codeql

mirror of https://github.com/github/codeql.git synced 2026-01-02 09:16:34 +01:00

Author	SHA1	Message	Date
Harry Maclean	4239268efd	Ruby: Prevent some false flow into splat params In cases where there are positional parameters after a splat parameter, don't attempt to match the splat parameter to a splat argument. We need more sophisticated modelling to handle these cases, which is future work.	2023-08-09 15:01:40 +01:00
Harry Maclean	6f3e2cdde3	Ruby: Add change note	2023-08-09 15:01:40 +01:00
Harry Maclean	c0baa5116f	Ruby: add test for example splat arg/param matches	2023-08-09 15:01:40 +01:00
Harry Maclean	72356d1515	Ruby: track flow from args to positional params This models flow in the following case: def foo(x, y) sink x # 1 sink y # 2 end args = [source 1, source 2] foo(args) We do this by introducing a SynthSplatParameterNode which accepts content from the splat argument, if one is given at the callsite. From this node we add read steps to each positional parameter.	2023-08-09 15:01:40 +01:00
Jeroen Ketema	e04d30a676	C++: Update expected test changes due to the line in `test2.cpp` having shifted	2023-08-09 15:50:07 +02:00
Jeroen Ketema	6100425274	C++: Add change note	2023-08-09 15:47:19 +02:00
Geoffrey White	b4b2338144	Swift: Test for MAD tuple content flow.	2023-08-09 14:41:32 +01:00
Jeroen Ketema	6d7a75d1b9	Merge pull request #13931 from MathiasVP/revert-constant-bounds-and-prep C++: Revert constant bounds for new range analysis codeql-cli/v2.14.2	2023-08-09 15:39:53 +02:00
Mathias Vorreiter Pedersen	8a490775d8	Merge branch 'main' into fix-barriers-in-invalid-pointer-deref	2023-08-09 14:32:58 +01:00
Ian Lynagh	0eb6d1c76e	Kotlin: useFunction might return null	2023-08-09 13:45:15 +01:00
Rasmus Lerchedahl Petersen	885e25ff2d	Python: use file-name-convention of `*.model.yml`	2023-08-09 14:25:33 +02:00
Mathias Vorreiter Pedersen	acd16afddd	Revert "Merge pull request #13880 from MathiasVP/type-bounds-preparation" This reverts commit `3e9d9e72dc`, reversing changes made to `877ee7047d`.	2023-08-09 13:03:06 +01:00
Mathias Vorreiter Pedersen	cb1076c335	Revert "Merge pull request #13783 from MathiasVP/type-bounds-for-new-range-analysis" This reverts commit `e9750af89f`, reversing changes made to `37a546253e`.	2023-08-09 13:02:54 +01:00
erik-krogh	fe542565c3	fix performance	2023-08-09 13:48:07 +02:00
Michael B. Gale	01ff690d51	Merge pull request #13923 from github/mbg/go/bump-go-libraries	2023-08-09 11:36:35 +01:00
Mathias Vorreiter Pedersen	da66136ded	Merge pull request #13911 from MathiasVP/fix-taint-for-frontend-upgrade C++: Fix taint-flow in preparation for frontend upgrade	2023-08-09 11:30:07 +01:00
Jeroen Ketema	d0e7354a1b	C++: Only consider the maximum buffer size for badly bounded write	2023-08-09 12:30:00 +02:00
Jeroen Ketema	9572b9d308	C++: Add test where buffer initialized with literal is reassigned an allocation	2023-08-09 12:26:10 +02:00
Rasmus Wriedt Larsen	c0dec21546	Merge pull request #13925 from RasmusWL/fixup-script Misc: Fixup `accept-expected-changes-from-ci.py`	2023-08-09 11:45:34 +02:00
Tom Hvitved	7dac819730	C#: Fix bad join order Before ``` Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb in 6096ms on iteration 4 (delta size: 592145). Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb on iteration 4 running pipeline standard with tuple counts: 204507 ~0% {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0 204507 ~0% {3} r2 = JOIN r1 WITH _@callable#f_ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#j__#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1 17844283 ~0% {3} r3 = JOIN r2 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2 592145 ~0% {2} r4 = JOIN r3 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1 592145 ~0% {2} r5 = r4 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1) return r5 ``` After ``` Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 in 310ms on iteration 4 (delta size: 592145). Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 on iteration 4 running pipeline standard with tuple counts: 204507 ~0% {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0 204507 ~0% {2} r2 = r1 AND NOT _statements_10#join_rhs#antijoin_rhs#13(Lhs.0) 592145 ~2% {3} r3 = JOIN r2 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1 592145 ~0% {3} r4 = JOIN r3 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1 592145 ~0% {2} r5 = JOIN r4 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.0 592145 ~0% {2} r6 = r5 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1) return r6 ```	2023-08-09 11:28:06 +02:00
AlexDenisov	6e8f600cb9	Merge pull request #13924 from github/alexdenisov/cherry-pick-reverted-pr Revert "Swift: Route compiler diagnostics through our log."	2023-08-09 11:02:19 +02:00
Rasmus Wriedt Larsen	69aa099ed1	Misc: Fixup `accept-expected-changes-from-ci.py` I guess there has been a rename of the URL from `/jobs/` to `/job/`, since the script has been working previously.	2023-08-09 10:44:31 +02:00
Geoffrey White	e828d8dace	Swift: Add UIKit to supported-frameworks.rst as well.	2023-08-09 09:25:43 +01:00
Geoffrey White	131b2b3e0c	Swift: Change note.	2023-08-09 09:25:43 +01:00
Geoffrey White	09346c76e7	Swift: Add models.	2023-08-09 09:25:43 +01:00
AlexDenisov	fa729faa0a	Revert "Swift: Route compiler diagnostics through our log."	2023-08-09 10:02:59 +02:00
Mathias Vorreiter Pedersen	499b6f35e5	C++: Also key SSA defs and uses by the base address.	2023-08-09 08:44:16 +01:00
Mathias Vorreiter Pedersen	e2feed78a0	C++: Generate SSA variables for all calls instead of just for calls to allocators.	2023-08-09 08:44:10 +01:00
Stephan Brandauer	e927470961	Merge branch 'main' into kaeluka/java-automodel-variadic-args	2023-08-09 09:02:32 +02:00
Michael Nebel	560b876c01	Merge pull request #13891 from felickz/csharp-hardcoded-cred-identity-fp cs/hardcoded-credentials - Removes false positive matches on benign Microsoft.AspNetCore.Identity properties	2023-08-09 08:32:36 +02:00
Chad Bentz	fa23a45f9d	Merge branch 'main' into csharp-hardcoded-cred-identity-fp	2023-08-08 17:48:27 -04:00
Geoffrey White	cb6aed18f3	Swift: Add tests.	2023-08-08 22:29:53 +01:00
Michael B. Gale	9da749ad77	Bump Go extractor dependencies	2023-08-08 22:23:47 +01:00
erik-krogh	0bce42410a	support arbitrary codepoints in NfaUtils.qll	2023-08-08 22:14:51 +02:00
erik-krogh	859e1bfabc	add constraint that i should be between 0 and 65535	2023-08-08 21:11:59 +02:00
Mathias Vorreiter Pedersen	389294bded	Merge pull request #13920 from MathiasVP/fix-out-nodes C++: Remove unnecessary predicates	2023-08-08 20:11:36 +01:00
erik-krogh	0391e063ca	move `to4digitHex` to `Numbers.qll`	2023-08-08 21:10:58 +02:00
Geoffrey White	a1234d4235	Merge pull request #13905 from geoffw0/forceunwrap Swift: Flow through ForceValueExpr on LHS of assignment	2023-08-08 18:36:50 +01:00
Brandon Stewart	93dd9d0aa4	Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-08-08 12:54:54 -04:00
Mathias Vorreiter Pedersen	2a1d5b7481	Merge branch 'main' into fix-out-nodes	2023-08-08 16:32:03 +01:00
Geoffrey White	2b0fcab182	Swift: Update test annotations following merge.	2023-08-08 16:06:52 +01:00
Geoffrey White	e9f0b535ea	Merge branch 'main' into forceunwrap	2023-08-08 16:03:31 +01:00
Anders Schack-Mulligen	0ca3f3308b	Merge pull request #13478 from aschackmull/java/varcapture Java: Add proper support for variable capture flow.	2023-08-08 16:22:56 +02:00
Anders Starcke Henriksen	3918e57ffe	Take filter pack into account.	2023-08-08 15:10:12 +02:00
Anders Starcke Henriksen	8d34ab6d18	Merge branch 'main' into starcke/automodel-pack	2023-08-08 15:02:33 +02:00
Anders Starcke Henriksen	7da6da1c93	Merge pull request #13852 from github/starcke/automodel-package-filter Add option to filter automodel queries	2023-08-08 14:59:00 +02:00
Alex Denisov	cebaca328e	Swift: 'ParsedSequence' lacks proper types and yields 'Unresolved' AST nodes	2023-08-08 14:41:15 +02:00
Anders Schack-Mulligen	1cd32722be	Java: More review fixes.	2023-08-08 14:32:48 +02:00
Mathias Vorreiter Pedersen	f4f5d43bcb	C++: `indirectReturnOutNodeOperand0` and `indirectReturnOutNodeInstruction0` were broken and for some reason only handled the case where calls mapped to raw indirect nodes :wat:. It turns out these predicates weren't actually needed anyway.	2023-08-08 13:23:10 +01:00
Alexandre Boulgakov	28863f39b0	Merge pull request #13917 from github/revert-13869-sashabu/swift-logging-compiler Revert "Swift: Route compiler diagnostics through our log."	2023-08-08 12:45:58 +01:00

... 51 52 53 54 55 ...

60239 Commits