hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 04:43:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,591 Commits 1,688 Branches 158 Tags
deff24e8e06b9907264ea8acc34992a25f4e30dc
Commit Graph

39591 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
deff24e8e0 Fix singleton set literal 2022-05-24 09:35:26 +01:00
Harry Maclean
1fd54ed8c3 Ruby: Recognised ActiveSupport::TaggedLogging as a logger 2022-05-24 09:35:26 +01:00
Harry Maclean
dc4ddf6899 Ruby: Recognise ActiveSupport::Logger as a logger 2022-05-24 09:35:26 +01:00
Harry Maclean
14d2ff6528 Ruby: Model ActiveSupport extensions to Enumerable 2022-05-24 09:35:26 +01:00
Harry Maclean
ad2eaf0835 Ruby: Flow for ActiveSupport String extensions 
Add taint flow summaries for ActiveSupport String extensions which
transform the string in various ways, for example `camelcase` and
`underscore`.

DCA suggests this increases the sensitivity of rb/code-injection,
catching cases such as

    params[:foo].camelcase.constantize
 2022-05-24 09:35:26 +01:00
Mathias Vorreiter Pedersen
be453142b8 Merge pull request #8730 from geoffw0/reachesperf 
C++: Better join order for reachesWithoutAssignment.
 2022-05-24 09:22:21 +01:00
Jeroen Ketema
05f09919b0 Merge pull request #9276 from jketema/upgrade-script-script 
Support Go and Swift in the `prepare-db-upgrade` script
 2022-05-24 10:09:31 +02:00
Arthur Baars
8248f607e4 Merge pull request #9277 from github/aibaars/go-test-workflow 
Go: trigger CI jobs on Go related changes only
 2022-05-23 23:51:34 +02:00
Aditya Sharad
7853ea607f Merge pull request #9243 from github/adityasharad/merge-codeql-go-docs 
Docs: Update references to github/codeql-go
 2022-05-23 14:37:23 -07:00
Arthur Baars
7a85ab1690 Go: trigger CI jobs on Go related changes only 2022-05-23 21:25:27 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj 
JS: recognize functions that return object of methods as library input
 2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
0c10927adc Merge pull request #9261 from erik-krogh/passport 
JS: remove support for passport in the session-fixation query
 2022-05-23 19:56:42 +02:00
Aditya Sharad
42f2fc2287 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-05-23 10:55:50 -07:00
Jeroen Ketema
34df9dc835 Support Go and Swift in the prepare-db-upgrade script 2022-05-23 19:09:00 +02:00
Chuan-kai Lin
d3ebc814f5 Merge pull request #8631 from github/cklin/merge-codeql-go 
Merge codeql-go repository into codeql
 2022-05-23 09:22:28 -07:00
Mathias Vorreiter Pedersen
9b0d84c1a3 Merge pull request #9268 from MathiasVP/swift-add-cfg-library 
Swift: Extend AST classes and add control-flow library
 2022-05-23 16:37:51 +01:00
Harry Maclean
905a37c273 Merge pull request #9137 from hmac/hmac/cfg-ql-class 
Ruby: Add getAPrimaryQlClass to CfgNodes classes
 2022-05-23 15:37:51 +01:00
Mathias Vorreiter Pedersen
358a8aba7a Merge pull request #8994 from HansmannThibaut/main 
C/C++ : Wrong Uint access
 2022-05-23 15:31:23 +01:00
Mathias Vorreiter Pedersen
4ba29845e9 Swift: Fix Code Scanning alerts. 2022-05-23 15:18:36 +01:00
Geoffrey White
dcbd5dd98a Merge branch 'main' into reachesperf 2022-05-23 14:49:32 +01:00
Taus
3745526d69 Merge pull request #9108 from RasmusWL/promote-pam 
Python: Promote `py/pam-auth-bypass`
 2022-05-23 15:27:12 +02:00
Mathias Vorreiter Pedersen
ba28632c96 Update cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp 2022-05-23 14:11:13 +01:00
CodeQL CI
04ca9cfaf4 Merge pull request #9234 from asgerf/js/api-graph-accessors 
Approved by erik-krogh
 2022-05-23 06:08:50 -07:00
Erik Krogh Kristensen
aadbc989ce fix typo in comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-23 15:07:29 +02:00
Harry Maclean
ae3a30256b Ruby: Add getAPrimaryQlClass to CfgNode 2022-05-23 14:02:23 +01:00
Tom Hvitved
64be958c52 Merge pull request #9262 from hvitved/ruby/local-source-node-antijoin 
Ruby: Eliminate bad `isLocalSourceNode` antijoin
 2022-05-23 14:36:03 +02:00
Erik Krogh Kristensen
ba844aa0ab Merge branch 'main' into exportObj 2022-05-23 14:18:31 +02:00
yoff
23d64ffa04 Merge pull request #9135 from tausbn/python-modernise-py-jinja2-autoescape-false 
Python: Modernise py/jinja2/autoescape-false
 2022-05-23 14:18:06 +02:00
Mathias Vorreiter Pedersen
2882c42698 Swift: Sync identical files. 2022-05-23 13:13:26 +01:00
Mathias Vorreiter Pedersen
6540e1e8bf Swift: Share 'ControlFlowGraphImplShared.qll' for Swift with Ruby and C#. 2022-05-23 13:12:45 +01:00
Mathias Vorreiter Pedersen
e98728b788 Swift: Fix casing on import alias. 2022-05-23 13:08:09 +01:00
Mathias Vorreiter Pedersen
83bcb53199 Swift: Add tests accept test changes. 2022-05-23 13:05:55 +01:00
Tamás Vajk
487425670e Merge pull request #9229 from tamasvajk/kotlin-df-fix-list 
Kotlin: extract non-private members of class supertypes
 2022-05-23 14:04:31 +02:00
Mathias Vorreiter Pedersen
9f8fbd7aa7 Swift: Add control-flow library. 2022-05-23 12:59:06 +01:00
Mathias Vorreiter Pedersen
26f0d3ac43 Swift: Add helper predicates on AST classes 2022-05-23 12:51:51 +01:00
Paolo Tranquilli
06a8cf6f1e Merge pull request #9198 from github/redsun82/swift-self-contained-cpp-code-gen 
Swift: make C++ code generation more self-contained
 2022-05-23 13:45:58 +02:00
Asger F
0929f5eb49 JS: Update test assertions to new syntax 2022-05-23 13:12:52 +02:00
Asger Feldthaus
33dac5e95f JS: API graph support for accessors (and classes) 2022-05-23 13:12:52 +02:00
Paolo Tranquilli
1e9fcfb338 Merge pull request #9265 from github/redsun82/swift-rm-codeqlmanifest 
Swift: remove `.codeqlmanifest`
 2022-05-23 13:00:58 +02:00
Erik Krogh Kristensen
7a3bbede1b remove support for passport in the session-fixation query 2022-05-23 12:55:11 +02:00
Paolo Tranquilli
63f5a86699 Merge pull request #9264 from github/redsun82/swift-fix-ndebug-build 
Swift: fix extractor built with `NDEBUG`
 2022-05-23 12:50:49 +02:00
Paolo Tranquilli
a3f6682bbb Swift: remove .codeqlmanifest 
The extractor pack entry in there has been moved to the root manifest.
 2022-05-23 12:49:08 +02:00
Paolo Tranquilli
ea6a249fee Swift: fix extractor built with NDEBUG 
There was a call with side effects in an `assert`, that was therefore
not being called with `NDEBUG` turned on, changing extractor results.
 2022-05-23 12:35:54 +02:00
Tom Hvitved
bbdedf5f14 Ruby: Eliminate bad isLocalSourceNode antijoin 
Gets rid of
```
Tuple counts for DataFlowPrivate::Cached::isLocalSourceNode#462ff392#f#antijoin_rhs@dd2f927s:
        20905019     ~3%    {2} r1 = JOIN DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body WITH boundedFastTC(DataFlowPrivate::Cached::localFlowStepTypeTracker#462ff392#ff_10#higher_order_body,DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body) ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        10420128  ~1496%    {1} r2 = JOIN r1 WITH DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body ON FIRST 1 OUTPUT Lhs.1

          480918     ~8%    {1} r3 = JOIN r1 WITH DataFlowPrivate::Cached::entrySsaDefinition#462ff392#f ON FIRST 1 OUTPUT Lhs.1

        10901046  ~1218%    {1} r4 = r2 UNION r3
                            return r4
```
 2022-05-23 10:54:17 +02:00
Tamas Vajk
4732793fb6 Change type tests 
Linux and MacOS produced different results, so the queried types are now limited to ones that are visible in the source code.
 2022-05-23 10:39:22 +02:00
Tamas Vajk
d3e64f5135 Kotlin: extract non-private members of class supertypes 2022-05-23 10:39:22 +02:00
Tamas Vajk
b0c6db4cfc Kotlin: add missing dataflow test for List::iterator 2022-05-23 10:39:22 +02:00
Tamas Vajk
ab920d31dc Repro for kotlin-java difference with generic types 2022-05-23 10:39:22 +02:00
Michael Nebel
bf958ff5bb Merge pull request #9255 from michaelnebel/csharp/test-clearscontent 
C#: Remove default clears content.
 2022-05-23 10:30:30 +02:00
Michael Nebel
c82ab6813f Merge pull request #9256 from michaelnebel/csharp/test-ranking 
C#: Rank summaries and source code in dataflow callables.
 2022-05-23 10:29:52 +02:00