hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,330 Commits 1,703 Branches 162 Tags
e2758f2abb6af7abe0784d67b08879eb65c68693
Commit Graph

67330 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
e2758f2abb C#: Update expected test output. 2024-05-31 15:06:16 +02:00
Michael Nebel
d38894a5e5 C#: Update .NET 8 runtime models. 2024-05-31 14:19:48 +02:00
Michael Nebel
8b75bb2ba9 C#: The model generator should consider System.Type and System.DateTime as sanitizers. 2024-05-31 12:50:18 +02:00
Michael Nebel
02f9aec517 C#: Add some spurious summary generation examples. 2024-05-31 12:50:14 +02:00
Michael Nebel
b628c2e121 C#: Update flow summaries expected output. 2024-05-31 12:50:10 +02:00
Michael Nebel
5e1801f7be C#: Update models based on review comments. 2024-05-31 12:50:06 +02:00
Michael Nebel
121378a262 C#: Add change-note. 2024-05-31 12:50:02 +02:00
Michael Nebel
0985a3a5f6 C#: Update expected test output. 2024-05-31 12:49:58 +02:00
Michael Nebel
9bb7575018 C#: Promote IDataRecord and IDbCommand to manual summaries such that they are used in conjunction with source code. 2024-05-31 12:49:53 +02:00
Michael Nebel
90538d4b4c C#: Update expected test output. 2024-05-31 12:49:48 +02:00
Michael Nebel
cd5168b570 C#: Limit the defintion of database flow source and use summaries for better paths and reduced result multiplicity. 2024-05-31 12:49:44 +02:00
Michael Nebel
38d246a3bd C#: Update flowsummaries expected output. 2024-05-31 12:49:40 +02:00
Michael Nebel
db0131d931 C#: Update .NET8 models. 2024-05-31 12:49:35 +02:00
Tony Torralba
2d3d49f957 Merge pull request #16628 from mbaluda/main 
Disable csrf for ServerHttpSecurity
 2024-05-31 10:31:28 +02:00
Mauro Baluda
48fc44baff Add release notes 2024-05-30 23:21:12 +02:00
Mauro Baluda
bbe888c2b3 Update SpringCsrfProtection.qll 2024-05-30 23:13:08 +02:00
Mauro Baluda
e2479a7ce2 Disable csrf for ServerHttpSecurity 2024-05-30 23:08:57 +02:00
Owen Mansel-Chan
61593aed7d Merge pull request #16617 from owen-mc/go/side-effects-on-global-variables 
Go: Add tests (mostly failing) for writes to global variables
 2024-05-30 08:02:45 +01:00
Cornelius Riemenschneider
2c4a216dd9 Merge pull request #16616 from github/redsun82/fix-pkg 
Reinstate bazel packaging library with a backward compatibility fix
 2024-05-29 23:02:30 +02:00
Owen Mansel-Chan
7ff1eabfc3 Add tests (mostly failing) for writes to global variables 
This was based on the equivalent for java:
https://github.com/github/codeql/pull/16500
 2024-05-29 16:07:16 +01:00
Paolo Tranquilli
655f079329 Swift: fix legacy extractor-pack-arch target 2024-05-29 16:17:59 +02:00
Paolo Tranquilli
2606d3f6d1 Reapply "Bazel: add codeql specific packaging library" 
This reverts commit 31d6b9be4d.
 2024-05-29 15:46:29 +02:00
Paolo Tranquilli
8509bcae58 Merge pull request #16615 from github/revert-16432-redsun82/pkg 
Revert "Bazel: add codeql specific packaging library"
 2024-05-29 15:39:23 +02:00
Paolo Tranquilli
31d6b9be4d Revert "Bazel: add codeql specific packaging library" 2024-05-29 15:27:10 +02:00
Paolo Tranquilli
3b246b2422 Merge pull request #16432 from github/redsun82/pkg 
Bazel: add codeql specific packaging library
 2024-05-29 12:58:47 +02:00
Paolo Tranquilli
1e6820b6ed Merge branch 'main' into redsun82/pkg 2024-05-29 12:02:31 +02:00
Paolo Tranquilli
336ec089cc Bazel: use extend(...) instead of += list(...) 2024-05-29 12:02:02 +02:00
Paolo Tranquilli
e8061ecd38 Bazel: fix _zipmerge rule 2024-05-29 11:59:18 +02:00
Tom Hvitved
775625968a Merge pull request #16602 from hvitved/dataflow/fix-bad-join 
Data flow: Fix bad join
 2024-05-29 09:53:56 +02:00
Paolo Tranquilli
5672ddf8f3 Fix bazel formatting 2024-05-29 09:53:31 +02:00
Anders Schack-Mulligen
2f95851537 Merge pull request #16603 from aschackmull/dataflow/location 
Dataflow/Go: Add getLocation to DataFlowCall and DataFlowCallable for easier debugging.
 2024-05-29 08:58:22 +02:00
Paolo Tranquilli
491e3a44be Merge branch 'main' into redsun82/pkg 2024-05-29 08:55:48 +02:00
Paolo Tranquilli
fbe1b56f2d Zipmerge: link test statically 2024-05-29 08:55:06 +02:00
Chuan-kai Lin
06fd16bbf5 Merge pull request #16607 from github/post-release-prep/codeql-cli-2.17.4 
Post-release preparation for codeql-cli-2.17.4
 2024-05-28 14:56:43 -07:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
Tom Hvitved
059ce1ba15 Data flow: Fix bad join 
Before
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox__#count_range@9acc2d7t with tuple counts:
              875   ~0%    {3} r1 = SCAN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` OUTPUT _, In.0, In.1
              875   ~0%    {3}    | REWRITE WITH Tmp.0 := 1, Out.0 := (InOut.2 - Tmp.0)
        113896125   ~1%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        113896125   ~7%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
             2404   ~9%    {5}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2, Lhs.3, _
             2404  ~14%    {5}    | REWRITE WITH Out.4 := 1
                           return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@c47f87cq with tuple counts:
        365  ~0%    {2} r1 = JOIN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f_102#join_rhs` WITH `__DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathAppro__#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Rhs.2
                    return r1
```

After
```
Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854@46e7620j with tuple counts:
        848899   ~5%    {3} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d` OUTPUT In.0, _, In.1
        848899   ~0%    {2}    | REWRITE WITH Tmp.1 := 1, Out.1 := (Tmp.1 + In.2) KEEPING 2
        848899   ~0%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
         12961  ~14%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.2, Lhs.1
                        return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range@a0e570ci with tuple counts:
        11548  ~1%    {5} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854` OUTPUT In.0, In.3, In.1, In.2, _
        11548  ~3%    {5}    | REWRITE WITH Out.4 := 1
                      return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@e0e6143p with tuple counts:
        3981  ~0%    {3} r1 = AGGREGATE `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range`, `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range` ON  WITH COUNT OUTPUT In.0, In.1, Agg.0
         365  ~0%    {2}    | JOIN WITH `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` ON FIRST 2 OUTPUT Rhs.2, Lhs.2
                     return r1
```
 2024-05-28 19:59:30 +02:00
Chuan-kai Lin
dc0db9a6c6 Merge pull request #16605 from github/release-prep/2.17.4 
Release preparation for version 2.17.4
 2024-05-28 08:57:38 -07:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Paolo Tranquilli
332d178298 Zipmerge: allow test to be run from internal repo 2024-05-28 17:37:34 +02:00
Paolo Tranquilli
4094db40b8 Merge branch 'main' into redsun82/pkg 2024-05-28 17:28:24 +02:00
Paolo Tranquilli
45f1fdfaff Bazel: extract pack filtering logic out of _zipmerge 2024-05-28 17:24:20 +02:00
Pierre
06d6671c55 Merge pull request #16569 from github/sitedocs/2.17.3 
Add changelogs for 2.17.2 and 2.17.3
 2024-05-28 08:15:04 -07:00
Paolo Tranquilli
de484773f0 Zipmerge: print test outputs on CI 2024-05-28 16:29:41 +02:00
Paolo Tranquilli
2a62455822 Merge branch 'main' into redsun82/pkg 2024-05-28 16:15:48 +02:00
Paolo Tranquilli
5eb12b8503 Zipmerge: substitute stripped down slf4j jars with dummy ones 2024-05-28 16:15:20 +02:00
Michael Nebel
195ccb0018 Merge pull request #16484 from michaelnebel/csharp/superimplmodelgen 
C#: Lift models.
 2024-05-28 15:49:35 +02:00
Paolo Tranquilli
c3ccf4d5a3 Zipmerge: substitute CPython archives with dummy ones 2024-05-28 15:47:24 +02:00
Paolo Tranquilli
67d622fa9d Bazel: actually run the zipmerge tests 2024-05-28 15:44:53 +02:00
Paolo Tranquilli
9c1efb9f0e Bazel: expose compression_level in codeql_pack 2024-05-28 15:09:15 +02:00
Paolo Tranquilli
00ed00e1e5 Bazel: avoid unneeded operations if no imported zips are present 2024-05-28 15:01:35 +02:00