Skip to content

Commit 9baa7b7

Browse files
committed
Merge branch 'main' of github.com:github/codeql into SharedDataflow_PointsToImpliesDataflow
2 parents 8b13a42 + 62cb4ec commit 9baa7b7

File tree

3,209 files changed

+205368
-62007
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

3,209 files changed

+205368
-62007
lines changed

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@
44
"slevesque.vscode-zipexplorer"
55
],
66
"settings": {
7-
"codeQL.experimentalBqrsParsing": true
7+
"codeQL.runningQueries.memory": 2048
88
}
99
}

.github/codeql/codeql-config.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,5 @@ paths-ignore:
77
- '/cpp/'
88
- '/java/'
99
- '/python/'
10+
- '/javascript/ql/test'
11+
- '/javascript/extractor/tests'

.github/workflows/labeler.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
name: "Pull Request Labeler"
2+
on:
3+
- pull_request_target
4+
5+
jobs:
6+
triage:
7+
runs-on: ubuntu-latest
8+
steps:
9+
- uses: actions/labeler@v2
10+
with:
11+
repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/query-list.yml

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
name: Build code scanning query list
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- 'rc/**'
8+
pull_request:
9+
paths:
10+
- '.github/workflows/query-list.yml'
11+
- 'misc/scripts/generate-code-scanning-query-list.py'
12+
13+
jobs:
14+
build:
15+
16+
runs-on: ubuntu-latest
17+
18+
steps:
19+
- name: Clone self (github/codeql)
20+
uses: actions/checkout@v2
21+
with:
22+
path: codeql
23+
- name: Clone github/codeql-go
24+
uses: actions/checkout@v2
25+
with:
26+
repository: 'github/codeql-go'
27+
path: codeql-go
28+
- name: Set up Python 3.8
29+
uses: actions/setup-python@v2
30+
with:
31+
python-version: 3.8
32+
- name: Download CodeQL CLI
33+
uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
34+
with:
35+
repo: "github/codeql-cli-binaries"
36+
version: "latest"
37+
file: "codeql-linux64.zip"
38+
token: ${{ secrets.GITHUB_TOKEN }}
39+
- name: Unzip CodeQL CLI
40+
run: unzip -d codeql-cli codeql-linux64.zip
41+
- name: Build code scanning query list
42+
run: |
43+
PATH="$PATH:codeql-cli/codeql" python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
44+
- name: Upload code scanning query list
45+
uses: actions/upload-artifact@v2
46+
with:
47+
name: code-scanning-query-list
48+
path: code-scanning-query-list.csv
49+

.vscode/extensions.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@
33
// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
44
// List of extensions which should be recommended for users of this workspace.
55
"recommendations": [
6-
"github.vscode-codeql"
6+
"GitHub.vscode-codeql"
77
],
88
// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
99
"unwantedRecommendations": []
10-
}
10+
}

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ You can use the [interactive query console](https://lgtm.com/help/lgtm/using-que
99

1010
## Contributing
1111

12-
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
12+
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/main/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
1313

1414
## License
1515

change-notes/1.25/analysis-java.md

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,20 +4,26 @@ The following changes in version 1.25 affect Java analysis in all applications.
44

55
## General improvements
66

7-
## New queries
8-
9-
| **Query** | **Tags** | **Purpose** |
10-
|-----------------------------|-----------|--------------------------------------------------------------------|
11-
7+
The Java autobuilder has been improved to detect more Gradle Java versions.
128

139
## Changes to existing queries
1410

1511
| **Query** | **Expected impact** | **Change** |
1612
|------------------------------|------------------------|-----------------------------------|
17-
13+
| Hard-coded credential in API call (`java/hardcoded-credential-api-call`) | More results | The query now recognizes the `BasicAWSCredentials` class of the Amazon client SDK library with hardcoded access key/secret key. |
14+
| Deserialization of user-controlled data (`java/unsafe-deserialization`) | Fewer false positive results | The query no longer reports results using `org.apache.commons.io.serialization.ValidatingObjectInputStream`. |
15+
| Use of a broken or risky cryptographic algorithm (`java/weak-cryptographic-algorithm`) | More results | The query now recognizes the `MessageDigest.getInstance` method. |
16+
| Use of a potentially broken or risky cryptographic algorithm (`java/potentially-weak-cryptographic-algorithm`) | More results | The query now recognizes the `MessageDigest.getInstance` method. |
17+
| Reading from a world writable file (`java/world-writable-file-read`) | More results | The query now recognizes more JDK file operations. |
1818

1919
## Changes to libraries
2020

21+
* The data-flow library has been improved with more taint flow modeling for the
22+
Collections framework and other classes of the JDK. This affects all security
23+
queries using data flow and can yield additional results.
24+
* The data-flow library has been improved with more taint flow modeling for the
25+
Spring framework. This affects all security queries using data flow and can
26+
yield additional results on project that rely on the Spring framework.
2127
* The data-flow library has been improved, which affects most security queries by potentially
2228
adding more results. Flow through methods now takes nested field reads/writes into account.
2329
For example, the library is able to track flow from `"taint"` to `sink()` via the method
@@ -39,3 +45,5 @@ The following changes in version 1.25 affect Java analysis in all applications.
3945
}
4046
}
4147
```
48+
* The library has been extended with more support for Java 14 features
49+
(`switch` expressions and pattern-matching for `instanceof`).
Lines changed: 6 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,9 @@
11
# Improvements to Python analysis
22

3-
The following changes in version 1.25 affect Python analysis in all applications.
4-
5-
## General improvements
6-
7-
8-
## New queries
9-
10-
| **Query** | **Tags** | **Purpose** |
11-
|-----------------------------|-----------|--------------------------------------------------------------------|
12-
13-
14-
## Changes to existing queries
15-
16-
| **Query** | **Expected impact** | **Change** |
17-
|----------------------------|------------------------|------------------------------------------------------------------|
18-
19-
20-
## Changes to libraries
21-
223
* Importing `semmle.python.web.HttpRequest` will no longer import `UntrustedStringKind` transitively. `UntrustedStringKind` is the most commonly used non-abstract subclass of `ExternalStringKind`. If not imported (by one mean or another), taint-tracking queries that concern `ExternalStringKind` will not produce any results. Please ensure such queries contain an explicit import (`import semmle.python.security.strings.Untrusted`).
4+
* Added model of taint sources for HTTP servers using `http.server`.
5+
* Added taint modeling of routed parameters in Flask.
6+
* Improved modeling of built-in methods on strings for taint tracking.
7+
* Improved classification of test files.
8+
* New class `BoundMethodValue` represents a bound method during runtime.
9+
* The query `py/command-line-injection` now recognizes command execution with the `fabric` and `invoke` Python libraries.

change-notes/1.26/analysis-cpp.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,19 @@ The following changes in version 1.26 affect C/C++ analysis in all applications.
1313

1414
| **Query** | **Expected impact** | **Change** |
1515
|----------------------------|------------------------|------------------------------------------------------------------|
16+
| Declaration hides parameter (`cpp/declaration-hides-parameter`) | Fewer false positive results | False positives involving template functions have been fixed. |
1617
| Inconsistent direction of for loop (`cpp/inconsistent-loop-direction`) | Fewer false positive results | The query now accounts for intentional wrapping of an unsigned loop counter. |
1718
| Overflow in uncontrolled allocation size (`cpp/uncontrolled-allocation-size`) | | The precision of this query has been decreased from "high" to "medium". As a result, the query is still run but results are no longer displayed on LGTM by default. |
1819
| Comparison result is always the same (`cpp/constant-comparison`) | More correct results | Bounds on expressions involving multiplication can now be determined in more cases. |
1920

2021
## Changes to libraries
2122

22-
* The models library now models some taint flows through `std::array`, `std::vector`, `std::deque`, `std::list` and `std::forward_list`.
23+
* The QL class `Block`, denoting the `{ ... }` statement, is renamed to `BlockStmt`.
24+
* The models library now models many taint flows through `std::array`, `std::vector`, `std::deque`, `std::list` and `std::forward_list`.
2325
* The models library now models many more taint flows through `std::string`.
26+
* The models library now models many taint flows through `std::istream` and `std::ostream`.
27+
* The models library now models some taint flows through `std::shared_ptr`, `std::unique_ptr`, `std::make_shared` and `std::make_unique`.
28+
* The models library now models many taint flows through `std::pair`, `std::map`, `std::unordered_map`, `std::set` and `std::unordered_set`.
29+
* The models library now models `bcopy`.
2430
* The `SimpleRangeAnalysis` library now supports multiplications of the form
2531
`e1 * e2` and `x *= e2` when `e1` and `e2` are unsigned or constant.

change-notes/1.26/analysis-csharp.md

Lines changed: 0 additions & 31 deletions
This file was deleted.

0 commit comments

Comments
 (0)