hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3455 Commits

Author SHA1 Message Date
Asger F
76cab235d9 Ruby: reuse argumentPositionMatch 2022-09-28 15:24:48 +02:00
Asger F
8704ccee77 Ruby: mention TNoContentSet is only used by type-tracking 2022-09-28 15:18:09 +02:00
Asger F
c8162f80bf Ruby: add TypeModel.getAnApiNode 2022-09-28 12:17:10 +02:00
Asger F
a48b893ed6 Merge pull request #10588 from asgerf/rb/rbi-instantiated-type 
Ruby: add RbiInstantiatedType
 2022-09-28 11:51:20 +02:00
Tom Hvitved
99b2df0605 Ruby: Make get(Explicit)VisibilityModifier private 2022-09-28 11:16:13 +02:00
Asger F
ee7dea1ab6 Merge branch 'main' into rb/summarize-loads-v2 
This only fixes superficial conflicts with
  https://github.com/github/codeql/pull/10574
semantic conflicts will be addressed in later commits
 2022-09-28 11:11:44 +02:00
Asger F
e56630a485 Ruby: add missing qldoc 2022-09-28 10:49:34 +02:00
Asger F
e1dfed0fcb Ruby: move OptionalContentSet to TypeTrackerSpecific.qll 2022-09-28 10:49:34 +02:00
Asger F
ce3665d50e Ruby: remove unneeded qualified AST import 2022-09-28 10:49:34 +02:00
Asger F
665ee81967 Ruby: revert trackUseNode to idiomatic type-tracking 
The optimizations done here now seem to backfire and cause more problems than they fix.
 2022-09-28 10:49:34 +02:00
Asger F
032847f331 Ruby: inline getContents 2022-09-28 10:49:34 +02:00
Asger F
e09a5e87dd Ruby: clarify what getAnElement() does 2022-09-28 10:49:34 +02:00
Asger F
588b31d15d Ruby: fix another typo 2022-09-28 10:49:34 +02:00
Asger F
a7b92295a2 Ruby: fix a typo 2022-09-28 10:49:34 +02:00
Asger F
7dfa58b50d Remove Content::NoContent 2022-09-28 10:49:34 +02:00
Asger F
dd23e125e5 Rename TypeTrackerContentSet -> TypeTrackerContent 2022-09-28 10:49:34 +02:00
Asger F
6abf77d40d Factor comparison into compatibleContents 2022-09-28 10:49:34 +02:00
Asger F
85d0c63ec7 Ruby: store a ContentSet on type tracker instances 2022-09-28 10:49:34 +02:00
Asger F
e47deaffbf Ruby: More QLDoc police 2022-09-28 10:49:34 +02:00
Asger F
7737e75427 Update some QLDoc comments 2022-09-28 10:49:34 +02:00
Asger F
cbf16579ed Ruby: tweak pipeline a bit 2022-09-28 10:49:33 +02:00
Asger F
b13b2ce319 Ruby: fix join order when building append relation 2022-09-28 10:49:33 +02:00
Asger F
3498a04b89 Ruby: associate ContentSets with store/load edges in type tracker 2022-09-28 10:49:33 +02:00
Asger F
497258eda5 Ruby: reuse Content type 2022-09-28 10:49:33 +02:00
Asger F
ac1b7eb0b9 Remove SetterMethodCall in MkAttribute 2022-09-28 10:49:33 +02:00
Asger F
a64f7cd146 Ruby: simplify getSetterCallAttributeName 2022-09-28 10:49:33 +02:00
Asger F
a51a540582 Ruby: add content edges to API graph 
Fixes
 2022-09-28 10:49:33 +02:00
Asger F
d5e2b93554 Ruby: add API graph label for content 2022-09-28 10:49:33 +02:00
Asger F
cd9cddf45a Ruby: generate type-tracking steps from simple summary specs 2022-09-28 10:49:33 +02:00
Asger F
f1b99e867c Ruby: use IPA type for type tracker contents 
fixup qldoc in OptionalTypeTrckerContent
 2022-09-28 10:49:33 +02:00
Asger F
53ef054c53 Ruby: Add getACallSimple and use it for arrays and hashes 2022-09-28 10:49:24 +02:00
Asger F
182d7d38a8 Update ruby/ql/lib/codeql/ruby/experimental/Rbi.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-09-28 10:36:09 +02:00
Harry Maclean
adb8368e07 Add change note 2022-09-28 12:16:12 +13:00
Harry Maclean
24a10aa5ff Recognise send_file as a FileSystemAccess 
This method is available in ActionController actions, and sends the file
at the given path to the client.
 2022-09-28 12:14:22 +13:00
Harry Maclean
eada74a15c Add change note 2022-09-28 11:43:31 +13:00
Tom Hvitved
2351c0288a Ruby: Fix spurious flow through reverse stores 2022-09-27 20:16:31 +02:00
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Harry Maclean
6e60a6ff2e Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-09-28 05:51:28 +13:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Nick Rolfe
bfda08e69c Ruby: detect uses of libxml with entity substitution enabled by default 
Including uses of ActiveSupport::XmlMini with the libxml backend
 2022-09-27 11:53:43 +01:00
Asger F
ea4ba27297 Ruby: add RbiInstantiatedType 2022-09-27 10:51:29 +02:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Harry Maclean
9709aa87fb Fix changenote month 2022-09-27 15:23:12 +13:00
Harry Maclean
cb8865f3ff Add missing doc 2022-09-27 11:23:08 +13:00
Harry Maclean
6803d96000 Add change note 2022-09-27 10:43:41 +13:00
Tom Hvitved
3717cb30eb Ruby: Fix two join orders 
`getExplicitVisibilityModifier`

Before
[2022-08-17 09:03:16] (186s) Tuple counts for quick_eval#ff/2@2005f7ku after 113ms:
                      39910   ~0%     {2} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT 0, In.0 'this'
                      39910   ~0%     {2} r2 = STREAM DEDUP r1
                      135     ~2%     {2} r3 = JOIN r2 WITH Call#ee92d596::CallImpl::getArgumentImpl#dispred#fbb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2 'result', Lhs.1 'this'
                      134     ~0%     {2} r4 = JOIN r3 WITH Method#8b49e67f::VisibilityModifier#f ON FIRST 1 OUTPUT Lhs.1 'this', Lhs.0 'result'

                      39910   ~0%     {1} r5 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910   ~0%     {1} r6 = STREAM DEDUP r5
                      39910   ~0%     {2} r7 = JOIN r6 WITH Method#8b49e67f::Method::getName#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1
                      39770   ~1%     {3} r8 = JOIN r7 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'this', Lhs.1
                      1859722 ~0%     {3} r9 = JOIN r8 WITH project#Method#8b49e67f::isDeclaredIn#fff#2_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1 'this', Lhs.2
                      11757   ~0%     {4} r10 = JOIN r9 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#bf ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'this', Lhs.0 'result', Rhs.1
                      24206   ~0%     {4} r11 = JOIN r10 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'this', Lhs.2 'result'
                      292     ~0%     {2} r12 = JOIN r11 WITH Expr#6fb2af19::Expr::getConstantValue#dispred#ff ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.3 'result'

                      426     ~0%     {2} r13 = r4 UNION r12
                                      return r13

After
[2022-08-17 09:30:31] (0s) Tuple counts for quick_eval#ff/2@e014fd45 after 5ms:
                      39910 ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910 ~0%     {1} r2 = STREAM DEDUP r1

                      134   ~1%     {2} r3 = JOIN r2 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      37225 ~1%     {3} r4 = JOIN r2 WITH project#Method#8b49e67f::methodIsDeclaredIn#ffff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      382   ~1%     {2} r5 = JOIN r4 WITH Method#8b49e67f::modifiesIn#fff_120#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      516   ~0%     {2} r6 = r3 UNION r5
                                    return r6

`getVisibilityModifier()`

Before
[2022-08-17 09:16:18] (1s) Tuple counts for quick_eval#ff/2@0e9b6ctl after 52ms:
                      39910   ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910   ~0%     {1} r2 = STREAM DEDUP r1
                      424     ~0%     {2} r3 = JOIN r2 WITH Method#8b49e67f::Method::getExplicitVisibilityModifier#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      34953   ~0%     {3} r4 = JOIN quick_eval#ff#shared WITH Method#8b49e67f::isDeclaredIn#fff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      2338    ~0%     {2} r5 = JOIN r4 WITH quick_eval#ff#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      3861    ~0%     {1} r6 = SCAN Method#8b49e67f::SingletonMethod#ff OUTPUT In.0 'this'
                      3861    ~0%     {1} r7 = STREAM DEDUP r6
                      3859    ~6%     {2} r8 = JOIN r7 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1
                      3859    ~6%     {2} r9 = JOIN r8 WITH Method#8b49e67f::SingletonMethod#ff ON FIRST 1 OUTPUT Lhs.0 'this', Lhs.1

                      0       ~0%     {3} r10 = JOIN r9 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1, Lhs.0 'this'

                      3859    ~0%     {3} r11 = JOIN r9 WITH Method#8b49e67f::SingletonMethod::getName#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'this', Lhs.1
                      7731    ~0%     {3} r12 = JOIN r11 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'this', Lhs.2
                      1343055 ~1%     {3} r13 = JOIN r12 WITH Expr#6fb2af19::Expr::getConstantValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'this', Lhs.2
                      6546    ~2%     {3} r14 = JOIN r13 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.2, Lhs.1 'this'

                      6546    ~2%     {3} r15 = r10 UNION r14
                      120     ~2%     {2} r16 = JOIN r15 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.0 'result'

                      2458    ~0%     {2} r17 = r5 UNION r16
                      2882    ~0%     {2} r18 = r3 UNION r17
                                      return r18

After
[2022-08-17 09:29:42] (2s) Tuple counts for quick_eval#ff/2@77b18cdg after 5ms:
                      39910 ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910 ~0%     {1} r2 = STREAM DEDUP r1
                      516   ~0%     {2} r3 = JOIN r2 WITH Method#8b49e67f::Method::getExplicitVisibilityModifier#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      3861  ~0%     {1} r4 = SCAN Method#8b49e67f::SingletonMethod#ff OUTPUT In.0 'this'
                      3861  ~0%     {1} r5 = STREAM DEDUP r4

                      0     ~0%     {2} r6 = JOIN r5 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      516   ~0%     {2} r7 = r3 UNION r6

                      36845 ~0%     {3} r8 = JOIN quick_eval#ff#shared WITH Method#8b49e67f::isDeclaredIn#fff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      2421  ~0%     {2} r9 = JOIN r8 WITH quick_eval#ff#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      2584  ~0%     {3} r10 = JOIN r5 WITH project#Method#8b49e67f::methodIsDeclaredIn#ffff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      39    ~0%     {2} r11 = JOIN r10 WITH Method#8b49e67f::modifiesIn#fff_120#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      2460  ~1%     {2} r12 = r9 UNION r11
                      2976  ~0%     {2} r13 = r7 UNION r12
                                    return r13
 2022-09-27 10:29:06 +13:00
Harry Maclean
92715bac3a Attempt to fix bad join candidates 2022-09-27 10:29:06 +13:00
Harry Maclean
4df7fd248e Ruby: Ensure explicit modifiers take priority 
In Ruby, "explicit" visibility modifiers override "implicit" ones. For
example, in the following:

```rb
class C

  private

  def m1
  end

  public m2
  end

  def m3
  end
  public :m3
end
```

`m1` is private whereas `m2` and `m3` are public.
 2022-09-27 10:28:23 +13:00