hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,684 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
6daa1c432b Ruby: update test output 2022-10-11 09:03:51 +02:00
Asger F
38a3476d37 Ruby: add local field step to type tracking 
fixup local field steps
 2022-10-11 09:03:51 +02:00
Asger F
d55925d8d4 Ruby: support splat type-tracking step 2022-10-11 09:03:51 +02:00
Josh Soref
0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
f06c15b86a spelling: genuinely 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
29da681bbb spelling: functions 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
86ee8c2d00 spelling: first 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
b5bed9cbf5 spelling: explicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e8754967ea spelling: explaining 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
479a4fb4a2 spelling: expectations 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
3b9546f02e spelling: deserialization 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
c08cfe23e0 spelling: dependencies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
3e6477f878 spelling: currently 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e6998d40c3 spelling: cryptographically 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
88408fbd59 spelling: ciphertext 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
9b372f3db4 spelling: characters 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
0581f2fe1c spelling: can 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
879158a653 spelling: behavior 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
5755159f08 spelling: authentication 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
c2a0dbe715 spelling: application 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
3358c5f664 spelling: apparent 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
b95af76dab spelling: although 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
b1052992fe spelling: against 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
21caa4b03f spelling: across 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Tom Hvitved
6c2eee3eb8 Ruby: Restrict regexp taint flow to String summaries 2022-10-10 20:58:41 +02:00
Edward Minnix III
b6270ebe52 Apply suggestions from documentation review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:57:14 -04:00
Edward Minnix III
b94b78115e Style fix. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-10 14:52:17 -04:00
Ian Lynagh
591844f680 Kotlin: Add a numlines test 2022-10-10 19:04:11 +01:00
Ian Lynagh
bca2586903 Kotlin: Populate numfiles 2022-10-10 19:00:05 +01:00
Nora Dimitrijević
b7ad287cb1 Swift: rename stub parameters to match docs. 2022-10-10 18:46:39 +02:00
Geoffrey White
4258147edf Swift: Test SQL injection via the SQLite.swift library. 2022-10-10 17:40:22 +01:00
Geoffrey White
964c92418c Swift: Test SQL injection via the C API. 2022-10-10 17:40:22 +01:00
Geoffrey White
bcab9d8e7c Swift: Add framework for SQL Injection query. 2022-10-10 17:25:08 +01:00
Asger F
9bbbece8a7 Merge pull request #10670 from tyage/property-stringify 
JS: Improve detection of XSS when JSON.stringify()
 2022-10-10 18:16:09 +02:00
Tamas Vajk
f2e2e3bc1d Kotlin: extract protected modifier from java class files 2022-10-10 18:02:21 +02:00
Tamas Vajk
15aab711c7 Kotlin: Add test showing missing java modifier 2022-10-10 18:01:38 +02:00
Chris Smowton
5756a33604 Merge pull request #10737 from smowton/smowton/fix/type-instance-within-default-value-erasure 
Kotlin: fix type variable erasure inside default function values
 2022-10-10 16:31:07 +01:00
Tamás Vajk
70b8224a8b Merge pull request #10723 from tamasvajk/kotlin-generated-files 
Kotlin: Recognize generated files
 2022-10-10 16:24:42 +02:00
Asger F
b1a165ee98 JS: Edit change note 2022-10-10 16:08:21 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
Chris Smowton
dfdfd39bcc Merge pull request #10732 from smowton/smowton/fix/kotlin-enum-corresponding-classes 
Koltin: Extract the corresponding classes of enum entries
 2022-10-10 15:04:02 +01:00
Arthur Baars
b597896bf2 Merge pull request #10753 from aibaars/fix-qhelp-job 
CI: fix qhelp preview
 2022-10-10 15:44:17 +02:00
Tom Hvitved
ffb2b1c15e Data flow: Sync files 2022-10-10 15:39:13 +02:00
Tom Hvitved
85344bfb13 Data flow: Improved fastTC bound in PathNodeImpl::getANonHiddenSuccessor 
Before
```
[2022-10-10 14:34:54] Evaluated non-recursive predicate __DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@4bb14aoj in 262ms (size: 2418048).
Evaluated relational algebra for predicate __DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@4bb14aoj with tuple counts:
        4141389  ~75%    {1} r1 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.1
                         return r1

[2022-10-10 14:34:57] Evaluated non-recursive predicate boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff:__DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@fb66bb06 in 2754ms (size: 7448123).
[2022-10-10 14:35:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@77ff066b in 10892ms (size: 2830055).
Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@77ff066b with tuple counts:
          4141389   ~0%    {3} r1 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.0, In.1, In.1
          2192551   ~4%    {3} r2 = r1 AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.2)
          2192551   ~4%    {2} r3 = SCAN r2 OUTPUT In.0, In.2

          4141389   ~0%    {2} r4 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.1, In.0
        147138810   ~0%    {3} r5 = JOIN r4 WITH boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff:__DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           637649   ~3%    {3} r6 = r5 AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.2)
           637649   ~2%    {2} r7 = SCAN r6 OUTPUT In.0, In.2

          2830200   ~0%    {2} r8 = r3 UNION r7
                           return r8
```

After
```
[2022-10-10 14:59:08] Evaluated non-recursive predicate boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_10#higher_order_body:_DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_DataFlowImplForReg__#higher_order_body@98a323ne in 384ms (size: 671076).
[2022-10-10 14:59:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff@69f158pf in 222ms (size: 2805795).
Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff@69f158pf with tuple counts:
        2155019   ~0%    {1} r1 = DataFlowImplForRegExp#43df744e::PathNodeImpl#class#f AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0)
        2155019   ~0%    {2} r2 = SCAN r1 OUTPUT In.0, In.0

         650776   ~0%    {2} r3 = boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_10#higher_order_body:_DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_DataFlowImplForReg__#higher_order_body AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0)
         650776   ~0%    {2} r4 = SCAN r3 OUTPUT In.1, In.0

        2805795   ~0%    {2} r5 = r2 UNION r4
                         return r5

[2022-10-10 14:59:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@5ae9fc5n in 445ms (size: 2830062).
Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@5ae9fc5n with tuple counts:
        4141389  ~5%    {2} r1 = DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0)
        4141389  ~0%    {2} r2 = SCAN r1 OUTPUT In.1, In.0
        2830200  ~0%    {2} r3 = JOIN r2 WITH DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                        return r3
```
 2022-10-10 15:36:58 +02:00
Arthur Baars
f7203bfcb8 CI: fix qhelp preview 
The command to gather the changed files uses NULL character terminated "lines",
therefore we should supply the `-z` flag to `basename` as well. Otherwise we
end up calling `git grep -l "\n"` which would list all files containing a newline.
 2022-10-10 15:27:48 +02:00
Rasmus Wriedt Larsen
13cb4f9241 Merge pull request #10750 from RasmusWL/pyhton-typo 
Python: Fix typo in qldoc
 2022-10-10 15:11:09 +02:00
Erik Krogh Kristensen
8cc52a4b55 Merge pull request #10704 from erik-krogh/rbMeta 
RB: add some more meta queries for Ruby evaluations
 2022-10-10 14:57:37 +02:00