hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,147 Commits 1,703 Branches 162 Tags
ae634367c99f404fb3f2a92944243ccef9d50b95
Commit Graph

41147 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
thiggy1342
ae634367c9 add qhelp file 2022-07-14 00:11:52 +00:00
thiggy1342
2cc703387b use taint config for data flow 2022-07-14 00:11:52 +00:00
thiggy1342
7df7b92d86 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 20:36:34 -04:00
thiggy1342
7129002573 tweak tests more 2022-07-13 00:33:58 +00:00
thiggy1342
b3f1a513d1 Update tests 2022-07-13 00:25:43 +00:00
Erik Krogh Kristensen
2aaedacd5d Merge pull request #9593 from erik-krogh/param2 
QL: followup fixes to parameterized modules
 2022-07-13 00:23:11 +02:00
Erik Krogh Kristensen
89043ec4ef Merge branch 'main' into param2 2022-07-12 23:21:11 +02:00
thiggy1342
74d6061082 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 17:15:54 -04:00
Erik Krogh Kristensen
5cbe01d8dc Merge pull request #8351 from erik-krogh/inconsistentDep 
QL: add query detecting inconsistent deprecations
 2022-07-12 23:12:24 +02:00
Erik Krogh Kristensen
e092cb02cd Merge pull request #8937 from erik-krogh/qlFocusedLocations 
QL: more precise alert locations
 2022-07-12 23:11:22 +02:00
Jeroen Ketema
c18428f1a9 Merge pull request #9785 from bdrodes/main 
C++: Nullness.qll bug fixes
 2022-07-12 21:43:44 +02:00
Jeroen Ketema
f7c4fa691d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-07-12 16:59:15 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
Jeroen Ketema
8f9d419441 C++: Add change note 2022-07-12 15:24:09 +02:00
Jeroen Ketema
e5eabc4e47 C++: Slightly tweak nullness test and update test results 2022-07-12 15:23:33 +02:00
Jeroen Ketema
d63b0946d9 C++: Use ConditionDeclExpr in AnalysedExpr::isDef 2022-07-12 15:22:13 +02:00
Jeroen Ketema
2ceb25dc9a C++: Order left and right operands in the logical left to right order 2022-07-12 15:21:37 +02:00
Ian Lynagh
d0bf424b19 Merge pull request #9806 from igfoo/igfoo/useType 
Kotlin: Extract an ErrorType if we fail to correctly extract a type
 2022-07-12 13:45:04 +01:00
Ian Lynagh
1bcb17b760 Update java/ql/lib/change-notes/2022-07-12-errortype.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-12 12:16:24 +01:00
Jeroen Ketema
de6a9375ba Merge pull request #9804 from jketema/get-target 
C++: Clarify the "most-specific" part of `FunctionCall:getTarget`
 2022-07-12 12:06:50 +02:00
Ian Lynagh
2edeeaac0e Merge pull request #9801 from igfoo/igfoo/psi 
Kotlin: We can't extract comments for < 1.5.20
 2022-07-12 11:01:30 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Henry Mercer
2ddcf8364c Merge pull request #9585 from github/henrymercer/packaging-on-ghes 
Docs: Document packaging support for CodeQL CLI 2.9.4+ on GHES 3.6+
 2022-07-12 10:36:03 +01:00
Nick Rolfe
685389d219 Merge pull request #9797 from github/nickrolfe/railties_fix 
Ruby: fix defining every dataflow node as a command execution sink
 2022-07-12 09:30:55 +01:00
Jeroen Ketema
c75599c3da C++: Clarify the "most-specific" part of FunctionCall:getTarget 2022-07-12 10:28:19 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Paolo Tranquilli
70838fe57f Merge pull request #9774 from github/redsun82/swift-disable-change-note-check 
Swift: disable change note checking for now
 2022-07-12 09:28:37 +02:00
Andrew Eisenberg
022acf2de0 Merge pull request #9570 from github/aeisenberg/docs/packs-with-paths 
Update docs to include how to run a pack with path
 2022-07-11 11:40:11 -07:00
Ian Lynagh
960d1dba8a Kotlin: We can't etract comments for < 1.5.20 
We were making our own PsiSourceManager, but that didn't know about any
IrFile -> PsiFile mappings.
 2022-07-11 19:36:43 +01:00
Ian Lynagh
4c68624b00 Kotlin: Pass a FileLogger to Psi2Ir 2022-07-11 19:17:21 +01:00
Ian Lynagh
b9072a3594 Kotlin: Share a Psi2Ir instance 2022-07-11 18:57:43 +01:00
Henry Mercer
4704269086 Add example registry authentication string 2022-07-11 18:36:03 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
Ben Rodes
a6048dd594 Merge branch 'github:main' into main 2022-07-11 08:49:13 -04:00
Jeroen Ketema
93a4a32527 Merge pull request #9786 from jketema/lossy 
C++: LossyFunctionResultCast updates
 2022-07-11 14:14:33 +02:00
Robert Marsh
bbd7e62341 Merge pull request #9793 from jketema/nullness 
C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`
 2022-07-11 08:07:24 -04:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Jeroen Ketema
6b2154eb8b C++: Add tests for AnalysedExpr::isNullCheck and AnalysedExpr::isValidCheck 2022-07-11 11:54:48 +02:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
REDMOND\brodes
4379aa4398 Adding Initializer in condition as an occurance of isDef 2022-07-07 10:32:36 -04:00
Jeroen Ketema
0b471c2007 C++: Improve LossyFunctionResultCast join order 
Before on wireshark:
```
Tuple counts for #select#ff@eca61bf2:
        180100  ~2%    {2} r1 = SCAN Type::Type::getUnderlyingType#dispred#f0820431#ff OUTPUT In.1, In.0
            84  ~2%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Rhs.0
          2021  ~0%    {2} r3 = JOIN r2 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          2437  ~0%    {2} r4 = JOIN r3 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          2150  ~0%    {2} r5 = r4 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
          2150  ~0%    {2} r6 = SCAN r5 OUTPUT In.1, In.0
           313  ~0%    {3} r7 = JOIN r6 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
           313  ~0%    {3} r8 = JOIN r7 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
           148  ~3%    {2} r9 = JOIN r8 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
           148  ~1%    {3} r10 = JOIN r9 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            21  ~0%    {3} r11 = JOIN r10 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
            21  ~0%    {3} r12 = JOIN r11 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
            21  ~0%    {2} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                       return r13
```

After:
```
Tuple counts for #select#ff@a5a185eg:
          20  ~0%    {2} r1 = SCAN project#Type::FloatingPointType#class#2e8eb3ef#fffff OUTPUT In.0, In.0
          20  ~0%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
          84  ~2%    {2} r3 = JOIN r2 WITH Type::Type::getUnderlyingType#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2021  ~0%    {2} r4 = JOIN r3 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2437  ~0%    {2} r5 = JOIN r4 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        2150  ~0%    {2} r6 = r5 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
        2150  ~0%    {2} r7 = SCAN r6 OUTPUT In.1, In.0
         313  ~0%    {3} r8 = JOIN r7 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
         313  ~0%    {3} r9 = JOIN r8 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         148  ~3%    {2} r10 = JOIN r9 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
         148  ~1%    {3} r11 = JOIN r10 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
          21  ~0%    {3} r12 = JOIN r11 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
          21  ~0%    {3} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
          21  ~0%    {2} r14 = JOIN r13 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                     return r14
```
 2022-07-06 21:53:12 +02:00
Jeroen Ketema
7d6fb7f91a C++: Rename LossyFunctionResultCast tests to be correctly named 2022-07-06 21:52:13 +02:00
REDMOND\brodes
74ff579dbc Fixing logic bug with LogicalAndExpr 2022-07-06 15:19:36 -04:00
Mathias Vorreiter Pedersen
3bacb18315 Merge pull request #9770 from MathiasVP/nomagic-use-in-own-init 
C++: Add `nomagic` to `VariableAccessInInitializer`
 2022-07-02 16:35:45 +01:00
Chris Smowton
4d45a2ca87 Merge pull request #9775 from smowton/smowton/fix/accessors-respect-private-member-exclusion 
Kotlin: don't extract private setters of external classes
 2022-07-02 10:27:06 +01:00