Commits · github/codeql

Ruby: fix some more style-guide violations in the alert-messages

…from-model Ruby: Move `SummarizedCallableFromModel` into `ModelsAsData.qll`

Co-authored-by: Arthur Baars <aibaars@github.com>

Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`

JS: Improve detection of XSS when JSON.stringify()

…in-default-value-erasure Kotlin: fix type variable erasure inside default function values

Kotlin: Recognize generated files

…ponding-classes Koltin: Extract the corresponding classes of enum entries

CI: fix qhelp preview

…cessor` Before ``` [2022-10-10 14:34:54] Evaluated non-recursive predicate __DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@4bb14aoj in 262ms (size: 2418048). Evaluated relational algebra for predicate __DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@4bb14aoj with tuple counts: 4141389 ~75% {1} r1 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.1 return r1 [2022-10-10 14:34:57] Evaluated non-recursive predicate boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff:__DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body@fb66bb06 in 2754ms (size: 7448123). [2022-10-10 14:35:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@77ff066b in 10892ms (size: 2830055). Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@77ff066b with tuple counts: 4141389 ~0% {3} r1 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.0, In.1, In.1 2192551 ~4% {3} r2 = r1 AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.2) 2192551 ~4% {2} r3 = SCAN r2 OUTPUT In.0, In.2 4141389 ~0% {2} r4 = SCAN _DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp#__#shared OUTPUT In.1, In.0 147138810 ~0% {3} r5 = JOIN r4 WITH boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff:__DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff_DataFlowImplForRegExp__#higher_order_body ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1 637649 ~3% {3} r6 = r5 AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.2) 637649 ~2% {2} r7 = SCAN r6 OUTPUT In.0, In.2 2830200 ~0% {2} r8 = r3 UNION r7 return r8 ``` After ``` [2022-10-10 14:59:08] Evaluated non-recursive predicate boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_10#higher_order_body:_DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_DataFlowImplForReg__#higher_order_body@98a323ne in 384ms (size: 671076). [2022-10-10 14:59:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff@69f158pf in 222ms (size: 2805795). Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff@69f158pf with tuple counts: 2155019 ~0% {1} r1 = DataFlowImplForRegExp#43df744e::PathNodeImpl#class#f AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0) 2155019 ~0% {2} r2 = SCAN r1 OUTPUT In.0, In.0 650776 ~0% {2} r3 = boundedFastTC:DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_10#higher_order_body:_DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorIfHidden#0#dispred#ff_DataFlowImplForReg__#higher_order_body AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0) 650776 ~0% {2} r4 = SCAN r3 OUTPUT In.1, In.0 2805795 ~0% {2} r5 = r2 UNION r4 return r5 [2022-10-10 14:59:09] Evaluated non-recursive predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@5ae9fc5n in 445ms (size: 2830062). Evaluated relational algebra for predicate DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor#0#dispred#ff@5ae9fc5n with tuple counts: 4141389 ~5% {2} r1 = DataFlowImplForRegExp#43df744e::PathNodeImpl::getASuccessorImpl#0#dispred#ff AND NOT DataFlowImplForRegExp#43df744e::PathNodeImpl::isHidden#0#dispred#f(Lhs.0) 4141389 ~0% {2} r2 = SCAN r1 OUTPUT In.1, In.0 2830200 ~0% {2} r3 = JOIN r2 WITH DataFlowImplForRegExp#43df744e::PathNodeImpl::getANonHiddenSuccessor0#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 return r3 ```

The command to gather the changed files uses NULL character terminated "lines", therefore we should supply the `-z` flag to `basename` as well. Otherwise we end up calling `git grep -l "\n"` which would list all files containing a newline.

Python: Fix typo in qldoc

RB: add some more meta queries for Ruby evaluations

C++: Tune cpp/unterminated-variadic-call

Data flow: Avoid call to `pathSuccPlus` in `Configuration::hasFlowTo(Expr)`

Ruby: Avoid computing full `fastTC` for `AstNode::getParent`

Kotlin: ignore properties in `java/internal-representation-exposure` check

Kotlin: Extract `override` modifier on SAM methods

Kotlin: Consider `::class` type check in `java/unchecked-cast-in-equals`

Ruby: Cache use of `DataFlowImplFor(Pathname|HttpClientLibraries)`

Python: Fix flask request modeling

Commits on Oct 9, 2022

Ruby: Cache uses of DataFlowImplForHttpClientLibraries

hvitved committed Oct 9, 2022

efa6b3c

Ruby: Cache use of DataFlowImplForPathname

hvitved committed Oct 9, 2022

9f34bf8

Commits on Oct 11, 2022

Commits on Oct 10, 2022

Commits on Oct 9, 2022