hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 09:54:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,683 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamás Vajk
87b971c78f Merge pull request #10728 from tamasvajk/kotlin-missing-override-sam 
Kotlin: Extract `override` modifier on SAM methods
 2022-10-10 13:58:28 +02:00
Tamás Vajk
cd8ac1a835 Merge pull request #10720 from tamasvajk/kotlin-equals-fix 
Kotlin: Consider `::class` type check in `java/unchecked-cast-in-equals`
 2022-10-10 13:58:15 +02:00
Rasmus Wriedt Larsen
b1d33a404c Python: Sort Frameworks.qll 2022-10-10 13:55:10 +02:00
Tamás Vajk
e060ac71bb Change Kotlin stdlib identifier 2022-10-10 13:50:33 +02:00
Rasmus Wriedt Larsen
584ccf1992 Python: clean up Mysql.qll 2022-10-10 13:49:26 +02:00
Rasmus Wriedt Larsen
08d6b2f30a Python: Fix typo in qldoc 2022-10-10 13:46:18 +02:00
Tom Hvitved
9f2f6ac491 Merge pull request #10745 from hvitved/ruby/cache-library-flow 
Ruby: Cache use of `DataFlowImplFor(Pathname|HttpClientLibraries)`
 2022-10-10 13:08:36 +02:00
erik-krogh
38c17c5d0c Merge branch 'main' into rbMeta 2022-10-10 12:22:56 +02:00
Geoffrey White
059864587e C++: Add 'mremap' to whitelist. 2022-10-10 11:00:18 +01:00
Nick Rolfe
e38cfd5f7d Ruby: add changenote for ActionMailer params 2022-10-10 10:25:19 +01:00
Nick Rolfe
d61f0559a0 Ruby: add ActionMailer#params as a RemoteFlowSource 2022-10-10 10:23:48 +01:00
Rasmus Wriedt Larsen
4b1f6f0865 Merge pull request #10629 from RasmusWL/fix-flask-source 
Python: Fix flask request modeling
 2022-10-10 09:56:22 +02:00
Alex Ford
d0bdbe65ef Ruby: ActiveJob::Serializers.deserialize changenote 2022-10-09 22:47:52 +01:00
Alex Ford
ee77404006 Ruby: Add ActiveJob::Serializers.deserialize as a code execution sink 2022-10-09 22:28:22 +01:00
Alex Ford
4a39e4aac0 Ruby: Add new test case for rb/code-injection 2022-10-09 22:26:29 +01:00
Alex Ford
c4baf0b8fa Ruby: add space for test case 2022-10-09 22:16:23 +01:00
Tom Hvitved
efa6b3c0c6 Ruby: Cache uses of DataFlowImplForHttpClientLibraries 2022-10-09 19:59:56 +02:00
Tom Hvitved
9f34bf80fd Ruby: Cache use of DataFlowImplForPathname 2022-10-09 19:59:05 +02:00
Tom Hvitved
296ec94a2a Data flow: Sync files 2022-10-09 19:48:45 +02:00
Tom Hvitved
d1c8c40c17 Data flow: Avoid call to pathSuccPlus in Configuration::hasFlowTo(Expr) 2022-10-09 19:48:44 +02:00
Alex Ford
43fec9dfc8 Revert "Ruby: switch rb/sensitive-get-query back to using local flow" 
This reverts commit fa58c51810.
 2022-10-09 13:06:13 +01:00
Alex Ford
139d3868e5 Merge branch 'main' into rb/sensitive-get-query 2022-10-09 12:26:44 +01:00
Tom Hvitved
02192acd5f Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Synthesis#d9ff06b1::Desugared::getADescendant#0#dispred#ff(/* Synthesis::Desugared */ AST#87953007::Cached::TAstNode this,
                                                           /* AST::AstNode */ AST#87953007::Cached::TAstNode result)
:-
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    result = this
  );
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(this, result)
  )
.
```

DIL after
```
incremental
Synthesis#d9ff06b1::Desugared::getADescendant#ff(/* Synthesis::Desugared */ AST#87953007::Cached::TAstNode this,
                                                 /* AST::AstNode */ AST#87953007::Cached::TAstNode result)
:-
  (
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    result = this
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, call_result#2),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, _, result)
    )
  )
| [base_case]
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
  ),
  result = this
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    delta previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this,
                                                                        call_result#2),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, result)
  ),
  not(
    previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, result)
  )
| [delta_order_up_to_500000]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    delta previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this,
                                                                        call_result#2),
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, this)
    ),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#2, result)
  ),
  not(
    previous rec Synthesis#d9ff06b1::Desugared::getADescendant#ff(this, result)
  )
.
```
 2022-10-09 11:12:24 +02:00
Tom Hvitved
d39b0fd3f4 Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Synthesis#d9ff06b1::isInDesugaredContext#1#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode n)
:-
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(int arg1,
           /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
      arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, call_result#2)
    ),
    #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(call_result#2, n)
  )
.
```

DIL after
```
incremental
Synthesis#d9ff06b1::isInDesugaredContext#1#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode n)
:-
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode any#expr##2 |
    rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(any#expr##2),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(any#expr##2, _, n)
    )
  )
| [base_case]
  exists(int arg1, /* AST::AstNode */ dontcare AST#87953007::Cached::TAstNode _ |
    arg1 = -1, AST#87953007::Cached::getSynthChild#2(_, arg1, n)
  )
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode any#expr##2 |
    delta previous rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(any#expr##2),
    project#AST#a6718388::AstNode::getAChild#1#dispred(any#expr##2, n)
  ),
  not(previous rec Synthesis#d9ff06b1::isInDesugaredContext#1#f(n))
.
``
 2022-10-09 11:11:48 +02:00
Tom Hvitved
262a74d03d Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                                   /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(AST#a6718388::AstNode::getAChild#0#dispred#ff/2)
.

Completion#445d5844::mayRaise#1#f(/* Call::Call */ unique AST#87953007::Cached::TAstNode c)
:-
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
      (
        (
          project#Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst),
          ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
        );
        (
          exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
            Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
          ),
          ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
        )
      ),
      ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
      project#ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                                  call_result#2)
    ),
    (
      (c = call_result#2, Call#841c84e8::Call#f(c));
      (
        #AST#a6718388::AstNode::getAChild#0#dispredPlus#ff(call_result#2, c),
        Call#841c84e8::Call#f(c)
      )
    )
  )
.
```

DIL after
```
incremental
Completion#445d5844::getARescuableBodyChild#0#f(/* AST::AstNode */ unique AST#87953007::Cached::TAstNode result)
:-
  exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
    (
      (
        exists(dontcare int _,
               /* Expr::RescueClause */ dontcare AST#87953007::Cached::TAstNode _1 |
          Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst, _, _1)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      );
      (
        exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
          Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      )
    ),
    ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
    exists(boolean arg2, dontcare int _ |
      arg2 = true,
      ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                          _,
                                                                                          arg2,
                                                                                          result)
    )
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#5 |
    rec Completion#445d5844::getARescuableBodyChild#0#f(call_result#5),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(call_result#5, _, result)
    )
  )
| [base_case]
  exists(/* ControlFlowGraphImpl::Trees::BodyStmtTree */ AST#87953007::Cached::TAstNode bst |
    (
      (
        project#Expr#6fb2af19::BodyStmt::getRescue#1#dispred#fff(bst),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      );
      (
        exists(/* Expr::StmtSequence */ dontcare AST#87953007::Cached::TAstNode _ |
          Expr#6fb2af19::BodyStmt::getEnsure#0#dispred#ff(bst, _)
        ),
        ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst)
      )
    ),
    ControlFlowGraphImpl#288ae92e::Trees::BodyStmtTree#class#f(bst),
    project#ControlFlowGraphImpl#288ae92e::Trees::StmtSequenceTree::getBodyChild#2#dispred#ffff(bst,
                                                                                                result)
  )
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#5 |
    delta previous rec Completion#445d5844::getARescuableBodyChild#0#f(call_result#5),
    project#AST#a6718388::AstNode::getAChild#1#dispred(call_result#5, result)
  ),
  not(previous rec Completion#445d5844::getARescuableBodyChild#0#f(result))
.
```
 2022-10-09 11:10:39 +02:00
Tom Hvitved
d707c526e5 Ruby: Avoid computing full fastTC for AstNode::getParent 
DIL before
```
                                  /* AST::AstNode */ AST#87953007::Cached::TAstNode result) =
  fastTC(Module#fe82a56b::parent#1#ff/2)
.

Module#fe82a56b::enclosingModule#1#ff(/* AST::AstNode */ AST#87953007::Cached::TAstNode node,
                                      /* Module::ModuleBase */ AST#87953007::Cached::TAstNode result)
:-
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode call_result#2 |
    Module#2a43f566::ModuleBase#f(result),
    project#AST#a6718388::AstNode::getAChild#1#dispred(result, call_result#2),
    (
      node = call_result#2;
      #Module#fe82a56b::parent#1Plus#ff(node, call_result#2)
    )
  )
.
```

DIL after
```
incremental
Module#fe82a56b::enclosingModule#1#ff(/* AST::AstNode */ AST#87953007::Cached::TAstNode node,
                                      /* Module::ModuleBase */ AST#87953007::Cached::TAstNode result)
:-
  (
    Module#2a43f566::ModuleBase#f(result),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(result, _, node)
    )
  );
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    Module#2a43f566::ModuleBase#f(result),
    rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    exists(cached dontcare string _ |
      AST#a6718388::AstNode::getAChild#1#dispred(mid, _, node)
    )
  )
| [base_case]
  Module#2a43f566::ModuleBase#f(result),
  project#AST#a6718388::AstNode::getAChild#1#dispred(result, node)
| [delta_order]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    Module#2a43f566::ModuleBase#f(result),
    delta previous rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    project#AST#a6718388::AstNode::getAChild#1#dispred(mid, node)
  ),
  not(previous rec Module#fe82a56b::enclosingModule#1#ff(node, result))
| [delta_order_up_to_500000]
  exists(/* AST::AstNode */ AST#87953007::Cached::TAstNode mid |
    delta previous rec Module#fe82a56b::enclosingModule#1#ff(mid, result),
    Module#2a43f566::ModuleBase#f(result),
    not(Module#2a43f566::ModuleBase#f(mid)),
    not(Method#8b49e67f::Block#f(mid)),
    project#AST#a6718388::AstNode::getAChild#1#dispred(mid, node)
  ),
  not(previous rec Module#fe82a56b::enclosingModule#1#ff(node, result))
.
```
 2022-10-09 11:10:33 +02:00
yo-h
213c5bdab6 Update frameworks.csv 2022-10-07 17:45:39 -04:00
erik-krogh
73f88fbdb6 changes based on review 2022-10-07 23:28:44 +02:00
erik-krogh
6fdfd40880 changes to address reviews 2022-10-07 22:31:00 +02:00
Chris Smowton
5cadd3c0e6 Merge pull request #10712 from smowton/smowton/admin/kotlin-allow-single-embeddable-version 
Kotlin: allow building a single embeddable plugin version
 2022-10-07 20:33:06 +01:00
Jami
bb0f2f7d36 Merge pull request #10368 from jcogs33/android-deeplink-analysis 
Java: Android deeplink analysis
 2022-10-07 14:32:05 -04:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
Chris Smowton
5dcb70e482 Make method private 2022-10-07 18:10:52 +01:00
Chris Smowton
9c0cdfde6b Note store_true params default to False not None 2022-10-07 18:02:32 +01:00
Chris Smowton
68967c40bc Remove whitespace 2022-10-07 17:49:51 +01:00
Chris Smowton
85f92ff80a Require --single-version with --single-version-embeddable 2022-10-07 17:49:03 +01:00
Chris Smowton
bef4011947 Kotlin: fix type variable erasure inside default function values 
Previously because extractClassInstance didn't use the declaration stack, we wouldn't notice that it was legal to refer to its type variable in the context of extracting a specialised method <-> method source-decl edge. This led to erasing the types of the source-decl, so that e.g. Map.put(...) would have signature (Object, Object) not (K, V)
as it should.
 2022-10-07 17:31:38 +01:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
Ian Lynagh
b4510200b4 Merge pull request #10734 from github/smowton/fix/move-overloads-together 
Kotlin: keep method overloads together
 2022-10-07 16:02:38 +01:00
Erik Krogh Kristensen
dd50fe3c10 Merge pull request #10726 from erik-krogh/go-last-msg 
Go: fix some more style-guide violations in the alert-messages
 2022-10-07 16:16:29 +02:00
Chris Smowton
115d4de0e0 Kotlin: keep method overloads together 2022-10-07 13:50:27 +01:00
Nick Rolfe
4d75d885cb Merge pull request #10733 from github/nickrolfe/deprecated_paramscall_fix 
Ruby: fix use of deprecated class
 2022-10-07 13:45:07 +01:00
Mathias Vorreiter Pedersen
be95b91878 Merge pull request #10725 from erik-krogh/cpp-last-msg 
C: fix some more style-guide violations in the alert-messages
 2022-10-07 13:22:06 +01:00
Nick Rolfe
a6674a5313 Ruby: fix uses of deprecated class name 2022-10-07 13:17:05 +01:00
Erik Krogh Kristensen
e8b9dc2e83 Merge pull request #10724 from erik-krogh/csharp-last-msg 
C#: fix some more style-guide violations in the alert-messages
 2022-10-07 13:48:23 +02:00
erik-krogh
cbeefd418b add change-note 2022-10-07 13:47:32 +02:00
erik-krogh
10a014f18c add change-note 2022-10-07 13:46:48 +02:00
erik-krogh
3e06e201c9 add change-note 2022-10-07 13:45:30 +02:00
erik-krogh
99b7c77abc add change-note 2022-10-07 13:44:36 +02:00
Tom Hvitved
b065d2d3ab Merge pull request #10705 from hvitved/ruby/singleton-overrides 
Ruby: Take overrides into account for singleton methods defined on modules
 2022-10-07 13:33:59 +02:00