hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,842 Commits 1,690 Branches 160 Tags
c2d203772628a86c23e516aff02e6000eab8fa2a
Commit Graph

25842 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Philip Ginsbach
abaa0633d7 consistently distinguish base types and supertypes 2021-09-03 10:20:14 +01:00
Philip Ginsbach
d2f833d02c deep implications => implications 2021-09-03 10:13:12 +01:00
Benjamin Muskalla
2edb32f344 Fix naming 2021-09-03 10:59:35 +02:00
Rasmus Wriedt Larsen
67df890f68 Misc: Fail by default if query pack can't be found 2021-09-03 10:56:49 +02:00
Chris Smowton
76a41146a8 Merge pull request #6594 from smowton/smowton/fix/stub-arrays-and-bounds 
Move unreachable cases of IndirectType into getAContainedType
 2021-09-03 09:56:04 +01:00
Benjamin Muskalla
6ede08e3c9 Remove dead code 2021-09-03 10:53:24 +02:00
Benjamin Muskalla
c06e37f3d9 Hide diff for generated files by default 2021-09-03 10:46:52 +02:00
Rasmus Wriedt Larsen
9386a900eb Misc: Clean whitespace in generate-code-scanning-query-list.py 2021-09-03 10:46:25 +02:00
james
8c37e90a77 revert a couple of changes 2021-09-03 09:31:54 +01:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Anders Fugmann
d962fc4ce1 C++: Improve predicate upperBound in SimpleRangeAnalysis 
If an expression has an immediate guardPhi node, this is used as a strict upper bound
 2021-09-02 21:46:18 +02:00
Anders Fugmann
c110508b4e C++: Add tests to expose potential improvements available to SimpleRangeAnalysis 2021-09-02 21:20:33 +02:00
Chris Smowton
d57bd34575 Update dbscheme stats 2021-09-02 20:14:51 +01:00
Shati Patel
d22620f72f Merge pull request #6575 from shati-patel/docs-copyright-year 
Docs: Auto-update copyright year
 2021-09-02 18:43:07 +01:00
Chris Smowton
c259d0204a Move unreachable cases of IndirectType into getAContainedType 2021-09-02 17:53:52 +01:00
Philip Ginsbach
ee13efbffd some whitesapce fixes 2021-09-02 17:31:55 +01:00
Philip Ginsbach
dbda1bf5c0 Update docs/codeql/ql-language-reference/types.rst 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-09-02 17:30:36 +01:00
Chris Smowton
b9afccc015 Remove impossible lines from Stubs.qll 2021-09-02 17:14:38 +01:00
james
2e995839bb fix link 2021-09-02 16:46:23 +01:00
james
81a9ce2baa polish text 2021-09-02 16:40:29 +01:00
Philip Ginsbach
dbc95cadb4 language reference entry for non-extending subtypes 2021-09-02 15:23:39 +01:00
Chris Smowton
29b9231f49 Rename db types relating to local classes 
These now all refer to types or classes-or-interfaces.
 2021-09-02 14:51:51 +01:00
Chris Smowton
e8bdc8ba17 Make Member.getEnclosingCallable compatible with local interfaces 2021-09-02 14:51:50 +01:00
Chris Smowton
608d24f75e Rename QL elements that refer to local classes 2021-09-02 14:51:50 +01:00
Chris Smowton
0a5410c2d3 Remove unnecessary charpred 2021-09-02 14:51:49 +01:00
Chris Smowton
474d983f8d Fix typo 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-02 14:51:48 +01:00
Chris Smowton
fca561351d Fix typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-02 14:51:48 +01:00
Chris Smowton
ac43ad6da2 Add change note 2021-09-02 14:51:47 +01:00
Chris Smowton
e048a729db Add Interface.isLocal and use it where appropriate 
Some EJB logic regrettably needs to be renamed out of the way. Hopefully the churn caused by this is less than would be caused if Interface's isLocal needed to be named differently from Class.isLocal.
 2021-09-02 14:51:46 +01:00
Chris Smowton
ca5c2b2acf Fix description wording 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-02 14:51:46 +01:00
Chris Smowton
9c4a50503c Allow local interfaces 
Java 16 permits enums and interfaces to be declared method-locally. Enums are already classes, but interfaces are not (in dbscheme terms), so we need to permit isLocalClass to tag them like it already does classes.
 2021-09-02 14:51:45 +01:00
Rasmus Wriedt Larsen
065075056b Python: Highlight how await taint-step works 2021-09-02 15:45:59 +02:00
Rasmus Wriedt Larsen
ad102e2746 Python: Minor cleanup to snippets 
As pointed out in review, we don't need this override any more!
 2021-09-02 15:40:32 +02:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Taus
e4fd749a46 Merge pull request #6547 from github/RasmusWL/cwe328-weak-hash 
Python: Add CWE-328 to `py/weak-sensitive-data-hashing`
 2021-09-02 11:42:31 +02:00
Tamás Vajk
82f61ca015 Merge pull request #6577 from tamasvajk/fix/cil-modified-pointer 
C#: Temporarily extract modified pointers as unmodified during CIL ex…
 2021-09-02 10:48:51 +02:00
Jonas Jensen
1ba26237a7 Merge pull request #6585 from rvermeulen/patch-3 
Update qldoc for the Access class
 2021-09-02 10:17:36 +02:00
Erik Krogh Kristensen
1ad204d89e make after and TState private in ReDoSUtil 2021-09-02 09:15:43 +02:00
Erik Krogh Kristensen
df04c5044c use concat instead of strictconcat in RegexTreeView.qll 2021-09-02 08:54:39 +02:00
Tom Hvitved
c3ecae503b Data flow: Sync files 2021-09-01 19:58:47 +02:00
Tom Hvitved
136c8b5192 Data flow: Improve callMayFlowThroughFwd join order 
Before:
```
[2021-08-25 09:56:29] (1395s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@111fb3:
                      15495496   ~5%         {5} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.3, In.4, In.2 'config', In.0 'call', In.1
                      1450611958 ~6335%      {5} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlow#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'call', Lhs.4, Lhs.2 'config', Rhs.3, Rhs.4
                      7043648    ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 5 OUTPUT Lhs.0 'call', Lhs.2 'config'
                                             return r3
```

After:
```
[2021-08-25 10:57:02] (2652s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@d3e27b:
                      15495496 ~0%         {6} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.0 'call', In.1, In.2 'config', In.3, In.4, In.2 'config'
                      9236888  ~22%        {7} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Rhs.4, Lhs.4, Lhs.5, Lhs.0 'call', Lhs.2 'config'
                      7043648  ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlow#fffff ON FIRST 5 OUTPUT Lhs.5 'call', Lhs.6 'config'
                                           return r3
```
 2021-09-01 19:57:29 +02:00
Andrew Eisenberg
10f6cab77e Merge pull request #6583 from github/aeisenberg/query-suite-docs 
Docs: Update documentation for query suites
 2021-09-01 10:33:22 -07:00
Benjamin Muskalla
ee8958ba03 Fix nodes for local taint test 2021-09-01 15:55:59 +02:00
Benjamin Muskalla
c1d34d7d6f Move Strings to lib 2021-09-01 15:55:39 +02:00
Benjamin Muskalla
190bf90bc8 Replace stringbuilder step with model 2021-09-01 15:41:16 +02:00
Benjamin Muskalla
7ddf7ff211 Track taint from concatenated string 2021-09-01 15:41:16 +02:00
Benjamin Muskalla
d178fe4e5d Fix failing tests 2021-09-01 15:41:16 +02:00
Benjamin Muskalla
93bc8aa7b2 Fix tests to take trim into account 2021-09-01 15:41:15 +02:00
Benjamin Muskalla
7be179cf6c Mark String constructor as propagating taint 2021-09-01 15:41:15 +02:00
Benjamin Muskalla
3928ffd30d Support CharSequence#subSequence 2021-09-01 15:41:15 +02:00