hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
0e31439b7e JS: Simplify aggregation of tokens into entity strings 
Change the cutoff logic from `count` to `strictcount`, since we know it only applies
to a non-empty set of results.

Use a single `strictconcat` aggregate to combine tokens in order of location,
instead of computing a `rank` followed by a `concat`.

Strictness introduces a slight change of behaviour because missing tokens will now result
in no results from the predicate rather than an empty feature string.
 2021-12-03 14:20:26 -08:00
Aditya Sharad
2a3b5fc2b2 JS: Performance optimisation for matching framework libraries with their marker comments 
The `matchMarkerComment` predicate performs badly on any codebase with
a moderately large number of comments, because the current implementation
has to first compute the Cartesian product between the set of comments
and the set of framework library comment regexes.

Instead, match first against a single regex:
the union of all framework library comment regexes.
This computes a more benign Cartesian product, the same size as the set of comments.

See inline comments for more details.
 2021-12-03 14:20:26 -08:00
Aditya Sharad
d0840afb80 JS: Fix compilation errors in EndpointFeatures library 
Use the LabelParameter API instead of manually constructing the edge label.
 2021-12-03 14:20:17 -08:00
Arthur Baars
9f48ae656f Merge pull request #7306 from aibaars/ruby-parenthesized-pattern 
Ruby: parenthesized patterns
 2021-12-03 19:18:09 +01:00
Arthur Baars
0805daaa56 Update ruby/ql/lib/codeql/ruby/ast/Pattern.qll 
Add missing backticks
 2021-12-03 18:44:21 +01:00
Arthur Baars
51998294ad Ruby: add AST classes for parenthesized patterns 2021-12-03 18:13:53 +01:00
liangjinhuang
1102f60f3e add tests 2021-12-04 00:52:15 +08:00
Tony Torralba
4ae99592a3 Merge pull request #6801 from atorralba/atorralba/android_slice_models 
Android: Add `androidx.slice.builders` models
 2021-12-03 17:44:09 +01:00
Arthur Baars
205233b42f Add trivial upgrade 2021-12-03 17:04:00 +01:00
Arthur Baars
3e1ebb954f Ruby: update generated dbscheme and library 2021-12-03 17:02:08 +01:00
Arthur Baars
0cec59e043 Ruby: update tree-sitter grammar 2021-12-03 17:01:12 +01:00
Tony Torralba
8ffa195538 Merge branch 'main' into atorralba/android_slice_models 2021-12-03 16:59:33 +01:00
Nick Rolfe
5a2ef8321c Merge pull request #7120 from github/nickrolfe/regexp_g_anchor 
Ruby/Python: parse anchors in regexes as special characters
 2021-12-03 15:24:38 +00:00
Michael Nebel
4128f56aa9 Merge pull request #7289 from michaelnebel/csharp-mad-as-csv 
C#: Convert some of the existing flow summaries to CSV
 2021-12-03 15:09:36 +01:00
haby0
6c6113b85b Partial modification 2021-12-03 18:59:24 +08:00
Arthur Baars
802faf1197 Merge pull request #7296 from intrigus-lgtm/patch-7 
Fix QL Doc typo.
 2021-12-03 11:54:22 +01:00
Michael Nebel
7ad52e1365 C#: Address review comments from hvitved. 2021-12-03 11:12:31 +01:00
Michael Nebel
f00b62df76 C#: Convert System.Uri flow to CSV format. 2021-12-03 11:10:24 +01:00
Michael Nebel
90baef83ee C#: Add flow summaries for another TryParse method in System.Boolean. 2021-12-03 11:10:24 +01:00
Michael Nebel
8eb041c172 C#: Convert System.Boolean flow to CSV format. 2021-12-03 11:10:24 +01:00
Tom Hvitved
520f598d49 Merge pull request #7301 from hvitved/ruby/cfg-disjunct-test 
Ruby: Add CFG test for `||`
 2021-12-03 09:57:40 +01:00
Tom Hvitved
d9704d7b39 Ruby: Adapt to shared CFG changes 2021-12-03 09:37:41 +01:00
Tom Hvitved
42f6dfc197 Sync files 2021-12-03 09:37:41 +01:00
Tom Hvitved
404f4a81a7 C#: Include CFG scope in TElementNode 2021-12-03 09:37:41 +01:00
Tom Hvitved
50dd4e7ee7 Ruby: Add CFG test for || 2021-12-03 09:16:11 +01:00
Arthur Baars
f2800abee4 Merge pull request #7299 from github/nickrolfe/clippy_fixes 
Ruby: extractor: fix warnings from Clippy
 2021-12-02 18:52:22 +01:00
Taus
7f44cebed7 Python: Add missing hidden flow 
The easiest way to implement this was to change the definition of
`module_export` to account for chains of `import *`. We reuse the
machinery from `ImportStar.qll` for this, naturally.
 2021-12-02 17:11:56 +00:00
Taus
4138296ec6 Python: Add test for "hidden" import * flow 
TL;DR: We were missing out on flow in the following situation:

`mod1.py`:
```python
foo = SOURCE
```

`mod2.py`:
```python
from mod1 import *
```

`test.py`:
```python
from mod2 import foo
SINK(foo)
```

This is because there's no node at which a read of `foo` takes place
within `test.py`, and so the added reads make no difference.

Unfortunately, this means the previous test was a bit too simplistic,
since it only looks for module variable reads and writes. Because of
this, we change the test to be a more traditional "all flow" style
(though restricted to `CfgNode`s).
 2021-12-02 17:05:54 +00:00
Nick Rolfe
991d659cb2 Ruby: use unwrap_or_else to construct object only when needed 2021-12-02 16:30:45 +00:00
Nick Rolfe
976faf97d1 Ruby: remove redundant closure 2021-12-02 16:29:59 +00:00
Michael Nebel
19c34be1ea Merge pull request #7297 from michaelnebel/csharp-accessor-flow 
C#: Make it possible to define flow for property backing methods.
 2021-12-02 16:24:19 +01:00
Michael Nebel
102b5e05e1 Merge pull request #7290 from michaelnebel/csharp-modify-flow-summaries-test 
C#: Modify printing of flow summaries in test.
 2021-12-02 16:22:47 +01:00
Geoffrey White
2b349b3024 Merge pull request #7295 from geoffw0/cwe260 
C++: Add CWE tags to some queries.
 2021-12-02 14:41:34 +00:00
intrigus
2c4ccb79a1 Fix QL Doc typos. 2021-12-02 15:30:29 +01:00
Geoffrey White
3043ac850c C++: Update security-severity tags. 2021-12-02 14:04:49 +00:00
Michael Nebel
f6c36b469a C#: Include test case for override of property. 2021-12-02 15:04:01 +01:00
Michael Nebel
f190d60912 C#: Make it possible to describe flow for properties using their backing methods. 2021-12-02 15:02:22 +01:00
Geoffrey White
eccba57536 C++: Add CWE-327 tag to cpp/boost/use-of-deprecated-hardcoded-security-protocol. 2021-12-02 12:32:14 +00:00
Geoffrey White
7aa6c62050 C++: Add CWE-326 tag to cpp/boost/tls-settings-misconfiguration. 2021-12-02 12:29:42 +00:00
Nick Rolfe
05415768c9 Merge remote-tracking branch 'origin/main' into nickrolfe/regexp_g_anchor 2021-12-02 12:07:13 +00:00
yoff
f10f053c36 Merge pull request #7228 from RasmusWL/fastapi-improvements 
Python: FastAPI improvements
 2021-12-02 12:58:53 +01:00
Geoffrey White
913d8361ba C++: Add CWE-260 tag to cpp/cleartext-storage-file. 2021-12-02 11:54:51 +00:00
yoff
4609b2060a Merge pull request #7217 from RasmusWL/more-path-injection-fps 
Python: Add `x in <var>` test for StringConstCompare
 2021-12-02 12:35:33 +01:00
Michael Nebel
8f3be9fbfd C#: Update flow summaries test according to new printing format. 2021-12-02 11:28:06 +01:00
Michael Nebel
edf7724579 C#: Remove trailing whitespace after comma, when priting callable in CSV format. 2021-12-02 11:24:42 +01:00
Michael Nebel
37644d30d2 Merge pull request #7281 from michaelnebel/csharp-flowsummaries-filtered 
C#: Filtered flow summaries
 2021-12-02 11:23:36 +01:00
Erik Krogh Kristensen
6327fced6f remove paths without unmatched returns from polynomial-redos 2021-12-02 10:03:28 +01:00
Michael Nebel
ad281c0365 C#: Sync FlowSummaryImpl files. 2021-12-02 09:03:00 +01:00
Michael Nebel
a8f673ffa4 C#: Add a test that only prints 'base' flow summaries. 2021-12-02 09:03:00 +01:00
Michael Nebel
e08c734c40 C#: Refactoring to allow override of the flow summaries reported by a test. 2021-12-02 08:54:59 +01:00