hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-11 18:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,709 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
92427ab0c1 Merge branch 'main' into rust-rename-expr 2024-11-26 17:40:47 +01:00
Paolo Tranquilli
8abd3c4707 Rust: Remove windows difference from diagnostics 2024-11-26 16:48:49 +01:00
Taus
d779ae5c3e Python: Add change note for CFG pruning fix 
... And also bump the extractor version.
 2024-11-26 15:39:15 +00:00
Paolo Tranquilli
24eb65692f Rust: add some performance diagnostics 
This outputs some duration counts for various parts of the extraction
process in the database in the form of telemetry diagnostics.

The diagnostics format was preferred to putting things in the relational
database as that will scale better to code scanning and is more flexible
as for the data we can put into it without passing through the dbscheme.
Also, although it's not the case yet, it will be possible to output
diagnostics even if creation of the database fails.
 2024-11-26 16:35:38 +01:00
Asger F
805fd0b46e JS: Refine speculative step definition 2024-11-26 15:56:56 +01:00
Owen Mansel-Chan
141259c003 Update go/ql/lib/ext/slices.model.yml 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-11-26 14:48:20 +00:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Simon Friis Vindum
7ab5663fa6 Rust: Address PR feedback 2024-11-26 15:42:19 +01:00
Asger F
c94a01e6b6 JS: Remove reference to argsParseStep 
This was removed as part of the PR that introduced threat models.
 2024-11-26 15:36:47 +01:00
Asger F
bf62582f53 JS: Implement 'speculativeTaintStep' 
It is a mandatory part of the interface now; just providing a bare-bones implementation for rather than 'none()'
 2024-11-26 15:36:46 +01:00
Asger F
82d61e4194 Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main 2024-11-26 15:36:16 +01:00
Jeroen Ketema
8d59159691 C++: Fix qlref file 2024-11-26 15:35:52 +01:00
Simon Friis Vindum
d30f3e2822 Rust: Renamed expr on CallExpr and LetExpr 2024-11-26 15:22:14 +01:00
Mathias Vorreiter Pedersen
e42c7452ef C++: Cleanup conjuncts. This doesn't change any behavior. 2024-11-26 13:57:51 +00:00
Mathias Vorreiter Pedersen
39b61598e9 C++: Accept test changes. 2024-11-26 13:57:38 +00:00
Mathias Vorreiter Pedersen
f7cf5af720 C++: Actually check the function name. 2024-11-26 13:56:22 +00:00
Jami
36acfeb305 Merge pull request #18087 from jcogs33/jcogs33/java-sha2 
Java: add SHA-384 to list of secure crypto algorithms
 2024-11-26 08:51:58 -05:00
yoff
6d6f269e6c Merge pull request #17997 from yoff/java/inline-range-tests 2024-11-26 14:48:07 +01:00
Tom Hvitved
0c6b4cdb8f Merge pull request #18078 from hvitved/rust/variant-flow 
Rust: Data flow through variants
 2024-11-26 14:45:00 +01:00
Mathias Vorreiter Pedersen
f65f11b404 C++: Add a test for a somewhat embarrasing bug: MaD didn't check the function name in some cases. 2024-11-26 13:43:42 +00:00
Asger F
c2e9dca1de Merge pull request #18043 from asgerf/jss/jump-and-test-exclusion 
JS: Fix jump steps generated by IIFEs and exception flow
 2024-11-26 14:33:42 +01:00
Taus
2734377e5d Python: Add API graph support for parameter annotations 
Adds API graph support for observing that in
```python
def foo(x : Bar): ...
```
The variable `x` is likely to be an instance of the type `Bar` inside
this function.
In particular, we add `getInstanceFromAnnotation` as a predicate on API
graph nodes that tracks this step (corresponding to a new edge type
labeled with "annotation" in the API graph), and extend the existing
`getAnInstance` predicate to also include instances arising from type
annotations.

A more complete solution would also add support for annotated
assignments (`x : Foo = ...` or just `x : Foo`) as well as track types
through type aliases (`type Foo = Bar`). This turns out to be
non-trivial, however, as these type constructs don't have any CFG nodes
(and so no data-flow nodes by default either). In order to not have
perfect be the enemy of good, this commit is only targeting the type
parameter case (which is also likely to be the most common use case
anyway).

The tests for API graphs have been extended accordingly, including tests
for the kinds of type ascriptions that we _don't_ currently model in API
graphs (marked with `MISSING:` in the inline tests).
 2024-11-26 13:03:06 +00:00
Jeroen Ketema
6aa7c93af2 C++: More qlhelp fixes 2024-11-26 13:58:54 +01:00
Jeroen Ketema
fc6c327ab7 C++: Add change note 2024-11-26 13:55:30 +01:00
Taus
047e9742a0 Merge pull request #18086 from github/tausbn/add-vscode-task-for-creating-change-notes 
Add script and VSCode task for creating change notes
 2024-11-26 13:55:21 +01:00
Jeroen Ketema
e1f70a0dec C++: Add missing </p> to qlhelp 2024-11-26 13:50:09 +01:00
Taus
5279857d06 Fix comment 2024-11-26 12:48:20 +00:00
Asger F
f073f3b791 JS: Rename file to foo.test.js 2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5 JS: Add cross-file test in InsecureRandom 2024-11-26 13:43:24 +01:00
Taus
adbd4d35ed Add support for both query and library change notes 2024-11-26 12:39:17 +00:00
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
408a38d9fb Java: Address review comment, include addFirst,addLast. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
0d45f0efb2 Java: Accept consistency check result. 2024-11-26 13:25:43 +01:00
Anders Schack-Mulligen
2b1caa8a35 Java: Add test. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
5a4b720322 Java: Add change note. 2024-11-26 13:25:42 +01:00
Anders Schack-Mulligen
6f32c4129d Java: Add a default taint sanitizer for contains-checks on lists of constants. 2024-11-26 13:25:41 +01:00
Anders Schack-Mulligen
7f86f8cac7 Java: Prepare TypeFlow for separate instantiation of universal flow. 2024-11-26 13:25:41 +01:00
Owen Mansel-Chan
bcc89ecb7c Add change note 2024-11-26 12:07:32 +00:00
Owen Mansel-Chan
196634ecdb Model slices package 
Skipping functions that involve iterators for now.
 2024-11-26 12:01:09 +00:00
Tom Hvitved
8c111382ad Address review comments 2024-11-26 13:00:59 +01:00
Owen Mansel-Chan
47eb407be9 Update Go version in stdlib tests 2024-11-26 12:00:10 +00:00
Paolo Tranquilli
9f09454db9 Merge pull request #18107 from github/redsun82/rust-rename 
Rust: rename `MatchExpr.expr` to `scrutinee` in all layers
 2024-11-26 12:59:06 +01:00
Asger F
b4bd8e701c JS: Add test for file classification change 2024-11-26 12:33:39 +01:00
Geoffrey White
d1915c707d Swift: Add a test revealing the issue in pure dataflow. 2024-11-26 11:24:42 +00:00
Geoffrey White
45858527e2 Swift: Add another test case. 2024-11-26 11:15:24 +00:00
Geoffrey White
6130679c34 Swift: Label the now missing cases for CWE-020 and dataflow. 2024-11-26 11:13:19 +00:00
Paolo Tranquilli
cb0ac61db6 Merge pull request #18069 from geoffw0/sourcemodels 
Rust: Add some flow source models
 2024-11-26 12:08:02 +01:00
Jeroen Ketema
d9b278de66 C++: Promote cpp/guarded-free 2024-11-26 11:45:55 +01:00