Compare commits

...

2173 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
214ca2a535 Merge pull request #272 from microsoft/jb1/2.22.3
Merge upstream `codeql-cli-2.22.3`
2025-08-12 16:33:08 +02:00
Mathias Vorreiter Pedersen
627ee8536c PS: Port changes from #20132 to PowerShell. 2025-08-12 14:52:12 +01:00
Josh Brown
c6ab9412b6 Merge tag 'codeql-cli/v2.22.3' into jb1/2.22.3
Compatible with CodeQL CLI 2.22.3
2025-08-11 12:56:34 -07:00
Josh Brown
09365313ef merge upstream v2.22.2 2025-08-11 12:45:33 -07:00
Josh Brown
f39c1141d8 Revert "Merge pull request #257 from microsoft/jb1/reapply-22.1-tmp"
This reverts commit 6d496ee073, reversing
changes made to 866977b6c5.
2025-08-11 12:45:01 -07:00
Chanel
337132b5e0 Merge pull request #270 from microsoft/better-api-graphs
PS: Better usability when working with nested classes
2025-08-11 08:03:50 -07:00
Mathias Vorreiter Pedersen
e96e464855 PS: Accept test changes. 2025-08-11 14:22:19 +01:00
Mathias Vorreiter Pedersen
9b5897ca3a PS: Improve api graphs. 2025-08-11 14:22:17 +01:00
Mathias Vorreiter Pedersen
1bd93b9849 PS: Add missing dataflow predicates related to models. 2025-08-08 17:08:15 +01:00
Mathias Vorreiter Pedersen
3829528467 PS: Delete stuff we don't actually need. 2025-08-08 17:07:43 +01:00
Chuan-kai Lin
da3e5479df Merge pull request #20165 from github/release-prep/2.22.3
Release preparation for version 2.22.3
2025-08-04 09:19:35 -07:00
Chuan-kai Lin
4df1c12876 Minor CHANGELOG updates 2025-08-04 09:09:25 -07:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
Tom Hvitved
65bf76e3ed Merge pull request #20161 from hvitved/rust/fix-bad-joins
Rust: Fix two bad joins introduced by magic
2025-08-04 17:32:54 +02:00
Geoffrey White
8b5603cf71 Merge pull request #20160 from geoffw0/exec
Rust: Add type inference test cases resembling missing call targets in SQLx.
2025-08-04 16:03:12 +01:00
Geoffrey White
6925d4e564 Merge pull request #20129 from codeqlhelper/main
C++: Static variables are initialized to zero or null by compiler
2025-08-04 13:23:45 +01:00
Tom Hvitved
125a4b9b10 Rust: Fix two bad joins introduced by magic
```
Evaluated relational algebra for predicate TypeInference::closureParameterPath/2#9d0bf423#bbf@ba08cc1s with tuple counts:
           565067    ~172652%    {2} r1 = JOIN `Callable::Callable.getParam/1#dispred#ce0254b3_01#count_range` WITH `Callable::Generated::Callable.getNumberOfParams/0#dispred#abb45996` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            24684     ~11784%    {3}    | JOIN WITH Type::TTupleTypeParameter#5ca17706 ON FIRST 2 OUTPUT Rhs.2, Lhs.1, Lhs.0
             2970      ~1391%    {3}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
              664       ~242%    {4}    | JOIN WITH `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
              303        ~49%    {4}    | JOIN WITH Type::TDynTraitTypeParameter#e16268df ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
              198         ~0%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, _, _, Rhs.1, Lhs.3, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
              198         ~0%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
              198         ~0%    {3}    | SCAN OUTPUT In.1, In.0, In.2

           877984   ~1444714%    {1} r2 = SCAN `CallExprBase::CallExprBase.getArg/1#dispred#d775f13d` OUTPUT In.1
           299888     ~83707%    {3}    | JOIN WITH Type::TTupleTypeParameter#5ca17706_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Rhs.2
        515462762     ~59140%    {4}    | JOIN WITH `CallExprBase::Generated::CallExprBase.getNumberOfArgs/0#dispred#0975fe12_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
          9429188  ~25728933%    {3}    | JOIN WITH TypeInference::InvokedClosureExpr#24e5dacb_1#join_rhs ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2
            53669    ~142315%    {3}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
             4003     ~10522%    {4}    | JOIN WITH `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
              370       ~910%    {4}    | JOIN WITH Type::TDynTraitTypeParameter#e16268df ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
              148       ~293%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, _, _, Rhs.1, Lhs.3, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
              148       ~316%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
              148       ~293%    {3}    | SCAN OUTPUT In.1, In.0, In.2

              346        ~75%    {3} r3 = r1 UNION r2
                                 return r3
```

and

```
Evaluated relational algebra for predicate TypeInference::fnParameterPath/2#4dea2880#bbf@d56000vi with tuple counts:
                1         ~0%    {1} r1 = SCAN `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` OUTPUT In.1
                1         ~0%    {1}    | JOIN WITH Type::TTypeParamTypeParameter#868c69a5 ON FIRST 1 OUTPUT Rhs.1
                1         ~0%    {1}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Rhs.1
           877984   ~1350201%    {2}    | JOIN WITH `ArgList::Generated::ArgList.getArg/1#dispred#b07adc80` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0
           321252     ~90755%    {4}    | JOIN WITH Type::TTupleTypeParameter#5ca17706_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Rhs.2
        553043191     ~65412%    {5}    | JOIN WITH `CallExprBase::Generated::CallExprBase.getNumberOfArgs/0#dispred#0975fe12_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3
         10089088  ~26772053%    {4}    | JOIN WITH TypeInference::InvokedClosureExpr#24e5dacb_1#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.1, Lhs.2, Lhs.3
            57729    ~157423%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.2, Lhs.3, _, _, Lhs.1, Rhs.1, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
            57729    ~157423%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
            57729    ~157423%    {3}    | SCAN OUTPUT In.1, In.0, In.2
                                 return r1
```
2025-08-04 14:22:50 +02:00
Geoffrey White
2ec6dafd18 Rust: Add a type inference test case resembling missing call targets in SQLx. 2025-08-04 10:21:59 +01:00
Simon Friis Vindum
9aebc58214 Merge pull request #20147 from paldepind/rust/type-limit-metric
Rust: Add metric for DCA and debug predicates for type that reach the length limit
2025-08-04 07:53:14 +02:00
Mathias Vorreiter Pedersen
1fab97b765 Merge pull request #20149 from MathiasVP/expose-definition-from-dataflow-ssa
C++: Expose SSA definitions from dataflow
2025-08-01 12:04:04 +01:00
Mathias Vorreiter Pedersen
0e9286dd34 C++: Fix QLDoc. 2025-08-01 11:37:12 +01:00
Mathias Vorreiter Pedersen
b70836e241 C++: Modify the API to not expose dataflow nodes. 2025-08-01 11:34:49 +01:00
Mathias Vorreiter Pedersen
33d05984c8 C++: Stick the exposed SSA classes into a public SSA module. 2025-08-01 11:34:47 +01:00
Mathias Vorreiter Pedersen
32e6d0934e C++: Drive-by fix: These files imported both the public dataflow files and the internal ones. Let's only import the internal ones. 2025-08-01 11:34:45 +01:00
Mathias Vorreiter Pedersen
7ede3aa516 C++: Fix imports. 2025-08-01 10:35:34 +01:00
Mathias Vorreiter Pedersen
0d91622d18 C++: Rename SsaInternals to SsaImpl and SsaInternalsCommon to SsaImplCommon. 2025-08-01 10:34:14 +01:00
codeqlhelper
4323e6853f Update cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2025-07-31 21:17:29 +08:00
Mathias Vorreiter Pedersen
c8f4b287d1 C++: Add a comment on the old SSA library. 2025-07-31 14:07:38 +01:00
Mathias Vorreiter Pedersen
7e93b99ff9 C++: Add change note. 2025-07-31 13:57:19 +01:00
Mathias Vorreiter Pedersen
8691075aae Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-31 13:52:21 +01:00
Mathias Vorreiter Pedersen
5a91aa2105 C++: Expose SSA definitions from dataflow. 2025-07-31 13:45:03 +01:00
Simon Friis Vindum
abc58ac8b3 Rust: Add metric and debug predicates for type that reach the length limit 2025-07-31 14:20:32 +02:00
Mathias Vorreiter Pedersen
1dae787605 C++: Drive-by fix suggested by Schack. This now matches the predicate in C#. 2025-07-31 12:58:05 +01:00
Ian Lynagh
492e27b8e8 Merge pull request #20141 from igfoo/igfoo/kotlin-2.2.20-beta2
Kotlin: Support 2.2.20-beta2
2025-07-31 12:00:17 +01:00
Ian Lynagh
e589019e04 Kotlin: Use 2.2.20-Beta2 rather than 2.2.20-Beta1 2025-07-30 14:14:14 +01:00
Ian Lynagh
4ea6133042 Kotlin: Add 2.2.20-Beta2 jars 2025-07-30 14:13:02 +01:00
Ian Lynagh
c78818d7dd Kotlin: Remove *2.2.20-Beta1* jars 2025-07-30 14:12:43 +01:00
Simon Friis Vindum
3bc1d47738 Merge pull request #20130 from paldepind/rust/type-inference-fn
Rust: Implement type inference for closures and calls to closures
2025-07-30 13:13:57 +02:00
codeqlhelper
ee3e7e34ba Merge pull request #1 from geoffw0/initnotrun .expected
CPP: Add .expected file for the InitialisationNotRun test
2025-07-30 18:36:29 +08:00
Geoffrey White
c0638a5fcb CPP: Update .expected for the changes here. 2025-07-30 11:24:57 +01:00
Anders Schack-Mulligen
5ca9c090a8 Merge pull request #20132 from aschackmull/ssa/guardvalue
SSA: Update data flow integration and BarrierGuard interface to use GuardValue.
2025-07-30 12:23:17 +02:00
Geoffrey White
d6fddde6e0 CPP: Add .expected (results before query changes here). 2025-07-30 11:22:56 +01:00
Geoffrey White
43bca84310 CPP: Convert test to use a stub rather than a library include. 2025-07-30 11:22:53 +01:00
Simon Friis Vindum
5b152cfdec Rust: Fix typo in change note
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2025-07-29 18:38:14 +02:00
Simon Friis Vindum
5540b9df71 Merge branch 'main' into rust/type-inference-fn 2025-07-29 16:43:17 +02:00
Idriss Riouak
6c00ceaec9 Merge pull request #20134 from github/idrissrio/java-dca-fix
Java: Move `extractorInformationSkipKey` predicate to library pack
2025-07-29 15:32:02 +01:00
idrissrio
ac52a1b123 Java: Move extractorInformationSkipKey predicate to library pack 2025-07-29 09:45:18 +02:00
Simon Friis Vindum
9d72fab287 Merge pull request #20119 from paldepind/rust/type-inference-assoc-type-tp
Rust: Type inference for impl trait types with type parameters
2025-07-28 11:38:17 +02:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Simon Friis Vindum
92bce4e432 Rust: Split getFunctionReturnPos into two predicates 2025-07-28 10:45:59 +02:00
Simon Friis Vindum
9761580b7e Merge branch 'main' into rust/type-inference-assoc-type-tp 2025-07-28 10:39:00 +02:00
Simon Friis Vindum
8e474c946e Rust: Add change note for type inference for closures 2025-07-28 10:27:33 +02:00
Anders Schack-Mulligen
37b508bf43 Merge pull request #20128 from aschackmull/ccr/del-formatting-instruction
Copilot: Remove the formatting instructions, as they're confusing CCR.
2025-07-28 10:24:30 +02:00
Simon Friis Vindum
2c758a9842 Rust: Add type inference for closures and calls to first-class functions 2025-07-27 21:28:10 +02:00
Simon Friis Vindum
8c6c28d61f Rust: Add type inference tests for closures 2025-07-27 21:16:30 +02:00
codeqlhelper
75e545a67f Create 2025-07-27-avoid-reporting-static-global-variable.md 2025-07-28 00:00:41 +08:00
codeqlhelper
cf21997c0f Reduce false alarms raised by static variables
Static variables are initialized to zero or null by compiler, no need to get an initializer of them.
See https://stackoverflow.com/questions/13251083/the-initialization-of-static-variables-in-c
See 6.7.8/10 in the C99 Standard.

A relevant PR: https://github.com/github/codeql/pull/16527
2025-07-27 23:46:53 +08:00
codeqlhelper
89dcad48f4 Create InitialisationNotRun.qlref 2025-07-27 23:42:50 +08:00
codeqlhelper
c2d0a12e1e Create test for InitialisationNotRun 2025-07-27 23:40:00 +08:00
Simon Friis Vindum
13d9d8ad3f Merge pull request #20122 from paldepind/rust/type-inference-dyn-assoc
Rust: Fix type inference for trait objects for traits with associated types
2025-07-26 12:40:09 +02:00
Geoffrey White
4b947db0f8 Merge pull request #19804 from geoffw0/dotdot
Rust: Update DotDotCheck to use getCanonicalPath
2025-07-25 15:50:29 +01:00
Geoffrey White
2951ae9c7c Merge pull request #20124 from geoffw0/clone
Rust: Replace QL model for Clone with MaD
2025-07-25 15:46:44 +01:00
Simon Friis Vindum
b2ee625268 Rust: Expand doc and make predicate private 2025-07-25 15:22:10 +02:00
Geoffrey White
478f39a967 Rust: Accept (trivial) test changes. 2025-07-25 14:18:34 +01:00
Anders Schack-Mulligen
6511e21f81 Remove the formatting instructions, as they're confusing CCR. 2025-07-25 14:59:16 +02:00
Mathias Vorreiter Pedersen
f8bdfa4666 Merge pull request #264 from microsoft/simple-type-sanitizers
PS: Add simple type-based sanitizer to SQL injection query
2025-07-25 11:41:01 +01:00
Mathias Vorreiter Pedersen
b0d61928bf Merge pull request #265 from microsoft/dilan/iac-setup
CodeQL for IaC (infrastructure as code) Setup
2025-07-25 11:40:21 +01:00
Geoffrey White
2192ed04be Rust: Add clone MaD trait model. 2025-07-25 09:43:34 +01:00
Geoffrey White
4140579dd6 Rust: Remove QL model for clone. 2025-07-25 08:17:52 +01:00
dilanbhalla
cb63c6aed0 Add 'iac' language support to CodeQL workflow
Added 'iac' to the list of supported languages for CodeQL.
2025-07-24 12:55:38 -07:00
Dilan Bhalla
eb15e3bcc9 Add codeql-extractor-iac as submodule in iac/ 2025-07-24 12:43:16 -07:00
Mathias Vorreiter Pedersen
ffc53d7764 PS: Accept test changes. 2025-07-24 20:03:59 +01:00
Mathias Vorreiter Pedersen
7b4d2a9edf PS: Lower casing in command-line injection query. 2025-07-24 20:03:48 +01:00
Mathias Vorreiter Pedersen
b66c99ba76 PS: Lower casing in frameworks. 2025-07-24 20:03:27 +01:00
Mathias Vorreiter Pedersen
e3b3f0b343 PS: Consistent lower casing in api graphs, control-flow graph, and dataflow nodes. 2025-07-24 20:03:10 +01:00
Mathias Vorreiter Pedersen
3880d9fa8d PS: More consistent lower casing in the AST classes. 2025-07-24 20:02:03 +01:00
Mathias Vorreiter Pedersen
71fec26542 PS: Lower case all parameter types. 2025-07-24 18:07:59 +01:00
Mathias Vorreiter Pedersen
f9c3bde6d5 PS: Fix false positive by adding a type-based sanitizer. 2025-07-24 18:06:06 +01:00
Mathias Vorreiter Pedersen
e7956301a4 PS: Add false positive. 2025-07-24 18:00:49 +01:00
Geoffrey White
7f659804e4 Rust: Fix the canonical path. 2025-07-24 17:24:29 +01:00
Mathias Vorreiter Pedersen
ae4b3e8542 Merge pull request #263 from microsoft/remove-env-reads-from-sql-injection
PS: Remove environment variables from `powershell/microsoft/public/sql-injection`
2025-07-24 16:33:05 +01:00
Geoffrey White
cfe25593ee Merge branch 'main' into dotdot 2025-07-24 16:32:36 +01:00
Simon Friis Vindum
466bf85a67 Rust: Fix type inference for trait objects for traits with associated types 2025-07-24 16:07:39 +02:00
Simon Friis Vindum
1b2f160b55 Rust: Add type inference tests for associated types 2025-07-24 16:07:37 +02:00
Joe Farebrother
b1ee795225 Merge pull request #20086 from joefarebrother/python-qual-raise-not-implemented
Python: Modernise raise-not-implemented query
2025-07-24 13:18:21 +01:00
Ian Lynagh
621b4833f3 Merge pull request #20114 from igfoo/igfoo/kotlin-2.2.20
Kotlin: Add Kotlin 2.2.20 support
2025-07-24 11:58:51 +01:00
Simon Friis Vindum
39f602c032 Rust: Create injective ids for impl trait type parameters 2025-07-24 12:07:11 +02:00
Simon Friis Vindum
bb56b0d45b Rust: Add type inference test with consistency issue 2025-07-24 11:55:23 +02:00
Simon Friis Vindum
9a0c5877ea Rust: Support impl trait types in return position with function type parameters 2025-07-24 11:00:01 +02:00
Joe Farebrother
97cf15affc Merge pull request #20052 from joefarebrother/python-qual-minor-doc-updates
Python: Minor documantation updates to several quality queries
2025-07-24 09:38:07 +01:00
Simon Friis Vindum
a20fed8ae5 Rust: Add type inference tests for impl trait types 2025-07-24 10:36:51 +02:00
Joe Farebrother
a8cc14493f Fix typo - add .
Co-authored-by: Napalys Klicius <napalys@github.com>
2025-07-24 09:35:05 +01:00
Simon Friis Vindum
82387461ee Merge pull request #20084 from paldepind/rust/type-inference-trait-object
Rust: Implement type inference for trait objects/`dyn` types
2025-07-24 10:17:23 +02:00
Mathias Vorreiter Pedersen
7991eb4919 PS: Accept test changes. 2025-07-24 00:16:20 +01:00
Mathias Vorreiter Pedersen
3ba87996e3 PS: Unhide some dataflow nodes to make paths more explicit. 2025-07-24 00:11:45 +01:00
Mathias Vorreiter Pedersen
95926cbc70 PS: Remove environment variables as flow sources from 'powershell/microsoft/public/sql-injection'. 2025-07-24 00:11:31 +01:00
Mathias Vorreiter Pedersen
7c83d9d54b Merge pull request #262 from microsoft/powershell-smb-settings
Powershell SMB settings
2025-07-23 19:58:04 +01:00
Simon Friis Vindum
b3dc6cba78 Rust: Use getATypeParam for consistency 2025-07-23 20:56:45 +02:00
Chanel
a0dbf930a2 Update powershell/ql/src/queries/security/cwe-319/UnsafeSMBSettings.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-07-23 11:30:30 -07:00
Chanel Young
482fda7541 formatting 2025-07-23 11:22:12 -07:00
Chanel Young
4e0ea04d3b add query, tests 2025-07-23 11:16:11 -07:00
Mathias Vorreiter Pedersen
5da7ae877b Merge pull request #20115 from MathiasVP/add-more-windows-memcpy-functions
C++: Add some more Windows specific memory copy models
2025-07-23 16:10:56 +01:00
Geoffrey White
199f2473e5 Merge pull request #20024 from geoffw0/moresensitive2
Shared: Improve sensitive data heuristics
2025-07-23 15:38:24 +01:00
Nora Dimitrijević
5f8c457295 Merge pull request #20081 from d10c/d10c/diff-informed-phase-3-rust
Rust: Diff-informed queries: phase 3 (non-trivial locations)
2025-07-23 16:31:23 +02:00
Geoffrey White
91ced7ea0c Merge pull request #20109 from github/copilot/fix-20108
Rust: Remove sourceModelDeprecated, summaryModelDeprecated and sinkModelDeprecated
2025-07-23 14:33:22 +01:00
Mathias Vorreiter Pedersen
cbe5561eb6 C++: Accept test changes. 2025-07-23 14:05:42 +01:00
Nora Dimitrijević
83fe9e0d51 [DIFF-INFORMED] Rust: AccessInvalidPointer 2025-07-23 14:52:44 +02:00
Nora Dimitrijević
31a73d466b [DIFF-INFORMED] Rust: AccessAfterLifetime 2025-07-23 14:52:32 +02:00
Nora Dimitrijević
56ae8684e1 [DIFF-INFORMED] Rust: UncontrolledAllocationSize 2025-07-23 14:52:14 +02:00
Nora Dimitrijević
fcc3800756 [DIFF-INFORMED] Rust: CleartextLogging 2025-07-23 14:52:07 +02:00
Nora Dimitrijević
091163bf8e [DIFF-INFORMED] Rust: CleartextTransmission 2025-07-23 14:52:00 +02:00
Nora Dimitrijević
78c40e209b [DIFF-INFORMED] Rust: SqlInjection 2025-07-23 14:51:52 +02:00
Nora Dimitrijević
574bb871e0 [DIFF-INFORMED] Rust: TaintedPath 2025-07-23 14:51:45 +02:00
Nora Dimitrijević
329fd803e2 [DIFF-INFORMED] Rust: RegexInjection 2025-07-23 14:51:33 +02:00
Mathias Vorreiter Pedersen
9d736723fb C++: Add more Windows specific models for memcpy-like tings. 2025-07-23 13:45:20 +01:00
Mathias Vorreiter Pedersen
50785f7f21 C++: Add tests with missing flow. 2025-07-23 13:37:32 +01:00
Mathias Vorreiter Pedersen
63e5c52d7e Merge pull request #20107 from MathiasVP/add-overrun-write-barriers
C++: Add more barriers to `cpp/overrun-write`
2025-07-23 13:30:07 +01:00
Simon Friis Vindum
f5605c94c5 Rust: Add change note for type inference of trait objects 2025-07-23 14:08:22 +02:00
Simon Friis Vindum
12942667bf Rust: Add type inference for dyn types 2025-07-23 14:08:15 +02:00
Simon Friis Vindum
605c8e201e Rust: Add type inference tests for dyn types 2025-07-23 14:03:53 +02:00
Ian Lynagh
604af65b02 Kotlin: Opt in to DeprecatedForRemovalCompilerApi
We'll need a proper fix for this, but this will keep things working in
the meantime.
2025-07-23 12:51:12 +01:00
Ian Lynagh
709c111522 Kotlin: Add getJvmModuleNameForDeserializedDescriptor wrapper
It has been removed in 2.2.20.
2025-07-23 12:51:12 +01:00
Mathias Vorreiter Pedersen
3a977b86d4 Update cpp/ql/lib/semmle/code/cpp/security/ProductFlowUtils/ProductFlowUtils.qll
Co-authored-by: Idriss Riouak <idrissrio@github.com>
2025-07-23 12:27:38 +01:00
Mathias Vorreiter Pedersen
5d6c4a63bb Update cpp/ql/lib/semmle/code/cpp/security/ProductFlowUtils/ProductFlowUtils.qll
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-23 11:53:55 +01:00
Simon Friis Vindum
49ecc60c0f Merge pull request #20076 from paldepind/rust/type-inference-cleanup-join
Rust: Type inference refactor and improve join orders
2025-07-23 12:53:43 +02:00
Ian Lynagh
d1da041fcf Kotlin: Regenerate
Ran "../tools/bazel mod tidy"
2025-07-23 11:53:06 +01:00
Ian Lynagh
8432f6e42e Kotlin: Add 2.2.20-Beta1 version 2025-07-23 11:52:48 +01:00
Ian Lynagh
965f1fc547 Kotlin: Add 2.2.20 deps 2025-07-23 11:51:45 +01:00
Ian Lynagh
f148f434e1 Kotlin: Add a changenote for the addition of 2.2.2x support 2025-07-23 11:49:38 +01:00
Mathias Vorreiter Pedersen
019447b681 C++: Add change note. 2025-07-23 11:49:07 +01:00
Ian Lynagh
ad391df03f Kotlin: Support 2.2.20 2025-07-23 11:47:52 +01:00
copilot-swe-agent[bot]
defd4a1d08 Add change note for removal of deprecated dataflow predicates
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
2025-07-23 10:41:31 +00:00
copilot-swe-agent[bot]
f1df63657b Add CodeQL autoformatter instructions to copilot-instructions.md
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
2025-07-23 10:08:51 +00:00
Nick Rolfe
28d3a6b404 Merge pull request #20113 from github/post-release-prep/codeql-cli-2.22.2
Post-release preparation for codeql-cli-2.22.2
2025-07-23 06:05:34 -04:00
Nora Dimitrijević
766b0bf773 Merge pull request #20082 from d10c/d10c/diff-informed-phase-3-swift
Swift: Diff-informed queries: phase 3 (non-trivial locations)
2025-07-23 11:56:04 +02:00
github-actions[bot]
68a96a44d8 Post-release preparation for codeql-cli-2.22.2 2025-07-23 09:53:25 +00:00
Nick Rolfe
ff54dfe8aa Merge pull request #20112 from github/release-prep/2.22.2
Release preparation for version 2.22.2
2025-07-23 05:40:18 -04:00
Nick Rolfe
2c03d1f14a Tweak changenotes 2025-07-23 10:38:57 +01:00
copilot-swe-agent[bot]
2cc732e235 Apply QL autoformatter to ModelsAsData.qll
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
2025-07-23 09:38:10 +00:00
github-actions[bot]
26296c44d3 Release preparation for version 2.22.2 2025-07-23 09:32:53 +00:00
Nick Rolfe
a883db0935 Merge pull request #20110 from github/revert-20105-release-prep/2.22.2
Revert "Release preparation for version 2.22.2"
2025-07-23 05:30:33 -04:00
Nick Rolfe
12ebf717eb Revert "Release preparation for version 2.22.2" 2025-07-23 10:09:23 +01:00
copilot-swe-agent[bot]
0245cd872c Remove deprecated Rust dataflow predicates and associated classes
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
2025-07-23 08:49:24 +00:00
copilot-swe-agent[bot]
69d50e103f Initial plan 2025-07-23 08:41:24 +00:00
Geoffrey White
68f0dfe046 Shared: Fix after merge. 2025-07-23 08:55:44 +01:00
Geoffrey White
4f6b698ca3 Merge branch 'main' into moresensitive2 2025-07-23 08:50:25 +01:00
Simon Friis Vindum
f432cf9c4d Merge pull request #20041 from paldepind/rust/type-inference-tuples
Rust: Type inference for tuples
2025-07-23 08:21:27 +02:00
Ian Lynagh
09dd708086 Merge pull request #20031 from igfoo/igfoo/kotlin-tests-2.2.0
Kotlin: Run the tests with 2.2.0
2025-07-22 22:20:40 +01:00
Chanel
c961340f54 Merge pull request #260 from microsoft/powershell-unsafe-deserialization
Powershell Unsafe Deserialize query
2025-07-22 10:49:10 -07:00
Mathias Vorreiter Pedersen
1189665970 C++: Add barriers to 'cpp/overrun-write'. 2025-07-22 18:35:56 +01:00
Mathias Vorreiter Pedersen
a502bb1ac2 C++: Add a copy of 'isSinkPairImpl' (named 'isSinkPairImpl0') with a few more columns that we'll need. 2025-07-22 18:35:50 +01:00
Mathias Vorreiter Pedersen
e0eadc75dd C++: Remove the ad-hoc code for keeping track of increments/decrements on pointers in the 'cpp/overrun-write' query. 2025-07-22 18:35:31 +01:00
Mathias Vorreiter Pedersen
a1f4246c5f C++: Extract the barriers from 'cpp/invalid-pointer-deref' into a library. 2025-07-22 18:35:29 +01:00
Mathias Vorreiter Pedersen
92a730c9ac C++: Add a false positive. 2025-07-22 18:35:21 +01:00
Chanel
d78280ea0f Merge branch 'main' into powershell-unsafe-deserialization 2025-07-22 10:07:10 -07:00
Chanel
3b90949d4d Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-07-22 10:06:59 -07:00
Chanel
2e93ec5490 Update powershell/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-07-22 10:06:52 -07:00
Chanel
6d62e8717a Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-07-22 10:06:46 -07:00
Chanel
9266713d19 Update powershell/ql/src/queries/security/cwe-502/BinaryFormatterDeserialization.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-07-22 10:06:39 -07:00
Ian Lynagh
cd3143f106 Kotlin: Disable the custom plugin test for now 2025-07-22 17:38:14 +01:00
Ian Lynagh
9a03f2eb26 Kotlin: Accept test changes in 2.2.0 2025-07-22 17:38:14 +01:00
Ian Lynagh
65bd1aff83 Kotlin: Update default version to 2.2.0
Changes the default version from 2.1.20 to 2.2.0 in the wrapper.py file.
2025-07-22 17:38:14 +01:00
Nick Rolfe
dd8d04bb94 Merge branch 'main' into post-release-prep/codeql-cli-2.22.2 2025-07-22 10:30:14 -04:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
320f75fa51 Merge pull request #20105 from github/release-prep/2.22.2
Release preparation for version 2.22.2
2025-07-22 10:11:13 -04:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
5fb7541a94 Merge pull request #20104 from github/revert-20100-release-prep/2.22.2
Revert "Release preparation for version 2.22.2"
2025-07-22 10:01:12 -04:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Geoffrey White
6efc19daac Merge pull request #18943 from geoffw0/constcrypto
Rust: new query rust/hardcoded-crytographic-value
2025-07-22 13:36:14 +01:00
Geoffrey White
f7d822b19c Rust: Remove empty file. 2025-07-22 12:43:22 +01:00
Nick Rolfe
96a32c0179 Merge pull request #20103 from github/post-release-prep/codeql-cli-2.22.2
Post-release preparation for codeql-cli-2.22.2
2025-07-22 06:01:34 -04:00
github-actions[bot]
deb035cf4e Post-release preparation for codeql-cli-2.22.2 2025-07-22 09:36:07 +00:00
Nick Rolfe
0b7111b867 Merge pull request #20100 from github/release-prep/2.22.2
Release preparation for version 2.22.2
2025-07-22 04:55:58 -04:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
Simon Friis Vindum
6b366d8384 Merge branch 'main' into rust/type-inference-tuples 2025-07-22 10:45:41 +02:00
Simon Friis Vindum
79cc7318ba Merge pull request #20096 from paldepind/rust/path-resolution-associated-type-fix
Rust: Path resolution associated type fix
2025-07-22 10:12:07 +02:00
Geoffrey White
1945fb8258 Rust: Accept changes to query suites. 2025-07-21 21:09:42 +01:00
Geoffrey White
43ac82f6a3 Rust: Update consistency check .expected files. 2025-07-21 21:01:01 +01:00
Geoffrey White
d53dada67f Rust: Update barrier logic to use getCanonicalPath. 2025-07-21 20:56:48 +01:00
Geoffrey White
ec3ad85504 Rust: Add another test case for barriers (that still functions). 2025-07-21 20:53:37 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Geoffrey White
796cb193fc Rust: Accept test regressions with new format MaD. 2025-07-21 17:24:19 +01:00
Geoffrey White
fc8a662f0d Rust: Update the models. 2025-07-21 17:24:07 +01:00
Nick Rolfe
05572b49de Merge pull request #20099 from github/nickrolfe/revert-2.22.2-prep
Revert post-release preparation for codeql-cli-2.22.2
2025-07-21 10:58:49 -04:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2"
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
2025-07-21 15:18:59 +01:00
Simon Friis Vindum
ad5c5acae5 Merge pull request #20094 from paldepind/rust/type-inference-path-mention
Rust: Refactor `PathTypeMention`
2025-07-21 14:00:20 +02:00
Owen Mansel-Chan
472a6b5fe1 Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization
Java: Update qhelp: SnakeYaml is safe from version 2.0
2025-07-21 12:22:36 +01:00
Geoffrey White
0ec10e5c30 Rust: Corrections after the merge. 2025-07-21 12:12:23 +01:00
Simon Friis Vindum
28850460b2 Rust: Accept test changes 2025-07-21 12:07:08 +02:00
Anders Schack-Mulligen
d5cdfc673e Merge pull request #20092 from aschackmull/java/joinorder2
Java: Improve more join-orders
2025-07-21 11:27:14 +02:00
Nora Dimitrijević
fbee6bbe21 Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java
Java: Diff-informed queries: phase 3 (non-trivial locations)
2025-07-21 11:23:12 +02:00
Simon Friis Vindum
8ebebf03c2 Rust: Add type inference test with associated type that collides with type parameter 2025-07-21 10:11:41 +02:00
Simon Friis Vindum
ac6715fb3a Rust: Avoid mixing up type parameters and associated types in path resolution 2025-07-21 10:07:41 +02:00
Simon Friis Vindum
71a5e410d7 Rust: Add path resolution test 2025-07-21 09:59:12 +02:00
Anders Schack-Mulligen
937e3dc469 Merge pull request #20091 from aschackmull/java/fix-cfg-cp-assert
Java: Fix accidental CP in CFG for asserts.
2025-07-21 09:07:19 +02:00
Simon Friis Vindum
441cefd0bd Rust: Accept test changes 2025-07-21 08:34:16 +02:00
Simon Friis Vindum
27e5251285 Rust: Add resolveRootType predicate instead of using resolveType recursively 2025-07-19 13:57:31 +02:00
Simon Friis Vindum
804ffdb682 Rust: Split PathTypeMention into an alias and a non-alias subclass 2025-07-19 13:43:56 +02:00
Simon Friis Vindum
0e8c137a98 Rust: Only include paths as type mentions when they're used as such
On databend this changes the number of `PathTypeMention`s from 3,777,464 to 3,330,024. Not a huge difference, but there's also downstream predicates that are reduced as well.
2025-07-19 11:57:13 +02:00
Simon Friis Vindum
620d228ffa Rust: Factor out getTypeMentionForTypeParameter 2025-07-19 08:41:38 +02:00
Anders Schack-Mulligen
46ebf503c7 Java: Improve join-order by controlling magic and breaking up TCs. 2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7 Java: Improve join by preventing ssa use-pair join. 2025-07-18 16:12:00 +02:00
Simon Friis Vindum
43b2977cb4 Shared, Rust: Reuse hasTypeConstraint in potentialInstantiationOf and factor out multipleConstraintImplementations 2025-07-18 15:33:17 +02:00
Simon Friis Vindum
bdcecdfc2c Shared, Rust: Ensure that the constraints in satisfiesConstraintType are in relevantConstraint 2025-07-18 15:33:16 +02:00
Simon Friis Vindum
475d872ffb Shared, Rust: Adjust type inference predicates to better match use sites 2025-07-18 15:32:42 +02:00
Anders Schack-Mulligen
d64a9368d2 Merge pull request #20088 from aschackmull/java/joinorders1
Java: Improve several join-orders
2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d Java: Fix accidental CP in CFG for asserts. 2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9 Java: Improve join-order by properly annotating haveIntersection. 2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order. 2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5 Java: Allow 2-column join on delta to improve join-order. 2025-07-18 11:45:45 +02:00
Joe Farebrother
8ccb2ed059 Merge remote-tracking branch 'origin/python-qual-raise-not-implemented' into python-qual-raise-not-implemented 2025-07-18 10:05:40 +01:00
Michael Nebel
ededa3c006 Merge pull request #20087 from github/workflow/coverage/update
Update CSV framework coverage reports
2025-07-18 08:34:04 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Joe Farebrother
f2dd96ecf4 Update python/ql/src/Exceptions/NotImplementedIsNotAnException.qhelp
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-17 22:08:01 +01:00
Joe Farebrother
57f1d07b2b Undo module deprecation (used by another quality query) 2025-07-17 21:54:55 +01:00
Chanel Young
1149d33691 updated .expected test file 2025-07-17 13:19:07 -07:00
Chanel
03a7d3d243 Merge pull request #261 from microsoft/global-flow-through-env-variables-2
PS: Global flow through environment variables
2025-07-17 12:30:14 -07:00
Mathias Vorreiter Pedersen
b72af27e81 PS: Add tests showing that there is no flow starting at environment variables, but we still have flow through them. 2025-07-17 20:05:21 +01:00
Mathias Vorreiter Pedersen
a95f3b3f47 PS: Accept test changes. 2025-07-17 19:01:09 +01:00
Mathias Vorreiter Pedersen
6ab627955f PS: Implement global dataflow for environment variable write/reads. 2025-07-17 18:59:25 +01:00
Mathias Vorreiter Pedersen
2541bcdf5e PS: Add test cases. 2025-07-17 18:59:19 +01:00
Mathias Vorreiter Pedersen
3f4a16978e PS: Change the AST so that an 'EnvVariable' is actually a 'Variable', and make it possible for a 'VarAccess' to target a read/write of an environment variable. 2025-07-17 18:48:11 +01:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873 [DIFF-INFORMED] Java: UnsafeCertTrust
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c [DIFF-INFORMED] Java: TrustBoundaryViolation
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2 [DIFF-INFORMED] Java: TempDirLocalInformationDisclosure
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e [DIFF-INFORMED] Java: TaintedEnvironmentVariable
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02 [DIFF-INFORMED] Java: SqlConcatenated
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d [DIFF-INFORMED] Java: SensitiveLogging
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595 [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec [DIFF-INFORMED] Java: LogInjection
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1 [DIFF-INFORMED] Java: InsecureLdapAuth
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0 [DIFF-INFORMED] Java: InsecureCookie
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805 [DIFF-INFORMED] Java: ImproperValidationOfArray…
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
2025-07-17 19:01:50 +02:00
Nora Dimitrijević
919fea53f0 [DIFF-INFORMED] Java: ExternallyControlledFormatString
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql#L24
2025-07-17 19:01:34 +02:00
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed [DIFF-INFORMED] Java: ArithmeticUncontrolled
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99 [DIFF-INFORMED] Java: ArithmeticTainted
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
2025-07-17 18:59:09 +02:00
Nora Dimitrijević
8353fdd041 [DIFF-INFORMED] Java: (Android)SensitiveCommunication
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20
2025-07-17 18:59:06 +02:00
Nora Dimitrijević
b33058c967 [TEST] Java: SensitiveCommunication: convert to qlref 2025-07-17 18:59:05 +02:00
Nora Dimitrijević
44bb5e7220 [TEST] Java: ConditionalBypass: convert to qlref 2025-07-17 18:59:03 +02:00
Nora Dimitrijević
6134518d60 [TEST] Java: SensitiveLogInfo: convert to qlref 2025-07-17 18:59:01 +02:00
Nora Dimitrijević
94386f0550 [TEST] Java: TrustBoundaryViolations: convert test to qlref 2025-07-17 18:58:59 +02:00
Nora Dimitrijević
49e03b4dfd [TEST] Java: UnsafeCertTrust: convert test to qlref 2025-07-17 18:58:56 +02:00
Nora Dimitrijević
7aced48443 [TEST] Java: LogInjection: convert test to qlref 2025-07-17 18:58:54 +02:00
Nora Dimitrijević
5c2cf79785 [TEST] Java: CWE-020/ExternalAPI: new test based on qhelp 2025-07-17 18:58:52 +02:00
Chanel Young
6ac935469f move logic to qlls 2025-07-17 08:27:36 -07:00
Geoffrey White
c2ddf25f11 Merge branch 'main' into constcrypto 2025-07-17 16:13:58 +01:00
Anders Schack-Mulligen
996de78a66 Java: Prune PathGraph for CsrfUnprotectedRequestType.ql 2025-07-17 15:06:38 +02:00
Anders Schack-Mulligen
1485d7072d Merge pull request #19885 from aschackmull/java/annotated-exit-cfg
Java: Add AnnotatedExitNodes to the CFG.
2025-07-17 15:02:24 +02:00
Nora Dimitrijević
4342b2b799 [DIFF-INFORMED] Swift: UnsafeWebViewFetch
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql#L24
2025-07-17 14:59:09 +02:00
Nora Dimitrijević
b1e723991e [DIFF-INFORMED] Swift: InsecureTLS
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql#L18
2025-07-17 14:59:07 +02:00
Nora Dimitrijević
6dea73b081 [DIFF-INFORMED] Swift: CleartextStoragePreferences
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql#L32
2025-07-17 14:59:05 +02:00
Nora Dimitrijević
cd3fa64ee3 [DIFF-INFORMED] Swift: CleartextStorageDatabase
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql#L33
2025-07-17 14:59:03 +02:00
Michael Nebel
2f29459cda Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck
Ql4ql: Quality query tagging.
2025-07-17 14:53:14 +02:00
Idriss Riouak
36ebe99f2f Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream
fix qhelp files
2025-07-17 14:51:01 +02:00
Owen Mansel-Chan
af977e9ac7 Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
2025-07-17 13:42:31 +01:00
Kasper Svendsen
a807db52ad Merge pull request #19872 from github/kaspersv/overlay-java-enable
Overlay: Enable overlay compilation for Java
2025-07-17 14:38:17 +02:00
Jeroen Ketema
acc66c7b58 Merge pull request #19984 from jketema/jketema/sec-shared
Make a proper shared library out of the concept related libraries
2025-07-17 13:25:33 +02:00
Owen Mansel-Chan
6629bd8279 No need to deprecate classes when module is deprecated 2025-07-17 11:52:31 +01:00
Owen Mansel-Chan
b361f76643 Delete unused private class 2025-07-17 11:36:06 +01:00
Anders Schack-Mulligen
448cc82ef9 Kotlin: Accept more test changes. 2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen
54775e0958 Java: Adjust Paths.qll 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
fbe79e8a52 Java: Add AnnotatedExitNodes to the CFG. 2025-07-17 11:21:26 +02:00
Joe Farebrother
680e31dc48 Modernize raise-not-implemented 2025-07-17 10:02:00 +01:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency
Go: Fix compilation of DataFlowImplConsistency.qll
2025-07-17 09:22:12 +01:00
Michael Nebel
01738c2e42 Merge pull request #19940 from michaelnebel/csharp/fixmodels
C#: Improve some existing manual models.
2025-07-17 07:58:14 +02:00
Chanel Young
cb8496bbfe added queries, tests, docs 2025-07-16 14:27:23 -07:00
Jeroen Ketema
eabe651edf Merge pull request #20069 from jketema/spaceship-ir
C++: Support the spaceship operator in the IR
2025-07-16 21:45:39 +02:00
Mathias Vorreiter Pedersen
ef3654f9cf PS: Small cleanup. 2025-07-16 20:21:08 +01:00
Chanel
5fde17736b Merge pull request #258 from microsoft/fix-call-operator-bug
PS: Fix bug in `CallOperator::getCommand`
2025-07-16 09:50:46 -07:00
Jeroen Ketema
29a6af4efd C++: Fix instruction class name 2025-07-16 18:11:17 +02:00
Jeroen Ketema
f319381f27 C++: Support the spaceship operator in the IR 2025-07-16 17:53:55 +02:00
Jeroen Ketema
9b8302f983 Merge pull request #20068 from jketema/spaceship-test
C++: Add test that shows that IR generation for `<=>` is broken
2025-07-16 16:50:25 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Jeroen Ketema
807ab986f4 C++: Update more exoected test results 2025-07-16 16:19:40 +02:00
Mathias Vorreiter Pedersen
a9fb49a2c3 Merge pull request #20066 from MathiasVP/dont-summarize-function-pointer-calls
C++: Don't wrap calls through function pointers in `FunctionWithWrappers`
2025-07-16 14:57:14 +01:00
Jeroen Ketema
2709bf0615 C++: Add test that shows that IR generation for <=> is broken 2025-07-16 15:54:18 +02:00
Owen Mansel-Chan
7d4a70cc1d Add change notes 2025-07-16 14:44:24 +01:00
Owen Mansel-Chan
ad60aff860 Update which sink kinds are shared between languages 2025-07-16 14:42:12 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
2025-07-16 14:42:07 +01:00
Mathias Vorreiter Pedersen
72af800101 PS: Accept test changes. 2025-07-16 14:33:02 +01:00
Mathias Vorreiter Pedersen
205d2e58ff PS: Add dot sourcing as a sink. 2025-07-16 14:33:01 +01:00
Mathias Vorreiter Pedersen
670ad745ca PS: Add false negative. 2025-07-16 14:32:42 +01:00
Mathias Vorreiter Pedersen
5f07641bd3 PS: Fix false positive by fixing the 'getCommand' predicates in 'CallOperatorCfgNode' and 'CallOperator'. Also fix 'DotSourcingOperator::getPath' while here. 2025-07-16 14:31:51 +01:00
Mathias Vorreiter Pedersen
8b953e4f22 C++: No need for 'resolveCall' anymore. 2025-07-16 14:28:04 +01:00
Mathias Vorreiter Pedersen
df4b338c5d C++: Add change notes. 2025-07-16 14:11:09 +01:00
Mathias Vorreiter Pedersen
75d37dcead PS: Add false positive. 2025-07-16 13:46:44 +01:00
Mathias Vorreiter Pedersen
f39d08ecfa PS: Fix spelling. 2025-07-16 13:45:09 +01:00
Jeroen Ketema
1990438376 JS: Fix import
The import should not have been private, because we want users to still be
able to import this file and have access to the crypto algorithms.
2025-07-16 14:41:50 +02:00
Jeroen Ketema
24bea738c9 Shared: Add missing QLDoc and change note 2025-07-16 14:37:43 +02:00
Simon Friis Vindum
7f8829ad8e Rust: Add additional inline expectation
Co-authored-by: Arthur Baars <aibaars@github.com>
2025-07-16 14:00:27 +02:00
Mathias Vorreiter Pedersen
ca913b452c C++: Don't summarize calls through function pointers in FunctionWithWrappers. 2025-07-16 11:51:46 +01:00
Jeroen Ketema
200d46f5c7 Merge pull request #20060 from jketema/typeid-fix
C++: Fix typeid IR translation
2025-07-16 12:40:03 +02:00
Simon Friis Vindum
bbd7ed57ce Rust: Add inline expectation 2025-07-16 12:32:35 +02:00
Michael Nebel
e9fdca7d39 C#: Address review comments. 2025-07-16 11:12:25 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config
C#: Make web.config match case insensitive (with change note)
2025-07-16 09:52:34 +01:00
Michael Nebel
c5357ff556 Merge pull request #20008 from Hug0Vincent/csharp
feat: add getASupertype() predicate in ValueOrRefType.
2025-07-16 10:39:57 +02:00
Chris Smowton
a537c0091e change note 2025-07-16 09:06:38 +01:00
Simon Friis Vindum
a508089df8 Rust: Improvements to tuple type inference based on PR feedback 2025-07-16 09:38:29 +02:00
Geoffrey White
d264fb5865 Merge pull request #20042 from geoffw0/sinknoise
Rust: Make rust/summary/query-sinks less noisy
2025-07-16 08:36:16 +01:00
Michael Nebel
70bf61dc57 C#: Convert Deserialization tests to use inline expectations. 2025-07-16 08:41:58 +02:00
Michael Nebel
8f8b0428ab C#: Add change-note. 2025-07-16 08:41:56 +02:00
Michael Nebel
eba901f610 C#: Update flow summaries expected output. 2025-07-16 08:41:55 +02:00
Michael Nebel
95763dd225 C#: Add some models for SerializationInto and SerializationInfoEnumerator. 2025-07-16 08:41:53 +02:00
Michael Nebel
5c05ff843a C#: Improve the models for System.Text.Encoding.[GetBytes|GetChars]. 2025-07-16 08:41:52 +02:00
Michael Nebel
064c4fca12 C#: Add models for the remaining overloads of System.Xml.XmlDictionaryReader.CreateBinaryReader. 2025-07-16 08:41:50 +02:00
Michael Nebel
3ae69d5f3d C#: Promote the generated System.Xml.XmlDictionaryReader.CreateBinaryReader models to manual models. 2025-07-16 08:41:49 +02:00
Michael Nebel
8ee16f68a7 C#: Update test expected output. 2025-07-16 08:41:48 +02:00
Michael Nebel
13b40bbab4 C#: Fix erroneous model the MemoryStream constructor (and align with the other models). 2025-07-16 08:41:46 +02:00
Michael Nebel
4036140f4b C#: Add Deserialize testcase. 2025-07-16 08:41:45 +02:00
Hugo
8c82405b5b Update 2025-06-10-getasupertype.md 2025-07-16 00:35:30 +02:00
Hugo
6384cf2e4f Update predicate name 2025-07-16 00:35:14 +02:00
Jeroen Ketema
529712122c C++: Address review comments 2025-07-15 22:15:11 +02:00
James Frank
b9acaa0cbd Make web.config match case insensitive 2025-07-15 15:34:42 -04:00
Jeroen Ketema
a08d594371 C++: Introduce TypeidInstruction base class 2025-07-15 21:31:24 +02:00
Jeroen Ketema
58aa7588e5 Merge pull request #20059 from MathiasVP/no-more-as-expr-inUncontrolledProcessOperation
C++: Reduce duplication in `cpp/uncontrolled-process-operation`
2025-07-15 21:17:08 +02:00
Jeroen Ketema
54f11ca611 C++: Fix typo in comment 2025-07-15 20:40:57 +02:00
Jeroen Ketema
70bff4e726 C++: Fix typeid IR translation 2025-07-15 20:24:17 +02:00
Chris Smowton
16f3fc6c33 Merge pull request #20056 from github/smowton/fix/tainted-path-is-local
Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard
2025-07-15 17:40:07 +01:00
Mathias Vorreiter Pedersen
327c4b345d Merge pull request #20058 from jketema/typeid-test
C++: Add test showing that the IR translation for `typeid` is broken
2025-07-15 16:55:16 +01:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Jeroen Ketema
477edd215c C++: Add test showing that the IR translation for typeid is broken 2025-07-15 17:29:00 +02:00
Owen Mansel-Chan
9ef22fff8e Update SnakeYaml reference to note that it is outdated 2025-07-15 15:27:01 +01:00
Kasper Svendsen
10a678dcbd Java lib qlpack: Enable overlay compilation 2025-07-15 16:23:40 +02:00
Kasper Svendsen
9c3e275e66 Merge pull request #20011 from kaspersv/kaspersv/discard-xml
Overlay: Add XML and Java property discarding
2025-07-15 16:13:38 +02:00
Chris Smowton
ac72f8523a Change note 2025-07-15 14:51:19 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Kasper Svendsen
f84a3084f0 Address review comment about ignored QL variable
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2025-07-15 15:34:08 +02:00
Anders Schack-Mulligen
b13f11883c Merge pull request #20054 from aschackmull/java/fixup-control-char-query
Java: Restrict results to source literals.
2025-07-15 15:28:46 +02:00
Anders Schack-Mulligen
9e87095bed Java: Restrict results to source literals. 2025-07-15 14:54:02 +02:00
Owen Mansel-Chan
9661ee407f Fix compilation of DataFlowImplConsistency.qll 2025-07-15 13:51:45 +01:00
Joe Farebrother
0f5be2d096 Update python/ql/src/Expressions/DuplicateKeyInDictionaryLiteral.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-15 13:33:57 +01:00
Joe Farebrother
909f57261c Minor doc updates; updating python 2 references to python 3 and updating grammar 2025-07-15 13:26:46 +01:00
Nick Rolfe
16e9e8e836 Merge pull request #20049 from github/nickrolfe/java-deleted-files
Java: use `overlayChangedFiles` in discard prediactes
2025-07-15 07:42:54 -04:00
Joe Farebrother
7a7db0efe8 Update unsupported format character documentaion, fix outdated reference link 2025-07-15 10:42:25 +01:00
Joe Farebrother
df5f76872f Update docs for duplicate-key-in-dict-literal to relate. to python 3 2025-07-15 10:18:29 +01:00
Nick Rolfe
c199d0cbbe Java: use overlayChangedFiles in discard prediactes 2025-07-15 10:10:32 +01:00
Simon Friis Vindum
8858f213ff Rust: Add a change note 2025-07-15 10:23:30 +02:00
Simon Friis Vindum
97e77944eb Rust: Accept test changes 2025-07-15 10:21:53 +02:00
Simon Friis Vindum
7c04c9f969 Rust: Store arity in tuple type parameters
Type parameters are required to belong to a single type only. Since we store the arity for tuple types, we need to store the arity in tuple type parameters as well such that we can associate them to the tuple type of the same arity.
2025-07-15 09:50:15 +02:00
Mathias Vorreiter Pedersen
29cceeba1a C++: Don't use asExpr to mark the sink in 'cpp/uncontrolled-process-operation'. 2025-07-14 18:08:58 +01:00
Jeroen Ketema
2ed54d52ad Merge pull request #20040 from MathiasVP/fix-global-variable-recursion-fp
C++: Fix global variable dataflow FP
2025-07-14 18:59:34 +02:00
Geoffrey White
26dae8144c Rust: Make rust/summary/query-sinks less noisy and thus more useful. This is the one in the DCA meta queries output, not the grand total used in metrics. 2025-07-14 17:26:43 +01:00
Jeroen Ketema
d33cd71685 Merge pull request #20030 from github/tausbn/javascript-ignore-tsconfig-outdirs-that-exclude-everything
JavaScript: Ignore `outDir`s that would exclude everything
2025-07-14 17:36:30 +02:00
Paolo Tranquilli
85d1e06335 Merge pull request #20039 from github/redsun82/kotlin-plugin-test
Kotlin: tweak plugin test
2025-07-14 17:20:27 +02:00
Mathias Vorreiter Pedersen
c83895fdd2 Merge branch 'main' into fix-global-variable-recursion-fp 2025-07-14 16:08:46 +01:00
Mathias Vorreiter Pedersen
1d36405084 C++: Accept path changes. 2025-07-14 15:47:06 +01:00
Simon Friis Vindum
03a9a1688e Rust: Add type inference for tuples 2025-07-14 16:37:05 +02:00
Jeroen Ketema
199587095a Add overlay annotations 2025-07-14 16:31:04 +02:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Simon Friis Vindum
21c030fa46 Rust: Expand on type inference test for tuples 2025-07-14 16:24:11 +02:00
Mathias Vorreiter Pedersen
a825213c05 C++: Fix FP by not generating a global def entry node for variable 'v' in the 'IRfunction' for 'v' itself. 2025-07-14 15:22:52 +01:00
Mathias Vorreiter Pedersen
46627c677d C++: Add FP in dataflow through global variables. 2025-07-14 15:20:08 +01:00
Simon Friis Vindum
87a8dccf7a Merge pull request #20037 from paldepind/rust/type-inference-rename-expectations
Rust: Rename type inference test inline expectation tag
2025-07-14 15:54:18 +02:00
Paolo Tranquilli
31d0897f74 Kotlin: disable bazel cache in plugin test 2025-07-14 15:30:11 +02:00
Nick Rolfe
c941e917e7 Merge pull request #19731 from github/nickrolfe/ruby-compile-for-overlay-eval
Ruby: enable overlay compilation
2025-07-14 08:20:28 -04:00
Simon Friis Vindum
72854537f4 Merge branch 'main' into rust/type-inference-rename-expectations 2025-07-14 14:15:59 +02:00
Paolo Tranquilli
77cab9d068 Kotlin: tweak plugin test
Put less emphasis on plugin build isolation, to get a better DevEx out
of it. The crux of the test is the database extraction part, not the
plugin build.
2025-07-14 13:52:22 +02:00
Geoffrey White
918700ff6f Merge branch 'main' into moresensitive2 2025-07-14 11:58:08 +01:00
Geoffrey White
da0742f3ec Rust: Update path resolution consistency .expected. 2025-07-14 11:45:45 +01:00
Geoffrey White
30c6082b5d Sync identical files. 2025-07-14 11:45:34 +01:00
Geoffrey White
b43a0e758b Merge pull request #19946 from geoffw0/models3b
Rust: Update legacy MaD models 3
2025-07-14 11:19:47 +01:00
Geoffrey White
e121579a85 Rust: Adjust the test labels slightly. 2025-07-14 11:19:31 +01:00
Geoffrey White
9f59a3501c Rust: Revert ipaddr and fingerprint terms (too many FPs). 2025-07-14 11:17:09 +01:00
Geoffrey White
be7db8079a Rust: Accept consistency check change (from CI). 2025-07-14 10:59:03 +01:00
Ian Lynagh
86ebf3d9f6 Merge pull request #20034 from github/igfoo/fix_regex_in_dbscheme_parser
Kotlin: Update regex patterns to use raw string notation
2025-07-14 10:43:45 +01:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Jeroen Ketema
01ee3f7011 Shared: Add shared concepts library 2025-07-14 11:38:39 +02:00
Michael B. Gale
27f2000eff Merge pull request #20035 from github/dependabot/go_modules/go/extractor/extractor-dependencies-5538d87460
Bump golang.org/x/tools from 0.34.0 to 0.35.0 in /go/extractor in the extractor-dependencies group
2025-07-14 10:12:38 +01:00
Simon Friis Vindum
1f2e0683e7 Rust: Rename type inference test inline expectation tag 2025-07-14 11:02:22 +02:00
Napalys Klicius
cb6978063e Merge pull request #19388 from AdnaneKhan/patch-1
Actions: Fix Critical Artifact poisoning False Positive
2025-07-14 09:58:18 +02:00
dependabot[bot]
c267a88f88 Bump golang.org/x/tools
---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-07-14 03:37:24 +00:00
Ian Lynagh
a6701ced8d Kotlin: Update regex patterns to use raw string notation
Fixes warnings like
SyntaxWarning: invalid escape sequence '\S'
2025-07-13 23:42:50 +01:00
Jeroen Ketema
d82d5c23bf Merge pull request #20026 from jketema/concept-fix
C++: Fix C++20 concept related class extensions
2025-07-13 10:20:10 +02:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
2025-07-12 00:30:23 +01:00
Owen Mansel-Chan
03e8865933 Merge pull request #20025 from owen-mc/java/unsafe-deserialization
Java: add extra sink for `java/unsafe-deserialization`
2025-07-11 23:59:22 +01:00
Geoffrey White
05e1cd437d Rust: Fix garbled merge. 2025-07-11 17:50:24 +01:00
Geoffrey White
e20ae48699 Merge branch 'main' into models3b 2025-07-11 17:37:52 +01:00
Adnan Khan
c95b5ce598 Merge branch 'main' into patch-1 2025-07-11 09:12:39 -07:00
AdnaneKhan
6ac0f0e031 Fix change note filename. 2025-07-11 12:11:58 -04:00
Geoffrey White
68a37f99e3 Rust: Add something similar as a type inference test case. 2025-07-11 17:08:05 +01:00
Arthur Baars
14a362d1bc Merge pull request #20029 from github/aibaars/more-pattern-tests
Rust: add more type inference tests for patterns and a simple one for a closure call
2025-07-11 17:35:37 +02:00
Geoffrey White
33ea822f40 Rust: Workaround for type inference issue in the test. 2025-07-11 16:09:43 +01:00
Taus
30f705822d JavaScript: Add test where outDir resolves to an unwanted path 2025-07-11 14:58:03 +00:00
Taus
344535b559 Merge pull request #19672 from github/tausbn/python-support-type-annotations-in-call-graph
Python: Support type annotations in call graph
2025-07-11 16:44:10 +02:00
Geoffrey White
4778ef616a Rust: Add a test case for password_confirmation. 2025-07-11 15:43:31 +01:00
Tom Hvitved
88b4f971b5 Merge pull request #20027 from hvitved/rust/remove-resolves-as-item
Rust: Remove `Resolvable.resolvesAsItem`
2025-07-11 16:39:12 +02:00
Mathias Vorreiter Pedersen
1da42cb590 Merge pull request #20023 from MathiasVP/dataflow-for-functors
C++: Better dataflow for function objects
2025-07-11 15:14:27 +01:00
Arthur Baars
519905ee9e Rust: type inference: add test for closure argument 2025-07-11 15:59:43 +02:00
Arthur Baars
32e7a9d445 Rust: type inference: more pattern matching tests
Thanks to co-pilot for generating the examples
2025-07-11 15:55:45 +02:00
Taus
2f822cb0cd JavaScript: Add change note 2025-07-11 13:32:35 +00:00
Taus
43accc50cd JavaScript: Ignore outDirs that would exclude everything
In #19680 we added support for automatically ignoring files in the
`outDir` directory as specified in the TSconfig compiler options (as
these files were likely duplicates of `.ts` file we were already
scanning).

However, in some cases people put `outDir: "."` or even `outDir: ".."`
in their configuration, which had the side effect of excluding _all_
files, leading to a failed extraction.

With the changes in this PR, we now ignore any `outDir`s that are not
properly contained within the source root of the code being scanned.
This should prevent the files from being extracted, while still allowing
us to not double-scan files in, say, a `.github` directory, as seen in
some Actions workflows.
2025-07-11 13:28:59 +00:00
Mathias Vorreiter Pedersen
053a749e14 C++: Add change note. 2025-07-11 13:43:01 +01:00
Tom Hvitved
655b3de6bb Rust: Remove Resolvable.resolvesAsItem
Removes one more use of extractor-based resolution.
2025-07-11 14:41:41 +02:00
Mathias Vorreiter Pedersen
649c8831ec Merge pull request #20014 from jketema/wchar
C++: Do not alert on unreachable code in `cpp/incorrect-string-type-conversion`
2025-07-11 13:39:37 +01:00
Tom Hvitved
0a18db8960 Merge pull request #20020 from hvitved/rust/type-inference-pattern-matching
Rust: Type inference for pattern matching
2025-07-11 14:05:10 +02:00
Taus
c6c6a857df Python: Add tests
Also fixes an issue with the return type annotations that caused these
to not work properly.

Currently, annotated assignments don't work properly, due to the fact
that our flow relation doesn't consider flow going to the "type" part of
an annotated assignment. This means that in `x : Foo`, we do correctly
note that `x` is annotated with `Foo`, but we have no idea what `Foo`
is, since it has no incoming flow.

To fix this we should probably just extend the flow relation, but this
may need to be done with some care, so I have left it as future work.
2025-07-11 12:03:14 +00:00
Taus
2c45550a9f Python: Add change note
Co-authored-by: Napalys Klicius <napalys@github.com>
2025-07-11 12:03:14 +00:00
Taus
d1cf7f0624 Python: Support type annotations in call graph
Adds support for tracking instances via type annotations. Also adds a
convenience method to the newly added `Annotation` class,
`getAnnotatedExpression`, that returns the expression that is annotated
with the given type. For return annotations this is any value returned
from the annotated function in question.

Co-authored-by: Napalys Klicius <napalys@github.com>
2025-07-11 12:03:14 +00:00
Jeroen Ketema
232377a583 C++: Fix C++20 concept related class extensions 2025-07-11 13:38:06 +02:00
Geoffrey White
8f6f9f4359 Add change notes. 2025-07-11 11:54:59 +01:00
Tom Hvitved
edf6c7fbd6 Rust: Handle (Enum::)Variant::<TypeArg> type mentions 2025-07-11 12:44:47 +02:00
Tom Hvitved
a96d3d7be8 Rust: Add more type inference tests 2025-07-11 12:42:54 +02:00
Owen Mansel-Chan
7764fbb664 Change note 2025-07-11 11:05:48 +01:00
Owen Mansel-Chan
8e4bd1a102 Add sink for ObjectInput.readObject to make test pass 2025-07-11 11:05:38 +01:00
Owen Mansel-Chan
34fae324a0 Add test for ObjectInput.readObject 2025-07-11 11:03:47 +01:00
Mathias Vorreiter Pedersen
4f538a2b1f C++: Accept taint test changes. 2025-07-11 09:46:22 +01:00
Mathias Vorreiter Pedersen
6d0c8c6d77 C++: Work around an extractor bug. 2025-07-11 09:46:20 +01:00
Mathias Vorreiter Pedersen
df241ad4f6 C++: Fix lambda creation for objects with no constructor. 2025-07-11 09:46:09 +01:00
Tom Hvitved
ac13f408e4 Add change note 2025-07-11 10:42:50 +02:00
Tom Hvitved
4ab2977358 Rust: Type inference for pattern matching 2025-07-11 10:37:40 +02:00
Mathias Vorreiter Pedersen
b53c3547d0 C++: Add lambda dispatch for functors. 2025-07-11 09:36:45 +01:00
Mathias Vorreiter Pedersen
663c3e7b6d C++: Sync identical files. 2025-07-11 09:36:44 +01:00
Mathias Vorreiter Pedersen
11cba94032 C++: Add a missing predicate on 'UninitializedInstruction' that we will use later. 2025-07-11 09:36:42 +01:00
Mathias Vorreiter Pedersen
6736dd4e8f C++: Add some tests with missing flow through function objects. 2025-07-11 09:36:38 +01:00
Tom Hvitved
53ee565fdb Rust: Add more type inference tests 2025-07-11 10:22:24 +02:00
Jonas Jensen
76544f2966 Merge pull request #19943 from asgerf/approximate-related-location
Support approximate related locations
2025-07-11 10:16:24 +02:00
Tom Hvitved
742139927c Merge pull request #19658 from hvitved/rust/type-inference-library-param-fix
Rust: Fix type inference for library parameters
2025-07-11 08:34:19 +02:00
Adnan Khan
07598e8b62 Add test results. 2025-07-11 05:59:13 +00:00
Owen Mansel-Chan
006d77ffdd Refactor QL to make type check more concise 2025-07-11 06:13:01 +01:00
Josh Brown
6d496ee073 Merge pull request #257 from microsoft/jb1/reapply-22.1-tmp
Revert #251, Reapply `codeql-cli/v2.22.1`
2025-07-10 16:08:14 -07:00
Josh Brown
b1b0892ae6 Merge branch 'main' into jb1/reapply-22.1-tmp 2025-07-10 15:15:45 -07:00
Josh Brown
4c5945f4aa Manual merge 2025-07-10 15:08:14 -07:00
Josh Brown
5fb45c89e9 Revert "Merge pull request #251 from microsoft/jb1/upstream-zipslip"
This reverts commit 4dfa5d2858, reversing
changes made to 8cd58aa6e8.
2025-07-10 14:57:38 -07:00
Chanel
866977b6c5 Merge pull request #256 from microsoft/jb1/qhelpfix
QHelp: Terminate p tag
2025-07-10 10:51:18 -07:00
Tom Hvitved
1d7d45e16b Rust: Update expected test output 2025-07-10 19:40:39 +02:00
Tom Hvitved
8cd357a8a0 Rust: Fix type inference for library parameters 2025-07-10 19:40:37 +02:00
Tom Hvitved
1e9520c737 Merge pull request #19995 from hvitved/rust/disambiguate-assoc-function-calls
Rust: Disambiguate associated function calls
2025-07-10 19:38:06 +02:00
Josh Brown
3606679eee Terminate p tag 2025-07-10 10:35:09 -07:00
Geoffrey White
123458fd21 Sync identical files. 2025-07-10 18:10:24 +01:00
Geoffrey White
6de5a618f3 Rust: Accept consistency changes as well. 2025-07-10 18:03:12 +01:00
Josh Brown
4dfa5d2858 Merge pull request #251 from microsoft/jb1/upstream-zipslip
Manual merge upstream
2025-07-10 09:48:55 -07:00
Jeroen Ketema
6d8e2f8231 Merge pull request #20017 from jketema/final
C++: Add dataflow predicate for checking if a node is the final value of a parameter
2025-07-10 18:47:09 +02:00
Josh Brown
87e0b08531 Merge branch 'main' into jb1/upstream-zipslip 2025-07-10 09:35:03 -07:00
Geoffrey White
01c75e38f7 Rust: The rusqlite row.get() calls are missing a canonical path. 2025-07-10 17:31:37 +01:00
AdnaneKhan
1b794e056a Add extra test suggested by @Napalys 2025-07-10 12:24:36 -04:00
Adnan Khan
7be938c6c3 Handle multiple whitespaces in runner temp regex.
Co-authored-by: Napalys Klicius <napalys@github.com>
2025-07-10 12:22:14 -04:00
Geoffrey White
75078346c0 Rust: Accept .expected changes (mostly renumberings). 2025-07-10 17:05:12 +01:00
Owen Mansel-Chan
c39e5a7d97 Update qhelp: SnakeYaml is safe from version 2.0 2025-07-10 16:54:00 +01:00
Nick Rolfe
3a0def7848 Merge pull request #19989 from github/nickrolfe/ruby-annotations
Ruby: add overlay annotations to AST/CFG/SSA layers
2025-07-10 11:53:21 -04:00
Mathias Vorreiter Pedersen
fefb35bede Merge pull request #20016 from MathiasVP/add-more-thread-create-models
C++: Add more thread creation models
2025-07-10 16:44:04 +01:00
Jeroen Ketema
96c379a076 C++: Fix formatting and typo 2025-07-10 15:56:11 +02:00
Geoffrey White
7ba18fa5d0 Merge branch 'main' into models3b 2025-07-10 14:53:09 +01:00
Jeroen Ketema
214969feaf C++: Add change note 2025-07-10 15:52:27 +02:00
Geoffrey White
439cf7a659 Merge pull request #19942 from geoffw0/models1
Rust: Update legacy MaD models 2
2025-07-10 14:50:48 +01:00
Jeroen Ketema
b32a8c2489 C++: Add dataflow predicate for checking if a node is the final value of a parameter 2025-07-10 15:47:23 +02:00
Jeroen Ketema
990b7f0b70 C++: Add change note 2025-07-10 15:13:15 +02:00
Geoffrey White
0c075abe3f Rust: Fix merge (I picked the wrong version). 2025-07-10 13:59:10 +01:00
Geoffrey White
a6b4a18d51 Rust: Add negative patterns. 2025-07-10 13:56:14 +01:00
Geoffrey White
8f95e26ed6 Rust: Combine regexs where possible (likely better performance). 2025-07-10 13:56:12 +01:00
Geoffrey White
99e62d66e5 Rust: Add sensitive data patterns. 2025-07-10 13:56:11 +01:00
Geoffrey White
2cd4d984cc Merge pull request #20002 from geoffw0/moresensitive1
Rust: Add more test cases for sensitive data
2025-07-10 13:54:20 +01:00
Geoffrey White
117e330d53 Merge branch 'main' into models1 2025-07-10 13:52:48 +01:00
Geoffrey White
3debd1ada9 Merge pull request #19948 from geoffw0/models5
Rust: Update legacy MaD models 4
2025-07-10 13:50:54 +01:00
Tom Hvitved
70476c0e14 Add change note 2025-07-10 14:50:00 +02:00
Mathias Vorreiter Pedersen
7ddc909d4e C++: Accept test changes after review. 2025-07-10 13:29:19 +01:00
Tamás Vajk
1351f57d2b Merge pull request #19998 from tamasvajk/quality/label-in-switch
Java: Add query to detect non-case labels in switch statements
2025-07-10 14:13:38 +02:00
Mathias Vorreiter Pedersen
dda4a97080 Update cpp/ql/test/library-tests/dataflow/external-models/test.cpp
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2025-07-10 13:00:43 +01:00
Tom Hvitved
054bbc2ff7 Merge pull request #20015 from hvitved/rust/fix-bad-join
Rust: Fix bad join
2025-07-10 13:59:07 +02:00
Mathias Vorreiter Pedersen
b547dc4621 C++: Add change note. 2025-07-10 12:52:55 +01:00
Tom Hvitved
c7d20eb98a Rust: Update expected test output 2025-07-10 13:52:19 +02:00
Tom Hvitved
ebde0bdc47 Rust: Disambiguate calls to associated functions 2025-07-10 13:52:17 +02:00
Tom Hvitved
95c2b9f8f7 Rust: Add more type inference tests 2025-07-10 13:52:09 +02:00
Mathias Vorreiter Pedersen
89cf215ebb C++: Add models for 'std::thread' and accept test changes. 2025-07-10 12:45:20 +01:00
Mathias Vorreiter Pedersen
2062a774fc C++: Add 'std::thread' test with missing flow. 2025-07-10 12:44:02 +01:00
Mathias Vorreiter Pedersen
d198a964e0 C++: Add a model for 'pthread_create' and accept test changes. 2025-07-10 12:20:24 +01:00
Mathias Vorreiter Pedersen
675a072639 C++: Add 'pthread_create' test with missing flow. 2025-07-10 12:16:23 +01:00
Owen Mansel-Chan
e362e536c0 Merge pull request #20009 from github/dependabot/go_modules/go/extractor/extractor-dependencies-0e1361fb85
Bump golang.org/x/mod from 0.25.0 to 0.26.0 in /go/extractor in the extractor-dependencies group
2025-07-10 11:51:03 +01:00
Tom Hvitved
d4de56c157 Rust: Fix bad join
Before
```
Evaluated relational algebra for predicate TypeInference::getRangeType/1#b4219ae9@c15c3f0b with tuple counts:
               1   ~0%    {1} r1 = CONSTANT(unique string)[".."]
             692   ~0%    {1}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1

             453   ~0%    {1} r2 = JOIN r1 WITH `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207` ON FIRST 1 OUTPUT Lhs.0

             266   ~1%    {1} r3 = JOIN r2 WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0
        10684422   ~0%    {3}    | JOIN WITH cached_Synth::Synth::TStruct#c298e97c CARTESIAN PRODUCT OUTPUT Rhs.1, _, Lhs.0
        10684422   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::range::Range"
             266   ~0%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             363   ~3%    {1} r4 = JOIN r1 WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0
              97   ~2%    {1}    | AND NOT `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207_0#antijoin_rhs`(FIRST 1)
         3896199   ~0%    {3}    | JOIN WITH cached_Synth::Synth::TStruct#c298e97c CARTESIAN PRODUCT OUTPUT Rhs.1, _, Lhs.0
         3896199   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::range::RangeTo"
              97   ~1%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             187   ~0%    {1} r5 = r2 AND NOT `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa_0#antijoin_rhs`(FIRST 1)
         7511229   ~2%    {3}    | JOIN WITH cached_Synth::Synth::TStruct#c298e97c CARTESIAN PRODUCT OUTPUT Rhs.1, _, Lhs.0
         7511229   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::range::RangeFrom"
             187   ~1%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

               1   ~0%    {1} r6 = CONSTANT(unique string)["..="]
             138   ~0%    {1}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1

             131   ~0%    {1} r7 = JOIN r6 WITH `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207` ON FIRST 1 OUTPUT Lhs.0
             131   ~0%    {1}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0
         5261877   ~0%    {3}    | JOIN WITH cached_Synth::Synth::TStruct#c298e97c CARTESIAN PRODUCT OUTPUT Rhs.1, _, Lhs.0
         5261877   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::range::RangeInclusive"
             131   ~3%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             138   ~0%    {1} r8 = JOIN r6 WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0
               7   ~0%    {1}    | AND NOT `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207_0#antijoin_rhs`(FIRST 1)
          281169   ~0%    {3}    | JOIN WITH cached_Synth::Synth::TStruct#c298e97c CARTESIAN PRODUCT OUTPUT Rhs.1, _, Lhs.0
          281169   ~2%    {3}    | REWRITE WITH Out.1 := "core::ops::range::RangeToInclusive"
               7   ~0%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             688   ~0%    {2} r9 = r3 UNION r4 UNION r5 UNION r7 UNION r8
                          return r9
```

After
```
Evaluated relational algebra for predicate TypeInference::getRangeType/1#b4219ae9@7d06d41t with tuple counts:
          1   ~0%    {2} r1 = SCAN Stdlib::RangeToStruct#236b6b84 OUTPUT _, In.0
          1   ~0%    {2}    | REWRITE WITH Out.0 := ".."
        692   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        363   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0, Lhs.1
         97   ~0%    {2}    | AND NOT `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207_0#antijoin_rhs`(FIRST 1)

          1   ~0%    {2} r2 = SCAN Stdlib::RangeFromStruct#8edcefe7 OUTPUT _, In.0
          1   ~0%    {2}    | REWRITE WITH Out.0 := ".."
        692   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        453   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207` ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        187   ~0%    {2}    | AND NOT `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa_0#antijoin_rhs`(FIRST 1)

          1   ~0%    {2} r3 = SCAN Stdlib::RangeToInclusiveStruct#fe43a433 OUTPUT _, In.0
          1   ~0%    {2}    | REWRITE WITH Out.0 := "..="
        138   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        138   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          7   ~0%    {2}    | AND NOT `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207_0#antijoin_rhs`(FIRST 1)

          1   ~0%    {2} r4 = SCAN Stdlib::RangeStruct#0fabc810 OUTPUT _, In.0
          1   ~0%    {2}    | REWRITE WITH Out.0 := ".."
        692   ~3%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        453   ~4%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207` ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        266   ~2%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0, Lhs.1

          1   ~0%    {2} r5 = SCAN Stdlib::RangeInclusiveStruct#a869750a OUTPUT _, In.0
          1   ~0%    {2}    | REWRITE WITH Out.0 := "..="
        138   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getOperatorName/0#dispred#7c90645c_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        131   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getStart/0#dispred#914c8207` ON FIRST 1 OUTPUT Lhs.0, Lhs.1
        131   ~0%    {2}    | JOIN WITH `RangeExpr::Generated::RangeExpr.getEnd/0#dispred#6c692cfa` ON FIRST 1 OUTPUT Lhs.0, Lhs.1

        688   ~7%    {2} r6 = r1 UNION r2 UNION r3 UNION r4 UNION r5
                     return r6
```
2025-07-10 12:34:08 +02:00
Kasper Svendsen
0739c03d03 Overlay: Add discarding of base XML locatables for Java 2025-07-10 12:31:16 +02:00
Kasper Svendsen
d7094a96b5 Overlay: Add discarding of all Java base properties 2025-07-10 12:31:15 +02:00
Arthur Baars
b573246639 Merge pull request #20003 from github/aibaars/query-result
Rust: add test cases for basic unwrapping and pattern matching
2025-07-10 12:30:59 +02:00
Kasper Svendsen
767d55bb18 Merge pull request #20013 from kaspersv/kaspersv/ql4ql-discard-entity-preds-alive
QL4QL: Discard predicates are always alive
2025-07-10 12:30:44 +02:00
Kasper Svendsen
c7a3b6543e Address copilot comment 2025-07-10 12:01:29 +02:00
Jeroen Ketema
399967b507 C++: Do not alert on unreachable code in cpp/incorrect-string-type-conversion 2025-07-10 11:49:12 +02:00
Jeroen Ketema
2907861075 C++: Add cpp/incorrect-string-type-conversion test with unreachable code 2025-07-10 11:48:53 +02:00
Jeroen Ketema
acc06fab20 C++: Convert cpp/incorrect-string-type-conversion test to inline expectations 2025-07-10 11:48:18 +02:00
Geoffrey White
4dea5eef70 Rust: Fix futures_io models. 2025-07-10 10:41:09 +01:00
Nick Rolfe
ab9ba02ea1 Ruby: enable overlay compilation 2025-07-10 10:38:06 +01:00
Arthur Baars
cc5e6b2195 Rust: add test cases for basic unwrapping and pattern matching 2025-07-10 11:15:07 +02:00
Jeroen Ketema
18760b4025 Merge pull request #10923 from dscho/patch-1
Download GitHub database: fix `gh` invocation
2025-07-10 11:11:59 +02:00
Kasper Svendsen
1723c6ed09 QL4QL: Add discard predicate to dead code test 2025-07-10 11:09:43 +02:00
Kasper Svendsen
9f260cf72f QL4QL: Discard predicates are always alive 2025-07-10 11:09:42 +02:00
Kasper Svendsen
9de3617032 QL4QL: Add overlay[discard_entity] annotation 2025-07-10 11:09:42 +02:00
Arthur Baars
7c5cdd9a9b Merge pull request #20001 from github/aibaars/trait-impl-int
Rust: fix missing canonical paths for trait impls on builtin numeric types
2025-07-10 10:53:01 +02:00
Jeroen Ketema
51f639111b Merge pull request #20010 from jketema/change-typo
C++: Fix some typos in recent change notes
2025-07-10 10:48:40 +02:00
Geoffrey White
8177b0938d Merge branch 'main' into models5 2025-07-10 09:41:48 +01:00
Jeroen Ketema
928b7475b2 C++: Fix some typos in recent change notes 2025-07-10 10:22:41 +02:00
Geoffrey White
ae3253b9c3 Merge pull request #20004 from geoffw0/tt
Rust: Add type inference test cases for tuples.
2025-07-10 09:12:47 +01:00
Johannes Schindelin
3bff6c4a4a Download GitHub database: fix gh invocation on Windows
When running `gh api /repos/...` in the Git Bash on Windows, it leads to
a 404. The reason is the automatic path conversion from "Unix-y" paths
on the command-line to proper Windows paths, as described in detail
https://www.msys2.org/docs/filesystem-paths/. Git Bash simply has no
chance to understnad that `/repos/...` is not referring to an absolute
path on the local filesystem.

Let's just skip the leading slash. This is as valid an invocation, and
sidesteps that path conversion on Windows.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2025-07-10 10:01:18 +02:00
Tamas Vajk
5edb60ea04 Improve query documentation 2025-07-10 09:43:15 +02:00
Josh Brown
81f9e88040 run add-overlay-annotations.py 2025-07-09 22:37:51 -07:00
Hugo
c3c8d5db13 Create 2025-06-10-getasupertype.md
Create 2025-06-10-getasupertype.md
2025-07-10 05:48:52 +02:00
dependabot[bot]
e57b272cfa Bump golang.org/x/mod
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/mod/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-07-10 03:41:42 +00:00
Adnan Khan
e40e4c3856 Remove unneeded test file. 2025-07-09 23:06:18 -04:00
Hugo
fb693837e4 feat: add getASupertype() predicate in ValueOrRefType.
Add the getASupertype() predicate in ValueOrRefType.
2025-07-10 02:19:17 +02:00
Geoffrey White
36720ca4dd Rust: Update .expected file after autoformat. 2025-07-09 21:52:23 +01:00
Arthur Baars
d20bc98363 Rust: fix missing canonical paths 2025-07-09 21:42:53 +02:00
Geoffrey White
6c9c8904d7 Rust: Autoformat. 2025-07-09 18:43:33 +01:00
Geoffrey White
dfbdd2bd02 Rust: Add type inference test cases for tuples. 2025-07-09 16:54:24 +01:00
Geoffrey White
47a4ba33a4 Rust: Fix typo in models (also fixed in another open PR). 2025-07-09 16:00:35 +01:00
Geoffrey White
a034e29040 Rust: Simplify the test a little. 2025-07-09 15:52:54 +01:00
Geoffrey White
097ac69207 Rust: Current sources test regressions. 2025-07-09 15:52:19 +01:00
Geoffrey White
8d0c14ca4e Merge branch 'main' into models3b 2025-07-09 15:25:16 +01:00
Geoffrey White
4281fe74bd Rust: We don't really need the split into two test cases any more. 2025-07-09 15:22:04 +01:00
Geoffrey White
4397863586 Rust: Update after merge with main. 2025-07-09 15:17:31 +01:00
Mathias Vorreiter Pedersen
8cd58aa6e8 Merge pull request #255 from microsoft/add-iwr-as-flow-source
PS: Add more flow sources
2025-07-09 14:56:43 +01:00
Geoffrey White
597f678978 Merge branch 'main' into models1 2025-07-09 14:48:32 +01:00
Nick Rolfe
c415795595 Ruby: add changenote for overlay[local] annotations 2025-07-09 13:32:49 +01:00
Jonas Jensen
3ffda2f341 Shared: Overhaul the AlertFiltering QLDoc
The documentation is now up-to-date with the new and more relaxed rules
that allow overapproximating the results. I have also attempted to make
a clearer distinction between the requirements of the specification and
the behaviour of the implementation.
2025-07-09 14:32:18 +02:00
Mathias Vorreiter Pedersen
d1988774a3 PS: Add more flow sources and accept test changes. 2025-07-09 12:22:33 +01:00
Mathias Vorreiter Pedersen
1816356515 PS: Add test with missing remote flow. 2025-07-09 12:20:41 +01:00
Geoffrey White
3bb3fccfdb Rust: Accept consistency check changes. 2025-07-09 12:02:30 +01:00
Nick Rolfe
e1f2433dbf Ruby: make resolveConstant overlay[global] 2025-07-09 11:59:25 +01:00
Geoffrey White
22aa7f378a Rust: Expand the test cases around IDs as sensitive data. 2025-07-09 11:33:47 +01:00
Geoffrey White
1124355cdb Rust: Add a test case for 'from_trusted_iterator' as sensitive data FP. 2025-07-09 11:26:59 +01:00
Jonas Jensen
5a1246a586 Merge remote-tracking branch 'upstream/main' into approximate-related-location 2025-07-09 10:10:20 +02:00
Jonas Jensen
0d7a842e2f Shared: improve documentation in AlertFiltering 2025-07-09 09:43:49 +02:00
Jonas Jensen
f1e9f0e323 Shared: improve join order in filterByLocation
It's better to join with the range expression first since that will only
multiply tuple counts by the number of lines in an average source/sink.
Joining with `restrictAlertsToStartLine` first would multiply tuple
counts by the number of sources/sinks in a given file.
2025-07-09 09:24:26 +02:00
Paolo Tranquilli
5722084dd5 Merge pull request #19999 from github/redsun82/rust-sha256s
Rust: set SHA256s in `MODULE.bazel`
2025-07-09 09:20:54 +02:00
Adnan Khan
db954d6d9f Merge branch 'main' into patch-1 2025-07-08 23:31:35 -07:00
Arthur Baars
5b7485d11d Rust: add testcase for impl trait on i32 2025-07-08 21:36:37 +02:00
Tom Hvitved
156f867c96 Merge pull request #19996 from hvitved/rust/type-inference-str-literal
Rust: Adjust the inferred type of string literals
2025-07-08 20:29:43 +02:00
Jaroslav Lobačevski
9393181c4e Add tests and path normalization fix to handle $ expansion 2025-07-08 16:18:12 +00:00
Owen Mansel-Chan
a5333ae1a1 Add change note 2025-07-08 16:51:22 +01:00
Paolo Tranquilli
98195db500 Rust: set SHA256s in MODULE.bazel 2025-07-08 17:49:30 +02:00
AdnaneKhan
5d6a5d5cbb Add change notes and test workflow file. 2025-07-08 10:35:39 -04:00
Adnan Khan
f4f919635a Correctly specify regex.
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
2025-07-08 10:17:29 -04:00
Geoffrey White
b1d5b8175c Rust: Add the original test back as well. 2025-07-08 15:10:55 +01:00
Geoffrey White
d19259e6bb Update rust/ql/test/library-tests/frameworks/postgres/main.rs
Co-authored-by: Arthur Baars <aibaars@github.com>
2025-07-08 15:03:44 +01:00
Geoffrey White
7211f4ace3 Update rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml
Co-authored-by: Arthur Baars <aibaars@github.com>
2025-07-08 15:01:43 +01:00
Tom Hvitved
22b833fbda Rust: Fix bad join 2025-07-08 16:00:36 +02:00
Owen Mansel-Chan
990043ce86 Add net/http.Head and net/http.Client.Head as client requests
They were previously deliberately excluded.
2025-07-08 14:31:48 +01:00
Owen Mansel-Chan
71703aa497 Improve formatting of some QL 2025-07-08 14:29:11 +01:00
Tamás Vajk
4f1ca21ef9 Merge pull request #19875 from tamasvajk/quality/spec_chars
Java: Add query to detect special characters in string literals
2025-07-08 14:56:35 +02:00
Tamas Vajk
5f7d746266 Java: Add query to detect non-case labels in switch statements 2025-07-08 14:53:39 +02:00
Owen Mansel-Chan
d437a096f1 Test more client request URL sinks 2025-07-08 13:20:04 +01:00
Nick Rolfe
b51940d1e2 Ruby: add overlay[local] annotations to AST/CFG/SSA layers 2025-07-08 13:09:27 +01:00
Tamas Vajk
ccbf7055f1 Adjust query precision 2025-07-08 13:31:08 +02:00
Tamas Vajk
d16570b05e Revert "Adjust query tags"
This reverts commit 92685e6c2de69898d556706b04e6c562e54b26b8.
2025-07-08 13:28:26 +02:00
Tamas Vajk
c4def103f7 Improve query documentation 2025-07-08 13:28:26 +02:00
Tamas Vajk
15de398806 Adjust query tags 2025-07-08 13:28:25 +02:00
Tamas Vajk
a0c9c98373 Adjust references in query doc 2025-07-08 13:28:25 +02:00
Tamas Vajk
fd8b37cc28 Exclude Kotlin files 2025-07-08 13:28:24 +02:00
Tamas Vajk
09a2aeead6 Java: Add query to detect special characters in string literals 2025-07-08 13:28:18 +02:00
Tamás Vajk
f940cb2bdd Merge pull request #19950 from tamasvajk/quality/useless-record-member
Java: Add 'Useless serialization member in record class' query
2025-07-08 13:26:11 +02:00
Tom Hvitved
2a207f9f6f Rust: Update inline expectations 2025-07-08 13:03:16 +02:00
Tom Hvitved
73f854f073 Rust: Adjust the inferred type of string literals 2025-07-08 13:03:12 +02:00
Tom Hvitved
411aa6d2e5 Merge pull request #19971 from hvitved/rust/type-inference-for-range
Rust: Improve type inference for `for` loops and range expressions
2025-07-08 12:57:21 +02:00
Geoffrey White
3dabd51cf7 Rust: Fix a summaryModelDeprecated that was causing problems. 2025-07-08 11:24:57 +01:00
Tom Hvitved
1518cade7b Address review comments 2025-07-08 11:29:24 +02:00
Tamas Vajk
813ce7d3f8 Rename query 2025-07-08 11:28:12 +02:00
Tamas Vajk
f2805ba80c Improve query help 2025-07-08 11:28:11 +02:00
Tamas Vajk
82fe647a40 Improve alert message 2025-07-08 11:28:11 +02:00
Tamas Vajk
528389af38 Adjust expected file for query suite integration test 2025-07-08 11:28:10 +02:00
Tamas Vajk
a2d4f58af7 Use inline test expectations 2025-07-08 11:28:10 +02:00
Tamas Vajk
2cd0c64e41 Improve query quality 2025-07-08 11:28:09 +02:00
Tamas Vajk
e0cb1792bd Java: Add 'Useless serialization member in record class' query 2025-07-08 11:28:09 +02:00
Tom Hvitved
6876838dd1 Rust: Add change note 2025-07-08 11:20:45 +02:00
Tom Hvitved
7701a31f4a Rust: Improve type inference for for loops and range expressions 2025-07-08 11:20:42 +02:00
Tom Hvitved
52abf3ba02 Merge pull request #19997 from hvitved/java/use-mad-in-log-injection-test
Java: Use MaD in log injection test
2025-07-08 11:02:51 +02:00
Geoffrey White
f57d691424 Rust: Fix typo in model. 2025-07-08 09:51:20 +01:00
Tom Hvitved
6fdec47e83 Java: Use MaD in log injection test 2025-07-08 10:25:58 +02:00
Geoffrey White
c7de873a22 Rust: Update the libc models. 2025-07-08 08:44:44 +01:00
Geoffrey White
a1e9a4eddf Rust: Accept test .expected changes. 2025-07-08 08:44:24 +01:00
Geoffrey White
2195f0bb78 Merge branch 'main' into models5 2025-07-08 08:41:43 +01:00
Ian Lynagh
e5b4a15e35 Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2
Post-release preparation for codeql-cli-2.22.2
2025-07-07 19:44:16 +01:00
Tom Hvitved
33e63109bb Merge pull request #19993 from hvitved/rust/type-inference-function-call-expectations
Rust: Add type inference inline expectations for all function calls
2025-07-07 20:40:57 +02:00
Mathias Vorreiter Pedersen
3101cc81e6 Merge pull request #253 from microsoft/add-set-execution-policy-bypass-query
PS: Add query for insecure uses of `Set-ExecutionPolicy`
2025-07-07 19:33:06 +01:00
Mathias Vorreiter Pedersen
398d27b779 PS: Fix missing AST child. 2025-07-07 19:15:18 +01:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
Mathias Vorreiter Pedersen
28de6ede04 PS: Also require '-Force' with a truthy value. Note the 'NOT DETECTED' test. We will fix that in the next commit. 2025-07-07 19:14:01 +01:00
Arthur Baars
aef357c757 Merge pull request #19988 from github/aibaars/extern-blocks
Rust: path resolution: handle items in `extern` blocks
2025-07-07 19:53:36 +02:00
Arthur Baars
8114071804 Merge branch 'main' into models1 2025-07-07 19:47:53 +02:00
Ian Lynagh
bb0173c9af Merge pull request #19992 from github/release-prep/2.22.2
Release preparation for version 2.22.2
2025-07-07 17:54:28 +01:00
Arthur Baars
7721d14314 Rust: use getADescendant instead of getAnItem
This should handle all cases where items contained in intermediate nodes, such as MacroCall,
ExternBlock and MacroItem nodes.
2025-07-07 18:04:00 +02:00
Arthur Baars
da2f0f6069 Rust: remove MacroCallItemNode
Macro calls are not really items, so they can just be skipped
2025-07-07 18:03:02 +02:00
Arthur Baars
7556d7b57b Rust: add test with extern block 2025-07-07 18:02:58 +02:00
Tom Hvitved
fad5e0daa8 Rust: Add type inference inline expectations for all function calls 2025-07-07 17:20:15 +02:00
Geoffrey White
a25330e6ed Rust: Update rustcrypto models. 2025-07-07 15:10:59 +01:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Mathias Vorreiter Pedersen
1d64a7949b Merge pull request #252 from microsoft/add-more-remote-flow-sources
PS: Add flow sources from `System.Net.WebClient`
2025-07-07 14:50:03 +01:00
Tamás Vajk
8d16d0225c Merge pull request #19991 from tamasvajk/quality/improve-query-docs
Improve query docs for `java/java-util-concurrent-scheduledthreadpoolexecutor`
2025-07-07 15:02:56 +02:00
Geoffrey White
a486549956 Update rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml
Co-authored-by: Arthur Baars <aibaars@github.com>
2025-07-07 14:01:00 +01:00
Lindsay Simpkins
d4571f5b95 Merge pull request #254 from microsoft/implement-localExprTaint
PS: Actually implement `localExprTaint`
2025-07-07 08:23:11 -04:00
Tamas Vajk
6013c347df Improve query docs for java/java-util-concurrent-scheduledthreadpoolexecutor 2025-07-07 14:22:40 +02:00
Mathias Vorreiter Pedersen
7bb3758093 Merge pull request #19976 from jketema/incr-2
C++: Output `CopyValue` in the IR when there is a non-transparent conversion
2025-07-07 13:08:50 +01:00
Jeroen Ketema
a004d9b2a2 Merge pull request #19990 from igfoo/igfoo/rename
C++: Rename a changenote file
2025-07-07 13:59:15 +02:00
Ian Lynagh
fd733676cb C++: Rename a changenote file 2025-07-07 12:53:42 +01:00
Nick Rolfe
eb30233d44 Merge pull request #19963 from github/nickrolfe/rb-discard-locations
Ruby/QL: add discard predicates for locations
2025-07-07 06:41:28 -04:00
Tom Hvitved
8c90250dfc Merge pull request #19577 from hvitved/rust/remove-library-source-dedup-logic
Rust: Remove source vs library deduplication logic
2025-07-07 11:25:33 +02:00
Tom Hvitved
6a9ed88d6e Merge pull request #19975 from hvitved/rust/ssa-phi-in-capture
Rust: Fix SSA inconsistencies
2025-07-07 09:21:57 +02:00
Jeroen Ketema
d6d7c6d55f Revert "C++: Factor out transparent conversions in their own predicate"
This reverts commit b185cc8b95.
2025-07-04 23:22:46 +02:00
Jeroen Ketema
463ae4b1eb C++: Address review comments 2025-07-04 23:13:37 +02:00
Mathias Vorreiter Pedersen
b6b4df5ce0 PS: Implement 'localExprTaint' instead of leaving it as 'none()'. 2025-07-04 20:24:22 +01:00
Mathias Vorreiter Pedersen
4e524a189d PS: Add tests. 2025-07-04 19:44:49 +01:00
Mathias Vorreiter Pedersen
f7c9899450 PS: Add documentation. 2025-07-04 19:44:39 +01:00
Mathias Vorreiter Pedersen
2731983fbe PS: Add query for insecure uses of 'Set-ExecutionPolicy'. 2025-07-04 19:44:15 +01:00
Mathias Vorreiter Pedersen
52ff5d3fbc Merge pull request #246 from microsoft/powershell-commandinjection-invokesinkfix
InvokeSink fix
2025-07-04 18:17:09 +01:00
Chanel Young
654bf2f42f random newline to reset git latest pusher 2025-07-04 10:07:57 -07:00
Mathias Vorreiter Pedersen
766cf826bb PS: Add more models and accept test changes. 2025-07-04 18:01:45 +01:00
Mathias Vorreiter Pedersen
bd9043576d PS: Add test with missing remote flow source. 2025-07-04 18:00:19 +01:00
Chanel
8aa8dde439 Merge branch 'main' into powershell-commandinjection-invokesinkfix 2025-07-04 09:59:15 -07:00
Mathias Vorreiter Pedersen
2a26c43c19 PS: Cleanup a few manually generated models. 2025-07-04 17:01:25 +01:00
Owen Mansel-Chan
0788a90d88 Convert RequestForgery test to inline expectations 2025-07-04 16:56:05 +01:00
Owen Mansel-Chan
d10b9e665c Fix linter warnings in Request Forgery tests 2025-07-04 16:55:09 +01:00
Nick Rolfe
7c5b186c71 Ruby/QL: add discard predicates for locations 2025-07-04 16:15:38 +01:00
Nick Rolfe
f714e5c5ba Merge pull request #19896 from github/nickrolfe/overlay-deleted-files
Java/Ruby/Rust/QL: add `overlayChangedFiles` relation to dbscheme
2025-07-04 11:10:20 -04:00
Arthur Baars
84e5f2846b Merge branch 'main' into nickrolfe/overlay-deleted-files 2025-07-04 16:19:59 +02:00
Jeroen Ketema
5c9a401806 Merge pull request #19977 from jketema/ruby-typo
Ruby: Fix typo in query message
2025-07-04 16:09:22 +02:00
Jeroen Ketema
52bbfa30d2 Ruby: update expected test results 2025-07-04 15:32:07 +02:00
Jeroen Ketema
b3225cf7e3 Rubt: Fix typo in query message 2025-07-04 15:22:03 +02:00
Tom Hvitved
379c913ce3 Rust: Remove source vs library deduplication logic 2025-07-04 14:58:20 +02:00
Tom Hvitved
e33ddce79f Merge pull request #19847 from hvitved/rust/type-inference-explicit-args
Rust: Handle more explicit type arguments in type inference
2025-07-04 14:46:02 +02:00
Tom Hvitved
d1dd05e7bb Rust: Fix SSA inconsistencies 2025-07-04 14:43:10 +02:00
Jeroen Ketema
d010b6eb01 C++: Update expected test results 2025-07-04 14:28:17 +02:00
Arthur Baars
3d435ddca0 Merge branch 'main' into rust/type-inference-explicit-args 2025-07-04 14:17:52 +02:00
Jeroen Ketema
2908570ce9 C++: Do not consider expression results discardable when there is a conversion 2025-07-04 14:10:34 +02:00
Jeroen Ketema
b185cc8b95 C++: Factor out transparent conversions in their own predicate 2025-07-04 14:09:34 +02:00
Jeroen Ketema
e68d10119b C++: Fix typo in comment 2025-07-04 14:09:09 +02:00
Jeroen Ketema
799f33eb3a C++: Add more postfix-crement tests 2025-07-04 14:08:29 +02:00
Mathias Vorreiter Pedersen
eec092c4c4 PS: Mark the BAD results in the test appropriately. 2025-07-04 11:13:15 +01:00
Mathias Vorreiter Pedersen
7d07773a33 PS: Accept test changes. 2025-07-04 11:12:55 +01:00
Mathias Vorreiter Pedersen
0585c2f9e5 PS: Gets back the previously-lost false negative by making the variable property name expression the sink when there is a call to 'Invoke'. 2025-07-04 11:12:31 +01:00
Mathias Vorreiter Pedersen
9dd3b33410 Merge pull request #19973 from MathiasVP/add-glibc-models
C++: Add `glibc` flow summaries
2025-07-04 10:21:14 +01:00
Tom Hvitved
2b2bd17d10 Rust: Add more SSA tests 2025-07-04 10:47:56 +02:00
Kasper Svendsen
785e0273f2 Merge pull request #19968 from kaspersv/kaspersv/overlay-java-getastrictancestor-caller
Overlay: Mark `RefType.getAStrictAncestor`` overlay[caller?]`
2025-07-04 09:38:02 +02:00
Mathias Vorreiter Pedersen
cda671711f C++: Add change note. 2025-07-04 00:05:41 +01:00
Mathias Vorreiter Pedersen
24728a3417 C++: Accept test changes. 2025-07-04 00:03:42 +01:00
Mathias Vorreiter Pedersen
e89662beb7 C++: Add glibc flow summaries. 2025-07-03 18:53:18 +01:00
Aditya Sharad
6124940f55 Merge pull request #19893 from github/changedocs/2.22.1
Add changelog entry for CodeQL CLI version 2.22.1
2025-07-03 10:21:12 -07:00
Jeroen Ketema
da924efedb Merge pull request #19970 from jketema/incr
C++: Add test showing we miss the operands of postfix crement in dataflow
2025-07-03 17:16:00 +02:00
Jeroen Ketema
5b26a426dc C++: Add test showing we miss the operands of postfix crement in dataflow 2025-07-03 16:49:37 +02:00
Mathias Vorreiter Pedersen
56490732bd Merge pull request #19969 from MathiasVP/add-glibc-to-bulk-generation-targets
C++: Add glibc to the list of bulk generation targets
2025-07-03 15:12:11 +01:00
Geoffrey White
831509539b Merge pull request #19934 from geoffw0/models0
Rust: Update legacy MaD models 1
2025-07-03 14:24:21 +01:00
Kasper Svendsen
de71758236 Merge pull request #19962 from kaspersv/kaspersv/overlay-java-local-TC-fixes
Overlay: Fix Java overlay compilation regressions
2025-07-03 15:03:02 +02:00
Paolo Tranquilli
8fda879461 Merge pull request #19967 from github/redsun82/format
Rust: format
2025-07-03 14:55:56 +02:00
Paolo Tranquilli
dee1ec31ee Rust: format 2025-07-03 14:42:38 +02:00
Nick Rolfe
d8574a6919 Ruby: use overlayChangedFiles extensional in discard predicates 2025-07-03 12:44:15 +01:00
Nick Rolfe
ba01a70e0a Rust: add upgrade scripts for overlayChangedFiles dbscheme addition 2025-07-03 12:44:14 +01:00
Nick Rolfe
ab74946e26 Ruby: add upgrade scripts for overlayChangedFiles dbscheme addition 2025-07-03 12:44:13 +01:00
Nick Rolfe
a02aabe797 Java: add upgrade scripts for overlayChangedFiles dbscheme addition 2025-07-03 12:44:12 +01:00
Nick Rolfe
838290d670 Ruby: bump overlay_support_version 2025-07-03 12:44:11 +01:00
Nick Rolfe
72b4e67477 Java/Ruby/Rust/QL: add overlayChangedFiles relation to dbscheme 2025-07-03 12:44:09 +01:00
Jeroen Ketema
a4de3110ae Merge pull request #15233 from jketema/uncomment-function-kind
C++: Uncomment cases in the dbscheme
2025-07-03 13:37:55 +02:00
Kasper Svendsen
dd8af3baf7 Overlay: Mark RefType.getAStrictAncestor overlay[caller?] 2025-07-03 12:23:20 +02:00
Michael Nebel
11c4a638bc Quality tags: Clarify the quality sub-category tagging policy. 2025-07-03 12:19:41 +02:00
Michael Nebel
aefd941135 Java/Javascript: Fix violations. 2025-07-03 11:56:33 +02:00
Michael Nebel
f810e17d9e Ql4Ql: Address review comments and update expected test output. 2025-07-03 11:56:32 +02:00
Michael Nebel
b79e2dd0ba Ql4Ql: Add some more quality tag testcases. 2025-07-03 11:56:30 +02:00
Michael Nebel
f58064e119 Ql4Ql: Address review comments. 2025-07-03 11:56:29 +02:00
Michael Nebel
af1c4e0896 Ql4Ql: Share the definition of TestFile between multiple tests. 2025-07-03 11:56:27 +02:00
Michael Nebel
60a1d02357 Ql4Ql: Add MissingQualityMetadata test. 2025-07-03 11:56:26 +02:00
Michael Nebel
e00b5351a4 Ql4Ql: Add a check for quality tag consistency. 2025-07-03 11:56:25 +02:00
Michael Nebel
c46b528c05 Ql4Ql: Add some quality tag testcases. 2025-07-03 11:56:23 +02:00
Michael Nebel
cce17743bb Ql4Ql: Re-factor the ql/mising-security-metadata query. 2025-07-03 11:56:22 +02:00
Tom Hvitved
2924faf7f8 Rust: Tweak illFormedTypeMention consistency check 2025-07-03 11:56:16 +02:00
Asger F
552e156468 Merge pull request #19640 from asgerf/js/no-type-extraction
JS: Disable type extraction
2025-07-03 11:18:42 +02:00
Geoffrey White
1289f1483f Merge pull request #19961 from geoffw0/locspeed
Rust: Speed up use of Location.contains
2025-07-03 10:16:39 +01:00
Asger F
bb45d0632b Merge branch 'main' into approximate-related-location 2025-07-03 10:53:07 +02:00
Kasper Svendsen
649091c0ed Fix java/local-temp-file-or-directory-information-disclosure overlay compilation regression 2025-07-03 10:47:33 +02:00
Kasper Svendsen
425448a10a Fix java/netty-http-request-or-response-splitting overlay compilation regression 2025-07-03 10:47:33 +02:00
Paolo Tranquilli
064708620f Merge pull request #19861 from github/redsun82/rust-reorg-ast-generator
Rust: refactor `ast-generator` to have all customization at the start
2025-07-03 10:09:17 +02:00
Asger F
98319ce2ad Apply suggestions from code review
Co-authored-by: Taus <tausbn@github.com>
2025-07-03 08:44:33 +02:00
Geoffrey White
9728dbb247 Rust: Speed up use of Location.contains / isFromMacroExpansion. 2025-07-02 21:16:21 +01:00
Jeroen Ketema
3c73f141c4 C++: Update stats file 2025-07-02 21:46:14 +02:00
Jeroen Ketema
2697798f05 C++: Add upgrade and downgrade scripts 2025-07-02 21:46:12 +02:00
Jeroen Ketema
eede720aa8 C++: Uncomment cases in the dbscheme 2025-07-02 21:46:09 +02:00
Mathias Vorreiter Pedersen
d4bc38462f C++: Add glibc to the list of bulk generation targets. 2025-07-02 18:59:15 +01:00
Mathias Vorreiter Pedersen
5e8b12a08b Merge pull request #19955 from MathiasVP/flow-through-create-thread
C++: Add flow summaries for `CreateThread` and friends
2025-07-02 18:27:36 +01:00
Paolo Tranquilli
c10d89927d Merge pull request #19945 from github/redsun82/fix-expansion-in-lib
Rust: fix macro expansion in library code
2025-07-02 18:11:36 +02:00
Paolo Tranquilli
2fffa9db3c Merge pull request #19781 from github/redsun82/go-internal-tests
Go: remove language tests from workflows
2025-07-02 18:10:44 +02:00
Paolo Tranquilli
33a2801bb7 Merge pull request #19956 from github/redsun82/java-fix-tests
Java: disable failing maven fetches expectations for now
2025-07-02 17:32:05 +02:00
Paolo Tranquilli
4d3546f7c9 Java: disable failing maven fetches expectations for now 2025-07-02 17:16:41 +02:00
Paolo Tranquilli
72bfbacaaf Merge branch 'main' into redsun82/go-internal-tests 2025-07-02 16:21:26 +02:00
Mathias Vorreiter Pedersen
e6104981ff C++: Add change note. 2025-07-02 14:32:17 +01:00
Mathias Vorreiter Pedersen
76678ef3d2 C++: Accept test changes. 2025-07-02 14:24:16 +01:00
Mathias Vorreiter Pedersen
f825904ee0 C++: Add flow models for 'CreateProcess' and friends. 2025-07-02 14:18:36 +01:00
Mathias Vorreiter Pedersen
5684ca5d51 C++: Add tests with 'CreateProcess' and fiends demonstrating missing flow. 2025-07-02 14:18:34 +01:00
Asger F
4a2d795076 Shared: Make approximate location filtering the default behaviour 2025-07-02 14:41:02 +02:00
Asger F
82d190f4bf Java: use approximate related sink locations in polynomial redos 2025-07-02 14:40:56 +02:00
Asger F
a46b5f9529 Python: enable diff-informedness for poly redos using approximate related locations 2025-07-02 14:39:42 +02:00
Asger F
d65da1f8a1 Ruby: enable for PolyReDos but document why it still doesnt work 2025-07-02 14:39:41 +02:00
Asger F
8b345518f4 Shared: Add approximate version of getASelected{Source,Sink}Location 2025-07-02 14:39:39 +02:00
Asger F
d1b4172486 Shared: Factor out some helper predicates in alert filtering 2025-07-02 14:39:37 +02:00
Asger F
d85838477e JS: Update Nest model
An external contribution added more uses of the now-deprecated getType()
predicate while this PR was open.
2025-07-02 14:11:31 +02:00
Jeroen Ketema
d17c931939 Merge pull request #19952 from jketema/comment-cleanup
C++: Remove QLtest related comment from integration test
2025-07-02 13:59:15 +02:00
Asger F
47a90c8b32 Merge branch 'main' into js/no-type-extraction 2025-07-02 13:18:05 +02:00
Jeroen Ketema
e47f16b100 Merge pull request #19947 from jketema/function-confusion
C++: Move builtin function identification to its own table
2025-07-02 12:56:18 +02:00
Paolo Tranquilli
c4ec0765ea Merge pull request #19951 from github/aibaars/rust-workflows
Rust: add trailing newline to  rust-cwe.md
2025-07-02 12:26:48 +02:00
Paolo Tranquilli
c70198e4e4 Rust: change dummy macro call expansion 2025-07-02 12:25:10 +02:00
Jeroen Ketema
def0ee90c3 C++: Remove QLtest related comment from integration test
I forgot to remove this in https://github.com/github/codeql/pull/19410
2025-07-02 12:14:38 +02:00
Arthur Baars
9e54bc6918 Rust: add trailing newline to rust-cwe.md 2025-07-02 11:39:00 +02:00
Tom Hvitved
f7195f04f8 Rust: Handle more explicit type arguments in type inference 2025-07-02 11:37:05 +02:00
Tom Hvitved
b6d5225bf5 Rust: Add more type inference tests 2025-07-02 11:37:03 +02:00
Tom Hvitved
d10002c735 Merge pull request #19927 from hvitved/rust/type-inference-overlap3
Rust: Disambiguate more method calls based on argument types
2025-07-02 11:36:37 +02:00
Paolo Tranquilli
bf09c92528 Rust: add location to dummy MacroCalls in library mode 2025-07-02 10:33:53 +02:00
Paolo Tranquilli
63ccbec933 Rust: accept language test changes 2025-07-02 10:19:52 +02:00
Geoffrey White
3e11dbded0 Rust: Accept test changes. 2025-07-02 09:08:15 +01:00
Asger F
4b2025d2c4 JS: Remove obsolete unit tests 2025-07-02 09:54:18 +02:00
Asger F
2aad14771c JS: Remove TypeScriptMode 2025-07-02 08:39:17 +02:00
Josh Brown
4122283ec8 Manual merge 2025-07-01 16:10:55 -07:00
Jeroen Ketema
1103644737 C++: Add upgrade and downgrade scripts 2025-07-01 23:38:24 +02:00
Jeroen Ketema
3418451bee C++: Update stats file 2025-07-01 23:16:26 +02:00
Jeroen Ketema
19d6f665b4 Merge pull request #19676 from mrigankpawagi/patch-1
Fixes in cpp/global-use-before-init
2025-07-01 19:17:29 +02:00
Geoffrey White
7ef5586cc7 Rust: Translate more legacy models -> new models (mostly guesswork for these last few cases). 2025-07-01 17:15:26 +01:00
Jeroen Ketema
65b21286a1 C++: Move builtin function identification to its own table 2025-07-01 18:00:44 +02:00
Geoffrey White
e56b9debf8 Rust: Fix mistake. 2025-07-01 16:55:06 +01:00
Geoffrey White
3027f75617 Rust: Translate more legacy models -> new models (from data). 2025-07-01 16:37:14 +01:00
Paolo Tranquilli
223f0c8684 Rust: fix macro expansion in library code
There was a mismatch between a `self.macro_context_level += 1` and the
corresponding `self.macro_context_level -= 1`, which resulted in an
`usize` underflow (panic in debug mode, wrong behaviour in release
mode).

This fixes it and adds a relevant assertion and test. In order to
properly test library mode extraction, a special option enforcing that
on source code as well is added.
2025-07-01 17:31:26 +02:00
Jeroen Ketema
7c2fd28585 Merge pull request #19938 from jketema/external
C++: Remove unused `external_package` tables from the dbscheme
2025-07-01 16:50:31 +02:00
Mrigank Pawagi
fe24cc876a Merge branch 'main' into patch-1 2025-07-01 20:04:13 +05:30
Arthur Baars
4c6c395b1b Merge pull request #19939 from github/aibaars/rust-workflows
Rust: add to `generate-code-scanning-query-list.py` and `shared-code-metrics.py` scripts
2025-07-01 16:12:11 +02:00
Jeroen Ketema
02e5541953 Merge branch 'main' into patch-1 2025-07-01 15:58:48 +02:00
Mrigank Pawagi
b821b21500 Create 2025-07-01-global-vars-ubi-query-fixes.md.md 2025-07-01 13:12:38 +00:00
Tom Hvitved
add2e0fd9d Rust: Extend methodResolutionDependsOnArgument to parameterized implementations 2025-07-01 14:22:06 +02:00
Tom Hvitved
961e6201ea Rust: Add more type inference tests 2025-07-01 14:22:04 +02:00
Geoffrey White
cb6640474e Rust: Translate more legacy models -> new models (from data + manual extrapolation). 2025-07-01 13:21:52 +01:00
Tom Hvitved
b813010b75 Merge pull request #19903 from hvitved/rust/type-inference-overlap2
Rust: Apply inherent method prioritization inside type inference loop
2025-07-01 14:21:15 +02:00
Tom Hvitved
d6b051ed30 Merge pull request #19936 from hvitved/rust/path-resolution-prelude-always
Rust: Assume prelude is always available in path resolution
2025-07-01 13:13:35 +02:00
Owen Mansel-Chan
811ed3ccde Merge pull request #19892 from owen-mc/fix-markdown-query-help-formatting
Fix markdown query help formatting
2025-07-01 12:05:35 +01:00
Tom Hvitved
219a622299 Merge pull request #19926 from hvitved/ruby/restrict-string-component-length
Ruby: Do not compute `StringlikeLiteralImpl.getStringValue` for large strings
2025-07-01 12:45:51 +02:00
Arthur Baars
c08d98d159 Rust: add to querylist and shared code metrics scripts 2025-07-01 12:16:42 +02:00
Tom Hvitved
072339137a Rust: Update expected test output 2025-07-01 10:34:16 +02:00
Jeroen Ketema
f3c5870d44 C++: Update stats file 2025-07-01 10:21:51 +02:00
Tom Hvitved
bd1f46b75c Rust: Assume prelude is always available in path resolution 2025-07-01 10:18:02 +02:00
Jeroen Ketema
8ac69b9116 C++: Add upgrade and downgrade scripts 2025-07-01 10:17:43 +02:00
Tom Hvitved
e88d7baa7d Rust: Apply inherent method prioritization inside type inference loop 2025-07-01 10:17:26 +02:00
Tom Hvitved
e5f0ef6ae8 Rust: Add more type inference tests 2025-07-01 10:17:25 +02:00
Jeroen Ketema
7779f14654 C++: Remove unused external_package tables from the dbscheme 2025-07-01 10:13:04 +02:00
Jeroen Ketema
a791640b52 Merge pull request #19935 from jketema/sync-dbscheme-cpp
C++: synchronize dbscheme
2025-07-01 09:51:29 +02:00
Michael Nebel
233b54c7fa Merge pull request #19891 from michaelnebel/michaelnebel/freezemoresuites
Go/Ruby/Python: Freeze quality queries in `security-and-quality`.
2025-07-01 09:04:19 +02:00
Tom Hvitved
2ee3401cfb Merge pull request #19873 from github/redsun82/rust-item-reorg
Rust: make `AssocItem` and `ExternItem` subclasses of `Item`
2025-07-01 08:58:48 +02:00
Jeroen Ketema
d5c7905009 Merge pull request #19907 from github/idrissrio/no-string-representation
C++: fix `(no string representation)` for `ConstructorInit`
2025-07-01 08:13:31 +02:00
Geoffrey White
59b74871c2 Rust: Accept regressions. 2025-06-30 21:13:44 +01:00
Geoffrey White
91072477b7 Rust: Trivial test changes. 2025-06-30 20:15:18 +01:00
Jeroen Ketema
98798b6f73 C++: Update stats file 2025-06-30 20:12:49 +02:00
Jeroen Ketema
1772193982 Merge pull request #19933 from jketema/arm-change
C++: Add Arm64 change note
2025-06-30 19:19:32 +02:00
Geoffrey White
8f56f8d5a0 Rust: Translate some legacy models -> new models. 2025-06-30 17:47:59 +01:00
Mrigank Pawagi
cf60b62981 fix formatting
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2025-06-30 16:40:03 +00:00
Jeroen Ketema
44523aeec4 C++: Add Arm64 change note 2025-06-30 18:01:03 +02:00
Paolo Tranquilli
fa14f9540b Merge branch 'main' into redsun82/go-internal-tests 2025-06-30 17:38:59 +02:00
idrissrio
62e55edbad C++: accept new test results after changes 2025-06-30 17:11:59 +02:00
idrissrio
6a291cc474 C++: fix (no string representation) for ConstructorInit 2025-06-30 17:11:58 +02:00
Taus
184dd5bf10 Merge pull request #19895 from github/tausbn/python-fix-match-as-identifier
Python: Allow use of `match` as an identifier
2025-06-30 16:24:23 +02:00
Paolo Tranquilli
e7959dfde6 Rust: recreate wrongfully deleted upgrade script directory 2025-06-30 15:38:42 +02:00
Jami
de09122de3 Merge pull request #19175 from jcogs33/jcogs33/java/call-to-thread-run
Java: update `java/call-to-thread-run`
2025-06-30 09:31:08 -04:00
Jeroen Ketema
3a3c222e46 C++: Add upgrade and downgrade scripts 2025-06-30 15:28:55 +02:00
Jeroen Ketema
617edf0b70 C++: synchronize dbscheme 2025-06-30 15:28:45 +02:00
Paolo Tranquilli
9e4cdbc53f Merge branch 'main' into redsun82/rust-item-reorg 2025-06-30 14:56:23 +02:00
Paolo Tranquilli
15aa0bbb34 Merge pull request #19866 from github/redsun82/codegen-new-parent-child
Codegen: improve implementation of generated parent/child relationship
2025-06-30 14:52:24 +02:00
Tom Hvitved
97412f4077 Merge pull request #19916 from hvitved/rust/fix-capture-inconsistencies
Rust: Fix variable capture inconsistencies
2025-06-30 14:18:00 +02:00
Tom Hvitved
41a403c904 Ruby: Do not compute StringlikeLiteralImpl.getStringValue for large strings 2025-06-30 13:01:57 +02:00
Jeroen Ketema
23b9db8f6f Merge pull request #19904 from jketema/ffbl
C++: Sync the product-flow field flow branch limits with the default one
2025-06-30 11:17:55 +02:00
Kasper Svendsen
3d7343273e Merge pull request #19813 from github/kaspersv/overlay-java-discarding
Overlay: Add manual Java overlay annotations & discard predicates
2025-06-30 11:17:31 +02:00
Asger F
7c38c48fd7 Merge pull request #19769 from trailofbits/VF/Nest-improvements
Improve NestJS sources and dependency injection
2025-06-30 10:42:18 +02:00
Asger F
3247babfa5 Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements
Improve TypeORM model
2025-06-30 10:40:38 +02:00
Jeroen Ketema
6ae1656ec4 Merge pull request #17581 from jketema/loc-table-merge
C++: Merge the location tables
2025-06-30 10:33:46 +02:00
Tom Hvitved
57661df306 Rust: Fix variable capture inconsistencies 2025-06-30 10:19:42 +02:00
Paolo Tranquilli
9cf037fdb9 Merge branch 'main' into redsun82/codegen-new-parent-child 2025-06-30 10:17:56 +02:00
Tom Hvitved
632cde689b Merge pull request #19702 from geoffw0/lifetime
Rust: New query rust/access-after-lifetime-ended
2025-06-30 10:00:11 +02:00
Paolo Tranquilli
e3a61f5f18 Merge pull request #19899 from github/redsun82/copilot-instructions
Create copilot-instructions.md
2025-06-30 09:11:29 +02:00
Kasper Svendsen
c7194a4012 Overlay: Add missing QLDoc 2025-06-30 08:40:46 +02:00
Michael Nebel
a74f60bb84 Merge pull request #19910 from github/workflow/coverage/update
Update CSV framework coverage reports
2025-06-30 08:34:32 +02:00
Kasper Svendsen
5b09ecd769 Merge pull request #19780 from github/kaspersv/overlay-annotations-script-ci
Overlay: Add CI workflow to check overlay annotations
2025-06-30 08:11:14 +02:00
Jami Cogswell
42904113b4 Java: add qhelp references 2025-06-29 22:50:10 -04:00
Jami Cogswell
87ab4d0160 Java: remove java/run-method-called-on-java-lang-thread-directly
using existing query java/call-to-thread-run instead
2025-06-29 22:42:31 -04:00
Jami Cogswell
12e7bbbae8 Java: update existing tests to services tests 2025-06-29 22:41:47 -04:00
Jami Cogswell
1172f82a4b Java: update existing tests to inline expectations 2025-06-29 22:21:41 -04:00
Jami Cogswell
e266918871 Java: add previous-id 2025-06-29 22:21:06 -04:00
Jami Cogswell
7a2023b863 Java: move original files 2025-06-29 22:13:49 -04:00
github-actions[bot]
81ec3b6566 Add changed framework coverage reports 2025-06-30 00:26:21 +00:00
Mrigank Pawagi
809d1d55a8 remove cases involving sizeof 2025-06-28 17:16:04 +00:00
Nicolas Will
38fdf7eea0 Merge pull request #19880 from bdrodes/operation_step_refactor
Crypto: Refactor OpenSSL operation step data-flow logic
2025-06-27 17:19:11 +02:00
Kasper Svendsen
e02affd327 Merge pull request #19901 from github/kaspersv/overlay-guards-inline
Overlay: Add missing `overlay[caller?]` annotation
2025-06-27 15:13:09 +02:00
Jeroen Ketema
89c91cc1a2 C++: Add change note 2025-06-27 15:06:03 +02:00
Jeroen Ketema
99a24f9650 C++: Fix macro handling after extractor changes 2025-06-27 14:42:33 +02:00
Jeroen Ketema
bf131dc84b C++: Update stats file 2025-06-27 14:42:32 +02:00
Jeroen Ketema
7f47e31fb5 C++: Add upgrade and downgrade scripts 2025-06-27 14:42:20 +02:00
Jeroen Ketema
b4caba7c0e C++: Merge the location tables 2025-06-27 14:42:08 +02:00
REDMOND\brodes
9f0c62b572 Crypto: Address PR comments. 2025-06-27 08:33:01 -04:00
Ben Rodes
122a004851 Update cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll
Co-authored-by: Nicolas Will <nicolaswill@github.com>
2025-06-27 08:28:05 -04:00
Jeroen Ketema
3e31cd3ce5 C++: Sync the product-flow field flow branch limits with the default one 2025-06-27 12:59:54 +02:00
Nicolas Will
976364fcaa Merge branch 'main' into operation_step_refactor 2025-06-27 12:05:14 +02:00
Kasper Svendsen
5cddd384c7 Merge branch 'main' into kaspersv/overlay-annotations-script-ci 2025-06-27 11:19:52 +02:00
Kasper Svendsen
6038396115 Merge pull request #19898 from kaspersv/kaspersv/shared-overlay-annotation
Overlay: Add overlay annotation to shared lib
2025-06-27 11:18:55 +02:00
Michael Nebel
143a91efc4 Re-use the security-extended selector in the security-and-frozen-quality selector. 2025-06-27 11:08:08 +02:00
Jeroen Ketema
ad5ee1c498 Merge pull request #19894 from jketema/pretty
C++: Pretty print MaD ids in test output
2025-06-27 11:00:52 +02:00
Kasper Svendsen
5096ce405f Overlay: Add missing overlay[caller?] annotation 2025-06-27 10:50:28 +02:00
Tom Hvitved
3fb8758ae1 Merge pull request #19886 from hvitved/rust/dataflow-caching
Rust: Cache `DataFlow::Node.{toString,getLocation}`
2025-06-27 10:33:50 +02:00
Michael Nebel
2f208bddb6 Merge pull request #19877 from michaelnebel/csharp/microsoftdatasqlclient
C#: Models for Microsoft.Data.SqlClient.
2025-06-27 10:24:38 +02:00
Nora Dimitrijević
f568d41264 Merge pull request #19888 from d10c/d10c/missing-diff-informed-tests
Java, Ruby: add missing .qlref tests
2025-06-27 09:28:41 +02:00
Paolo Tranquilli
c88049a9f4 Create copilot-instructions.md 2025-06-27 09:06:08 +02:00
Tom Hvitved
db0fc7be5d Merge pull request #19881 from hvitved/rust/dataflow-traits
Rust: Data flow through trait methods
2025-06-27 08:55:48 +02:00
Kasper Svendsen
2863c7094a Overlay: Add overlay annotation to shared lib 2025-06-27 08:54:05 +02:00
Jonas Jensen
b446fe74c2 Merge pull request #19846 from jbj/diff-informed-CleartextStorageCookie
Java: Diff-informed CleartextStorageCookie.ql
2025-06-27 08:45:11 +02:00
Kasper Svendsen
f0125e574c Merge branch 'main' into kaspersv/overlay-annotations-script-ci 2025-06-27 08:31:34 +02:00
Kasper Svendsen
e6ef6a3326 Merge branch 'main' into kaspersv/overlay-java-discarding 2025-06-27 08:28:34 +02:00
Kasper Svendsen
da1b99b921 Merge pull request #19779 from github/kaspersv/overlay-java-annotations
Overlay: Add overlay annotations to Java & shared libraries
2025-06-27 08:26:33 +02:00
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed
Python: Improve performance of FileNotClosed query by using basic block reachability
2025-06-26 23:35:38 +01:00
Jeroen Ketema
0996e6083e C++: Pretty print MaD ids in test output 2025-06-26 23:38:32 +02:00
REDMOND\brodes
0aee4f76f9 Crypto: Minor change to force CI/CD checks to restart, prior ql check failures do not make sense. 2025-06-26 16:35:01 -04:00
REDMOND\brodes
dc8d22a468 Crypto: Fix JCA to account for new key gen instance API in model.qll. 2025-06-26 15:48:10 -04:00
REDMOND\brodes
505d8806c7 Crypto: Add key input support for the graph for key generation operations. 2025-06-26 11:51:49 -04:00
Taus
cd0e46314c Python: Add change note 2025-06-26 15:36:02 +00:00
Taus
ad53518644 Python: Regenerate parser files 2025-06-26 15:34:44 +00:00
Taus
e04821e9e3 Python: Allow use of match as an identifier
This previously only worked in certain circumstances. In particular,
assignments such as `match[1] = ...` or even just `match[1]` would fail
to parse correctly.

Fixing this turned out to be less trivial than anticipated. Consider the
fact that
```
match [1]: case (...)
```
can either look the start of a `match` statement, or it could be a type
ascription, ascribing the value of `case(...)` (a call) to the item at
index 1 of `match`.

To fix this, then, we give `match` the identifier and `match` the
statement the same precendence in the grammar, and additionally also
mark a conflict between `match_statement` and `primary_expression`. This
causes the conflict to be resolved dynamically, and seems to do the
right thing in all cases.
2025-06-26 15:33:00 +00:00
Florin Coada
0103ee2872 Add changelog entry for CodeQL CLI version 2.22.1 2025-06-26 15:50:23 +01:00
Nicolas Will
c54e68c855 Merge branch 'main' into pr/19880 2025-06-26 16:47:38 +02:00
Jeroen Ketema
ec09d36667 Merge pull request #19832 from ebickle/feature/oracle-model
C++:  Support SQL Injection sinks for Oracle Call Interface (OCI)
2025-06-26 16:33:55 +02:00
Nicolas Will
0a97357216 Merge pull request #19814 from bdrodes/codescanning_fixes_cpp
Crypto: Fix QL-for-QL alerts and refactor type standardization
2025-06-26 16:33:19 +02:00
Paolo Tranquilli
4799861225 Merge branch 'redsun82/codegen-new-parent-child' into redsun82/rust-item-reorg 2025-06-26 16:29:42 +02:00
Owen Mansel-Chan
2ed451c9e3 Reformat references 2025-06-26 15:20:07 +01:00
Owen Mansel-Chan
10bb88825e Add full stop at the end of each reference 2025-06-26 15:20:06 +01:00
Owen Mansel-Chan
297cdb53aa Update guide to specify a full stop at the end of each reference 2025-06-26 15:20:04 +01:00
Eric Bickle
1142efbc03 Merge branch 'main' into feature/oracle-model 2025-06-26 06:48:40 -07:00
Eric Bickle
3083bdb0b4 C++: Update MaD line numbers in flow.expected 2025-06-26 06:47:24 -07:00
Owen Mansel-Chan
9f0f40d6ce Add "Correct Usage" and "Incorrect Usage" headings 2025-06-26 14:40:49 +01:00
Owen Mansel-Chan
9521994adc Fix format of markdown query help files 2025-06-26 14:40:07 +01:00
Tom Hvitved
9a48459951 Add change note 2025-06-26 15:14:08 +02:00
Nicolas Will
652e7ba15b Merge branch 'main' into codescanning_fixes_cpp 2025-06-26 14:54:36 +02:00
Michael Nebel
37b3ca036a Python: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:45:05 +02:00
Michael Nebel
d926a6a47d Go: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:35:21 +02:00
Michael Nebel
7fecf7466f Ruby: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:26:28 +02:00
Michael Nebel
145ada53f2 C#/Java/JavaScript: Re-factor query suites to use the new selector. 2025-06-26 14:19:27 +02:00
Nick Rolfe
5a176d6fbd Merge pull request #19878 from github/nickrolfe/ql-overlay
Ruby/Rust/QL: simplify generation of overlay-related tables/predicates
2025-06-26 08:10:10 -04:00
Michael Nebel
3efbed56b0 Shared: Modify the frozen selector to only include security queries. 2025-06-26 14:09:43 +02:00
Michael Nebel
1fbf3a39fb Shared: Add a copy of the security-and-quality selector. 2025-06-26 14:05:46 +02:00
Tom Hvitved
b70aa804e5 Rust: Cache DataFlow::Node.{toString,getLocation} 2025-06-26 13:49:37 +02:00
Nora Dimitrijević
89f1ee0301 Ruby: add meta/TaintedNodes.ql test 2025-06-26 13:22:07 +02:00
Nora Dimitrijević
e0b3a2c5f9 Java: convert ArbitraryApkInstallation test to .qlref 2025-06-26 13:22:05 +02:00
Kasper Svendsen
712e64e4a8 Overlay: Add overlay annotations to shared Guards library 2025-06-26 13:19:49 +02:00
Kasper Svendsen
9d2dd782d9 Merge remote-tracking branch 'github/main' into kaspersv/overlay-java-annotations 2025-06-26 13:18:25 +02:00
Jeroen Ketema
a5737dded3 Merge branch 'main' into feature/oracle-model 2025-06-26 12:48:55 +02:00
Tamás Vajk
ae36f94d5e Merge pull request #19844 from tamasvajk/tamasvajk/threadpoolexecutor
Java: Add `java/javautilconcurrentscheduledthreadpoolexecutor` query for zero thread pool size
2025-06-26 12:36:09 +02:00
Paolo Tranquilli
de72e68d2c Merge branch 'main' into redsun82/codegen-new-parent-child 2025-06-26 12:14:53 +02:00
Paolo Tranquilli
afc78ced50 Merge pull request #19874 from github/redsun82/codegen-use-one-test-file
Codegen: use one generated test file per directory
2025-06-26 11:59:40 +02:00
Anders Schack-Mulligen
321a4afd5c Merge pull request #19883 from aschackmull/java/fix-assert-cfg
Java: Fix assert CFG by properly tagging the false successor.
2025-06-26 11:43:27 +02:00
Tamas Vajk
1bd543a8a2 Improve readability of the ID 2025-06-26 11:36:32 +02:00
Kasper Svendsen
64f27e2adf Java: Add abstraction for discardable locatables 2025-06-26 11:35:37 +02:00
Tamás Vajk
1e0dd2a935 Apply suggestion from @michaelnebel
Co-authored-by: Michael Nebel <michaelnebel@github.com>
2025-06-26 11:34:43 +02:00
Anders Schack-Mulligen
7750f1244c Merge pull request #19884 from aschackmull/guards/eqtest-refactor
Guards: Refactor EqualityTest interface.
2025-06-26 11:04:55 +02:00
Anders Schack-Mulligen
c091fc585b Java: Account for AssertionError possibly not being extracted. 2025-06-26 11:03:59 +02:00
Anders Schack-Mulligen
326f2b0498 Java: Accept qltest change showing FP removal. 2025-06-26 11:03:39 +02:00
Anders Schack-Mulligen
f07d9dda39 Guards: Refactor EqualityTest interface. 2025-06-26 10:26:40 +02:00
Jeroen Ketema
b16e710d3b Merge pull request #19870 from jketema/jketema/stats
C++: Update stats file after DCA and extractor changes
2025-06-26 10:21:35 +02:00
Anders Schack-Mulligen
1d4c8197ec Java: Fix assert CFG by properly tagging the false successor. 2025-06-26 10:18:14 +02:00
Jonas Jensen
fc2b18ae8a Java: Diff-informed CleartextStorageCookie.ql
This query shares implementation with several other queries about
cleartext storage, but it's the only one of them that's in the
code-scanning suite. The sharing mechanism remains the same as before,
but now each query has to override `getASelectedLocation` to become
diff-informed.

Two other data-flow configurations are used in this query, but they
can't easily be made diff-informed.
2025-06-26 09:31:11 +02:00
Paolo Tranquilli
9a8ef3acf7 Merge branch 'main' into redsun82/codegen-new-parent-child 2025-06-26 09:30:41 +02:00
Vasco-jofra
8a7516528d Update formatting 2025-06-26 09:29:07 +02:00
Anders Schack-Mulligen
4d2c67857f Merge pull request #19573 from aschackmull/guardslib
Shared/Java: Add shared Guards library and switch Java to use it.
2025-06-26 09:28:32 +02:00
Michael Nebel
cfadd30f98 C#: Add change-note. 2025-06-26 08:52:18 +02:00
Michael Nebel
becd46a47e C#: Add MaD models for Microsoft.Data.SqlClient. 2025-06-26 08:51:10 +02:00
Michael Nebel
f3eafd33ff C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation. 2025-06-26 08:46:49 +02:00
Michael Nebel
ed7f68279f C#: Add cs/sql-injection tests for APIs in Microsoft.Data.SqlClient. 2025-06-26 08:44:50 +02:00
Anders Schack-Mulligen
6f4adb8892 Shared: address review comments. 2025-06-26 07:17:37 +02:00
Anders Schack-Mulligen
5ddddaecdc Java: Add change note. 2025-06-26 07:17:36 +02:00
Anders Schack-Mulligen
4645856f09 Java: document FP 2025-06-26 07:17:36 +02:00
Anders Schack-Mulligen
73810a6d85 Java: Fix perf issue. 2025-06-26 07:17:35 +02:00
Anders Schack-Mulligen
5a34a1a51b Shared: Try caching. 2025-06-26 07:17:35 +02:00
Anders Schack-Mulligen
d4c897f8e2 Java: Fix perf issue. 2025-06-26 07:17:35 +02:00
Anders Schack-Mulligen
42b1b12aa1 Java: Fix qltests 2025-06-26 07:17:34 +02:00
Anders Schack-Mulligen
5c0dcd980d Java: Switch to the shared Guards library. 2025-06-26 07:17:34 +02:00
Anders Schack-Mulligen
cc13193cb6 Java: Replace some references to basicNullGuard. 2025-06-26 07:17:33 +02:00
Anders Schack-Mulligen
0607fefc57 Java: Refactor integerGuard. 2025-06-26 07:17:33 +02:00
Anders Schack-Mulligen
a2778eee75 Java: Refactor clearlyNotNullExpr into a base case that does not rely on SSA. 2025-06-26 07:17:32 +02:00
Anders Schack-Mulligen
22d5dc999a Shared: Bugfix for unique value implication. 2025-06-26 07:17:32 +02:00
Anders Schack-Mulligen
378209a6ad Shared: Simplify and improve joins. 2025-06-26 07:17:31 +02:00
Anders Schack-Mulligen
b19bff9a4e Shared: Switch case guards to be the case statements. 2025-06-26 07:17:31 +02:00
Anders Schack-Mulligen
f772493f4c Shared: Elaborate qldoc. 2025-06-26 07:17:31 +02:00
Anders Schack-Mulligen
73ae613b7a Shared: Many tweaks to Guards. 2025-06-26 07:17:30 +02:00
Anders Schack-Mulligen
c212d0ac8f Shared: Improve shared guards lib. 2025-06-26 07:17:30 +02:00
Anders Schack-Mulligen
16c5b57953 Shared: Extend the shared Guards library with support for exception branch points. 2025-06-26 07:17:29 +02:00
Anders Schack-Mulligen
14b87f97b9 Shared: Extend the shared Guards library with support for custom wrappers. 2025-06-26 07:17:29 +02:00
Anders Schack-Mulligen
1d75008eba Shared: Add a shared Guards library inspired by the Java and C# versions. 2025-06-26 07:17:28 +02:00
Anders Schack-Mulligen
994c1f6427 Java: Add hasInputFromBlock predicate in BaseSSA. 2025-06-26 07:17:28 +02:00
Anders Schack-Mulligen
a0c849139c Java: Add guards-logic qltest with inline expectation. 2025-06-26 07:17:28 +02:00
Jami
aa65f54b1d Merge pull request #19882 from owen-mc/go/avoid-deprecated-class
Go: Avoid using deprecated class
2025-06-25 21:16:08 -04:00
Owen Mansel-Chan
9663ecad21 Avoid using deprecated class 2025-06-26 01:46:14 +01:00
Owen Mansel-Chan
0f07ab58cf Merge pull request #19654 from owen-mc/go/fix-definedtype-getbasetype
Go: fix `DefinedType.getBaseType`
2025-06-26 00:19:19 +01:00
Owen Mansel-Chan
d7b1d7bef4 Merge pull request #19677 from owen-mc/go/better-class-names-and-helpers
Go: Improve two class names and add some helper predicates
2025-06-26 00:17:32 +01:00
Chris Smowton
2291e10ce6 Fix typo
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-25 21:38:22 +02:00
Tom Hvitved
8c240399c1 Rust: Apply MaD trait models to implementations 2025-06-25 21:32:24 +02:00
Tom Hvitved
3e54c61f52 Rust: Add MaD trait tests 2025-06-25 21:32:22 +02:00
Tom Hvitved
5e265b10c7 Rust: Trait call dispatch in dataflow 2025-06-25 21:32:21 +02:00
Tom Hvitved
a4ed5da50b Rust: Add data flow tests involving traits 2025-06-25 21:32:19 +02:00
REDMOND\brodes
7559c06fdb Merge branch 'operation_step_refactor' of https://github.com/bdrodes/codeql into operation_step_refactor 2025-06-25 15:26:21 -04:00
REDMOND\brodes
7477471bc5 Crypto: Bug fix in output model 2025-06-25 15:25:51 -04:00
Nicolas Will
6571c11eb7 Merge branch 'main' into operation_step_refactor 2025-06-25 20:38:11 +02:00
Nicolas Will
98479ff6c3 Crypto: Update queries to use new type names 2025-06-25 20:34:33 +02:00
Nicolas Will
ad7358ac4f Crypto: Deduplicate "GCM" mapping from OpenSSL modeling 2025-06-25 20:26:38 +02:00
Nicolas Will
8e6031df14 Crypto: Fix further acronym casing and remove unused field 2025-06-25 20:25:33 +02:00
Nicolas Will
b8097501b6 Update cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-25 20:12:51 +02:00
Nicolas Will
14472bf744 Crypto: Refactor type name mapping and fix QL-for-QL alerts 2025-06-25 20:08:14 +02:00
REDMOND\brodes
8280cbcaa1 Crypto: Update JCA model to include new model.qll updates. 2025-06-25 13:55:47 -04:00
Paolo Tranquilli
6803bf3861 Merge pull request #19851 from github/redsun82/rust-emission-trait
Rust: refactor `pre_emit!` and `post_emit!` to a trait
2025-06-25 19:22:29 +02:00
REDMOND\brodes
f9147cfb2b Crypto: Remove experimental qll file 2025-06-25 12:26:41 -04:00
REDMOND\brodes
9cd2241bf6 Crypto: Remove accidentally uploaded temporary file. 2025-06-25 11:36:40 -04:00
REDMOND\brodes
072765abca Crypto: Code scanning warning corrections. 2025-06-25 11:16:49 -04:00
REDMOND\brodes
93bad3c799 Crypto: Misc bug fixes and updated expected files. 2025-06-25 11:02:30 -04:00
Nick Rolfe
867826466e Ruby/QL: unconditionally generate discard predicates 2025-06-25 15:35:58 +01:00
Nick Rolfe
57b866bbe1 Ruby/Rust/QL: move databaseMetadata to prefix.dbscheme
This has no effect on ruby.dbscheme, and adds the relation to
ql.dbscheme and rust.dbscheme. (The relation will be required for
overlay support).
2025-06-25 15:35:08 +01:00
Nick Rolfe
9021168725 QL: fix stats-collection workflow 2025-06-25 15:35:06 +01:00
Nora Dimitrijević
942cfc3bd6 Merge pull request #19842 from d10c/d10c/convert-java-tests-to-qlref
Java: convert remaining `java-code-scanning.qls` query tests to `.qlref`
2025-06-25 16:02:28 +02:00
Nicolas Will
710e08088f Crypto: Refactor casing and documentation 2025-06-25 15:29:03 +02:00
Geoffrey White
006f0e8fcf Merge branch 'main' into lifetime 2025-06-25 14:17:00 +01:00
Michael Nebel
bb85e24121 C#: Convert SQL injection test to use inline expectations. 2025-06-25 14:53:09 +02:00
Michael Nebel
af2ebed395 C#: Add stubs for Microsoft.Data.SqlClient. 2025-06-25 14:53:07 +02:00
Paolo Tranquilli
6a0140d3c9 Rust: fix Const test 2025-06-25 14:42:03 +02:00
Paolo Tranquilli
e4056c0a11 Rust: add change note 2025-06-25 14:39:22 +02:00
Paolo Tranquilli
78ecf1814e Rust: add upgrade/downgrade scripts 2025-06-25 14:36:29 +02:00
Paolo Tranquilli
5d3bdb955c Merge branch 'main' into redsun82/rust-item-reorg 2025-06-25 14:34:48 +02:00
Asger F
5289e4f424 JS: Fix a bug in a unit test
The 'extractTypeScriptFiles' override did not incorporate the file type and one of our unit tests was expecting this. The test was previously passing for the wrong reasons.
2025-06-25 14:31:31 +02:00
Asger F
02cdde1447 JS: Fix imprecise condition 2025-06-25 14:31:28 +02:00
Asger F
aef362152e JS: Change notes 2025-06-25 14:31:25 +02:00
Asger F
c8b2674206 JS: Add support for index expressions 2025-06-25 14:31:22 +02:00
Asger F
b1d4776b17 JS: Handle name resolution through dynamic imports 2025-06-25 14:31:20 +02:00
Paolo Tranquilli
ab2e7082f3 Merge branch 'main' into redsun82/codegen-use-one-test-file 2025-06-25 14:31:17 +02:00
Asger F
7cc248703a JS: Add test for dynamic imports 2025-06-25 14:31:17 +02:00
Asger F
92dd5bd1f4 JS: Add deprecation comment to qldoc 2025-06-25 14:31:14 +02:00
Asger F
488da145e8 JS: Don't try to augment invalid files
This check existed on the code path for full type extraction, but not for plain single-file extraction.
2025-06-25 14:31:11 +02:00
Asger F
74b817b642 JS: Remove code path for TypeScript full extraction 2025-06-25 14:31:05 +02:00
Paolo Tranquilli
b8b57365c3 Merge pull request #19876 from github/redsun82/rust-qltest-setup-nightly-toolchain
Rust: fix parallel execution of tests using the nightly toolchain
2025-06-25 14:30:22 +02:00
Paolo Tranquilli
fa006e3ea5 Rust: fix test 2025-06-25 14:17:14 +02:00
Paolo Tranquilli
1f66f902e5 Rust: fix parallel execution of tests using the nightly toolchain
Since we dropped checked in toolchain files for tests requiring nightly,
the `setup.sh` script was not doing its job of setting up the toolchains
and the `rust-src` component, occasionally leading to test failures.
2025-06-25 14:13:43 +02:00
Nick Rolfe
1e68a7e2de Merge pull request #19719 from github/nickrolfe/ruby-discard-predicates
Ruby: generate overlay discard predicates
2025-06-25 07:18:29 -04:00
Michael Nebel
92a1b8971c C#: Add Microsoft.Data.SqlClient to the list of stubs. 2025-06-25 12:52:58 +02:00
Nick Rolfe
a9ddf0026b Ruby: generate overlay discard predicates 2025-06-25 11:47:27 +01:00
Nick Rolfe
1bbba2f664 Merge pull request #19684 from github/nickrolfe/ruby-overlay-extraction
Ruby: add support for extracting overlay databases
2025-06-25 06:39:30 -04:00
Paolo Tranquilli
355fd85c23 Codegen: remove unneeded has|getNumberOf in instance tests 2025-06-25 12:02:13 +02:00
Paolo Tranquilli
99eaaaa830 Rust: fix QL compilation error 2025-06-25 11:50:49 +02:00
Nick Rolfe
c6ff07ad5a Merge branch 'main' into nickrolfe/ruby-overlay-extraction 2025-06-25 05:46:26 -04:00
Paolo Tranquilli
6bbf1e3bc1 Codegen: use one generated test file per directory
This collapses all generated test QL sources into a single one per
directory, using query predicates to run the different tests.

This should improve the time required to run generated tests.
2025-06-25 11:44:54 +02:00
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa
JS: moved `execa` out of experimental
2025-06-25 10:34:52 +02:00
Paolo Tranquilli
bcca47c873 Rust: make AssocItem and ExternItem subclasses of Item 2025-06-25 10:25:24 +02:00
Kasper Svendsen
46ac2fd9f0 Add CI workflow to check overlay annotations 2025-06-25 10:19:25 +02:00
Paolo Tranquilli
792ea10577 Merge branch 'redsun82/codegen-new-parent-child' into redsun82/rust-emission-trait 2025-06-25 10:19:10 +02:00
Kasper Svendsen
7186ea5975 Merge pull request #19871 from github/kaspersv/overlay-script-re
Use regex to match overlay annotations
2025-06-25 09:39:50 +02:00
Kasper Svendsen
869ba0d246 Use regex to match overlay annotations 2025-06-25 09:30:49 +02:00
Napalys Klicius
73126fef9e JS: update change note. 2025-06-25 09:26:26 +02:00
Jeroen Ketema
2f1cd388d1 C++: Update stats file after DCA and extractor changes 2025-06-25 09:21:56 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries
JS: Remove legacy actions queries
2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server
JS: Model React 'use' and 'use server'
2025-06-25 09:13:56 +02:00
Jeroen Ketema
ddae47118b Merge pull request #16075 from jketema/explicit
C++: Handle explicitly instantiated templates
2025-06-25 08:53:50 +02:00
Jeroen Ketema
fff23040b3 C++: Update test results 2025-06-25 08:14:22 +02:00
REDMOND\brodes
bd0efbe48c Crypto: Overhaul of EVP final/init/update to now use a more general 'OperationStep' mechanic. 2025-06-24 16:03:25 -04:00
Chuan-kai Lin
9a064de86e Merge pull request #19865 from github/cklin/pick-kotlin-version
pick-kotlin-version.py: tolerate warnings
2025-06-24 10:21:13 -07:00
Eric Bickle
b8f8501cf5 Merge pull request #1 from geoffw0/sql
C++: Fix for the SQL query.
2025-06-24 10:13:52 -07:00
Aditya Sharad
1c567b9b71 Merge pull request #19867 from adityasharad/qldoc/opcode-script-regex
QLDoc scripts: Fix overly permissive regex ranges
2025-06-24 10:11:08 -07:00
Aditya Sharad
a79e3cf604 QLDoc scripts: Fix overly permissive regex ranges
The range `A-aa-z` was too permissive and
includes special characters between `Z` and `a`.
Low impact, but fix to address an internally
reported code scanning alert.
2025-06-24 10:00:29 -07:00
Nora Dimitrijević
690446149a Java: add CleartextStorageCookie test
Given that it's a non-path-problem dataflow query, the InlineExpectationsTest is not as useful.
2025-06-24 18:12:19 +02:00
Paolo Tranquilli
1dcd60527c Codegen: improve implementation of generated parent/child relationship
This improves the implementation of the generated parent/child
relationship by adding a new `all_children` field to `ql.Class` which
lists all children (both direct and inherited) of a class, carefully
avoiding duplicating children in case of diamond inheritance. This:
* simplifies the generated code,
* avoid children ambiguities in case of diamond inheritance.

This only comes with some changes in the order of children in the
generated tests (we were previously sorting bases alphabetically there).
For the rest this should be a non-functional change.
2025-06-24 17:26:24 +02:00
Jeroen Ketema
9a83005730 Merge pull request #19862 from jketema/complex
C++: Support more complex 16-bit float types
2025-06-24 17:26:07 +02:00
Chuan-kai Lin
565627847f pick-kotlin-version.py: tolerate warnings
This commit changes pick-kotlin-version.py to use re.search() instead of
re.match(), so that it can better cope with warning messages.
2025-06-24 08:13:43 -07:00
Jeroen Ketema
8f249c77bc C++: Support more complex 16-bit float types 2025-06-24 16:56:34 +02:00
Nora Dimitrijević
a49999dd5d PolynomialReDoS: disable diff-informed support
This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support.
2025-06-24 16:42:41 +02:00
Nora Dimitrijević
b2cb585bf2 UnsafeDeserialization: add missing getASelectedSinkLocation override
This fixes the failing diff-informed consistency check.
2025-06-24 16:42:39 +02:00
Nora Dimitrijević
e213e3fc37 Java: convert ImplicitPendingIntents test to .qlref 2025-06-24 16:42:37 +02:00
Nora Dimitrijević
e0311e26c6 Java: convert ImproperIntentVerification test to .qlref
It's a non-path query, so the InlineExpectationsTest postprocessor doesn't do anything.
2025-06-24 16:42:35 +02:00
Nora Dimitrijević
aac4f63e9a Java: convert RequestForgery test to .qlref 2025-06-24 16:42:32 +02:00
Nora Dimitrijević
7f05b72e10 Java: convert OgnlInjection test to .qlref 2025-06-24 16:42:30 +02:00
Nora Dimitrijević
cadfd0dcaa Java: convert RsaWithoutOaep test to .qlref 2025-06-24 16:42:28 +02:00
Nora Dimitrijević
b7e47e2cf3 Java: convert PolynomialReDoS and RegexInjection tests to .qlref
Leaves ReDoS.ql unmodified since it's not a dataflow query; just moves it to its own directory.
2025-06-24 16:42:26 +02:00
Nora Dimitrijević
f5c7ef6ab4 Java: convert XPathInjection test to .qlref 2025-06-24 16:42:23 +02:00
Nora Dimitrijević
162b1c51a9 Java: convert XXE test to .qlref 2025-06-24 16:42:21 +02:00
Nora Dimitrijević
7f33f57c9b Java: convert UrlForward test to .qlref 2025-06-24 16:42:19 +02:00
Nora Dimitrijević
bf1a699982 Java: convert CWE-522 tests to .qlref 2025-06-24 16:42:17 +02:00
Nora Dimitrijević
4412335223 Java: convert UnsafeDeserialization test to .qlref 2025-06-24 16:42:14 +02:00
Nora Dimitrijević
c4b0955045 Java: convert WebviewDebuggingEnabled test to .qlref 2025-06-24 16:42:12 +02:00
Nora Dimitrijević
192f45ed2b Java: convert FragmentInjection test to .qlref 2025-06-24 16:42:10 +02:00
Nora Dimitrijević
2b19cbcd7e Java: convert UnsafeContentUriResolution test to .qlref 2025-06-24 16:42:08 +02:00
Nora Dimitrijević
28694276e2 Java: convert MissingJWTSignatureCheck test to .qlref 2025-06-24 16:42:06 +02:00
Nora Dimitrijević
85c2f72892 Java: convert InsecureRandomness test to .qlref 2025-06-24 16:42:04 +02:00
Nora Dimitrijević
288a938814 Java: convert InsufficientKeySize test to .qlref 2025-06-24 16:42:02 +02:00
Nora Dimitrijević
993b261b63 Java: convert InsecureTrustManager test to .qlref 2025-06-24 16:42:00 +02:00
Nora Dimitrijević
b736e3733c Java: convert IntentUriPermissionManipulation test to .qlref 2025-06-24 16:41:58 +02:00
Nora Dimitrijević
c77875d834 Java: convert TemplateInjection test to .qlref 2025-06-24 16:41:56 +02:00
Nora Dimitrijević
b8c7bd29c3 Java: convert SpelInjection test to .qlref 2025-06-24 16:41:54 +02:00
Nora Dimitrijević
2a837b208b Java: convert MvelInjection test to .qlref 2025-06-24 16:41:52 +02:00
Nora Dimitrijević
1b61cb660a Java: convert JexlInjection test to .qlref 2025-06-24 16:41:50 +02:00
Nora Dimitrijević
1cc91e964d Java: convert GroovyInjection test to .qlref 2025-06-24 16:41:48 +02:00
Nora Dimitrijević
8e53da285f Java: convert XSS test to .qlref 2025-06-24 16:41:46 +02:00
Nora Dimitrijević
199eabdd20 Java: convert XsltInjection test to .qlref
Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.
2025-06-24 16:41:43 +02:00
Nora Dimitrijević
3f9e0fee81 Java: convert JndiInjection test to .qlref 2025-06-24 16:41:41 +02:00
Nora Dimitrijević
e1ddce8456 Java: convert PartialPathTraversalFromRemote test to .qlref 2025-06-24 16:41:39 +02:00
Nora Dimitrijević
588efe4b2b Java: Convert TaintedPath test to .qlref 2025-06-24 16:41:35 +02:00
Nora Dimitrijević
c4a385fa6a Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
2025-06-24 16:31:13 +02:00
Arthur Baars
afcd8c3047 Merge pull request #19864 from github/post-release-prep/codeql-cli-2.22.1
Post-release preparation for codeql-cli-2.22.1
2025-06-24 15:45:21 +02:00
Nora Dimitrijević
35a48e7f41 Swift: convert XXE test to .qlref 2025-06-24 14:58:16 +02:00
Nora Dimitrijević
aa3e0116c1 Swift: convert PathInjection test to .qlref 2025-06-24 14:58:12 +02:00
Nora Dimitrijević
895a8fcb0f Swift: convert CleartextLogging test to .qlref 2025-06-24 14:58:08 +02:00
Nora Dimitrijević
7615ec7a24 Swift: convert PredicateInjection test to .qlref 2025-06-24 14:58:03 +02:00
Nora Dimitrijević
92a48cdc2b Ruby: convert InsecureDownload test to .qlref 2025-06-24 14:57:59 +02:00
Nora Dimitrijević
e32982057c Ruby: convert CommandInjection test to .qlref 2025-06-24 14:57:54 +02:00
Nora Dimitrijević
807c7691c6 Ruby: add PrettyPrintModels test postprocessor 2025-06-24 14:57:49 +02:00
Nora Dimitrijević
cf92b0e91b Go: convert IncorrectIntegerConversion test to .qlref 2025-06-24 14:57:48 +02:00
Nora Dimitrijević
76a3306c63 Go: convert UncontrolledAllocationSize test to .qlref 2025-06-24 14:57:44 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
Geoffrey White
e37979546c Merge pull request #19754 from geoffw0/typeinfer
Rust: Type inference for `for` loops and array expressions
2025-06-24 13:19:37 +01:00
Kasper Svendsen
c380c5f150 Merge pull request #19863 from github/kaspersv/ql4ql-overlay-caller-q
QL4QL: Extend ql/inline-overlay-caller
2025-06-24 13:15:34 +02:00
Napalys Klicius
79a9d7def8 JS: removed execa parts from SystemCommandExecutors and moved it to Execa.qll 2025-06-24 12:41:22 +02:00
Geoffrey White
898c569f1b Rust: Change note. 2025-06-24 11:37:54 +01:00
Geoffrey White
869c974745 Rust: Change note. 2025-06-24 11:34:54 +01:00
Geoffrey White
96dcdf94af Rust: Change note. 2025-06-24 11:31:38 +01:00
Geoffrey White
21bea7e403 Merge branch 'main' into typeinfer 2025-06-24 11:23:34 +01:00
Paolo Tranquilli
d7f14600b3 Merge pull request #19853 from github/redsun82/rust-enable-change-note-check
Rust: enable change-note check
2025-06-24 12:15:08 +02:00
Kasper Svendsen
e1fc138670 QL4QL: Extend ql/inline-overlay-caller 2025-06-24 11:58:31 +02:00
Napalys Klicius
0902ca0605 JS: address copilot suggestions 2025-06-24 11:37:07 +02:00
Asger F
54bfde9b7a Update javascript/ql/src/change-notes/2025-06-23-remove-legacy-actions-queries.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-24 11:22:37 +02:00
Asger F
bae3e255e4 Merge pull request #19859 from asgerf/js/remote-element-from-docs
JS: Remote mention of Element MaD token
2025-06-24 11:22:24 +02:00
Geoffrey White
6677a81e1c Merge branch 'main' into lifetime 2025-06-24 10:11:21 +01:00
Paolo Tranquilli
a72ae9c960 Rust: refactor ast-generator to have all customization at the start 2025-06-24 10:42:16 +02:00
Paolo Tranquilli
d0c7550119 Rust: refactor pre_emit! and post_emit! to a trait 2025-06-24 10:40:33 +02:00
Kasper Svendsen
0ee6a78a4a Java: Allow methods with empty bodies for overlay 2025-06-24 10:38:07 +02:00
Kasper Svendsen
6e92d7e247 Java: Add entity discard predicates 2025-06-24 10:38:06 +02:00
Kasper Svendsen
b6e56f26c7 Java: Add manual overlay annotations 2025-06-24 10:38:05 +02:00
Geoffrey White
c2b317783f C++: Fix for SQL query. 2025-06-24 09:29:46 +01:00
Kasper Svendsen
81b677a2d9 rename overlay[caller] to overlay[caller?] 2025-06-24 10:25:07 +02:00
Kasper Svendsen
2da8d61984 Run config/sync-files.py 2025-06-24 10:25:06 +02:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
Asger F
cb983102e5 JS: Remote mention of Element MaD token 2025-06-24 09:46:20 +02:00
Napalys Klicius
8c345461f0 JS: add change note 2025-06-24 09:08:15 +02:00
Napalys Klicius
d05de1ba4e JS: moved execa test cases outside experimental 2025-06-24 09:08:13 +02:00
Napalys Klicius
d8b5cb5862 JS: moved execa out of experimental 2025-06-24 09:07:43 +02:00
Geoffrey White
11ffb1f86f Merge branch 'main' into lifetime 2025-06-23 17:06:06 +01:00
Paolo Tranquilli
8d4e36f869 Rust: enable change-note check 2025-06-23 17:53:53 +02:00
Geoffrey White
b82a7ab745 Rust: Update variable name in examples. 2025-06-23 16:42:02 +01:00
Asger F
ea0a80a06a JS: Un-deprecate Actions.qll for now as we have some internal queries that use it. 2025-06-23 16:38:04 +02:00
Asger F
4fc5738ded JS: Change note 2025-06-23 16:08:21 +02:00
Asger F
61887beae0 JS: Add test case for false positive 2025-06-23 16:03:41 +02:00
Asger F
cc1a28ac7e JS: Add parameters of server functions as remote flow sources 2025-06-23 16:03:39 +02:00
Asger F
d9f4e4a90d JS: Add tests for functions with "use server" directive 2025-06-23 16:03:38 +02:00
Asger F
7dd7246cd4 JS: Update tests.expected
Mostly noise due to renamed predicates and reordered result sets
2025-06-23 16:03:35 +02:00
Asger F
180b023c7c JS: Add inline expectations to React test 2025-06-23 16:03:33 +02:00
Asger F
1787d4dce8 JS: Enable inline expectations in test
Will update files in next commit
2025-06-23 16:03:32 +02:00
Asger F
1a18e68364 JS: Remove reactLibraryRef
This is not testing anything interesting, and is noisy when adding inline expectations
2025-06-23 16:03:30 +02:00
Asger F
99fb6b62ad JS: Remove test_ prefix from query predicates 2025-06-23 16:03:29 +02:00
Asger F
8ff7182f3a JS: Move React test predicates into one file 2025-06-23 15:37:15 +02:00
Asger F
980d0f46fa JS: Add model for react 'use' 2025-06-23 15:27:21 +02:00
Asger F
768ccc6a54 JS: Add test for react 'use' function 2025-06-23 15:26:08 +02:00
Geoffrey White
530ded18e4 Merge branch 'main' into typeinfer 2025-06-23 14:02:58 +01:00
Asger F
7da2d71a70 JS: Update query suite expectations 2025-06-23 14:57:23 +02:00
Nick Rolfe
45f089fda0 Ruby: skip non-existent files in overlay changes JSON
The previous implementation returned None if any of the paths in the
changes JSON couldn't be canonicalized. This could happen for files that
were deleted in the diff. Now, it just ignores paths for which
canonicalize() fails.
2025-06-23 13:53:18 +01:00
Asger F
b1da23968c JS: Change note 2025-06-23 14:50:09 +02:00
Asger F
76b7228160 JS: Remove js/actions/command-injection
Superseded by actions/command-injection/{medium,critical}
2025-06-23 14:41:26 +02:00
Asger F
9dcb61e771 JS: Remove js/actions/actions-artifact-leak
Superseded by actions/secrets-in-artifacts
2025-06-23 14:39:28 +02:00
Asger F
3a00e8d1c5 JS: Remove js/actions/pull-request-target
Superseded by actions/untrusted-checkout/{medium,high,critical}
2025-06-23 14:37:21 +02:00
Asger F
0d3bb89195 JS: Deprecate Actions.qll 2025-06-23 14:36:15 +02:00
Geoffrey White
4530e85c93 Rust: Repair the test annotations. 2025-06-23 13:12:53 +01:00
Geoffrey White
8c848ac019 Rust: Effects of rustfmt on .expected. 2025-06-23 13:08:42 +01:00
Geoffrey White
d02a7288ff Update rust/ql/lib/codeql/rust/internal/TypeInference.qll
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
2025-06-23 13:04:56 +01:00
Geoffrey White
34cd9766d5 Rust: Run rustfmt --edition 2024 on the test. 2025-06-23 12:59:42 +01:00
Geoffrey White
bfaabab929 Rust: Update more expectations. 2025-06-23 12:58:35 +01:00
Asger F
8efa38be79 JS: Change default TypeScript extraction mode to basic 2025-06-23 12:55:20 +02:00
Asger F
e323833bc3 JS: Fix qldoc coverage 2025-06-23 12:55:19 +02:00
Asger F
07f84a5add JS: Remove an unnecessary import 2025-06-23 12:55:18 +02:00
Asger F
1cab99290e JS: Remove unneeded integration test 2025-06-23 12:55:16 +02:00
Asger F
f5f12c2f81 JS: Delete or simplify TypeScript type-specific tests 2025-06-23 12:55:15 +02:00
Asger F
ee9c4fa763 JS: Deprecate everything that depends on type extraction 2025-06-23 12:55:14 +02:00
Asger F
f5ac3fd611 JS: Remove old metric-meta query TypedExprs.ql
This was used in the very old dist-compare tool, but has no use anymore
2025-06-23 12:55:12 +02:00
Asger F
6d389c31c7 JS: Update an outdated QLDoc comment 2025-06-23 12:55:11 +02:00
Asger F
fcb6882f16 JS: Update API usage in MissingAwait 2025-06-23 12:55:09 +02:00
Asger F
e459884b69 JS: Update API usage in ViewComponentInput 2025-06-23 12:55:08 +02:00
Asger F
fb92d9b034 JS: Update type usage in UnreachableMethodOverloads
This query depended on the cons-hashing performed by type extraction to determine if two types are the same.

This is not trivial to restore, but not important enough to reimplement right now, so for now just simplifying the query's ability to recognise that two types are the same.
2025-06-23 12:55:06 +02:00
Asger F
8b2a424fb0 JS: Update type usage use in Express model 2025-06-23 12:55:05 +02:00
Asger F
b71d09630a JS: Update type usage in Electron model 2025-06-23 12:55:03 +02:00
Asger F
ace8b09a36 JS: Update type usage in ClassValidator.qll 2025-06-23 12:55:01 +02:00
Asger F
9d4c38b5f1 JS: Update type usage in definitions.qll 2025-06-23 12:54:59 +02:00
Asger F
17a687b38f JS: Update type usage in Nest library model 2025-06-23 12:54:57 +02:00
Asger F
b82e84930c JS: Add public API 2025-06-23 12:54:56 +02:00
Asger F
2a0c7c8801 JS: Add classHasGlobalName into NameResolution 2025-06-23 12:54:55 +02:00
Asger F
de9dab9ba3 JS: Move some predicates into NameResolution 2025-06-23 12:54:53 +02:00
Tamas Vajk
60e726bdf2 Java: Add java/javautilconcurrentscheduledthreadpoolexecutor query for zero thread pool size 2025-06-23 12:52:45 +02:00
Lindsay Simpkins
849e0b4e1f Merge pull request #248 from microsoft/fix-ps-performance
PS: Fix lots of performance problems
2025-06-20 23:14:39 -04:00
Lindsay Simpkins
52f5ac528c Merge branch 'main' into fix-ps-performance 2025-06-20 23:01:38 -04:00
Lindsay Simpkins
6ab05cd387 Merge pull request #249 from microsoft/fix-fps-on-sql-injection
PS: Fix FPs on `powershell/microsoft/public/sql-injection`
2025-06-20 16:36:54 -04:00
Mathias Vorreiter Pedersen
cb89695c1d PS: Improve alert message. 2025-06-20 20:40:53 +01:00
Mathias Vorreiter Pedersen
9032d863bd PS: Accept test changes. 2025-06-20 16:40:44 +01:00
Mathias Vorreiter Pedersen
1486200146 PS: Allow for implicit reads at sinks in 'ps/sql-injection'. 2025-06-20 16:34:16 +01:00
Mathias Vorreiter Pedersen
1ff04d9f94 PS: Add new false negative. 2025-06-20 16:30:49 +01:00
Mathias Vorreiter Pedersen
72178f0a36 PS: Accept test changes. 2025-06-20 14:54:39 +01:00
Mathias Vorreiter Pedersen
05a7cfd264 PS: Don't implicitly read any element. Instead, only read positional contents. 2025-06-20 14:54:15 +01:00
Mathias Vorreiter Pedersen
25d94fabcc PS: Add false positive to 'ps/sql-injection'. 2025-06-20 14:51:17 +01:00
Mathias Vorreiter Pedersen
0912cc337f PS: Accept test changes. 2025-06-20 14:25:58 +01:00
Mathias Vorreiter Pedersen
c18db919c9 PS: Model 'inputfile' as a sink for SQL injections. 2025-06-20 14:25:45 +01:00
Mathias Vorreiter Pedersen
b82bd2cd2f PS: Add false positive to 'ps/sql-injection'. 2025-06-20 14:23:55 +01:00
Eric Bickle
32464a8995 C++: Support SQL Injection sinks for Oracle Call Interface (OCI) 2025-06-20 06:05:24 -07:00
Mathias Vorreiter Pedersen
86cc09b622 PS: Start with a SCAN of 'getProcessBlock' as this ensures we start with a small pipeline. 2025-06-19 22:11:26 +01:00
Mathias Vorreiter Pedersen
31fbb6fd55 PS: Prevent bad magic by calling a HOP to compute the transitive closure. 2025-06-19 22:11:25 +01:00
Mathias Vorreiter Pedersen
2d045ea345 PS: Prevent join on integer. 2025-06-19 22:11:24 +01:00
Mathias Vorreiter Pedersen
c50b0c6323 PS: Prevent join on boolean. 2025-06-19 22:11:22 +01:00
Mathias Vorreiter Pedersen
a38d57f080 PS: Fix cartesian product. 2025-06-19 22:11:20 +01:00
Mathias Vorreiter Pedersen
f513259f24 PS: Format, add a helper predicate and add an explicit 'this' to silence a warning. 2025-06-19 22:11:19 +01:00
Mathias Vorreiter Pedersen
9be1f2d1d1 PS: Replace another 'forex' with explicit recursion. 2025-06-19 22:11:17 +01:00
Mathias Vorreiter Pedersen
8664842f91 PS: Remove two more 'forex's. 2025-06-19 22:11:16 +01:00
Mathias Vorreiter Pedersen
b79f3666a9 PS: Replace a 'forex' with explicit recursion. 2025-06-19 22:11:14 +01:00
Mathias Vorreiter Pedersen
ebc167c529 PS: Fix join in 'count'. 2025-06-19 22:11:13 +01:00
Mathias Vorreiter Pedersen
ae83d56df1 PS: Rename predicate. 2025-06-19 22:11:00 +01:00
Mathias Vorreiter Pedersen
f69cfdcd5a PS: Autoformat. 2025-06-19 22:03:40 +01:00
Mathias Vorreiter Pedersen
9ed32b14a2 PS: Add some QLDoc. 2025-06-19 22:02:45 +01:00
Mathias Vorreiter Pedersen
3ba3b11207 PS: Prevent magic on 'getParent'. 2025-06-19 22:02:22 +01:00
Nick Rolfe
665df4baef Ruby: add minimal path transformer support
Supports only a minimal subset of the project layout specification;
enough to work with the transformers produced by the CLI when building
an overlay database.
2025-06-19 16:34:16 +01:00
Nick Rolfe
1bd7c4f11c Ruby: add databaseMetadata relation to dbscheme
This is required for overlay support.
2025-06-19 16:34:15 +01:00
Nick Rolfe
c4ccc5502d Ruby: add support for extracting overlays 2025-06-19 16:34:14 +01:00
Geoffrey White
7a25596749 Merge branch 'main' into typeinfer 2025-06-19 14:27:35 +01:00
Geoffrey White
26e7b2d5f8 Rust: Accept path resolution consistency changes. 2025-06-19 14:19:13 +01:00
Geoffrey White
d55e8b7010 Rust: Add another test case for ranges. 2025-06-19 13:45:54 +01:00
Geoffrey White
7170e97e22 Rust: Update test expectations format (type=...). 2025-06-19 13:09:28 +01:00
Geoffrey White
f670fcb301 Rust: Add a Vec test case that we actually get (explicit type). 2025-06-19 11:28:17 +01:00
Geoffrey White
1622d08624 Rust: Add inferArrayExprType. 2025-06-19 11:21:37 +01:00
Geoffrey White
639f85a556 Merge branch 'main' into typeinfer 2025-06-19 11:15:52 +01:00
Geoffrey White
36cf4b613e Rust: Accept consistency changes. 2025-06-18 17:32:20 +01:00
REDMOND\brodes
8ee03e48ca Crypto: Fix cpp-specific code scanning alert failure 2025-06-18 11:04:27 -04:00
Geoffrey White
5edd6e85e7 Rust: Restrict results to 'unsafe' blocks. 2025-06-18 15:45:31 +01:00
Geoffrey White
dbde8418bb Rust: Another test case (unsafe function). 2025-06-18 15:29:37 +01:00
Geoffrey White
79cedc2586 Rust: Rename predicate again. 2025-06-18 11:56:04 +01:00
Geoffrey White
5bf799e717 Apply suggestions from code review
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
2025-06-18 11:52:02 +01:00
Geoffrey White
df221ea8f8 Rust: Remove excess 'cached' annotation. 2025-06-17 23:17:58 +01:00
Geoffrey White
dec0deb4d1 Rust: Add some more test cases for type inference on Vecs. 2025-06-17 23:07:32 +01:00
Geoffrey White
cd6975f7b7 Rust: Update DotDotCheck from getResolvedPath -> getCanonicalPath. 2025-06-17 17:07:39 +01:00
Geoffrey White
4292b03b5c Rust: Add logic for Vecs and slices. 2025-06-17 10:58:26 +01:00
Geoffrey White
66d6770c3f Rust: If we're inferring both ways, it should really be to any element. 2025-06-17 10:47:35 +01:00
Geoffrey White
69da4e7462 Rust: Move inferArrayExprType logic into typeEquality predicate. 2025-06-17 10:45:57 +01:00
Mathias Vorreiter Pedersen
56977c76f8 Merge pull request #247 from microsoft/add-get-callee-on-call-nodes
PS: Add `Node.getCallee` predicate on `DataFlow::CallNode`
2025-06-16 15:48:41 +01:00
Mathias Vorreiter Pedersen
229914f7f3 PS: Add 'Node.getCallee' predicate on DataFlow::CallNode. 2025-06-16 15:24:26 +01:00
Paolo Tranquilli
0d803698ac Go: remove language tests from workflows
Now that they are run internally using QLucie.
2025-06-16 14:01:40 +02:00
Vasco-jofra
e2eca5bbff Update test.expected 2025-06-15 12:12:12 +02:00
Vasco-jofra
6920430073 Improve dependency injection through import function calls 2025-06-15 00:47:34 +02:00
Vasco-jofra
9019879d99 Improve useFactory inter file function detection 2025-06-15 00:32:26 +02:00
Vasco-jofra
477f32c7ff NestJS dependency injection support useValue provider 2025-06-15 00:21:38 +02:00
Vasco-jofra
2b143c86ac NestJS dependency Injection support useFactory provider 2025-06-15 00:09:07 +02:00
Vasco-jofra
baf0d3ef22 Model NestJS middlewares as sources 2025-06-14 23:27:49 +02:00
Vasco-jofra
ddf77a0b72 Remove unnecessary spaces 2025-06-13 15:37:27 +02:00
Vasco-jofra
4ea53773b9 Model the TypeORM Repository API 2025-06-13 15:35:46 +02:00
Geoffrey White
14b75a968b Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2025-06-13 14:09:49 +01:00
Geoffrey White
6194676b7d Rust: Accept consistency failures (for now). 2025-06-13 13:51:01 +01:00
Geoffrey White
62e3cc57c6 Merge branch 'main' into typeinfer 2025-06-13 13:45:19 +01:00
Geoffrey White
b89d6d3402 Rust: Implement type inference for ArrayRepeatExprs. 2025-06-13 12:58:51 +01:00
Geoffrey White
51343a5c03 Rust: Implement type inference for ArrayListExprs. 2025-06-13 12:58:49 +01:00
Geoffrey White
f76b56291b Rust: Implement type inference for 'for' loops on arrays. 2025-06-13 12:58:47 +01:00
Geoffrey White
840ef5ce92 Rust: Add test cases for type inference in loops. 2025-06-13 12:37:32 +01:00
Chanel Young
f882af95d8 update to invokesink 2025-06-12 14:30:46 -07:00
dilanbhalla
8e09d96df5 Merge pull request #240 from microsoft/auto/sync-main-pr
Sync Main (autogenerated)
2025-06-12 11:07:49 -07:00
dilanbhalla
dae058250b Merge branch 'main' into auto/sync-main-pr 2025-06-12 10:55:48 -07:00
dilanbhalla
ed8cc6afff Merge pull request #245 from microsoft/fix-extensional-warnings-powershell
PS: Remove unnecessary data extension pattern to fix warning
2025-06-12 10:55:36 -07:00
Mathias Vorreiter Pedersen
b88ed68499 PS: Remove unnecessary data extension pattern. All the models are matched by the other two patterns. 2025-06-12 11:41:25 +01:00
Geoffrey White
087e666658 Rust: Exclude sources in macro expansions. 2025-06-11 18:48:23 +01:00
Geoffrey White
168246005c Rust: Extend tests based on cases found in DCA. 2025-06-11 18:33:59 +01:00
Geoffrey White
b29deed919 Rust: Accept changes in an unrelated test reported by CI. 2025-06-11 18:09:22 +01:00
dilanbhalla
7bfefefbf7 Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-06-11 17:00:14 +00:00
Geoffrey White
ecac0dbe69 Rust: Accept consistency check failures. 2025-06-11 08:52:52 +01:00
dilanbhalla
b8a78f79eb Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-06-10 18:59:32 +00:00
dilanbhalla
64bc3ed473 Merge pull request #244 from microsoft/lwsimpkins/fix-qhelp
fix failing qhelp files
2025-06-10 11:02:12 -07:00
Lindsay Simpkins
f96a250ffc fix qhelp files 2025-06-09 18:37:16 -04:00
Lindsay Simpkins
7668175804 Merge branch 'main' into lwsimpkins/fix-qhelp 2025-06-09 17:56:59 -04:00
dilanbhalla
9521d06424 Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-06-09 19:59:12 +00:00
Lindsay Simpkins
077549da16 fix failing qhelp files 2025-06-09 15:31:19 -04:00
dilanbhalla
3d84e5ac3b Merge pull request #243 from microsoft/lwsimpkins/fix-qhelp
fix powershell qhelp files
2025-06-09 12:06:45 -07:00
Geoffrey White
a9d5d8b2b3 Rust: Accept the new alert message in tests. 2025-06-09 19:14:14 +01:00
Geoffrey White
74ce4e8105 Update rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-09 19:10:39 +01:00
Geoffrey White
e7945e16cb Rust: Accept the query in suite listings. 2025-06-09 19:06:34 +01:00
Lindsay Simpkins
25fb1aabd2 fix powershell qhelp files 2025-06-09 14:01:54 -04:00
Geoffrey White
9b0ee8fb9f Rust: Add security-severity tag and reduce precision to medium for now.
precis
2025-06-09 17:58:44 +01:00
Geoffrey White
b3330b5636 Rust: Allow parameter accesses as sources. 2025-06-09 17:58:42 +01:00
Geoffrey White
d3d0a533b5 Rust: Add test showing yet another spurious result. 2025-06-09 17:58:41 +01:00
Geoffrey White
858eec390d Rust: Exclude results where the source is a reference. 2025-06-09 17:58:40 +01:00
Geoffrey White
7bae451af3 Rust: Exclude results in macro invocations. 2025-06-09 17:58:38 +01:00
Geoffrey White
26f85585fd Rust: Add qhelp, examples, and examples as tests. 2025-06-09 17:58:37 +01:00
Geoffrey White
fe20fb403d Rust: More robust fix for closures. 2025-06-09 16:41:31 +01:00
Geoffrey White
21b4baeb42 Rust: Have the alert message cite the variable, so it's easier to understand whether the alert is correct. 2025-06-09 10:28:25 +01:00
Geoffrey White
79f8584efb Rust: Fix spurious results involving closures. 2025-06-09 10:25:48 +01:00
Geoffrey White
bf4ea02dd2 Rust: Implement the query. 2025-06-09 10:25:40 +01:00
Mrigank Pawagi
114b46824a update test 2025-06-05 15:56:35 +00:00
Geoffrey White
526620ca41 Rust: Add some helper predicates for finding enclosing blocks. 2025-06-05 16:30:28 +01:00
Geoffrey White
96dc34e36d Rust: Even more test cases (inspired by real world results). 2025-06-05 16:29:58 +01:00
Mrigank Pawagi
93c485fb13 apply proper formatting in comment 2025-06-05 13:26:38 +00:00
Owen Mansel-Chan
ecd0291b6a Add change note for deprecation 2025-06-05 11:00:00 +01:00
Owen Mansel-Chan
75d9b298b2 Test helper predicates for TypeSpec 2025-06-05 10:52:01 +01:00
Owen Mansel-Chan
c4a8ac4980 Add helper predicates for TypeSpec 2025-06-05 10:51:39 +01:00
Mrigank Pawagi
434973f8e6 Update GlobalUseBeforeInit.ql 2025-06-05 09:48:37 +00:00
Geoffrey White
66c1e2cace Rust: Add test cases for implicit dereferences and more pointer/enum mixes (inspired by early real world results). 2025-06-05 10:37:30 +01:00
Geoffrey White
e2fb1d3892 Rust: Add test cases involving lifetimes + lifetime annotations. 2025-06-05 10:37:29 +01:00
Geoffrey White
ae19ecc674 Rust: Add test cases involving lifetimes + closures and async blocks. 2025-06-05 10:37:28 +01:00
Geoffrey White
43cb98ad15 Rust: Fix some warnings in the existing test. 2025-06-05 10:37:27 +01:00
Geoffrey White
8e8374b9bc Rust: Label source annotations in the test properly. 2025-06-05 10:37:26 +01:00
Geoffrey White
da4fbfb449 Rust: Placeholder new query. 2025-06-05 10:37:25 +01:00
Owen Mansel-Chan
8b9cc99158 Test helper predicates for FieldDecl 2025-06-05 10:35:34 +01:00
Owen Mansel-Chan
d9bc165c72 Add helper predicates for FieldDecl 2025-06-05 10:35:25 +01:00
Owen Mansel-Chan
82e8d3af8d Improve two class names 2025-06-05 10:34:53 +01:00
dilanbhalla
58acb60b47 Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-06-03 19:32:15 +00:00
dilanbhalla
06448780ed Merge pull request #242 from microsoft/powershell-guardpredicate-fix
added hasbranchedge
2025-06-03 12:31:26 -07:00
Chanel Young
0d11efc5cb added hasbranchedge 2025-06-03 11:53:29 -07:00
Owen Mansel-Chan
b2f310cda7 Add change note 2025-06-03 15:36:03 +01:00
Owen Mansel-Chan
4711feb344 Add test for DefinedType.getBaseType 2025-06-03 14:50:05 +01:00
Owen Mansel-Chan
40000840c1 Fix definition of DefinedType.getBaseType 2025-06-03 14:50:03 +01:00
Owen Mansel-Chan
681f9af710 Fix MethodTypes test 2025-06-03 14:50:00 +01:00
dilanbhalla
464558688d Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-06-02 22:04:24 +00:00
Chanel
8ef818cd8d Merge pull request #239 from microsoft/dilan/sync-main-auth-2
Sync Main: Auth Bug (fix attempt 2)
2025-06-02 15:03:25 -07:00
dilanbhalla
8aa10995ba Update sync-main.yml 2025-06-02 14:40:39 -07:00
dilanbhalla
126ddf9271 Merge pull request #238 from microsoft/dilan/sync-repo-auth
Auth Bug: Sync Main
2025-06-02 10:31:30 -07:00
dilanbhalla
8ef8210327 Update sync-main.yml 2025-06-02 10:26:22 -07:00
Joe Farebrother
38072c7863 Fix typo
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-02 16:42:27 +01:00
Joe Farebrother
57a0c7a1ab Performance fix - Use basic blocks instead of full cfg reachability. 2025-06-02 14:33:52 +01:00
Mathias Vorreiter Pedersen
10a886325d Merge pull request #237 from microsoft/fix-fps-in-tainted-path
C#: Fix FPs (and a small FN) in `cs/path-injection`
2025-05-30 14:51:01 +01:00
Mathias Vorreiter Pedersen
2186fef8bf C#: Accept test changes. 2025-05-27 18:44:59 +01:00
Mathias Vorreiter Pedersen
4dfa88626a C#: Recognize more path-normalization steps. 2025-05-27 18:44:57 +01:00
Mathias Vorreiter Pedersen
db7119c29f C#: Add a false positive. 2025-05-27 18:44:56 +01:00
Mathias Vorreiter Pedersen
a2d4c20068 C#: Fix FN by blocking flow out of the function call instead of out of the argument (which is incorrect when there is use-use flow). 2025-05-27 18:44:54 +01:00
Mathias Vorreiter Pedersen
03e671aff1 C#: Add a false negative. 2025-05-27 18:44:53 +01:00
Mathias Vorreiter Pedersen
b40a43701c C#: Small optimization. Avoid a small CP between sinks and states. 2025-05-27 18:44:51 +01:00
Mathias Vorreiter Pedersen
0e887d8697 Merge pull request #235 from microsoft/update-typegen-2
PS: Restructure generated files
2025-05-21 17:43:10 +01:00
Chanel
a17f10d4a9 Merge branch 'main' into update-typegen-2 2025-05-21 09:27:44 -07:00
Mathias Vorreiter Pedersen
a410e85d85 PS: Accept test changes. 2025-05-21 16:35:07 +01:00
Mathias Vorreiter Pedersen
8875962f9b PS: Fix pack name in data extension files. 2025-05-21 16:35:06 +01:00
Mathias Vorreiter Pedersen
b409cbddf1 PS: Add back the manual models. 2025-05-21 16:35:01 +01:00
Mathias Vorreiter Pedersen
1a7908cd57 PS: Add generated models for .NET runtime. 2025-05-21 16:35:00 +01:00
Mathias Vorreiter Pedersen
61021b6d6f PS: Regenerate models. 2025-05-21 16:34:47 +01:00
Mathias Vorreiter Pedersen
2f0b064ee2 Merge pull request #234 from microsoft/share-global-cfg-library
C++/C#/Shared: Convert the global control-flow library to a shared parameterize module and make it available in C#
2025-05-19 19:24:14 +01:00
Mathias Vorreiter Pedersen
f00c370204 C#: Instantiate the (now shared) global control-flow library. 2025-05-19 19:04:20 +01:00
Mathias Vorreiter Pedersen
7cc091912f C++/Shared: Convert the global control-flow library to a shared parameterized module. 2025-05-19 19:03:59 +01:00
Mathias Vorreiter Pedersen
198a594b7a Merge pull request #149 from microsoft/interprocedural-controlflow
C++: Add an interprocedural control-flow library
2025-05-19 15:52:17 +01:00
Mathias Vorreiter Pedersen
bac9c7d30d Merge branch 'main' into interprocedural-controlflow 2025-05-19 15:30:24 +01:00
Adnan Khan
aca3d897a2 Merge branch 'main' into patch-1 2025-05-19 08:52:56 -04:00
Mathias Vorreiter Pedersen
c3b0c2d924 PS: Update typegen script and documentation. 2025-05-16 12:08:54 +01:00
dilanbhalla
60ca4964ad Merge pull request #233 from microsoft/dilan/powershell-dotnet-publish-flags
PowerShell: .NET Publish Flags
2025-05-15 12:26:02 -07:00
dilanbhalla
5127ace92c Update build-win64.ps1 2025-05-15 12:18:19 -07:00
dilanbhalla
77e6056665 Update build-osx64.ps1 2025-05-15 12:18:07 -07:00
dilanbhalla
50622e529e Update build-linux64.ps1 2025-05-15 12:16:53 -07:00
dilanbhalla
dd965dd646 Merge pull request #232 from microsoft/dilan/powershell-osx-specific-buildscripts
PowerShell: OS-specific buildscripts
2025-05-15 12:07:22 -07:00
dilanbhalla
0d38a98bad Update powershell-pr-check.yml 2025-05-15 12:00:45 -07:00
dilanbhalla
e250f9b6ce Create build-linux64.ps1 2025-05-15 11:59:37 -07:00
dilanbhalla
0fab231c33 Update build-win64.ps1 2025-05-15 11:58:26 -07:00
dilanbhalla
c632477eb3 Create build-osx64.ps1 2025-05-15 11:57:58 -07:00
dilanbhalla
5be20a0d10 Rename build.ps1 to build-win64.ps1 2025-05-15 11:52:25 -07:00
dilanbhalla
d1c2fa0266 Merge pull request #230 from microsoft/auto/sync-main-pr
Sync Main (autogenerated)
2025-05-15 10:50:21 -07:00
Dilan Bhalla
ae515a4b5f Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-05-15 10:20:16 -07:00
dilanbhalla
2ef6dd9cbc Merge pull request #225 from microsoft/cleanup-upgrade-downgrade-story-2
PS: Cleanup upgrade/downgrade chains
2025-05-14 10:50:34 -07:00
Mathias Vorreiter Pedersen
2bf076df49 PS: Also include the downgrade scripts when building the PowerShell extractor and injecting it into the CLI. 2025-05-13 18:58:26 +01:00
Mathias Vorreiter Pedersen
07d723291b PS: Add a single upgrade script that upgrades the old dbscheme to the current dbscheme, and add a single downgrade script that downgrades the current dbscheme to the old dbscheme. IMPORTANT: the .gitattributes ensure that we keep CLRF (i.e., windows) line-endings on the old dbscheme scripts so that they match what is produced by the extractor. 2025-05-13 18:50:13 +01:00
Mathias Vorreiter Pedersen
a489bfd125 PS: Delete all the existing upgrade and downgrade scripts. 2025-05-13 18:46:45 +01:00
Denis Levin
a1bfbb37e7 Two more modules and an update to some cached refs for GO (#224)
Co-authored-by: Denis Levin <denisl@microsoft.com>
2025-05-08 11:59:28 -07:00
Josh Brown
c87545ee12 Merge pull request #223 from microsoft/denisl/afewmissedCGChanges
Looks like I've missed a few CG changes - checking in
2025-05-07 19:19:53 -07:00
Denis Levin
526f161e97 Merge branch 'main' into denisl/afewmissedCGChanges 2025-05-07 16:40:32 -07:00
Denis Levin
b87431ac35 Looks like I've missed a few CG changes - checking in 2025-05-07 14:53:37 -07:00
dilanbhalla
c31abb7f0f Merge pull request #222 from microsoft/revert-218-update-csharp-stub-models
Revert "Update the C# stub models"
2025-05-02 16:23:19 -07:00
dilanbhalla
0ec0f5ce35 Revert "Update the C# stub models" 2025-05-02 14:44:25 -07:00
dilanbhalla
0d7e5faa0e Merge pull request #219 from microsoft/ps-run-tests-on-prs
PS: Run tests on PRs
2025-05-02 12:10:16 -07:00
dilanbhalla
e70d9ff4ca Merge branch 'main' into ps-run-tests-on-prs 2025-05-02 10:56:01 -07:00
dilanbhalla
d76de83121 Merge pull request #218 from microsoft/update-csharp-stub-models
Update the C# stub models
2025-05-01 14:35:21 -07:00
Sid Gawri
43ab8cb98e Merge branch 'main' of https://github.com/microsoft/codeql into update-csharp-stub-models 2025-05-01 17:31:54 -04:00
Josh Brown
f0e0d76ca6 Merge pull request #220 from microsoft/auto/sync-main-pr
Sync Main (autogenerated)
2025-05-01 11:07:26 -07:00
dilanbhalla
63884ff714 Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-05-01 13:06:40 +00:00
Mathias Vorreiter Pedersen
3dc74e9fdb PS: Harden the build script so that you can run it from any folder. 2025-05-01 12:36:11 +01:00
Mathias Vorreiter Pedersen
337cb8b308 PS: Make it possible to run the build script from a command prompt that is running from %SYSTEMROOT%. See https://learn.microsoft.com/en-us/answers/questions/574694/msbuild-error-msb1009-project-file-does-not-exist 2025-05-01 12:31:11 +01:00
Mathias Vorreiter Pedersen
3cca0a6ec0 Update powershell-pr-check.yml 2025-05-01 12:25:04 +01:00
Mathias Vorreiter Pedersen
f029d2a494 Update powershell-pr-check.yml 2025-05-01 12:21:18 +01:00
Mathias Vorreiter Pedersen
3bea9e5693 Update powershell-pr-check.yml 2025-05-01 12:18:59 +01:00
Mathias Vorreiter Pedersen
7c37c54b03 Update powershell-pr-check.yml 2025-05-01 12:07:59 +01:00
Mathias Vorreiter Pedersen
1724948f75 Update powershell-pr-check.yml 2025-05-01 12:06:01 +01:00
Mathias Vorreiter Pedersen
3b2057b148 Update powershell-pr-check.yml 2025-05-01 12:01:06 +01:00
Mathias Vorreiter Pedersen
d6c6015558 PS: Run tests on PRs 2025-05-01 11:58:55 +01:00
Sid Gawri
d824bdf8d2 system.web + system.net 2025-04-30 18:37:42 -04:00
Mathias Vorreiter Pedersen
f7d081874b Merge pull request #217 from microsoft/accept-parent-test-changes
PS: Accept missing test changes
2025-04-30 20:25:05 +01:00
Mathias Vorreiter Pedersen
2f03911b45 PS: Accept test changes. 2025-04-30 20:20:07 +01:00
Chanel
f6aec284d1 Merge pull request #216 from microsoft/ps-string-literals
PS: Lift string literals to the public AST
2025-04-30 10:09:38 -07:00
Mathias Vorreiter Pedersen
dbfd07024d PS: Add some tests for string literals. 2025-04-30 13:46:43 +01:00
Mathias Vorreiter Pedersen
a7c0305430 PS: Lift StringLiterals to the public AST from the raw AST. 2025-04-30 13:46:32 +01:00
Chanel
64dd13d4eb Merge pull request #215 from microsoft/ps-add-sql-injection-query
PS: Add SQL injection query
2025-04-29 10:31:55 -07:00
Mathias Vorreiter Pedersen
c6678949b9 PS: Add query test for the new SQL injection query. 2025-04-29 17:57:59 +01:00
Mathias Vorreiter Pedersen
e4d5b1e65e PS: Add a query for SQL injection. 2025-04-29 17:57:43 +01:00
Mathias Vorreiter Pedersen
c015c746b8 PS: Lower case more predicate results for consistency. 2025-04-29 17:45:04 +01:00
Denis Levin
aee5b23207 Merge pull request #212 from microsoft/denisl/goreferenceupdate
Update go references in mod and sum files
2025-04-28 16:26:21 -07:00
Adnan Khan
a9c4d6f383 Fix escaping. 2025-04-25 15:00:14 -04:00
Adnan Khan
38f00775bd Exclude artifacts downloaded to runner temp. 2025-04-25 14:49:01 -04:00
Josh Brown
b672950baf Merge branch 'main' into denisl/goreferenceupdate 2025-04-25 09:14:05 +10:00
Mathias Vorreiter Pedersen
4d00aa39ea Merge pull request #213 from microsoft/powershell-better-api-for-normalizednames
PS: Better API for normalizing names + get rid of warnings
2025-04-24 12:09:24 +01:00
Chanel
1930059e77 Merge pull request #214 from microsoft/dilan/powershell-lib-pack-org
PowerShell Lib Pack: Change microsoft-sdl to microsoft
2025-04-23 11:24:22 -07:00
Dilan Bhalla
084c75c8cf changing microsoft-sdl/powershell-all to microsoft/powershell-all 2025-04-23 10:45:45 -07:00
dilanbhalla
c3926d3cba Update qlpack.yml 2025-04-23 10:26:27 -07:00
dilanbhalla
a3b32af3dc Update qlpack.yml 2025-04-23 10:25:20 -07:00
Chanel
b1cd6721e0 Merge branch 'main' into powershell-better-api-for-normalizednames 2025-04-23 09:52:53 -07:00
Mathias Vorreiter Pedersen
0a1f89b8eb PS: Delete more stuff that's being deprecated and replace with non-deprecated versions. 2025-04-23 16:00:20 +01:00
Mathias Vorreiter Pedersen
06fd1c6513 PS: Delete deprecated unnecessary predicates. 2025-04-23 16:00:19 +01:00
Mathias Vorreiter Pedersen
5ec59c3b34 PS: Get rid of unnecessary module. 2025-04-23 16:00:18 +01:00
Mathias Vorreiter Pedersen
9e83dee8fe PS: Accept test changes. 2025-04-23 15:16:29 +01:00
Mathias Vorreiter Pedersen
f5e7af1df6 PS: Fix tests. 2025-04-23 15:16:26 +01:00
Mathias Vorreiter Pedersen
b65d41b498 PS: Cleanup and autoformat. 2025-04-23 12:36:48 +01:00
Mathias Vorreiter Pedersen
2e0560119c PS: Add matchesName and getAName to make it easier to match case insensitively. 2025-04-23 12:34:08 +01:00
Mathias Vorreiter Pedersen
7360d800f2 PS: Rename getName to getLowerCaseName. 2025-04-23 12:31:46 +01:00
Denis Levin
42776fb2fe Merge branch 'main' into denisl/goreferenceupdate 2025-04-22 16:49:28 -07:00
dilanbhalla
2f62351116 Merge pull request #211 from microsoft/dilan/publish-pack-bug-2
Pack Publish Bug
2025-04-22 16:12:19 -07:00
dilanbhalla
ba58c012cd Update microsoft-codeql-pack-publish.yml 2025-04-22 15:48:09 -07:00
Chanel
e669dc651b Merge pull request #210 from microsoft/dilan/pack-publish-typo
Pack Publish Typo
2025-04-22 15:33:16 -07:00
dilanbhalla
9efbecc677 Update microsoft-codeql-pack-publish.yml 2025-04-22 15:30:11 -07:00
Denis Levin
47fc9f2d10 Update go language references in mod and sum files to prevent vulnerable reference warining for CVE-2024-45337
in golang.org/x/crypto
2025-04-22 15:10:47 -07:00
Chanel
3126366768 Merge pull request #170 from microsoft/dilan/publish-opensource-packs
Publish Public Packs
2025-04-22 12:49:30 -07:00
dilanbhalla
b1129475d7 Merge branch 'main' into dilan/publish-opensource-packs 2025-04-22 12:46:24 -07:00
dilanbhalla
a3c5e48738 Update microsoft-codeql-pack-publish.yml 2025-04-22 12:45:26 -07:00
dilanbhalla
082141e40d Update microsoft-codeql-pack-publish.yml 2025-04-22 12:28:37 -07:00
dilanbhalla
054434365c Merge pull request #209 from microsoft/dilan/workflow-bugs
Fix Sync-Main Workflow Bugs
2025-04-22 11:37:25 -07:00
dilanbhalla
358862e9bd Update sync-main.yml 2025-04-22 11:30:41 -07:00
dilanbhalla
916b264e1b Update sync-main-tags.yml 2025-04-22 11:29:32 -07:00
dilanbhalla
4b3c612833 Merge branch 'main' into dilan/publish-opensource-packs 2025-04-22 11:27:46 -07:00
dilanbhalla
d3c6c3bcc6 Merge pull request #208 from microsoft/auto/sync-main-pr
Sync Main (autogenerated)
2025-04-22 10:15:07 -07:00
dilanbhalla
b28b84fad6 Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-04-22 16:59:08 +00:00
Chanel
12db85ad9c Merge pull request #206 from microsoft/psscriptanalyzer-port
Psscriptanalyzer port
2025-04-22 09:35:05 -07:00
Chanel Young
f375b81272 remove reference to command injection owasp 2025-04-22 09:26:48 -07:00
Chanel
3a66e8e71a Update powershell/ql/src/experimental/UsernameOrPasswordParameter.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-04-22 09:20:45 -07:00
Chanel
f82cfc7bd4 Update powershell/ql/src/experimental/UsernameOrPasswordParameter.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-04-22 09:20:31 -07:00
Chanel
6419794f3b Update powershell/ql/src/experimental/HardcodedComputerName.qhelp
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-04-22 09:18:31 -07:00
Chanel Young
faa47f9bfb ConvertToSecureStringAsPlainText 2025-04-22 09:17:57 -07:00
Chanel Young
2898910c04 Merge branch 'psscriptanalyzer-port' of https://github.com/microsoft/codeql into psscriptanalyzer-port 2025-04-22 09:12:04 -07:00
Chanel Young
7432884af0 Merge branch 'main' into psscriptanalyzer-port 2025-04-22 09:00:08 -07:00
dilanbhalla
9f44cb23f1 Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-04-22 15:59:07 +00:00
Mathias Vorreiter Pedersen
bfb7b0b9d0 Merge branch 'main' into psscriptanalyzer-port 2025-04-22 16:42:23 +01:00
Mathias Vorreiter Pedersen
6a5d0877c4 Merge pull request #207 from microsoft/switch-parameters
PS: Proper AST support for switch arguments
2025-04-22 16:41:40 +01:00
Chanel
a98a7b8e97 Merge branch 'main' into switch-parameters 2025-04-22 08:13:25 -07:00
dilanbhalla
ff154b11d0 Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-04-22 14:59:21 +00:00
Mathias Vorreiter Pedersen
09ebc76a23 PS: Accept test changes. 2025-04-22 15:32:35 +01:00
Mathias Vorreiter Pedersen
e9fd50b67c PS: Handle switch arguments by synthesizing a boolean true literal and represent them as named arguments. 2025-04-22 15:28:43 +01:00
Mathias Vorreiter Pedersen
72266cb000 PS: Drive-by cleanup in Constant.qll 2025-04-22 15:12:14 +01:00
Mathias Vorreiter Pedersen
b9fdc78c16 PS: Add argument tests. 2025-04-22 15:12:00 +01:00
Chanel Young
43954b7262 removed irrelevant tags 2025-04-21 17:01:12 -07:00
Chanel Young
e91912e30d cleanup 2025-04-21 16:50:36 -07:00
Chanel Young
7359f912c5 added initial psscriptanalyzer rules, docs, tests 2025-04-21 16:44:52 -07:00
dilanbhalla
7462e4003f Merge pull request #204 from microsoft/dilan/sync-main-tags
Sync Upstream Tags
2025-04-21 14:55:28 -07:00
dilanbhalla
7e32709574 Merge branch 'main' into dilan/sync-main-tags 2025-04-21 14:54:14 -07:00
dilanbhalla
2007479e56 Merge pull request #205 from microsoft/LWSimpkins/rust-module-import-fix
Update DataFlowImpl.qll
2025-04-21 14:07:10 -07:00
Lindsay Simpkins
57f060beed Update DataFlowImpl.qll 2025-04-21 16:41:36 -04:00
Dilan Bhalla
7553e14873 sync upstream tags to main 2025-04-21 12:21:23 -07:00
Chanel
03bce1c59f Merge pull request #202 from microsoft/fix-to-string-on-unknown-static-read
PS: Fix `toString` on unknown static field access
2025-04-18 09:23:02 -07:00
Chanel
37a6b0460e Merge branch 'main' into fix-to-string-on-unknown-static-read 2025-04-18 09:21:15 -07:00
Mathias Vorreiter Pedersen
21210c6cb3 Merge pull request #203 from microsoft/add-missing-downgrade-and-upgrade-scripts
PS: Add missing downgrade and upgrade scripts
2025-04-18 13:34:18 +01:00
Mathias Vorreiter Pedersen
4518f18b9f PS: Delete a cycle in the upgrade script. 2025-04-18 12:41:13 +01:00
Mathias Vorreiter Pedersen
e7e88d3946 PS: Add upgrade script from some unknown dbscheme to the dbscheme that existed when Mathias joined Microsoft 2025-04-18 12:40:58 +01:00
Chanel
fe7d8ff61f Merge pull request #201 from microsoft/powershell-injectionhunter-port
Powershell Command Injection query updates
2025-04-17 11:03:19 -07:00
Chanel Young
12b918e900 pr feedback: removed toString, updated .expected 2025-04-17 10:39:42 -07:00
Mathias Vorreiter Pedersen
b70f7e219c PS: Fix missing toString and accept test changes. 2025-04-17 17:01:33 +01:00
Mathias Vorreiter Pedersen
7d7268349d PS: Add an example with a missing toString. 2025-04-17 16:53:26 +01:00
Mathias Vorreiter Pedersen
b09d9f6772 PS: Autoformat. 2025-04-17 16:49:47 +01:00
Chanel Young
ed553d393b merged work into CommandInjection query 2025-04-16 14:32:30 -07:00
Chanel Young
2266cd2eb8 moved folder, added tests/docs 2025-04-16 12:13:07 -07:00
Chanel Young
50a771edee Merge branch 'main' into powershell-injectionhunter-port 2025-04-16 11:19:26 -07:00
Chanel Young
5f643509f0 added script block, expandstring sinks, moved sanitizers to separate file 2025-04-16 11:18:02 -07:00
Chanel
c9b1356853 Merge pull request #200 from microsoft/files-reads-as-flow-sources
PS: Handle more flow sources
2025-04-16 10:03:44 -07:00
Mathias Vorreiter Pedersen
396a283da9 PS: Add tests for flow sources. 2025-04-15 22:43:21 +01:00
Mathias Vorreiter Pedersen
826e6a9ee8 PS: Add an inline expectations test library for flow sources. 2025-04-15 22:43:19 +01:00
Mathias Vorreiter Pedersen
dcc127832e PS: Make remote flow sources flow sources. 2025-04-15 22:43:18 +01:00
Mathias Vorreiter Pedersen
fa3fc4a0c3 PS: Fix more problems in MaD rows for sources. 2025-04-15 22:43:16 +01:00
Mathias Vorreiter Pedersen
a146630a09 PS: Delete redundant files. 2025-04-15 22:43:14 +01:00
Mathias Vorreiter Pedersen
43d9c701f8 PS: Rename Field and Property to Member. 2025-04-15 22:43:03 +01:00
Mathias Vorreiter Pedersen
f38948764c PS: Make type names lower case. 2025-04-15 22:36:31 +01:00
Mathias Vorreiter Pedersen
993511735a PS: Make method names lower case. 2025-04-15 22:02:46 +01:00
Chanel Young
b4d8673a38 Merge branch 'main' of https://github.com/microsoft/codeql into powershell-injectionhunter-port 2025-04-14 15:18:37 -07:00
Mathias Vorreiter Pedersen
6455992402 PS: Add two more flow sources. 2025-04-10 20:44:11 +01:00
Mathias Vorreiter Pedersen
3d18175885 PS: Make it possible to specify a named argument that must be present in MaD. 2025-04-10 20:42:50 +01:00
Mathias Vorreiter Pedersen
43de3a131b PS: Use the existing MaD rows to model file reads as flow sources. 2025-04-10 20:25:17 +01:00
Chanel
1637df0a3f Merge pull request #199 from microsoft/fix-top-level-arguments
PS: Fix a couple of missing local flow sources
2025-04-10 11:18:31 -07:00
Mathias Vorreiter Pedersen
4aa9f85b5d PS: Accept test changes. 2025-04-10 19:02:54 +01:00
Mathias Vorreiter Pedersen
9adf028d41 PS: Fix environment variables. 2025-04-10 19:02:07 +01:00
Mathias Vorreiter Pedersen
bf9ed3bcb7 PS: Accept test changes. 2025-04-10 18:52:27 +01:00
Mathias Vorreiter Pedersen
6084789f09 PS: Fix the top level arguments after the AST cleanup. 2025-04-10 18:50:06 +01:00
Mathias Vorreiter Pedersen
793fd5eb7e PS: Delete a redundant file. 2025-04-10 18:49:45 +01:00
dilanbhalla
5abde74f0c Merge pull request #198 from microsoft/dilan/sync-main-bugs-7
Sync Main Error Handling Improvement
2025-04-10 10:34:55 -07:00
dilanbhalla
4628c187bd Update sync-main.yml 2025-04-10 10:26:00 -07:00
Chanel
419de4fd22 Merge pull request #196 from microsoft/autogenerate-lots-of-models
PS: Add autogenerated summary models
2025-04-09 11:16:36 -07:00
Mathias Vorreiter Pedersen
b55ee68a99 Merge branch 'main' into autogenerate-lots-of-models 2025-04-09 11:12:09 -07:00
dilanbhalla
89ddb30a96 Merge pull request #197 from microsoft/auto/sync-main-pr
Sync Main (autogenerated)
2025-04-09 10:46:13 -07:00
dilanbhalla
0f034b32e0 Merge pull request #194 from microsoft/dilan/sync-main-bugs-6
Sync Main: More Misc Bugs
2025-04-09 10:46:07 -07:00
dilanbhalla
c5b024a9dd Update sync-main.yml 2025-04-09 10:26:10 -07:00
dilanbhalla
b8b4e44e81 Update sync-main.yml 2025-04-09 10:24:00 -07:00
dilanbhalla
86b3eaeb64 Merge branch 'main' into dilan/sync-main-bugs-6 2025-04-09 10:18:16 -07:00
dilanbhalla
0d97cd6be6 Merge branch 'main' of https://github.com/microsoft/codeql into auto/sync-main-pr 2025-04-09 17:17:29 +00:00
dilanbhalla
88a7c3a63d Update sync-main.yml 2025-04-09 10:16:42 -07:00
dilanbhalla
e7edf1bab9 Update sync-main.yml 2025-04-09 10:13:45 -07:00
dilanbhalla
a93d65b2d1 Update sync-main.yml 2025-04-09 10:11:23 -07:00
Mathias Vorreiter Pedersen
f8207fa92a PS: Add a testcase to demonstrate flow through Join-String. 2025-04-09 15:20:41 +01:00
Mathias Vorreiter Pedersen
ebb91dceb7 PS: Add a few more models after fixing MaD for Element content. 2025-04-09 15:20:39 +01:00
Mathias Vorreiter Pedersen
6de4765fe6 PS: Support implicit imports in API graphs. 2025-04-09 15:20:38 +01:00
Mathias Vorreiter Pedersen
a5afc3c582 PS: Flow through pipelines. 2025-04-09 15:20:36 +01:00
Mathias Vorreiter Pedersen
5f12d7c970 PS: Taint flow through all calls to 'toString'. 2025-04-09 15:20:35 +01:00
Mathias Vorreiter Pedersen
763effb50d PS: Add more models and support pipeline parameters in MaD. 2025-04-09 15:20:33 +01:00
Mathias Vorreiter Pedersen
f38c5f5b4f PS: Add lots of models. 2025-04-09 15:20:32 +01:00
Mathias Vorreiter Pedersen
02c027d9f6 Merge pull request #183 from microsoft/hashcons-for-csharp
C#: Add a hash-cons library for C#
2025-04-09 04:21:50 -07:00
Mathias Vorreiter Pedersen
7612ef922f Merge pull request #186 from microsoft/powershell-automatic-variables-as-member-edges
PS: Fix more Chanel-reported PowerShell issues
2025-04-09 04:21:38 -07:00
dilanbhalla
79909e93a2 Update sync-main.yml 2025-04-08 16:34:50 -07:00
dilanbhalla
70f9401ba2 Update sync-main.yml 2025-04-08 16:31:56 -07:00
github-actions[bot]
1e24627de3 Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
2025-04-08 23:27:08 +00:00
dilanbhalla
a7dcc9fa6f Update sync-main.yml 2025-04-08 16:26:10 -07:00
dilanbhalla
3d57ea9d8c Update sync-main.yml 2025-04-08 16:22:18 -07:00
dilanbhalla
98338fe6c8 Update sync-main.yml 2025-04-08 16:16:34 -07:00
dilanbhalla
2a8c8dbdb7 Update sync-main.yml 2025-04-08 16:12:47 -07:00
dilanbhalla
d2eadbffad Update sync-main.yml 2025-04-08 16:07:41 -07:00
dilanbhalla
87d55921c6 Update sync-main.yml 2025-04-08 16:01:38 -07:00
dilanbhalla
9f2b3eb95e Update sync-main.yml 2025-04-08 15:53:16 -07:00
dilanbhalla
826d43da88 Update sync-main.yml 2025-04-08 15:50:41 -07:00
dilanbhalla
544f0ca81d Update sync-main.yml 2025-04-08 15:43:31 -07:00
dilanbhalla
7a168b0d5c Update sync-main.yml 2025-04-08 15:37:42 -07:00
dilanbhalla
be4f1f1482 Update sync-main.yml 2025-04-08 15:34:53 -07:00
dilanbhalla
eb41d97d48 Update sync-main.yml 2025-04-08 15:28:59 -07:00
dilanbhalla
9bbffb6fd8 Update sync-main.yml 2025-04-08 15:09:55 -07:00
dilanbhalla
9a59b1c807 Update sync-main.yml 2025-04-08 14:57:47 -07:00
dilanbhalla
d92e61eeff Update sync-main.yml 2025-04-08 14:47:57 -07:00
dilanbhalla
3a630ad276 Update sync-main.yml 2025-04-08 14:22:13 -07:00
dilanbhalla
7259356af1 Update sync-main.yml 2025-04-08 14:21:33 -07:00
dilanbhalla
71ccc9675a Update sync-main.yml 2025-04-08 14:05:42 -07:00
dilanbhalla
bc8220f76b Update sync-main.yml 2025-04-08 13:21:17 -07:00
dilanbhalla
d384e41953 Update sync-main.yml 2025-04-08 12:49:03 -07:00
dilanbhalla
3324c30a71 Update sync-main.yml 2025-04-08 12:48:34 -07:00
dilanbhalla
9442bf39eb Update sync-main.yml 2025-04-08 12:47:13 -07:00
dilanbhalla
0d40476820 Update sync-main.yml 2025-04-08 12:28:52 -07:00
dilanbhalla
e2bac165fe Update sync-main.yml 2025-04-08 11:58:41 -07:00
dilanbhalla
ed31f43cfd Update sync-main.yml 2025-04-08 11:51:21 -07:00
dilanbhalla
d81989f345 Update sync-main.yml 2025-04-08 11:48:02 -07:00
dilanbhalla
75fb343e38 Update sync-main.yml 2025-04-08 11:41:29 -07:00
dilanbhalla
b6762463f7 Update sync-main.yml 2025-04-08 11:33:40 -07:00
dilanbhalla
dc9fdb596e Update sync-main.yml 2025-04-08 11:29:26 -07:00
dilanbhalla
c1665fdc0f Update sync-main.yml 2025-04-08 11:26:20 -07:00
dilanbhalla
db6d82c9b2 Update sync-main.yml 2025-04-08 11:17:22 -07:00
dilanbhalla
7e90d99c28 Update sync-main.yml 2025-04-08 11:14:08 -07:00
dilanbhalla
e098dd3d50 Merge pull request #193 from microsoft/dilan/sync-main-bugs-5
Sync Main: More Bugs (Failed PR Creation)
2025-04-08 10:26:50 -07:00
dilanbhalla
ae5709d894 Update sync-main.yml 2025-04-04 18:55:57 -07:00
dilanbhalla
41406d1b16 Merge pull request #192 from microsoft/dilan/sync-main-bugs-4
Sync Main: More Misc Bugs (token related bugs)
2025-04-04 15:58:20 -07:00
dilanbhalla
3c92f6b74d Update sync-main.yml 2025-04-04 15:41:21 -07:00
dilanbhalla
fb938abfd9 Merge pull request #191 from microsoft/dilan/sync-main-bugs-3
Sync Main: More Misc Token Bugs
2025-04-04 15:34:45 -07:00
dilanbhalla
e0a6a4edc6 Update sync-main.yml 2025-04-04 15:03:01 -07:00
dilanbhalla
52ceda1e40 Merge pull request #190 from microsoft/dilan/sync-main-bugs-2
Sync Main Various Bugs (permissions/tokens, git debugging, etc.)
2025-04-04 14:58:43 -07:00
dilanbhalla
856826019d Merge branch 'main' into dilan/sync-main-bugs-2 2025-04-04 14:55:31 -07:00
dilanbhalla
cda36a8550 Update sync-main.yml 2025-04-04 14:53:52 -07:00
dilanbhalla
13e53055a5 Merge pull request #189 from microsoft/dilan/sync-main-bugs-1
Sync Main Misc Git Bugs
2025-04-04 14:40:02 -07:00
dilanbhalla
157c57a3d4 Update sync-main.yml 2025-04-04 14:22:39 -07:00
dilanbhalla
452f56fa7f Merge pull request #188 from microsoft/dilan/sync-main-trigger
Adding push trigger to sync-main
2025-04-04 14:13:23 -07:00
dilanbhalla
3c4592591b Update sync-main.yml 2025-04-04 14:11:00 -07:00
dilanbhalla
6cbc80a69b Merge pull request #187 from microsoft/dilan/sync-main-createpr
Policy update: Sync-Main Create PR (instead of direct push)
2025-04-04 14:08:35 -07:00
dilanbhalla
2af55138da Update sync-main.yml 2025-04-04 14:00:05 -07:00
dilanbhalla
e0b8e20f9b Update sync-main.yml 2025-04-04 13:57:18 -07:00
dilanbhalla
6da7e4cb84 Update sync-main.yml 2025-04-04 13:53:14 -07:00
Chanel Young
6db354e82d Merge branch 'main' of https://github.com/microsoft/codeql into powershell-injectionhunter-port 2025-04-04 09:20:29 -07:00
Chanel Young
38f0f07d57 modeled some user input, sanitizers 2025-04-04 09:03:39 -07:00
Chanel
a2d4296329 Merge branch 'main' into powershell-automatic-variables-as-member-edges 2025-04-04 09:03:09 -07:00
Mathias Vorreiter Pedersen
8a58af8f84 PS: Add a model for 'EscapeSingleQuotedStringContent' and add a test. 2025-04-04 15:48:19 +01:00
Mathias Vorreiter Pedersen
65abf48ad6 PS: Add missing taint-flow and dataflow dispatch from models. 2025-04-04 15:40:35 +01:00
Mathias Vorreiter Pedersen
f482c9dba7 PS: Make the implementation of 'getExtraNodeFromType' more complete. This is still not good enough, but it's enough to get the flow we need for now. 2025-04-04 15:39:56 +01:00
Mathias Vorreiter Pedersen
03f356188b PS: Accept test changes. 2025-04-04 12:33:15 +01:00
Mathias Vorreiter Pedersen
cdd68b3951 PS: Improve the location of synthesized variables. 2025-04-04 12:33:13 +01:00
Mathias Vorreiter Pedersen
ebc732756f PS: Get rid of the pipelineVARIABLE and only have pipelinePARAMETER (and similarly for the by-propertyname versions). 2025-04-04 12:33:12 +01:00
Mathias Vorreiter Pedersen
16348b5484 PS: Consistently use the pipeline parameter as the parameter when it supplied in the program. 2025-04-04 12:33:11 +01:00
Josh Brown
c5c3236f99 Merge branch 'main' into hashcons-for-csharp 2025-04-04 07:30:49 +11:00
Mathias Vorreiter Pedersen
22bdcf0af2 PS: Force lower casing on method edges. 2025-04-03 20:33:04 +01:00
Mathias Vorreiter Pedersen
4df449d4b0 PS: Add an edge from the root node to automatic variables, and from a member read qualifier to a read. 2025-04-03 20:30:52 +01:00
Mathias Vorreiter Pedersen
4b14e5e7ec PS: Lift automatic variables to the cfg and dataflow layers. 2025-04-03 20:30:15 +01:00
Mathias Vorreiter Pedersen
50c57c2cb2 PS: Drive-by: Assign a location to top-level functions. 2025-04-03 20:29:44 +01:00
dilanbhalla
6873ebae16 Merge pull request #185 from microsoft/fix-ssa-for-powershell-2
PS: Fixup SSA after GitHub's 2.21.0 changes
2025-04-03 12:05:43 -07:00
Josh Brown
e261510528 Merge branch 'main' into hashcons-for-csharp 2025-04-04 05:52:23 +11:00
Mathias Vorreiter Pedersen
2f215c1e0f PS: Accept test changes. 2025-04-03 19:48:13 +01:00
Mathias Vorreiter Pedersen
403c182dc9 PS: Fixup SSA after GitHub's recent changes. 2025-04-03 19:48:06 +01:00
Chanel Young
22ff3a3e01 Merge branch 'main' of https://github.com/microsoft/codeql into powershell-injectionhunter-port 2025-04-03 11:24:31 -07:00
Chanel Young
656b734391 initial query 2025-04-03 11:23:49 -07:00
Chanel
7c59a748a8 Merge pull request #184 from microsoft/fix-parameter-by-name-flow-3
PS: Fix the last remaining missing flows after AST prettification
2025-04-03 11:20:23 -07:00
Mathias Vorreiter Pedersen
38536a9e38 PS: Accept test changes. 2025-04-03 18:46:12 +01:00
Mathias Vorreiter Pedersen
5151eb3b64 PS: Add dataflow for pipeline-by-property-name variables. 2025-04-03 18:46:11 +01:00
Mathias Vorreiter Pedersen
86ec291145 PS: Improve toString on phi nodes. 2025-04-03 18:46:10 +01:00
Mathias Vorreiter Pedersen
3acbd83297 PS: Drive-by fix: The variable access in a foreach loop implicitly writes to the variable. 2025-04-03 18:46:09 +01:00
Mathias Vorreiter Pedersen
4d04b11468 PS: Add some implicit reads at process blocks, and fix CFG for process blocks so that these reads appear in the CFG. 2025-04-03 18:46:08 +01:00
Mathias Vorreiter Pedersen
cd8e5e6d8d PS: Subclass AnyElement into positional or key-ional. 2025-04-03 18:46:06 +01:00
Mathias Vorreiter Pedersen
70ca6868aa C#: Make a few more modules private. 2025-04-03 18:18:46 +01:00
Mathias Vorreiter Pedersen
61259735fd C#: Add a hash-cons library for C#. 2025-04-03 18:13:01 +01:00
Chanel
b452339b23 Merge pull request #182 from microsoft/fix-parameter-by-name-flow-2
PS: Fix parameter/argument name mapping for named parameters
2025-04-01 11:29:01 -07:00
Mathias Vorreiter Pedersen
5fa3beb13d PS: Normalize parameter keywords and accept test changes. 2025-04-01 19:21:42 +01:00
Mathias Vorreiter Pedersen
1c380fb7fb PS: Add another missing flow found by Chanel. 2025-04-01 19:21:41 +01:00
Chanel
898297b542 Merge pull request #181 from microsoft/powershell-ast-modernization-follow-up
PS: Fix more taint-tracking/dataflow regressions
2025-04-01 09:46:48 -07:00
Mathias Vorreiter Pedersen
8ae92a5cdb PS: Accept test changes. 2025-04-01 15:08:36 +01:00
Mathias Vorreiter Pedersen
129b7876d7 PS: Allow shadowing of automatic variables. 2025-04-01 15:08:35 +01:00
Mathias Vorreiter Pedersen
08dc8183e0 PS: Add Chanel's missing flow example. 2025-04-01 15:08:33 +01:00
Mathias Vorreiter Pedersen
0b9720c908 PS: Accept test changes. 2025-03-31 20:12:51 +01:00
Mathias Vorreiter Pedersen
88f638dc5c PS: Fix more pipeline flow. 2025-03-31 20:12:43 +01:00
Mathias Vorreiter Pedersen
ee4104b78c PS: Fix parent-child mapping for iterator pipeline access synthesis. 2025-03-29 11:51:33 +00:00
Mathias Vorreiter Pedersen
a6a17344ff PS: Easier debugging with strings for child indices. 2025-03-29 11:18:23 +00:00
Mathias Vorreiter Pedersen
e17a169b8b Merge pull request #180 from microsoft/powershell-ast-modernization-follow-up
PS: Fix PowerShell dataflow/taint-tracking failures
2025-03-28 13:19:00 -07:00
Mathias Vorreiter Pedersen
7102ebbcf7 PS: Accept test changes. 2025-03-28 19:39:54 +00:00
Mathias Vorreiter Pedersen
3643b93033 fixup! PS: Define pre-return node and implicit-wrapping nodes using the script block instead of the individual elements. 2025-03-28 19:36:18 +00:00
Mathias Vorreiter Pedersen
5d5448df62 PS: Also use the new library to handle array expressions. 2025-03-28 19:36:06 +00:00
Mathias Vorreiter Pedersen
b2cf155ff5 PS: Define pre-return node and implicit-wrapping nodes using the script block instead of the individual elements. 2025-03-28 19:35:41 +00:00
Mathias Vorreiter Pedersen
ee8c586200 PS: Use the new library to calculate returned expressions. 2025-03-28 19:34:50 +00:00
Mathias Vorreiter Pedersen
a9861e13e9 PS: Add a library that calculated escaping values much more efficiently using the forward/reverse pruning technique. 2025-03-28 19:33:23 +00:00
Mathias Vorreiter Pedersen
f85767f47e PS: add a super class for all loop-related CFG nodes. 2025-03-28 19:32:36 +00:00
Mathias Vorreiter Pedersen
19454a50e9 PS: Small additions to the CFG classes and a small bugfix. 2025-03-28 19:32:07 +00:00
Mathias Vorreiter Pedersen
18d94f2078 PS: Don't include the variable in the IPA definition for variable accesses. 2025-03-28 19:31:15 +00:00
Mathias Vorreiter Pedersen
2da8da0777 PS: Add helper predicates for if statements. 2025-03-28 19:30:16 +00:00
Mathias Vorreiter Pedersen
ee0a21e67f PS: Make child mapping classes private. 2025-03-28 19:29:45 +00:00
Mathias Vorreiter Pedersen
7b9a41aa92 PS: Handle this parameters in a few more places. 2025-03-27 18:03:06 +00:00
Mathias Vorreiter Pedersen
dcb98ab5a1 PS: Don't include the this parameter in getParameter. 2025-03-27 18:01:28 +00:00
Mathias Vorreiter Pedersen
cea435cf1f Merge pull request #178 from microsoft/powershell-ipa-the-ast
PS: Simplify the AST in Powershell
2025-03-27 09:37:38 -07:00
Mathias Vorreiter Pedersen
0fc57789bf PS: Accept dataflow/taint-tracking/type-tracking regressions. 2025-03-27 16:01:42 +00:00
Mathias Vorreiter Pedersen
c840f86707 PS: Accept CFG test changes. 2025-03-27 16:01:41 +00:00
Mathias Vorreiter Pedersen
655d80ee7b PS: Repair tests and accept test changes in syntax tests. 2025-03-27 16:01:39 +00:00
Mathias Vorreiter Pedersen
7551cce537 PS: Make API graphs compile again. There is still some TODOs here, but at least it compiles. 2025-03-27 16:01:38 +00:00
Mathias Vorreiter Pedersen
8092345fee PS: Make type-tracking and taint-tracking compile again. 2025-03-27 16:01:36 +00:00
Mathias Vorreiter Pedersen
8f9bc1e4b2 PS: Make SSA compile again. 2025-03-27 16:01:35 +00:00
Mathias Vorreiter Pedersen
c2e24ea3a4 PS: Make CFG construction compile again. 2025-03-27 16:01:33 +00:00
Mathias Vorreiter Pedersen
9efc3ec380 PS: Make dataflow compile again. 2025-03-27 16:01:30 +00:00
Mathias Vorreiter Pedersen
cc13922206 PS: Make the experimental query compile again. 2025-03-27 16:01:28 +00:00
Mathias Vorreiter Pedersen
171f5ca698 PS: Inside a process block the name of a pipeline parameter actually refers to the individual elements in the pipeline. Add a synthesized variable access that represents this. 2025-03-27 16:01:26 +00:00
Mathias Vorreiter Pedersen
9f4d1c624d PS: PowerShell doesn't have a notion of true, false, null, etc. In the extracted AST these are just variables with special names. We insert synthesized AST elements that represent these special variables. 2025-03-27 16:01:24 +00:00
Mathias Vorreiter Pedersen
7adb020977 PS: Remove arguments that are just names for a named argument. 2025-03-27 16:01:23 +00:00
Mathias Vorreiter Pedersen
3bb6021cb2 PS: Remove the CmdExpr AST elements and synthesize StmtExpr instead where needed. 2025-03-27 16:01:21 +00:00
Mathias Vorreiter Pedersen
8eb5e65ac4 PS: Synthesize Function and Type classes instead of relying on the statement that defines them. 2025-03-27 16:01:20 +00:00
Mathias Vorreiter Pedersen
17661342f8 PS: expr-to-stmt conversions. 2025-03-27 16:01:18 +00:00
Mathias Vorreiter Pedersen
0b4a7f9436 PS: Synthesize a simpler notion of parameters. 2025-03-27 16:01:17 +00:00
Mathias Vorreiter Pedersen
5bc0a263ec PS: A call to set-variable is an explicit assignment. 2025-03-27 16:01:15 +00:00
Mathias Vorreiter Pedersen
faa94735bf PS: Add an implicit this parameter to all methods. 2025-03-27 16:01:14 +00:00
Mathias Vorreiter Pedersen
31f14ba99a PS: Add synthesis framework for cleaning up the AST. 2025-03-27 16:01:11 +00:00
Mathias Vorreiter Pedersen
0dd756d72d PS: Add support for variables. 2025-03-27 16:01:10 +00:00
Mathias Vorreiter Pedersen
11c84ccaf4 PS: Add the IPA type representing the AST. 2025-03-27 16:01:09 +00:00
Mathias Vorreiter Pedersen
b52c6ea4ba PS: Add control-flow node version of all the user-facing ast classes. 2025-03-27 16:01:07 +00:00
Mathias Vorreiter Pedersen
a207c8008b PS: Add 'raw' AST classes coming directly from the extractor. 2025-03-27 16:01:06 +00:00
Mathias Vorreiter Pedersen
665202195c PS: Add user-facing AST classes. 2025-03-27 16:01:04 +00:00
Mathias Vorreiter Pedersen
d79eb013c8 PS: Delete the old AST. 2025-03-26 18:00:10 +00:00
Mathias Vorreiter Pedersen
44e4e3eb54 PS: Extract more powershell files and fix off-by-one error in locations. 2025-03-25 16:59:28 +00:00
Dilan
4c138212bc Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-03-18 13:06:17 +00:00
Geoffrey White
07011f7460 Rust: Fix more after merge. 2025-03-17 12:22:09 +00:00
Geoffrey White
f5daec9da0 Rust: Fix after merge. 2025-03-17 12:10:59 +00:00
Geoffrey White
81edb4780d Merge branch 'main' into constcrypto 2025-03-17 12:05:51 +00:00
Geoffrey White
704b3850f4 Rust: Fix a mistake in the test. 2025-03-17 11:24:58 +00:00
Geoffrey White
a0f4fa28b2 Rust: hardcoded -> hard-coded. 2025-03-11 09:40:47 +00:00
Geoffrey White
e3beacbda2 Rust: Print models (temporary, to see how this differs on CI). 2025-03-10 19:38:36 +00:00
Geoffrey White
1ca5c593f9 Rust: Replace imports of internal.DataFlowImpl where possible. 2025-03-10 11:47:23 +00:00
Geoffrey White
9e54d53537 Rust: Add barrier. 2025-03-10 11:41:48 +00:00
Geoffrey White
a34f9bef2b Rust: Add a test case for getrandom. 2025-03-10 11:33:29 +00:00
Geoffrey White
e84a98bd97 Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2025-03-10 11:15:23 +00:00
Geoffrey White
b4e710f459 Rust: Add missing models (for some platforms???). 2025-03-07 22:28:38 +00:00
Geoffrey White
fdb4362b6f Merge remote-tracking branch 'upstream/main' into constcrypto 2025-03-07 17:51:48 +00:00
Geoffrey White
3dc35f1fab Rust: Accept more test changes. 2025-03-07 17:02:26 +00:00
Geoffrey White
c63c1be11c Rust: Accept integration test .expected changes. 2025-03-07 16:12:31 +00:00
Geoffrey White
19416a9ee3 Rust: Correct test results. 2025-03-07 15:43:34 +00:00
Geoffrey White
b6c9be23c1 Merge branch 'main' into constcrypto 2025-03-07 09:11:10 +00:00
Geoffrey White
42e7d1e983 Rust: Fix typo. 2025-03-06 19:09:01 +00:00
Geoffrey White
9af2d0218b Rust: Add the new sinks to stats. 2025-03-06 18:50:11 +00:00
Geoffrey White
952e417d13 Rust: Tweak some wording. 2025-03-06 18:46:37 +00:00
Geoffrey White
e564c41043 Rust: Compute security-severity tag. 2025-03-06 18:36:55 +00:00
Geoffrey White
95be12ed80 Rust: Add qhelp and examples. 2025-03-06 17:48:47 +00:00
Geoffrey White
b4a6063e20 Rust: Add std::mem::zeroed as a source. 2025-03-06 17:48:45 +00:00
Geoffrey White
ac94ac6584 Rust: Model even more sinks + flows. 2025-03-06 17:48:44 +00:00
Geoffrey White
055baf2769 Rust: Improve results on arrays (less duplication). 2025-03-06 17:48:43 +00:00
Geoffrey White
aacbfc0fd8 Rust: Improve alert messages. 2025-03-06 17:48:41 +00:00
Geoffrey White
a6e106e025 Rust: Model more sinks + flows. 2025-03-06 17:48:40 +00:00
Geoffrey White
9fb00daeec Rust: Implement the query (with one source, one sink model). 2025-03-06 17:48:39 +00:00
Geoffrey White
bd75f0187b Rust: More test cases. 2025-03-06 17:48:37 +00:00
Dilan
0869a11411 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-03-06 15:59:15 +00:00
Geoffrey White
9a35febe80 Rust: Query framework and basic tests. 2025-03-06 13:24:05 +00:00
Mathias Vorreiter Pedersen
4ddc425156 Merge pull request #175 from gfs/gfs/PowershellExtractorNetUpgrade
Update .NET Version for Powershell Extractor to Net 9.0
2025-02-27 18:05:34 +00:00
Mathias Vorreiter Pedersen
faa51c17e1 Merge branch 'main' into gfs/PowershellExtractorNetUpgrade 2025-02-27 17:59:31 +00:00
Mathias Vorreiter Pedersen
2172ced0be Merge pull request #176 from microsoft/dilan/powershell-pr-token
Fix PowerShell PR Token
2025-02-27 17:58:41 +00:00
dilanbhalla
17ae251137 Update powershell-pr-check.yml 2025-02-27 09:34:15 -08:00
Gabe Stocco
b018fb9c8f Add gitignore for build artifacts from powershell extractor 2025-02-26 12:40:27 -08:00
Gabe Stocco
43cdff9725 Update dependencies.
Update projects to use NET 9.0 (required by System.Management 7.5 and later)
2025-02-26 12:36:35 -08:00
Gabe Stocco
ee2688fbcb Update project to net 8. 2025-02-26 12:30:05 -08:00
Mathias Vorreiter Pedersen
4e6f4639f7 Merge pull request #174 from microsoft/revert-ps-module-extraction
PS: Revert extraction of code found via `PSModulePath`
2025-02-26 12:29:39 +00:00
Mathias Vorreiter Pedersen
abc23e038a Merge branch 'main' into revert-ps-module-extraction 2025-02-26 12:26:17 +00:00
Mathias Vorreiter Pedersen
29c11a4a5e PS: Add upgrade and downgrade scripts. 2025-02-24 14:23:49 +00:00
Mathias Vorreiter Pedersen
5b5b15361a PS: Make the prepare db script work on the Microsoft repo. 2025-02-24 14:23:47 +00:00
Mathias Vorreiter Pedersen
4bfd6fd345 PS: Revert psmodule path file extraction. 2025-02-24 14:23:46 +00:00
Mathias Vorreiter Pedersen
1978e10c05 PS: Remove extractor option to skip psmodule extraction. 2025-02-24 14:23:35 +00:00
Dilan
0628e4990b Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-02-21 18:59:16 +00:00
dilanbhalla
d76e438a90 Merge pull request #173 from microsoft/powershell-update-basic-block-library-for-2.20.5
PS: Match the changes from #18696
2025-02-21 10:13:16 -08:00
Mathias Vorreiter Pedersen
6909792627 PS: Also get rid of an easy-to-fix SSA warning. 2025-02-21 12:22:06 +00:00
Mathias Vorreiter Pedersen
efb43bca3e PS: Match the changes from #18696. 2025-02-21 12:16:00 +00:00
Mathias Vorreiter Pedersen
61796da374 Merge pull request #171 from microsoft/ps-add-dotnet-type-models
PS: Add .NET and PowerShell SDK type models.
2025-02-19 18:37:43 +00:00
Mathias Vorreiter Pedersen
3dbe7f4fa6 PS: Add the type model generation script and add a short readme. 2025-02-19 14:10:28 +00:00
Mathias Vorreiter Pedersen
6ef09412a9 PS: Add .NET and PowerShell SDK type models. 2025-02-19 00:05:51 +00:00
dilanbhalla
c39c091690 Update microsoft-codeql-pack-publish.yml 2025-02-14 11:06:14 -08:00
dilanbhalla
8c466139cb Update microsoft-codeql-pack-publish.yml 2025-02-14 11:05:16 -08:00
dilanbhalla
e79d4c9123 Update microsoft-codeql-pack-publish.yml 2025-02-14 10:50:32 -08:00
dilanbhalla
c4fa83bea8 Update microsoft-codeql-pack-publish.yml 2025-02-14 10:47:33 -08:00
dilanbhalla
4e0bfa3f66 Merge branch 'main' into dilan/publish-opensource-packs 2025-02-14 10:42:11 -08:00
Raul Garcia
5c54c81907 Merge pull request #169 from microsoft/dilan/metadata-bug-cpp
Metadata Bug in C++ Query
2025-02-12 16:46:26 -08:00
dilanbhalla
9ba49adc04 Update ArgumentIsSizeofOrOperation.ql 2025-02-12 15:15:17 -08:00
dilanbhalla
ad3299124c Merge pull request #168 from microsoft/dilan/reduce-pr-check-perms
Reduce GitHub Workflow Perms
2025-02-10 13:16:37 -08:00
dilanbhalla
6ccedebd12 Update sync-main.yml 2025-02-10 13:13:34 -08:00
dilanbhalla
898e4ff8af reduce powershell pr check perms 2025-02-10 12:52:03 -08:00
dilanbhalla
d5f75d49d8 Merge pull request #167 from microsoft/update-ruby-internal-dataflow-files
Ruby: Update internal dataflow files.
2025-02-10 09:24:09 -08:00
Mathias Vorreiter Pedersen
6ed2eb1478 Ruby: Update internal dataflow files. 2025-02-10 12:43:07 +00:00
dilanbhalla
233c0cfda0 Merge pull request #166 from microsoft/dilan/resolve-ruby-df-error
resolving ruby df error
2025-02-07 16:00:23 -08:00
Dilan Bhalla
41b5d19137 resolving ruby df error 2025-02-07 14:10:07 -08:00
dilanbhalla
e7bb37a18f Merge pull request #165 from microsoft/dilan/microsoft-namespace-edit
Microsoft Public Namespace Fix
2025-02-07 10:19:42 -08:00
dilanbhalla
e200aa5cdd Merge branch 'main' into dilan/microsoft-namespace-edit 2025-02-07 10:11:06 -08:00
Dilan Bhalla
414feffcaa microsoft-public -> public 2025-02-07 10:09:34 -08:00
Mathias Vorreiter Pedersen
7f7e9348e9 Merge pull request #164 from microsoft/dilan/include-microsoft-public-tests
Include Tests for Microsoft Open Source Queries
2025-02-07 14:46:48 +00:00
Mathias Vorreiter Pedersen
642780e7d6 C++: Accept more test changes. 2025-02-07 14:41:47 +00:00
Dilan Bhalla
ba97b92148 microsoft public namespace edit 2025-02-06 23:41:09 -08:00
Dilan Bhalla
312bc523a6 adding msft open source tests 2025-02-06 17:11:09 -08:00
Dilan
b0c11b5a78 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-02-06 21:05:28 +00:00
dilanbhalla
9be5b3c344 Merge pull request #163 from microsoft/update-powershell-cfg-library-after-2.20.4
PS: Fixup CFG library in preparation for 2.20.4
2025-02-06 13:03:57 -08:00
dilanbhalla
c749c19db4 Update CommandInjection.ql 2025-02-06 12:04:51 -08:00
dilanbhalla
fa74d05211 Update CommandInjection.ql 2025-02-06 12:04:39 -08:00
dilanbhalla
14ab30ce1f Update DoNotUseInvokeExpression.ql 2025-02-06 12:04:29 -08:00
Mathias Vorreiter Pedersen
c43b682862 PS: Ensure that the PowerShell CFG library compiles with CodeQL version 2.20.4. 2025-02-06 19:55:29 +00:00
Raul Garcia
cd9a0f1776 Merge pull request #161 from microsoft/dilan/query-id-msft-namespace
Add Microsoft-Public Namespace to Query IDs
2025-02-04 12:05:42 -08:00
Dilan Bhalla
54f0bc1afb adding msft namespace to msft query ids 2025-02-04 11:54:38 -08:00
Dilan Bhalla
405a4f545b working for first version, updating to autoincrementing logic 2025-02-02 23:12:13 -08:00
Dilan Bhalla
c8077a5117 minor fix 2025-02-02 22:58:46 -08:00
Dilan Bhalla
d6da994507 minor fix 2025-02-02 22:46:15 -08:00
Dilan Bhalla
d09d8c83ed minor fix 2025-02-02 22:37:43 -08:00
Dilan Bhalla
dd9e87c777 minor fix 2025-02-02 22:35:44 -08:00
Dilan Bhalla
d59576e55b minor fix 2025-02-02 22:30:34 -08:00
Dilan Bhalla
9c7dca6774 minor fix 2025-01-31 16:30:58 -08:00
Dilan Bhalla
19ea28c7d5 minor fix 2025-01-31 16:26:11 -08:00
Dilan Bhalla
472a51e3b5 minor fix 2025-01-31 16:02:17 -08:00
Dilan Bhalla
c3a0bc25f9 minor fix 2025-01-31 16:00:11 -08:00
Dilan Bhalla
1eb5e9bc87 accidentally removed codeql install step 2025-01-31 15:56:38 -08:00
Dilan Bhalla
efe01c151e first time publish, hardcode to 0.0.1 2025-01-31 15:49:10 -08:00
Dilan Bhalla
4e24f3231f minor fix 2025-01-31 15:46:10 -08:00
Dilan Bhalla
c99146a041 minor fix 2025-01-31 15:39:04 -08:00
Dilan Bhalla
cc4ce3b8d1 minor fix 2025-01-31 15:37:48 -08:00
Dilan Bhalla
6958dff31f minor fix 2025-01-31 15:36:35 -08:00
Dilan Bhalla
d1b30ef13d minor fix 2025-01-31 15:34:47 -08:00
Dilan Bhalla
a6fe1b5ed1 open source package publish 2025-01-31 15:33:54 -08:00
dilanbhalla
a88f3ce16d Merge pull request #160 from microsoft/dilan/remove-js-dataflow-deprecation-labels
TEMPORARY: Remove JavaScript Deprecation Labels
2025-01-31 14:18:55 -08:00
Dilan Bhalla
34a577de00 missed deprecation label removal for code injection query 2025-01-31 14:17:51 -08:00
Dilan Bhalla
714036110c removing javascript dataflow deprecations 2025-01-31 11:17:08 -08:00
Mathias Vorreiter Pedersen
29d07ae059 Merge pull request #159 from microsoft/dataflow-stack-cleanup-3
Java: Update file that was forgotten in #157
2025-01-31 18:04:25 +00:00
Mathias Vorreiter Pedersen
403ad3c7bd Shared: Add missing transitive closure. 2025-01-31 12:04:34 +00:00
Mathias Vorreiter Pedersen
712d8aa322 Java: Update file that was forgotten in the dataflow-stack PR. 2025-01-31 10:19:21 +00:00
Mathias Vorreiter Pedersen
df06d34625 Merge branch 'main' into interprocedural-controlflow 2025-01-30 18:40:23 +00:00
dilanbhalla
3237b2c3f7 Merge pull request #158 from microsoft/dataflow-stack-cleanup-2
Java/C#: Add missing files from #157
2025-01-30 10:07:50 -08:00
Mathias Vorreiter Pedersen
d144c26c04 Java/C#: Add missing files. 2025-01-30 17:44:32 +00:00
dilanbhalla
ee6624a425 Merge pull request #157 from microsoft/dataflow-stack-cleanup
Shared: Refactor `DataFlowStack`
2025-01-30 09:29:13 -08:00
Mathias Vorreiter Pedersen
c825ca8ec6 Shared: Refactor DataFlowStack so that we don't depend on our own modifications to the shared dataflow library files. 2025-01-30 16:21:21 +00:00
Mathias Vorreiter Pedersen
464ae8baf1 Shared: Autoformat. 2025-01-30 16:19:20 +00:00
Mathias Vorreiter Pedersen
e4378b26b8 All languages: Get rid of the Microsoft modifications to the GitHub dataflow files. 2025-01-30 15:40:52 +00:00
dilanbhalla
81fa6fcd2a Merge pull request #155 from microsoft/brodes/open_source_query_transition
Brodes/open source query transition
2025-01-29 01:29:16 -08:00
Ben Rodes
350742abc8 Merge branch 'main' into brodes/open_source_query_transition 2025-01-28 14:41:39 -05:00
Dilan
25a46a882b Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-01-28 19:01:55 +00:00
dilanbhalla
fee6373fa8 Merge pull request #156 from microsoft/update-powershell-dataflow-after-shared-changes
Powershell: Fix dataflow library after GitHub changes
2025-01-28 11:00:45 -08:00
dilanbhalla
273738e47c Merge branch 'main' into update-powershell-dataflow-after-shared-changes 2025-01-28 11:00:32 -08:00
Ben Rodes
da10292d8f Merge branch 'main' into brodes/open_source_query_transition 2025-01-28 12:18:18 -05:00
dilanbhalla
547b56223f Update sync-main.yml 2025-01-27 11:31:54 -08:00
dilanbhalla
e3494af9e0 Update sync-main.yml 2025-01-27 11:29:44 -08:00
dilanbhalla
70e27a4add Update sync-main.yml 2025-01-27 11:23:18 -08:00
Josh Brown
2fa64d0db5 Accept test case changed lines 2025-01-23 14:04:26 -08:00
Josh Brown
a09847f518 Merge new versions of cpp leap year queries 2025-01-23 12:47:40 -08:00
Mathias Vorreiter Pedersen
25f8f049c3 Powershell: Update changes to remain in sync with GitHub's shared libraries. 2025-01-23 18:06:22 +00:00
REDMOND\brodes
1376b0c355 Deprecated and hardcoded protocol queries and help 2025-01-15 16:26:55 -05:00
REDMOND\brodes
69cbbffd8f Adding UncheckedBoundsEnumAsIndex ql, help and example 2025-01-15 16:20:04 -05:00
REDMOND\brodes
34fe60dbfb KDF ql and qhelp 2025-01-15 16:18:33 -05:00
REDMOND\brodes
5d3f35bc8f HardcodedIVCNG qhelp and ql 2025-01-15 16:13:13 -05:00
REDMOND\brodes
4eb92afd25 Banned Modes ql and qhelp 2025-01-15 16:10:31 -05:00
REDMOND\brodes
9f09e67693 Adding BannedEncryption qhelp, ql, cap and cng qll, cryptofilters qll and misc. crypto example files 2025-01-15 13:16:57 -05:00
REDMOND\brodes
9668fb3875 SizeOfConstIntMacro qhelp, ql, examples and related qll. 2025-01-15 13:03:29 -05:00
REDMOND\brodes
ad626acbd3 Adding ArgumentIsSizeofOrOperation.qhelp, ql, and example files. 2025-01-15 13:01:08 -05:00
REDMOND\brodes
0f8f96c62e Adding IncorrectUsageOfRtlCompareMemory.qhelp, ql and example files. 2025-01-15 12:59:34 -05:00
REDMOND\brodes
7edf552023 Adding BadOverflowGuard qhelp, example code for help, and ql file. 2025-01-15 12:56:36 -05:00
REDMOND\brodes
936ecfc4cd All remaining leap year ql and qhelp files. 2025-01-15 12:37:21 -05:00
REDMOND\brodes
7eee4f2ea5 Adding LeapYear.qll and Adding365DaysPerYear ql and help. 2025-01-15 12:25:41 -05:00
REDMOND\brodes
99fa75b818 Leap Year Examples 2025-01-15 12:11:01 -05:00
Chanel
0bb0031802 Merge pull request #154 from microsoft/invoke-expression-ps-query
invoke expression powershell query
2025-01-09 15:43:37 -08:00
Chanel
6d55972f67 Merge branch 'main' into invoke-expression-ps-query 2025-01-09 15:37:53 -08:00
Dilan
4fd7aec87f Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2025-01-09 21:59:09 +00:00
Chanel
7f5e5ffa37 Apply suggestions from code review
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2025-01-09 10:41:16 -08:00
Chanel Young
17f9c9a0b5 invoke expression powershell query 2025-01-09 10:22:32 -08:00
dilanbhalla
faa5554ea7 Merge pull request #153 from microsoft/revert-152-dilan/rust-exclude-broken-queries
Revert "Remove Broken Rust Queries" + Stub DataflowStack required Interface
2024-12-19 10:21:08 -08:00
Josh Brown
2d97d0f629 WIP stubbing for DataFlowStack 2024-12-18 23:18:25 -08:00
Josh Brown
618732228d WIP stubbing for DataFlowStack 2024-12-18 23:16:23 -08:00
Josh Brown
5a17608c12 WIP stubbing for DataFlowStack 2024-12-18 23:13:25 -08:00
Josh Brown
fa1013ad15 Remove deprecated zipslip DataFlow configuration class, update test case 2024-12-18 22:03:31 -08:00
Josh Brown
00b556cc54 Revert "Remove Broken Rust Queries" 2024-12-19 16:39:08 +11:00
dilanbhalla
aec5d89621 Merge pull request #152 from microsoft/dilan/rust-exclude-broken-queries
Remove Broken Rust Queries
2024-12-17 17:11:04 -08:00
Dilan Bhalla
9575c0ed2a excluding broken queries 2024-12-17 17:07:36 -08:00
Dilan
2e6d9e7ca5 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-12-10 18:26:05 +00:00
dilanbhalla
46cbe2f260 Merge pull request #151 from microsoft/dilan/remove-deprecated-dataflow
Remove Deprecated DataFlow Libs
2024-12-10 10:24:48 -08:00
Dilan Bhalla
f91c91e4e2 resolve dataflow conflict 2024-12-09 13:36:44 -08:00
Mathias Vorreiter Pedersen
57f5b9748c C++: Instantiate the new shared library for C++. 2024-12-05 19:26:42 +00:00
Mathias Vorreiter Pedersen
f514753d63 C++: Add a 'shared' interprocedural control-flow library. I am keeping it in the cpp directory now to avoid qlpack headache. 2024-12-05 19:26:12 +00:00
dilanbhalla
58f8523276 Merge pull request #147 from microsoft/revert-146-dilan/msft-extractor-queries
Revert "Failed Extraction Queries"
2024-12-03 10:51:11 -08:00
dilanbhalla
a7cdda7a5b Revert "Failed Extraction Queries" 2024-12-03 10:50:15 -08:00
Dilan
0e25de1af0 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-12-02 13:59:17 +00:00
Mathias Vorreiter Pedersen
029fb0bcf2 Merge pull request #145 from microsoft/jb1/isLibraryFile-nomagic
No magic on `ClassifyFiles::isLibraryFile`
2024-11-26 11:50:19 +00:00
Josh Brown
52d7a3bb99 Merge remote-tracking branch 'origin/main' into jb1/isLibraryFile-nomagic 2024-11-26 03:43:07 -08:00
Mathias Vorreiter Pedersen
2d66955750 Merge pull request #146 from microsoft/dilan/msft-extractor-queries
Failed Extraction Queries
2024-11-25 13:19:24 +00:00
Dilan Bhalla
eb56cb94b0 metadata fixes 2024-11-22 14:29:43 -08:00
Dilan Bhalla
e3a04757d7 msft extractor queries 2024-11-22 14:11:02 -08:00
Josh Brown
e60df2c50e Merge branch 'main' into jb1/isLibraryFile-nomagic 2024-11-22 14:56:11 +11:00
Josh Brown
15f92fcda8 No magic isLibraryFile 2024-11-21 19:52:03 -08:00
dilanbhalla
54d9eda50a Update powershell-pr-check.yml 2024-11-20 14:09:27 -08:00
dilanbhalla
6fb39c65c5 Update powershell-pr-check.yml 2024-11-20 14:09:06 -08:00
dilanbhalla
b22ee5752d Update powershell-pr-check.yml 2024-11-20 13:28:52 -08:00
dilanbhalla
ac868f412c Update powershell-pr-check.yml 2024-11-20 13:21:15 -08:00
dilanbhalla
5dca7cd175 Merge pull request #143 from microsoft/dilan/powershell-pr-check
PowerShell PR Check
2024-11-20 12:35:22 -08:00
dilanbhalla
44e48a7588 Update powershell-pr-check.yml 2024-11-20 12:17:06 -08:00
dilanbhalla
514285c2fc Update sync-main.yml 2024-11-20 12:16:38 -08:00
dilanbhalla
105f7395d7 Delete powershell/ql/src/queries/security/cwe-078/test.ql 2024-11-20 12:14:08 -08:00
dilanbhalla
147784a102 Create test.ql 2024-11-20 12:11:39 -08:00
dilanbhalla
7257b4a0a2 Update powershell-pr-check.yml 2024-11-20 12:08:15 -08:00
dilanbhalla
1dd5e34e0e Create powershell-pr-check.yml 2024-11-20 12:04:11 -08:00
Lindsay Simpkins
861ae8abc4 Merge pull request #142 from microsoft/lsimpkins/powershell-buildmodes
PS: support buildmode none in extractor
2024-11-20 14:11:51 -05:00
Lindsay Simpkins
ff03d6c22a PS: support buildmode none in extractor 2024-11-19 19:38:55 -05:00
Mathias Vorreiter Pedersen
e9b7925432 Merge pull request #141 from microsoft/powershell-cmd-injection-fewer-sinks
PS: Improve sinks in `powershell/command-injection`
2024-11-12 20:25:17 +00:00
Mathias Vorreiter Pedersen
ba8a37c625 PS: Add more injetion sinks and type models. 2024-11-12 20:12:57 +00:00
Mathias Vorreiter Pedersen
308afb996b PS: Add common GAC (global assembly cache) assemblies and all automatic varibles. 2024-11-12 20:12:54 +00:00
Mathias Vorreiter Pedersen
f103fed6de PS: Use ! to mark static members/methods. 2024-11-12 20:12:52 +00:00
Mathias Vorreiter Pedersen
50c05517d2 PS: Include implicit qualifiers. 2024-11-12 20:05:20 +00:00
Mathias Vorreiter Pedersen
a382d08915 PS: Don't raise an alert on all call operator node arguments. 2024-11-11 15:25:18 +00:00
Mathias Vorreiter Pedersen
5b5f6ec3c3 Merge pull request #140 from microsoft/powershell-storestep-avoid-cp
PS: Remove accidental CP
2024-11-11 12:28:43 +00:00
Mathias Vorreiter Pedersen
446b3ea0e1 PS: Accept test changes. 2024-11-11 12:28:00 +00:00
Mathias Vorreiter Pedersen
7fe9cce53f PS: Avoid CP. 2024-11-11 12:19:46 +00:00
Mathias Vorreiter Pedersen
50188a2175 PS: Drive-by: Fix toString on Cmd. 2024-11-11 12:19:33 +00:00
Mathias Vorreiter Pedersen
86a40b9b0b Merge pull request #138 from microsoft/powershell-tainted-command-query
PS: Add the first non-experimental query
2024-11-08 20:44:15 +01:00
Mathias Vorreiter Pedersen
87cbfd191f Merge pull request #139 from microsoft/powershell-fix-multiple-cfg-successors
PS: Fix multiple CFG successors
2024-11-08 20:43:59 +01:00
Mathias Vorreiter Pedersen
40f50dd472 PS: Ensure the parameter has the right enclosing function. 2024-11-08 19:41:52 +00:00
Mathias Vorreiter Pedersen
b3de6a23ea PS: Add tests. 2024-11-08 16:07:12 +00:00
Mathias Vorreiter Pedersen
40cf8dd387 PS: Add test dependency on powereshell-queries. 2024-11-08 16:07:11 +00:00
Mathias Vorreiter Pedersen
e8274a66a5 PS: Add qhelp. 2024-11-08 16:07:09 +00:00
Mathias Vorreiter Pedersen
299c3e9eed PS: Add 'powershell/command-injection' query. 2024-11-08 16:07:07 +00:00
Mathias Vorreiter Pedersen
0fb75afd33 Merge pull request #137 from microsoft/powershell-taint-through-string-interpolation
PS: Taint-flow through string interpolation
2024-11-08 17:06:23 +01:00
Mathias Vorreiter Pedersen
f16b2cbd76 PS: Accept test changes. 2024-11-08 16:04:10 +00:00
Mathias Vorreiter Pedersen
5a715c7d11 PS: Flow through string interpolation. 2024-11-08 16:01:23 +00:00
Mathias Vorreiter Pedersen
d5d3712db4 PS: Add taint test. 2024-11-08 15:59:26 +00:00
Mathias Vorreiter Pedersen
16aacd87e0 Merge pull request #136 from microsoft/powershell-first-query-preps
PS: Add AST and CFG classes for operator `&` and add environment variable reads as local flow sources
2024-11-08 16:07:08 +01:00
Mathias Vorreiter Pedersen
4a2fd527ed PS: Add reads of environment variables as local flow sources. 2024-11-08 15:01:18 +00:00
Mathias Vorreiter Pedersen
9f0f0ca8a4 PS: Add placeholder for speculative flow now that this has been merged on the GitHub side. 2024-11-08 15:00:37 +00:00
Mathias Vorreiter Pedersen
aaa01820e0 PS: Add AST and CFG nodes for operator &. 2024-11-08 14:59:56 +00:00
Dilan
1e1fd4566c Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-11-07 17:59:18 +00:00
Mathias Vorreiter Pedersen
f96a984b1f Merge pull request #135 from microsoft/api-graphs-qualified-calls
PS: Allow `Instance` on explicit module uses
2024-11-07 14:03:34 +01:00
Mathias Vorreiter Pedersen
2255fda9e6 PS: Accept test changes. These are all from the changes to 'toString' from the previous commit. 2024-11-07 12:59:06 +00:00
Mathias Vorreiter Pedersen
a086d63f31 PS: Drive-by fix: Better toString on Cmd. 2024-11-07 12:47:58 +00:00
Mathias Vorreiter Pedersen
7531d88f6d PS: Allow explicit module qualifiers to be selected with the 'instance' path. 2024-11-07 12:47:23 +00:00
Mathias Vorreiter Pedersen
689a34b823 PS: Add a public dataflow node class for TypeNames. 2024-11-07 12:46:08 +00:00
Mathias Vorreiter Pedersen
938069d5ba PS: Include more module IPA nodes. 2024-11-07 12:45:06 +00:00
Mathias Vorreiter Pedersen
8550178112 Merge pull request #134 from microsoft/powershell-mad
PS: Add API graphs and models-as-data libraries
2024-11-06 15:05:36 +01:00
Mathias Vorreiter Pedersen
18d8de1fc8 PS: Add a bunch of source models. 2024-11-06 13:43:18 +00:00
Mathias Vorreiter Pedersen
d02ad25aaa PS: Add (empty) model-related files. 2024-11-06 13:43:16 +00:00
Mathias Vorreiter Pedersen
4344e70543 PS: Include certain statements as local source nodes. 2024-11-06 13:43:14 +00:00
Mathias Vorreiter Pedersen
4f58b19217 PS: Add wrapper classes for local and remote flow sources. 2024-11-06 13:43:13 +00:00
Mathias Vorreiter Pedersen
2ffbf179d8 PS: Dataflow additions to support api graphs. 2024-11-06 13:43:10 +00:00
Mathias Vorreiter Pedersen
9a03d10eb1 PS: Add API graph files. 2024-11-06 13:43:07 +00:00
Mathias Vorreiter Pedersen
314951779d PS: Add shared files for API graphs. 2024-11-06 13:43:03 +00:00
Mathias Vorreiter Pedersen
5852fe40d8 PS: Add a concept of 'source call' vs. 'library call' to avoid non-monotonic recursion in the next commits. 2024-11-06 13:43:01 +00:00
Mathias Vorreiter Pedersen
cfde677eb2 PS: AST and control-flow additions required for MaD and Api graphs. 2024-11-06 13:42:58 +00:00
Mathias Vorreiter Pedersen
68c729f8cd PS: Models-as-data skeleton. 2024-11-06 13:41:05 +00:00
Mathias Vorreiter Pedersen
9fb5711cc6 PS: Drive-by fix: Match Ruby's implementation of 'getAMatchingContent'. 2024-11-06 13:41:04 +00:00
Mathias Vorreiter Pedersen
94220ec26b PS: Make use of static type information in dataflow dispatch. 2024-11-06 13:41:03 +00:00
Mathias Vorreiter Pedersen
92a8c84ce6 PS: Add predicates for getting the static type of a parameter. 2024-11-06 13:41:02 +00:00
Mathias Vorreiter Pedersen
ef36d6b03c Merge pull request #133 from microsoft/powershell-extract-implicit-models-followup
PS: #132 follow-up
2024-11-06 12:53:49 +01:00
Mathias Vorreiter Pedersen
a2158e2b68 PS: Add an extractor option to control whether to extract PSModulePath files and use that new option when running ql tests. 2024-11-06 11:52:27 +00:00
Mathias Vorreiter Pedersen
43f986c8c8 Merge pull request #132 from microsoft/powershell-extract-implicit-models
PS: Extract source files found via `PSModulePath`
2024-11-06 11:19:20 +01:00
Mathias Vorreiter Pedersen
a56cbfe425 PS: Upgrade and downgrade scripts. 2024-11-06 10:14:33 +00:00
Mathias Vorreiter Pedersen
28ddb9aa5b PS: Mark which files are from the PSModulePath environment variable. 2024-11-06 10:14:31 +00:00
Mathias Vorreiter Pedersen
261d7d7679 PS: Also extract .psd1 files. 2024-11-06 10:14:28 +00:00
Mathias Vorreiter Pedersen
df962d7626 PS: Also extract files from the PSModulePath environment variable. 2024-11-06 10:14:26 +00:00
Mathias Vorreiter Pedersen
e6f8df7f96 Merge pull request #131 from microsoft/powershell-splitting
PS: Use the new shared control-flow splitting library
2024-11-04 14:57:55 +00:00
Mathias Vorreiter Pedersen
faf3d7c943 PS: Accept test changes. 2024-11-04 14:49:52 +00:00
Mathias Vorreiter Pedersen
38451a8285 PS: Implement conditional splitting in the Powershell CFG. 2024-11-04 14:49:36 +00:00
dilanbhalla
7a252e4089 Merge pull request #130 from microsoft/dilan/powershell-suites
Adding powershell suites
2024-11-01 14:15:08 -07:00
Dilan Bhalla
027e01d18c adding powershell suites 2024-11-01 14:13:38 -07:00
dilanbhalla
fcd875d75f Merge pull request #129 from microsoft/dilan/powershell-splitting-fix
commenting out problematic powershell qll code
2024-10-30 11:05:06 -07:00
Dilan Bhalla
4ff362fdb6 commenting out problematic powershell qll code 2024-10-30 11:03:10 -07:00
Raul Garcia
490957ad86 Merge pull request #117 from microsoft/SqlConnFP_fix
Fixing a false positive in cs/insecure-sql-connection
2024-10-22 10:03:14 -07:00
Raul Garcia
97bfc5dad7 Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnectionInitializerGood.cs
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2024-10-22 09:20:19 -07:00
Raul Garcia
8b9139f18b Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnectionInitializerBad.cs
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2024-10-22 09:20:12 -07:00
Raul Garcia
0662013ef5 Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2024-10-22 09:20:01 -07:00
Dilan
7ad49cf3ff Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-10-21 17:59:16 +00:00
Mathias Vorreiter Pedersen
2f835e5f19 Merge pull request #128 from microsoft/powershell-taint-through-operations
PS: Taint through operations
2024-10-17 17:03:01 +01:00
Mathias Vorreiter Pedersen
d70d40913c PS: Accept test changes. 2024-10-17 16:52:17 +01:00
Mathias Vorreiter Pedersen
d0febd7aae PS: Add taint flow through all operations. 2024-10-17 16:52:16 +01:00
Mathias Vorreiter Pedersen
cd017db09f PS: Add taint versions of local flow tests. 2024-10-17 16:52:14 +01:00
Mathias Vorreiter Pedersen
c728c7dba5 PS: Add helper predicates and classes to operations. 2024-10-17 16:52:13 +01:00
Mathias Vorreiter Pedersen
34781b8730 PS: Add test with missing flow. 2024-10-17 16:52:11 +01:00
Mathias Vorreiter Pedersen
0890b22048 Merge pull request #127 from microsoft/powershell-fix-if-extraction
PS: Fix if statement clause extraction
2024-10-17 14:08:59 +01:00
Mathias Vorreiter Pedersen
e6c7ac2b21 PS: Accept test changes. 2024-10-17 14:07:11 +01:00
Mathias Vorreiter Pedersen
cc1348516f PS: Don't double increment when looping through if clauses. 2024-10-17 14:06:39 +01:00
Mathias Vorreiter Pedersen
e55c718a5e Merge pull request #126 from microsoft/powershell-global-parameter-positions
PS: Include parameter positions for top level functions
2024-10-17 11:53:25 +01:00
Mathias Vorreiter Pedersen
6bb859dab0 PS: Accept test changes. 2024-10-17 11:52:34 +01:00
Mathias Vorreiter Pedersen
9278f03753 PS: Include parameter positions for top levels. 2024-10-17 11:52:31 +01:00
Mathias Vorreiter Pedersen
97d5af7b6b PS: Add failing test. 2024-10-17 11:42:29 +01:00
Mathias Vorreiter Pedersen
c93daeb99f Merge pull request #125 from microsoft/global-parameters
PS: Global parameter support
2024-10-16 20:17:16 +01:00
Mathias Vorreiter Pedersen
dec3e7191c PS: Add test and accept test changes. 2024-10-16 20:15:01 +01:00
Mathias Vorreiter Pedersen
b426c1fc62 PS: Make top level a function as well. 2024-10-16 20:12:10 +01:00
Mathias Vorreiter Pedersen
56c703ec80 PS: Move a bunch of predicates into ScriptBlock. 2024-10-16 20:11:49 +01:00
Mathias Vorreiter Pedersen
d3b9e139c4 PS: Extend the set of sources in tests. 2024-10-16 18:54:24 +01:00
Mathias Vorreiter Pedersen
3c18124faf PS: Add taint-tracking files. 2024-10-16 18:26:34 +01:00
Mathias Vorreiter Pedersen
4cd37d63d7 Merge pull request #124 from microsoft/powershell-more-correct-value-from-property-name
PS: Allow for `ValueFromPipelineByPropertyName` to also read off an `ElementContent`
2024-10-16 16:47:51 +01:00
Mathias Vorreiter Pedersen
ef75ffef56 PS: Accept test changes. 2024-10-16 16:43:02 +01:00
Mathias Vorreiter Pedersen
a8de859dfb PS: Add a failing test. 2024-10-16 16:41:06 +01:00
Mathias Vorreiter Pedersen
7836a09e8a fixup! PS: Rename a few classes and tests. 2024-10-16 16:40:32 +01:00
Mathias Vorreiter Pedersen
70bc32a542 PS: Make sure we handle pipeline-value-from-property-name variables when passed an array. 2024-10-16 16:39:30 +01:00
Mathias Vorreiter Pedersen
b66f3b02aa PS: Rename a few classes and tests. 2024-10-16 16:26:51 +01:00
Mathias Vorreiter Pedersen
bfa9210b4b Merge pull request #123 from microsoft/flow-through-ValueFromPipelineByPropertyName
PS: Flow through `ValueFromPipelineByPropertyName` parameters
2024-10-15 16:11:42 +01:00
Mathias Vorreiter Pedersen
34c821fd2d PS: Drive-by fix. 2024-10-15 16:09:42 +01:00
Mathias Vorreiter Pedersen
3c38133bf3 PS: Drive-by fix. 2024-10-15 16:09:40 +01:00
Mathias Vorreiter Pedersen
fb74de4860 PS: Accept test changes. 2024-10-15 16:09:36 +01:00
Mathias Vorreiter Pedersen
fad9133343 PS: Add a read step out of property name parameter nodes. 2024-10-15 16:09:32 +01:00
Mathias Vorreiter Pedersen
87cc9cd88a PS: Also ignore pipeline property name parameters in the pipeline-related predicates. 2024-10-15 15:48:05 +01:00
Mathias Vorreiter Pedersen
1dcd3180b1 PS: Add test with missing flow. 2024-10-15 15:43:39 +01:00
Mathias Vorreiter Pedersen
a16b51a0bb Merge pull request #122 from microsoft/powershell-flow-through-conversions
PS: Flow through conversions
2024-10-15 13:39:28 +01:00
Mathias Vorreiter Pedersen
0e298a80e8 PS: Flow through parentheses. 2024-10-15 13:37:20 +01:00
Mathias Vorreiter Pedersen
e683f04e7b PS: Rename getExpr to getBase on ParenExpr. 2024-10-15 13:37:03 +01:00
Mathias Vorreiter Pedersen
959cbd7467 PS: Add another failing test with parentheses. 2024-10-15 13:36:17 +01:00
Mathias Vorreiter Pedersen
72e18ac135 PS: Flow through conversions. 2024-10-15 13:26:39 +01:00
Mathias Vorreiter Pedersen
43fcbcaffb PS: Rename getExpr to getBase on ConvertExpr. 2024-10-15 13:26:18 +01:00
Mathias Vorreiter Pedersen
97672f9e91 PS: Add test. 2024-10-15 13:21:43 +01:00
Mathias Vorreiter Pedersen
91d3f11bcc Merge pull request #121 from microsoft/flow-through-hashtables
PS: Flow through hash table creation, reads, and writes
2024-10-15 12:58:44 +01:00
Mathias Vorreiter Pedersen
2aacb580e2 PS: Accept test changes. 2024-10-15 12:54:17 +01:00
Mathias Vorreiter Pedersen
96de8111b5 PS: Dataflow through hash table creation, reads and writes. 2024-10-15 12:53:34 +01:00
Mathias Vorreiter Pedersen
656f98d361 PS: AST and CFG improvements to hash tables. 2024-10-15 12:53:07 +01:00
Mathias Vorreiter Pedersen
37c12639ed PS: Improve constant expression AST hierachy. 2024-10-15 12:52:41 +01:00
Mathias Vorreiter Pedersen
c8d70470a0 PS: Add tests with missing flow. 2024-10-15 12:46:54 +01:00
Mathias Vorreiter Pedersen
8aa119b6dc Merge pull request #120 from microsoft/flow-through-array-expr
PS: Flow through arrays
2024-10-14 20:15:07 +01:00
Mathias Vorreiter Pedersen
bc7c893006 PS: Accept test changes. 2024-10-14 20:10:51 +01:00
Mathias Vorreiter Pedersen
8bed9536bf PS: Flow through array expressions. 2024-10-14 20:09:19 +01:00
Mathias Vorreiter Pedersen
e63778a009 PS: CFG and AST helpers. 2024-10-14 20:08:54 +01:00
Mathias Vorreiter Pedersen
efee104f3d PS: Generalize the current ReturnContainer computation. 2024-10-14 20:06:46 +01:00
Mathias Vorreiter Pedersen
eb0f094e0b Merge pull request #119 from microsoft/powershell-unwrapping
PS: Flow through pipelines
2024-10-14 20:02:01 +01:00
Mathias Vorreiter Pedersen
1b454ed3e1 PS: add tests and accept test changes. 2024-10-14 18:14:52 +01:00
Mathias Vorreiter Pedersen
0aa6670247 PS: Model underscore parameters as pipeline parameters. 2024-10-14 18:14:50 +01:00
Mathias Vorreiter Pedersen
a0e17ee37b PS: Implicitly read any element content at sinks when doing taint flow. 2024-10-14 18:14:47 +01:00
Mathias Vorreiter Pedersen
1ec0f53a18 PS: Don't perform store steps and (and index removal, and all the othe complex return business) when there is only a single returned expression. 2024-10-14 18:14:45 +01:00
Mathias Vorreiter Pedersen
b2225fe7b5 PS: Drive-by performance fix: Don't generate N store steps when storing into an unknown index. 2024-10-14 18:14:43 +01:00
Mathias Vorreiter Pedersen
01a556e583 PS: Ensure the constants 0 .. 10 always exists. 2024-10-14 18:14:42 +01:00
Mathias Vorreiter Pedersen
51269633b0 PS: Pipeline flow. 2024-10-14 18:14:40 +01:00
Mathias Vorreiter Pedersen
cc995b1059 PS: Generalize getARead. 2024-10-14 18:14:38 +01:00
Mathias Vorreiter Pedersen
950a10be90 PS: Fix CFG ordering on CmdExpr. 2024-10-14 18:14:35 +01:00
Mathias Vorreiter Pedersen
830bf57d3a PS: Pipeline parameter and argument positions. 2024-10-14 18:14:33 +01:00
Mathias Vorreiter Pedersen
cbf9496202 PS: Helper predicates and classes. 2024-10-14 18:14:31 +01:00
Mathias Vorreiter Pedersen
3c19578e89 PS: Hide the new nodes and enure that we still show the old return node. 2024-10-14 18:14:28 +01:00
Mathias Vorreiter Pedersen
93a48646e6 PS: Accept test changes. 2024-10-14 18:14:26 +01:00
Mathias Vorreiter Pedersen
6797f8f729 PS: Add flow into, and out of, the new implicit unwrapping nodes. 2024-10-14 18:14:23 +01:00
Mathias Vorreiter Pedersen
15a22e5746 PS: Make the new return node an acual return node. 2024-10-14 18:14:21 +01:00
Mathias Vorreiter Pedersen
91a6dce01b PS: Add read step when we need unwrapping. 2024-10-14 18:14:17 +01:00
Mathias Vorreiter Pedersen
ea2f155a1f PS: Add two new kinds of nodes: A node that represents implicit unwrapping and a new node to hold the final return value of a function. 2024-10-14 16:51:55 +01:00
Mathias Vorreiter Pedersen
706eff2b14 PS: Us control-flow nodes in 'ReturnContainer' instead of dataflow nodes. 2024-10-11 11:59:44 +01:00
Mathias Vorreiter Pedersen
76bd4150b4 PS: Drive-by fix: '' is the same thing as '' 2024-10-11 11:17:37 +01:00
REDMOND\brodes
e0ee60f3dd Updated expected file. 2024-10-10 13:31:53 -04:00
Mathias Vorreiter Pedersen
8a575c4d20 Merge pull request #118 from microsoft/powershell-add-return-and-out-nodes
PS: Add flow out of functions
2024-10-10 12:28:56 +01:00
Raul Garcia
c1f7422f0e Fixing test cases 2024-10-09 16:53:33 -07:00
Raul Garcia
a179fa021f Fixing Test cases 2024-10-09 14:44:48 -07:00
Mathias Vorreiter Pedersen
1527479518 PS: Accept test changes. 2024-10-09 19:29:04 +01:00
Mathias Vorreiter Pedersen
a6b256371f PS: Add return and out nodes. 2024-10-09 19:29:03 +01:00
Mathias Vorreiter Pedersen
54521ad54d PS: Add a 'CallNode' helper class. 2024-10-09 19:29:02 +01:00
Mathias Vorreiter Pedersen
b34e36984d PS: Add failing tests. 2024-10-09 19:29:01 +01:00
REDMOND\brodes
b95b275136 qlref's were incorrect. 2024-10-09 13:55:28 -04:00
Mathias Vorreiter Pedersen
0814a90668 Merge pull request #116 from microsoft/powershell-add-empty-completion
PS: Add `Emptiness` completion to get rid of CFG inconsistencies
2024-10-08 20:02:08 +02:00
Mathias Vorreiter Pedersen
31f232d205 PS: Accept test changes. 2024-10-08 18:57:16 +01:00
Mathias Vorreiter Pedersen
7eb98c1122 PS: Add an emptiness successor to get rid of CFG inconsistencies. 2024-10-08 18:57:00 +01:00
Mathias Vorreiter Pedersen
a4e1860d4f Merge pull request #115 from microsoft/powershell-fix-dead-end-for-stmt
Powershell fix dead end for stmt
2024-10-08 16:47:57 +02:00
Mathias Vorreiter Pedersen
7ef8bfa8d7 PS: Don't interpret Cfg.ql as a graph. 2024-10-08 15:45:01 +01:00
Mathias Vorreiter Pedersen
6557081a96 PS: Accept test changes. 2024-10-08 15:39:10 +01:00
Mathias Vorreiter Pedersen
892b038565 PS: Support missing elements in for statements. 2024-10-08 15:38:46 +01:00
Mathias Vorreiter Pedersen
7e66dc3481 Merge pull request #114 from microsoft/powershell-flow-into-this
PS: Support flow through `this`
2024-10-08 16:38:08 +02:00
Mathias Vorreiter Pedersen
fb8d67f64f PS: Accept test changes. 2024-10-08 15:20:39 +01:00
Mathias Vorreiter Pedersen
455e56d804 PS: Support 'this' as a parameter in SSA and dataflow. 2024-10-08 15:20:36 +01:00
Mathias Vorreiter Pedersen
61d5f4412c PS: AST support for 'this'. 2024-10-08 15:20:33 +01:00
Mathias Vorreiter Pedersen
a429485b56 PS: Create an internal class to model 'Arguments'. 2024-10-08 15:20:31 +01:00
Mathias Vorreiter Pedersen
597147be71 PS: Refactor the way we do 'internal' AST related classes. 2024-10-08 15:20:29 +01:00
Mathias Vorreiter Pedersen
ca1c9120b5 PS: Add test with missing flow. 2024-10-08 15:20:27 +01:00
Mathias Vorreiter Pedersen
68b74f8af2 PS: Accept changes that hadn't been accepted before. 2024-10-08 15:20:24 +01:00
Dilan
878bd5b098 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-10-04 20:59:08 +00:00
Mathias Vorreiter Pedersen
78a1d069bc Merge pull request #113 from microsoft/powershell-element-content
PS: Add `ElementContent` for tracking flow through arrays
2024-10-04 21:18:58 +02:00
Mathias Vorreiter Pedersen
494ef7a44c PS: Fix missing flow. 2024-10-04 20:08:20 +01:00
Mathias Vorreiter Pedersen
4d8809a808 PS: Add another class of missing flow. 2024-10-04 20:06:22 +01:00
Mathias Vorreiter Pedersen
1de38e2cbc PS: Accept test changes. 2024-10-04 19:48:44 +01:00
Mathias Vorreiter Pedersen
3c80652b91 PS: Autoformat and silence 'unused paramter' warning. 2024-10-04 19:33:29 +01:00
Mathias Vorreiter Pedersen
cbfd0b363b PS: Add element content flow for reads and writes into arrays. 2024-10-04 19:33:28 +01:00
Mathias Vorreiter Pedersen
1f558a0b7f PS: Add CFG classes for array literals. 2024-10-04 19:33:27 +01:00
Mathias Vorreiter Pedersen
28b654df46 PS: Add helper clases for index expression. 2024-10-04 19:33:26 +01:00
Mathias Vorreiter Pedersen
22e508b85b PS: Introduce a class for constant values. 2024-10-04 19:33:23 +01:00
Mathias Vorreiter Pedersen
820f4b2575 PS: Add tests with arrays. 2024-10-04 19:33:22 +01:00
Raul Garcia
64aca2632b Fixing a false positive in cs/insecure-sql-connection, and adding a new query to remediate a false negative 2024-10-03 18:37:33 -07:00
Mathias Vorreiter Pedersen
421258b8f9 Merge pull request #112 from microsoft/powershell-more-type-flow
PS: Add more type-tracking flow
2024-10-03 20:47:01 +02:00
Mathias Vorreiter Pedersen
b622e09fe7 PS: Accept test changes. 2024-10-03 19:43:55 +01:00
Mathias Vorreiter Pedersen
e38f6301a6 PS: Also support type tracking of objects constructed with New-Object. 2024-10-03 19:43:54 +01:00
Mathias Vorreiter Pedersen
32f7f1b7e4 PS: Merge the non-member function and member function classes. Also rename member function to 'Method' since that's the name used by Powershell documentation. 2024-10-03 19:43:51 +01:00
Mathias Vorreiter Pedersen
5103d34dbf PS: Add tests. 2024-10-03 19:07:21 +01:00
Mathias Vorreiter Pedersen
46ead0d7f7 Merge pull request #111 from microsoft/powershell-more-control-flow
PS: More control flow
2024-10-03 12:30:51 +02:00
Mathias Vorreiter Pedersen
bcbb1bbce0 PS: Accept tests. 2024-10-03 11:25:26 +01:00
Mathias Vorreiter Pedersen
52129a981f PS: Add lots of missing control flow. We're now complete on 'fleschutz/PowerShell'. 2024-10-03 11:25:15 +01:00
Mathias Vorreiter Pedersen
c7976d5090 Merge pull request #110 from microsoft/powershell-dataflow-fixes
Powershell: Fix dataflow/SSA consistency errors.
2024-10-03 12:17:51 +02:00
Mathias Vorreiter Pedersen
7eac066118 Powershell: Fix dataflow/SSA consistency errors. 2024-10-03 11:11:44 +01:00
Mathias Vorreiter Pedersen
c7850b141d Merge pull request #109 from microsoft/powershell-call-target-resolution
PS: Resolve function calls
2024-10-02 17:56:21 +02:00
Mathias Vorreiter Pedersen
953bd09c1c Merge pull request #106 from microsoft/tainted-path-barrier-with-state
C#: Make `StartsWith` and `EndsWith` sanitizers on normalized paths
2024-10-02 17:32:56 +02:00
Mathias Vorreiter Pedersen
816aa79a45 PS: Add helper predicate on 'Call' for getting a runtime target. 2024-10-02 15:37:19 +01:00
Mathias Vorreiter Pedersen
b05409380a PS: Resolve non-member function calls using the dataflow's lambda call resolution features. 2024-10-02 15:36:39 +01:00
Mathias Vorreiter Pedersen
f6a5b4b182 PS: Resolve member function calls using the shared type-tracking library. 2024-10-02 15:34:45 +01:00
Mathias Vorreiter Pedersen
b6dfbc3182 PS: Instantiate most of the shared type-tracking library. 2024-10-02 15:30:50 +01:00
Mathias Vorreiter Pedersen
9049407fb4 PS: More AST cleanup. 2024-10-02 14:45:20 +01:00
Mathias Vorreiter Pedersen
655cb8ef9a PS: Fix 'getEnclosingScope' and add 'getEnclosingFunction'. 2024-10-02 14:44:09 +01:00
Mathias Vorreiter Pedersen
43c75504e1 PS: Also support method calls as calls. 2024-10-02 12:56:36 +01:00
Mathias Vorreiter Pedersen
e36e6175dd Merge pull request #108 from microsoft/fix-powershell-compilation
PS: Fix compile errors and warnings.
2024-10-02 13:38:21 +02:00
Mathias Vorreiter Pedersen
32502a5be7 PS: Fix compile errors and warnings. 2024-10-02 12:31:51 +01:00
Ben Rodes
939b2181d4 Wchar fp fixes (#107)
* Adding tests and updated expected file with false positives to correct.

(cherry picked from commit 26e58532ee)

* Modifications to the query to address false positives.

(cherry picked from commit cc24f1ed9f)

* Updating expected file, false positives now resolved.

(cherry picked from commit 92c8d39ba3)

* Correct comment.

(cherry picked from commit 338ab96593)

* Changing from hasIntermediateType to getABaseType.

(cherry picked from commit c4737c7fbb)

* Switching to looking for explicit declaration of unsigned char, to avoid cases where unsigned char is the default char width for `char`.

(cherry picked from commit 51e787b316)

* Altering ordering for exists statement to be clearer.

(cherry picked from commit 31324fc778)

* Altering exists predicate ordering to be clearer.

(cherry picked from commit c91f7f4918)

* Changing name of predicate to be clearer, and removing an unused parameter.

(cherry picked from commit 318e75c094)

* Removing unnecessary bracket/singleton set literal.

(cherry picked from commit 162519185d)

* Formatting.

(cherry picked from commit c496503053)
2024-10-01 09:51:10 -04:00
Mathias Vorreiter Pedersen
758196ed8d C#: Accept test changes. 2024-10-01 12:40:49 +01:00
Mathias Vorreiter Pedersen
89bdcfb53d C#: Allow 'StartsWith' and 'EndsWith' to be barriers when the path is normalized. 2024-10-01 12:34:40 +01:00
Mathias Vorreiter Pedersen
9457e5305e C#: Add a flow state to represent whether the path is normalized. 2024-10-01 12:33:04 +01:00
Mathias Vorreiter Pedersen
864bde242f C#: Add a FP testcase. 2024-10-01 12:26:58 +01:00
Mathias Vorreiter Pedersen
60cda950dc Merge pull request #105 from microsoft/powershell-argument-parameter-matching
PS: Implement argument/parameter matching in dataflow
2024-09-27 12:30:26 +01:00
Mathias Vorreiter Pedersen
b6019655ce PS: Use named sets to model parameter and argument matching. 2024-09-26 18:53:31 +01:00
Mathias Vorreiter Pedersen
e4c702ef14 PS: Represent sets of parameter names. 2024-09-26 18:53:30 +01:00
Mathias Vorreiter Pedersen
7f25caf3f6 PS: Add various helper predicates. 2024-09-26 18:53:29 +01:00
Mathias Vorreiter Pedersen
5e2051bdea PS: Add test. 2024-09-26 18:53:28 +01:00
Mathias Vorreiter Pedersen
5803e0611e Merge pull request #104 from microsoft/powershell-field-flow
PS: Add field flow
2024-09-26 11:31:12 +01:00
Mathias Vorreiter Pedersen
1ce4c2fcbf PS: Add tests. 2024-09-24 16:53:56 +01:00
Mathias Vorreiter Pedersen
f51e0b0133 PS: Add field flow. 2024-09-24 16:53:48 +01:00
Mathias Vorreiter Pedersen
3fa466efa9 Merge pull request #102 from microsoft/powershell-very-basic-flow-steps
PS: Add very basic dataflow steps
2024-09-23 18:23:58 +01:00
Mathias Vorreiter Pedersen
f2d89a24f8 PS: Add flow steps from SSA and from right-hand of assignment to assignment. 2024-09-23 17:24:29 +01:00
Mathias Vorreiter Pedersen
dd2c5ef897 Merge pull request #101 from microsoft/add-inline-expectations-test-for-dataflow
PS: Add `InineExpectationsTest` library for dataflow tests
2024-09-23 16:29:35 +01:00
Mathias Vorreiter Pedersen
6beb8ee576 PS: Autoformat. 2024-09-23 16:27:42 +01:00
Mathias Vorreiter Pedersen
15b33ee612 PS: Add tests. 2024-09-23 16:27:39 +01:00
Mathias Vorreiter Pedersen
7fc82194e8 PS: Add inline expectations test library. 2024-09-23 16:27:37 +01:00
Mathias Vorreiter Pedersen
ccbfe0f168 PS: Prepare AST and other libraries for inline expectations tests. 2024-09-23 16:27:36 +01:00
Mathias Vorreiter Pedersen
67631e2d36 PS: Update AST hierachy after #100. 2024-09-23 16:27:34 +01:00
Mathias Vorreiter Pedersen
be8a76335b Merge pull request #100 from microsoft/powershell-fewer-pipelines-in-db
PS: Remove spurious `Pipeline`s in the DB
2024-09-23 13:24:17 +01:00
Mathias Vorreiter Pedersen
974017bb70 PS: Accept test changes. 2024-09-23 13:12:35 +01:00
Mathias Vorreiter Pedersen
0e606e69f7 PS: Add up and downgrade scripts. 2024-09-23 13:12:31 +01:00
Mathias Vorreiter Pedersen
18dd6d0b48 Add Powershell to the upgrade script prepation script. 2024-09-23 12:59:21 +01:00
Mathias Vorreiter Pedersen
26a75da26f PS: Don't generate a 'Pipeline' element when the pipeline wraps a single element. 2024-09-23 12:58:17 +01:00
dilanbhalla
ba1646fe90 Merge pull request #99 from microsoft/dilan/2.19.0-upgrade-conflict
Dilan/2.19.0 upgrade conflict
2024-09-22 02:05:31 -07:00
Dilan Bhalla
a763263cbd resolving merge conflict 2024-09-22 02:04:29 -07:00
dilanbhalla
2ee42cbc3b Merge pull request #98 from microsoft/dilan/2.19.0-upgrade
2.19.0 upgrade
2024-09-18 15:04:52 -07:00
Dilan Bhalla
e370fa2dec 2.19.0 upgrade fix 2024-09-18 14:48:55 -07:00
Dilan Bhalla
14ce258807 2.19.0 upgrade 2024-09-18 14:28:42 -07:00
Mathias Vorreiter Pedersen
8fd89829cc Merge pull request #97 from microsoft/powershell-integrate-ssa-into-dataflow
PS: Integrate SSA computations into dataflow
2024-09-17 10:02:52 +01:00
Mathias Vorreiter Pedersen
f14e1cc782 PS: Add more expression classes and a helper class for calls. 2024-09-16 20:32:25 +01:00
Mathias Vorreiter Pedersen
d616506f23 PS: Integrate SSA computations into dataflow. 2024-09-16 19:36:39 +01:00
Mathias Vorreiter Pedersen
c87873bd26 PS: Add more cfg classes and helper predicats. 2024-09-16 19:36:37 +01:00
Mathias Vorreiter Pedersen
88e32ba3e1 PS: Add local-flow test. 2024-09-16 19:16:23 +01:00
Mathias Vorreiter Pedersen
9bdfaa07b2 Merge pull request #96 from microsoft/powershell-param-def-class
PS: Place parameter definitions in the SSA graph
2024-09-16 18:41:44 +01:00
Mathias Vorreiter Pedersen
fbcac1020f PS: Add some simple SSA tests. 2024-09-16 13:36:57 +01:00
Mathias Vorreiter Pedersen
0312dce009 PS: Fix the scope of parameters. 2024-09-16 13:34:04 +01:00
Mathias Vorreiter Pedersen
a6a157a476 PS: Add initial parameter definitions. 2024-09-16 13:33:56 +01:00
Mathias Vorreiter Pedersen
f0429fa0f3 Merge pull request #95 from microsoft/powershell-ssa-consistency
PS: Add SSA consistency queries and include parameter read/writes as SSA read/writes
2024-09-13 13:51:13 +01:00
Mathias Vorreiter Pedersen
cf59c60495 PS: Shorter names. 2024-09-13 13:47:39 +01:00
Mathias Vorreiter Pedersen
3cebf8ba75 PS: Also include parameter reads and writes as SSA reads and writes. 2024-09-13 13:47:15 +01:00
Mathias Vorreiter Pedersen
ec6422c1b6 PS: Add a concept of a local scope variable (which includes both parameters and local variables). 2024-09-13 13:43:45 +01:00
Mathias Vorreiter Pedersen
dfeb667b8a PS: Add SSA consistency query file. 2024-09-13 13:43:17 +01:00
Mathias Vorreiter Pedersen
3459440a3c Merge pull request #94 from microsoft/add-more-cfg-tests
PS: Add more CFG tests
2024-09-13 13:40:21 +01:00
Mathias Vorreiter Pedersen
e12fd07074 PS: Add more tests. 2024-09-13 13:37:03 +01:00
Mathias Vorreiter Pedersen
4343d6b592 Merge pull request #93 from microsoft/powershell-ssa-skeleton
PS: SSA skeleton and various fixes
2024-09-13 12:20:45 +01:00
Mathias Vorreiter Pedersen
9499972878 PS: Run tests and accept test changes. 2024-09-13 12:14:30 +01:00
Mathias Vorreiter Pedersen
c26fdc3103 PS: A few CFG bugfixes. 2024-09-13 12:14:11 +01:00
Mathias Vorreiter Pedersen
645db5bc90 PS: Add SSA library. 2024-09-12 18:26:42 +01:00
Mathias Vorreiter Pedersen
8b4e065fa2 PS: Port the Ruby framework for lifting parent/child relations at the AST level to parent/child relations at the CFG level. 2024-09-12 18:26:41 +01:00
Mathias Vorreiter Pedersen
9107075f41 PS: Fixup CFG after the introduction of variables into the AST. 2024-09-12 18:26:39 +01:00
Mathias Vorreiter Pedersen
810978d3ab PS: Create an entity that represents a local variable and a parameter and introduce those into the AST. 2024-09-12 18:26:38 +01:00
Mathias Vorreiter Pedersen
e99404a051 PS: Fix missing parent relation for block statements. 2024-09-12 18:26:36 +01:00
Dilan
f63c2b071d Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-09-12 14:59:27 +00:00
Mathias Vorreiter Pedersen
b5950b0d3f Merge pull request #92 from microsoft/powershell-dataflow-skeleton
PS: Add dataflow skeleton
2024-09-11 11:35:35 +01:00
Mathias Vorreiter Pedersen
faf774f79b PS: Add dataflow skeleton 2024-09-10 18:25:58 +01:00
Mathias Vorreiter Pedersen
198ece98ce Merge pull request #91 from microsoft/powershell-cfg-for-if-and-match
PS: CFG for `if`, `match`, exceptions
2024-09-09 18:11:25 +01:00
Mathias Vorreiter Pedersen
dbbb9b32f8 Merge branch 'main' into powershell-cfg-for-if-and-match 2024-09-09 18:09:19 +01:00
Mathias Vorreiter Pedersen
e133b5cedb Merge pull request #88 from microsoft/more-specific-dbscheme-column-types
PS: Small dbscheme updates
2024-09-09 17:52:08 +01:00
Mathias Vorreiter Pedersen
5e4f52a52b Merge pull request #90 from microsoft/powershell-even-more-ast-classes
PS: Add more AST classes
2024-09-09 17:51:56 +01:00
Mathias Vorreiter Pedersen
3bb5582ffe Merge pull request #89 from microsoft/powershell-consistency-query
PS: Add consistency queries
2024-09-09 17:51:46 +01:00
Mathias Vorreiter Pedersen
f51a486c1c PS: CFG for try/catch and throw. 2024-09-06 10:48:19 +01:00
Mathias Vorreiter Pedersen
4c59de4fde PS: Implement CFG for if statements and switches. 2024-09-06 10:33:21 +01:00
Mathias Vorreiter Pedersen
fd29c470c0 PS: More cleanup of AST by fixing up toStrings and adding helper predicates. 2024-09-06 10:00:43 +01:00
Mathias Vorreiter Pedersen
830de2c904 PS: Add more AST classes. 2024-09-05 23:12:56 +01:00
Mathias Vorreiter Pedersen
084c868c8f PS: Add consistency queries. 2024-09-05 18:21:43 +01:00
Mathias Vorreiter Pedersen
3f98f372a0 PS: Add an en try in the library qlpack to point to the upgrade folder. 2024-09-03 20:03:35 +01:00
Mathias Vorreiter Pedersen
b9774d20d9 PS: Fill in properties scripts. Since we didn't change anything these are basically noopts in this case. 2024-09-03 20:03:19 +01:00
Mathias Vorreiter Pedersen
cac0500d57 PS: Add upgrade and downgrade files. This is automatically done by running the script in 'github/codeql/blob/main/misc/scripts/prepare-db-upgrade.sh' (after adding powershell to line 83). 2024-09-03 20:02:34 +01:00
Mathias Vorreiter Pedersen
2f7545cee8 PS: Fixup the corresponding QL to match the state of the dbscheme. 2024-09-03 19:59:28 +01:00
Mathias Vorreiter Pedersen
581254e06f PS: A couple of small dbscheme changes.
1. Flip the name of the child and parent column for 'parent' to reflect
how this is actually populated by the extractor.
2. Make some of the coumns more specific to the actual data type.
3. Make `@named_attribute_argument` an `@ast` branch.
2024-09-03 19:55:39 +01:00
Mathias Vorreiter Pedersen
20e76b39b3 Merge pull request #85 from microsoft/powershell-cfg-for-function-bodies-and-loops
PS: Control-flow for function bodies and loops
2024-09-03 19:51:22 +01:00
Mathias Vorreiter Pedersen
435ee53054 Merge pull request #87 from microsoft/powershell-port-injection-query
PS: Port `powershell/command-injection` from the internal repo
2024-09-03 18:39:07 +01:00
Mathias Vorreiter Pedersen
105e19e8e1 PS: New id to avoid overlapping with the internal query. 2024-09-03 18:36:08 +01:00
Mathias Vorreiter Pedersen
1cb059c381 PS: Fixup 'powershell/command-injection' so that it compiles after all the AST name changes. 2024-09-03 18:18:16 +01:00
Mathias Vorreiter Pedersen
c2bdc7aa52 PS: Add experimental query from the internal repo. 2024-09-03 18:18:15 +01:00
dilanbhalla
2fe3cee812 Merge pull request #86 from microsoft/dilan/2.18.3-upgrade
2.18.3 upgrade
2024-09-03 00:07:09 -07:00
Dilan Bhalla
db7c90d3dd 2.18.3 upgrade 2024-09-03 00:02:09 -07:00
Mathias Vorreiter Pedersen
39cdf0d896 PS: Accept test changes. 2024-08-30 16:15:20 +01:00
Mathias Vorreiter Pedersen
177fbccb61 PS: Add control-flow for loops. 2024-08-30 16:15:18 +01:00
Mathias Vorreiter Pedersen
41ba97b05c PS: Specify when a completion should be a boolan completion. 2024-08-30 16:15:17 +01:00
Mathias Vorreiter Pedersen
5dee69bc33 PS: Add loop CFG tests. 2024-08-30 16:15:16 +01:00
Mathias Vorreiter Pedersen
f00f55f460 PS: Accept test changes. 2024-08-30 16:15:14 +01:00
Mathias Vorreiter Pedersen
b3332da759 PS: Implement more control-flow trees. 2024-08-30 16:15:13 +01:00
Mathias Vorreiter Pedersen
a70cf44acb PS: Convert ScriptBlockTree to an abstract class and have TopLevel script blocks extend it. 2024-08-30 16:11:46 +01:00
Mathias Vorreiter Pedersen
1fa2cdf8a8 Add testcases with functions. 2024-08-30 16:11:45 +01:00
Mathias Vorreiter Pedersen
94a740f6b9 PS: Add continue completion and successor. 2024-08-30 16:11:44 +01:00
Mathias Vorreiter Pedersen
2d8a8c00ca PS: Shorter predicate names for statement blocks. 2024-08-30 16:11:42 +01:00
Mathias Vorreiter Pedersen
7ad60ca59c PS: Proper subclassing of binary expressions. 2024-08-30 16:11:41 +01:00
Mathias Vorreiter Pedersen
4e915f70d0 PS: Add unary expression AST class. 2024-08-30 16:11:40 +01:00
Mathias Vorreiter Pedersen
8575c53447 PS: Move 'getBody' up to the parent class. 2024-08-30 16:11:39 +01:00
Mathias Vorreiter Pedersen
844216afdc PS: Better toString in a couple of classes. 2024-08-30 16:11:37 +01:00
Mathias Vorreiter Pedersen
c2f0c01f19 PS: Create a common subclass for non-member and member functions. 2024-08-30 16:11:36 +01:00
Mathias Vorreiter Pedersen
04f80108ea Merge pull request #84 from microsoft/powershell-cfg-skeleton
PS: Initial CFG skeleton
2024-08-30 16:03:59 +01:00
Mathias Vorreiter Pedersen
f21cde2365 PS: Implement _just enough_ control flow to make the first example work. 2024-08-28 15:31:49 +01:00
Mathias Vorreiter Pedersen
626328c014 PS: Flip the parent child relation. 2024-08-28 15:02:51 +01:00
Mathias Vorreiter Pedersen
db46ca0bbf PS: Add parent-child test that demonstrates that the relation is flipped. 2024-08-28 15:02:50 +01:00
Mathias Vorreiter Pedersen
8d59e09216 PS: Shorter predicate names and better toString messages. 2024-08-28 15:02:48 +01:00
Mathias Vorreiter Pedersen
c69d70a97f PS: Add CFG test skeleton. 2024-08-28 15:02:45 +01:00
Mathias Vorreiter Pedersen
d29cb30ba5 PS: Add CFG skeleton. 2024-08-27 17:57:51 +01:00
Mathias Vorreiter Pedersen
b38c34ac58 PS: Accept test changes that I forgot to accept. 2024-08-27 17:52:25 +01:00
Mathias Vorreiter Pedersen
33ccf3f7f9 Merge pull request #82 from microsoft/powershell-index-files-options
PS: More fine-grained file indexing support
2024-08-27 17:47:48 +01:00
Mathias Vorreiter Pedersen
22a30ab952 Merge pull request #83 from microsoft/powershell-more-ast-classes
PS: Copy existing AST classes from internal repo
2024-08-27 00:28:24 +01:00
Mathias Vorreiter Pedersen
fd4b2b2c89 PS: Warn on implicit this to make CI happy. 2024-08-26 19:37:29 +01:00
Mathias Vorreiter Pedersen
c30feab8ac PS: Port existing tests from internal repo. 2024-08-26 19:21:31 +01:00
Mathias Vorreiter Pedersen
71349afae7 PS: Add more AST classes. 2024-08-26 19:21:28 +01:00
Mathias Vorreiter Pedersen
023c88a073 PS: Use shorter and more standard names. 2024-08-26 18:54:51 +01:00
Mathias Vorreiter Pedersen
efba031745 PS: Fixup AST by adding missing imports. Also use extends instead of instanceof in AST classes. 2024-08-26 18:54:47 +01:00
Mathias Vorreiter Pedersen
0c4a3f4871 Add lib files from the internal repo. 2024-08-26 18:54:43 +01:00
Mathias Vorreiter Pedersen
98a098c5fa PS: Support LGTM_INDEX_INCLUDE in the extractor. 2024-08-26 17:20:54 +01:00
Mathias Vorreiter Pedersen
8473678995 PS: Support --file-list option in the extractor. 2024-08-26 15:08:53 +01:00
dilanbhalla
9ba4ffdb14 Merge pull request #81 from microsoft/open-source-powershell-extractor
PS: Open source the powershell extractor
2024-08-23 12:26:22 -07:00
Mathias Vorreiter Pedersen
95d02e68c8 PS: Add readme with slight modifications from the internal repo. 2024-08-14 18:11:06 +01:00
Mathias Vorreiter Pedersen
4f8a94b4e8 PS: Add simple build script. 2024-08-14 18:11:04 +01:00
Mathias Vorreiter Pedersen
58fc649657 PS: Copy extractor and various scripts from internal repo to public repo. 2024-08-14 18:11:02 +01:00
Dilan
0550ff1040 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-08-13 14:59:34 +00:00
Ben Rodes
d4c0c4059d Brodes/overflow buffer fixes (#79)
* Addreessing false positive due to incorrect use of getType

* Addressing false positive with strncpy.

* BufferAccess must be reachable. False positives observed where accesses occur in dead code.

* Formatting and updating tests.
2024-08-12 16:00:11 -04:00
dilanbhalla
fd512d2a2d Merge pull request #80 from microsoft/more-2.18.1-upgrade-fixes
C#: More merge conflict fixes
2024-08-12 12:02:12 -07:00
Mathias Vorreiter Pedersen
fe6655b0d9 C#: More merge conflict fixes. 2024-08-12 19:23:07 +01:00
Lindsay Simpkins
aeaca1de7d Merge pull request #78 from microsoft/fix-join-order-in-zipslip-query
C#: Fix join order in `cs/zipslip`
2024-08-09 10:27:04 -07:00
Mathias Vorreiter Pedersen
a826163cb4 C#: Fix join order in 'getFilePathArgument'. 2024-08-09 15:20:30 +01:00
Mathias Vorreiter Pedersen
be175aa1a0 C#: Prevent bad magic in a few predicates. 2024-08-09 15:19:54 +01:00
dilanbhalla
24517e3034 Merge pull request #77 from microsoft/dilan/2.18.1-upgrade-2
2.18.1 Upgrade Fix (DataFlowPrivate libraries)
2024-08-02 15:56:56 -07:00
Dilan Bhalla
ed8ada30e8 apply Mathias patch 2024-08-02 15:45:35 -07:00
dilanbhalla
be7fce57c2 Merge pull request #76 from microsoft/dilan/2.18.1-upgrade-2
2.18.1 Upgrade
2024-07-31 15:31:13 -07:00
Dilan Bhalla
73ee8ef664 2.18.1 merge conflict 2024-07-31 14:53:08 -07:00
Dilan Bhalla
db6fb7b5a3 2.18.1 merge 2024-07-31 14:52:51 -07:00
Dilan
7bc16a378d Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-07-11 09:59:18 +00:00
Chanel
471d4672c1 Merge pull request #74 from microsoft/users/chanely/insecure-sql-connection-versioncheck
Update to insecure sql connection to check for version
2024-06-27 12:14:53 -07:00
Dilan
ee338e3caa Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-06-27 17:59:08 +00:00
Josh Brown
5dd5e80d6e autoformat 2024-06-26 13:23:23 -07:00
Chanel Young
f12f74ec77 delete unused predicate 2024-06-26 12:58:21 -07:00
Chanel Young
72d31c82aa check if using version > 4.0, where encrypt true by default 2024-06-26 12:57:25 -07:00
Ben Rodes
9401ab219e Update WeakEncryption.ql 2024-06-14 10:01:05 -04:00
dilanbhalla
f98735d499 Merge pull request #73 from microsoft/dilan/2.17.5-upgrade-revised
2.17.5 Upgrade
2024-06-12 13:44:58 -07:00
Dilan Bhalla
c01daaa40e upgrading to 2.17.5 2024-06-12 12:35:56 -07:00
Josh Brown
cccbdf25c7 Merge pull request #72 from microsoft/jb1/v2.17.4-2
Import v2.17.4 commit history
2024-06-05 04:57:00 +10:00
Josh Brown
28fdf7bf53 Merge tag 'codeql-cli/v2.17.4' into jb1/v2.17.4-2
Compatible with CodeQL CLI 2.17.4
2024-06-04 11:54:03 -07:00
Josh Brown
959f3fa97c Manual Merge DataFlowStack changes 2024-06-04 11:46:21 -07:00
Josh Brown
3f4156ced6 Merge pull request #71 from microsoft/jb1/v2.17.4
Merge upstream/v2.17.4
2024-06-05 04:38:10 +10:00
Josh Brown
e9a6ddab04 Manual merge, accept cs/zipslip test diff 2024-06-04 11:18:22 -07:00
Chanel
3b91979b14 Merge pull request #70 from microsoft/users/chanely-insecure-sql-connection
Fixing FP case for Insecure SQL connection
2024-05-16 14:44:44 -07:00
Chanel Young
300d048dbb fp case if encrypt set in initializer 2024-05-16 13:30:26 -07:00
Lindsay Simpkins
651031b15e python crypto update hmac module library (#69) 2024-05-16 09:35:27 -04:00
Ben Rodes
d548e47010 False positive workaround for incorrectly identified OpenSSL functions. (#67) 2024-05-14 14:55:51 -04:00
dilanbhalla
e1949c7d69 Merge pull request #64 from microsoft/jb1/v2.17.2
Merge upstream codeql-cli/v2.17.2
2024-05-09 15:06:11 -07:00
Josh Brown
d0329609e3 Manual merge v2.17.2 2024-05-09 13:23:42 -07:00
Dilan
7d944ccd43 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-04-24 15:59:16 +00:00
Josh Brown
5d2aa8b1ca Merge pull request #49 from microsoft/jb1/zipslip-performance-fix
Zipslip performance fix
2024-04-19 03:24:42 +10:00
Josh Brown
20033b9b04 Merge pull request #58 from microsoft/jb1/improper-array-index
Jb1/improper array index
2024-04-19 03:24:27 +10:00
Josh Brown
db49d95e77 Filter out tests directories 2024-04-17 11:47:23 -07:00
Josh Brown
88e77ade8e False positive test case 2024-04-09 16:25:09 -07:00
dilanbhalla
9709ebb2a3 Merge pull request #62 from microsoft/jb1/dfs-patch
DFS CPP + Java Compile Error patch
2024-04-09 16:05:51 -07:00
Josh Brown
7d8abf0eef DataflowStack Signature fix 2024-04-09 15:28:49 -07:00
dilanbhalla
f99d2b0f78 Merge pull request #61 from microsoft/upstream-test
Merge upstream/main
2024-04-05 15:45:16 -07:00
Josh Brown
30bf0a7c8b manual merge 2024-04-05 15:30:56 -07:00
Josh Brown
37d5c69e18 minor formatting 2024-04-05 14:53:07 -07:00
Josh Brown
31a1f43bba constrain TT for SanitizedGuardTaintTrackingconfiguration to be only sourced from methods where there is a rootsanitizerMethodCall wihtin it 2024-03-28 10:50:59 -07:00
Josh Brown
f5197d75d8 autoformat + update hasQualifiedName 2024-03-28 10:50:59 -07:00
Josh Brown
80dc5f0d27 revert to enhanced version with performance issue 2024-03-28 10:50:58 -07:00
Denis Levin
baee3a3db3 Extendign password variable detection with patterns and antipatterns from C# query (#59) 2024-03-27 12:50:52 -04:00
Dilan
3325cb9ec6 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-03-26 12:59:35 +00:00
Josh Brown
720285f724 Filter out sources from test directories 2024-03-25 11:10:13 -07:00
Josh Brown
a3eecc33a8 Filter our sources in test folders 2024-03-22 14:47:14 -07:00
Dilan
955fd2cc5a Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-03-21 13:00:21 +00:00
dilanbhalla
ebb37ac0c2 Merge pull request #57 from microsoft/dilan/2.16.4-merge
2.16.4 Upgrade + ZipSlip Expected File Conflict
2024-03-11 14:29:53 -07:00
Dilan Bhalla
dfdb5c9c9d merging 2.16.4, resolving zipslip .expected file conflict 2024-03-11 14:12:21 -07:00
Chanel
bbdf97e8f3 Merge pull request #55 from microsoft/dilan/chanel-sql-tedious
Chanel PR (SQL Tedious Package)
2024-02-28 11:13:22 -08:00
dilanbhalla
8e05f2a1f0 Update SQL.qll 2024-02-27 13:38:39 -08:00
dilanbhalla
134010ac7e Update SQL.qll 2024-02-27 13:30:38 -08:00
dilanbhalla
fd51a7dbc1 Update README.md (test) 2024-02-26 14:56:15 -08:00
dilanbhalla
fb78b0dc93 Update README.md (test) 2024-02-26 14:36:02 -08:00
dilanbhalla
3d25260891 Update README.md (test) 2024-02-26 14:33:56 -08:00
dilanbhalla
47c41bd3e2 Update README.md (test) 2024-02-26 14:29:39 -08:00
Dilan Bhalla
87fd2fc067 upgrading to 2.16.3, resolving zipslip merge conflict 2024-02-22 15:24:05 -08:00
Josh Brown
98fb82fd10 Merge pull request #53 from microsoft/jb1/dataflowstack/java
DataFlowStack - Java Impl
2024-02-17 05:30:34 +11:00
Josh Brown
ba1eab32ba Merge remote-tracking branch 'origin/main' into jb1/dataflowstack/java 2024-02-15 17:34:46 -08:00
Josh Brown
34cec001b6 java DataFlowStack impl 2024-02-14 10:57:40 -08:00
Dilan
50dad18134 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-02-12 18:59:04 +00:00
Josh Brown
5e9826a345 Merge pull request #26 from microsoft/jb1/lib/dataflowstack
DataFlowStack Common Library Init
2024-02-09 10:00:33 +11:00
Josh Brown
c92c212ea0 fix syntax errors introduced 2024-02-08 14:17:16 -08:00
Josh Brown
df915dc60c Merge commit '737dd9d4c1' into jb1/lib/dataflowstack 2024-02-08 08:18:04 -08:00
Josh Brown
9147b9dd21 Merge branch 'jb1/lib/dataflowstack' of github.com:microsoft/codeql into jb1/lib/dataflowstack 2024-02-07 12:56:08 -08:00
Josh Brown
beed67ad23 Address PR Comments 2024-02-07 12:56:00 -08:00
Josh Brown
c0fd03499a Update shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll 2024-02-08 06:15:29 +11:00
Josh Brown
3056e8cdab Remove getNode as required interface 2024-01-29 16:15:57 -08:00
Josh Brown
2314d3be16 stubs 2024-01-29 16:14:20 -08:00
Josh Brown
151d001713 stub predicates for DataFlowCall 2024-01-27 18:18:43 -08:00
Josh Brown
39500b1965 getAnArgumentNode 2024-01-26 18:59:41 -08:00
Dilan
737dd9d4c1 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-01-25 14:59:06 +00:00
Josh Brown
bba946a06e filling out further definitions, and code comments 2024-01-18 18:10:55 -08:00
Dilan
6c2c786571 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2024-01-16 14:59:23 +00:00
Josh Brown
9c1e33e66d FlowStackFrame class working, TODO: getSucceedingTerminalStateFrame() 2024-01-12 15:13:37 -08:00
Josh Brown
e4a30bf791 BiStackAnalysisInit 2024-01-03 17:29:43 -08:00
Josh Brown
4e84c84e2d Manual merge main 2023-12-29 17:01:56 -08:00
Josh Brown
f661529122 Merge pull request #37 from microsoft/jb1/df-java-isSource
MethodCallInsecureFileCreation isSource
2023-12-29 09:37:06 +11:00
Josh Brown
2f163b070a MethodCallInsecureFileCreation isSource 2023-12-28 10:08:50 -08:00
Josh Brown
0f48db2694 Merge pull request #36 from microsoft/jb1/upgrade-shared-df-pathnode
Upgrade Shared DataFlow PathNode Signature
2023-12-28 05:15:22 +11:00
Josh Brown
5a8185dcaf Syntax fix - extra or 2023-12-22 11:47:31 -08:00
Josh Brown
f57a5d7650 Upgrade shared DataFlow PathNode signature to include getASuccessor(), isSource() 2023-12-22 10:45:16 -08:00
Dilan
ff202c9e88 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-12-20 19:59:37 +00:00
Josh Brown
59732036b2 cpp getARuntimeTarget 2023-12-15 12:18:47 -08:00
Josh Brown
079f0fdbb5 StackFrameAnalysis example 2023-12-14 15:27:21 -08:00
Josh Brown
d1b1650cdd StackFrameAnalysis module 2023-12-14 14:26:26 -08:00
Josh Brown
09bc54b644 Merge commit '2bc9039d8486ec0be727ae3836237e97ec791e85' into jb1/lib/dataflowstack 2023-12-13 10:38:13 -08:00
Josh Brown
5750c8df72 Removing comment 2023-12-13 10:09:41 -08:00
Dilan
2bc9039d84 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-12-11 16:59:07 +00:00
Josh Brown
d9aac53ec0 Merge remote-tracking branch 'origin/main' into jb1/lib/dataflowstack 2023-12-06 08:34:02 -08:00
Dilan
9214f63b5f Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-11-30 18:37:51 +00:00
dilanbhalla
e83425813b Merge pull request #33 from microsoft/dilan/revert-printf-qll
Revert Printf.qll
2023-11-30 10:36:49 -08:00
dilanbhalla
b6b67b35ce Update Printf.qll 2023-11-30 10:36:03 -08:00
Josh Brown
3559a5a5a1 Merge pull request #31 from microsoft/jb1/performance/revert-zipslip
Revert Zipslip to upstream
2023-11-28 05:34:04 +11:00
Josh Brown
c06ae12d58 Revert Zipslip to upstream 2023-11-16 10:47:57 -08:00
Dilan
954d489613 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-11-13 13:01:39 +00:00
Ben Rodes
b6eaf2fa61 Adding missing strsafe sprintf variants. (#30)
(cherry picked from commit bdae2af0e2)
2023-11-08 14:46:09 -05:00
Josh Brown
c161ed42e1 dataflowstack init 2023-11-02 17:18:08 -07:00
Ben Rodes
d9364c060e Merge pull request #14482 from MathiasVP/additional-call-targets-for-cpp (#23)
C++: Add an abstract class that can be used to extend `viableCallable`

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2023-10-23 10:12:11 -04:00
Dilan Bhalla
1cdf4aafb0 manual merge for 2.15.1, resolve zipslip conflict 2023-10-19 12:51:03 -07:00
dilanbhalla
90b7fd52c0 Update ZipSlipQuery.qll 2023-10-19 12:24:39 -07:00
dilanbhalla
6066e82071 Merge pull request #22 from microsoft/brodes/additional_target_cherry_pick
Brodes/additional target cherry pick
2023-10-18 11:15:35 -07:00
Benjamin Rodes
075e992ebe Revert "Cherry picking commit bbf9bcde2a (#21)"
This reverts commit d4e5b27969.
2023-10-18 10:32:58 -04:00
Benjamin Rodes
1026d89158 Merge branch 'main' into brodes/additional_target_cherry_pick 2023-10-18 10:23:06 -04:00
Benjamin Rodes
f19919bb52 Revert "Cherry picking commit bbf9bcde2a (#21)"
d4e5b27969
This reverts commit d4e5b27969.
2023-10-18 10:17:53 -04:00
Ben Rodes
d4e5b27969 Cherry picking commit bbf9bcde2a (#21)
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2023-10-17 13:46:36 -04:00
Mathias Vorreiter Pedersen
ab827a5acd Cherry picking commit bbf9bcde2a 2023-10-17 13:43:06 -04:00
Dilan
8555600c44 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-10-11 13:02:07 +00:00
Josh Brown
ea63fc03d5 Merge pull request #14289 from microsoft/jb1/16-cryptography-models-libraries-and-queries-migration (#19)
16 cryptography models libraries and queries migration

Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
2023-10-04 13:34:09 -04:00
Dilan
2bc3e28b18 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-09-26 13:59:31 +00:00
dilanbhalla
e5f74ddf8f Update sync-main.yml 2023-09-14 11:56:27 -07:00
Dilan
4d77490444 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-09-14 16:13:35 +00:00
dilanbhalla
73a4cc89e3 Update sync-main.yml 2023-09-13 19:03:40 -07:00
dilanbhalla
c2fee6758f Update sync-main.yml 2023-09-13 19:03:25 -07:00
dilanbhalla
c30661e1c1 Update CONTRIBUTING.md 2023-09-13 18:50:16 -07:00
dilanbhalla
3a75325ecb Update README.md 2023-09-13 18:49:48 -07:00
dilanbhalla
d185c94549 Update sync-main.yml 2023-09-13 18:45:37 -07:00
dilanbhalla
4e656de043 Update CONTRIBUTING.md 2023-09-13 18:38:11 -07:00
dilanbhalla
fc00da801f Update README.md 2023-09-12 21:19:42 -07:00
Dilan
bc2bb19491 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-09-12 16:13:57 +00:00
Dilan Bhalla
cd16271a56 Merge branch 'main' of https://github.com/github/codeql 2023-08-30 10:48:32 -07:00
Dilan Bhalla
3d7e6792e5 modifying gh libs instead of creating msft copies 2023-08-28 18:59:16 -07:00
Dilan Bhalla
76cec33ba8 Microsoft 2.14.3 resolving taintflow warning 2023-08-28 16:46:52 -07:00
Dilan Bhalla
7f61bfe155 fixing tainttracking module 2.14.3 2023-08-28 15:37:36 -07:00
Dilan
eb0e2c48ea Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-08-28 22:03:51 +00:00
Dilan Bhalla
d9b45c817d Merge branch 'main' of https://github.com/microsoft/codeql 2023-08-27 23:53:31 -07:00
Dilan Bhalla
5ee67421b7 microsoft dataflow fix for 2.14.3 2023-08-27 23:53:25 -07:00
Dilan Bhalla
6b23eeebc5 Merge branch 'main' of https://github.com/github/codeql 2023-08-27 23:45:53 -07:00
Dilan
019cff2fc0 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-08-25 17:41:23 +00:00
dilanbhalla
0a9fc79525 Update sync-main.yml 2023-08-25 10:40:26 -07:00
dilanbhalla
f2994e70d0 Update DataFlow.qll 2023-08-25 10:39:28 -07:00
Dilan Bhalla
da08e0b4bd Reverting temp dataflow from 2.14.3 to 2.14.1 2023-08-24 00:51:51 -07:00
Dilan Bhalla
8a9fd3539e Adding internal C++ dataflow library 2023-08-23 00:05:19 -07:00
Dilan Bhalla
7acd76dc4c temporarily disable sync main until 2.14.3 2023-08-22 09:56:49 -07:00
Dilan
08147f08df Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-07-28 12:01:37 +00:00
Dilan
d3e36cb49e Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-07-13 18:33:38 +00:00
Dilan
acda5fd88b Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-07-06 12:01:35 +00:00
dilanbhalla
72471f6993 Ben update to iterator.qll 2023-06-26 10:09:42 -07:00
Dilan
eb7a6667d7 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-06-19 20:49:44 +00:00
microsoft-github-policy-service[bot]
7b1c964869 Auto merge mandatory file pr
This pr is auto merged as it contains a mandatory file and is opened for more than 10 days.
2023-06-12 18:05:12 +00:00
microsoft-github-policy-service[bot]
c8f19d6ef0 Microsoft mandatory file 2023-06-02 16:20:00 +00:00
Dilan
7976cf8e77 Merge tag 'codeql-cli/latest'
Compatible with the latest released version of the CodeQL CLI
2023-05-31 17:57:24 +00:00
dilanbhalla
cb47517020 Update sync-main.yml 2023-05-31 10:56:29 -07:00
dilanbhalla
4b0d2b972f Update sync-main.yml 2023-05-31 10:45:25 -07:00
dilanbhalla
4e5a095e1c Merge pull request #9 from microsoft/jb1/zipslip-fix
Manual Merge: C# ZipSlip Conflict
2023-05-24 11:19:13 -07:00
Josh Brown
56b1047f66 Manual merge + updated test case of C# ZipSlip 2023-05-23 17:23:56 +10:00
Dilan Bhalla
6fbc070aaf sync with upstream repository 2023-04-26 17:10:42 -07:00
Dilan Bhalla
b3cd535bdd removing dead code test 2023-04-24 15:46:38 -07:00
Dilan Bhalla
bc51aee6ec removing debugging git log line 2023-04-24 15:27:05 -07:00
Dilan Bhalla
9c72cba7e2 removing unshallow 2023-04-24 15:16:50 -07:00
Dilan Bhalla
8ce078ef2c unshallow fetch 2023-04-24 15:14:27 -07:00
Dilan Bhalla
54716a84cf remove allow unrelated histories on git merge 2023-04-24 15:04:49 -07:00
Dilan Bhalla
4fb30f35b3 test predicate 2023-04-24 14:59:43 -07:00
Dilan Bhalla
fd05c130d4 allow unrelated histories on merge 2023-04-24 14:55:18 -07:00
Dilan Bhalla
b0e4305c95 josh zipslip improvements 2023-04-24 14:49:27 -07:00
Dilan Bhalla
885d2491d8 merge instead of rebase 2023-04-24 14:46:35 -07:00
8217 changed files with 478741 additions and 114153 deletions

5
.gitattributes vendored
View File

@@ -88,3 +88,8 @@
# swift prebuilt resources
/swift/third_party/resources/*.zip filter=lfs diff=lfs merge=lfs -text
/swift/third_party/resources/*.tar.zst filter=lfs diff=lfs merge=lfs -text
# This upgrade script must use windows line-endings to be compatible with old
# databases.
/powershell/ql/lib/upgrades/ce269c61feda10a8ca0d16519085f7e55741a694/old.dbscheme eol=crlf
/powershell/downgrades/802d5b9f407fb0dac894df1c0b4584f2215e1512/semmlecode.powershell.dbscheme eol=crlf

4
.github/copilot-instructions.md vendored Normal file
View File

@@ -0,0 +1,4 @@
When reviewing code:
* do not review changes in files with `.expected` extension (they are automatically ensured to be correct).
* in `.ql` and `.qll` files, do not try to review the code itself as you don't understand the programming language
well enough to make comments in these languages. You can still check for typos or comment improvements.

View File

@@ -16,7 +16,6 @@ on:
- "shared/**/*.qll"
- "!**/experimental/**"
- "!ql/**"
- "!rust/**"
- ".github/workflows/check-change-note.yml"
jobs:

View File

@@ -0,0 +1,23 @@
name: Check overlay annotations
on:
push:
branches:
- main
- 'rc/*'
pull_request:
branches:
- main
- 'rc/*'
permissions:
contents: read
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check overlay annotations
run: python config/add-overlay-annotations.py --check java

View File

@@ -1,35 +0,0 @@
name: "Go: Run Tests - Other OS"
on:
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "!go/ql/**" # don't run other-os if only ql/ files changed
- .github/workflows/go-tests-other-os.yml
- .github/actions/**
- codeql-workspace.yml
- MODULE.bazel
- .bazelrc
- misc/bazel/**
permissions:
contents: read
jobs:
test-mac:
name: Test MacOS
runs-on: macos-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Run tests
uses: ./go/actions/test
test-win:
name: Test Windows
runs-on: windows-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Run tests
uses: ./go/actions/test

View File

@@ -1,22 +0,0 @@
name: "Go: Run RTJO Tests"
on:
pull_request:
types:
- labeled
permissions:
contents: read
jobs:
test-linux:
if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
name: RTJO Test Linux (Ubuntu)
runs-on: ubuntu-latest-xl
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Run tests
uses: ./go/actions/test
with:
run-code-checks: true
dynamic-join-order-mode: all

View File

@@ -1,20 +1,9 @@
name: "Go: Run Tests"
on:
push:
paths:
- "go/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**
- codeql-workspace.yml
branches:
- main
- "rc/*"
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**

View File

@@ -0,0 +1,152 @@
name: Microsoft CodeQL Pack Publish
on:
workflow_dispatch:
jobs:
check-branch:
runs-on: ubuntu-latest
steps:
- name: Fail if not on main branch
run: |
if [ "$GITHUB_REF" != "refs/heads/main" ]; then
echo "This workflow can only run on the 'main' branch."
exit 1
fi
codeqlversion:
needs: check-branch
runs-on: ubuntu-latest
outputs:
codeql_version: ${{ steps.set_codeql_version.outputs.codeql_version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set CodeQL Version
id: set_codeql_version
run: |
git fetch
git fetch --tags
CURRENT_COMMIT=$(git rev-list -1 HEAD)
CURRENT_TAG=$(git describe --tags --abbrev=0 --match 'codeql-cli/v*' $CURRENT_COMMIT)
CODEQL_VERSION="${CURRENT_TAG#codeql-cli/}"
echo "CODEQL_VERSION=$CODEQL_VERSION" >> $GITHUB_OUTPUT
publishlibs:
environment: secure-publish
needs: codeqlversion
runs-on: ubuntu-latest
strategy:
matrix:
language: ['powershell']
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install CodeQL
shell: bash
run: |
gh extension install github/gh-codeql
gh codeql download "${{ needs.codeqlversion.outputs.codeql_version }}"
gh codeql set-version "${{ needs.codeqlversion.outputs.codeql_version }}"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Publish OS Microsoft CodeQL Lib Pack
shell: bash
run: |
# Download latest qlpack
gh codeql pack download "microsoft/$LANGUAGE-all"
PACK_DIR="$HOME/.codeql/packages/microsoft/$LANGUAGE-all"
VERSION_COUNT=$(ls -d "$PACK_DIR"/*/ | wc -l)
[[ "$VERSION_COUNT" -ne 1 ]] && { echo "Expected exactly one version in $PACK_DIR, but found $VERSION_COUNT. Exiting."; exit 1; }
# Increment version
CURRENT_VERSION=$(ls -v "$PACK_DIR" | tail -n 1)
MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
MINOR=$(echo "$CURRENT_VERSION" | cut -d. -f2)
PATCH=$(echo "$CURRENT_VERSION" | cut -d. -f3)
NEXT_VERSION="$MAJOR.$MINOR.$((PATCH + 1))"
# Extract dependencies from the existing qlpack.yml before deleting
DEPENDENCIES=$(yq 'select(has("dependencies")) | .dependencies | {"dependencies": .}' "$LANGUAGE/ql/lib/qlpack.yml" 2>/dev/null)
DATAEXTENSIONS=$(yq 'select(has("dataExtensions")) | .dataExtensions | {"dataExtensions": .}' "$LANGUAGE/ql/lib/qlpack.yml" 2>/dev/null)
rm -f "$LANGUAGE/ql/lib/qlpack.yml" "$LANGUAGE/ql/lib/qlpack.lock"
# Create new qlpack.yml with modified content
cat <<EOF > "$LANGUAGE/ql/lib/qlpack.yml"
name: microsoft/$LANGUAGE-all
version: $NEXT_VERSION
extractor: $LANGUAGE
groups:
- $LANGUAGE
- microsoft-all
dbscheme: semmlecode.$LANGUAGE.dbscheme
extractor: $LANGUAGE
library: true
upgrades: upgrades
$DEPENDENCIES
$DATAEXTENSIONS
warnOnImplicitThis: true
EOF
# Publish pack
cat "$LANGUAGE/ql/lib/qlpack.yml"
gh codeql pack publish "$LANGUAGE/ql/lib"
env:
LANGUAGE: ${{ matrix.language }}
GITHUB_TOKEN: ${{ secrets.PACKAGE_PUBLISH }}
publish:
environment: secure-publish
needs: codeqlversion
runs-on: ubuntu-latest
strategy:
matrix:
language: ['csharp', 'cpp', 'java', 'javascript', 'python', 'ruby', 'go', 'rust', 'swift', 'powershell', 'iac']
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install CodeQL
shell: bash
run: |
gh extension install github/gh-codeql
gh codeql download "${{ needs.codeqlversion.outputs.codeql_version }}"
gh codeql set-version "${{ needs.codeqlversion.outputs.codeql_version }}"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Publish OS Microsoft CodeQL Pack
shell: bash
run: |
# Download latest qlpack
gh codeql pack download "microsoft/$LANGUAGE-queries"
PACK_DIR="$HOME/.codeql/packages/microsoft/$LANGUAGE-queries"
VERSION_COUNT=$(ls -d "$PACK_DIR"/*/ | wc -l)
[[ "$VERSION_COUNT" -ne 1 ]] && { echo "Expected exactly one version in $PACK_DIR, but found $VERSION_COUNT. Exiting."; exit 1; }
# Increment version
CURRENT_VERSION=$(ls -v "$PACK_DIR" | tail -n 1)
MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
MINOR=$(echo "$CURRENT_VERSION" | cut -d. -f2)
PATCH=$(echo "$CURRENT_VERSION" | cut -d. -f3)
NEXT_VERSION="$MAJOR.$MINOR.$((PATCH + 1))"
# Extract dependencies from the existing qlpack.yml before deleting
DEPENDENCIES=$(yq 'select(has("dependencies")) | .dependencies | {"dependencies": .}' "$LANGUAGE/ql/src/qlpack.yml" 2>/dev/null)
rm -f "$LANGUAGE/ql/src/qlpack.yml" "$LANGUAGE/ql/src/qlpack.lock"
# Create new qlpack.yml with modified content
cat <<EOF > "$LANGUAGE/ql/src/qlpack.yml"
name: microsoft/$LANGUAGE-queries
version: $NEXT_VERSION
extractor: $LANGUAGE
groups:
- $LANGUAGE
- queries
$DEPENDENCIES
EOF
# Publish pack
cat "$LANGUAGE/ql/src/qlpack.yml"
gh codeql pack publish "$LANGUAGE/ql/src"
env:
LANGUAGE: ${{ matrix.language }}
GITHUB_TOKEN: ${{ secrets.PACKAGE_PUBLISH }}

View File

@@ -0,0 +1,32 @@
name: PowerShell PR Check
on:
pull_request:
branches:
- main
workflow_dispatch:
jobs:
powershell-pr-check:
name: powershell-pr-check
runs-on: windows-latest
if: github.repository == 'microsoft/codeql'
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ github.token }}
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
with:
channel: release
- name: Install PowerShell
run: |
$path = Split-Path (Get-Command codeql).Source
./powershell/build-win64.ps1 $path
- name: Run QL tests
run: |
codeql test run --threads=0 powershell/ql/test

View File

@@ -53,7 +53,7 @@ jobs:
- name: Create database
run: |
"${CODEQL}" database create \
--search-path "${{ github.workspace }}"
--search-path "${{ github.workspace }}" \
--threads 4 \
--language ql --source-root "${{ github.workspace }}/repo" \
"${{ runner.temp }}/database"

28
.github/workflows/sync-main-tags.yml vendored Normal file
View File

@@ -0,0 +1,28 @@
name: Sync Main Tags
on:
pull_request:
types:
- closed
branches:
- main
jobs:
sync-main-tags:
name: Sync Main Tags
runs-on: ubuntu-latest
if: github.repository == 'microsoft/codeql' && github.event.pull_request.merged == true && github.event.pull_request.head.ref == 'auto/sync-main-pr'
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Push Tags
run: |
git remote add upstream https://github.com/github/codeql.git
git fetch upstream --tags --force
git push --force origin --tags
env:
GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}

91
.github/workflows/sync-main.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: Sync Main
on:
push:
branches:
- main
paths:
- .github/workflows/sync-main.yml
schedule:
- cron: '55 * * * *'
jobs:
sync-main:
name: Sync-main
runs-on: ubuntu-latest
if: github.repository == 'microsoft/codeql'
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.WORKFLOW_TOKEN }}
- name: Git config
shell: bash
run: |
git config user.name "dilanbhalla"
git config user.email "dilanbhalla@microsoft.com"
- name: Git checkout auto/sync-main-pr
shell: bash
run: |
git fetch origin
if git ls-remote --exit-code --heads origin auto/sync-main-pr > /dev/null; then
echo "Branch exists remotely. Checking it out."
git checkout -B auto/sync-main-pr origin/auto/sync-main-pr
else
echo "Branch does not exist remotely. Creating from main."
git checkout -B auto/sync-main-pr origin/main
git push -u origin auto/sync-main-pr
fi
- name: Sync origin/main
shell: bash
run: |
echo "::group::Sync with main branch"
git pull origin auto/sync-main-pr; exitCode=$?; if [ $exitCode -ne 0 ]; then exitCode=0; fi
git pull origin main --no-rebase
git push --force origin auto/sync-main-pr
echo "::endgroup::"
- name: Sync upstream/codeql-cli/latest
shell: bash
run: |
echo "::group::Set up remote"
git remote add upstream https://github.com/github/codeql.git
git fetch upstream --tags --force
echo "::endgroup::"
echo "::group::Merge codeql-cli/latest"
set -x
git merge codeql-cli/latest
set +x
echo "::endgroup::"
- name: Push sync branch
run: |
git push origin auto/sync-main-pr
env:
GITHUB_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
- name: Create PR if it doesn't exist
shell: bash
run: |
pr_number=$(gh pr list --repo microsoft/codeql --head auto/sync-main-pr --base main --json number --jq '.[0].number')
if [ -n "$pr_number" ]; then
echo "PR from auto/sync-main-pr to main already exists (PR #$pr_number). Exiting gracefully."
else
if git fetch origin main auto/sync-main-pr && [ -n "$(git rev-list origin/main..origin/auto/sync-main-pr)" ]; then
echo "PR does not exist. Creating one..."
gh pr create --repo microsoft/codeql --fill -B main -H auto/sync-main-pr \
--label 'autogenerated' \
--title 'Sync Main (autogenerated)' \
--body "This PR syncs the latest changes from \`codeql-cli/latest\` into \`main\`." \
--reviewer 'MathiasVP' \
--reviewer 'ropwareJB'
else
echo "No changes to sync from auto/sync-main-pr to main. Exiting gracefully."
fi
fi
env:
GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "iac"]
path = iac
url = https://github.com/advanced-security/codeql-extractor-iac

1
Cargo.lock generated
View File

@@ -419,6 +419,7 @@ dependencies = [
"lazy_static",
"rayon",
"regex",
"serde_json",
"tracing",
"tracing-subscriber",
"tree-sitter",

View File

@@ -37,6 +37,7 @@ bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True
# the versions there are canonical, the versions here are used for CI in github/codeql, as well as for the vendoring of dependencies.
RUST_EDITION = "2024"
# run buildutils-internal/scripts/fill-rust-sha256s.py when updating (internal repo)
RUST_VERSION = "1.86.0"
rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
@@ -47,6 +48,29 @@ rust.toolchain(
"x86_64-apple-darwin",
"aarch64-apple-darwin",
],
# generated by buildutils-internal/scripts/fill-rust-sha256s.py (internal repo)
sha256s = {
"rustc-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "4438b809ce4a083af31ed17aeeedcc8fc60ccffc0625bef1926620751b6989d7",
"rustc-1.86.0-x86_64-apple-darwin.tar.xz": "42b76253626febb7912541a30d3379f463dec89581aad4cb72c6c04fb5a71dc5",
"rustc-1.86.0-aarch64-apple-darwin.tar.xz": "23b8f52102249a47ab5bc859d54c9a3cb588a3259ba3f00f557d50edeca4fde9",
"rustc-1.86.0-x86_64-pc-windows-msvc.tar.xz": "fdde839fea274529a31e51eb85c6df1782cc8479c9d1bc24e2914d66a0de41ab",
"clippy-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "02aaff2c1407d2da8dba19aa4970dd873e311902b120a66cbcdbe51eb8836edf",
"clippy-1.86.0-x86_64-apple-darwin.tar.xz": "bb85efda7bbffaf124867f5ca36d50932b1e8f533c62ee923438afb32ff8fe9a",
"clippy-1.86.0-aarch64-apple-darwin.tar.xz": "239fa3a604b124f0312f2af08537874a1227dba63385484b468cca62e7c4f2f2",
"clippy-1.86.0-x86_64-pc-windows-msvc.tar.xz": "d00498f47d49219f032e2c5eeebdfc3d32317c0dc3d3fd7125327445bc482cb4",
"cargo-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "c5c1590f7e9246ad9f4f97cfe26ffa92707b52a769726596a9ef81565ebd908b",
"cargo-1.86.0-x86_64-apple-darwin.tar.xz": "af163eb02d1a178044d1b4f2375960efd47130f795f6e33d09e345454bb26f4e",
"cargo-1.86.0-aarch64-apple-darwin.tar.xz": "3cb13873d48c3e1e4cc684d42c245226a11fba52af6b047c3346ed654e7a05c0",
"cargo-1.86.0-x86_64-pc-windows-msvc.tar.xz": "e57a9d89619b5604899bac443e68927bdd371e40f2e03e18950b6ceb3eb67966",
"llvm-tools-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "282145ab7a63c98b625856f44b905b4dc726b497246b824632a5790debe95a78",
"llvm-tools-1.86.0-x86_64-apple-darwin.tar.xz": "b55706e92f7da989207c50c13c7add483a9fedd233bc431b106eca2a8f151ec9",
"llvm-tools-1.86.0-aarch64-apple-darwin.tar.xz": "04d3618c686845853585f036e3211eb9e18f2d290f4610a7a78bdc1fcce1ebd9",
"llvm-tools-1.86.0-x86_64-pc-windows-msvc.tar.xz": "721a17cc8dc219177e4277a3592253934ef08daa1e1b12eda669a67d15fad8dd",
"rust-std-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "67be7184ea388d8ce0feaf7fdea46f1775cfc2970930264343b3089898501d37",
"rust-std-1.86.0-x86_64-apple-darwin.tar.xz": "3b1140d54870a080080e84700143f4a342fbd02a410a319b05d9c02e7dcf44cc",
"rust-std-1.86.0-aarch64-apple-darwin.tar.xz": "0fb121fb3b8fa9027d79ff598500a7e5cd086ddbc3557482ed3fdda00832c61b",
"rust-std-1.86.0-x86_64-pc-windows-msvc.tar.xz": "3d5354b7b9cb950b58bff3fce18a652aa374bb30c8f70caebd3bd0b43cb41a33",
},
versions = [RUST_VERSION],
)
use_repo(rust, "rust_toolchains")
@@ -206,6 +230,7 @@ use_repo(
"kotlin-compiler-2.1.0-Beta1",
"kotlin-compiler-2.1.20-Beta1",
"kotlin-compiler-2.2.0-Beta1",
"kotlin-compiler-2.2.20-Beta2",
"kotlin-compiler-embeddable-1.6.0",
"kotlin-compiler-embeddable-1.6.20",
"kotlin-compiler-embeddable-1.7.0",
@@ -218,6 +243,7 @@ use_repo(
"kotlin-compiler-embeddable-2.1.0-Beta1",
"kotlin-compiler-embeddable-2.1.20-Beta1",
"kotlin-compiler-embeddable-2.2.0-Beta1",
"kotlin-compiler-embeddable-2.2.20-Beta2",
"kotlin-stdlib-1.6.0",
"kotlin-stdlib-1.6.20",
"kotlin-stdlib-1.7.0",
@@ -230,6 +256,7 @@ use_repo(
"kotlin-stdlib-2.1.0-Beta1",
"kotlin-stdlib-2.1.20-Beta1",
"kotlin-stdlib-2.2.0-Beta1",
"kotlin-stdlib-2.2.20-Beta2",
)
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

View File

@@ -29,3 +29,5 @@ You can install the [CodeQL for Visual Studio Code](https://marketplace.visualst
### Tasks
The `.vscode/tasks.json` file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the `Terminal | Run Task...` menu option, and then select the desired task from the dropdown. You can also invoke the `Tasks: Run Task` command from the command palette.

41
SECURITY.md Normal file
View File

@@ -0,0 +1,41 @@
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->

View File

@@ -1,3 +1,13 @@
## 0.4.14
No user-facing changes.
## 0.4.13
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
## 0.4.12
### Minor Analysis Improvements

View File

@@ -0,0 +1,5 @@
## 0.4.13
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.

View File

@@ -0,0 +1,3 @@
## 0.4.14
No user-facing changes.

View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.12
lastReleaseVersion: 0.4.14

View File

@@ -72,7 +72,7 @@ string normalizePath(string path) {
then result = path
else
// foo -> GITHUB_WORKSPACE/foo
if path.regexpMatch("^[^/~].*")
if path.regexpMatch("^[^$/~].*")
then result = "GITHUB_WORKSPACE/" + path.regexpReplaceAll("/$", "")
else
// ~/foo -> ~/foo

View File

@@ -262,8 +262,10 @@ class ArtifactPoisoningSink extends DataFlow::Node {
ArtifactPoisoningSink() {
download.getAFollowingStep() = poisonable and
// excluding artifacts downloaded to /tmp
// excluding artifacts downloaded to the temporary directory
not download.getPath().regexpMatch("^/tmp.*") and
not download.getPath().regexpMatch("^\\$\\{\\{\\s*runner\\.temp\\s*}}.*") and
not download.getPath().regexpMatch("^\\$RUNNER_TEMP.*") and
(
poisonable.(Run).getScript() = this.asExpr() and
(

View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.12
version: 0.4.14
library: true
warnOnImplicitThis: true
dependencies:

View File

@@ -1,3 +1,11 @@
## 0.6.6
No user-facing changes.
## 0.6.5
No user-facing changes.
## 0.6.4
No user-facing changes.

View File

@@ -1,6 +1,4 @@
# Environment Path Injection
## Description
## Overview
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
@@ -12,11 +10,11 @@ echo "$HOME/.local/bin" >> $GITHUB_PATH
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
## Recommendations
## Recommendation
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
## Examples
## Example
### Incorrect Usage
@@ -36,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

View File

@@ -1,6 +1,4 @@
# Environment Path Injection
## Description
## Overview
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
@@ -12,11 +10,11 @@ echo "$HOME/.local/bin" >> $GITHUB_PATH
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
## Recommendations
## Recommendation
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
## Examples
## Example
### Incorrect Usage
@@ -36,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

View File

@@ -1,6 +1,4 @@
# Environment Variable Injection
## Description
## Overview
GitHub Actions allow to define environment variables by writing to a file pointed to by the `GITHUB_ENV` environment variable:
@@ -37,7 +35,7 @@ steps:
If an attacker can control the values assigned to environment variables and there is no sanitization in place, the attacker will be able to inject additional variables by injecting new lines or `{delimiters}`.
## Recommendations
## Recommendation
1. **Do not allow untrusted data to influence environment variables**:
@@ -64,7 +62,7 @@ If an attacker can control the values assigned to environment variables and ther
} >> "$GITHUB_ENV"
```
## Examples
## Example
### Example of Vulnerability
@@ -113,5 +111,5 @@ An attacker is be able to run arbitrary code by injecting environment variables
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- Synacktiv: [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

View File

@@ -1,6 +1,4 @@
# Environment Variable Injection
## Description
## Overview
GitHub Actions allow to define environment variables by writing to a file pointed to by the `GITHUB_ENV` environment variable:
@@ -37,7 +35,7 @@ steps:
If an attacker can control the values assigned to environment variables and there is no sanitization in place, the attacker will be able to inject additional variables by injecting new lines or `{delimiters}`.
## Recommendations
## Recommendation
1. **Do not allow untrusted data to influence environment variables**:
@@ -64,7 +62,7 @@ If an attacker can control the values assigned to environment variables and ther
} >> "$GITHUB_ENV"
```
## Examples
## Example
### Example of Vulnerability
@@ -113,5 +111,5 @@ An attacker would be able to run arbitrary code by injecting environment variabl
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- Synacktiv: [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

View File

@@ -1,18 +1,16 @@
# Code Injection in GitHub Actions
## Description
## Overview
Using user-controlled input in GitHub Actions may lead to code injection in contexts like _run:_ or _script:_.
Code injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing an attacker to make changes to the repository.
## Recommendations
## Recommendation
The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable using the native syntax of the shell/script interpreter (that is, not _${{ env.VAR }}_).
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage

View File

@@ -1,18 +1,16 @@
# Code Injection in GitHub Actions
## Description
## Overview
Using user-controlled input in GitHub Actions may lead to code injection in contexts like _run:_ or _script:_.
Code injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing an attacker to make changes to the repository.
## Recommendations
## Recommendation
The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable using the native syntax of the shell/script interpreter (that is, not _${{ env.VAR }}_).
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage

View File

@@ -1,13 +1,11 @@
# Use of Actions with known vulnerabilities
## Description
## Overview
The security of the workflow and the repository could be compromised by GitHub Actions workflows that utilize GitHub Actions with known vulnerabilities.
## Recommendations
## Recommendation
Either remove the component from the workflow or upgrade it to a version that is not vulnerable.
## References
- [GitHub Docs: Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
- GitHub Docs: [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot).

View File

@@ -1,12 +1,21 @@
# Actions Job and Workflow Permissions are not set
## Description
## Overview
If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
## Recommendations
## Recommendation
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task:
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.
## Example
### Incorrect Usage
```yaml
name: "My workflow"
# No permissions block
```
### Correct Usage
```yaml
name: "My workflow"
@@ -27,4 +36,4 @@ jobs:
## References
- [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs)
- GitHub Docs: [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs).

View File

@@ -1,14 +1,12 @@
# Improper Access Control
## Description
## Overview
Sometimes labels are used to approve GitHub Actions. An authorization check may not be properly implemented, allowing an attacker to mutate the code after it has been reviewed and approved by label.
## Recommendations
## Recommendation
When using labels, make sure that the code cannot be modified after it has been reviewed and the label has been set.
## Examples
## Example
### Incorrect Usage
@@ -57,4 +55,4 @@ jobs:
## References
- [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target)
- GitHub Docs: [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target).

View File

@@ -1,14 +1,12 @@
# Excessive Secrets Exposure
## Description
## Overview
When the workflow runner cannot determine what secrets are needed to run the workflow, it will pass all the available secrets to the runner including organization and repository secrets. This violates the least privileged principle and increases the impact of a potential vulnerability affecting the workflow.
## Recommendations
## Recommendation
Only pass those secrets that are needed by the workflow. Avoid using expressions such as `toJSON(secrets)` or dynamically accessed secrets such as `secrets[format('GH_PAT_%s', matrix.env)]` since the workflow will need to receive all secrets to decide at runtime which one needs to be used.
## Examples
## Example
### Incorrect Usage
@@ -48,5 +46,5 @@ env:
## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow)
- [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md)
- GitHub Docs: [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).
- poutine: [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md).

View File

@@ -1,6 +1,4 @@
# Storage of sensitive information in GitHub Actions artifact
## Description
## Overview
Sensitive information included in a GitHub Actions artifact can allow an attacker to access the sensitive information if the artifact is published.
@@ -10,6 +8,8 @@ Only store information that is meant to be publicly available in a GitHub Action
## Example
### Incorrect Usage
The following example uses `actions/checkout` to checkout code which stores the GITHUB_TOKEN in the \`.git/config\` file and then stores the contents of the \`.git\` repository into the artifact:
```yaml
@@ -28,6 +28,8 @@ jobs:
path: .
```
### Correct Usage
The issue has been fixed below, where the `actions/upload-artifact` uses a version (v4+) which does not include hidden files or directories into the artifact.
```yaml

View File

@@ -1,14 +1,12 @@
# Unmasked Secret Exposure
## Description
## Overview
Secrets derived from other secrets are not known to the workflow runner, and therefore are not masked unless explicitly registered.
## Recommendations
## Recommendation
Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow, since these read values will not be masked by the workflow runner.
## Examples
## Example
### Incorrect Usage
@@ -34,4 +32,4 @@ Avoid defining non-plain secrets. For example, do not define a new secret contai
## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow)
- GitHub Docs: [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).

View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -78,6 +76,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -123,6 +121,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -80,6 +78,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

View File

@@ -1,17 +1,15 @@
# Untrusted Checkout TOCTOU (Time-of-check to time-of-use)
## Description
## Overview
Untrusted Checkout is protected by a security check but the checked-out branch can be changed after the check.
## Recommendations
## Recommendation
Verify that the code has not been modified after the security check. This may be achieved differently depending on the type of check:
- Deployment Environment Approval: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
- Label Gates: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
## Examples
## Example
### Incorrect Usage (Deployment Environment Approval)
@@ -99,4 +97,4 @@ jobs:
## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU)
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

View File

@@ -1,17 +1,15 @@
# Untrusted Checkout TOCTOU (Time-of-check to time-of-use)
## Description
## Overview
Untrusted Checkout is protected by a security check but the checked-out branch can be changed after the check.
## Recommendations
## Recommendation
Verify that the code has not been modified after the security check. This may be achieved differently depending on the type of check:
- Deployment Environment Approval: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
- Label Gates: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
## Examples
## Example
### Incorrect Usage (Deployment Environment Approval)
@@ -99,4 +97,4 @@ jobs:
## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU)
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

View File

@@ -1,6 +1,4 @@
# If Condition Always Evaluates to True
## Description
## Overview
GitHub Workflow Expressions (`${{ ... }}`) used in the `if` condition of jobs or steps must not contain extra characters or spaces. Otherwise, the condition is invariably evaluated to `true`.
@@ -14,7 +12,7 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
2. Avoid multiline or spaced-out conditional expressions that might inadvertently introduce unwanted characters or formatting.
3. Test the workflow to ensure the `if` conditions behave as expected under different scenarios.
## Examples
## Example
### Correct Usage
@@ -60,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173)
- GitHub actions/runner Issues: [Expression Always True](https://github.com/actions/runner/issues/1173).

View File

@@ -1,6 +1,4 @@
# If Condition Always Evaluates to True
## Description
## Overview
GitHub Workflow Expressions (`${{ ... }}`) used in the `if` condition of jobs or steps must not contain extra characters or spaces. Otherwise, the condition is invariably evaluated to `true`.
@@ -14,7 +12,7 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
2. Avoid multiline or spaced-out conditional expressions that might inadvertently introduce unwanted characters or formatting.
3. Test the workflow to ensure the `if` conditions behave as expected under different scenarios.
## Examples
## Example
### Correct Usage
@@ -60,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173)
- GitHub actions/runner Issues: [Expression Always True](https://github.com/actions/runner/issues/1173).

View File

@@ -1,16 +1,14 @@
# Artifact poisoning
## Description
## Overview
The workflow downloads artifacts that may be poisoned by an attacker in previously triggered workflows. If the contents of these artifacts are not correctly extracted, stored and verified, they may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Always consider artifacts content as untrusted.
- Extract the contents of artifacts to a temporary folder so they cannot override existing files.
- Verify the contents of the artifacts downloaded. If an artifact is expected to contain a numeric value, verify it before using it.
## Examples
## Example
### Incorrect Usage
@@ -69,4 +67,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

View File

@@ -1,16 +1,14 @@
# Artifact poisoning
## Description
## Overview
The workflow downloads artifacts that may be poisoned by an attacker in previously triggered workflows. If the contents of these artifacts are not correctly extracted, stored and verified, they may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Always consider artifacts content as untrusted.
- Extract the contents of artifacts to a temporary folder so they cannot override existing files.
- Verify the contents of the artifacts downloaded. If an artifact is expected to contain a numeric value, verify it before using it.
## Examples
## Example
### Incorrect Usage
@@ -69,4 +67,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

View File

@@ -1,14 +1,12 @@
# Unpinned tag for 3rd party Action in workflow
## Description
## Overview
Using a tag for a 3rd party Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
## Recommendations
## Recommendation
Pinning an action to a full length commit SHA is currently the only way to use a non-immutable action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
## Examples
## Example
### Incorrect Usage
@@ -24,4 +22,4 @@ Pinning an action to a full length commit SHA is currently the only way to use a
## References
- [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- GitHub Docs: [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).

View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

View File

@@ -1,13 +1,11 @@
# Unneccesary use of advanced configuration
## Description
## Overview
The CodeQL workflow does not use any custom settings and could be simplified by switching to the CodeQL default setup.
## Recommendations
## Recommendation
If there is no reason to have a custom configuration switch to the CodeQL default setup.
## References
- [GitHub Docs: Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository)
- GitHub Docs: [Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository).

View File

@@ -0,0 +1,3 @@
## 0.6.5
No user-facing changes.

View File

@@ -0,0 +1,3 @@
## 0.6.6
No user-facing changes.

View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.4
lastReleaseVersion: 0.6.6

View File

@@ -1,18 +1,16 @@
# Argument Injection in GitHub Actions
## Description
## Overview
Passing user-controlled arguments to certain commands in the context of `Run` steps may lead to arbitrary code execution.
Argument injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing the attacker to make changes to the repository.
## Recommendations
## Recommendation
When possible avoid passing user-controlled data to commands which may spawn new processes using some of their arguments.
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage
@@ -35,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR/g;1e whoami;#` and the
## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/)
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/)
- [GTFOBins](https://gtfobins.github.io/)
- Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- Argument Injection Vectors: [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [GTFOBins](https://gtfobins.github.io/).

View File

@@ -1,18 +1,16 @@
# Argument Injection in GitHub Actions
## Description
## Overview
Passing user-controlled arguments to certain commands in the context of `Run` steps may lead to arbitrary code execution.
Argument injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing the attacker to make changes to the repository.
## Recommendations
## Recommendation
When possible avoid passing user-controlled data to commands which may spawn new processes using some of their arguments.
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage
@@ -35,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR|g;1e whoami;#` and the
## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/)
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/)
- [GTFOBins](https://gtfobins.github.io/)
- Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- Argument Injection Vectors: [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [GTFOBins](https://gtfobins.github.io/).

View File

@@ -1,14 +1,12 @@
# Unversioned Immutable Action
## Description
## Overview
This action is eligible for Immutable Actions, a new GitHub feature that is currently only available for internal users. Immutable Actions are released as packages in the GitHub package registry instead of resolved from a pinned SHA at the repository. The Immutable Action provides the same immutability as pinning the version to a SHA but with improved readability and additional security guarantees.
## Recommendations
## Recommendation
For internal users: when using [immutable actions](https://github.com/github/package-registry-team/blob/main/docs/immutable-actions/immutable-actions-howto.md) use the full semantic version of the action. This will ensure that the action is resolved to the exact version stored in the GitHub package registry.
## Examples
## Example
### Incorrect Usage
@@ -25,4 +23,4 @@ For internal users: when using [immutable actions](https://github.com/github/pac
## References
- [Consuming immutable actions]()
- [Consuming immutable actions]().

View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.4
version: 0.6.6
library: false
warnOnImplicitThis: true
groups: [actions, queries]

View File

@@ -0,0 +1,19 @@
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
path: ${{ runner.temp }}/artifacts/
- run: npm install

View File

@@ -0,0 +1,19 @@
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
path: /tmp/artifacts/
- run: npm install

View File

@@ -0,0 +1,19 @@
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
path: $RUNNER_TEMP/artifacts/
- run: npm install

View File

@@ -0,0 +1,18 @@
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- run: npm install

View File

@@ -0,0 +1,19 @@
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
path: ${{ runner.temp }}/artifacts/
- run: npm install

View File

@@ -13,6 +13,7 @@ edges
| .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | provenance | Config |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | Config |
| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | provenance | Config |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | provenance | Config |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | provenance | Config |
| .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:36:15:40:58 | Uses Step | provenance | Config |
| .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | provenance | Config |
@@ -44,6 +45,8 @@ nodes
| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
| .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | semmle.label | make snapshot |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | semmle.label | npm install |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | semmle.label | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n |
| .github/workflows/test18.yml:12:15:33:12 | Uses Step | semmle.label | Uses Step |
@@ -66,6 +69,7 @@ subpaths
| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | python test.py | .github/workflows/artifactpoisoning81.yml:3:5:3:23 | pull_request_target | pull_request_target |
| .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | Uses Step | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | make snapshot | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | npm install | .github/workflows/artifactpoisoning96.yml:2:3:2:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | .github/workflows/artifactpoisoning101.yml:4:3:4:21 | pull_request_target | pull_request_target |
| .github/workflows/test18.yml:36:15:40:58 | Uses Step | .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Uses Step | .github/workflows/test18.yml:3:5:3:16 | workflow_run | workflow_run |
| .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | ./gradlew buildScanPublishPrevious\n | .github/workflows/test25.yml:2:3:2:14 | workflow_run | workflow_run |

View File

@@ -13,6 +13,7 @@ edges
| .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | provenance | Config |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | Config |
| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | provenance | Config |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | provenance | Config |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | provenance | Config |
| .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:36:15:40:58 | Uses Step | provenance | Config |
| .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | provenance | Config |
@@ -44,6 +45,8 @@ nodes
| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
| .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | semmle.label | make snapshot |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | semmle.label | npm install |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | semmle.label | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n |
| .github/workflows/test18.yml:12:15:33:12 | Uses Step | semmle.label | Uses Step |

View File

@@ -51,6 +51,16 @@ edges
| .github/workflows/artifactpoisoning92.yml:19:9:25:6 | Run Step: metadata | .github/workflows/artifactpoisoning92.yml:25:9:28:6 | Uses Step |
| .github/workflows/artifactpoisoning92.yml:25:9:28:6 | Uses Step | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step |
| .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | .github/workflows/artifactpoisoning92.yml:29:9:29:27 | Run Step |
| .github/workflows/artifactpoisoning93.yml:12:9:13:6 | Uses Step | .github/workflows/artifactpoisoning93.yml:13:9:19:6 | Uses Step |
| .github/workflows/artifactpoisoning93.yml:13:9:19:6 | Uses Step | .github/workflows/artifactpoisoning93.yml:19:9:19:24 | Run Step |
| .github/workflows/artifactpoisoning94.yml:12:9:13:6 | Uses Step | .github/workflows/artifactpoisoning94.yml:13:9:19:6 | Uses Step |
| .github/workflows/artifactpoisoning94.yml:13:9:19:6 | Uses Step | .github/workflows/artifactpoisoning94.yml:19:9:19:24 | Run Step |
| .github/workflows/artifactpoisoning95.yml:12:9:13:6 | Uses Step | .github/workflows/artifactpoisoning95.yml:13:9:19:6 | Uses Step |
| .github/workflows/artifactpoisoning95.yml:13:9:19:6 | Uses Step | .github/workflows/artifactpoisoning95.yml:19:9:19:24 | Run Step |
| .github/workflows/artifactpoisoning96.yml:12:9:13:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:9:18:24 | Run Step |
| .github/workflows/artifactpoisoning97.yml:12:9:13:6 | Uses Step | .github/workflows/artifactpoisoning97.yml:13:9:19:6 | Uses Step |
| .github/workflows/artifactpoisoning97.yml:13:9:19:6 | Uses Step | .github/workflows/artifactpoisoning97.yml:19:9:19:25 | Run Step |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:16:9:19:59 | Run Step: pr_number |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step |

View File

@@ -17,16 +17,16 @@
#!/usr/bin/python3
import sys
import os
import re
from difflib import context_diff
OVERLAY_PATTERN = re.compile(r'overlay\[[a-zA-Z?_-]+\]')
def has_overlay_annotations(lines):
'''
Check whether the given lines contain any overlay[...] annotations.
'''
overlays = ["local", "local?", "global", "caller", "caller?"]
annotations = [f"overlay[{t}]" for t in overlays]
return any(ann in line for ann in annotations for line in lines)
return any(OVERLAY_PATTERN.search(line) for line in lines)
def is_line_comment(line):

View File

@@ -1,16 +1,19 @@
{
"files": [
"cpp/ql/lib/semmlecode.cpp.dbscheme",
"javascript/ql/lib/semmlecode.javascript.dbscheme",
"python/ql/lib/semmlecode.python.dbscheme",
"ruby/ql/lib/ruby.dbscheme",
"ql/ql/src/ql.dbscheme"
],
"fragments": [
"/*- Compilations -*/",
"/*- External data -*/",
"/*- Files and folders -*/",
"/*- Diagnostic messages -*/",
"/*- Diagnostic messages: severity -*/",
"/*- Source location prefix -*/",
"/*- Database metadata -*/",
"/*- Lines of code -*/",
"/*- Configuration files with key value pairs -*/",
"/*- YAML -*/",
@@ -20,6 +23,7 @@
"/*- DEPRECATED: Snapshot date -*/",
"/*- DEPRECATED: Duplicate code -*/",
"/*- DEPRECATED: Version control data -*/",
"/*- C++ dbscheme -*/",
"/*- JavaScript-specific part -*/",
"/*- Ruby dbscheme -*/",
"/*- Erb dbscheme -*/",
@@ -31,4 +35,4 @@
"/*- Python dbscheme -*/",
"/*- Empty location -*/"
]
}
}

View File

@@ -231,35 +231,10 @@
"java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
"java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
],
"CryptoAlgorithms Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
"ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll",
"rust/ql/lib/codeql/rust/security/CryptoAlgorithms.qll"
],
"CryptoAlgorithmNames Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
"python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
"ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll",
"rust/ql/lib/codeql/rust/security/internal/CryptoAlgorithmNames.qll"
],
"SensitiveDataHeuristics Python/JS": [
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
"swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll",
"rust/ql/lib/codeql/rust/security/internal/SensitiveDataHeuristics.qll"
],
"IncompleteUrlSubstringSanitization": [
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
"ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll"
],
"Concepts Python/Ruby/JS": [
"python/ql/lib/semmle/python/internal/ConceptsShared.qll",
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll",
"rust/ql/lib/codeql/rust/internal/ConceptsShared.qll"
],
"ApiGraphModels": [
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",

View File

@@ -8,9 +8,9 @@ needs_an_re = re.compile(r'^(?!Unary)[AEIOU]') # Name requiring "an" instead of
start_qldoc_re = re.compile(r'^\s*/\*\*') # Start of a QLDoc comment
end_qldoc_re = re.compile(r'\*/\s*$') # End of a QLDoc comment
blank_qldoc_line_re = re.compile(r'^\s*\*\s*$') # A line in a QLDoc comment with only the '*'
instruction_class_re = re.compile(r'^class (?P<name>[A-aa-z0-9]+)Instruction\s') # Declaration of an `Instruction` class
opcode_base_class_re = re.compile(r'^abstract class (?P<name>[A-aa-z0-9]+)Opcode\s') # Declaration of an `Opcode` base class
opcode_class_re = re.compile(r'^ class (?P<name>[A-aa-z0-9]+)\s') # Declaration of an `Opcode` class
instruction_class_re = re.compile(r'^class (?P<name>[A-Za-z0-9]+)Instruction\s') # Declaration of an `Instruction` class
opcode_base_class_re = re.compile(r'^abstract class (?P<name>[A-Za-z0-9]+)Opcode\s') # Declaration of an `Opcode` base class
opcode_class_re = re.compile(r'^ class (?P<name>[A-Za-z0-9]+)\s') # Declaration of an `Opcode` class
script_dir = path.realpath(path.dirname(__file__))
instruction_path = path.realpath(path.join(script_dir, '../cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll'))

View File

@@ -2,6 +2,9 @@ language: cpp
strategy: dca
destination: cpp/ql/lib/ext/generated
targets:
- name: glibc
with-sinks: false
with-sources: false
- name: zlib
with-sinks: false
with-sources: false

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: Uncomment cases in dbscheme
compatibility: full

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: Remove unused external_package tables from the dbscheme
compatibility: full

View File

@@ -0,0 +1,14 @@
class BuiltinType extends @builtintype {
string toString() { none() }
}
from BuiltinType type, string name, int kind, int kind_new, int size, int sign, int alignment
where
builtintypes(type, name, kind, size, sign, alignment) and
if
type instanceof @complex_fp16 or
type instanceof @complex_std_bfloat16 or
type instanceof @complex_std_float16
then kind_new = 2
else kind_new = kind
select type, name, kind_new, size, sign, alignment

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,3 @@
description: Introduce new complex 16-bit floating-point types
compatibility: backwards
builtintypes.rel: run builtintypes.qlo

View File

@@ -0,0 +1,9 @@
class Function extends @function {
string toString() { none() }
}
from Function f, string n, int k, int new_k
where
functions(f, n, k) and
if builtin_functions(f) then new_k = 6 else new_k = k
select f, n, new_k

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,4 @@
description: Move builtin function identification to its own table
compatibility: full
functions.rel: run functions.qlo
builtin_functions.rel: delete

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: sync dbscheme and delete svn tables
compatibility: full

View File

@@ -0,0 +1,161 @@
class Accessible extends @accessible {
string toString() { none() }
}
class Container extends @container {
string toString() { none() }
}
class Expr extends @expr {
string toString() { none() }
}
class Initialiser extends @initialiser {
string toString() { none() }
}
class Location extends @location_default {
string toString() { none() }
}
class Stmt extends @stmt {
string toString() { none() }
}
predicate isLocationDefault(Location l) {
diagnostics(_, _, _, _, _, l)
or
macroinvocations(_, _, l, _)
or
fun_decls(_, _, _, _, l)
or
var_decls(_, _, _, _, l)
or
type_decls(_, _, l)
or
namespace_decls(_, _, l, _)
or
namespace_decls(_, _, _, l)
or
usings(_, _, l, _)
or
static_asserts(_, _, _, l, _)
or
enumconstants(_, _, _, _, _, l)
or
concept_templates(_, _, l)
or
attributes(_, _, _, _, l)
or
attribute_args(_, _, _, _, l)
or
derivations(_, _, _, _, l)
or
frienddecls(_, _, _, l)
or
comments(_, _, l)
or
namequalifiers(_, _, _, l)
or
lambda_capture(_, _, _, _, _, _, l)
or
preprocdirects(_, _, l)
or
xmllocations(_, l)
or
locations_default(l, _, 0, 0, 0, 0) // For containers.
}
predicate isLocationExpr(Location l) {
initialisers(_, _, _, l)
or
exprs(_, _, l)
}
predicate isLocationStmt(Location l) { stmts(_, _, l) }
newtype TExprOrStmtLocation =
TExprLocation(Location l, Container c, int startLine, int startColumn, int endLine, int endColumn) {
isLocationExpr(l) and
(isLocationDefault(l) or isLocationStmt(l)) and
locations_default(l, c, startLine, startColumn, endLine, endColumn)
} or
TStmtLocation(Location l, Container c, int startLine, int startColumn, int endLine, int endColumn) {
isLocationStmt(l) and
(isLocationDefault(l) or isLocationExpr(l)) and
locations_default(l, c, startLine, startColumn, endLine, endColumn)
}
module Fresh = QlBuiltins::NewEntity<TExprOrStmtLocation>;
class NewLocationBase = @location_default or Fresh::EntityId;
class NewLocation extends NewLocationBase {
string toString() { none() }
}
query predicate new_locations_default(
NewLocation l, Container c, int startLine, int startColumn, int endLine, int endColumn
) {
isLocationDefault(l) and
locations_default(l, c, startLine, startColumn, endLine, endColumn)
}
query predicate new_locations_expr(
NewLocation l, Container c, int startLine, int startColumn, int endLine, int endColumn
) {
exists(Location l_old |
isLocationExpr(l_old) and
locations_default(l_old, c, startLine, startColumn, endLine, endColumn)
|
if not isLocationDefault(l_old) and not isLocationStmt(l)
then l = l_old
else l = Fresh::map(TExprLocation(l_old, c, startLine, startColumn, endLine, endColumn))
)
}
query predicate new_locations_stmt(
NewLocation l, Container c, int startLine, int startColumn, int endLine, int endColumn
) {
exists(Location l_old |
isLocationStmt(l_old) and
locations_default(l_old, c, startLine, startColumn, endLine, endColumn)
|
if not isLocationDefault(l_old) and not isLocationExpr(l)
then l = l_old
else l = Fresh::map(TStmtLocation(l_old, c, startLine, startColumn, endLine, endColumn))
)
}
query predicate new_exprs(Expr e, int kind, NewLocation l) {
exists(Location l_old, Container c, int startLine, int startColumn, int endLine, int endColumn |
exprs(e, kind, l_old) and
locations_default(l_old, c, startLine, startColumn, endLine, endColumn)
|
if not isLocationDefault(l_old) and not isLocationStmt(l)
then l = l_old
else l = Fresh::map(TExprLocation(l_old, c, startLine, startColumn, endLine, endColumn))
)
}
query predicate new_initialisers(Initialiser i, Accessible v, Expr e, NewLocation l) {
exists(Location l_old, Container c, int startLine, int startColumn, int endLine, int endColumn |
initialisers(i, v, e, l_old) and
locations_default(l_old, c, startLine, startColumn, endLine, endColumn)
|
if not isLocationDefault(l_old) and not isLocationStmt(l)
then l = l_old
else l = Fresh::map(TExprLocation(l_old, c, startLine, startColumn, endLine, endColumn))
)
}
query predicate new_stmts(Stmt s, int kind, NewLocation l) {
exists(Location l_old, Container c, int startLine, int startColumn, int endLine, int endColumn |
stmts(s, kind, l_old) and
locations_default(l_old, c, startLine, startColumn, endLine, endColumn)
|
if not isLocationDefault(l_old) and not isLocationExpr(l)
then l = l_old
else l = Fresh::map(TStmtLocation(l_old, c, startLine, startColumn, endLine, endColumn))
)
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,8 @@
description: Merge location tables
compatibility: partial
locations_default.rel: run downgrades.ql new_locations_default
locations_expr.rel: run downgrades.ql new_locations_expr
locations_stmt.rel: run downgrades.ql new_locations_stmt
exprs.rel: run downgrades.ql new_exprs
initialisers.rel: run downgrades.ql new_initialisers
stmts.rel: run downgrades.ql new_stmts

View File

@@ -4,4 +4,3 @@
int main() {
return ONE + TWO + THREE + FOUR;
}
// semmle-extractor-options: --clang -include-pch ${testdir}/clang-pch.testproj/a.pch -Iextra_dummy_path

View File

@@ -1,3 +1,30 @@
## 5.4.0
### New Features
* Exposed various SSA-related classes (`Definition`, `PhiNode`, `ExplicitDefinition`, `DirectExplicitDefinition`, and `IndirectExplicitDefinition`) which were previously only usable inside the internal dataflow directory.
### Minor Analysis Improvements
* The `cpp/overrun-write` query now recognizes more bound checks and thus produces fewer false positives.
## 5.3.0
### Deprecated APIs
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
### New Features
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
## 5.2.0
### Deprecated APIs

View File

@@ -0,0 +1,4 @@
---
category: feature
---
* Added a new class `AdditionalCallTarget` for specifying additional call targets.

View File

@@ -0,0 +1,16 @@
## 5.3.0
### Deprecated APIs
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
### New Features
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.

View File

@@ -0,0 +1,9 @@
## 5.4.0
### New Features
* Exposed various SSA-related classes (`Definition`, `PhiNode`, `ExplicitDefinition`, `DirectExplicitDefinition`, and `IndirectExplicitDefinition`) which were previously only usable inside the internal dataflow directory.
### Minor Analysis Improvements
* The `cpp/overrun-write` query now recognizes more bound checks and thus produces fewer false positives.

View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.2.0
lastReleaseVersion: 5.4.0

View File

@@ -115,6 +115,10 @@ private string normalizeFunctionName(Function f, string algType) {
(result.matches("RSA") implies not f.getName().toUpperCase().matches("%UNIVERSAL%")) and
//rsaz functions deemed to be too low level, and can be ignored
not f.getLocation().getFile().getBaseName().matches("rsaz_exp.c") and
// SHA false positives
(result.matches("SHA") implies not f.getName().toUpperCase().matches("%SHAKE%")) and
// CAST false positives
(result.matches("CAST") implies not f.getName().toUpperCase().matches(["%UPCAST%", "%DOWNCAST%"])) and
// General False positives
// Functions that 'get' do not set an algorithm, and therefore are considered ignorable
not f.getName().toLowerCase().matches("%get%")

View File

@@ -8,7 +8,7 @@ module CryptoInput implements InputSig<Language::Location> {
class LocatableElement = Language::Locatable;
class UnknownLocation = Language::UnknownDefaultLocation;
class UnknownLocation = Language::UnknownLocation;
LocatableElement dfn_to_element(DataFlow::Node node) {
result = node.asExpr() or
@@ -56,7 +56,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig {
module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
/**
* Artifact output to node input configuration
* An artifact output to node input configuration
*/
abstract class AdditionalFlowInputStep extends DataFlow::Node {
abstract DataFlow::Node getOutput();
@@ -91,9 +91,8 @@ module GenericDataSourceFlowConfig implements DataFlow::ConfigSig {
module GenericDataSourceFlow = TaintTracking::Global<GenericDataSourceFlowConfig>;
private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal {
ConstantDataSource() { this instanceof OpenSslGenericSourceCandidateLiteral }
private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof OpenSslGenericSourceCandidateLiteral
{
override DataFlow::Node getOutputNode() { result.asExpr() = this }
override predicate flowsTo(Crypto::FlowAwareElement other) {

Some files were not shown because too many files have changed in this diff Show More