codeql

mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00

Author	SHA1	Message	Date
Jeroen Ketema	57c8f5111d	C++: Address docs review comments	2023-03-08 19:38:25 +01:00
Ed Minnix	bfd430b446	Remove qlref tests	2023-03-08 13:21:31 -05:00
Ed Minnix	24c9a516c9	Add QLdoc to ArbitraryApkInstallationQuery.qll	2023-03-08 13:21:09 -05:00
Chris Smowton	cacae957b5	Merge pull request #12441 from smowton/smowton/fix/golang-incorrect-integer-conversion-sanitizer Go: fix incorrect-integer-conversion sanitizer	2023-03-08 18:19:46 +00:00
Jeroen Ketema	3f905f2675	Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-08 19:10:11 +01:00
Michael B. Gale	695160d480	Remove check for stdout redirection	2023-03-08 18:09:09 +00:00
Jeroen Ketema	f6e05836f1	Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-08 19:08:35 +01:00
Jeroen Ketema	2ecc8a5abe	Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-03-08 19:08:19 +01:00
Mathias Vorreiter Pedersen	540ce1f0db	Contrary to what the QLDoc says, this predicate was way too large to be evaluated on the 'quick-lint/quick-lint-js' project. Before: ``` Most expensive predicates for completed query RuleOfTwo.ql: time \| evals \| max @ iter \| predicate ------\|-------\|--------------\|---------- 25m9s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff@8a38e2tm 17m1s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb@0796c497 3.5s \| 130 \| 116ms @ 3 \| Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@926a68j9 3.3s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_1230#join_rhs@25e9ffj8 1.7s \| 3 \| 1.7s @ 1 \| Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49 1.3s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_0132#join_rhs@9c2065t1 1.3s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff_0132#join_rhs@672330eh 1.1s \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_102#join_rhs@f7d5464o 829ms \| 336 \| 85ms @ 6 \| Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1 615ms \| \| \| Expr#ef463c5d::Expr::getType#ff@e265e79q ``` After: ``` Most expensive predicates for completed query RuleOfTwo.ql: time \| evals \| max @ iter \| predicate ------\|-------\|-------------\|---------- 11.8s \| \| \| _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1@fb0627h8 4.8s \| \| \| _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#4@c43dbeia 3.8s \| \| \| _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#3@313e5963 3.4s \| 130 \| 93ms @ 3 \| Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@a0289bfg 1.5s \| 3 \| 1.5s @ 1 \| Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49 806ms \| \| \| Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_021#join_rhs@cc1b76s7 721ms \| 336 \| 61ms @ 5 \| Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1 489ms \| \| \| Expr#ef463c5d::Expr::getType#ff@e265e79q 337ms \| 130 \| 62ms @ 5 \| Class#bacd9b46::Class::accessOfBaseMemberMulti#ffff@0165b0dr 329ms \| \| \| Variable#7a968d4e::ParameterDeclarationEntry::getAnonymousParameterDescription#0#dispred#ff@0f12bdvq 211ms \| \| \| exprs_10#join_rhs@5481143i ```	2023-03-08 17:44:19 +00:00
Ed Minnix	882e909862	Renamed ArbitraryAPKInstallation to ArbitraryApkInstallation	2023-03-08 12:16:46 -05:00
Ed Minnix	5fb5f1b23b	Begin InlineExpectationsTest	2023-03-08 12:14:45 -05:00
Ed Minnix	3ea167cadf	Split ArbitraryApkInstallation file into 3 files	2023-03-08 12:12:11 -05:00
Edward Minnix III	2d1088e923	Change severity level to error Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-03-08 12:12:11 -05:00
Ed Minnix	0eaad4136e	Add RemoteFlowSource as a valid source	2023-03-08 12:12:11 -05:00
Ed Minnix	4d51e4fed0	Change description wording	2023-03-08 12:12:11 -05:00
Ed Minnix	10cd6328dc	Add missing QLDocs	2023-03-08 12:12:11 -05:00
Edward Minnix III	8ec5b5b7fa	Apply suggestions from code review Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-03-08 12:12:10 -05:00
Ed Minnix	8fcf00b73d	Test improvements	2023-03-08 12:12:10 -05:00
Ed Minnix	fa416564c7	Documentation and examples	2023-03-08 12:12:10 -05:00
Ed Minnix	d3d712fbff	Remove `Url#parse` as a source	2023-03-08 12:12:10 -05:00
Ed Minnix	5f4e8e3e6a	Add test cases relating to intents with the ACTION_INSTALL_PACKAGE action	2023-03-08 12:12:10 -05:00
Ed Minnix	f03e90f894	Remove http(s) literal sources	2023-03-08 12:12:10 -05:00
Edward Minnix III	839b88a4bc	Formatting, capitalization, and typos Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-03-08 12:12:10 -05:00
Ed Minnix	b606271a61	Additional documentation	2023-03-08 12:12:10 -05:00
Ed Minnix	01b20b3a26	Added external storage test case	2023-03-08 12:12:10 -05:00
Ed Minnix	c448481bf7	Added test expectations	2023-03-08 12:12:10 -05:00
Ed Minnix	12f78dbed4	Add `DataFlow::PathGraph` import	2023-03-08 12:12:10 -05:00
Ed Minnix	cd5a46123e	Add a change note	2023-03-08 12:12:10 -05:00
Ed Minnix	2d6cdff14b	Add period to alert message	2023-03-08 12:12:10 -05:00
Ed Minnix	0ec4df28f5	Add query metadata	2023-03-08 12:12:10 -05:00
Ed Minnix	3f589722c2	Refactor query to change returned source	2023-03-08 12:12:10 -05:00
Ed Minnix	618b608962	Arbitrary APK Installation MVP	2023-03-08 12:12:10 -05:00
Owen Mansel-Chan	9fc119cc55	Rearrange diagnostic error message The context should come in the middle and the call to action should come last.	2023-03-08 17:09:52 +00:00
Robert Marsh	6bfa08c5cc	Merge branch 'main' into rdmarsh2/swift/constructor-flow	2023-03-08 16:40:11 +00:00
Owen Mansel-Chan	63d3b3ff2a	Fix diagnostic-limit-reached visibility and location	2023-03-08 16:34:29 +00:00
Owen Mansel-Chan	0d6f17ec90	Do not use field `internal`, which is deprecated	2023-03-08 16:34:01 +00:00
Robert Marsh	b941d54f1f	C++ Move RangeAnalysis to work around shadowing	2023-03-08 11:32:37 -05:00
Robert Marsh	50fac3060c	C++: split RA into constant and relative phases	2023-03-08 11:32:36 -05:00
Robert Marsh	3bf3876c14	Swift: fix FPs with inout params in inits	2023-03-08 16:20:39 +00:00
Owen Mansel-Chan	17c550bc88	Address review comments	2023-03-08 15:51:45 +00:00
Arthur Baars	7ab0f88f78	JS: add link to docs to parse error diagnostic	2023-03-08 16:47:43 +01:00
Arthur Baars	ebf0bb889b	Ruby: add some integration tests for diagnostic messages	2023-03-08 16:35:43 +01:00
Arthur Baars	e5be8ab1e5	JS: add integration test for diagnostic messages	2023-03-08 16:04:49 +01:00
Jeroen Ketema	30cbc91092	C++: Update XXE XML query with `DataFlow::ConfigSig`	2023-03-08 15:04:53 +01:00
Jeroen Ketema	6f2407412e	C++: Update some dataflow tests to use `DataFlow::ConfigSig`	2023-03-08 15:04:53 +01:00
Jeroen Ketema	8253f2d343	C++: Update `UnsafeDaclSecurityDescriptor` with `DataFlow::ConfigSig`	2023-03-08 15:04:53 +01:00
Jeroen Ketema	7fe1a9431c	C++: Update `PotentiallyExposedSystemData` with `DataFlow::ConfigSig`	2023-03-08 15:04:53 +01:00
Jeroen Ketema	53aa34bdd3	C++: Update `UnsafeCreateProcessCall` with `DataFlow::ConfigSig`	2023-03-08 15:04:53 +01:00
Jeroen Ketema	af612a12de	C++: Update `TlsSettingsMisconfiguration` with `DataFlow::ConfigSig`	2023-03-08 15:04:52 +01:00
Jeroen Ketema	4363a8ea30	C++: Update leap year queries with `DataFlow::ConfigSig`	2023-03-08 15:04:52 +01:00

... 61 62 63 64 65 ...

54887 Commits