hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 00:14:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,679 Branches 158 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
0edfafeb06 Shared: Correct and clarify doc for SemBound.getExpr. 2024-03-06 16:00:36 +00:00
Ed Minnix
a87df5459f Fix flow summary tests 2024-03-06 10:39:32 -05:00
Ed Minnix
527041348e Add comment about Memory<T> 2024-03-06 10:39:31 -05:00
Ed Minnix
e065390185 Add .Element modifier to Memory<T> arguments in MaD models 2024-03-06 10:39:30 -05:00
Ed Minnix
27ba51cf9d Change note 2024-03-06 10:39:28 -05:00
Ed Minnix
94a941115f Fix FlowSummaries test results 2024-03-06 10:39:27 -05:00
Ed Minnix
ca55b92281 Change System.IO.TextReader models to transfer taint to out parameter instead of return value 
Some of the `System.IO.TextReader` models transfered taint to
`ReturnValue`, when there is a more relevant out-parameter/array.
 2024-03-06 10:39:25 -05:00
Owen Mansel-Chan
0ebe045cd8 Merge pull request #15819 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-03-06 15:35:14 +00:00
Tamas Vajk
c4f2bbda2a Simplify task counter incrementing 2024-03-06 16:12:14 +01:00
Tamas Vajk
34308eee8d C#: Improve buildless progress reporting 2024-03-06 16:11:19 +01:00
Geoffrey White
8c0f02ac4b C++: Add summary jumpStep, readStep, storeStep. 2024-03-06 14:51:48 +00:00
Owen Mansel-Chan
4e5a6d770a Merge branch 'main' into workflow/coverage/update 2024-03-06 13:43:05 +00:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
f4c2e65614 Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Asger F
a54a73c9a2 JS: Detect more FunctionStyleClasses 2024-03-06 11:37:20 +01:00
Anders Schack-Mulligen
caa45058ae Dataflow: Improve join-order. 
Join with the functional getApprox before filtering with revFlow as this
is always better.
 2024-03-06 11:29:08 +01:00
Anders Schack-Mulligen
55e6255e05 Dataflow: Extend the first join to also include argApa. 
Improves from
2024-03-04 13:29:20] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 in 126ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 with tuple counts:
              1  ~0%    {2} r1 = SCAN `DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::TAccessPathApproxNone#dom#04382804` OUTPUT _, _
              1  ~0%    {0}    | REWRITE WITH Tmp.0 := true, Tmp.1 := false, TEST Tmp.0 != Tmp.1 KEEPING 0
          83798  ~0%    {4}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/8#ffafcf14` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.3, Rhs.1, Rhs.2
        4044102  ~3%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2013#join_rhs` ON FIRST 1 OUTPUT Rhs.2, Lhs.2, Lhs.3, Rhs.3, Lhs.1, Lhs.0, Rhs.1
         398332  ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
         398332  ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
to
[2024-03-04 15:20:26] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u in 35ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u with tuple counts:
         83798   ~0%    {7} r1 = SCAN `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/9#53894c55` OUTPUT In.0, In.1, In.2, In.3, In.4, _, _
                        {5}    | REWRITE WITH Tmp.5 := true, Tmp.6 := false, TEST Tmp.5 != Tmp.6 KEEPING 5
         83798   ~3%    {5}    | SCAN OUTPUT In.0, In.3, In.4, In.1, In.2
        416847   ~2%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2301#join_rhs` ON FIRST 2 OUTPUT Rhs.3, Lhs.3, Lhs.4, Lhs.1, Lhs.2, Lhs.0, Rhs.2
        398332   ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
        398332   ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
 2024-03-06 11:29:08 +01:00
Owen Mansel-Chan
316273c7f3 Merge branch 'main' into workflow/coverage/update 2024-03-06 10:14:46 +00:00
Jeroen Ketema
66d2a8499d Merge pull request #15816 from MathiasVP/remove-ssa-pruning-stage 
C++: Remove the pruning stage from dataflow SSA
 2024-03-06 11:04:05 +01:00
Malayke
02bab4c15a Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
Anders Schack-Mulligen
0dbe8c3d8a Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity 
Data flow: prune context-sensitivity relations
 2024-03-06 10:04:48 +01:00
Jeroen Ketema
d13ea0b6c9 Merge pull request #15817 from github/rdmarsh2/suppress-expr-destructors 
C++: Suppress implicit destructors on expr in preparation for destructors on temporaries
 2024-03-06 09:54:50 +01:00
Jeroen Ketema
6972f9b31d C++: Update syntax-zoo expected test results 2024-03-06 09:34:47 +01:00
Harry Maclean
350dab4621 Merge pull request #15722 from hmac/mad-sinks 2024-03-06 08:18:19 +00:00
Edward Minnix III
6ba6b12b9f Docs review suggestion 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-05 22:31:25 -05:00
github-actions[bot]
b71074f9c4 Add changed framework coverage reports 2024-03-06 00:16:26 +00:00
Robert Marsh
fbbd57b34f C++: Suppress epxr destructors in preparation for temporaries 2024-03-05 21:12:12 +00:00
Mathias Vorreiter Pedersen
f400228037 C++: Remove the pruning stage from SSA. 2024-03-05 12:55:55 -08:00
Angela P Wen
727a38a409 Merge pull request #15814 from github/release-prep/2.16.4 
Release preparation for version 2.16.4
 2024-03-05 10:16:21 -08:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Geoffrey White
3657269d3e C++: Autoformat. 2024-03-05 17:35:05 +00:00
Geoffrey White
d1fc700735 C++: Fill out some QLDoc. 2024-03-05 17:34:48 +00:00
Geoffrey White
7675f153ce C++: Add SummaryOutNode class. 2024-03-05 17:32:54 +00:00
Angela P Wen
7e2a775a2a Merge pull request #15813 from github/revert-15801-release-prep/2.16.4 
Revert "Release preparation for version 2.16.4"
 2024-03-05 09:20:42 -08:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Joe Farebrother
7027b7fe82 Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting. 2024-03-05 16:34:48 +00:00
Tamás Vajk
b4fdd4e222 Merge pull request #15808 from tamasvajk/buildless/package-source-telemetry 
C#: Add package source error count to DB
 2024-03-05 17:20:38 +01:00
Michael B. Gale
eaef544a26 Merge pull request #15810 from github/mbg/go/fix-initialised-module-names 2024-03-05 15:34:07 +00:00
Tony Torralba
e78e71c875 List Squirrel builders explicitly 2024-03-05 16:05:22 +01:00
Michael B. Gale
40ff75db07 Go: Update list of expected files for single-go-mod-and-go-files-not-under-it test 2024-03-05 14:56:51 +00:00
Ian Lynagh
edd383afc1 Merge pull request #15803 from igfoo/igfoo/del1 
Kotlin 2: Accept more location changes
 2024-03-05 14:41:05 +00:00
Tony Torralba
a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Tamas Vajk
2b99b83857 C#: Add package source error count to DB 2024-03-05 15:32:08 +01:00
Michael B. Gale
a8d240dd72 Go: Add integration test for mixed layout project 2024-03-05 14:08:16 +00:00
Michael B. Gale
ac394dc80c Go: Better check for path prefixes 2024-03-05 13:46:33 +00:00
Owen Mansel-Chan
8e43c5c683 Merge pull request #15811 from owen-mc/go/limit-password-heuristics 
Go: Only check strings of length <= 100 for dummy password with <= 2 unique characters
 2024-03-05 13:42:26 +00:00
Michael B. Gale
b1e0bc03ab Go: Fix check for whether it is safe to initialise a go.mod file in a given directory 2024-03-05 12:48:21 +00:00
Michael B. Gale
367ecf75d5 Go: Use import path for auto-generated Go module names 2024-03-05 12:48:21 +00:00
Michael B. Gale
2aa093c95c Go: Move getImportPath to shared util package 2024-03-05 12:48:19 +00:00