hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 10:04:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,740 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
26a96d9f65 Rust: Accept changes 2025-02-25 15:56:10 +01:00
Tom Hvitved
0522f3f694 Merge pull request #18856 from hvitved/rust/inline-expectations-update 
Rust: Update some inline expectation comments
 2025-02-25 15:28:28 +01:00
Jeroen Ketema
18a1ef55ea Merge pull request #18859 from jketema/is-before 
C++: Fix join-order problem with `isBefore`
 2025-02-25 15:27:43 +01:00
Napalys
3360829a58 Updated change note with response threat model info. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 15:22:14 +01:00
Simon Friis Vindum
5c997859b0 Merge branch 'main' into rust-core-std-models 2025-02-25 15:07:29 +01:00
Anders Schack-Mulligen
994a8eea39 Merge pull request #18857 from aschackmull/ssa/refactor-df-integr 
Ssa: Refactor the data flow integration module
 2025-02-25 15:04:11 +01:00
Asger F
bb8f4529bf Fix bug when RelatedLocation was used with a query ID 2025-02-25 14:52:32 +01:00
Asger F
5f2e5ab8c3 Rename file and ID to match .qlref and other query 2025-02-25 14:52:19 +01:00
Anders Schack-Mulligen
2c3b48946d Merge pull request #18824 from aschackmull/java/basessa 
Java: Switch BaseSSA to use shared SSA lib.
 2025-02-25 14:23:46 +01:00
Anders Schack-Mulligen
28e96449e7 C#: Address review comment. 2025-02-25 14:12:53 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Paolo Tranquilli
d9ecb6255e Shared: fix clippy warning 2025-02-25 13:41:34 +01:00
Paolo Tranquilli
bfcf9ea606 Rust: fix compilation errors after rust-anlyzer update 2025-02-25 13:37:00 +01:00
Paolo Tranquilli
cbae16b392 Rust: rerun code generation 2025-02-25 13:31:16 +01:00
Paolo Tranquilli
17703ec908 Bazel: update vendored rust dependencies 2025-02-25 13:31:16 +01:00
Paolo Tranquilli
83e442a266 Rust/Ruby: run cargo upgrade --incompatible --pinned 2025-02-25 13:31:16 +01:00
Paolo Tranquilli
d2105a7528 Shared: format code again 2025-02-25 13:31:06 +01:00
Paolo Tranquilli
1bcc6ddb32 Rust/Ruby/Python: apply clippy lints 2025-02-25 13:21:28 +01:00
Paolo Tranquilli
6089a75262 Rust/Ruby/Python: format code 2025-02-25 13:19:03 +01:00
Paolo Tranquilli
e8799e346d Rust/Python: fix edition-related errors 2025-02-25 13:16:58 +01:00
Paolo Tranquilli
eff87d24fa Rust/Ruby/Python: update rustc and edition 2025-02-25 13:15:19 +01:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Jeroen Ketema
7eca4b4d82 C++: Fix join-order problem with isBefore 
Reported here: https://github.com/github/codeql/issues/17743

Without this change on the query provided by the user:
```
[2025-02-25 12:42:01] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv in 23846ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv with tuple counts:
                 1   ~0%    {0} r1 = CONSTANT()[]
             27323   ~0%    {2}    | JOIN WITH `Location::Location.getEndLine/0#dispred#83af84ae#bf` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.1
        6162566035   ~0%    {4}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
                            {4}    | REWRITE WITH TEST InOut.1 < InOut.3
        3894825644   ~5%    {2}    | SCAN OUTPUT In.2, In.0
          73148692   ~0%    {3}    | JOIN WITH fun_decls_40#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
          73148692   ~0%    {4}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0, Lhs.2
            864579   ~0%    {2}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 2 OUTPUT Lhs.2, Lhs.3
          13010742   ~1%    {2}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
          20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
          20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                            return r1
```

With this change:
```
[2025-02-25 12:43:10] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 in 928ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 with tuple counts:
            6873   ~3%    {2} r1 = SCAN fun_decls OUTPUT In.4, In.0
            6857   ~0%    {3}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
            6857   ~2%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         6193961   ~0%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        27389714   ~1%    {4}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        27389714   ~1%    {4}    | JOIN WITH locations_default ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Rhs.4
                          {4}    | REWRITE WITH TEST InOut.3 < InOut.1
        13010742   ~1%    {2}    | SCAN OUTPUT In.2, In.0
        20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
        20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
        20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                          return r1
```
 2025-02-25 12:39:11 +01:00
Asger F
92e1023d00 Update line numbers due to addition of new test code 2025-02-25 11:59:11 +01:00
Asger F
ae161f1654 Add meta-tests for inline expectation with related locations 2025-02-25 11:58:54 +01:00
Asger F
694f01ab78 Fix column count and add clarifying comment 2025-02-25 11:57:01 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Geoffrey White
f406914258 Merge pull request #18701 from geoffw0/nth 
Rust: Test and model some string and iterator methods
 2025-02-25 10:42:49 +00:00
Anders Schack-Mulligen
b2a595596b JS: Remove irrelevant comment. 2025-02-25 11:33:16 +01:00
Anders Schack-Mulligen
449150e6b5 JS: Accept fixed FP flow. 2025-02-25 10:42:21 +01:00
Anders Schack-Mulligen
ae3736bc25 C#: Accept test changes showing that we skip over useless input nodes. 2025-02-25 10:37:29 +01:00
Anders Schack-Mulligen
b1b72b73ed SSA: Add qldoc. 2025-02-25 10:35:57 +01:00
Michael Nebel
a35510d937 Merge pull request #18849 from michaelnebel/csharp/tupledefaulttostring 
C#: Proper handling of value tuples in `cs/call-to-object-tostring`.
 2025-02-25 10:24:02 +01:00
Anders Schack-Mulligen
f00f2c6f47 SSA: Deprecate public SsaDefinitionExtNode and SsaInputNode. 2025-02-25 10:03:43 +01:00
Anders Schack-Mulligen
1f628d0f86 Ruby: Remove reference to SsaInputNode. 2025-02-25 10:01:57 +01:00
Anders Schack-Mulligen
95cbd21a62 Ruby: Accept test change following SSA bugfix. 
This is a result of the commit "SSA: Fix bug in guards for ssa input
nodes."
 2025-02-25 09:59:35 +01:00
Tom Hvitved
b40290683e Rust: Update some inline expectation comments 2025-02-25 09:34:50 +01:00
Anders Schack-Mulligen
57c4fd6f25 JS: Combine phi reads and ssa input nodes into SynthReadNode class. 2025-02-25 09:23:53 +01:00
Kevin Stubbings
04476ca5f4 Add more choices to SSRF remediation 2025-02-25 00:16:48 -08:00
Nicolas Will
eb91ecf1fb Add generic artifact data-flow 
The relation between RNG and other artifacts has been added
Nonce has been completed to report its source
 2025-02-25 02:53:13 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
c2e859c756 Java: add change note 2025-02-24 18:33:45 -05:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
6fe7c7a233 Java: some refactoring 2025-02-24 18:33:29 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00