hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Koen Vlaswinkel
8e55189b84 Java: Add tests for generic interfaces/classes/methods 2023-09-20 14:02:34 +02:00
Koen Vlaswinkel
6e78aac6cc Java: Rename CallableMethod to Endpoint 2023-09-20 13:57:27 +02:00
Koen Vlaswinkel
fee9640077 Java: Update query id/tags and documentation 2023-09-20 13:54:35 +02:00
Koen Vlaswinkel
fe7ce0ae0b Java: Rename queries from fetch methods to endpoints 2023-09-20 13:52:49 +02:00
Koen Vlaswinkel
082a45400d Java: Rename AutomodelVsCode to ModelEditor 2023-09-20 13:51:05 +02:00
Tom Hvitved
455cde2f64 Merge pull request #14267 from hvitved/ruby/fix-join 
Ruby: Fix bad join
 2023-09-20 13:49:51 +02:00
Michael Nebel
13dd9a6c37 C#: Address review comments. 2023-09-20 13:43:38 +02:00
Michael Nebel
50a9219a3b C#: Re-factor most of the logic out of the model editor query files. 2023-09-20 13:08:01 +02:00
Michael Nebel
45432f211c C#: Identify whether callables in the source code are supported in terms of MaD. 2023-09-20 13:01:24 +02:00
github-actions[bot]
3acf5244b0 Post-release preparation for codeql-cli-2.14.6 2023-09-20 10:25:10 +00:00
Chris Smowton
07dbad509c Merge pull request #14265 from phillmv/patch-1 
s/Replace/ReplaceAll/ in LogInjectionGood.go
 2023-09-20 11:06:15 +01:00
Chris Smowton
a8afa05b1d Correct ReplaceAll params 
ReplaceAll doesn't take a count argument
 2023-09-20 10:00:53 +01:00
Mathias Vorreiter Pedersen
22d66b6d81 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 2023-09-20 09:56:10 +01:00
Mathias Vorreiter Pedersen
fb1ce2ab70 C++: Lift 'getParameter' to 'ParameterNode'. 2023-09-20 09:51:35 +01:00
Rasmus Wriedt Larsen
8e864ab84a Merge pull request #14262 from RasmusWL/dataflow-labeler 
Misc: Update auto labeler for shared dataflow pack
 2023-09-20 10:26:44 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
Anders Schack-Mulligen
d7e965f863 Dataflow: Add lightweight api based on TypeTracking. 2023-09-20 10:21:21 +02:00
Anders Schack-Mulligen
d7bd8c7ffd Shared/TypeTracking: Add support for flow from non-LocalSourceNode source and bugfix in smallstep. 2023-09-20 10:19:33 +02:00
Tom Hvitved
1442bddf36 Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@3c903abq with tuple counts:
          280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
          280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          103843  ~5%    {3} r4 = JOIN r3 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        19665045  ~0%    {3} r5 = JOIN r4 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
        19497860  ~0%    {3} r6 = JOIN r5 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~0%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        19496808  ~0%    {3} r9 = JOIN r8 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        19496808  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, true, In.1, In.2
           49434  ~7%    {3} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3
             117  ~4%    {3} r12 = JOIN r11 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
               0  ~0%    {1} r13 = JOIN r12 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 2 OUTPUT Lhs.2
                         return r13
```

After
```
Evaluated relational algebra for predicate DataFlowPublic#e1781e31::BarrierGuard#PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#::getAMaybeGuardedCapturedDef#0#f@137a23jm with tuple counts:
        280924  ~0%    {2} r1 = SCAN Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.2, In.0
        280924  ~0%    {2} r2 = JOIN r1 WITH BasicBlocks#d5fe3e99::BasicBlock::getScope#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        103843  ~1%    {2} r3 = JOIN r2 WITH SSA#304893e3::Ssa::CapturedEntryDefinition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        102517  ~1%    {2} r4 = JOIN r3 WITH Call#841c84e8::MethodCall::getBlock#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r5 = JOIN r4 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~2%    {2} r6 = JOIN r5 WITH CfgNodes#ace8e412::ExprNodes::CallCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        102378  ~0%    {2} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        102378  ~0%    {3} r8 = SCAN r7 OUTPUT In.0, true, In.1
          7417  ~5%    {2} r9 = JOIN r8 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
            22  ~0%    {2} r10 = JOIN r9 WITH PolynomialReDoSCustomizations#32063fa3::PolynomialReDoS::lengthGuard#3#cpe#12#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r11 = JOIN r10 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            12  ~0%    {2} r12 = JOIN r11 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
             0  ~0%    {1} r13 = JOIN r12 WITH Ssa#da392372::Make#SsaImpl#ff97b16a::SsaInput#::Definition::getSourceVariable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0
                       return r13
```
 2023-09-20 09:51:15 +02:00
Joe Farebrother
4497e22195 Add an additional example and additional test cases for authorize attribute cases 2023-09-20 04:13:34 +01:00
Joe Farebrother
475fe3a2a5 Attempt to improve performance in checksUser 2023-09-20 03:18:20 +01:00
Geoffrey White
af315c5072 Swift: Change note. 2023-09-19 23:02:14 +01:00
Geoffrey White
1b74b49bb3 Swift: Improve NSString models for varargs functions. 2023-09-19 23:02:14 +01:00
Rasmus Lerchedahl Petersen
30c37ca8cb Python: model §accumulator 
also slightly rearrange the modelling
 2023-09-19 22:21:14 +02:00
Robert Marsh
30b30695e4 Swift: WIP upgrade script for for-each refactor 2023-09-19 19:28:05 +00:00
Phill MV
11218f79c6 s/Replace/ReplaceAll/ in LogInjectionGood.go 2023-09-19 14:43:54 -04:00
Geoffrey White
f8c5a9a264 Swift: Test localizedStringWithFormat a bit better. 2023-09-19 18:43:54 +01:00
Geoffrey White
8354439d8d Merge pull request #14263 from geoffw0/typos 
CPP / Swift: Typos
 2023-09-19 18:02:33 +01:00
Geoffrey White
a3579f6e38 Merge branch 'main' into typos 2023-09-19 16:44:13 +01:00
Geoffrey White
ae159924a3 Swift: Add numeric barrier to the regular expression injection query as well. 2023-09-19 16:21:43 +01:00
Alexander Eyers-Taylor
2501a701ad Merge pull request #14256 from github/release-prep/2.14.6 
Release preparation for version 2.14.6
codeql-cli/v2.14.6 		2023-09-19 16:18:23 +01:00
Rasmus Lerchedahl Petersen
5611bda7ee Python: add test for $accumulator 2023-09-19 17:04:28 +02:00
Owen Mansel-Chan
650d8069f6 Merge pull request #14131 from omahs/patch-1 
Docs: fix minor typos
 2023-09-19 15:53:07 +01:00
Geoffrey White
935b7600ca Swift: Fix typos. 2023-09-19 15:19:00 +01:00
Geoffrey White
8a0e202b63 CPP: Fix typos. 2023-09-19 15:18:03 +01:00
Rasmus Wriedt Larsen
cc30c062b8 Misc: Update auto labeler for shared dataflow pack 2023-09-19 16:08:43 +02:00
Geoffrey White
e011951e1f Swift: Added change note for the new barriers. 2023-09-19 14:59:27 +01:00
Koen Vlaswinkel
3ebb9e16be C#: Update query id/tags and documentation 2023-09-19 15:54:15 +02:00
Koen Vlaswinkel
044fb9f320 C#: Rename queries from fetch methods to endpoints 2023-09-19 15:51:12 +02:00
Mathias Vorreiter Pedersen
2ae342c5c1 Merge pull request #14258 from MathiasVP/explicit-size_t 
C++: Use `size_t` explicitly in CWE-193 tests
 2023-09-19 14:50:54 +01:00
Koen Vlaswinkel
eace7a4bbf C#: Add tests for supported framework methods 2023-09-19 15:49:35 +02:00
Geoffrey White
32a2930c2f Swift: Accept bad tag filter test fixes. 2023-09-19 14:47:56 +01:00
Tom Hvitved
7c2df87ea2 Merge pull request #14247 from hvitved/dataflow/fix-consitency-checks 
Data flow: Fix two consistency checks
 2023-09-19 15:45:21 +02:00
omahs
473f17c0e6 fix typo 2023-09-19 14:39:49 +01:00
omahs
884f41b6f0 fix typo 2023-09-19 14:39:49 +01:00
omahs
278d0fb798 fix typo 2023-09-19 14:39:49 +01:00
omahs
f58dd7303c fix typo 2023-09-19 14:39:49 +01:00
Geoffrey White
5975546098 Swift: Add numeric barrier for predicate injection query as well. 2023-09-19 14:33:24 +01:00
Geoffrey White
2983295ba3 Swift: Add numeric barrier for uncontrolled format string query. 2023-09-19 14:33:23 +01:00
Geoffrey White
f98de85e36 Swift: Add numeric barrier for command injection query. 2023-09-19 14:33:23 +01:00