hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,154 Commits 1,703 Branches 162 Tags
df2b586e7cca6590d6fe4b18ac337d5e77485585
Commit Graph

44154 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00
Tony Torralba
be9509ceb9 Merge pull request #9199 from luchua-bc/java/unsafe-url-forward-dispatch-load 
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
 2022-09-27 15:27:51 +02:00
Erik Krogh Kristensen
162edd6883 Merge pull request #10586 from erik-krogh/pyRegFix 
ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
 2022-09-27 14:41:18 +02:00
Erik Krogh Kristensen
b9937269b9 Merge pull request #10584 from erik-krogh/csharp-unqueryable 
C#: deprecate/delete some unused code
 2022-09-27 14:26:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Tony Torralba
7ff82bbed3 Update java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll 2022-09-27 13:26:21 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Tamás Vajk
9358070ae9 Merge pull request #10506 from tamasvajk/kotlin-enum-type-access 
Kotlin: Fix type access expressions in enum constructor calls
 2022-09-27 12:42:30 +02:00
Tamás Vajk
8a6d56a57d Merge pull request #10520 from tamasvajk/kotlin-fix-anonymous-object-comment 
Kotlin: Fix comment extraction for anonymous objects
 2022-09-27 12:42:05 +02:00
erik-krogh
ae6dd05249 deprecate unused class in query specific file 2022-09-27 12:40:05 +02:00
erik-krogh
d23b128457 delete unused code in an internal file 2022-09-27 12:31:58 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Tom Hvitved
1273db5a22 Data flow: Fix bad join-order when getAReadContent has large fan-in 
Before (terminated before completion)
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@e5ef07bh with tuple counts:
            151500     ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
            150500     ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
            149500     ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
            148500     ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2003849000     ~0%    {5} r5 = JOIN r4 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         105066500  ~9036%    {5} r6 = JOIN r5 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                              return r6
```

After
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff@302620cn with tuple counts:
        1461867  ~0%    {2} r1 = SCAN DataFlowPrivate#462ff392::Cached::TContent#f OUTPUT In.0, In.0
        3549054  ~1%    {2} r2 = JOIN r1 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        5772824  ~5%    {2} r3 = JOIN r2 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                        return r3

Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@016cd9o1 with tuple counts:
         267905  ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
         267905  ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
         267905  ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
         267905  ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2109240  ~0%    {5} r5 = JOIN r4 WITH DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                        return r5
```
 2022-09-26 20:37:53 +02:00
erik-krogh
0f1a8a6f5b deleted unused internal code 2022-09-26 20:20:52 +02:00
erik-krogh
b83ca08854 deprecate class documented as deprecated 2022-09-26 20:09:54 +02:00
Tom Hvitved
88baf0883a Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx 
Ruby: Context sensitive instance method resolution
 2022-09-26 19:55:10 +02:00
Mathias Vorreiter Pedersen
11b2a12392 Merge pull request #10572 from MathiasVP/add-cwe-193-fp 
C++: Add FP test for `CWE-193`
 2022-09-26 17:22:47 +01:00
Michael Nebel
40a75fdd12 Merge pull request #9406 from JarLob/controller 
Extend aspnetcore controller definition
 2022-09-26 16:34:39 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Anders Schack-Mulligen
17dba00264 Dataflow: Minor visibility cleanup. 2022-09-26 16:09:42 +02:00
Jaroslav Lobačevski
57fcfd5e7d Apply suggestions from code review 2022-09-26 14:55:29 +02:00
Jaroslav Lobačevski
fa503ec3f2 Create 2022-08-24-aps-net-core-controllers.md 2022-09-26 14:55:29 +02:00
Michael Nebel
37795226a4 C#: Exclude stub implementation in test results. 2022-09-26 14:55:29 +02:00
Michael Nebel
29639a0ad5 C#: ControllerBase should still be considered a controller as we need Redirect methods to be considered sinks. 2022-09-26 14:55:29 +02:00
Michael Nebel
85eee886ac C#: Auto-format AspNetCore.ql. 2022-09-26 14:55:28 +02:00
Michael Nebel
f2ada3d547 C#: Also use using namespace as a hint to indicate that ASP.NET Core is in scope. 2022-09-26 14:55:28 +02:00
Michael Nebel
a7011e11c4 C#: Minor refactoring to avoid introducing name variable. 2022-09-26 14:55:28 +02:00
Michael Nebel
72429cb9e8 C#: Generic classes should not be considered controllers. 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
eed04696a9 Add tests 2022-09-26 14:55:28 +02:00
Octokit
f05d4b8410 failing tests 2022-09-26 14:55:28 +02:00
Octokit
fc10212e68 Add ApiController support 2022-09-26 14:55:28 +02:00
Octokit
c96b938e7d Controller is public, non-abstract, not generic class 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
853a80bdbc filter out Controller suffixed class in non asp.net projects 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
3d281fbb71 fix suffix match 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
56055bd76a Add qldoc comments 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
f27b5d5588 Fix code style warnings 2022-09-26 14:55:28 +02:00
Jaroslav Lobačevski
105462a1fc Extend aspnetcore controller definition 2022-09-26 14:55:27 +02:00
Michael Nebel
0581b91c32 Merge pull request #10554 from michaelnebel/csharp/datetime-sanitizer 
C#: Consider DateTime as simple type sanitizer.
 2022-09-26 13:21:36 +02:00
Mathias Vorreiter Pedersen
1c55bbe2e8 C++: Add FP for CWE-193. 2022-09-26 11:53:03 +01:00
Anders Schack-Mulligen
f4ef4342c2 Merge pull request #10558 from aschackmull/java/static-init-vector-perf 
Java: Improve performance of StaticInitializationVector.
 2022-09-26 10:50:49 +02:00
Tom Hvitved
257bcefaf9 Merge pull request #10548 from hvitved/ruby/call-graph-tests 
Ruby: Add call graph tests for unsupported constructs
 2022-09-26 10:47:23 +02:00
Chris Smowton
f9ba190812 Merge pull request #9830 from smowton/smowton/fix/kotlin-annotation-class-accessors 
Kotlin: annotation properties should be java.lang.Class not KClass
 2022-09-26 08:34:30 +01:00
Chris Smowton
2a2b939078 Lint 2022-09-25 16:48:10 +01:00
Chris Smowton
f774467892 Kotlin: annotation properties should be java.lang.Class not KClass 
As documented at https://kotlinlang.org/docs/annotations.html#constructors, annotation properties of type KClass get rewritten when targeting the JVM.
 2022-09-25 11:53:50 +01:00
Chris Smowton
a8197b27aa Merge pull request #10561 from github/henrymercer/go-consistent-query-id 
Go: Use a consistent query identifier for successfully extracted files
 2022-09-24 17:22:56 +01:00
Chris Smowton
9aebe87c67 Merge pull request #10523 from smowton/smowton/admin/jdk18-extractor-test-changes 
Java: Disable Kotlin element of test re: database inconsistency exposed by JDK18 extractor upgrade
 2022-09-24 17:00:10 +01:00