hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
67,547 Commits 1,747 Branches 166 Tags
ff46e2c627dadcd0ff4e613b57fed64fd47061be
Commit Graph

67547 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
38d246a3bd C#: Update flowsummaries expected output. 2024-05-31 12:49:40 +02:00
Michael Nebel
db0131d931 C#: Update .NET8 models. 2024-05-31 12:49:35 +02:00
Tom Hvitved
be4fce26c0 Merge pull request #16631 from hvitved/tree-sitter/multi-file-lists 
Tree-sitter: Allow for multiple file lists in simple extractor
 2024-05-31 12:47:11 +02:00
Paolo Tranquilli
bfc37fddff Bazel: move --build_tests_only from swift action to .bazelrc 2024-05-31 12:35:52 +02:00
Cornelius Riemenschneider
14988002fa Address review. 2024-05-31 12:35:03 +02:00
Tom Hvitved
42d87f6d19 Data flow: Inline isUnreachableInCall1 2024-05-31 12:25:11 +02:00
Paolo Tranquilli
3f19974bb6 Bazel: fix transition on non-macOS 2024-05-31 12:14:13 +02:00
Paolo Tranquilli
b3e29bd8b5 Bazel: add --build_tests_only in swift CI 2024-05-31 12:13:26 +02:00
Paolo Tranquilli
07f4288e1f Fix zipmerge build and test 2024-05-31 12:12:58 +02:00
Paolo Tranquilli
8e26f64f89 Bazel: fix non-swift macOS builds 
This is meant to be cleaned up in a later PR with respect to the TODOs.
 2024-05-31 11:49:36 +02:00
Tom Hvitved
d6a3765597 Tree-sitter: Allow for multiple file lists in simple extractor 2024-05-31 11:15:21 +02:00
Tony Torralba
2d3d49f957 Merge pull request #16628 from mbaluda/main 
Disable csrf for ServerHttpSecurity
 2024-05-31 10:31:28 +02:00
Mauro Baluda
48fc44baff Add release notes 2024-05-30 23:21:12 +02:00
Mauro Baluda
bbe888c2b3 Update SpringCsrfProtection.qll 2024-05-30 23:13:08 +02:00
Mauro Baluda
e2479a7ce2 Disable csrf for ServerHttpSecurity 2024-05-30 23:08:57 +02:00
Owen Mansel-Chan
d112073a13 Edit change note 2024-05-30 21:04:05 +01:00
Owen Mansel-Chan
ffc25add70 Accept test changes 2024-05-30 21:01:06 +01:00
Owen Mansel-Chan
a5c392ed4b Add back taint models for append and copy 
This is needed when they are used with string arguments.
 2024-05-30 21:01:03 +01:00
Cornelius Riemenschneider
e2cb5631d9 pkg.bzl: Fix install targets. 
First, the labels used in this file need to be wrapped in `Label`,
so that we can use the installer target from the internal repo.
Second, when unpacking zips, the path passed to `ripunzip` included a trailing
`\n`, which caused `ripunzip` to fail.
 2024-05-30 21:06:46 +02:00
Chuan-kai Lin
0369f8f5df Merge pull request #16625 from github/revert-16605-release-prep/2.17.4 
Revert "Release preparation for version 2.17.4"
 2024-05-30 10:08:31 -07:00
Chuan-kai Lin
b41835a7d9 Revert "Release preparation for version 2.17.4" 2024-05-30 09:25:15 -07:00
Cornelius Riemenschneider
e43b773d7c Fix comment to indicate the correct order in the zip dict. 2024-05-30 17:58:22 +02:00
Cornelius Riemenschneider
60cb8e7e8e Ruby: Move to new packaging rules. 2024-05-30 14:25:20 +02:00
Cornelius Riemenschneider
1158e92f12 Python: Move to the new packaging rules. 2024-05-30 14:25:18 +02:00
Cornelius Riemenschneider
dcd44859f5 Go: Move to new packaging rules. 2024-05-30 14:25:17 +02:00
Cornelius Riemenschneider
d66d7d8a3a C#: Move to new packaging rules. 2024-05-30 14:25:16 +02:00
Cornelius Riemenschneider
60b5317c5f C++: Move to new packaging rules. 2024-05-30 14:25:15 +02:00
Cornelius Riemenschneider
9f3310d3d2 pkg.bzl: Add features to support the nolang dist. 
In order to build the language-independent parts of our dist with `pkg.bzl`,
we need two override features:
* A way to set the prefix in the zip files to the empty string, so that our top-level files
  stay top-level.
* A way to put `codeql.exe` into the arch-specific zip, despite it not being under `CODEQL_PLATFORM`.
This PR implements both.
 2024-05-30 13:03:57 +02:00
Owen Mansel-Chan
61593aed7d Merge pull request #16617 from owen-mc/go/side-effects-on-global-variables 
Go: Add tests (mostly failing) for writes to global variables
 2024-05-30 08:02:45 +01:00
Cornelius Riemenschneider
2c4a216dd9 Merge pull request #16616 from github/redsun82/fix-pkg 
Reinstate bazel packaging library with a backward compatibility fix
 2024-05-29 23:02:30 +02:00
Owen Mansel-Chan
1d9a98614a Fix bug in ResponseWriter for variadic MaD 
`getSummaryInputOrOutputNode` was giving the summary component stack for
arguments corresponding to variadic parameters. This will be a problem
when the models for variadic functions are converted to models-as-data.
 2024-05-29 21:15:49 +01:00
Owen Mansel-Chan
7ff1eabfc3 Add tests (mostly failing) for writes to global variables 
This was based on the equivalent for java:
https://github.com/github/codeql/pull/16500
 2024-05-29 16:07:16 +01:00
Paolo Tranquilli
655f079329 Swift: fix legacy extractor-pack-arch target 2024-05-29 16:17:59 +02:00
Paolo Tranquilli
2606d3f6d1 Reapply "Bazel: add codeql specific packaging library" 
This reverts commit 31d6b9be4d.
 2024-05-29 15:46:29 +02:00
Paolo Tranquilli
8509bcae58 Merge pull request #16615 from github/revert-16432-redsun82/pkg 
Revert "Bazel: add codeql specific packaging library"
 2024-05-29 15:39:23 +02:00
Paolo Tranquilli
31d6b9be4d Revert "Bazel: add codeql specific packaging library" 2024-05-29 15:27:10 +02:00
Paolo Tranquilli
3b246b2422 Merge pull request #16432 from github/redsun82/pkg 
Bazel: add codeql specific packaging library
 2024-05-29 12:58:47 +02:00
Paolo Tranquilli
1e6820b6ed Merge branch 'main' into redsun82/pkg 2024-05-29 12:02:31 +02:00
Paolo Tranquilli
336ec089cc Bazel: use extend(...) instead of += list(...) 2024-05-29 12:02:02 +02:00
Paolo Tranquilli
e8061ecd38 Bazel: fix _zipmerge rule 2024-05-29 11:59:18 +02:00
Tom Hvitved
775625968a Merge pull request #16602 from hvitved/dataflow/fix-bad-join 
Data flow: Fix bad join
 2024-05-29 09:53:56 +02:00
Paolo Tranquilli
5672ddf8f3 Fix bazel formatting 2024-05-29 09:53:31 +02:00
Anders Schack-Mulligen
2f95851537 Merge pull request #16603 from aschackmull/dataflow/location 
Dataflow/Go: Add getLocation to DataFlowCall and DataFlowCallable for easier debugging.
 2024-05-29 08:58:22 +02:00
Paolo Tranquilli
491e3a44be Merge branch 'main' into redsun82/pkg 2024-05-29 08:55:48 +02:00
Paolo Tranquilli
fbe1b56f2d Zipmerge: link test statically 2024-05-29 08:55:06 +02:00
Chuan-kai Lin
06fd16bbf5 Merge pull request #16607 from github/post-release-prep/codeql-cli-2.17.4 
Post-release preparation for codeql-cli-2.17.4
 2024-05-28 14:56:43 -07:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
Tom Hvitved
059ce1ba15 Data flow: Fix bad join 
Before
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox__#count_range@9acc2d7t with tuple counts:
              875   ~0%    {3} r1 = SCAN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` OUTPUT _, In.0, In.1
              875   ~0%    {3}    | REWRITE WITH Tmp.0 := 1, Out.0 := (InOut.2 - Tmp.0)
        113896125   ~1%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        113896125   ~7%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
             2404   ~9%    {5}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2, Lhs.3, _
             2404  ~14%    {5}    | REWRITE WITH Out.4 := 1
                           return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@c47f87cq with tuple counts:
        365  ~0%    {2} r1 = JOIN `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f_102#join_rhs` WITH `__DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathAppro__#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Rhs.2
                    return r1
```

After
```
Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854@46e7620j with tuple counts:
        848899   ~5%    {3} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.len/0#dispred#e932df4d` OUTPUT In.0, _, In.1
        848899   ~0%    {2}    | REWRITE WITH Tmp.1 := 1, Out.1 := (Tmp.1 + In.2) KEEPING 2
        848899   ~0%    {3}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::AccessPathApprox.getFront/0#dispred#5d402e21` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
         12961  ~14%    {4}    | JOIN WITH `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::Stage5::consCand/3#cd06ec82_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.2, Lhs.1
                        return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range@a0e570ci with tuple counts:
        11548  ~1%    {5} r1 = SCAN `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854` OUTPUT In.0, In.3, In.1, In.2, _
        11548  ~3%    {5}    | REWRITE WITH Out.4 := 1
                      return r1

Evaluated relational algebra for predicate DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::count1to2unfold/1#9ad56f09@e0e6143p with tuple counts:
        3981  ~0%    {3} r1 = AGGREGATE `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range`, `DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::stage5ConsCand/4#ce755854_0312_1#count_range` ON  WITH COUNT OUTPUT In.0, In.1, Agg.0
         365  ~0%    {2}    | JOIN WITH `num#DataFlowImpl::Impl<ExceptionInformationExposure::ExceptionInformationExposure::C>::TCons1#055add5f` ON FIRST 2 OUTPUT Rhs.2, Lhs.2
                     return r1
```
 2024-05-28 19:59:30 +02:00
Chuan-kai Lin
dc0db9a6c6 Merge pull request #16605 from github/release-prep/2.17.4 
Release preparation for version 2.17.4
 2024-05-28 08:57:38 -07:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00