Skip to content

Commit ed7e499

Browse files
committed
Merge branch 'main' into mathiasvp/read-step-without-memory-operands
2 parents c679516 + 5ffc959 commit ed7e499

File tree

367 files changed

+11988
-3669
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

367 files changed

+11988
-3669
lines changed

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@
44
"slevesque.vscode-zipexplorer"
55
],
66
"settings": {
7-
"codeQL.experimentalBqrsParsing": true
7+
"codeQL.runningQueries.memory": 2048
88
}
99
}

.github/workflows/labeler.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
name: "Pull Request Labeler"
2+
on:
3+
- pull_request_target
4+
5+
jobs:
6+
triage:
7+
runs-on: ubuntu-latest
8+
steps:
9+
- uses: actions/labeler@v2
10+
with:
11+
repo-token: "${{ secrets.GITHUB_TOKEN }}"

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ You can use the [interactive query console](https://lgtm.com/help/lgtm/using-que
99

1010
## Contributing
1111

12-
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
12+
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/main/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
1313

1414
## License
1515

change-notes/1.26/analysis-cpp.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ The following changes in version 1.26 affect C/C++ analysis in all applications.
1919

2020
## Changes to libraries
2121

22-
* The models library now models some taint flows through `std::array`, `std::vector`, `std::deque`, `std::list` and `std::forward_list`.
22+
* The models library now models many taint flows through `std::array`, `std::vector`, `std::deque`, `std::list` and `std::forward_list`.
2323
* The models library now models many more taint flows through `std::string`.
2424
* The `SimpleRangeAnalysis` library now supports multiplications of the form
2525
`e1 * e2` and `x *= e2` when `e1` and `e2` are unsigned or constant.

change-notes/1.26/analysis-csharp.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,10 @@ The following changes in version 1.26 affect C# analysis in all applications.
2121
* Partial method bodies are extracted. Previously, partial method bodies were skipped completely.
2222
* Inferring the lengths of implicitely sized arrays is fixed. Previously, multidimensional arrays were always extracted with the same length for
2323
each dimension. With the fix, the array sizes `2` and `1` are extracted for `new int[,]{{1},{2}}`. Previously `2` and `2` were extracted.
24+
* The extractor is now assembly-insensitive by default. This means that two entities with the same
25+
fully-qualified name are now mapped to the same entity in the resulting database, regardless of
26+
whether they belong to different assemblies. Assembly sensitivity can be reenabled by passing
27+
`--assemblysensitivetrap` to the extractor.
2428

2529
## Changes to libraries
2630

change-notes/1.26/analysis-javascript.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,10 @@
2626

2727
| **Query** | **Expected impact** | **Change** |
2828
|--------------------------------|------------------------------|---------------------------------------------------------------------------|
29+
| Potentially unsafe external link (`js/unsafe-external-link`) | Fewer results | This query no longer flags URLs constructed using a template system where only the hash or query part of the URL is dynamic. |
2930
| Incomplete URL substring sanitization (`js/incomplete-url-substring-sanitization`) | More results | This query now recognizes additional URLs when the substring check is an inclusion check. |
3031
| Ambiguous HTML id attribute (`js/duplicate-html-id`) | Results no longer shown | Precision tag reduced to "low". The query is no longer run by default. |
32+
| Unused loop iteration variable (`js/unused-loop-variable`) | Fewer results | This query no longer flags variables in a destructuring array assignment that are not the last variable in the destructed array. |
3133

3234

3335
## Changes to libraries

config/identical-files.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,5 +335,50 @@
335335
"java/ql/src/semmle/code/xml/XML.qll",
336336
"javascript/ql/src/semmle/javascript/XML.qll",
337337
"python/ql/src/semmle/python/xml/XML.qll"
338+
],
339+
"DuplicationProblems.qhelp": [
340+
"cpp/ql/src/Metrics/Files/DuplicationProblems.qhelp",
341+
"csharp/ql/src/Metrics/Files/DuplicationProblems.qhelp",
342+
"javascript/ql/src/Metrics/DuplicationProblems.qhelp",
343+
"python/ql/src/Metrics/DuplicationProblems.qhelp"
344+
],
345+
"CommentedOutCodeQuery.qhelp": [
346+
"cpp/ql/src/Documentation/CommentedOutCodeQuery.qhelp",
347+
"python/ql/src/Lexical/CommentedOutCodeQuery.qhelp",
348+
"csharp/ql/src/Bad Practices/Comments/CommentedOutCodeQuery.qhelp",
349+
"java/ql/src/Violations of Best Practice/Comments/CommentedOutCodeQuery.qhelp",
350+
"javascript/ql/src/Comments/CommentedOutCodeQuery.qhelp"
351+
],
352+
"FLinesOfCodeReferences.qhelp": [
353+
"java/ql/src/Metrics/Files/FLinesOfCodeReferences.qhelp",
354+
"javascript/ql/src/Metrics/FLinesOfCodeReferences.qhelp"
355+
],
356+
"FCommentRatioCommon.qhelp": [
357+
"java/ql/src/Metrics/Files/FCommentRatioCommon.qhelp",
358+
"javascript/ql/src/Metrics/FCommentRatioCommon.qhelp"
359+
],
360+
"FLinesOfCodeOverview.qhelp": [
361+
"java/ql/src/Metrics/Files/FLinesOfCodeOverview.qhelp",
362+
"javascript/ql/src/Metrics/FLinesOfCodeOverview.qhelp"
363+
],
364+
"CommentedOutCodeMetricOverview.qhelp": [
365+
"cpp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
366+
"csharp/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
367+
"java/ql/src/Metrics/Files/CommentedOutCodeMetricOverview.qhelp",
368+
"javascript/ql/src/Comments/CommentedOutCodeMetricOverview.qhelp",
369+
"python/ql/src/Lexical/CommentedOutCodeMetricOverview.qhelp"
370+
],
371+
"FLinesOfDuplicatedCodeCommon.qhelp": [
372+
"cpp/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.qhelp",
373+
"java/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.qhelp",
374+
"javascript/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.qhelp",
375+
"python/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.qhelp"
376+
],
377+
"CommentedOutCodeReferences.qhelp": [
378+
"cpp/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
379+
"csharp/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
380+
"java/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
381+
"javascript/ql/src/Comments/CommentedOutCodeReferences.qhelp",
382+
"python/ql/src/Lexical/CommentedOutCodeReferences.qhelp"
338383
]
339384
}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<!DOCTYPE qhelp PUBLIC
2+
"-//Semmle//qhelp//EN"
3+
"qhelp.dtd">
4+
<qhelp>
5+
<fragment>
6+
<warning>
7+
This check is an approximation, so some results may not be actual defects in the program.
8+
It is not possible in general to compute the exact value of the variable without running the program with all possible input data.
9+
</warning>
10+
</fragment>
11+
</qhelp>
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<!DOCTYPE qhelp PUBLIC
2+
"-//Semmle//qhelp//EN"
3+
"qhelp.dtd">
4+
<qhelp>
5+
<fragment>
6+
<warning>
7+
This check is an approximation, so some results may not be actual defects in the program.
8+
It is not possible in general to compute which function is actually called in a virtual call,
9+
or a call through a pointer, without running the program with all possible input data.
10+
</warning>
11+
</fragment>
12+
</qhelp>
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<!DOCTYPE qhelp PUBLIC
2+
"-//Semmle//qhelp//EN"
3+
"qhelp.dtd">
4+
<qhelp>
5+
<fragment>
6+
<warning>
7+
This check is an approximation, so some results may not be actual defects in the program.
8+
It is not possible in general to compute the actual branch taken in conditional statements such
9+
as "if" without running the program with all possible input data. This means that it is not possible
10+
to determine if a particular statement is going to be executed.
11+
</warning>
12+
</fragment>
13+
</qhelp>

0 commit comments

Comments
 (0)