Skip to content

Commit 19d08d7

Browse files
committed
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2 parents bb53780 + 2a9f7a9 commit 19d08d7

File tree

990 files changed

+16535
-4023
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

990 files changed

+16535
-4023
lines changed

.github/workflows/docs-review.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# When a PR is labelled with 'ready-for-docs-review',
2+
# this workflow comments on the PR to notify the GitHub CodeQL docs team.
3+
name: Request docs review
4+
on:
5+
# Runs in the context of the base repo.
6+
# This gives the workflow write access to comment on PRs.
7+
# The workflow should not check out or build the given ref,
8+
# or use untrusted data from the event payload in a command line.
9+
pull_request_target:
10+
types: [labeled]
11+
12+
jobs:
13+
request-docs-review:
14+
name: Request docs review
15+
# Run only on labelled PRs to the main repository.
16+
# Do not run on PRs to forks.
17+
if:
18+
github.event.label.name == 'ready-for-docs-review'
19+
&& github.event.pull_request.draft == false
20+
&& github.event.pull_request.base.repo.full_name == 'github/codeql'
21+
runs-on: ubuntu-latest
22+
steps:
23+
- name: Comment to request docs review
24+
env:
25+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
26+
PR_NUMBER: ${{ github.event.pull_request.number }}
27+
run: |
28+
gh pr comment "$PR_NUMBER" --repo "github/codeql" \
29+
--body "Hello @github/docs-content-codeql: this PR is ready for docs review."

CODEOWNERS

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,10 @@
1010
/java/**/experimental/**/* @github/codeql-java @xcorail
1111
/javascript/**/experimental/**/* @github/codeql-javascript @xcorail
1212
/python/**/experimental/**/* @github/codeql-python @xcorail
13+
14+
# Notify members of codeql-go about PRs to the shared data-flow library files
15+
/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
16+
/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @github/codeql-java @github/codeql-go
17+
/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
18+
/java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
19+
/java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go

config/identical-files.json

Lines changed: 49 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -374,50 +374,50 @@
374374
"javascript/ql/src/semmle/javascript/XML.qll",
375375
"python/ql/src/semmle/python/xml/XML.qll"
376376
],
377-
"DuplicationProblems.qhelp": [
378-
"cpp/ql/src/Metrics/Files/DuplicationProblems.qhelp",
379-
"csharp/ql/src/Metrics/Files/DuplicationProblems.qhelp",
380-
"javascript/ql/src/Metrics/DuplicationProblems.qhelp",
381-
"python/ql/src/Metrics/DuplicationProblems.qhelp"
382-
],
383-
"CommentedOutCodeQuery.qhelp": [
384-
"cpp/ql/src/Documentation/CommentedOutCodeQuery.qhelp",
385-
"python/ql/src/Lexical/CommentedOutCodeQuery.qhelp",
386-
"csharp/ql/src/Bad Practices/Comments/CommentedOutCodeQuery.qhelp",
387-
"java/ql/src/Violations of Best Practice/Comments/CommentedOutCodeQuery.qhelp",
388-
"javascript/ql/src/Comments/CommentedOutCodeQuery.qhelp"
389-
],
390-
"FLinesOfCodeReferences.qhelp": [
391-
"java/ql/src/Metrics/Files/FLinesOfCodeReferences.qhelp",
392-
"javascript/ql/src/Metrics/FLinesOfCodeReferences.qhelp"
393-
],
394-
"FCommentRatioCommon.qhelp": [
395-
"java/ql/src/Metrics/Files/FCommentRatioCommon.qhelp",
396-
"javascript/ql/src/Metrics/FCommentRatioCommon.qhelp"
397-
],
398-
"FLinesOfCodeOverview.qhelp": [
399-
"java/ql/src/Metrics/Files/FLinesOfCodeOverview.qhelp",
400-
"javascript/ql/src/Metrics/FLinesOfCodeOverview.qhelp"
401-
],
402-
"CommentedOutCodeMetricOverview.qhelp": [
403-
"cpp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
404-
"csharp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
405-
"java/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
406-
"javascript/ql/src/Comments/CommentedOutCodeMetricOverview.qhelp",
407-
"python/ql/src/Lexical/CommentedOutCodeMetricOverview.qhelp"
408-
],
409-
"FLinesOfDuplicatedCodeCommon.qhelp": [
410-
"cpp/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.qhelp",
411-
"java/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.qhelp",
412-
"javascript/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.qhelp",
413-
"python/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.qhelp"
414-
],
415-
"CommentedOutCodeReferences.qhelp": [
416-
"cpp/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
417-
"csharp/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
418-
"java/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
419-
"javascript/ql/src/Comments/CommentedOutCodeReferences.qhelp",
420-
"python/ql/src/Lexical/CommentedOutCodeReferences.qhelp"
377+
"DuplicationProblems.inc.qhelp": [
378+
"cpp/ql/src/Metrics/Files/DuplicationProblems.inc.qhelp",
379+
"csharp/ql/src/Metrics/Files/DuplicationProblems.inc.qhelp",
380+
"javascript/ql/src/Metrics/DuplicationProblems.inc.qhelp",
381+
"python/ql/src/Metrics/DuplicationProblems.inc.qhelp"
382+
],
383+
"CommentedOutCodeQuery.inc.qhelp": [
384+
"cpp/ql/src/Documentation/CommentedOutCodeQuery.inc.qhelp",
385+
"python/ql/src/Lexical/CommentedOutCodeQuery.inc.qhelp",
386+
"csharp/ql/src/Bad Practices/Comments/CommentedOutCodeQuery.inc.qhelp",
387+
"java/ql/src/Violations of Best Practice/Comments/CommentedOutCodeQuery.inc.qhelp",
388+
"javascript/ql/src/Comments/CommentedOutCodeQuery.inc.qhelp"
389+
],
390+
"FLinesOfCodeReferences.inc.qhelp": [
391+
"java/ql/src/Metrics/Files/FLinesOfCodeReferences.inc.qhelp",
392+
"javascript/ql/src/Metrics/FLinesOfCodeReferences.inc.qhelp"
393+
],
394+
"FCommentRatioCommon.inc.qhelp": [
395+
"java/ql/src/Metrics/Files/FCommentRatioCommon.inc.qhelp",
396+
"javascript/ql/src/Metrics/FCommentRatioCommon.inc.qhelp"
397+
],
398+
"FLinesOfCodeOverview.inc.qhelp": [
399+
"java/ql/src/Metrics/Files/FLinesOfCodeOverview.inc.qhelp",
400+
"javascript/ql/src/Metrics/FLinesOfCodeOverview.inc.qhelp"
401+
],
402+
"CommentedOutCodeMetricOverview.inc.qhelp": [
403+
"cpp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.inc.qhelp",
404+
"csharp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.inc.qhelp",
405+
"java/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.inc.qhelp",
406+
"javascript/ql/src/Comments/CommentedOutCodeMetricOverview.inc.qhelp",
407+
"python/ql/src/Lexical/CommentedOutCodeMetricOverview.inc.qhelp"
408+
],
409+
"FLinesOfDuplicatedCodeCommon.inc.qhelp": [
410+
"cpp/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.inc.qhelp",
411+
"java/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.inc.qhelp",
412+
"javascript/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.inc.qhelp",
413+
"python/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.inc.qhelp"
414+
],
415+
"CommentedOutCodeReferences.inc.qhelp": [
416+
"cpp/ql/src/Metrics/Files/CommentedOutCodeReferences.inc.qhelp",
417+
"csharp/ql/src/Metrics/Files/CommentedOutCodeReferences.inc.qhelp",
418+
"java/ql/src/Metrics/Files/CommentedOutCodeReferences.inc.qhelp",
419+
"javascript/ql/src/Comments/CommentedOutCodeReferences.inc.qhelp",
420+
"python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
421421
],
422422
"IDE Contextual Queries": [
423423
"cpp/ql/src/IDEContextual.qll",
@@ -430,5 +430,9 @@
430430
"csharp/ql/src/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
431431
"csharp/ql/src/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
432432
"csharp/ql/src/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll"
433+
],
434+
"CryptoAlgorithms Python/JS": [
435+
"javascript/ql/src/semmle/javascript/security/CryptoAlgorithms.qll",
436+
"python/ql/src/semmle/crypto/Crypto.qll"
433437
]
434-
}
438+
}

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
<PropertyGroup>
44
<OutputType>Exe</OutputType>
5-
<TargetFramework>netcoreapp3.1</TargetFramework>
5+
<TargetFramework>net5.0</TargetFramework>
66
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
77
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
88
<Nullable>enable</Nullable>

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<Project Sdk="Microsoft.NET.Sdk">
22

33
<PropertyGroup>
4-
<TargetFramework>netcoreapp3.1</TargetFramework>
4+
<TargetFramework>net5.0</TargetFramework>
55
<AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
66
<RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
77
<ApplicationIcon />
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* The data-flow library now recognises more side-effects of method chaining (e.g. `someObject.setX(clean).setY(tainted).setZ...` having a side-effect on `someObject`), as well as other related circumstances where a function input is directly passed to its output. All queries that use data-flow analysis, including most security queries, may return more results accordingly.

cpp/ql/src/Critical/DeadCodeCondition.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
It is likely that these conditions indicate an error in the branching condition.
1010
Alternatively, the conditions may have been left behind after debugging.</p>
1111

12-
<include src="aliasAnalysisWarning.qhelp" />
12+
<include src="aliasAnalysisWarning.inc.qhelp" />
1313
</overview>
1414

1515
<recommendation>

cpp/ql/src/Critical/DeadCodeFunction.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ If left in the code base they increase object code size, decrease code comprehen
1313
This type of function may be part of the program's API and could be used by external programs.
1414
</p>
1515

16-
<include src="callGraphWarning.qhelp" />
16+
<include src="callGraphWarning.inc.qhelp" />
1717
</overview>
1818

1919
<recommendation>

cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ This query looks at functions that return file or socket descriptors, but may re
1010
This can occur when an operation performed on the open descriptor fails, and the function returns with an error before it closes the open resource. An improperly handled error could cause the function to leak resource descriptors. Failing to close resources in the function that opened them also makes it more difficult to detect leaks.
1111
</p>
1212

13-
<include src="dataFlowWarning.qhelp" />
13+
<include src="dataFlowWarning.inc.qhelp" />
1414
</overview>
1515

1616
<recommendation>

cpp/ql/src/Critical/DescriptorNeverClosed.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ This rule finds calls to <code>socket</code> where there is no corresponding <co
1010
Leaving descriptors open will cause a resource leak that will persist even after the program terminates.
1111
</p>
1212

13-
<include src="aliasAnalysisWarning.qhelp" />
13+
<include src="aliasAnalysisWarning.inc.qhelp" />
1414
</overview>
1515

1616
<recommendation>

0 commit comments

Comments
 (0)