hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 04:43:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,508 Commits 1,688 Branches 158 Tags
codeql-cli/v2.10.4
Commit Graph

42508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
681e58c8e0 Merge pull request #9850 from hmac/hmac/arel 
Ruby: Model Arel.sql
 2022-07-25 12:09:18 +12:00
Harry Maclean
cb3ebeedf9 Merge pull request #9696 from thiggy1342/experimental-strong-params 
RB: Experimental strong params query
 2022-07-25 12:08:55 +12:00
Harry Maclean
db41ce5f76 Merge pull request #9605 from thiggy1342/experimental-manually-check-request-verb 
RB: Experimental query to manually check request verb
 2022-07-25 12:08:11 +12:00
thiggy1342
6cfde70898 Merge branch 'main' into experimental-strong-params 2022-07-22 20:41:33 -04:00
thiggy1342
b4d762fb21 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-22 20:41:23 -04:00
thiggy1342
0c0ba925a7 this one should have no tag 2022-07-22 18:44:03 +00:00
thiggy1342
f39ca1aad2 correct cwe tagged 2022-07-22 18:36:25 +00:00
Robert Marsh
0a35f97074 Merge pull request #9872 from jketema/return-join 
C++: Fix join-order problem in `cpp/return-stack-allocated-memory`
 2022-07-22 14:32:10 -04:00
thiggy1342
c2710fb038 Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-22 13:52:00 -04:00
thiggy1342
2c095cf166 Update ruby/ql/src/change-notes/2022-07-21-weak-params.md 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-22 13:51:38 -04:00
Jeroen Ketema
a9d95a9418 C++: Remove pragma[noinline] from ResolveGlobalVariable.ql 2022-07-22 17:59:27 +02:00
Jeroen Ketema
23c19311fb Merge pull request #9700 from jketema/resolve-global-variable 
C++: Ensure only one `Variable` exists for every global variable
 2022-07-22 17:57:21 +02:00
Nick Rolfe
4767d5a1ba Ruby/QL: speed up trap writing by putting BufWriter in front of GzEncoder 2022-07-22 15:37:53 +01:00
Arthur Baars
43266b75a1 Merge pull request #9866 from aibaars/encoding 
Ruby: handle magic coding: comments
 2022-07-22 14:33:46 +02:00
Taus
5f9a03f103 Merge pull request #9880 from github/nickrolfe/ql-ql-extractor-cleanup 
QL: sync Ruby extractor changes
 2022-07-22 14:15:04 +02:00
Paolo Tranquilli
77401ded4e Swift: reflow comment 2022-07-22 13:54:32 +02:00
Arthur Baars
d44bf326f0 Update ruby/extractor/src/main.rs 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-07-22 13:36:22 +02:00
Paolo Tranquilli
7e67338fb5 Update swift/extractor/infra/SwiftDispatcher.h 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-07-22 13:34:11 +02:00
thiggy1342
871b6515d5 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-21 18:47:07 -04:00
thiggy1342
1842bde879 add change note 2022-07-21 22:13:53 +00:00
thiggy1342
c1a6ca5f94 add change note 2022-07-21 22:11:14 +00:00
thiggy1342
486a394a7f Update ruby/ql/src/experimental/weak-params/WeakParams.ql 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-21 17:26:09 -04:00
thiggy1342
8fabc06d37 fix test assertion 2022-07-21 21:25:44 +00:00
thiggy1342
cc958dc171 Update ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-21 17:19:33 -04:00
Arthur Baars
1399610bd4 Merge branch 'main' into encoding 2022-07-21 21:21:17 +02:00
Nick Rolfe
5f96c92fac QL: sync Ruby extractor changes 2022-07-21 17:38:33 +01:00
Nick Rolfe
ed0325f162 Merge pull request #9878 from github/nickrolfe/extractor-cleanup 
Ruby: some extractor refactoring
 2022-07-21 17:18:24 +01:00
Arthur Baars
7be106d7bb Ruby: handle magic coding: comments 2022-07-21 16:33:18 +02:00
Arthur Baars
27be3dff54 Merge pull request #9868 from aibaars/update-tree-sitter-ruby-3 
Ruby: update tree-sitter-ruby
 2022-07-21 16:08:32 +02:00
Nick Rolfe
8dae85e1b1 Ruby: avoid repeated construction of table name strings 2022-07-21 12:21:06 +01:00
Nick Rolfe
0a8ecd3cf7 Ruby: compute path string only once 2022-07-21 10:44:30 +01:00
Nick Rolfe
388c9ffb74 Ruby: separate trap-writer into its own module 2022-07-21 10:44:00 +01:00
Jeroen Ketema
ad8335d6f3 C++: Fix join-order problem in cpp/return-stack-allocated-memory 
Before on Abseil:
```
Evaluated relational algebra for predicate #select#cpe#12356#fffff@3ffb21o1 with tuple counts:
         1235939  ~0%    {2} r1 = SCAN functions OUTPUT In.0, In.0
         1235939  ~0%    {2} r2 = JOIN r1 WITH functions ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        33500841  ~0%    {2} r3 = JOIN r2 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          280683  ~3%    {3} r4 = JOIN r3 WITH MustFlow::MkLocalPathNode#0227f5a1#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.0
           40970  ~2%    {4} r5 = JOIN r4 WITH MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
           40970  ~0%    {5} r6 = JOIN r5 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
           40970  ~1%    {5} r7 = JOIN r6 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
           40970  ~1%    {5} r8 = JOIN r7 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
           40970  ~0%    {6} r9 = JOIN r8 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
           40970  ~2%    {7} r10 = JOIN r9 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Rhs.1
               0  ~0%    {6} r11 = JOIN r10 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 2 OUTPUT Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
               0  ~0%    {5} r12 = JOIN r11 WITH functions ON FIRST 1 OUTPUT Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4
               0  ~0%    {5} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.3, Lhs.2, Lhs.4, Rhs.1
                         return r13
```

After:
```
Evaluated relational algebra for predicate #select#cpe#12356#fffff@1dbc97kv with tuple counts:
        40970  ~0%    {2} r1 = SCAN MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23 OUTPUT In.1, In.0
        40970  ~0%    {3} r2 = JOIN r1 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
        40970  ~7%    {4} r3 = JOIN r2 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
        40970  ~2%    {4} r4 = JOIN r3 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
        40970  ~2%    {4} r5 = JOIN r4 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3
        40970  ~0%    {5} r6 = JOIN r5 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
        40970  ~1%    {6} r7 = JOIN r6 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
        40970  ~0%    {6} r8 = JOIN r7 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Lhs.4, Lhs.5
            0  ~0%    {5} r9 = JOIN r8 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.5, Lhs.2, Lhs.3, Lhs.0, Lhs.4
            0  ~0%    {5} r10 = JOIN r9 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
                      return r10
```
 2022-07-21 11:27:02 +02:00
Jeroen Ketema
466eb4a845 Merge pull request #9870 from jketema/exec-tainted-join 
C++: Fix join-order problem in `cpp/command-line-injection`
 2022-07-21 11:22:02 +02:00
Cornelius Riemenschneider
a437fcbbcc Merge pull request #9705 from github/criemen/csharp-lua-tracing 
C#: Implement correct behavior for `dotnet build` tracing
 2022-07-21 11:01:33 +02:00
Chris Smowton
9593ceeda5 Kotlin: Special-case String.charAt naming 
In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.
 2022-07-21 09:17:08 +01:00
Chris Smowton
0a351b73cb Underscore query: tolerate synthetic functions 2022-07-21 09:15:27 +01:00
Chris Smowton
1cbe26a54f Kotlin: fix for-loop iterators over primitive or wildcard types 
Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.
 2022-07-21 09:13:55 +01:00
Harry Maclean
4d0f6a0b96 Merge pull request #9788 from thiggy1342/add-activerecord-annotate 
RB: Add ActiveRecord::Relation#annotate to sqlFragmentArgument()
 2022-07-21 15:37:03 +12:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
thiggy1342
a10370f813 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-20 16:33:36 -04:00
thiggy1342
b3f2159a7e Merge branch 'main' into experimental-strong-params 2022-07-20 16:33:32 -04:00
thiggy1342
17c80336f5 Merge branch 'main' into add-activerecord-annotate 2022-07-20 16:33:30 -04:00
smehta23
b7e522749f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-20 15:32:59 -04:00
Arthur Baars
8d80e0332e Ruby: update tree-sitter-ruby 2022-07-20 18:16:30 +02:00
Aditya Sharad
a1d9228a66 Merge pull request #9831 from adityasharad/docs/supported-frameworks-changelog-links 
Docs: Update supported languages page with links to CLI and pack information
 2022-07-20 07:36:37 -07:00
Jeroen Ketema
694d6395d5 C++: Fix join-order problem in cpp/command-line-injection 
Before on Abseil Linux:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@41084cm7 with tuple counts:
        40879811  ~0%    {2} r1 = SCAN DataFlowUtil::Node::getLocation#dispred#f0820431#ff OUTPUT In.1, In.0
        40879811  ~0%    {2} r2 = JOIN r1 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
            7527  ~3%    {3} r3 = JOIN r2 WITH ExecTainted::interestingConcatenation#91000ffb#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            7527  ~0%    {4} r4 = JOIN r3 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
            7527  ~0%    {5} r5 = JOIN r4 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Lhs.3, Rhs.1
            7527  ~0%    {6} r6 = JOIN r5 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4
            7527  ~0%    {3} r7 = JOIN r6 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.4) ++ ", ") ++ Lhs.1) ++ " | ") ++ Lhs.5 ++ ")"), Lhs.3, Lhs.2
                         return r7
```

After:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@1ffe61ps with tuple counts:
        7527  ~0%    {3} r1 = JOIN ExecTainted::interestingConcatenation#91000ffb#ff WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
        7527  ~0%    {4} r2 = JOIN r1 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        7527  ~1%    {5} r3 = JOIN r2 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2, Lhs.3
        7527  ~0%    {5} r4 = JOIN r3 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
        7527  ~4%    {6} r5 = JOIN r4 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        7527  ~0%    {3} r6 = JOIN r5 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.3) ++ ", ") ++ Lhs.5) ++ " | ") ++ Lhs.4 ++ ")"), Lhs.1, Lhs.2
                     return r6
```
 2022-07-20 16:27:47 +02:00
thiggy1342
8c55a15fa6 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-20 10:27:40 -04:00
thiggy1342
6f74a2609c Merge branch 'main' into experimental-strong-params 2022-07-20 10:26:49 -04:00
thiggy1342
f54fc1a88d Merge branch 'main' into add-activerecord-annotate 2022-07-20 10:26:44 -04:00