hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 20:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,686 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg
9e6e37a223 Add reference to codeql-pack.lock.yml in test packs 2022-09-06 11:33:19 -07:00
Ed Minnix
0a83cedeb7 Unit tests for android:allowBackup query 2022-09-06 13:52:43 -04:00
Asger F
0cc3b8a9ec JS: Update test output 2022-09-06 18:48:14 +02:00
Rasmus Lerchedahl Petersen
f6d807aec0 Python: Add summary test append_to_list 2022-09-06 18:42:32 +02:00
Ian Lynagh
8a5cb11014 Kotlin: Remove some redundant code 
useClassSource already checks to see if it is given an anonymous object,
and behaves accordingly.
 2022-09-06 17:30:04 +01:00
Ian Lynagh
4a8960607d Kotlin: Remove a cast from getDeclaringTypeArguments 2022-09-06 17:26:15 +01:00
Ian Lynagh
bd5eb1f0ac Kotlin: Remove a cast from extractConstructorCall 2022-09-06 17:23:33 +01:00
Ian Lynagh
d18d5b5cf4 Kotlin: Remove a cast from extractPropertyReference 2022-09-06 17:19:28 +01:00
Taus
3bb7e28712 Merge pull request #10176 from RasmusWL/import-problem 
Python: Add testcase for import problem
 2022-09-06 18:12:37 +02:00
Ian Lynagh
5c3d6cedfa Kotlin: Rewrite array type extraction 
It's now simpler, and doesn't require we ask the Kotlin compiler to
build as many types for us.
 2022-09-06 17:02:43 +01:00
Rasmus Lerchedahl Petersen
744fbf0c1b Python: qldoc for inject 2022-09-06 17:46:14 +02:00
Rasmus Lerchedahl Petersen
67710eaed7 Python: Comment to highlight convention 2022-09-06 17:43:34 +02:00
Rasmus Lerchedahl Petersen
a496d10126 Python: qldoc to highlight source code aspect 2022-09-06 17:39:20 +02:00
Rasmus Lerchedahl Petersen
e7400e90e5 Python: add qldoc 2022-09-06 17:29:27 +02:00
Rasmus Lerchedahl Petersen
4cd41c24c7 Python: remove comments and start design document 2022-09-06 17:23:40 +02:00
Rasmus Lerchedahl Petersen
67c3a9b2f4 Python: resolve library calls in the CFG 
rather than in the AST
 2022-09-06 17:00:28 +02:00
Tony Torralba
ff731f1d83 Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries 
Java: Add summaries for ContentResolver and adjacent classes
 2022-09-06 16:28:28 +02:00
Mathias Vorreiter Pedersen
d6b8f25312 C++: Add more tests. 2022-09-06 15:22:10 +01:00
Tony Torralba
c0dd9dd5d5 Merge pull request #10249 from atorralba/atorralba/regex-dot-bypass-docs 
Java: Documentation fixes in the "Permissive dot regex" experimental query
 2022-09-06 16:18:35 +02:00
Anders Schack-Mulligen
b84dca92cf Merge pull request #10240 from aschackmull/java/scc-typeflow 
Java: Support SCCs in TypeFlow.
 2022-09-06 15:43:20 +02:00
Mathias Vorreiter Pedersen
9745073024 C++: Speedup 'cpp/using-expired-stack-address' by avoiding a large negation. 2022-09-06 14:33:33 +01:00
Geoffrey White
d1867b9716 Merge pull request #10284 from geoffw0/stringlengthcleanup 
Swift: Improve swift/string-length-conflation
 2022-09-06 14:07:02 +01:00
Asger F
e8864d072d JS: Remove stray module DF export 2022-09-06 15:06:33 +02:00
Asger F
95c60858d4 Export as DataFlow instead of DF 2022-09-06 15:02:48 +02:00
Geoffrey White
d0cda04909 Swift: Clearer, possibly more efficient implementation. 2022-09-06 13:48:04 +01:00
Tony Torralba
b745b5ab71 Add models for androidx.core.app.NotificationCompat 2022-09-06 14:43:13 +02:00
Geoffrey White
0741266cea Swift: Switch from isSanitizerIn to isSanitizer. 2022-09-06 13:37:49 +01:00
Geoffrey White
8281d92e71 Swift: Add barriers for encryption. 2022-09-06 13:37:49 +01:00
Geoffrey White
9683a95162 Swift: Add a few more test cases. 2022-09-06 13:37:48 +01:00
Tom Hvitved
f448965953 Merge pull request #10294 from hvitved/csharp/integration-tests 
C#: Add `dotnet build` integration test
 2022-09-06 14:35:17 +02:00
Rasmus Lerchedahl Petersen
e5f087518e Python: stay in control flow layer 2022-09-06 14:16:48 +02:00
Anders Schack-Mulligen
6ffaa6918a Apply suggestions from code review 2022-09-06 14:11:48 +02:00
Anders Schack-Mulligen
bc57d87303 Java: Address comments. 2022-09-06 13:59:54 +02:00
Tom Hvitved
0353b3ebfc Merge pull request #10308 from github/rc/3.7 
Merge `rc/3.7` into `main`
 2022-09-06 13:32:00 +02:00
Tamas Vajk
57f50725ba Revert formatting change 2022-09-06 13:28:38 +02:00
Tamas Vajk
bbf4563cfe Apply review findings 2022-09-06 13:25:12 +02:00
Tom Hvitved
b2c38b37de Merge pull request #10296 from hvitved/ruby/call-graph-missing-singletons 
Ruby: Add missing edges to the call graph for singleton methods
 2022-09-06 13:23:24 +02:00
Tom Hvitved
66df44f8c9 Merge pull request #10310 from hvitved/csharp/docs/shared-compilation 
Docs: No longer mention required `/p:UseSharedCompilation=false`
 2022-09-06 13:20:59 +02:00
Tom Hvitved
8b8a662c76 Ruby: Fix bad join in parameterMatch 
Before
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@281bdfu5 with tuple counts:
        23338949   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           65011   ~0%    {2} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
           65010   ~0%    {2} r3 = r2 AND NOT DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f(Lhs.1)

        23338949   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

             359   ~3%    {2} r5 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             358   ~3%    {2} r6 = r5 AND NOT DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f(Lhs.0)

           65368   ~0%    {2} r7 = r3 UNION r6

           65011   ~0%    {2} r8 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r9 = JOIN r8 WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~0%    {2} r10 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r11 = JOIN r10 WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~3%    {2} r12 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r13 = JOIN r12 WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

               2   ~0%    {2} r14 = r11 UNION r13
               3   ~0%    {2} r15 = r9 UNION r14
           65371   ~0%    {2} r16 = r7 UNION r15

           65011   ~0%    {2} r17 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
            1645   ~1%    {2} r18 = JOIN r17 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0

             359   ~0%    {2} r19 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             320   ~0%    {2} r20 = JOIN r19 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1

            1965   ~1%    {2} r21 = r18 UNION r20

        20803520   ~1%    {3} r22 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
             320   ~0%    {2} r23 = JOIN r22 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

         2145363   ~0%    {3} r24 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
              33   ~0%    {2} r25 = JOIN r24 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

           65011   ~0%    {3} r26 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           63361   ~0%    {4} r27 = JOIN r26 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
           63360   ~0%    {4} r28 = SELECT r27 ON In.3 >= In.2
           63360   ~0%    {2} r29 = SCAN r28 OUTPUT In.0, In.1

           63393   ~0%    {2} r30 = r25 UNION r29
           63713   ~0%    {2} r31 = r23 UNION r30
           65678   ~0%    {2} r32 = r21 UNION r31
          131049   ~0%    {2} r33 = r16 UNION r32
                          return r33
```

After
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@698b99ci with tuple counts:
             1   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             1   ~0%    {2} r2 = JOIN DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             2   ~0%    {2} r3 = r1 UNION r2

             1   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

         65010   ~0%    {2} r5 = JOIN DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f WITH DataFlowDispatch#36b84300::argumentPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           358   ~3%    {2} r6 = JOIN DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f WITH DataFlowDispatch#36b84300::parameterPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

         65368   ~0%    {2} r7 = r5 UNION r6
         65369   ~0%    {2} r8 = r4 UNION r7
         65371   ~0%    {2} r9 = r3 UNION r8

          1645   ~1%    {2} r10 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.1

           320   ~0%    {2} r11 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0

          1965   ~1%    {2} r12 = r10 UNION r11

            33   ~0%    {2} r13 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

           320   ~0%    {2} r14 = JOIN DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

         63361   ~1%    {4} r15 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
         63360   ~1%    {4} r16 = SELECT r15 ON In.2 >= In.0
         63360   ~0%    {2} r17 = SCAN r16 OUTPUT In.1, In.3

         63680   ~0%    {2} r18 = r14 UNION r17
         63713   ~0%    {2} r19 = r13 UNION r18
         65678   ~0%    {2} r20 = r12 UNION r19
        131049   ~0%    {2} r21 = r9 UNION r20
                        return r21
```
 2022-09-06 13:02:36 +02:00
Erik Krogh Kristensen
c76b6d1782 Merge pull request #10309 from erik-krogh/leftoverTodo 
JS: fix leftover todo in js/insecure-temporary-file
 2022-09-06 12:31:29 +02:00
erik-krogh
24f2e3cc07 update alert-messages of the sensitive data queries to match #10314 2022-09-06 12:25:36 +02:00
Taus
810568cf02 Merge pull request #10171 from RasmusWL/variable-accesss 
Python: Fixes for variable access
 2022-09-06 12:18:37 +02:00
Rasmus Wriedt Larsen
5f6e3dcc2e Python: Revert changes to sensitive data query alert messages 
This partly reverts the changes from https://github.com/github/codeql/pull/10252

Although consistency is nice, the new messages didn't sound as natural.

New alert message would read

> Insecure hashing algorithm (md5) depends on sensitive data (password). (...)

I'm not sure what it means that a hashing algorithm depends on data. So
for me, the original text below is much easier to understand.

> Sensitive data (password) is used in a hashing algorithm (md5) that is insecure (...)

Same goes for the other sensitive data queries.
 2022-09-06 12:01:24 +02:00
Mathias Vorreiter Pedersen
02c18e714b C++: Mention 'range-based for-loops' in the QLDoc for 'IRDeclarationEntry'. 2022-09-06 10:40:13 +01:00
Mathias Vorreiter Pedersen
10f962f341 C++: Rename 'PseudoDeclarationEntry' to 'IRDeclarationEntry'. 2022-09-06 10:36:38 +01:00
Tamas Vajk
826bbdf834 Kotlin: Fix vararg extraction outside of method call 2022-09-06 11:32:32 +02:00
Tamas Vajk
cb3c53dee7 Kotlin: Add test case for unexpected vararg extraction error 2022-09-06 11:32:24 +02:00
Mathias Vorreiter Pedersen
ed3fff0eba Update cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-09-06 10:32:16 +01:00
Tony Torralba
b94e0d3e69 Merge pull request #10251 from atorralba/atorralba/implicit-pendingintent-sinks 
Java: Add new AlarmManager sinks to Use of implicit PendingIntents
 2022-09-06 11:31:27 +02:00
Rasmus Wriedt Larsen
7895a5859d Ruby: Autoformat 2022-09-06 11:01:06 +02:00