
Kotlin: Fix array `set` operator extraction
 2022-09-06 09:01:05 +02:00
Arthur Baars
604af4f7b3 Merge pull request #10302 from github/rc/3.7 
Merge 3.7 into main
 2022-09-06 08:42:44 +02:00
Arthur Baars
e8d13d156d Merge pull request #10298 from aibaars/suppress-require 
Ruby: exclude 'require' and 'require_relative' definitions from call graph
 2022-09-05 20:58:38 +02:00
Philip Ginsbach
cec63e4522 Update docs/codeql/ql-language-reference/modules.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-09-05 19:17:11 +01:00
Philip Ginsbach
aa539454b5 Update docs/codeql/ql-language-reference/index.rst 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-09-05 19:17:06 +01:00
Arthur Baars
b2431d0b50 Ruby: exclude 'require' and 'require_relative' definitions from call graph 
The syntax_suggest library redefines Kernel.require/require_relative.
Somehow this causes performance issues on ruby/ruby. As a workaround
we exclude 'require' and 'require_relative'.
 2022-09-05 16:52:52 +02:00
Tamás Vajk
1178dcb507 Merge pull request #10293 from tamasvajk/fix/ql4ql-pr-trigger 
Workflow: Add paths filter to QL for QL workflow
 2022-09-05 16:22:05 +02:00
Erik Krogh Kristensen
b77d77d8eb Merge pull request #10209 from erik-krogh/caseConsistency 
QL: add query detecting consistent casing of names
 2022-09-05 16:07:59 +02:00
Tamas Vajk
1c21ce0ec4 Kotlin: Lookup getter methods based on special JVM method mapping 2022-09-05 16:02:25 +02:00
Tamas Vajk
6a90db9b30 Kotlin: List diagnostics for special getter method extraction 2022-09-05 16:00:40 +02:00
Ian Lynagh
b38ad13f82 Merge pull request #10268 from tamasvajk/kotlin-local-function-comments 
Kotlin: fix doc comment extraction for local functions
 2022-09-05 13:35:01 +01:00