hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,693 Branches 161 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
39406436bf Swift: extract IfConfigDecl 
This also adds `UnresolvedDeclRefExpr` tests, as `IfConfigDecl`
consistently introduces those.
 2022-07-11 15:11:13 +02:00
Ben Rodes
a6048dd594 Merge branch 'github:main' into main 2022-07-11 08:49:13 -04:00
Jeroen Ketema
93a4a32527 Merge pull request #9786 from jketema/lossy 
C++: LossyFunctionResultCast updates
 2022-07-11 14:14:33 +02:00
Robert Marsh
bbd7e62341 Merge pull request #9793 from jketema/nullness 
C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`
 2022-07-11 08:07:24 -04:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Erik Krogh Kristensen
9ed7aa9fae exclude variables in .vue files form js/unused-local-variable 2022-07-11 12:52:23 +02:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Jeroen Ketema
6b2154eb8b C++: Add tests for AnalysedExpr::isNullCheck and AnalysedExpr::isValidCheck 2022-07-11 11:54:48 +02:00
Paolo Tranquilli
7d5dd384c3 Swift: extract UnresolvedPatternExpr 2022-07-11 10:59:00 +02:00
Paolo Tranquilli
7c3cadc9b6 Swift: extract OpenedArchetypeType 2022-07-11 10:48:21 +02:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
96e66c4a50 move tests 2022-07-08 18:39:04 +00:00
thiggy1342
0435105d16 Merge remote-tracking branch 'upstream/main' into experimental-strong-params 2022-07-08 18:36:09 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Raul Garcia
f8994d04d6 Clean up 2022-07-07 11:49:05 -07:00
REDMOND\brodes
4379aa4398 Adding Initializer in condition as an occurance of isDef 2022-07-07 10:32:36 -04:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Jeroen Ketema
0b471c2007 C++: Improve LossyFunctionResultCast join order 
Before on wireshark:
```
Tuple counts for #select#ff@eca61bf2:
        180100  ~2%    {2} r1 = SCAN Type::Type::getUnderlyingType#dispred#f0820431#ff OUTPUT In.1, In.0
            84  ~2%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Rhs.0
          2021  ~0%    {2} r3 = JOIN r2 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          2437  ~0%    {2} r4 = JOIN r3 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          2150  ~0%    {2} r5 = r4 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
          2150  ~0%    {2} r6 = SCAN r5 OUTPUT In.1, In.0
           313  ~0%    {3} r7 = JOIN r6 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
           313  ~0%    {3} r8 = JOIN r7 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
           148  ~3%    {2} r9 = JOIN r8 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
           148  ~1%    {3} r10 = JOIN r9 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            21  ~0%    {3} r11 = JOIN r10 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
            21  ~0%    {3} r12 = JOIN r11 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
            21  ~0%    {2} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                       return r13
```

After:
```
Tuple counts for #select#ff@a5a185eg:
          20  ~0%    {2} r1 = SCAN project#Type::FloatingPointType#class#2e8eb3ef#fffff OUTPUT In.0, In.0
          20  ~0%    {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
          84  ~2%    {2} r3 = JOIN r2 WITH Type::Type::getUnderlyingType#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2021  ~0%    {2} r4 = JOIN r3 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2437  ~0%    {2} r5 = JOIN r4 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        2150  ~0%    {2} r6 = r5 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1)
        2150  ~0%    {2} r7 = SCAN r6 OUTPUT In.1, In.0
         313  ~0%    {3} r8 = JOIN r7 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
         313  ~0%    {3} r9 = JOIN r8 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         148  ~3%    {2} r10 = JOIN r9 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1
         148  ~1%    {3} r11 = JOIN r10 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
          21  ~0%    {3} r12 = JOIN r11 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0
          21  ~0%    {3} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
          21  ~0%    {2} r14 = JOIN r13 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.")
                     return r14
```
 2022-07-06 21:53:12 +02:00
Jeroen Ketema
7d6fb7f91a C++: Rename LossyFunctionResultCast tests to be correctly named 2022-07-06 21:52:13 +02:00
REDMOND\brodes
74ff579dbc Fixing logic bug with LogicalAndExpr 2022-07-06 15:19:36 -04:00
Raul Garcia
97d9fd9846 Update security-validation-disabled.ql 2022-07-05 15:18:56 -07:00
Raul Garcia
dd1a9a22e3 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:38 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
56060e0610 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-05 13:57:28 -07:00
ihsinme
8967f57bbc Update DangerousUseMbtowc.ql 2022-07-04 11:17:12 +03:00
ihsinme
4e28887689 Create test3.cpp 2022-07-04 11:13:07 +03:00
ihsinme
1ce42dcd30 Create test2.cpp 2022-07-04 11:12:34 +03:00
ihsinme
6d800de377 Create test1.cpp 2022-07-04 11:11:49 +03:00
ihsinme
f53adca108 Update DangerousUseMbtowc.ql 2022-07-04 11:10:02 +03:00
Mathias Vorreiter Pedersen
3bacb18315 Merge pull request #9770 from MathiasVP/nomagic-use-in-own-init 
C++: Add `nomagic` to `VariableAccessInInitializer`
 2022-07-02 16:35:45 +01:00
Chris Smowton
4d45a2ca87 Merge pull request #9775 from smowton/smowton/fix/accessors-respect-private-member-exclusion 
Kotlin: don't extract private setters of external classes
 2022-07-02 10:27:06 +01:00
Raul Garcia
fcb01ef28d Merge branch 'github:main' into Token_validation 2022-07-01 17:37:05 -07:00
Raul Garcia
62c28571c6 making changes based on feedback during PR 2022-07-01 17:35:02 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Mathias Vorreiter Pedersen
e98bdbf73f Merge pull request #9773 from geoffw0/stringlengthconflation4 
Swift: More improvements to swift/string-length-conflation
 2022-07-01 17:46:04 +01:00
Geoffrey White
e38254c05e Swift: Fix typo. 2022-07-01 17:00:36 +01:00
Shyam Mehta
39f885413f Change log 2022-07-01 11:34:56 -04:00
Ian Lynagh
1730ec22d9 Kotlin: Extract an ErrorType if we fail to correctly extract a type 2022-07-01 16:33:43 +01:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Chris Smowton
b499ba5aa8 Kotlin: don't extract private setters of external classes 
Previously these would get extracted unlike other private methods even if the class was a standard library or other external class. This could cause inconsistencies because if we also compiled the class from source we could end up deciding different names for the property's setter: setXyz$private when seen from source, and setXyz without a
suffix when seen as an external .class file. Avoiding extracting these functions from the external perspective both restores consistency with other kinds of method and avoids these consistency problems.
 2022-07-01 15:44:17 +01:00