hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 06:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,690 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Muskalla
eef044f4d0 Add test to capture expected parameter format 2021-09-09 13:05:15 +02:00
Tamas Vajk
abe6c90829 Update change note 2021-09-09 13:04:47 +02:00
Tamas Vajk
0a17ab9325 Merge branch 'main' into feature/service-stack 2021-09-09 13:01:43 +02:00
Tamas Vajk
cc7471f37d Fix package separator in timeseries report 2021-09-09 12:53:59 +02:00
Rasmus Lerchedahl Petersen
e27b3162e5 Python: rewrite simpleLocalFlowStep 
to take into account the split between
import time and runtime.
 2021-09-09 12:43:08 +02:00
Nick Rolfe
6dbf6d7e82 Merge pull request #278 from github/aibaars/revert-hotfix 
Revert "Use hotfixed version of `codeql/suite-helpers` with workaround for bug in released CLI"
 2021-09-09 11:21:20 +01:00
Harry Maclean
b4c29425ea Make barrier guards more specific 
Following examples from the other libraries, this change introduces a
member predicate `checks(CfgNode expr, boolean branch)` to
`BarrierGuard`, which holds if the guard validates `expr` for a
particular value of `branch`, which represents the value of the
condition in the guard.

For example, in the following guard...

    if foo == "foo"
      do_something foo
    else
      do_something_else foo
    end

...the variable `foo` is validated when the condition `foo == "foo"` is
true.

We also introduce the concept that a guard "controls" a code block based
on the value of `branch`. In the example above, the "then" branch of the
if statement is controlled when `branch` is true. The else branch is
not controlled because `foo` can take (almost) any value in that branch.

Based on these concepts, we define a guarded node to be a read of a
validated variable in a controlled block.

In the above example, the `foo` in `do_something foo` is guarded, but
the `foo` in `do_something_else foo` is not.
 2021-09-09 11:04:52 +01:00
Tamas Vajk
cbb37f70c4 Change timeseries CSV report to only include dates when values changed 2021-09-09 11:34:38 +02:00
Benjamin Muskalla
a1b7437f8d Merge branch 'main' into thirdpartyapitelemtry 2021-09-09 11:11:42 +02:00
Tamas Vajk
1fe9e9262f Fix CSV timeseries script to create DB with scheme from correct git SHA 2021-09-09 10:59:52 +02:00
Marcono1234
a173d9593b Java: Detect spurious param Javadoc tag of generic classes 2021-09-09 00:11:02 +02:00
Andrew Eisenberg
fb90bb4241 Remove outdated section 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-09-08 10:45:50 -07:00
Nick Rolfe
2ddca2c0db Document and test YAML.safe_load 2021-09-08 18:22:31 +01:00
Nick Rolfe
760dbd739d Add test for rb/unsafe-deserialization 2021-09-08 17:49:23 +01:00
Nick Rolfe
9b9fc18605 Add taint step for Base64.decode64 2021-09-08 17:49:23 +01:00
Nick Rolfe
adceb0a2a1 Add query rb/unsafe-deserialization 2021-09-08 17:49:23 +01:00
Andrew Eisenberg
ec5435befd Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-09-08 08:13:15 -07:00
Philip Ginsbach
55c605998c Update docs/codeql/ql-language-reference/types.rst 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-08 15:35:40 +01:00
Benjamin Muskalla
96a34b6165 Fix value flow for fluent api 2021-09-08 16:12:52 +02:00
Anders Schack-Mulligen
5d58edb3b9 Merge pull request #6641 from aschackmull/dataflow/edges-fasttc 
Dataflow: Only calculate fastTC for the relevant part of edges.
 2021-09-08 15:45:46 +02:00
Mathias Vorreiter Pedersen
44f477d552 C++: Add uninterpreted query for obtaining frontend and extraction time. 2021-09-08 14:32:50 +01:00
Benjamin Muskalla
b47507293a Minor fixes for fluent apis 2021-09-08 15:32:41 +02:00
Tamas Vajk
9ab6c29cd3 Extend runtime callables to cover interface members with default implementation 2021-09-08 15:07:49 +02:00
Rasmus Lerchedahl Petersen
baca9edbb1 Merge branch 'main' of github.com:github/codeql into python-add-parameter-default-value-flow-step 2021-09-08 14:48:13 +02:00
Rasmus Lerchedahl Petersen
a9c409403c Python: more tests and comments 2021-09-08 14:44:36 +02:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Chris Smowton
5d37748973 Merge pull request #6631 from github/Claim-Java-16-support 
Claim Java 16 support
 2021-09-08 12:31:28 +01:00
Benjamin Muskalla
67eaa1b735 Fix qldoc 2021-09-08 13:08:28 +02:00
Asger Feldthaus
db1de18cc2 JS: Support transitive callback-passing 2021-09-08 13:08:16 +02:00
Asger Feldthaus
ceaf2b3727 JS: Rename FlowSteps::callback -> exploratoryCallbackStep 2021-09-08 13:08:12 +02:00
Asger Feldthaus
7c94dd94e9 JS: Add type-tracking steps through callback args 2021-09-08 13:08:05 +02:00
Asger Feldthaus
1f6df4e70d JS: Add callback type tracking test 2021-09-08 13:08:04 +02:00
Anders Schack-Mulligen
1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Schack-Mulligen
2e9876f58f Dataflow: Only calculate fastTC for the relevant part of edges. 2021-09-08 13:01:29 +02:00
Anders Fugmann
f91bd91d02 C++: Apply suggested change from code review 2021-09-08 12:38:53 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Anders Schack-Mulligen
3f5b9d0f54 Merge pull request #6637 from github/alexet/imporve-query 
Java: Fix performance issues with future versions of codeql.
 2021-09-08 11:16:19 +02:00
Anders Fugmann
e93dc0b4c4 C++: Fix comment in getGuardedUpperBound 2021-09-08 11:06:58 +02:00
Rasmus Lerchedahl Petersen
9b198c6d0a Python: Add some module initialization tests 2021-09-08 10:37:28 +02:00
Rasmus Lerchedahl Petersen
4a5f70e6c8 Python: Reclassify defaultValueFlowStep 
as a `jumpStep`.
 2021-09-08 10:05:31 +02:00
Dave Bartolomeo
6837233128 Treat CallSideEffect and InitializeDynamicAllocation the same as other side effects during IR generation 
This commit moves the IR generation for the `CallSideEffect` and `InitializeDynamicAllocation` side effect instruction into their own subclasses of `TranslatedSideEffect`. Previously, they were embeddded in `TranslatedCall` and `TranslatedAllocationSideEffects`. There are no diffs in the generated IR. This just makes the implementation of all side effect generation be consistent.
 2021-09-07 14:22:23 -04:00
jorgectf
21da603d81 Update .qlref 2021-09-07 20:13:39 +02:00
jorgectf
eee9b3f39e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-09-07 19:54:58 +02:00
jorgectf
352eab0eca Fix HeaderDeclaration class' comment 2021-09-07 19:44:25 +02:00
Jorge
190bc2f0da Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-09-07 19:42:37 +02:00
Nick Rolfe
a62aa2b1b2 Merge pull request #269 from github/polynomial_redos 
Polynomial ReDoS query
 2021-09-07 18:31:04 +01:00
jorgectf
4e261c61ae Optimize concatAndCompareAgainstFullHostRegex 2021-09-07 19:05:03 +02:00
jorgectf
800801177d Fix taint tracking comment 2021-09-07 19:02:32 +02:00
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587 Add start_tls_s() comment and use DataFlow::MethodCallNode instead 2021-09-07 19:00:14 +02:00