hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 23:58:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,239 Commits 1,673 Branches 157 Tags
codeql-cli/v2.15.2
Commit Graph

60239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maiky
153a435257 Naming change 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:40:42 +02:00
Maiky
aea6eeda38 Naming change 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:40:34 +02:00
Maiky
2ebe46bd05 Naming change 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:40:20 +02:00
Joe Farebrother
6d704be7d2 Rewrite checks for index expressions in terms of dataflow 2023-09-15 10:25:27 +01:00
Joe Farebrother
a2dce6be14 Check for authorize attributes in more namespaces and on overridden methods 2023-09-15 10:25:27 +01:00
Joe Farebrother
6a95ed64ff Add test cases for authorization from attributes 2023-09-15 10:25:27 +01:00
Joe Farebrother
ac45050545 Add checks for authorization attributes 2023-09-15 10:25:27 +01:00
Joe Farebrother
0a27da08d6 Minor changes from review suggestions to shared logic between this and missing access control 
Use case insensitive regex, factor out page load to improve possible bad joins make needsAuth not a member predicate
 2023-09-15 10:25:27 +01:00
Joe Farebrother
a022893f0f Add additional example to qhelp + additional resource 2023-09-15 10:25:27 +01:00
Joe Farebrother
86abd338e5 Update test options 2023-09-15 10:25:26 +01:00
Joe Farebrother
9f25c71ca6 Apply minor reveiw suggstions 2023-09-15 10:25:26 +01:00
Joe Farebrother
4967fe0b77 Add change note + update query ID 2023-09-15 10:25:26 +01:00
Joe Farebrother
3e6750ba4c Add documentation 2023-09-15 10:25:26 +01:00
Joe Farebrother
f8b1b38438 Update alert message and make user checks more precise 2023-09-15 10:25:26 +01:00
Joe Farebrother
009a7bfc87 Add MVC tests 2023-09-15 10:25:26 +01:00
Joe Farebrother
20d42dfd7d Add tests for webforms case 2023-09-15 10:25:26 +01:00
Joe Farebrother
2edd73eb60 Fix typos in filepath + metadata, add severity 2023-09-15 10:25:26 +01:00
Joe Farebrother
251f875304 Fix filenme typo 2023-09-15 10:25:26 +01:00
Joe Farebrother
5d1289672b Add IDOR query 2023-09-15 10:25:26 +01:00
Joe Farebrother
a510a7b4c0 Add insecure direct object reference definitions and factor out those from missing access control 2023-09-15 10:25:26 +01:00
Mathias Vorreiter Pedersen
6c7833f28c Merge pull request #14223 from MathiasVP/add-explicit-dereferenced-by-operation-base-case-predicate 
C++: Add a `directDereferencedByOperation` predicate
 2023-09-15 10:19:26 +01:00
Tom Hvitved
14561c414b Merge pull request #14225 from hvitved/ruby/fix-bad-join 
Ruby: Fix a bad join
 2023-09-15 10:59:24 +02:00
Tamas Vajk
d725bd9169 C#: Generate source file with implicit usings in Standalone 2023-09-15 10:52:57 +02:00
Chris Smowton
c5001a86f6 Fix test expectations 2023-09-14 20:45:54 +01:00
Tom Hvitved
c83a29c27f Ruby: Fix a bad join 
Before
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@22c05bb6 with tuple counts:
          212957   ~2195%    {1} r1 = JOIN _Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_Expr#6fb2af19::Expr::getConstantV__#shared WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1
        43862468   ~6045%    {2} r2 = JOIN r1 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0
        43862468   ~6581%    {2} r3 = JOIN r2 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        43844886  ~40661%    {2} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           15004   ~8295%    {3} r5 = JOIN r4 WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Rhs.1
           15004   ~8890%    {3} r6 = SCAN r5 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                             return r6
```

After
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@f6249cga with tuple counts:
         10237       ~0%    {3} r1 = JOIN locations_default_10#join_rhs WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
          4015       ~5%    {3} r2 = JOIN r1 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           825      ~96%    {3} r3 = JOIN r2 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           940       ~0%    {4} r4 = JOIN r3 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
        325402       ~0%    {4} r5 = JOIN r4 WITH Expr#6fb2af19::Expr::getConstantValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
        231819  ~133147%    {3} r6 = JOIN r5 WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.3, Lhs.1
        231819  ~138805%    {3} r7 = SCAN r6 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                            return r7
```
 2023-09-14 21:34:17 +02:00
Harry Maclean
5706bc6205 Ruby: Model GraphQL InputObject arguments 2023-09-14 19:02:39 +01:00
Ian Lynagh
730480360e Merge pull request #14221 from igfoo/igfoo/gradle_seq 
Kotlin: Add more tests to the "gradle sequential" set
 2023-09-14 18:39:11 +01:00
Robert Marsh
eddca7f3f6 Swift: autoformat for for-in changes 2023-09-14 16:48:19 +00:00
Chris Smowton
5f6a40b9e8 Note Kotlin test no longer has CFG dead-ends if ErrorExpr participates in the CFG 2023-09-14 17:42:00 +01:00
Chris Smowton
d9f7180b5c Add missing diagnostic expectations 2023-09-14 17:42:00 +01:00
Chris Smowton
8f940c311a Update expectations and add expected diagnostics 2023-09-14 17:42:00 +01:00
Chris Smowton
a1a7640427 Give ErrorExpr default control flow 
This prevents a CFG dead-end because of one ErrorExpr
 2023-09-14 17:42:00 +01:00
Chris Smowton
b1e128b5c1 Pretty-print a ClassInstanceExpr without a bound constructor nicely 2023-09-14 17:42:00 +01:00
Chris Smowton
9670f20bd7 Add test for method reference whose LHS has unknown type 
This can happen when imports or source classes are missing.
 2023-09-14 17:42:00 +01:00
Chris Smowton
6ea7b195db Add test for a module declaration made in a file named other than module-info.java 
This triggers a weird corner case in our extractor, which used to throw a null pointer exception.
 2023-09-14 17:42:00 +01:00
Chris Smowton
c47ba000d6 Add test exercising the case of a missing type used as an interface 
This induces the TypeEnter phase to create an ErrorType with a parameter, which in turn used to cause a stack overflow in comparing the TypeWrapper objects involved.

Note the output remains somewhat broken, exposing an <any> type, but at least the overflow is resolved.
 2023-09-14 17:42:00 +01:00
Chris Smowton
4b5651bde9 Add test for Java extracting ErrorType 2023-09-14 17:42:00 +01:00
Chris Smowton
c0f8973749 Add test for extracting a Java AST with an error expression 
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
 2023-09-14 17:42:00 +01:00
Chuan-kai Lin
264e57fc59 Merge pull request #14222 from github/mergeback-codeql-cli-2.14.5 
Custom post-release preparation for codeql-cli-2.14.5
 2023-09-14 09:40:11 -07:00
Robert Marsh
ab7cd5254a Swift: update dataflow test for nil coalescing 2023-09-14 16:28:00 +00:00
Mathias Vorreiter Pedersen
8aeb9b9ae0 Merge pull request #14219 from MathiasVP/fix-phi-flow-2 
C++: Fix `phi`->`phi` flow
 2023-09-14 17:22:51 +01:00
Robert Marsh
9a5fa42dbe Swift: CFG for nil coalescing operator 2023-09-14 16:16:30 +00:00
Mathias Vorreiter Pedersen
b18de9e641 C++: Add a named base case predicate for 'dereferencedByOperation' that can be used in queries. 2023-09-14 17:12:58 +01:00
Ian Lynagh
e5ac7620e3 Kotlin: Add more tests to the "gradle sequential" set 2023-09-14 15:44:32 +01:00
AlexDenisov
ff7ff6dcfa Merge pull request #14201 from MathiasVP/add-ast-consistency-query 
C++: Add AST consistency query
 2023-09-14 16:34:20 +02:00
Robert Marsh
56b646a74c Merge branch 'main' into rdmarsh2/swift/for-in 2023-09-14 14:14:06 +00:00
Robert Marsh
55546fe61c Merge pull request #14205 from rdmarsh2/rdmarsh2/swift/unify-array-collection-content 
Swift: Unify `ArrayContent` and `CollectionContent`
 2023-09-14 10:08:37 -04:00
Tom Hvitved
c0e600c515 Merge pull request #12672 from hvitved/ruby/implicit-array-reads-at-sinks 
Ruby: Allow for implicit array reads at all sinks during taint tracking
 2023-09-14 15:39:37 +02:00
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Robert Marsh
dd01da4938 Swift: AST and CFG tests for nil coalescing 2023-09-14 13:26:41 +00:00