hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 03:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,685 Branches 158 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
james
d75b1e399d remove a few mentions of LGTM.com 2022-09-29 17:29:03 +01:00
Rasmus Wriedt Larsen
ea27f4e20f Python: Remove last -p ../lib/ in options files 
These were only needed for points-to.

If they only contained `--max-import-depth`, I've removed the `options`
file entirely.
 2022-09-29 18:05:51 +02:00
Ian Lynagh
66a8bc5a96 Kotlin: Make newerThan symmetric 
"0.0 last-modified 0" and "0.0 last-modified 123" were giving
different comparisons depending on which way round they were.
 2022-09-29 16:55:03 +01:00
Rasmus Wriedt Larsen
0cb8e121e9 Python: Fix flask request modeling 
This takes us part of the way. We still get multiple paths for the same
alert, but that will be fixed in a different PR.
 2022-09-29 17:41:21 +02:00
Nora Dimitrijević
28bd591107 C++: Fix explicit this-> FP. 2022-09-29 17:04:11 +02:00
Robert Marsh
447c11cd07 C++: move ConstantSizeArrayOffByOne.ql to CWE-193 2022-09-29 10:56:29 -04:00
Robert Marsh
e46b215c9d C++: fix metadata and result format 2022-09-29 10:53:29 -04:00
Nora Dimitrijević
29d7c0e21b C++: Exclude commas in if-conditions. 2022-09-29 16:29:57 +02:00
Robert Marsh
9b03e1c0b1 Merge pull request #10609 from MathiasVP/overrun-write-only-flag-overrunning-write 
C++: Make `OverrunWriteProductFlow` raise alerts on overflows
 2022-09-29 10:03:05 -04:00
Tom Hvitved
a5fbe751f1 Ruby: Reduce size of input predicate for non-linear recursion 
Before, we would be recursive in all of `MethodCall::getMethodName`:

```
Evaluated named local Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi in 9803ms on iteration 14 (size: 31006941).
Evaluated relational algebra for predicate Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi on iteration 14 running pipeline main with tuple counts:
          256419  ~1%    {2} r1 = SCAN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta OUTPUT In.1, In.0
        31006941  ~8%    {4} r2 = JOIN r1 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2, Rhs.3
                         return r2
```

Now, we have restricted that to only the relevant method names.
 2022-09-29 15:59:11 +02:00
Asger F
ed36f1983b Python: sync TypeTracker.qll 2022-09-29 15:57:09 +02:00
Asger F
ae60b0ae6d Ruby: ensure pruning works with startInContent 2022-09-29 15:54:51 +02:00
Nora Dimitrijević
64903336f7 C++: Exclude all parenthesized CommaExprs. 2022-09-29 15:49:29 +02:00
Henti Smith
700eaf5e41 Added JobRunson 2022-09-29 14:19:02 +01:00
Mathias Vorreiter Pedersen
4e3b445515 C++: Accept test changes. 2022-09-29 13:35:23 +01:00
Mathias Vorreiter Pedersen
70837dbd93 C++: Use range analysis to properly deduce the initial 'state2' instead of traversing the AST. Also fix state-passing related to negative states. 2022-09-29 13:32:39 +01:00
Mathias Vorreiter Pedersen
6537c817ef C++: Add more CWE-199 tests that allocates memory based on the result of a SubExpr. 2022-09-29 13:31:34 +01:00
Tamas Vajk
b79c10c419 Kotlin: find java-kotlin equivalent functions by erased parameter types 2022-09-29 14:29:22 +02:00
Tamas Vajk
64c953bee0 Kotlin: add test for not found equivalent of MutableList.remove 2022-09-29 14:24:09 +02:00
Michael Nebel
dd0f19d0b0 Ruby: Update expected test output. 2022-09-29 14:12:20 +02:00
Michael Nebel
999eb19c3d Ruby: Support postupdate notes for assignment expressions. 2022-09-29 14:12:20 +02:00
Asger F
f1de5a2ffd Ruby: Restrict summaries and type trackers to relevant contents 2022-09-29 14:10:09 +02:00
Tom Hvitved
1fcd22b0f6 Merge pull request #10621 from hvitved/ruby/fix-bad-join 
Ruby: Fix bad join-order
 2022-09-29 13:56:18 +02:00
Michael Nebel
af4db77046 Ruby: Update expected test output. 2022-09-29 13:54:59 +02:00
Michael Nebel
9ee831a378 Ruby: Add (failing) test case for flow out via assignment expression. 2022-09-29 13:54:32 +02:00
erik-krogh
77eeabe8e5 changed to address review 2022-09-29 13:39:59 +02:00
Nora Dimitrijević
909b36a078 C++: Fix implicit-this FP, uncovered non-funptr FP 2022-09-29 13:14:36 +02:00
erik-krogh
3129f0fc8c add change-note 2022-09-29 13:02:25 +02:00
Asger F
dc03557aea Merge branch 'main' into rb/summarize-loads-v2 2022-09-29 12:07:30 +02:00
Tom Hvitved
2bf087677f Ruby: Fix bad join-order 
Before
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@ba617c9q with tuple counts:
          1066626  ~2%    {3} r1 = SCAN project#Module#fe82a56b::Cached::lookupMethod#2 OUTPUT In.0, In.0, In.1
        931393128  ~0%    {4} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1, Rhs.2
           298573  ~0%    {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff_14023#join_rhs ON FIRST 2 OUTPUT Rhs.2, Rhs.3, Rhs.4, Lhs.2, Lhs.3, Lhs.1
                          return r3
```

After
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@f68de4dn with tuple counts:
        583298  ~1%    {5} r1 = SCAN DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff OUTPUT In.1, In.0, In.2, In.3, In.4
        583298  ~1%    {5} r2 = JOIN r1 WITH DataFlowPrivate#462ff392::ArgumentNode#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        442278  ~0%    {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.4, Lhs.1, Lhs.2, Lhs.3, Rhs.2
        298573  ~0%    {6} r4 = JOIN r3 WITH project#Module#fe82a56b::Cached::lookupMethod#2 ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0, Lhs.5, Lhs.1
                       return r4
```
 2022-09-29 12:00:26 +02:00
Tom Hvitved
e9b96c19b8 Ruby: Account for protected methods in call graph 2022-09-29 11:58:04 +02:00
Asger F
296c0a7925 Merge pull request #10603 from asgerf/type-model-api-node 
Add TypeModel.getAnApiNode
 2022-09-29 11:39:09 +02:00
Tom Hvitved
58b7556bdf Ruby: Add call graph tests for protected methods 2022-09-29 11:37:35 +02:00
Michael Nebel
95488bf133 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
903abd0f3e C#: Exhaustive validation of postupdate notes in conditional expression example. 2022-09-29 11:35:35 +02:00
Michael Nebel
131a6ac492 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
e06afb69cc C#: Support postupdate notes for assignment expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
9ced3956d6 C#: Add assignment expression example. 2022-09-29 11:35:35 +02:00
Michael Nebel
e1ea1a464d C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
3d971d239f C#: Support postupdate notes for suppress nullable warning expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
58bf283023 C#: Add suppress nullable warning expressions example. 2022-09-29 11:35:35 +02:00
Michael Nebel
940e925c31 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
b24fd13946 C#: Add postupdate note support for switch expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
d54406d599 C#: Add switch example. 2022-09-29 11:35:35 +02:00
Michael Nebel
65b32b665d C#: Update test expected output. 2022-09-29 11:35:35 +02:00
Michael Nebel
6b74e433ee C#: Support postupdate notes for NullCoalescing expressions. 2022-09-29 11:35:35 +02:00
Michael Nebel
11d67744f7 C#: Add NullCoalescing example. 2022-09-29 11:35:35 +02:00
Michael Nebel
2e5fc19e38 C#: Update expected test output. 2022-09-29 11:35:35 +02:00
Michael Nebel
3c6f538d5c C#: Support Cast expressions to have post update notes. 2022-09-29 11:35:35 +02:00
Michael Nebel
ba4794790e C#: Add Cast example. 2022-09-29 11:35:35 +02:00