hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 21:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,508 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.4
Commit Graph

42508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg
022acf2de0 Merge pull request #9570 from github/aeisenberg/docs/packs-with-paths 
Update docs to include how to run a pack with path
 2022-07-11 11:40:11 -07:00
Ian Lynagh
960d1dba8a Kotlin: We can't etract comments for < 1.5.20 
We were making our own PsiSourceManager, but that didn't know about any
IrFile -> PsiFile mappings.
 2022-07-11 19:36:43 +01:00
Ian Lynagh
4c68624b00 Kotlin: Pass a FileLogger to Psi2Ir 2022-07-11 19:17:21 +01:00
Ian Lynagh
b9072a3594 Kotlin: Share a Psi2Ir instance 2022-07-11 18:57:43 +01:00
Henry Mercer
4704269086 Add example registry authentication string 2022-07-11 18:36:03 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Raul Garcia
5d89a5d164 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 08:42:50 -07:00
Raul Garcia
156bc34cda Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-11 08:41:05 -07:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
thiggy1342
539fbbc126 Merge branch 'main' into experimental-strong-params 2022-07-11 10:20:00 -04:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
Paolo Tranquilli
93d06daf67 Swift: allow skipping fields in cppgen 
Some fields of base classes pose some problems with diamond hierarchies,
and we don't use them any way as we are emitting them using directly
trap entries instead of structured C++ classes.

This introduces a `cpp_skip` pragma to skip generation of those fields
in structured generated C++ classes, and applies it to `is_unknown` and
`location`.
 2022-07-11 15:59:21 +02:00
Paolo Tranquilli
39406436bf Swift: extract IfConfigDecl 
This also adds `UnresolvedDeclRefExpr` tests, as `IfConfigDecl`
consistently introduces those.
 2022-07-11 15:11:13 +02:00
Ben Rodes
a6048dd594 Merge branch 'github:main' into main 2022-07-11 08:49:13 -04:00
Jeroen Ketema
93a4a32527 Merge pull request #9786 from jketema/lossy 
C++: LossyFunctionResultCast updates
 2022-07-11 14:14:33 +02:00
Robert Marsh
bbd7e62341 Merge pull request #9793 from jketema/nullness 
C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`
 2022-07-11 08:07:24 -04:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Erik Krogh Kristensen
9ed7aa9fae exclude variables in .vue files form js/unused-local-variable 2022-07-11 12:52:23 +02:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Jeroen Ketema
6b2154eb8b C++: Add tests for AnalysedExpr::isNullCheck and AnalysedExpr::isValidCheck 2022-07-11 11:54:48 +02:00
Paolo Tranquilli
7d5dd384c3 Swift: extract UnresolvedPatternExpr 2022-07-11 10:59:00 +02:00
Paolo Tranquilli
7c3cadc9b6 Swift: extract OpenedArchetypeType 2022-07-11 10:48:21 +02:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
96e66c4a50 move tests 2022-07-08 18:39:04 +00:00
thiggy1342
0435105d16 Merge remote-tracking branch 'upstream/main' into experimental-strong-params 2022-07-08 18:36:09 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Raul Garcia
f8994d04d6 Clean up 2022-07-07 11:49:05 -07:00
REDMOND\brodes
4379aa4398 Adding Initializer in condition as an occurance of isDef 2022-07-07 10:32:36 -04:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Jeroen Ketema
0b471c2007 C++: Improve LossyFunctionResultCast join order 
Before on wireshark:
```
Tuple counts for #select#ff@eca61bf2:
        180100  ~2%    {2} r1 = SCAN Type::Type::getUnderlyingType#dispred#f0820431#ff OUTPUT In.1, In.0
            84  ~2%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Rhs.0
          2021  ~0%    {2} r3 = JOIN r2 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          2437  ~0%    {2} r4 = JOIN r3 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          2150  ~0%    {2} r5 = r4 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
          2150  ~0%    {2} r6 = SCAN r5 OUTPUT In.1, In.0
           313  ~0%    {3} r7 = JOIN r6 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
           313  ~0%    {3} r8 = JOIN r7 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
           148  ~3%    {2} r9 = JOIN r8 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
           148  ~1%    {3} r10 = JOIN r9 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            21  ~0%    {3} r11 = JOIN r10 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
            21  ~0%    {3} r12 = JOIN r11 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
            21  ~0%    {2} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                       return r13
```

After:
```
Tuple counts for #select#ff@a5a185eg:
          20  ~0%    {2} r1 = SCAN project#Type::FloatingPointType#class#2e8eb3ef#fffff OUTPUT In.0, In.0
          20  ~0%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
          84  ~2%    {2} r3 = JOIN r2 WITH Type::Type::getUnderlyingType#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2021  ~0%    {2} r4 = JOIN r3 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2437  ~0%    {2} r5 = JOIN r4 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        2150  ~0%    {2} r6 = r5 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
        2150  ~0%    {2} r7 = SCAN r6 OUTPUT In.1, In.0
         313  ~0%    {3} r8 = JOIN r7 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
         313  ~0%    {3} r9 = JOIN r8 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         148  ~3%    {2} r10 = JOIN r9 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
         148  ~1%    {3} r11 = JOIN r10 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
          21  ~0%    {3} r12 = JOIN r11 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
          21  ~0%    {3} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
          21  ~0%    {2} r14 = JOIN r13 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                     return r14
```
 2022-07-06 21:53:12 +02:00
Jeroen Ketema
7d6fb7f91a C++: Rename LossyFunctionResultCast tests to be correctly named 2022-07-06 21:52:13 +02:00
REDMOND\brodes
74ff579dbc Fixing logic bug with LogicalAndExpr 2022-07-06 15:19:36 -04:00
Raul Garcia
dd1a9a22e3 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:38 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
56060e0610 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-05 13:57:28 -07:00
ihsinme
8967f57bbc Update DangerousUseMbtowc.ql 2022-07-04 11:17:12 +03:00
ihsinme
4e28887689 Create test3.cpp 2022-07-04 11:13:07 +03:00
ihsinme
1ce42dcd30 Create test2.cpp 2022-07-04 11:12:34 +03:00
ihsinme
6d800de377 Create test1.cpp 2022-07-04 11:11:49 +03:00
ihsinme
f53adca108 Update DangerousUseMbtowc.ql 2022-07-04 11:10:02 +03:00
Mathias Vorreiter Pedersen
3bacb18315 Merge pull request #9770 from MathiasVP/nomagic-use-in-own-init 
C++: Add `nomagic` to `VariableAccessInInitializer`
 2022-07-02 16:35:45 +01:00