hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 12:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,689 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
7feab27bf4 Merge pull request #6926 from geoffw0/setliterals2 
C++: Use set literals (more).
 2021-10-20 14:58:06 +01:00
Arthur Baars
630ee17613 Ruby: sync-files and add allowParameterReturnInSelf() 2021-10-20 15:39:46 +02:00
Arthur Baars
0bec8987b6 Merge remote-tracking branch 'codeql/main' into 'main' 2021-10-20 15:38:59 +02:00
Geoffrey White
da412178ce C++: Use set literals (more). 2021-10-20 14:18:27 +01:00
Taus
7214d70ee7 Merge pull request #135 from github/winfix 
Fix create-extractor-pack.ps1
 2021-10-20 14:51:06 +02:00
Taus
fff1f1248a QL: Merge pull request #135 from github/winfix 
Fix create-extractor-pack.ps1
 2021-10-20 14:51:06 +02:00
Harry Maclean
356828cd51 Update stored XSS fixture 
The change to `self` modelling finds more true positives in this query.
 2021-10-20 13:30:51 +01:00
Nick Rolfe
16c62d22de Add change-note for rb/path-injection 2021-10-20 13:19:49 +01:00
Geoffrey White
1f2b32fe87 Fix create-extractor-pack.ps1 2021-10-20 13:17:22 +01:00
Geoffrey White
3bc209ded8 QL: Fix create-extractor-pack.ps1 2021-10-20 13:17:22 +01:00
Nick Rolfe
e367832637 Import Frameworks.qll in Summaries module 2021-10-20 13:11:50 +01:00
hubwriter
8f15dc4bd0 Add 'requires glibc 2.17' in supported languages table 2021-10-20 12:48:20 +01:00
Nick Rolfe
86da3c2db3 Add rb/path-injection query 2021-10-20 12:31:16 +01:00
Tom Hvitved
19589bef27 Merge pull request #6777 from hvitved/dataflow/summary-clear-modelling 
Data flow: Rework `SummarizedCallable::clearsContent/2`
 2021-10-20 13:23:56 +02:00
Ian Lynagh
25b5601da9 Java: Add a changenote to RefType -> ClassOrInterface 2021-10-20 12:21:08 +01:00
Ian Lynagh
25fcae1c51 Java: Make some types more specific 
Where we used to use RefType, we now use ClassOrInterface.
 2021-10-20 12:18:20 +01:00
hubwriter
aaa5046533 Add beta note to page Calum added 2021-10-20 11:17:38 +01:00
Asger Feldthaus
fa0ce5380b JS: Skip files with unsupported file encoding 2021-10-20 12:16:50 +02:00
Tom Hvitved
f9fb046e9f C#: Update expected test output after rebase 2021-10-20 12:15:27 +02:00
Tom Hvitved
29cdc8a49a Java: Update expected test output after rebase 2021-10-20 12:11:59 +02:00
hubwriter
dd31d5ffb3 Merge branch 'main' into hubwriter/codeql-ruby-support 2021-10-20 11:08:59 +01:00
Tom Hvitved
0bf5238f39 Update QL doc for allowParameterReturnInSelf 2021-10-20 12:08:58 +02:00
Tom Hvitved
53d4d72fe5 C#: Simplify SummarizedCallableDefaultClearsContent 2021-10-20 12:08:58 +02:00
Tom Hvitved
dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved
ec5d8ab2db Java: Restrict use-use flow 2021-10-20 12:08:57 +02:00
Tom Hvitved
a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Tom Hvitved
1196d0c624 C#: Rework SummarizedCallable::clearsContent/2 2021-10-20 12:08:57 +02:00
Calum Grant
ed73d9bab4 Merge pull request #6860 from github/ruby-docs 
Ruby documentation
 2021-10-20 10:47:05 +01:00
Tom Hvitved
f1f7930529 Make all self nodes LocalSourceNodes 2021-10-20 11:43:50 +02:00
Tom Hvitved
94f0f8daf2 Make SelfVariableAccess a sub type of LocalVariableAccess 2021-10-20 11:43:44 +02:00
Harry Maclean
e0b2d88377 Remove redundant import 2021-10-20 10:41:17 +01:00
Harry Maclean
c437fd50a4 Update test fixtures 
Some of these look a bit suspicious, so need to double check them before
merging.
 2021-10-20 10:39:36 +01:00
Harry Maclean
c71f538a5a Extend the scope of self variables 
`self` variables are scoped to methods, modules, classes and the
top-level of the program. Prior to this change, they were treated as
being scoped just to methods.

This change means we (once again) correctly synthesise `self` receivers
for method calls in class bodies, module bodies and at the top-level.
 2021-10-20 09:43:23 +01:00
Harry Maclean
647485acde Don't omit self from uninitialized writes 
We can safely create uninitialized writes for `self` variables, because
they appear at index -1 in the entry block of a method, and are
immediately overwritten by a write to `self` at index 0. As a result,
they are not live and will be pruned from the CFG.
 2021-10-20 09:43:22 +01:00
Tom Hvitved
446eb13471 Minor adjustments to SSA library for self variables 2021-10-20 09:43:21 +01:00
Harry Maclean
0d39a15786 Model implicit reads of self variables 
We already synthesise `self` nodes for method calls with no receiver.
This change creates read accesses for each of these synthesised nodes.
 2021-10-20 09:43:20 +01:00
Harry Maclean
e7a3050fb2 Improve the modelling of self variables. 
We model `self` variables by inserting a write at the start of every
method body. We then treat them as local variables that are alive for
the extent of the method body.
 2021-10-20 09:43:19 +01:00
Tamás Vajk
9331b3538d Merge pull request #6914 from tamasvajk/feature/improve-csv-pr-commenter 
Introduce foldable region in CSV coverage PR comments
 2021-10-20 08:45:55 +02:00
Ian Lynagh
9fbff1b4c1 Java: Add an upgrade script 2021-10-20 00:34:47 +01:00
Jonathan Leitschuh
d4b18fe6a3 [Java] JDK Collection lambda models 
Adds support for data flow tracking through simple JDK collection
functional APIs.
 - `Iterable::forEach`
 - `Iterator::forEachRemaining`
 - `Map::forEach`

Replaces #5871

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-19 15:57:58 -04:00
Ian Lynagh
90299033d1 Java: Replace @type with more specific types 2021-10-19 20:23:53 +01:00
Geoffrey White
f7bd74ea59 C++: Prototype nodeBefore predicate. 2021-10-19 20:08:55 +01:00
Geoffrey White
57fe4b9a31 C++: Also fix variableMustBeNullTerminated. 2021-10-19 18:06:11 +01:00
Jonathan Leitschuh
584c27a2f8 Move CollectionPassingTest to correct directory 2021-10-19 11:44:12 -04:00
Jonathan Leitschuh
8231907116 Ratpack code cleanup from code review 2021-10-19 11:42:35 -04:00
Calum Grant
112d408fb9 Address review comments. 2021-10-19 16:30:54 +01:00
Chris Smowton
233a3346a8 Merge pull request #6240 from haby0/java/UnsafeUrlForward 
[Java] CWE-552: Unsafe url forward
 2021-10-19 16:18:23 +01:00
Geoffrey White
b4b8392748 C++: New, behaviour preserving solution. 2021-10-19 16:16:05 +01:00
Jonas Jensen
7015be7cad Merge pull request #6916 from geoffw0/fixnotbound 
C++: Fix unbound variables in PrivateCleartextWrite.qll.
 2021-10-19 16:46:42 +02:00
Geoffrey White
38257a58f0 C++: Fix unbound variables in PrivateCleartextWrite.qll. 2021-10-19 15:01:32 +01:00