github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
67 823 коммитов 1 544 Ветки 131 Тег 485 MiB
Граф коммитов

699 Коммитов

Автор SHA1 Сообщение Дата
Dave Bartolomeo 613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Tom Hvitved e4cd9d86f6 Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY` 2024-05-23 13:38:35 +02:00
Tom Hvitved a523be4d0a Tree-sitter: Add `set_tracing_level` to shared extractor module 2024-05-23 12:58:53 +02:00
Anders Schack-Mulligen f353065d26 Java: Allow overloading for exact model matches. 2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen 0f864081cb Java: Remove source dispatch when there's an exact match from a manual model. 2024-05-23 10:50:00 +02:00
Dave Bartolomeo ffe4c8c87b Update all pack versions to `1.0.0` 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen bbebdfea8d
Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Tom Hvitved a992b67d97
Merge pull request #16556 from hvitved/dataflow/simplify 
Data flow: Remove two redundant conjuncts
 2024-05-22 13:58:04 +02:00
Tom Hvitved a006c29a00
Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Tom Hvitved 70cf16597b Data flow: Remove two redundant conjuncts 2024-05-22 12:45:11 +02:00
Michael Nebel 84e412fe36
Merge pull request #16477 from michaelnebel/csharp/madinlinetest 
C#: Inline expectation for model generator test.
 2024-05-22 11:05:23 +02:00
Anders Schack-Mulligen 22c1d52381 Dataflow: Add provenance for configuration-specific steps. 2024-05-22 10:05:42 +02:00
Tom Hvitved bebcd679a4 Address review comments 2024-05-21 14:51:52 +02:00
Tom Hvitved 18f138e754 Add change note 2024-05-21 14:47:42 +02:00
Tom Hvitved 454687d583 Data flow: Synthesize parameter return nodes 2024-05-21 14:47:42 +02:00
Tom Hvitved bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Michael Nebel 78b8a9259a Share the Models as Data inline expect predicates. 2024-05-17 09:44:57 +02:00
github-actions[bot] 32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot] 100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Owen Mansel-Chan c11fac81fd
Make summaryThroughStepValue include param outputs 
This matches summaryThroughStepTaint.
 2024-05-07 13:55:42 +01:00
Anders Schack-Mulligen 248ffa15a2
Merge pull request #16318 from aschackmull/dataflow/doublyboundedfasttc 
Dataflow: Use doublyBoundedFastTC.
 2024-05-01 09:48:23 +02:00
github-actions[bot] 99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot] 5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Mathias Vorreiter Pedersen 2482519cd3 DataFlow: Cached second level scope. 2024-04-26 13:09:59 +01:00
Tom Hvitved 95d579d9de Data flow: Fix bad join 
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::ret__#count_range@d112335l with tuple counts:
            285176  ~2%    {3} r1 = SCAN `_DataFlowDispatch::DataFlowCall.getEnclosingCallable/0#dispred#b7b78b19_DataFlowImpl::Impl<Hardcoded__#shared` OUTPUT In.1, In.0, In.2
        3265592261  ~3%    {5}    | JOIN WITH `DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::returnCallEdge1/4#d02cae42_2301#join_rhs` ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Rhs.2, Lhs.1, Rhs.3
             39070  ~8%    {6}    | JOIN WITH `DataFlowImplCommon::Cached::viableImplInCallContextExt/2#58e931ad` ON FIRST 3 OUTPUT Lhs.0, Lhs.3, Lhs.1, Lhs.2, Lhs.4, _
             39070  ~0%    {6}    | REWRITE WITH Out.5 := 1
                           return r1
```
 2024-04-24 12:22:28 +02:00
Anders Schack-Mulligen 830b83f653 Dataflow: Use doublyBoundedFastTC. 2024-04-23 13:07:20 +02:00
Anders Schack-Mulligen b2f09949df
Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 
Dataflow: update fieldFlowBranchLimit semantics
 2024-04-23 10:08:05 +02:00
Tom Hvitved 18acad516b
Merge pull request #16251 from hvitved/dataflow/fix-bad-join2 
Data flow: Fix a bad join
 2024-04-19 09:49:41 +02:00
Anders Schack-Mulligen 595014966a Dataflow: Add change note. 2024-04-19 08:46:04 +02:00
Tom Hvitved 339c40c2b7 Data flow: Fix bad join 2024-04-18 21:30:32 +02:00
Asger F decd576a6b
Merge pull request #15386 from asgerf/js/graph-export 
JS: Add library for exporting graphs as type models
 2024-04-18 11:56:17 +02:00
Asger F c0db40d11a Merge branch 'js/graph-export' of github.com:asgerf/codeql into js/graph-export 2024-04-16 20:25:11 +02:00
Asger F be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Asger F ee5cb6f3d8
Update shared/mad/codeql/mad/dynamic/GraphExport.qll 2024-04-16 20:10:51 +02:00
Asger F 844b29b637
Update shared/mad/codeql/mad/dynamic/GraphExport.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-04-16 20:09:26 +02:00
github-actions[bot] 622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
github-actions[bot] 9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen db6d27bd2b C++: Count return dispatch based on 2nd level scopes. 2024-04-15 15:13:08 +02:00
Anders Schack-Mulligen b87b8329a0 Dataflow: Use default fieldFlowBranchLimit in qltests. 2024-04-15 15:13:03 +02:00
Anders Schack-Mulligen f945687a93 Dataflow: Simplify branch and join. 2024-04-15 15:13:01 +02:00
Anders Schack-Mulligen 82afbbc17b Dataflow: Adjust fieldFlowBranchLimit count (block less) and adjust return edge condition (block more) 2024-04-15 15:12:58 +02:00
Anders Schack-Mulligen 1389c7220b Dataflow: Amend change note. 2024-04-15 14:35:39 +02:00
Asger F 3949ae4123
Update shared/mad/codeql/mad/dynamic/GraphExport.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-04-12 15:00:24 +02:00
Anders Schack-Mulligen b4e23d9487 Dataflow: Address review comments 2024-04-12 09:20:45 +02:00
Anders Schack-Mulligen 31a86574bb Dataflow: Add change note. 2024-04-12 09:20:42 +02:00
Anders Schack-Mulligen 2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Asger F 82101434fd Dynamic: Add hasPrettyName() 2024-04-09 14:32:59 +02:00
Asger F 8cb80d6014 JS: Switch from hasLocationInfo to Location 2024-04-09 14:32:59 +02:00
Asger F acef9b7111 Dynamic/JS: Add library for exporting models 2024-04-09 14:32:58 +02:00
Tom Hvitved 5f8eb7b138
Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content 
Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`
 2024-04-09 11:26:24 +02:00
Mathias Vorreiter Pedersen 2256c4c008
Merge pull request #15728 from MathiasVP/shared-typeflow-library 
Java/Shared: Refactor `TypeFlow.qll` into a shared library
 2024-04-05 16:24:17 +01:00
Mathias Vorreiter Pedersen 27688bf154 Shared: Rename 'joinStep' to 'joinStepNotNull' to prevent name clashes. Rename 'sccJoinStep' to 'sccJoinStepNotNull' to match the new name. 2024-04-05 13:25:29 +01:00
Mathias Vorreiter Pedersen bae633ad24 Shared: Make 'erasedHaveIntersection' more identical to the Java version. 2024-04-05 13:19:21 +01:00
Mathias Vorreiter Pedersen 9deeb67af4
Update shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-04-05 13:10:08 +01:00
Mathias Vorreiter Pedersen bffa262a2c Shared: Make 'getAStrictAncestor' private. 2024-04-05 13:04:26 +01:00
Mathias Vorreiter Pedersen a2c29fe094 Shared: nomagicify 'getASourceSupertype'. 2024-04-05 12:57:11 +01:00
Mathias Vorreiter Pedersen 3f6967829e
Update shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-04-05 12:53:23 +01:00
Mathias Vorreiter Pedersen 1acbb84444 Shared/Java: Make the 'isNull' interface slightly prettier. 2024-04-05 11:58:43 +01:00
Tom Hvitved 79440f6734 Data flow: Fix bad join 
```
Evaluated relational algebra for predicate DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::storeEx/5#34133ef9@0425e0m7 with tuple counts:
           2209132     ~1%    {6} r1 = SCAN `DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::storeExUnrestricted/5#3a86a98e` OUTPUT In.1, In.0, In.1, In.2, In.3, In.4
        4338565685     ~1%    {6}    | JOIN WITH `DataFlowPublic::ContentSet.getAReadContent/0#dispred#e4acf74e_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
          34811200  ~1428%    {5}    | JOIN WITH `project#DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::readSetEx/3#35ac556a` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                              return r1
```
 2024-04-04 10:02:02 +02:00
Tom Hvitved 2d4cf55c87
Merge pull request #15985 from hvitved/ruby/phi-barrier-guards 
Ruby: Extend barrier guards to handle phi inputs
 2024-04-03 15:22:39 +02:00
Tom Hvitved 7871fb8ce6 Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow` 2024-04-03 15:19:34 +02:00
Tom Hvitved 8b78463f25
Merge pull request #16087 from hvitved/dataflow/store-step-exploration 
Data flow: Do not require stores to have matching reads in flow exploration
 2024-04-03 14:10:28 +02:00
Tom Hvitved 550e251d68 Data flow: Do not require stores to have matching reads in flow exploration 2024-04-03 13:28:24 +02:00
Tom Hvitved 1dc13cc169
Merge pull request #15923 from hvitved/shared-xml-impl 
Properly shared `XML.qll` implementation
 2024-04-03 11:39:50 +02:00
github-actions[bot] 8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot] ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Jami d889e3cf98
Merge pull request #14854 from jcogs33/jcogs33/unsafe-url-forward-promotion 
Java: Promote Unsafe URL Forward query from experimental
 2024-03-29 16:34:06 -04:00
Henry Mercer 0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot] f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot] 71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Arthur Baars c219b1a3c7
Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Michael Nebel 6619be3137
Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Tom Hvitved 8f56edea80
Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table 
Tree-sitter: Split up `ast_node_info` table into two tables
 2024-03-20 20:38:18 +01:00
Mathias Vorreiter Pedersen ebac171b2b Java/Shared: Rename 'joinStep0' to 'joinStep'. 2024-03-20 14:40:16 +00:00
Mathias Vorreiter Pedersen 6a65c46b2e Java/Shared: Share more 'isNull' computations. 2024-03-20 14:36:12 +00:00
Mathias Vorreiter Pedersen 90fbacc7bf Java/Shared: Use getLocation instead of hasLocationInfo. 2024-03-20 14:29:48 +00:00
Tom Hvitved 90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Dave Bartolomeo 311ba8ea1b Merge from `main` to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved ee3e38f0eb Simplify test interface in `FlowSummaryImpl.qll` 2024-03-19 14:35:00 +01:00
Michael Nebel 5b37ee4ec7 Re-factor TestOutput into a param module. 2024-03-19 14:20:42 +01:00
Michael Nebel 90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Tom Hvitved 7055cd8239 Make `XML.qll` a parameterized module 2024-03-19 13:14:42 +01:00
Tom Hvitved ccfbd2956c Copy existing `XML.qll` into new a new `codeql/xml` pack 2024-03-19 13:14:42 +01:00
Tom Hvitved cee6f003fd Tree-sitter: Split up `ast_node_info` table into two tables 2024-03-19 10:52:37 +01:00
Tom Hvitved fc55567d90
Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved 0cecbf5239
Update 2024-02-28-hidden-subpaths.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-18 15:36:01 +01:00
Tom Hvitved 7a3b8ebb3a Address review comments 2024-03-18 14:49:35 +01:00
Tom Hvitved 40089e8088 Add change note 2024-03-18 14:49:35 +01:00
Tom Hvitved d7c9bfa08b Data flow: Account for hidden `subpath` wrappers 2024-03-18 14:47:11 +01:00
Tom Hvitved d83500de5d Address review comments 2024-03-18 14:24:07 +01:00
github-actions[bot] aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot] 0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Tom Hvitved a13391bda1
Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Jami Cogswell 1da1e896cb Java: convert SpringModelAndViewSink to MaD 2024-03-13 16:28:41 -04:00
Edward Minnix III c190dd21db
Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Tom Hvitved d7790faece Address review comments 2024-03-12 13:34:55 +01:00
Tom Hvitved 0e0b73a5e6 Address review comment 2024-03-12 11:22:04 +01:00
Tom Hvitved e82e3180f0 Data flow: Replace `hasLocationInfo` with `getLocation` 2024-03-11 20:56:38 +01:00
Ed Minnix bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Tom Hvitved 7a39f077d9 Data flow: Add `ConfigSig::accessPathLimit` 2024-03-11 13:01:58 +01:00