hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jorge
a1f8acc9bb Merge branch 'github:main' into jorgectf/python/deserialization 2022-01-31 17:48:35 +01:00
BACK Yonah
56941dba6b C/C++ : Fixed select issue in Useless Test 2022-01-31 16:56:12 +01:00
BACK Yonah
ca2ff6f9fb C/C++: Fixing minor issues in Useless Test query 2022-01-31 16:04:56 +01:00
Tom Hvitved
5503abc73d Merge pull request #7772 from hvitved/csharp/event-accessor-event-null 
C#: Guard against `AssociatedSymbol` not being an `IEventSymbol`
 2022-01-31 14:52:02 +01:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint) 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
 2022-01-31 14:33:41 +01:00
Ian Wright
83ecc065ab restrict size of strings 2022-01-31 12:28:46 +00:00
Michael Nebel
56ac99039f Merge pull request #7720 from michaelnebel/csharp/extended-prop-patterns 
C#: Desugar property patterns that uses member access syntax.
 2022-01-31 13:24:24 +01:00
Erik Krogh Kristensen
8dcec2e037 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-31 13:17:26 +01:00
Erik Krogh Kristensen
ec1a8cc826 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-31 12:32:12 +01:00
Tom Hvitved
2354281721 C#: Add DB down/upgrade scripts 2022-01-31 11:46:10 +01:00
Tom Hvitved
32e58add7b C#: Extend compiler_generated to include event accessors 2022-01-31 11:45:23 +01:00
Rasmus Lerchedahl Petersen
9d416664a1 python: modern change note 
I set the category to newQuery since that is what users will see.
When we have tags, it would be nice to tag it as a query promotion.
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
bf1145ece0 python: Add change note 
should we have the `lgtm,codescanning` handshake or not?
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
8b5114d10e python: Add standard customization setup 
- modernize the sanitizer, but do not make it less specific
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
20d54543fd python: move log injection out of experimental 
- move from custom concept `LogOutput` to standard concept `Logging`
- remove `Log.qll` from experimental frameworks
  - fold models into standard models (naively for now)
    - stdlib:
      - make Logger module public
      - broaden definition of instance
      - add `extra` keyword as possible source
   - flak: add app.logger as logger instance
   - django: `add django.utils.log.request_logger` as logger instance
     (should we add the rest?)
- remove LogOutput from experimental concepts
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
211345c010 python: remove more annotations 2022-01-31 11:20:59 +01:00
Michael Nebel
7cbeffc8a7 C#: Refactor and use new language features. 2022-01-31 09:24:31 +01:00
Rasmus Lerchedahl Petersen
cac3862659 python: remove library annotation 
to clean up QL warnings.
Should put these in a private module instead?
 2022-01-31 08:50:37 +01:00
Rasmus Lerchedahl Petersen
0c3bce1415 python: deprecation 
I am slightly concerned that the test now generates many more
intermediate results. I suppose that maes the analysis heavy.
Should the new library get a new name instead, so the old code
does not get evaluated?
 2022-01-31 08:32:24 +01:00
BACK Yonah
d7313f3a82 C/C++ : Useless test 2022-01-30 14:33:32 +01:00
Mathias Vorreiter Pedersen
bb2feda8fb Merge pull request #7703 from geoffw0/getslocal 2022-01-28 19:35:15 +00:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Arthur Baars
abf3ce6223 Ruby: expressions in pin operator ^ 2022-01-28 19:47:31 +01:00
Arthur Baars
00fb4d3776 Ruby: Values in Hash literals and keyword arguments can be omitted 2022-01-28 19:47:31 +01:00
Arthur Baars
3e2ca61c01 Ruby: support anonymous block parameters/arguments 2022-01-28 19:47:31 +01:00
Arthur Baars
b9258e78ca Ruby: non-local variables in variable reference pattern 2022-01-28 19:47:31 +01:00
Arthur Baars
966b8be5f9 Ruby: add downgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
e5eb01ca45 Ruby: add upgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
c85012460a Ruby: update dbscheme stats 2022-01-28 19:47:31 +01:00
Arthur Baars
c6a36a50c2 Ruby: regenerate dbscheme and library 2022-01-28 19:47:31 +01:00
Arthur Baars
bfbc9fe144 Ruby: update tree-sitter-ruby 2022-01-28 19:47:25 +01:00
Alex Ford
57e958c372 Ruby: missing QLDoc 2022-01-28 17:38:55 +00:00
Alex Ford
269722fa86 Ruby: rb/clear-text-logging-sensitive-data changenote 2022-01-28 17:27:05 +00:00
Alex Ford
7fec2d270b Ruby: QL format 2022-01-28 17:24:56 +00:00
Alex Ford
186623f878 Ruby: Add CleartextLogging.qhelp 2022-01-28 17:24:56 +00:00
Alex Ford
7ed447842f Ruby: cleartext logging test output 2022-01-28 17:24:56 +00:00
Alex Ford
4fc9128350 Ruby: cleartext logging - remove an unnecessary abstract class 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Mathias Vorreiter Pedersen
0f239e315c Merge pull request #7782 from geoffw0/clrtxt7 
C++: Fix FPs for cpp/cleartext-storage-file
 2022-01-28 17:24:05 +00:00
Geoffrey White
0396a84c3c C++: Remove empty predicate / extends. 2022-01-28 17:11:38 +00:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Ian Wright
aceeb7324c restrict AST nodes according to string length 2022-01-28 15:06:10 +00:00
Rasmus Lerchedahl Petersen
68d18ead34 python: add change note 2022-01-28 14:00:07 +01:00
Geoffrey White
a695f02af4 C++: Add change note. 2022-01-28 12:38:27 +00:00
Tom Hvitved
82cceb0a29 C#: Mark event accessors without bodies as compiler generated 2022-01-28 13:11:34 +01:00
Tom Hvitved
682163962a Data flow: Sync files 2022-01-28 13:01:24 +01:00
Tom Hvitved
4bf07825a1 Data flow: Reduce non-linear recursion in SummaryComponentStack::bottom 
Before:
```
[2022-01-28 09:45:34] (449s) Tuple counts for FlowSummaryImpl::Public::SummaryComponentStack::bottom_dispred#ff/2@i23#25a5eew4 after 432ms:
                      0       ~0%     {2} r1 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev_delta OUTPUT In.0 'this', (In.1 - 1)
                      0       ~0%     {2} r2 = JOIN r1 WITH FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev ON FIRST 2 OUTPUT Rhs.2, Lhs.0 'this'
                      0       ~0%     {2} r3 = JOIN r2 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.1 'result'

                      4171589 ~5%     {2} r4 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev OUTPUT In.0 'this', (In.1 - 1)
                      4171589 ~0%     {2} r5 = JOIN r4 WITH FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev ON FIRST 2 OUTPUT Rhs.2, Lhs.0 'this'
                      0       ~0%     {2} r6 = JOIN r5 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev_delta ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.1 'result'

                      62238   ~0%     {3} r7 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev_delta OUTPUT In.2, In.0 'this', In.1
                      62238   ~8%     {3} r8 = JOIN r7 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1 'this', Lhs.2, Rhs.1 'result'
                      62238   ~5%     {5} r9 = JOIN r8 WITH FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev ON FIRST 1 OUTPUT Lhs.0 'this', Lhs.1, Lhs.2 'result', Rhs.1, (Rhs.1 - 1)
                      10373   ~6%     {5} r10 = SELECT r9 ON In.4 = In.1
                      10373   ~0%     {2} r11 = SCAN r10 OUTPUT In.0 'this', In.2 'result'

                      10373   ~0%     {2} r12 = r6 UNION r11
                      10373   ~0%     {2} r13 = r3 UNION r12
                      10373   ~0%     {2} r14 = r13 AND NOT FlowSummaryImpl::Public::SummaryComponentStack::bottom_dispred#ff#prev(Lhs.0 'this', Lhs.1 'result')
                                      return r14
```

After:
```
[2022-01-28 09:52:48] (6s) Tuple counts for FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff/2@i21#6243afwv after 5ms:
                      0     ~0%     {2} r1 = JOIN FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev_delta WITH FlowSummaryImpl::Private::TConsSummaryComponentStack#fff#reorder_1_0_2#prev ON FIRST 1 OUTPUT Lhs.1 'result', Rhs.2 'this'

                      10373 ~3%     {2} r2 = SCAN FlowSummaryImpl::Private::TConsSummaryComponentStack#fff#prev_delta OUTPUT In.1, In.2 'this'
                      10373 ~2%     {2} r3 = JOIN r2 WITH FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1 'this'

                      10373 ~2%     {2} r4 = r1 UNION r3
                      10373 ~2%     {2} r5 = r4 AND NOT FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev(Lhs.1 'this', Lhs.0 'result')
                      10373 ~0%     {2} r6 = SCAN r5 OUTPUT In.1 'this', In.0 'result'
                                    return r6
```
 2022-01-28 13:00:04 +01:00
Geoffrey White
b73dc98191 C++: Exclude write to stdout etc. 2022-01-28 11:57:31 +00:00