hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,693 Branches 161 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
1e6b5391d6 Merge pull request #4994 from haby0/main 
Java: CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
 2021-03-23 12:05:53 +01:00
Taus
b46a3616d8 Merge pull request #5490 from RasmusWL/private-imports 
Python: Make import private for better auto-complete
 2021-03-23 12:00:35 +01:00
Mathias Vorreiter Pedersen
585606a933 C++: Respond to review comments. 2021-03-23 11:14:29 +01:00
Arthur Baars
d103acb04f Merge pull request #158 from github/hvitved/vscode-hide-codeql-submodule 
Hide `codeql` sub module in VS Code workspace
 2021-03-23 10:41:32 +01:00
Arthur Baars
6a26483fc7 Merge pull request #159 from github/hvitved/herdoc-body-rank-performance 
Improve performance of `HereDoc::getBody()`
 2021-03-23 10:40:28 +01:00
Tom Hvitved
2891d94f99 Improve performance of HereDoc::getBody() 
Gets rid of
```
[2021-03-23 10:07:49] (138s) Tuple counts for Literal::HereDoc::getBody_dispred#ff#shared#1/4@1cc5b9:
                      11294    ~0%        {1} r1 = SCAN AST::Cached::THereDoc#ff@staged_ext OUTPUT In.0
                      11294    ~388%      {1} r2 = JOIN r1 WITH Literal::HereDoc::getBody_dispred#ff#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg1'
                      95514613 ~2080%     {4} r3 = JOIN r2 WITH locations_default_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.0 'arg1', Rhs.2 'arg2', Rhs.3 'arg3'
```
 2021-03-23 10:31:48 +01:00
Mathias Vorreiter Pedersen
0b4650a4c9 C++: Accept test changes. 2021-03-23 10:27:19 +01:00
Tom Hvitved
20aa05b090 C#: Add CIL SSA library 2021-03-23 10:07:36 +01:00
Tom Hvitved
1004363131 Hide codeql sub module in VS Code workspace 2021-03-23 09:55:56 +01:00
Mathias Vorreiter Pedersen
7d0cfc69f1 C++: Don't override getParameterSizeIndex in the model for Accept. This fixes IR construction of calls to accept. 2021-03-23 09:53:09 +01:00
Mathias Vorreiter Pedersen
0ff7cc845c C++: Add reduced testcase that broke IR construction in #5492. 2021-03-23 09:53:04 +01:00
yoff
921b560e89 Merge pull request #5489 from tausbn/python-make-getacall-return-a-callcfgnode 
Python: Make `API::Node::getACall` return a `CallCfgNode`
 2021-03-23 09:31:38 +01:00
mr-sherman
858c0e67a1 added support for remote flow sinks in the form of parameters to the function 
ServiceStack.IRestClient.Get()
 2021-03-22 19:27:49 -04:00
Rasmus Lerchedahl Petersen
198a4ca79b Python: Add files to experimental 2021-03-22 21:42:06 +01:00
Taus Brock-Nannestad
7cdf439b83 Python: Clean up basicStoreStep 
Moves the `flowsTo` logic into the shared implementation, so that
`TypeTrackingPrivate` only has to define the shape of immediate store
steps.

Also cleans up the documentation to talk a bit more about what
`content` can represent, and what caveats there are.
 2021-03-22 18:42:24 +01:00
Taus Brock-Nannestad
0e81fd2624 Python: Move Boolean into TypeTrackerPrivate 
In general, this may be defined already for other languages, so moving
it in here will avoid potential clashes.
 2021-03-22 18:41:22 +01:00
Marcono1234
993999f64f Java: Add test for negative numeric literals 2021-03-22 17:43:34 +01:00
Asger Feldthaus
6b19e69d30 JS: Fix some join orders 2021-03-22 16:17:19 +00:00
Rasmus Wriedt Larsen
1890e63d4c Python: Make import private for better auto-complete 
With the non-private imports, auto-completing on `API::` gave ALL results
available from `import python`, as well as the ones specified in the `API`
module.

The non-private import in Attributes.qll did the same for `DataFlow::`.
 2021-03-22 16:45:44 +01:00
Taus Brock-Nannestad
4a6589d0ae Python: Make API::Node::getACall return a CallCfgNode 
This should eliminate the need for explicit casting to
`CallCfgNode` (which does not appear in our code as far as I can see,
but was observed in an external contribution).
 2021-03-22 16:37:24 +01:00
Asger Feldthaus
42e6c7eb2e JS: Remove field from InvokeNode 2021-03-22 15:19:31 +00:00
Asger Feldthaus
c03e9d6c75 JS: Address review comments 2021-03-22 15:19:31 +00:00
Asger Feldthaus
5bfdca895b JS: Remove recursive def of SourceNode::Range 2021-03-22 15:07:38 +00:00
Asger Feldthaus
230b9cf5d3 JS: Avoid recursion in SourceNode::Range 2021-03-22 15:07:38 +00:00
Nick Rolfe
b293522710 Merge pull request #150 from github/parent_child 
Create `ast_node_parent` relation
 2021-03-22 15:06:50 +00:00
Nick Rolfe
e7f1ae8c96 Merge remote-tracking branch 'origin/main' into parent_child 2021-03-22 14:58:33 +00:00
Nick Rolfe
3284a3fc1f Merge pull request #157 from github/cfg_impl 
Port CFG implementation to public AST interface
 2021-03-22 14:57:43 +00:00
Shati Patel
34e25624e0 Merge pull request #5488 from github/rc/3.1 
Merge release candidate branch back into main
codeql-cli/v2.5.0 		2021-03-22 14:28:25 +00:00
Rasmus Lerchedahl Petersen
c1e3ccfb6c Python, doc: Note ephemeral nature of import nodes 2021-03-22 15:07:51 +01:00
Shati Patel
c7a79a51fe Merge pull request #5479 from github/shati-patel/docs-bump-version 
Docs: Prepare supported languages/frameworks for 1.27 release
 2021-03-22 13:50:53 +00:00
Rasmus Wriedt Larsen
c8a6e837b5 Python: Model QuerySet chains in django 2021-03-22 14:38:54 +01:00
CodeQL CI
119872d8a4 Merge pull request #5461 from erik-krogh/moreOutDir 
Approved by asgerf
 2021-03-22 13:27:14 +00:00
Mathias Vorreiter Pedersen
257fc7459d Update categories for new the C++ libraries. 2021-03-22 13:28:48 +01:00
yo-h
b495e1efab Merge pull request #5411 from aschackmull/java/dataflow-lambda-dispatch 
Java: Bugfix dispatch to lambda in call context.
 2021-03-22 08:25:21 -04:00
Jonas Jensen
0bfeba5251 Merge pull request #5414 from criemen/diagnostic-queries 
C++: Extractor/database diagnostic errors
 2021-03-22 13:23:24 +01:00
Anders Schack-Mulligen
f681d584bd Merge pull request #5474 from Marcono1234/marcono1234/string-building-type 
Java: Add StringBuildingType
 2021-03-22 13:16:54 +01:00
Shati Patel
0f83722767 Revert JS changes and add another Java entry 2021-03-22 12:01:08 +00:00
Anders Schack-Mulligen
58fe81db2e Merge pull request #5455 from hvitved/dataflow/lambda-doc 
Data flow: Add section on lambda flow to `dataflow.md`
 2021-03-22 12:54:46 +01:00
Shati Patel
c5ef57c408 Update docs/codeql/support/reusables/frameworks.rst 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-03-22 11:40:13 +00:00
Tamas Vajk
7a0bfd1a69 Skip through any stub preamble 2021-03-22 12:29:13 +01:00
Asger Feldthaus
54a91c73b0 JS: Tweak summarizedHigherOrderCall 2021-03-22 10:56:03 +00:00
CodeQL CI
a889316003 Merge pull request #5428 from asgerf/js/cheat-sheet-tweak 
Approved by esbena
 2021-03-22 10:51:26 +00:00
Shati Patel
343f4e442f Add "TODO"s 2021-03-22 10:46:29 +00:00
Shati Patel
9e84b756f7 Update supported frameworks 2021-03-22 10:40:17 +00:00
Mathias Vorreiter Pedersen
d09458a486 C++: Add another taint tracking copy to identical-files.json 2021-03-22 11:35:59 +01:00
Mathias Vorreiter Pedersen
7ec86b5e7f C++: AdjustedConfiguration should not extend the same dataflow configuration as FromGlobalVarTaintTrackingCfg as this causes multiple configurations to be in scope for dataflow. 2021-03-22 11:35:29 +01:00
Cornelius Riemenschneider
668841cefa C++: Rename diagnostic queries. 2021-03-22 11:13:49 +01:00
Shati Patel
b422a972bf Update conf.py 2021-03-22 10:00:18 +00:00
haby0
fe046ec71e Merge remote-tracking branch 'upstream/main' into main 2021-03-22 17:25:37 +08:00
Rasmus Wriedt Larsen
3a83ecf067 Python: Add test for taint in django forms/fields 2021-03-22 10:03:32 +01:00