hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 02:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
0b9d16a43e Merge pull request #12636 from RasmusWL/sql-modeling 
Python: Some more SQL modeling
 2023-03-27 15:52:30 +02:00
Mathias Vorreiter Pedersen
9a57536f9f Merge branch 'main' into range-analysis-of-add-expr 2023-03-27 14:49:01 +01:00
Taus
af060e8c6b Merge branch 'main' into timing-attack-py 2023-03-27 15:27:13 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Asger F
32d7a80221 JS: Change note 2023-03-27 14:56:57 +02:00
Jeroen Ketema
213c4b0818 C++: Fix join-order problem in cpp/overrun-write 
Before on Wireshark:
```
[2023-03-27 12:59:25] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 in 99742ms (size: 52640).
Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 with tuple counts:
        1047588019  ~1%    {3} r1 = JOIN DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
          67558965  ~0%    {4} r2 = JOIN r1 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.2, Rhs.1
         613572640  ~0%    {5} r3 = JOIN r2 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Rhs.2
             52640  ~0%    {4} r4 = JOIN r3 WITH Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3
             52640  ~0%    {4} r5 = JOIN r4 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3, Lhs.0
             52640  ~0%    {5} r6 = JOIN r5 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
             52640  ~0%    {5} r7 = JOIN r6 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.4, Lhs.1, Lhs.2, Rhs.1
                           return r7
```

After:
```
[2023-03-27 13:56:36] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd in 777ms (size: 52640).
Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd with tuple counts:
        565480  ~5%    {2} r1 = SCAN Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff OUTPUT In.1, In.0
          4420  ~1%    {3} r2 = JOIN r1 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
          4420  ~0%    {3} r3 = JOIN r2 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.0
          4420  ~0%    {4} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
          4420  ~0%    {4} r5 = JOIN r4 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Rhs.1
          4420  ~3%    {4} r6 = JOIN r5 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2, Lhs.3
         52825  ~0%    {5} r7 = JOIN r6 WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Rhs.2
         52640  ~0%    {5} r8 = JOIN r7 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1, Lhs.4, Lhs.3
                       return r8
```
 2023-03-27 14:28:22 +02:00
Taus
700eb04487 Python: Lower precision of non-header queries 
cf. https://github.com/github/securitylab/issues/691#issuecomment-1387391014
 2023-03-27 12:22:17 +00:00
Mathias Vorreiter Pedersen
1a6186496f C++: Accept test changes. 2023-03-27 13:20:17 +01:00
Mathias Vorreiter Pedersen
87c144d33b C++: Throw away the sign analysis when analyzing add expressions: instead, we now recursively analyze both operands. 2023-03-27 13:19:47 +01:00
Taus
eaf2930205 Python: Accept test changes 
(These look like they were the result of changes elsewhere in the
analysis.)
 2023-03-27 12:17:13 +00:00
Taus
0b4c85f8d2 Python: Autoformat and fix broken module reference 2023-03-27 12:16:44 +00:00
Erik Krogh Kristensen
af8e44186c Merge pull request #12667 from github/dependabot/cargo/ql/regex-1.7.3 
Bump regex from 1.7.2 to 1.7.3 in /ql
 2023-03-27 13:59:18 +02:00
Geoffrey White
28998ccafe Merge pull request #12471 from geoffw0/dbsinks2 
Swift: Better sinks for swift/cleartext-storage-database
 2023-03-27 12:51:13 +01:00
Asger F
7b4951005b QL: Update test expectations 2023-03-27 13:47:29 +02:00
Asger F
0aceedac78 QL: Make Class.getType() only return ClassType 
Previously this would return both the ClassCharType and ClassType
 2023-03-27 13:39:01 +02:00
Tony Torralba
907053f281 Merge pull request #12591 from github/java/update-mad-decls-after-triage-2023-03-20T12-45-37 
Java: Update MaD Declarations after Triage
 2023-03-27 13:23:55 +02:00
Alex Ford
181e5d588d Merge remote-tracking branch 'origin/rc/3.9' into main 2023-03-27 12:16:03 +01:00
Alex Ford
ee6fa93007 Merge pull request #12657 from alexrford/rb/sensitive-get-no-path-problem 
Ruby: convert `rb/sensitive-get-query` into a `@kind problem`
 2023-03-27 12:08:27 +01:00
Joe Farebrother
489ce3d40a Merge pull request #12049 from joefarebrother/netty-models 
Java: Model the Netty framework
 2023-03-27 11:38:11 +01:00
Stephan Brandauer
6d91458586 Merge pull request #12506 from github/java/update-mad-decls-after-triage-2023-03-13T13-21-27 
Java: Update MaD Declarations after Triage
 2023-03-27 12:30:21 +02:00
Tony Torralba
7a9f1a5705 Add change note 2023-03-27 11:51:59 +02:00
Tony Torralba
95cc99c625 Apply suggestions from code review 2023-03-27 11:50:27 +02:00
Rasmus Wriedt Larsen
dab0abb563 Merge pull request #12428 from yoff/python/rewrite-InsecureContextConfiguration 
Python: Clean up insecure context query
 2023-03-27 11:46:01 +02:00
Tom Hvitved
f8c28bee6a Ruby: Order synthetic children in PrintAST based on their index instead of location 2023-03-27 11:38:30 +02:00
dependabot[bot]
f92f390457 Bump regex from 1.7.2 to 1.7.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-27 09:34:18 +00:00
Arthur Baars
7e7cd54793 Merge pull request #12546 from hmac/extractor-shared-library 
Introduce a shared extractor library
 2023-03-27 11:32:33 +02:00
Arthur Baars
4964f86df5 Merge pull request #12540 from aibaars/destructured-assign 
Ruby: change evaluation order of destructured assignments
 2023-03-27 11:30:44 +02:00
Asger F
92a681213d JS: Step through jQuery callback return values 2023-03-27 11:17:27 +02:00
Asger F
bc2a772f3b JS: Add test case showing false negative 2023-03-27 11:08:39 +02:00
Alex Ford
6f08447427 Ruby: add a change note for rb/sensitive-get-query flow path removal 2023-03-27 09:45:23 +01:00
Alex Ford
24aa16c919 Ruby: update rb/sensitive-get-query test output 2023-03-27 09:44:55 +01:00
Michael Nebel
4a64479551 C#: Add change note. 2023-03-27 10:42:14 +02:00
Michael Nebel
32ea8420a9 C#: Move the existing tests into separate folders to emulate separate projects and add some more tests. 2023-03-27 10:42:14 +02:00
Alex Ford
15c9e7666a Ruby: convert rb/sensitive-get-query into a @kind problem 2023-03-27 09:42:10 +01:00
Michael Nebel
9f88a72d9f C#: Make cs/web/debug-binary respect transformation file RemoveAttribute. 2023-03-27 10:39:44 +02:00
Tony Torralba
ea1ca03bf1 Add change note 2023-03-27 10:30:47 +02:00
Tony Torralba
9a18043d9f Apply suggestions from code review 2023-03-27 10:28:13 +02:00
yoff
2121ed784f Merge branch 'main' into python/rewrite-InsecureContextConfiguration 2023-03-27 10:20:53 +02:00
Tony Torralba
6b265104cf Merge pull request #12662 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-03-27 09:33:27 +02:00
Jeroen Ketema
d65b9ef32c Merge pull request #12661 from geoffw0/elementstests 
C++: Restrict tests that output all elements
 2023-03-27 09:04:11 +02:00
Jeroen Ketema
977f15f8a4 Merge pull request #12649 from jketema/unit 
Replace all definitions of `Unit` by `import codeql.util.Unit`
 2023-03-27 08:49:50 +02:00
smiddy007
4980948613 changenote 2023-03-26 23:07:32 -04:00
smiddy007
cef6b95b15 Fixed Conflicts due to recent changes to file 2023-03-26 22:32:34 -04:00
smiddy007
ad527b8f69 Added new example files and renamed existing ones 2023-03-26 21:53:22 -04:00
smiddy007
ccf152df00 Added support for progressive hashing in crypto-js module 2023-03-26 21:29:55 -04:00
github-actions[bot]
7aca5ee534 Add changed framework coverage reports 2023-03-27 00:16:27 +00:00
Geoffrey White
202a717085 C++: Autoformat. 2023-03-24 22:10:51 +00:00
Raul Garcia
4ba1740c45 Merge branch 'main' into main 2023-03-24 14:56:07 -07:00
Harry Maclean
6b2e8847f5 Rename shared extractor 
It is now called `tree-sitter-extractor`, to make it clearer that it
builds on tree-sitter grammars.
 2023-03-25 10:43:07 +13:00
Harry Maclean
2b6cbc836d Ruby: Remove outdated cache path 2023-03-25 10:39:41 +13:00