hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,080 Commits 1,697 Branches 161 Tags
b6c2ea520bc94e8b21978f2e5aa2a433d8df2aba
Commit Graph

58080 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
b6c2ea520b C#: Some re-factoring of NugetPackages and logic for file downloading. 2023-08-28 15:14:13 +02:00
Michael Nebel
e7dbe9f289 Merge pull request #14028 from michaelnebel/csharp/dependencygetfiles 
C#: Improve GetFiles in the Dependency Manager.
 2023-08-28 12:53:28 +02:00
Rasmus Wriedt Larsen
38b78128c0 Merge pull request #13990 from RasmusWL/experimental-cleanup 
Python: Port old experimental points-to based queries
 2023-08-28 12:11:17 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86 Python: Remove old points-to modeling file 
Since all of this was ported already
 2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
Alex Ford
9957e2683b Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth 
Ruby: Add Improper LDAP Authentication query (CWE-287)
 2023-08-25 20:52:34 +01:00
Alex Ford
ae635c609f Ruby: autoformat 2023-08-25 17:11:07 +01:00
Shati Patel
c5612ae522 Merge pull request #14051 from github/shati-patel/mrva-results-view 
Docs: Update screenshots of variant analysis results view
 2023-08-25 15:42:49 +01:00
Mathias Vorreiter Pedersen
68bccfdb93 Merge pull request #14013 from alexet/only-taint-argv-indirections 
CPP:Only taint argv indirections
 2023-08-25 15:19:51 +01:00
Michael Nebel
02b8adf717 C#: Address review comments and some light re-factoring. 2023-08-25 15:33:54 +02:00
Maiky
ffd618d6cc Revert "Add "" and nil as sources" 
This reverts commit 664c1eba72.
 2023-08-25 15:23:55 +02:00
AlexDenisov
0fe7740dda Merge pull request #14052 from github/sashabu/swift-logging-compiler 
Swift: Route compiler diagnostics through our log.
 2023-08-25 14:47:24 +02:00
Alex Eyers-Taylor
1afcf8c8a8 Add changenotes. 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
9f8fbf8a1a CPP: Update tests for argv change 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
45ddb4832c CPP: Make wordexp take an indirect argument. 2023-08-25 13:05:10 +01:00
Alex Eyers-Taylor
a2f2b6c33f CPP:Only consider **argv as tainted. 2023-08-25 13:05:10 +01:00
Michael Nebel
61a523510e C#: Only use small files during file content reference analysis. 2023-08-25 14:04:52 +02:00
Michael Nebel
a81d982c90 C#: Fetch file info fewer times and make dependencies more clear. 2023-08-25 14:04:52 +02:00
Tony Torralba
6573b1f772 Merge pull request #14056 from atorralba/atorralba/java/jenkins-stapler-regenerate 
Java: Re-generate Jenkins and Stapler models
 2023-08-25 13:15:21 +02:00
Tom Hvitved
42fd9f0c54 Merge pull request #14047 from hvitved/dataflow/join-fix 
Data flow: Fix a bad join order
 2023-08-25 12:18:24 +02:00
Ian Lynagh
a7de0f96e2 Merge pull request #14049 from igfoo/igfoo/kot1.9.10 
Kotlin: We now support 1.9.10
 2023-08-25 11:11:14 +01:00
Tony Torralba
5367fb99d9 Manually update a couple of models affected by the nested name change 2023-08-25 11:25:40 +02:00
Mathias Vorreiter Pedersen
2fd627b460 Merge pull request #13827 from geoffw0/closuremodels 
Swift: Model withUnsafeBytes and similar closure methods
 2023-08-25 10:01:52 +01:00
Tony Torralba
50a9c31b4a Merge pull request #14055 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-08-25 10:04:51 +02:00
Tony Torralba
2ed01d06b4 Java: Re-generate Jenkins and Stapler models 
Re-generated the Jenkins and Stapler models to pick up the changes from github/codeql#14032
 2023-08-25 10:01:28 +02:00
github-actions[bot]
c9d64b6b4f Add changed framework coverage reports 2023-08-25 00:14:40 +00:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
Tom Hvitved
763216b932 Merge pull request #14045 from hvitved/csharp/standalone-resolve-target-framework 
C#: Favor DLLs with most recent .NET Core target framework when resolving dependencies in standalone
 2023-08-24 20:56:26 +02:00
Alexandre Boulgakov
7e05551f16 Swift: Check whether a SourceLoc is valid before using it. 2023-08-24 18:14:34 +01:00
Ian Lynagh
5dff1852e1 Kotlin: We now support 1.9.10 2023-08-24 17:36:45 +01:00
shati-patel
c44b8249a5 Docs: Update screenshots of variant analysis results view 2023-08-24 17:15:04 +01:00
Jeroen Ketema
da403c1a79 Merge pull request #14039 from jketema/non-constant-assign 
C++: Omit assign case from `cpp/non-constant-format`
 2023-08-24 16:54:19 +02:00
Jeroen Ketema
45c56fbce7 Update cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-08-24 16:17:59 +02:00
Jeroen Ketema
607f729339 C++: Add change note 2023-08-24 16:11:39 +02:00
Asger F
6c664e93ef Merge pull request #14035 from asgerf/shared/variable-capture-nested 
Variable capture: synchronize with aliases in nested scopes
 2023-08-24 15:39:34 +02:00
Paolo Tranquilli
e3d6b3e537 Swift: route compiler diagnostics through our log 
(cherry picked from commit b8c55612e5)
 2023-08-24 14:20:15 +01:00
Asger F
1286235773 Address review comments 2023-08-24 13:58:33 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
6b58d11eeb Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv 
Java: Improve `JaxWsEndpoint::getARemoteMethod`
 2023-08-24 13:37:15 +02:00
Erik Krogh Kristensen
59de92ce64 Merge pull request #14027 from erik-krogh/py-reg-app 
ReDoS: limit concretize to strings of at most length 100
 2023-08-24 12:57:42 +02:00
Tom Hvitved
f2eed4d8c4 Data flow: Fix a bad join order 
Before
```
Evaluated relational algebra for predicate DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::flowThroughIntoCall#6#ffffff@0ea4e2mt with tuple counts:
           1065437   ~0%    {4} r1 = SCAN project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::fwdFlow#9#fffffffff#2 OUTPUT In.0, In.3, In.1, In.2
        1158508760   ~0%    {6} r2 = JOIN r1 WITH project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::flowIntoCallApa#6#ffffff_14023#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Rhs.2, Rhs.3, Rhs.4

                            {6} r3 = SELECT r2 ON In.5 != false
        1158470345   ~4%    {6} r4 = SCAN r3 OUTPUT In.4, In.1, In.2, In.0, In.3, In.5

                            {6} r5 = SELECT r2 ON In.5 = false
             38415   ~0%    {5} r6 = SCAN r5 OUTPUT In.2, In.0, In.1, In.3, In.4
                 4   ~0%    {5} r7 = JOIN r6 WITH DataFlowImplCommon#f7de413b::MakeImplCommon#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Cached::TApproxFrontNil#f ON FIRST 1 OUTPUT Lhs.4, Lhs.2, Lhs.0, Lhs.1, Lhs.3
                 4   ~0%    {6} r8 = SCAN r7 OUTPUT In.0, In.1, In.2, In.3, In.4, false

        1158470349   ~4%    {6} r9 = r4 UNION r8
             44065   ~3%    {6} r10 = JOIN r9 WITH project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::returnFlowsThrough#8#ffffffff ON FIRST 3 OUTPUT Lhs.4, Lhs.3, Lhs.0, Lhs.5, Lhs.2, Rhs.3
                            return r10
```

After
```
Evaluated relational algebra for predicate DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::flowThroughIntoCall#6#ffffff@979c54q9 with tuple counts:
         11095   ~0%    {4} r1 = SCAN project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::returnFlowsThrough#8#ffffffff OUTPUT In.0, In.3, In.1, In.2
        470154   ~1%    {8} r2 = JOIN r1 WITH project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::flowIntoCallApa#6#ffffff_20134#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1, Rhs.2, Rhs.3, Rhs.4

                        {8} r3 = SELECT r2 ON In.6 != false
        470152   ~0%    {8} r4 = SCAN r3 OUTPUT In.5, In.2, In.3, In.7, In.0, In.1, In.4, In.6

                        {8} r5 = SELECT r2 ON In.6 = false
             2   ~0%    {7} r6 = SCAN r5 OUTPUT In.3, In.0, In.1, In.2, In.4, In.5, In.7
             0   ~0%    {7} r7 = JOIN r6 WITH DataFlowImplCommon#f7de413b::MakeImplCommon#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Cached::TApproxFrontNil#f ON FIRST 1 OUTPUT Lhs.5, Lhs.3, Lhs.0, Lhs.6, Lhs.1, Lhs.2, Lhs.4
             0   ~0%    {8} r8 = SCAN r7 OUTPUT In.0, In.1, In.2, In.3, In.4, In.5, In.6, false

        470152   ~0%    {8} r9 = r4 UNION r8
         44065   ~3%    {6} r10 = JOIN r9 WITH project#DataFlowImpl#248dabc3::MakeImpl#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Impl#DataFlow#167ac380::DataFlowMake#DataFlowImplSpecific#21008cd7::RubyDataFlow#::Global#XSS#e59174e9::OrmTracking::Config#::C#::MkStage#Stage2#::Stage#Stage3Param#::fwdFlow#9#fffffffff#2 ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, Lhs.7, Lhs.2, Lhs.4
                        return r10
```
 2023-08-24 12:08:34 +02:00
Geoffrey White
f07f97a94e Python: Accept test changes. I think these reflect the 'parse mode chars should not be considered chars' issue. 2023-08-24 10:52:52 +01:00
Tom Hvitved
7723dbc6d7 Merge pull request #14026 from hvitved/dataflow/stage3-call-ctx 
Data flow: Use call contexts in stage 3
 2023-08-24 11:52:08 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Tom Hvitved
554a2c26c3 C#: Favor DLLs with most recent .NET Core target framework when resolving dependencies in standalone 2023-08-24 11:42:06 +02:00
Tony Torralba
3f9701cea7 Two fixes: 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
 2023-08-24 11:35:52 +02:00
Asger F
b424f3fe83 Update a comment to be more accurate 2023-08-24 11:12:39 +02:00
Jeroen Ketema
9f7413eded C++: Omit assign case from cpp/non-constant-format 2023-08-24 11:02:40 +02:00