codeql

mirror of https://github.com/github/codeql.git synced 2026-01-26 12:52:57 +01:00

Author	SHA1	Message	Date
Joe Farebrother	68ad5b7c00	Restrict logic for checking for id parameters on index expressions for performance	2023-09-15 16:35:29 +01:00
Mathias Vorreiter Pedersen	cdf5872eb3	Merge pull request #14217 from alexet/is-trivial-built-in CPP:Make __is_trivial a builtin operation.	2023-09-15 16:01:25 +01:00
amammad	52d1e45b05	add comments for better quality	2023-09-15 23:25:25 +10:00
Chris Smowton	f160c6c646	Merge pull request #14195 from Kwstubbs/SQL_int_sanitizer Add Integer/Boolean Sanitizer to SQL injection Query	2023-09-15 14:13:35 +01:00
Chris Smowton	aaa230a791	Merge branch 'main' into SQL_int_sanitizer	2023-09-15 13:44:58 +01:00
Chris Smowton	062024b3d6	Merge pull request #14232 from smowton/smowton/fix/autoformat Fix formatting mistake	2023-09-15 13:00:40 +01:00
Chris Smowton	a63bb1bbed	Tidy	2023-09-15 12:58:44 +01:00
Chris Smowton	e62fcf9a45	Fix formatting mistake	2023-09-15 12:37:34 +01:00
Tamas Vajk	c34fef1eb6	Adjust integration tests after path changes and generating file with global usings	2023-09-15 13:35:25 +02:00
Chris Smowton	24dc09efad	Merge pull request #14206 from smowton/smowton/feature/add-java-miscompilation-tests Java: add tests for programs that don't compile	2023-09-15 11:14:04 +01:00
Maiky	f08eb3cdf4	Doc change Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:51:53 +02:00
Maiky	15b965bb3b	rename `verifies()` to `verifiesSignature()`	2023-09-15 11:45:19 +02:00
Maiky	c43d0866f6	Update ruby/ql/src/experimental/cwe-347/EmptyJWTSecret.ql Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:42:43 +02:00
Maiky	122881ddf5	Simplify `DataFlow::PairNode` Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:41:19 +02:00
Maiky	d4f6111621	Naming change Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:40:51 +02:00
Maiky	153a435257	Naming change Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:40:42 +02:00
Maiky	aea6eeda38	Naming change Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:40:34 +02:00
Maiky	2ebe46bd05	Naming change Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-09-15 11:40:20 +02:00
Joe Farebrother	6d704be7d2	Rewrite checks for index expressions in terms of dataflow	2023-09-15 10:25:27 +01:00
Joe Farebrother	a2dce6be14	Check for authorize attributes in more namespaces and on overridden methods	2023-09-15 10:25:27 +01:00
Joe Farebrother	6a95ed64ff	Add test cases for authorization from attributes	2023-09-15 10:25:27 +01:00
Joe Farebrother	ac45050545	Add checks for authorization attributes	2023-09-15 10:25:27 +01:00
Joe Farebrother	0a27da08d6	Minor changes from review suggestions to shared logic between this and missing access control Use case insensitive regex, factor out page load to improve possible bad joins make needsAuth not a member predicate	2023-09-15 10:25:27 +01:00
Joe Farebrother	a022893f0f	Add additional example to qhelp + additional resource	2023-09-15 10:25:27 +01:00
Joe Farebrother	86abd338e5	Update test options	2023-09-15 10:25:26 +01:00
Joe Farebrother	9f25c71ca6	Apply minor reveiw suggstions	2023-09-15 10:25:26 +01:00
Joe Farebrother	4967fe0b77	Add change note + update query ID	2023-09-15 10:25:26 +01:00
Joe Farebrother	3e6750ba4c	Add documentation	2023-09-15 10:25:26 +01:00
Joe Farebrother	f8b1b38438	Update alert message and make user checks more precise	2023-09-15 10:25:26 +01:00
Joe Farebrother	009a7bfc87	Add MVC tests	2023-09-15 10:25:26 +01:00
Joe Farebrother	20d42dfd7d	Add tests for webforms case	2023-09-15 10:25:26 +01:00
Joe Farebrother	2edd73eb60	Fix typos in filepath + metadata, add severity	2023-09-15 10:25:26 +01:00
Joe Farebrother	251f875304	Fix filenme typo	2023-09-15 10:25:26 +01:00
Joe Farebrother	5d1289672b	Add IDOR query	2023-09-15 10:25:26 +01:00
Joe Farebrother	a510a7b4c0	Add insecure direct object reference definitions and factor out those from missing access control	2023-09-15 10:25:26 +01:00
Mathias Vorreiter Pedersen	6c7833f28c	Merge pull request #14223 from MathiasVP/add-explicit-dereferenced-by-operation-base-case-predicate C++: Add a `directDereferencedByOperation` predicate	2023-09-15 10:19:26 +01:00
Tom Hvitved	14561c414b	Merge pull request #14225 from hvitved/ruby/fix-bad-join Ruby: Fix a bad join	2023-09-15 10:59:24 +02:00
Tamas Vajk	d725bd9169	C#: Generate source file with implicit usings in Standalone	2023-09-15 10:52:57 +02:00
amammad	e1d5c9d45b	fix grammar mistake	2023-09-15 06:32:23 +10:00
Chris Smowton	c5001a86f6	Fix test expectations	2023-09-14 20:45:54 +01:00
Tom Hvitved	c83a29c27f	Ruby: Fix a bad join Before ``` Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@22c05bb6 with tuple counts: 212957 ~2195% {1} r1 = JOIN _Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_Expr#6fb2af19::Expr::getConstantV__#shared WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1 43862468 ~6045% {2} r2 = JOIN r1 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0 43862468 ~6581% {2} r3 = JOIN r2 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 43844886 ~40661% {2} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1 15004 ~8295% {3} r5 = JOIN r4 WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Rhs.1 15004 ~8890% {3} r6 = SCAN r5 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1 return r6 ``` After ``` Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@f6249cga with tuple counts: 10237 ~0% {3} r1 = JOIN locations_default_10#join_rhs WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2 4015 ~5% {3} r2 = JOIN r1 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 825 ~96% {3} r3 = JOIN r2 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 940 ~0% {4} r4 = JOIN r3 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0 325402 ~0% {4} r5 = JOIN r4 WITH Expr#6fb2af19::Expr::getConstantValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3 231819 ~133147% {3} r6 = JOIN r5 WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.3, Lhs.1 231819 ~138805% {3} r7 = SCAN r6 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1 return r7 ```	2023-09-14 21:34:17 +02:00
Harry Maclean	5706bc6205	Ruby: Model GraphQL InputObject arguments	2023-09-14 19:02:39 +01:00
Ian Lynagh	730480360e	Merge pull request #14221 from igfoo/igfoo/gradle_seq Kotlin: Add more tests to the "gradle sequential" set	2023-09-14 18:39:11 +01:00
Robert Marsh	eddca7f3f6	Swift: autoformat for for-in changes	2023-09-14 16:48:19 +00:00
Chris Smowton	5f6a40b9e8	Note Kotlin test no longer has CFG dead-ends if ErrorExpr participates in the CFG	2023-09-14 17:42:00 +01:00
Chris Smowton	d9f7180b5c	Add missing diagnostic expectations	2023-09-14 17:42:00 +01:00
Chris Smowton	8f940c311a	Update expectations and add expected diagnostics	2023-09-14 17:42:00 +01:00
Chris Smowton	a1a7640427	Give ErrorExpr default control flow This prevents a CFG dead-end because of one ErrorExpr	2023-09-14 17:42:00 +01:00
Chris Smowton	b1e128b5c1	Pretty-print a ClassInstanceExpr without a bound constructor nicely	2023-09-14 17:42:00 +01:00
Chris Smowton	9670f20bd7	Add test for method reference whose LHS has unknown type This can happen when imports or source classes are missing.	2023-09-14 17:42:00 +01:00

... 149 150 151 152 153 ...

66447 Commits