codeql

codeql copied to clipboard

Add TCP and UDP socket client taint sources

10

In order to support scenarios as: ```cs using (var tcpConn = new TcpClient("host.example.org", 39544)) { /* read input from socket */ using (StreamReader sr = new StreamReader(tcpConn.GetStream())) { Sink(sr.ReadLine()); }...

JarLob

LGTM.com - fail to detect guard performed in a function

1

**Description of the false positive** From the working example on [js/prototype-pollution-utility doc](https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution-utility/): ```js function merge(dst, src) { for (let key in src) { if (!src.hasOwnProperty(key)) continue; if (dst.hasOwnProperty(key) && isObject(dst[key]))...

bcaudan

C#: Field based summaries for .NET Runtime.

1

michaelnebel

Field-sensitive flow summary generation

2

This PR makes use of [ContentDataFlow](https://github.com/github/codeql/pull/9024) to calculate precise flow summaries for C# and Java.

hvitved

Much sadness: ``` Tuple counts for ImportTime::ImportTimeScope::getOuterVariable#dispred#f0820431#fff/3@64d04d33 after 7.6s: 19624 ~1% {1} r1 = SCAN py_Classes OUTPUT In.0 'this' 19531 ~1% {1} r2 = JOIN r1 WITH ImportTime::ImportTimeScope#class#7851b601#f ON FIRST...

tausbn

Before: ``` Tuple counts for Essa::ScopeEntryDefinition#class#24e22a14#f/1@45e0d8dh after 10.5s: 2133368 ~1% {2} r1 = Essa::TEssaNodeDefinition#24e22a14#ffff_03#join_rhs AND NOT Essa::ImplicitSubModuleDefinition#class#24e22a14#f(Lhs.1 'this') 534478950 ~0% {2} r2 = JOIN r1 WITH Definitions::SsaSourceVariable::getScopeEntryDefinition#dispred#f0820431#ff ON FIRST 1...

tausbn

This makes the AST viewer (which annotates string constant nodes as `Str`, and not `StrConst`) a bit more consistent. Fixes #9833. It might be even better to instead flip the...

tausbn

[Python AST] AST Viewer shows [Str] but no such type exists

6

**Description of the issue** I expect the type names present on the AST viewer to match a real CodeQL type, but this is not the case here. The type could...

fcasal

To get the expression from SwitchCase

9

```c #define ABC XVY(1) { int cmd = 1; int ABC=1; switch(cmd) { case ABC: printf("hello!\n); } } ``` How to get a "ABC" from a SwitchCase class? (Not a...

KeuntaeShin

False Positive - Mismatch in multiple assignment

8

False positive for "Mismatch in multiple assignment" in Python. A mismatch in multiple assignment can occur when the number of values assigned does not match the number of variables to...

MatthewReid854