hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,342 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.0
Commit Graph

59342 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
fef5a49fcb Swift: Remove now duplicate extension logic. 2023-09-20 15:36:15 +01:00
Rasmus Lerchedahl Petersen
12dab88ec7 Python: rename concept 
`NoSqlQuery` -> `NoSqlExecution`
 2023-09-20 15:49:35 +02:00
Rasmus Lerchedahl Petersen
4ec8b3f02f Python: Model map_reduce 2023-09-20 15:44:12 +02:00
Tamas Vajk
d29585c8b7 C#: Remove platform-specific runtime nuget packages from the reference list in Standalone 2023-09-20 15:24:01 +02:00
Rasmus Lerchedahl Petersen
7c085ecc61 Python: Add test for map_reduce 
Also log requirement for old versions of `pymongo`
 2023-09-20 15:23:18 +02:00
Anders Schack-Mulligen
d285afba08 Typetracking: minor perf fix. 2023-09-20 14:52:49 +02:00
Michael Nebel
0b84dee65e C#: Minor improvements to the ExternalApi implementation. 2023-09-20 14:34:27 +02:00
Koen Vlaswinkel
9e2984770f Java: Fix identification of supported endpoints in framework mode 2023-09-20 14:25:06 +02:00
Koen Vlaswinkel
73ebd21c33 Java: Refactor most of the logic out of the model editor query files 2023-09-20 14:13:28 +02:00
Koen Vlaswinkel
509b7fe0f8 Java: Add tests for supported framework methods 2023-09-20 14:11:00 +02:00
Koen Vlaswinkel
6adbc406a7 Java: Add tests for private methods 2023-09-20 14:05:28 +02:00
Koen Vlaswinkel
8e55189b84 Java: Add tests for generic interfaces/classes/methods 2023-09-20 14:02:34 +02:00
Koen Vlaswinkel
6e78aac6cc Java: Rename CallableMethod to Endpoint 2023-09-20 13:57:27 +02:00
Koen Vlaswinkel
fee9640077 Java: Update query id/tags and documentation 2023-09-20 13:54:35 +02:00
Koen Vlaswinkel
fe7ce0ae0b Java: Rename queries from fetch methods to endpoints 2023-09-20 13:52:49 +02:00
Koen Vlaswinkel
082a45400d Java: Rename AutomodelVsCode to ModelEditor 2023-09-20 13:51:05 +02:00
Tom Hvitved
455cde2f64 Merge pull request #14267 from hvitved/ruby/fix-join 
Ruby: Fix bad join
 2023-09-20 13:49:51 +02:00
Michael Nebel
13dd9a6c37 C#: Address review comments. 2023-09-20 13:43:38 +02:00
Michael Nebel
50a9219a3b C#: Re-factor most of the logic out of the model editor query files. 2023-09-20 13:08:01 +02:00
Michael Nebel
45432f211c C#: Identify whether callables in the source code are supported in terms of MaD. 2023-09-20 13:01:24 +02:00
github-actions[bot]
3acf5244b0 Post-release preparation for codeql-cli-2.14.6 2023-09-20 10:25:10 +00:00
Chris Smowton
07dbad509c Merge pull request #14265 from phillmv/patch-1 
s/Replace/ReplaceAll/ in LogInjectionGood.go
 2023-09-20 11:06:15 +01:00
Chris Smowton
a8afa05b1d Correct ReplaceAll params 
ReplaceAll doesn't take a count argument
 2023-09-20 10:00:53 +01:00
Mathias Vorreiter Pedersen
22d66b6d81 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2023-09-20 09:56:10 +01:00
Mathias Vorreiter Pedersen
fb1ce2ab70 C++: Lift 'getParameter' to 'ParameterNode'. 2023-09-20 09:51:35 +01:00
Rasmus Wriedt Larsen
8e864ab84a Merge pull request #14262 from RasmusWL/dataflow-labeler 
Misc: Update auto labeler for shared dataflow pack
 2023-09-20 10:26:44 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Anders Schack-Mulligen
d7e965f863 Dataflow: Add lightweight api based on TypeTracking. 2023-09-20 10:21:21 +02:00
Anders Schack-Mulligen
d7bd8c7ffd Shared/TypeTracking: Add support for flow from non-LocalSourceNode source and bugfix in smallstep. 2023-09-20 10:19:33 +02:00
Tom Hvitved
1442bddf36 Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@3c903abq with tuple counts:
          280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
          280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          103843  ~5%    {3} r4 = JOIN r3 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        19665045  ~0%    {3} r5 = JOIN r4 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
        19497860  ~0%    {3} r6 = JOIN r5 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        19496808  ~0%    {3} r9 = JOIN r8 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, true, In.1, In.2
           49434  ~7%    {3} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3
             117  ~4%    {3} r12 = JOIN r11 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
               0  ~0%    {1} r13 = JOIN r12 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 2 OUTPUT Lhs.2
                         return r13
```

After
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@137a23jm with tuple counts:
        280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
        280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        102517  ~1%    {2} r4 = JOIN r3 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r5 = JOIN r4 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r6 = JOIN r5 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        102378  ~0%    {2} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~0%    {3} r8 = SCAN r7 OUTPUT In.0, true, In.1
          7417  ~5%    {2} r9 = JOIN r8 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
            22  ~0%    {2} r10 = JOIN r9 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r11 = JOIN r10 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r12 = JOIN r11 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             0  ~0%    {1} r13 = JOIN r12 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0
                       return r13
```
 2023-09-20 09:51:15 +02:00
Joe Farebrother
4497e22195 Add an additional example and additional test cases for authorize attribute cases 2023-09-20 04:13:34 +01:00
Joe Farebrother
475fe3a2a5 Attempt to improve performance in checksUser 2023-09-20 03:18:20 +01:00
Geoffrey White
af315c5072 Swift: Change note. 2023-09-19 23:02:14 +01:00
Geoffrey White
1b74b49bb3 Swift: Improve NSString models for varargs functions. 2023-09-19 23:02:14 +01:00
Rasmus Lerchedahl Petersen
30c37ca8cb Python: model §accumulator 
also slightly rearrange the modelling
 2023-09-19 22:21:14 +02:00
Phill MV
11218f79c6 s/Replace/ReplaceAll/ in LogInjectionGood.go 2023-09-19 14:43:54 -04:00
Geoffrey White
f8c5a9a264 Swift: Test localizedStringWithFormat a bit better. 2023-09-19 18:43:54 +01:00
Geoffrey White
8354439d8d Merge pull request #14263 from geoffw0/typos 
CPP / Swift: Typos
 2023-09-19 18:02:33 +01:00
Geoffrey White
a3579f6e38 Merge branch 'main' into typos 2023-09-19 16:44:13 +01:00
Geoffrey White
ae159924a3 Swift: Add numeric barrier to the regular expression injection query as well. 2023-09-19 16:21:43 +01:00
Alexander Eyers-Taylor
2501a701ad Merge pull request #14256 from github/release-prep/2.14.6 
Release preparation for version 2.14.6
codeql-cli/v2.14.6 		2023-09-19 16:18:23 +01:00
Rasmus Lerchedahl Petersen
5611bda7ee Python: add test for $accumulator 2023-09-19 17:04:28 +02:00
Owen Mansel-Chan
650d8069f6 Merge pull request #14131 from omahs/patch-1 
Docs: fix minor typos
 2023-09-19 15:53:07 +01:00
Geoffrey White
935b7600ca Swift: Fix typos. 2023-09-19 15:19:00 +01:00
Geoffrey White
8a0e202b63 CPP: Fix typos. 2023-09-19 15:18:03 +01:00
Rasmus Wriedt Larsen
cc30c062b8 Misc: Update auto labeler for shared dataflow pack 2023-09-19 16:08:43 +02:00
Geoffrey White
e011951e1f Swift: Added change note for the new barriers. 2023-09-19 14:59:27 +01:00
Koen Vlaswinkel
3ebb9e16be C#: Update query id/tags and documentation 2023-09-19 15:54:15 +02:00
Koen Vlaswinkel
044fb9f320 C#: Rename queries from fetch methods to endpoints 2023-09-19 15:51:12 +02:00
Mathias Vorreiter Pedersen
2ae342c5c1 Merge pull request #14258 from MathiasVP/explicit-size_t 
C++: Use `size_t` explicitly in CWE-193 tests
 2023-09-19 14:50:54 +01:00