hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,307 Commits 1,671 Branches 157 Tags
eb6b08591df1a3aa743de690c434f5880faff243
Commit Graph

84307 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
eb6b08591d Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-24 15:01:09 +00:00
Mathias Vorreiter Pedersen
2e53370716 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-24 15:01:00 +00:00
Mathias Vorreiter Pedersen
0487e0622a C++: Accept test changes from tests that use getAQlClass. 2025-11-24 14:04:35 +00:00
Mathias Vorreiter Pedersen
ecb80cb4fc C++: Represent field content using a column that is shared by all template instantiations. 2025-11-24 12:29:49 +00:00
Mathias Vorreiter Pedersen
14f9997eb3 Merge pull request #20862 from MathiasVP/union-content-field-content-common-base-class 
C++: Create a common base class for 'FieldContent' and 'UnionContent'
 2025-11-20 13:14:29 +00:00
Paolo Tranquilli
240c637e7a Merge pull request #20868 from github/redsun82/java-doc 
Java: add missing QLDoc
 2025-11-20 12:08:16 +01:00
Owen Mansel-Chan
05085a8e82 Merge pull request #20666 from owen-mc/go/promote-weak-crypto-algorithm 
Go: promote `go/weak-crypto-algorithm`
 2025-11-20 11:03:05 +00:00
Tom Hvitved
0f40b3ccb8 Merge pull request #20842 from hvitved/rust/path-resolution-extern-crate-visibility 
Rust: Handle `pub extern crate` in path resolution
 2025-11-20 11:59:05 +01:00
Tom Hvitved
4d4a677da0 Merge pull request #20869 from hvitved/rust/dataflow-ast 
Rust: Base `DataFlow::Node` on AST instead of CFG
 2025-11-20 11:34:40 +01:00
Asger F
613895e0c0 Merge pull request #20424 from asgerf/js/overlay-manual-v4 
JS: Add overlay annotations
 2025-11-20 11:10:46 +01:00
Tom Hvitved
d4fdf956a0 Address review comments 2025-11-20 11:03:53 +01:00
Tom Hvitved
e4853ab060 Add change note 2025-11-19 19:37:41 +01:00
Tom Hvitved
d2bb53a81e Rust: Run codegen 2025-11-19 19:37:40 +01:00
Tom Hvitved
489fff9572 Rust: Base DataFlow::Node on AST instead of CFG 2025-11-19 19:37:39 +01:00
Mathias Vorreiter Pedersen
6c4def13b4 C++: Add change note. 2025-11-19 17:24:30 +00:00
Mathias Vorreiter Pedersen
4c09e554fc Merge branch 'main' into union-content-field-content-common-base-class 2025-11-19 17:17:45 +00:00
Jeroen Ketema
0c43f2c4f0 Merge pull request #20870 from jketema/exp-arg-fix 
C++: `getExpandedArgument` fixes
 2025-11-19 17:10:56 +01:00
Owen Mansel-Chan
a70d74220f Add test for good password hashing 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
f562b3d26e Make line differences in test comments relative 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
349e8ca589 Remove unnecessary import 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
adbc1efe59 Fix diff-informed predicates 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
7d7af193dc Fix small mistake in Ruby query help 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
8d7b2757bf Add query help examples 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
69ecdcb4cd Fix capitalization of class names 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
970b5d7496 Fix query suite integration tests 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
2cfafe53ca Fix failing ruby crypto test that lists all algorithms 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
d2033ca1d5 Add change note 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
52d7e2dd18 Add query for hashing sensitive data with weak hashing algorithm 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
713e19f6f1 Make non-path query for encryption only 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
f34a625ac2 Model cryptographic operations 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
fac5296efc Avoid duplicate results using in-barriers 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
34b2e3e2bf Copy the structure of the Javascript query 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
5c403d374e Move crypto qll files from query pack to library pack 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
92a3bccfd6 Align metadata with related queries 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
188b25f11f Remove experimental tag from query metadata 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
a71bb4ba9a Convert test to inline expectations 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
2c20d3ffeb Move weak crypto algorithm query out of experimental 2025-11-19 14:36:26 +00:00
Simon Friis Vindum
4d9ab7b573 Merge pull request #20871 from paldepind/rust/string-literal 
Rust: Handle string literals with line breaks
 2025-11-19 14:05:43 +01:00
Asger F
efa438a352 JS: Move identityFunctionStep back into CachedSteps module 2025-11-19 13:47:30 +01:00
Asger F
8fef60464e JS: Remove out-commented code 2025-11-19 13:46:10 +01:00
Simon Friis Vindum
0e539dbca5 Rust: Handle string literals with line breaks 2025-11-19 13:39:48 +01:00
Simon Friis Vindum
481f627ae0 Rust: Add string literal test 2025-11-19 13:37:23 +01:00
Jeroen Ketema
fe3f90e041 C++: Make getExpandedArgument more robust 
This make the predicate give back sensible results on (upgraded) databases
where we do not have expanded arguments, and avoid having to write case
distinctions in places where we would want to use `getExpandedArgument`.
 2025-11-19 12:49:54 +01:00
Jeroen Ketema
e235e0473a C++: Fix getAnExpandedArgument 
The fix was accidentially lost when rebasing the branch that introduced this
predicate.
 2025-11-19 12:49:02 +01:00
Paolo Tranquilli
b3c09389c8 Java: add missing QLDoc 
The check for QLDoc comments was unfortunately broken for some time, so
we missed this.
 2025-11-19 11:59:25 +01:00
Mathias Vorreiter Pedersen
9bfe847fda C++: Fix awful joins on bochs: 
```
Evaluated relational algebra for predicate DataFlowPrivate::storeStepImpl/4#b2c79f9a@13be12rc with tuple counts:
           9   ~0%    {3} r1 = JOIN `FlowSummaryImpl::Private::Steps::summaryStoreStep/3#5c2d4899` WITH DataFlowUtil::TFlowSummaryNode#40da8361 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
           9   ~0%    {4}    | JOIN WITH DataFlowUtil::TFlowSummaryNode#40da8361 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1, _
           9  ~12%    {4}    | REWRITE WITH Out.3 := true

     1853420   ~0%    {3} r2 = SCAN `DataFlowPrivate::nodeHasInstruction/3#f469bb06` OUTPUT In.1, In.0, In.2
      100282   ~0%    {3}    | JOIN WITH `Instruction::StoreInstruction.getDestinationAddressOperand/0#dispred#596a4aba` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
      127910   ~0%    {6}    | JOIN WITH `DataFlowPrivate::numberOfLoadsFromOperand/4#7e555666_1023#join_rhs` ON FIRST 1 OUTPUT _, Lhs.1, Rhs.1, Rhs.3, Lhs.2, Rhs.2
      127910   ~0%    {4}    | REWRITE WITH Tmp.0 := 1, Out.0 := (Tmp.0 + In.4 + In.5) KEEPING 4
  4178182721   ~1%    {4}    | JOIN WITH `DataFlowUtil::FieldContent.getIndirectionIndex/0#dispred#cc69866f_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
  4290552803   ~0%    {5}    | JOIN WITH `DataFlowUtil::FieldContent.getAField/0#dispred#ba1c91e5` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.0, Rhs.1
  3033745816   ~5%    {7}    | JOIN WITH DataFlowUtil::PostFieldUpdateNode#b86f3a84_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.2, Rhs.3
  3033745816   ~3%    {9}    | JOIN WITH DataFlowUtil::TPostUpdateNodeImpl#f5e76b7a_21#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0, Lhs.5, Lhs.6, Rhs.1, _
                      {8}    | REWRITE WITH Tmp.8 := 1, TEST InOut.7 = Tmp.8 KEEPING 8
  1516872908   ~0%    {7}    | SCAN OUTPUT In.4, In.5, In.6, In.0, In.1, In.2, In.3
  2409090286   ~1%    {6}    | JOIN WITH DataFlowUtil::PostFieldUpdateNode#b86f3a84_0231#join_rhs ON FIRST 3 OUTPUT Rhs.3, Lhs.6, Lhs.3, Lhs.4, Lhs.5, Lhs.0
       66016  ~45%    {4}    | JOIN WITH `DataFlowUtil::FieldAddress.getField/0#dispred#bdd01c1a` ON FIRST 2 OUTPUT Lhs.2, Lhs.4, Lhs.5, Lhs.3

       66025  ~45%    {4} r3 = r1 UNION r2
                      return r3
```
 2025-11-19 10:08:09 +00:00
Paolo Tranquilli
e850a8a46c Merge pull request #20861 from github/redsun82/ripunzip 
Ripunzip: use releases from github
 2025-11-19 11:03:35 +01:00
Paolo Tranquilli
87b9afce97 Merge branch 'main' into redsun82/ripunzip 2025-11-19 10:33:39 +01:00
Tom Hvitved
3d49eff4a5 Rust: Add integration test for pub extern crate resolution 2025-11-19 09:38:49 +01:00
Tom Hvitved
8acfc7f752 Rust: Handle pub extern crate in path resolution 2025-11-19 09:38:48 +01:00