hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 01:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,740 Branches 164 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
5a027b95bd Dataflow: Duplicate accesspath type info in PathNode and pathStep. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
209d9143be Dataflow: Add type column to filter predicate 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
c79daf0116 Dataflow: Duplicate accesspath type info of the tail in cons relations. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
b84b1a46d6 Dataflow: Duplicate accesspath type info as separate column. 2023-04-27 14:33:33 +02:00
Anders Schack-Mulligen
cda26ba7c0 Dataflow: Split TypedContent in store relation. 2023-04-27 14:33:32 +02:00
Anders Schack-Mulligen
246d904712 Merge pull request #12948 from aschackmull/dataflow/pathnode-type-tostring 
Dataflow: Add type to PathNode.toString.
 2023-04-27 14:14:10 +02:00
Mathias Vorreiter Pedersen
5a8bed0285 C++: Add FP for 'cpp/invalid-pointer-deref'. 2023-04-27 13:13:21 +01:00
Michael Nebel
8517f11477 C#: Re-factor the test case for ContentFlow. 2023-04-27 13:08:19 +02:00
Michael Nebel
1b366fc87a C#: Re-factor ContentFlow into a parameterized module and use the new API. 2023-04-27 13:08:19 +02:00
Tom Hvitved
f888382d35 Merge pull request #12906 from hvitved/ruby/track-block-no-self 
Ruby: Prevent flow into `self` in `trackBlock`
 2023-04-27 12:48:05 +02:00
Geoffrey White
5a77dfb5d5 Merge pull request #12905 from geoffw0/webviewdoc 
Swift: Doc review for swift/unsafe-webview-fetch
 2023-04-27 11:23:53 +01:00
Henry Mercer
9ded5b87a5 Merge pull request #12942 from github/henrymercer/update-diagnostics-integration-tests 
C#: Update diagnostics integration tests
 2023-04-27 11:23:14 +01:00
Rasmus Wriedt Larsen
aa216e6535 Python: Update inline expectations 2023-04-27 12:04:05 +02:00
Geoffrey White
507bb61c3c Swift: Add missing '.' 2023-04-27 11:00:35 +01:00
Anders Schack-Mulligen
f685ae1fa7 Java: Update one more expected output. 2023-04-27 12:00:32 +02:00
Geoffrey White
c823c58e00 Swift: WebView -> web view. 2023-04-27 10:57:25 +01:00
Rasmus Wriedt Larsen
d73289ac4e Python: Accept .expected changes 2023-04-27 11:54:39 +02:00
Geoffrey White
cc8d7bff0b Update swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-27 10:12:13 +01:00
Asger F
410719fd9e Update JSONError.expected 2023-04-27 10:57:38 +02:00
Asger F
5a4fe1b4da JS: Stop complaining about comments in JSON files 2023-04-27 10:55:36 +02:00
Anders Schack-Mulligen
6025feebd9 C#: Update expected output. 2023-04-27 10:24:24 +02:00
Tony Torralba
21a00f9197 Merge pull request #12946 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-27 10:13:07 +02:00
Harry Maclean
5688da145d Shared: fix missing import 2023-04-27 07:13:59 +00:00
amammad
a541fdf5e5 v1.2 code quality improvements including commnets too 2023-04-27 08:30:46 +02:00
amammad
1bf159e9a9 Merge branch 'github:main' into amammad-python-paramiko 2023-04-26 23:28:29 -07:00
Harry Maclean
8a89aec220 Shared: Handle trap compression option properly 
Extracting the compression setting from an environment variable is the
responsibility of the API consumer.
 2023-04-27 05:06:57 +00:00
github-actions[bot]
e6c4bd18d6 Add changed framework coverage reports 2023-04-27 00:17:19 +00:00
Michael B. Gale
1aa1153ed6 Go: Add html/template as XSS queries sanitizer 2023-04-26 21:21:52 +01:00
Tom Hvitved
fc66aacf92 Merge pull request #12922 from hvitved/ruby/controller-template-file-join 
Ruby: Fix bad join in `controllerTemplateFile`
 2023-04-26 21:26:54 +02:00
Robert Marsh
3f8638643e C++: respond to PR comments 2023-04-26 14:56:10 -04:00
Henry Mercer
0040025661 Update expected output of integration tests 
We now produce output using the CodeQL CLI, which ignores empty
properties during serialization.
 2023-04-26 19:41:57 +01:00
Henry Mercer
067f3259c9 C#: Update diagnostics calls to use new API 2023-04-26 19:41:57 +01:00
Henry Mercer
1ae116c4cc Merge pull request #12895 from github/henrymercer/diagnostics-verify-one-based 
JS: Update `DiagnosticLocation` call to gracefully handle invalid locations
 2023-04-26 19:22:57 +01:00
Geoffrey White
5e7159f800 Swift: Minor edits. 2023-04-26 18:49:24 +01:00
Mathias Vorreiter Pedersen
6bfdbef697 C++: Fix implicit 'this'. 2023-04-26 18:06:44 +01:00
Geoffrey White
f2cb2b324e Swift: Add analyzing-data-flow-in-swift.rst 2023-04-26 18:02:32 +01:00
Mathias Vorreiter Pedersen
b18e096f7f C++: Fix missing result for 'getFunction' and accept test changes. 2023-04-26 18:01:39 +01:00
Mathias Vorreiter Pedersen
1dcac76992 C++: Add a weird testcase demonstrating invalid IR. 2023-04-26 17:48:02 +01:00
Henry Mercer
d7474f91dc Merge branch 'main' into henrymercer/diagnostics-verify-one-based 2023-04-26 17:26:36 +01:00
Arthur Baars
128d102bbc Merge pull request #12871 from aibaars/py-yaml 
Python: add YAML support
 2023-04-26 18:13:26 +02:00
Mathias Vorreiter Pedersen
60aab206b0 C++: Join on two columns instead of one. 
Before:
```
Evaluated non-recursive predicate TranslatedElement#ea057665::TranslatedElement::getInstructionVariable#1#dispred#fff@146210id in 201548ms (size: 3469729).
Evaluated relational algebra for predicate TranslatedElement#ea057665::TranslatedElement::getInstructionVariable#1#dispred#fff@146210id with tuple counts:
  ...
     1812768   ~3%    {3} r65 = JOIN num#InstructionTag#c9183db3::OnlyInstructionTag#f WITH TranslatedExpr#043317a1::TranslatedNonFieldVariableAccess#ff CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0, Rhs.0
     1812767   ~0%    {4} r66 = JOIN r65 WITH Access#8878f617::Access::getTarget#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
  3996407117   ~3%    {5} r67 = JOIN r66 WITH TranslatedElement#ea057665::getIRUserVariable#2#fff_102#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Rhs.2
     1815194   ~0%    {3} r68 = JOIN r67 WITH TranslatedExpr#043317a1::getEnclosingDeclaration#1#ff ON FIRST 2 OUTPUT Lhs.3, Lhs.2, Lhs.4
  ...
```

After:
```
Evaluated non-recursive predicate TranslatedExpr#043317a1::accessHasEnclosingDeclarationAndVariable#3#fff@665ccb8o in 865ms (size: 2769549).
Evaluated relational algebra for predicate TranslatedExpr#043317a1::accessHasEnclosingDeclarationAndVariable#3#fff@665ccb8o with tuple counts:
        2769549  ~1%    {3} r1 = JOIN Access#8878f617::Access::getTarget#0#dispred#ff WITH TranslatedExpr#043317a1::getEnclosingDeclaration#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
                        return r1
...
Evaluated non-recursive predicate TranslatedElement#ea057665::TranslatedElement::getInstructionVariable#1#dispred#fff@7d4d33to in 805ms (size: 3469729).
Evaluated relational algebra for predicate TranslatedElement#ea057665::TranslatedElement::getInstructionVariable#1#dispred#fff@7d4d33to with tuple counts:
  ...
  1963209   ~0%    {2} r34 = JOIN TranslatedElement#ea057665::getIRUserVariable#2#fff WITH TranslatedExpr#043317a1::accessHasEnclosingDeclarationAndVariable#3#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2
  1815194   ~2%    {2} r35 = JOIN r34 WITH TranslatedExpr#043317a1::TranslatedNonFieldVariableAccess#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
  1815194   ~0%    {3} r36 = JOIN r35 WITH num#InstructionTag#c9183db3::OnlyInstructionTag#f CARTESIAN PRODUCT OUTPUT Lhs.1, Rhs.0, Lhs.0
  ...
```
 2023-04-26 16:32:43 +01:00
Mathias Vorreiter Pedersen
20f555c715 Merge pull request #12938 from MathiasVP/fix-todo-is-abnormal-exit-type 
Swift: Implement `isAbnormalExitType`
 2023-04-26 16:16:19 +01:00
Nora Dimitrijević
5838c5d9c8 Merge branch 'main' into swift/rename-functions 2023-04-26 17:04:40 +02:00
Nora Dimitrijević
6f804ff1e7 Swift: upgrade/downgrade scripts 2023-04-26 17:03:20 +02:00
Sam Browning
35788162ec Merge pull request #12915 from github/sabrowning1/query-suite-name-fix 
Update `code-scanning` query suite name to `default`
 2023-04-26 10:38:21 -04:00
Mathias Vorreiter Pedersen
d114388470 Swift: Implement 'isAbnormalExitType' and accept test changes. 2023-04-26 15:36:52 +01:00
Rasmus Lerchedahl Petersen
00b85cbfb9 python: remove blank line 2023-04-26 16:26:26 +02:00
Tony Torralba
12d181143f Merge pull request #10533 from pwntester/main 
Java: Add support for java.util.StringJoiner
 2023-04-26 16:18:35 +02:00
Rasmus Wriedt Larsen
d274fa16a1 Python: Hide ModuleVariableNode in data-flow paths 
They just add an extra step, and don't actually contribute any good
information for end-users.
 2023-04-26 16:04:16 +02:00
Rasmus Wriedt Larsen
0c4bcec39e Python: Fix ModuleVariableNode.toString 
In some cases mod.getName() does not have a result, so toString of
ModuleVariableNode would also not have a result, which would cause
data-flow paths that use these as an edge to not be valid :O
 2023-04-26 16:03:21 +02:00