github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
58 257 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

58257 Коммитов

Автор SHA1 Сообщение Дата
Rasmus Wriedt Larsen f62c4108ef
Python: Move `url_has_allowed_host_and_scheme` to Django.qll 2023-09-13 11:55:44 +02:00
erik-krogh 8dad4950a9
add sanitizer guard for url_has_allowed_host_and_scheme 2023-08-31 13:48:42 +02:00
erik-krogh d4bc6e434a
add test with false positive 2023-08-31 13:40:47 +02:00
Tom Hvitved 73370e7282
Merge pull request #14100 from hvitved/dataflow/consistency-pack 
Data flow: Add consistency checks to shared ql pack
 2023-08-31 11:47:40 +02:00
Tom Hvitved 756886808d
Merge pull request #14098 from hvitved/csharp/cil-best-impl 
C#: Speedup `bestImplementation`
 2023-08-31 10:57:28 +02:00
Mathias Vorreiter Pedersen f5509da4bb
Merge pull request #14038 from alexet/delete-ir 
CPP: Add delete/delete[] calls to the IR.
 2023-08-31 09:22:34 +01:00
Asger F 2d5c40db31
Merge pull request #14048 from asgerf/shared/variable-capture-write-source-node 
Variable capture: allow arbitrary data-flow nodes to be the source of a write
 2023-08-31 10:20:48 +02:00
Tom Hvitved c68d0bc936
Merge pull request #14099 from hvitved/csharp/transitive-capture-call-unique 
C#: Do not embed target callable in `TransitiveCapturedCall`
 2023-08-31 10:12:26 +02:00
Michael Nebel ded49015e0
Merge pull request #13970 from michaelnebel/csharp/usereferenceassemlblies 
C#: Compile against the reference assemblies in the standalone extractor (if possible)
 2023-08-31 09:00:30 +02:00
Erik Krogh Kristensen cd289f8207
Merge pull request #14105 from github/dependabot/cargo/ql/chrono-0.4.28 
Bump chrono from 0.4.27 to 0.4.28 in /ql
 2023-08-31 08:16:42 +02:00
dependabot[bot] 4770eb0328
Bump chrono from 0.4.27 to 0.4.28 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.27 to 0.4.28.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.27...v0.4.28)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-31 03:44:01 +00:00
Mathias Vorreiter Pedersen 1159508e4f
Merge pull request #14008 from MathiasVP/reuse-even-more-nodes 
C++: Reuse even more `DataFlow::Node`s
 2023-08-30 19:38:52 +01:00
Alex Eyers-Taylor 59a77666a6 CPP: Remove uneeded indirection around delete calls in the IR. 2023-08-30 16:31:51 +01:00
Michael Nebel 3afa4aa91e C#: Add change note. 2023-08-30 16:51:16 +02:00
Mathias Vorreiter Pedersen 261ba8e02d C++: Add QLDoc to 'isDereference'. 2023-08-30 14:34:30 +01:00
Tom Hvitved 253f932d2a Python: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 9af706c2a5 Swift: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved db304d118b C++: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved fefe64bf0c Java: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 5c8367a695 C#: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved c4b626a416 Ruby: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved de7c9bdd9b Data flow: Add consistency checks to shared ql pack 2023-08-30 15:29:41 +02:00
Michael Nebel 291d7b3e05 C#: Use reference assemblies instead of implementation assemblies. 2023-08-30 14:19:11 +02:00
Michael Nebel a966c0e1eb C#: Do not include the mscorlib assembly and remove the option. 2023-08-30 14:19:11 +02:00
Tom Hvitved ce229fe21f
Merge pull request #14096 from hvitved/ruby/expected-test-fix 
Ruby: Update expected test output
 2023-08-30 13:50:49 +02:00
Tom Hvitved 29982fe30e C#: Do not embed target callable in `TransitiveCapturedCall` 2023-08-30 13:48:44 +02:00
Tom Hvitved 66f5e4a05b C#: Speedup `bestImplementation` 
Avoids an expensive anti-join:

```
[2023-08-29 15:25:48] Evaluated non-recursive predicate _FileSystem#df18ed9a::Make#File#1a556f64::Input#::Container::toString#0#dispred#bf_Method#621e9e2e::__#antijoin_rhs@96d08bc8 in 272332ms (size: 1841891).
Evaluated relational algebra for predicate _FileSystem#df18ed9a::Make#File#1a556f64::Input#::Container::toString#0#dispred#bf_Method#621e9e2e::__#antijoin_rhs@96d08bc8 with tuple counts:
         4632443     ~2%    {3} r1 = JOIN _cil_instruction_3#antijoin_rhs_cil_method_implementation#shared WITH cil_method_implementation ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1

        71945701     ~3%    {3} r2 = JOIN r1 WITH cil_method_implementation_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        71945701  ~1329%    {3} r3 = JOIN r2 WITH Method#621e9e2e::MethodImplementation::getNumberOfInstructions#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
         5016836     ~4%    {4} r4 = JOIN r3 WITH Method#621e9e2e::MethodImplementation::getNumberOfInstructions#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
                            {4} r5 = SELECT r4 ON In.3 < In.2
           65637     ~3%    {2} r6 = SCAN r5 OUTPUT In.0, In.1

        71945701     ~0%    {3} r7 = JOIN r1 WITH cil_method_implementation_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
        71945701     ~1%    {4} r8 = JOIN r7 WITH assemblies ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
        71945701     ~0%    {5} r9 = JOIN r8 WITH cil_method_implementation ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.2, Lhs.0, Lhs.3
        71945701     ~0%    {5} r10 = JOIN r9 WITH assemblies ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        71945701     ~0%    {5} r11 = JOIN r10 WITH FileSystem#df18ed9a::Make#File#1a556f64::Input#::Container::toString#0#dispred#bf ON FIRST 1 OUTPUT Lhs.4, Lhs.1, Lhs.2, Lhs.3, Rhs.1
        71945701     ~2%    {5} r12 = JOIN r11 WITH FileSystem#df18ed9a::Make#File#1a556f64::Input#::Container::toString#0#dispred#bf ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
                            {5} r13 = SELECT r12 ON In.4 > In.3
        33509342     ~0%    {3} r14 = SCAN r13 OUTPUT In.0, In.1, In.2
        33509342     ~0%    {4} r15 = JOIN r14 WITH Method#621e9e2e::MethodImplementation::getNumberOfInstructions#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.0, Lhs.1
        33051362  ~1670%    {2} r16 = JOIN r15 WITH Method#621e9e2e::MethodImplementation::getNumberOfInstructions#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3

        33116999  ~1646%    {2} r17 = r6 UNION r16
                            return r17
```
 2023-08-30 13:46:11 +02:00
Tom Hvitved 7e77c77d92 Ruby: Update expected test output 2023-08-30 13:33:48 +02:00
Anders Starcke Henriksen 44a83a71a8
Merge pull request #13879 from github/starcke/automodel-pack 
Create separate automodel pack
 2023-08-30 13:24:25 +02:00
Rasmus Wriedt Larsen 62c2316124
Merge pull request #14084 from RasmusWL/flask-jsonify 
Python: Remove XSS FP from use of `flask.jsonify`
 2023-08-30 13:07:54 +02:00
Mathias Vorreiter Pedersen 6a21fa04cd
Merge pull request #14034 from geoffw0/hostname 
Swift: New query: Incomplete regular expression for hostnames
 2023-08-30 11:33:36 +01:00
Mathias Vorreiter Pedersen b092da485d C++: Accept more test changes. 2023-08-30 11:26:40 +01:00
Tom Hvitved c32c4bb6d2
Merge pull request #14086 from hvitved/csharp/perf-fixes 
C#: Various performance fixes
 2023-08-30 12:13:52 +02:00
Geoffrey White 39b45fa24f
Merge pull request #13943 from geoffw0/weakhashexample 
Swift: Update the weak sensitive data hashing examples and qhelp
 2023-08-30 10:36:23 +01:00
Michael Nebel f88428f3fd
Merge pull request #14085 from michaelnebel/csharp/use-stubs-5 
C#: Use stubs in unit tests.
 2023-08-30 11:07:53 +02:00
Anders Starcke Henriksen 361ae1747e Merge branch 'main' into starcke/automodel-pack 2023-08-30 09:25:28 +02:00
Michael Nebel a966944fd8
Merge pull request #14083 from michaelnebel/csharp/autobuilderimports 
C#: Re-factor using statements order in autobuilder.
 2023-08-30 08:16:03 +02:00
Erik Krogh Kristensen 9bf5999ca0
Merge pull request #14093 from github/dependabot/cargo/ql/chrono-0.4.27 
Bump chrono from 0.4.26 to 0.4.27 in /ql
 2023-08-30 07:42:44 +02:00
dependabot[bot] e3ff7644f7
Bump chrono from 0.4.26 to 0.4.27 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.26 to 0.4.27.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.26...v0.4.27)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-30 03:14:05 +00:00
Geoffrey White 125629a7e2 Swift: Delete 'usually'. 2023-08-29 23:25:22 +01:00
Geoffrey White 210a5bfff2
Update swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-29 23:24:12 +01:00
Geoffrey White 7006cfd8f8 Swif: Fix paragraph breaks. 2023-08-29 23:00:17 +01:00
Michael Nebel e226c564b6 C#: Base WriteOnlyContainer test on stubs. 2023-08-29 16:24:01 +02:00
Michael Nebel 35a1dd8ba9 C#: Base Useless Code tests on stubs. 2023-08-29 16:20:59 +02:00
Mathias Vorreiter Pedersen e4a11b86d9 Merge branch 'main' into reuse-even-more-nodes 2023-08-29 15:08:30 +01:00
Michael Nebel e9b3f1282a C#: Base UseBraces tests on stubs. 2023-08-29 16:05:15 +02:00
Tom Hvitved 8624ff12be
Merge pull request #14082 from hvitved/csharp/bump-dependencies 
C#: Bump all dependencies
 2023-08-29 15:52:40 +02:00
Michael Nebel fc850b18fe C#: Base ReadOnlyContainer tests on stubs. 2023-08-29 15:36:03 +02:00
Michael Nebel 7d7a893b55 C#: Base Performance tests on stubs. 2023-08-29 15:34:33 +02:00
Jean Helie 41726f52a2
Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata 
Java: Automodel: Add Candidates for Regression Testing
 2023-08-29 14:33:02 +01:00