hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 02:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,755 Commits 1,691 Branches 160 Tags
codeql-cli/v2.9.0
Commit Graph

34755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
10b62154a1 C++: add cpp/very-likely-overruning-write help 
Also update the help of `cpp/overruning-write`, as the case shown there
will actually not be flagged by that query any more.
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
b979f02e5d C++: fix OverrunWrite for backward compatibility 
Rather than testing for `TypeBoundsAnalysis`, we test that the reason is
not `ValueFlowAnalysis` (which is reported by the new
`cpp/very-likely-overruning-write` query), so that if a client has
overridden `BufferWrite::getMaxData` the `NoSpecifiedEstimateReason` is
taken into account.
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
db6214fdff C++: add change note for new overrun write query 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
a0059202db C++: split cpp/overrunning-write into two 
This splits the `cpp/overruning-write` into two separate queries based
off on the reason for the estimation. If the overrun is detected based
on non-trivial range analysis, the results are now marked by the new
`cpp/very-likely-overruning-write` high precision query. If it is based
on less precise, usually type based bounds, then it will still be marked
by `cpp/overruning-write` which remains at medium precision.
 2022-01-13 11:59:47 +00:00
Michael Nebel
85fc127c0a C#: Fix BDD limit issue (thank you @jbj). 2022-01-13 12:46:56 +01:00
Owen Mansel-Chan
7e42ccfbf1 Don't cache defaultTaintSanitizerGuard for java 2022-01-13 11:36:20 +00:00
Michael Nebel
7c11e2d7e9 C#: Add a consistency test for getAPrimaryQlClass 2022-01-13 12:20:42 +01:00
Michael Nebel
6b937a939b C#: Add getAPrimaryQlClass overrides 2022-01-13 12:20:41 +01:00
Stephan Brandauer
40ad88ba53 Merge pull request #7474 from kaeluka/db-reads-as-taint-sources 
JS: DB reads as taint sources
 2022-01-13 12:06:48 +01:00
Michael Nebel
8583a4ffea Merge pull request #7583 from michaelnebel/csharp/fix-broken-test 
C#: Narrow string interpolation expressions to a specific single file in testcase.
 2022-01-13 11:37:52 +01:00
Erik Krogh Kristensen
89bab6ae12 Merge pull request #7097 from erik-krogh/railsReDoS 
JS/PY/RB: support a limited number of ranges for ReDoS analysis
 2022-01-13 11:04:36 +01:00
Stephan Brandauer
93507a2d71 combine two implementations for database-accesses as remote flow sources 2022-01-13 10:53:58 +01:00
Michael Nebel
aacb03a74b C#: Narrow string interpolation expressions to a specific single file in testcase. 2022-01-13 10:25:33 +01:00
Stephan Brandauer
63aaf24063 base implementation of Sequelize model on models-as-data 2022-01-13 09:41:25 +01:00
Anders Schack-Mulligen
da69886777 Merge pull request #7580 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-13 09:26:00 +01:00
Sebastian Bauersfeld
a6e4f29560 Java: Use the interface instead of the abstract class 2022-01-13 14:13:36 +07:00
Sebastian Bauersfeld
69f329ffec Java: Add test cases for AbstractMessageSource.getMessage() methods 2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld
39b6678b7d Java: Add test case for StringEscapeUtils.escapeJson() taint step. 2022-01-13 11:18:37 +07:00
github-actions[bot]
625836a3be Add changed framework coverage reports 2022-01-13 00:11:30 +00:00
Andrew Eisenberg
e435a3e9c3 Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:36:31 -08:00
Henry Mercer
1c3c9216f5 Merge pull request #7576 from github/henrymercer/js-bump-atm-versions 
JS: Bump ATM pack versions to 0.0.4
 2022-01-12 16:53:10 +00:00
Stephan Brandauer
09a28c428c base implementation of Spanner model on models-as-data 2022-01-12 17:07:16 +01:00
Henry Mercer
9abc3411a4 JS: Bump ATM pack versions to 0.0.4 2022-01-12 15:19:13 +00:00
Robert Marsh
5031d6c4a3 Merge pull request #7566 from MathiasVP/smaller-join-in-reachesRefParameter 
C++: Smaller join in `reachesRefParameter`
 2022-01-12 10:04:35 -05:00
Owen Mansel-Chan
8e8278764b Add predicate defaultTaintSanitizerGuard for each language 
This was done manually, as these files are not synced by sync-files.py.
 2022-01-12 14:44:56 +00:00
Owen Mansel-Chan
c112980b81 Sync TaintTrackingImpl.qll 
Done automatically using sync-files.py
 2022-01-12 14:44:55 +00:00
Owen Mansel-Chan
9ec3d7787c Add option for default taint sanitizer guard 
This allows languages to specify A sanitizer guard in all
global taint flow configurations but not in local taint.
 2022-01-12 14:44:55 +00:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
Henry Mercer
7f61738a23 Use US English spelling 2022-01-12 13:07:09 +00:00
Henry Mercer
6e37a65e84 Remove CodeToFeatures AST library 2022-01-12 12:47:28 +00:00
Henry Mercer
957e34d8a7 Make function body features library independent of CodeToFeatures AST 2022-01-12 12:47:28 +00:00
Henry Mercer
9e50ce873d Move function body features into their own file 2022-01-12 12:47:28 +00:00
Henry Mercer
865fb5d0ef Migrate representative entity -> representative function 2022-01-12 12:47:27 +00:00
Henry Mercer
0e5b493d0e Remove CodeToFeatures AST consistency checks 
We no longer use the `CodeToFeatures` AST, therefore these checks are
defunct.
 2022-01-12 12:47:27 +00:00
Henry Mercer
387829bbb4 Extract body tokens from the JS AST, not the CodeToFeatures AST 2022-01-12 12:47:25 +00:00
Henry Mercer
3ef69763a7 Merge pull request #7567 from github/henrymercer/atm-body-tokens-perf-opt 
ATM: Optimize body tokens by pushing in size restriction
 2022-01-12 12:45:27 +00:00
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 
Java: Fix toString on field declarations with single field
 2022-01-12 13:03:16 +01:00
Tony Torralba
8a80e02861 Merge pull request #7574 from pwntester/improve_strings_qll 
Add models for AbstractStringBuilder.substring,subsequence,getChars
 2022-01-12 12:01:28 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Alvaro Muñoz Sanchez
715d372572 Add models for AbstractStringBuilder.substring,subsequence,getChars 2022-01-12 10:54:27 +01:00
Anders Schack-Mulligen
c6a9b2b6ff Merge pull request #7572 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-01-12 09:39:14 +01:00
Mathias Vorreiter Pedersen
9e51908b02 Merge pull request #7551 from MathiasVP/fix-join-orders-in-unsigned-difference-expr-query 
C++: Fix join orders in `cpp/unsigned-difference-expression-compared-zero`
codeql-cli/v2.7.5 		2022-01-12 08:29:03 +00:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
Michael Nebel
f17c110f51 Merge pull request #7562 from michaelnebel/csharp/record-seal-tostring 
C#: Record types are allowed to seal ToString (test only).
 2022-01-12 08:08:32 +01:00
luchua-bc
263dbd33f6 Optimize the query 2022-01-12 02:33:17 +00:00
github-actions[bot]
c79e8ab440 Add changed framework coverage reports 2022-01-12 00:10:48 +00:00
Andrew Eisenberg
e4eb2c2a59 Update docs on the output of resolve qlpacks 
The output has changed and there are no more upgrades
packs. There are also other changes included here.
 2022-01-11 15:54:53 -08:00
Andrew Eisenberg
da4f1d86aa Merge pull request #7355 from github/aeisenberg/remove-upgrades 
Move upgrades into standard library packs
 2022-01-11 14:09:10 -08:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Mathias Vorreiter Pedersen
c45127fdd6 Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params 
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
 2022-01-11 16:52:13 +00:00