jorgectf
diff --git a/‎CODEOWNERS
Lines changed: 6 additions & 0 deletions b/‎CODEOWNERS
Lines changed: 6 additions & 0 deletions
diff --git a/‎config/identical-files.json
Lines changed: 13 additions & 0 deletions b/‎config/identical-files.json
Lines changed: 13 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-06-30-wrong-type-format-argument.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-06-30-wrong-type-format-argument.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-07-13-cleartext-storage-file.md
Lines changed: 3 additions & 0 deletions b/‎cpp/change-notes/2021-07-13-cleartext-storage-file.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-07-20-toctou-race-condition.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-07-20-toctou-race-condition.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-08-10-has-trailing-return-type.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-08-10-has-trailing-return-type.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
Lines changed: 1 addition & 5 deletions b/‎cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
Lines changed: 1 addition & 5 deletions
@@ -17,3 +17,9 @@
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
+
+# CodeQL tools and associated docs
+/docs/codeql-cli/ @github/codeql-cli-reviewers
+/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
+/docs/ql-language-reference/ @github/codeql-frontend-reviewers
+/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
@@ -6,6 +6,7 @@
     "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
     "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
     "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
     "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
     "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
     "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
@@ -448,5 +449,17 @@
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/src/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/src/semmle/python/security/internal/SensitiveDataHeuristics.qll"
+  ],
+  "ReDoS Util Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll",
+    "python/ql/src/semmle/python/security/performance/ReDoSUtil.qll"
+  ],
+  "ReDoS Exponential Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/ExponentialBackTracking.qll",
+    "python/ql/src/semmle/python/security/performance/ExponentialBackTracking.qll"
+  ],
+  "ReDoS Polynomial Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
+    "python/ql/src/semmle/python/security/performance/SuperlinearBackTracking.qll"
   ]
 }
@@ -0,0 +1,2 @@
+lgtm
+* The 'Uncontrolled data in arithmetic expression' (cpp/uncontrolled-arithmetic) query now recognizes more sources of randomness.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The 'Wrong type of arguments to formatting function' (cpp/wrong-type-format-argument) query is now more accepting of the string and character formatting differences between Microsoft and non-Microsoft platforms.  There are now fewer false positive results.
@@ -0,0 +1,3 @@
+lgtm,codescanning
+* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.
+* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.
@@ -0,0 +1,2 @@
+lgtm
+* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.
@@ -7,10 +7,6 @@
 
 import cpp
 
-class AnonymousCompilation extends Compilation {
-  override string toString() { result = "<compilation>" }
-}
-
 string describe(Compilation c) {
   if c.getArgument(1) = "--mimic"
   then result = "compiler invocation " + concat(int i | i > 1 | c.getArgument(i), " " order by i)
@@ -19,4 +15,4 @@ string describe(Compilation c) {
 
 from Compilation c
 where not c.normalTermination()
-select c, "Extraction aborted for " + describe(c), 2
+select "Extraction aborted for " + describe(c)
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm`
	`2`	`+* The 'Uncontrolled data in arithmetic expression' (cpp/uncontrolled-arithmetic) query now recognizes more sources of randomness.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	`+* The 'Wrong type of arguments to formatting function' (cpp/wrong-type-format-argument) query is now more accepting of the string and character formatting differences between Microsoft and non-Microsoft platforms. There are now fewer false positive results.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+lgtm,codescanning`
	`2`	`+* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.`
	`3`	`+* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm`
	`2`	+* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.