hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
52,720 Commits 1,731 Branches 164 Tags
abec99badbd50f8aa4654deae55f0339544fc93f
Commit Graph

52720 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gulshan Singh
abec99badb C++: Add getSizeExpr and getSizeMult predicates to BufferAccess 2023-03-29 08:26:00 -07:00
Edward Minnix III
117a983423 Merge pull request #12639 from egregius313/egregius313/java/refactor-injection-queries 
Java: Refactor injection queries to new dataflow API
 2023-03-29 11:02:18 -04:00
Jeroen Ketema
edfd8715c8 Merge pull request #12695 from jketema/swift-configsig 
Swift: Refactor a number of queries to use `DataFlow::ConfigSig`
 2023-03-29 16:07:47 +02:00
Mathias Vorreiter Pedersen
e3e68b7753 Merge pull request #12642 from geoffw0/modernstring 
Swift: Modernize the swift/string-length-conflation query
 2023-03-29 14:55:40 +01:00
Mathias Vorreiter Pedersen
6dd45b31e1 Merge pull request #12696 from MathiasVP/range-analysis-of-mul-expr 
C++: IR-based range analysis of multiplication
 2023-03-29 14:05:55 +01:00
Mathias Vorreiter Pedersen
9d5c785d89 C++: Even more fix'ing QLDoc. 2023-03-29 12:45:27 +01:00
Mathias Vorreiter Pedersen
09d0385f0f C++: Fix QLDoc. 2023-03-29 12:42:32 +01:00
Mathias Vorreiter Pedersen
c14bccf7eb C++: Fix QLDoc. 2023-03-29 12:41:04 +01:00
Anders Schack-Mulligen
d0fa7c7ff8 Merge pull request #12683 from aschackmull/java/rangeanalysis-add 
Java: Support double-recursive range analysis bounds for addition.
 2023-03-29 13:39:59 +02:00
Mathias Vorreiter Pedersen
fe487a1ae8 C++: Respond to PR reviews. 2023-03-29 12:30:24 +01:00
Ed Minnix
c8579d8c26 RegexInjection docs 2023-03-29 07:24:32 -04:00
Ed Minnix
17cdd16c19 Fix miscopied isBarrier in JndiInjectionQuery 2023-03-29 07:23:13 -04:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Mathias Vorreiter Pedersen
1dd3e385ab Merge pull request #12133 from d10c/swift/case-let-dataflow 
Swift: `case let` dataflow
 2023-03-29 11:31:48 +01:00
Nora Dimitrijević
d0de4a5d93 Merge branch 'main' into swift/case-let-dataflow 2023-03-29 11:55:34 +02:00
Nora Dimitrijević
70ed8c6e8f Swift: add QLdoc to Pattern 2023-03-29 11:52:50 +02:00
Nora Dimitrijević
3fbf90cbd7 Swift: add ConstructorDecl.isFailable/0 2023-03-29 11:52:50 +02:00
Tamás Vajk
08d2d3b96b Merge pull request #12699 from tamasvajk/fix/ruby-makefile 
Ruby: Adjust Makefile after shared library refactoring
 2023-03-29 11:48:24 +02:00
Anders Schack-Mulligen
7844384768 Java: Add change note. 2023-03-29 11:39:07 +02:00
Asger F
2ef1743bf4 Merge pull request #11615 from asgerf/js/extension-docs 
JS: docs for customizing library models with data extensions
 2023-03-29 10:20:53 +02:00
Tamas Vajk
85d824b96b Ruby: Adjust Makefile after shared library refactoring 2023-03-29 10:12:10 +02:00
Edward Minnix III
e39318853f Merge pull request #12693 from atorralba/atorralba/java/insecure-ldap-auth-tag 
Java: Fix InsecureLdapAuth tags
 2023-03-28 14:56:56 -04:00
Nora Dimitrijević
55ce9760e1 Merge branch 'main' into swift/case-let-dataflow 2023-03-28 18:20:33 +02:00
Nora Dimitrijević
2a5f29cd0f Swift: remove getIdentityPreservingEnclosingPattern 
The Pattern public interface doesn't really need it.
 2023-03-28 18:18:32 +02:00
Mathias Vorreiter Pedersen
8021958ac5 C++: Accept test changes. 2023-03-28 16:50:18 +01:00
Mathias Vorreiter Pedersen
6699a0cb1a C++: Add range analysis for binary multiplication. 2023-03-28 16:50:18 +01:00
Jeroen Ketema
a381aa4d37 Swift: Use DataFlow::ConfigSig in InsufficientHashIterations.ql 2023-03-28 17:39:58 +02:00
Jeroen Ketema
60f033f10c Swift: Use DataFlow::ConfigSig in ConstantSalt.ql 2023-03-28 17:39:18 +02:00
Jeroen Ketema
b97b3d9975 Swift: Use DtatFlow::ConfigSig in InsecureTLS.ql 2023-03-28 17:38:46 +02:00
Jeroen Ketema
42248220b4 Swift: Use DataFlow::ConfigSig in WeakSensitiveDataHashing.ql 2023-03-28 17:38:11 +02:00
Jeroen Ketema
a8599eb689 Swift: Use DataFlow::ConfigSig in ECBEncryption.ql 2023-03-28 17:37:37 +02:00
Jeroen Ketema
cc23ba3698 Swift: Use DataFlow::ConfigSig in HardcodedEncryptionKey.ql 2023-03-28 17:37:05 +02:00
Jeroen Ketema
1592b578d9 Swift: Use DataFlow::ConfigSig in ConstantPassword.ql 2023-03-28 17:36:37 +02:00
Jeroen Ketema
31512b8627 Swift: Use DataFlow::ConfigSig in StaticInitializationVector.ql 2023-03-28 17:36:00 +02:00
Asger F
080acdbfff JS: remove links to docs file... again 2023-03-28 17:29:26 +02:00
Tony Torralba
ce191e1f9f Fix InsecureLdapAuth tags 2023-03-28 17:10:33 +02:00
Edward Minnix III
b00104ebe3 Merge pull request #12458 from egregius313/egregius313/promote-insecure-ldap-authentication 
Java: Promote LDAP Authentication Query
 2023-03-28 10:39:17 -04:00
Edward Minnix III
97ec808a6f Make configuration public 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-28 10:28:15 -04:00
Erik Krogh Kristensen
451f6f01bb Merge pull request #12633 from erik-krogh/more-global-flow 
JS: better callgraph support for global variables
 2023-03-28 15:19:50 +02:00
Nora Dimitrijević
94614320b5 Swift: refactor OptionalSomeDecl -> OptionalSomeContentSet 2023-03-28 15:15:16 +02:00
Anders Schack-Mulligen
7c74fd07e9 Merge pull request #12684 from aschackmull/dataflow/remove-footgun 
Dataflow: Remove accidentally exposed predicates.
 2023-03-28 15:14:58 +02:00
Nora Dimitrijević
ea9e8e7ddb Swift: fix bad join order in Pattern.getImmediateMatchingExpr 
On Signal-iOS, this snippet:

```codeql
class Pattern extends Generated::Pattern {
  ...
  Expr getImmediateMatchingExpr() {
    ...
    exists(PatternBindingDecl v, int i |
      v.getPattern(i) = this and
      result = v.getInit(i)
    )
    ...
  }
  ...
}
```

Had the following join order:

```
             33926   ~0%    {3} r8 = SCAN PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff OUTPUT In.1, In.0, In.2
        2565045964   ~0%    {4} r9 = JOIN r8 WITH pattern_binding_decl_patterns_102#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Rhs.2
             33926   ~0%    {2} r10 = JOIN r9 WITH Synth#5f134a93::Synth::convertPatternBindingDeclToRaw#1#ff ON FIRST 2 OUTPUT Lhs.3, Lhs.2
             33926   ~2%    {2} r11 = JOIN r10 WITH Synth#5f134a93::Synth::convertPatternFromRaw#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             33926   ~1%    {2} r12 = JOIN r11 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             33926   ~4%    {2} r13 = JOIN r12 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
```

After applying `pragma[only_bind_out]` to `this`:

```
        198815   ~1%    {2} r4 = SCAN Synth#5f134a93::Synth::TPattern#f OUTPUT In.0, In.0
        198815   ~0%    {2} r5 = JOIN r4 WITH Element#e67432df::Generated::Element::resolve#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         75626   ~0%    {3} r6 = JOIN r5 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediatePattern#1#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.1
         33926   ~1%    {2} r7 = JOIN r6 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2
         33926   ~4%    {2} r8 = JOIN r7 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

```
 2023-03-28 14:57:05 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Michael Nebel
042e53aa4a Merge pull request #12688 from michaelnebel/csharp/documentation 
C#: Claim support for C# 11 / .NET 7 in external documentation.
 2023-03-28 14:02:51 +02:00
Anders Schack-Mulligen
3b0095725c Java: Adjust test expectation. 2023-03-28 14:00:25 +02:00
Anders Schack-Mulligen
47e7aa9566 Dataflow: Add change note. 2023-03-28 13:17:48 +02:00
Michael Nebel
e38196a3a8 C#: Claim support for C# 11 / .NET 7 in external documentation. 2023-03-28 13:04:30 +02:00
Asger F
02da09c7d8 Update docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-03-28 11:36:24 +02:00
Tony Torralba
12b236f6f1 Merge pull request #12682 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-03-28 11:27:19 +02:00
Asger F
d62b944b93 JS: Explain difference between type and member 2023-03-28 10:49:28 +02:00