hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
44,201 Commits 1,741 Branches 165 Tags
ccbbb5754e78b809133b69d6f18657ad696d9d08
Commit Graph

44201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
ccbbb5754e C++: Use range analysis in 'cpp/overrun-write' and accept test changes. 2022-09-28 15:14:29 +01:00
Mathias Vorreiter Pedersen
51758aa928 C++: Add tests to 'cpp/overrun-write'. 2022-09-28 15:14:29 +01:00
Tamás Vajk
f761e57365 Merge pull request #10591 from tamasvajk/kotlin-unbound-symbol 
Kotlin: Log error when unbound symbol is found
 2022-09-28 14:45:13 +02:00
Erik Krogh Kristensen
e0c68c3a27 Merge pull request #10605 from erik-krogh/allow-getURL 
QL: allow getURL as an acronym
 2022-09-28 13:34:48 +02:00
Jami
b448206c19 Merge pull request #10580 from jcogs33/remove-stubs-android 
Java: remove `stubs/android` directory
 2022-09-28 07:23:52 -04:00
erik-krogh
2b316471c5 bump typos to 0.0.2 2022-09-28 13:19:32 +02:00
Anders Schack-Mulligen
b48b5d45ef Merge pull request #10498 from Marcono1234/marcono1234/compilation-unit-simple-name-type 
Java: Add `CompilationUnit.getATypeInScope()`
 2022-09-28 13:18:29 +02:00
erik-krogh
a10a2c2b01 QL: allow getURL as an acronym 2022-09-28 13:14:48 +02:00
Asger F
a48b893ed6 Merge pull request #10588 from asgerf/rb/rbi-instantiated-type 
Ruby: add RbiInstantiatedType
 2022-09-28 11:51:20 +02:00
Joe Farebrother
6cb26d5129 Merge pull request #10241 from joefarebrother/android-webview-dubugging 
Java: Add query for WebView debugging enabled
 2022-09-28 10:50:51 +01:00
Tom Hvitved
22946b176f Merge pull request #10574 from hvitved/ruby/reverse-known-stores 
Ruby: Fix spurious flow through reverse stores
 2022-09-28 11:02:17 +02:00
Asger F
182d7d38a8 Update ruby/ql/lib/codeql/ruby/experimental/Rbi.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-09-28 10:36:09 +02:00
Tamas Vajk
463173eae4 Accept integration test changes 2022-09-28 10:26:58 +02:00
Geoffrey White
9780dffa79 Merge pull request #10596 from geoffw0/swifturl 
Swift: URL is a struct, not a class
 2022-09-28 09:15:29 +01:00
Tamas Vajk
13fb032b1c Kotlin: Remove unbound symbol owner lookup 2022-09-28 09:47:10 +02:00
Tom Hvitved
92a38b30cf Data flow: Update documentation on array flow modeling 2022-09-28 09:32:52 +02:00
Robert Marsh
82bbe67267 Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Jami Cogswell
61e24a888f remove stubs/android directory and update options files 2022-09-27 14:55:08 -04:00
Tom Hvitved
31806b84ba Ruby: Add more flow summaries tests 
The tests highlight the differences between `(With|Without)?Element[1]` and
`(With|Without)?Element[1!]`.
 2022-09-27 20:16:31 +02:00
Tom Hvitved
2351c0288a Ruby: Fix spurious flow through reverse stores 2022-09-27 20:16:31 +02:00
Tom Hvitved
fea1e47daa Ruby: Add data-flow test for spurious flow through a reverse store 2022-09-27 20:05:35 +02:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Geoffrey White
3ffb2a3ee6 Swift: Fix. 2022-09-27 18:39:03 +01:00
Geoffrey White
286fcb672c Swift: Additional test results. 2022-09-27 18:31:43 +01:00
Geoffrey White
d2c74913c8 Swift: Repair UnsafeWebViewFetch query via taint summary. 2022-09-27 18:25:32 +01:00
Geoffrey White
13b2b1f304 Swift: Repair CleartextTransmission query. 2022-09-27 18:25:32 +01:00
Geoffrey White
62aa5de781 Swift: URL is a struct not a class. 2022-09-27 18:25:31 +01:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Mathias Vorreiter Pedersen
549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00
Tamas Vajk
847a64c03b Kotlin: extract call target even if it's unbound 2022-09-27 15:30:38 +02:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Asger F
52b6dd5bec Ruby: update test expectation 2022-09-27 14:41:59 +02:00
Erik Krogh Kristensen
162edd6883 Merge pull request #10586 from erik-krogh/pyRegFix 
ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
 2022-09-27 14:41:18 +02:00
Erik Krogh Kristensen
b9937269b9 Merge pull request #10584 from erik-krogh/csharp-unqueryable 
C#: deprecate/delete some unused code
 2022-09-27 14:26:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tamás Vajk
9358070ae9 Merge pull request #10506 from tamasvajk/kotlin-enum-type-access 
Kotlin: Fix type access expressions in enum constructor calls
 2022-09-27 12:42:30 +02:00
Tamás Vajk
8a6d56a57d Merge pull request #10520 from tamasvajk/kotlin-fix-anonymous-object-comment 
Kotlin: Fix comment extraction for anonymous objects
 2022-09-27 12:42:05 +02:00
erik-krogh
ae6dd05249 deprecate unused class in query specific file 2022-09-27 12:40:05 +02:00
erik-krogh
d23b128457 delete unused code in an internal file 2022-09-27 12:31:58 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00
Asger F
ea4ba27297 Ruby: add RbiInstantiatedType 2022-09-27 10:51:29 +02:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Tom Hvitved
1273db5a22 Data flow: Fix bad join-order when getAReadContent has large fan-in 
Before (terminated before completion)
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@e5ef07bh with tuple counts:
            151500     ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
            150500     ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
            149500     ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
            148500     ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2003849000     ~0%    {5} r5 = JOIN r4 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         105066500  ~9036%    {5} r6 = JOIN r5 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                              return r6
```

After
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff@302620cn with tuple counts:
        1461867  ~0%    {2} r1 = SCAN DataFlowPrivate#462ff392::Cached::TContent#f OUTPUT In.0, In.0
        3549054  ~1%    {2} r2 = JOIN r1 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        5772824  ~5%    {2} r3 = JOIN r2 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                        return r3

Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@016cd9o1 with tuple counts:
         267905  ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
         267905  ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
         267905  ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
         267905  ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2109240  ~0%    {5} r5 = JOIN r4 WITH DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                        return r5
```
 2022-09-26 20:37:53 +02:00
erik-krogh
0f1a8a6f5b deleted unused internal code 2022-09-26 20:20:52 +02:00
erik-krogh
b83ca08854 deprecate class documented as deprecated 2022-09-26 20:09:54 +02:00