hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1092 Commits

Author SHA1 Message Date
Simon Friis Vindum
c55b256d47 Rust: Remove accidentally commited expected files 2025-01-06 12:01:03 +01:00
Simon Friis Vindum
5c64a8c948 Rust: Accept expected changes and fix other CI complaints 2025-01-03 16:38:11 +01:00
Simon Friis Vindum
cd957ba63b Rust: Add models for functions used inside format! macro 2025-01-03 14:09:23 +01:00
Simon Friis Vindum
0d19fb6040 Rust: Add taint from children of format_args to format_args 2025-01-03 14:06:47 +01:00
Simon Friis Vindum
2ef9339d00 Rust: Generate CFG node for FormatArgsArg 2025-01-03 13:58:25 +01:00
Simon Friis Vindum
42d125676e Rust: Value flow through macro calls 2025-01-03 13:47:29 +01:00
Simon Friis Vindum
f09632df58 Rust: Add data flow tests for macros and format_args 2025-01-03 13:28:19 +01:00
Paolo Tranquilli
f13d03b18c Rust: fix typo (thanks copilot!) 2024-12-20 14:18:36 +01:00
Paolo Tranquilli
485586f780 Rust: reinstate extraction of test code 
Users will still be able to opt out:
* for unit tests, by providing the `cargo_cfg_overrides=-test` extractor
  option
* for integration tests, by excluding the test files from the analysis
  using `paths-ignore` in the codescanning configuration file

We may want to revisit whether we want a single option for both. Also
further work will be needed to restrict our security queries to non-test
code on the QL side.
 2024-12-20 14:12:41 +01:00
Arthur Baars
2b2a37353b Merge pull request #18328 from github/redsun82/fix-cargo-fmt-checks 
CI: fix rust formatting
 2024-12-20 13:41:28 +01:00
Paolo Tranquilli
73a5a3f7ee Rust: support paths and paths-ignore from the code scanning configuration file 
This is done by simply adding the autobuilder from the shared
tree-sitter extractor library.
 2024-12-19 17:37:56 +01:00
Paolo Tranquilli
2e150772fd Merge branch 'main' into redsun82/fix-cargo-fmt-checks 2024-12-19 15:52:36 +01:00
Simon Friis Vindum
a28ddd642c Rust: Add variables example with let statement in macro 2024-12-19 13:12:45 +01:00
Paolo Tranquilli
df39610029 Rust: skip injected sources in clippy and fmt checks 2024-12-19 12:29:27 +01:00
Paolo Tranquilli
7f5b8fdcec Rust: remove clippy warnings 2024-12-19 12:22:40 +01:00
Paolo Tranquilli
290a1043b1 Rust: fetch ungram and rust-analyzer code instead of checking it in 
* The ungram file is now taken from the rust-analyzer dependencies
  pulled in by bazel
* the grammar parsing code is not published, so it must be taken
  directly from rust-analyzer code. That part should be less prone to be
  updated than the ungram file, so it does not necessarily need to be
  in sync with the rust-analyzer version is used elsewhere.
* both need some patches. The former is patched during build, the latter
  during loading in `MODULE.bazel`.
 2024-12-18 16:37:24 +01:00
Arthur Baars
023f48ff1c Merge pull request #18295 from github/aibaars/update-rust-ungram 
Rust: update rust-analyzer
 2024-12-18 16:01:50 +01:00
Simon Friis Vindum
508c7e6e85 Merge pull request #18314 from paldepind/rust-tuple-ref-patterns 
Rust: Add read steps for tuple and reference patterns
 2024-12-18 14:13:08 +01:00
Tom Hvitved
00688ebd79 Merge pull request #18312 from hvitved/rust/operator-overloading-test 
Rust: Add data flow tests for operator overloading
 2024-12-18 13:58:39 +01:00
Simon Friis Vindum
09fd27af80 Rust: Add read steps for tuple and reference patterns 2024-12-18 13:22:05 +01:00
Simon Friis Vindum
b5b8af3aa2 Rust: Add data flow tests for borrows 2024-12-18 13:00:38 +01:00
Arthur Baars
a6ec51a951 Rust: update expected output 2024-12-18 13:00:14 +01:00
Arthur Baars
71959f5faa Rust: address clippy warnings 2024-12-18 13:00:13 +01:00
Tom Hvitved
3a63dbcd5d Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-12-18 12:46:11 +01:00
Simon Friis Vindum
049fab4c72 Rust: Remove taint steps 2024-12-18 11:22:56 +01:00
Tom Hvitved
025a67384f Rust: Add data flow tests for operator overloading 2024-12-18 09:26:17 +01:00
Simon Friis Vindum
c1e21974c6 Rust: Address review comments 2024-12-17 17:24:42 +01:00
Simon Friis Vindum
d8c301a96b Merge branch 'main' into rust-data-flow-models 2024-12-17 16:09:59 +01:00
Arthur Baars
23e6a825aa Rust: fix QL code 2024-12-17 14:07:48 +01:00
Arthur Baars
029e2604a3 Rust: //rust/codegen 2024-12-17 14:07:44 +01:00
Arthur Baars
c13e173681 Rust: fix codegeneration for AsmOptions 2024-12-17 14:05:53 +01:00
Arthur Baars
8e7eedc172 Update codegen/grammar 2024-12-17 14:05:50 +01:00
Arthur Baars
3928efe05f Rust: update rust.ungram 2024-12-17 14:05:12 +01:00
Tom Hvitved
8efd870192 Merge pull request #18292 from hvitved/rust/never-skip-lhs 
Rust: Never skip assignment LHS in data flow
 2024-12-17 13:18:17 +01:00
Tom Hvitved
d8c05b5388 Merge pull request #18290 from hvitved/rust/perf-fixes 
Rust: Fix two bad joins
 2024-12-17 13:18:05 +01:00
Simon Friis Vindum
ee87d4c948 Merge branch 'main' into rust-data-flow-models 2024-12-17 13:12:32 +01:00
Simon Friis Vindum
402d4e11c4 Rust: Re-add inline expectations query tags 2024-12-16 16:36:30 +01:00
Tom Hvitved
ddd05b5d1b Rust: Never skip match scrutinee/patterns in data flow 2024-12-16 15:12:16 +01:00
Tom Hvitved
9f2b436d35 Rust: Never skip assignment LHS in data flow 2024-12-16 15:12:15 +01:00
Paolo Tranquilli
4975e7b739 Merge branch 'main' into redsun82/extract-self-param-ref 2024-12-16 15:06:16 +01:00
Tom Hvitved
5ed03e266a Rust: Fix semantic merge conflicts 2024-12-16 14:47:13 +01:00
Paolo Tranquilli
4c4a8d7619 Rust: extract isRef for SelfParam 2024-12-16 14:24:56 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Simon Friis Vindum
cad4f39aee Rust: Database name capitalization 2024-12-16 13:15:42 +01:00
Simon Friis Vindum
defbbb2a24 Rust: Add additional models for stdlib and sqlx 2024-12-16 11:46:57 +01:00
Simon Friis Vindum
aab3428bc7 Rust: Model address-of and dereference as stores and loads 2024-12-16 11:31:15 +01:00
Simon Friis Vindum
df0375103c Rust: Add data flow tests 2024-12-16 11:09:22 +01:00
Tom Hvitved
aabcc108dd Rust: Fix bad join 
```
[2024-12-16 10:10:36] (247s) Tuple counts for DataFlowImpl::RustDataFlow::storeStep/3#98e80e57/3@0618fdm6 after 3m8s:
                      33711       ~0%        {3} r1 = SCAN `DataFlowImpl::VariableCapture::storeStep/3#cb0fdcf6` OUTPUT In.1, In.0 'node1', In.2 'node2'
                      33711       ~6%        {3}    | JOIN WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.1 'node1', Rhs.1 'cs', Lhs.2 'node2'

                      0           ~0%        {3} r2 = JOIN `FlowSummaryImpl::Private::Steps::summaryStoreStep/3#2c853d0d` WITH DataFlowImpl::TFlowSummaryNode#2b28ecb7 ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node1'
                      0           ~0%        {3}    | JOIN WITH DataFlowImpl::TFlowSummaryNode#2b28ecb7 ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node1'

                      1554        ~0%        {3} r3 = JOIN _DataFlowImpl::TExprNode#83a34c2e__DataFlowImpl::TArrayElement#b9fb9b7b_DataFlowImpl::TSingletonCont__#shared WITH `CfgNodes::ArrayRepeatExprCfgNode.getRepeatOperand/0#dispred#b264e402_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node1'
                      1554        ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      870         ~2%        {3} r4 = SCAN `DataFlowImpl::RustDataFlow::tupleAssignment/3#bf3c8690` OUTPUT In.2, In.0 'node1', In.1
                      870         ~0%        {3}    | JOIN WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.2, Rhs.1 'cs', Lhs.1 'node1'
                      870         ~0%        {3}    | JOIN WITH `DataFlowImpl::Node::PostUpdateNode.getPreUpdateNode/0#dispred#53daedc2_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      40037       ~4%        {3} r5 = JOIN _DataFlowImpl::TExprNode#83a34c2e__DataFlowImpl::TArrayElement#b9fb9b7b_DataFlowImpl::TSingletonCont__#shared WITH `CfgNodes::ArrayExprCfgNode.getAnExpr/0#dispred#9d00a6f1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node1'
                      36929       ~4%        {3}    | JOIN WITH CfgNodes::ArrayListExprCfgNode#07eee614 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'cs', Lhs.2 'node1'
                      36929       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      14          ~0%        {2} r6 = JOIN DataFlowImpl::TTuplePositionContent#f1d90606_10#join_rhs WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'cs'
                      47949       ~0%        {3}    | JOIN WITH `CfgNodes::TupleExprCfgNode.getField/1#dispred#9f7c9c63_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Rhs.2
                      47949       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      47949       ~2%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      59801       ~0%        {3} r7 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TVariantPositionContent#ca6baca0_201#join__#shared WITH `DataFlowImpl::RustDataFlow::tupleVariantConstruction/2#10613c55_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      45509       ~0%        {3}    | JOIN WITH CfgNodes::CallExprCfgNode#9c2a4686_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      45509       ~2%        {4}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      45509       ~0%        {3}    | JOIN WITH `CfgNodes::CallExprBaseCfgNode.getArgument/1#dispred#9ebb27c0` ON FIRST 2 OUTPUT Rhs.2, Lhs.2 'cs', Lhs.3 'node2'
                      45509       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      75147       ~1%        {3} r8 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TStructFieldContent#1d6d7b05_201#join_rhs#shared WITH `DataFlowImpl::RustDataFlow::structConstruction/2#a9656db0_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      59186       ~3%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getRecordExpr/0#dispred#659ad1af_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2

                      5641        ~2%        {3} r9 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TVariantFieldContent#4e05bcf1_201#join_rh__#shared WITH `DataFlowImpl::RustDataFlow::recordVariantConstruction/2#34b016f6_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      5268        ~0%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getRecordExpr/0#dispred#659ad1af_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2

                      64454       ~1%        {3} r10 = r8 UNION r9
                      64454       ~0%        {4}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      25923       ~0%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getFieldExpr/1#d72dca6e` ON FIRST 2 OUTPUT Rhs.2, Lhs.2 'cs', Lhs.3 'node2'
                      25923       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      67759289500 ~251%      {4} r11 = JOIN DataFlowImpl::TSingletonContentSet#9b15eaba WITH DataFlowImpl::TExprNode#83a34c2e CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1 'cs', Rhs.0, Rhs.1 'node2'
                      3568000     ~1488%     {3}    | JOIN WITH DataFlowImpl::TArrayElement#b9fb9b7b ON FIRST 1 OUTPUT Lhs.3, Lhs.1 'cs', Lhs.2
                      1223000     ~1291%     {3}    | JOIN WITH `DataFlowImpl::Node::PostUpdateNode.getPreUpdateNode/0#dispred#53daedc2_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      11500       ~0%        {3}    | JOIN WITH `CfgNodes::IndexExprCfgNode.getBase/0#dispred#19aba7d8_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      1000        ~3%        {3}    | JOIN WITH `CfgNodes::BinaryExprCfgNode.getLhs/0#dispred#bd1c02e7_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      500         ~3%        {3}    | JOIN WITH CfgNodes::AssignmentExprCfgNode#a9a5c022 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'cs', Lhs.2 'node2'
                      0           ~0%        {3}    | JOIN WITH `CfgNodes::BinaryExprCfgNode.getRhs/0#dispred#4a1146e4` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      0           ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      192445      ~1%        {3} r12 = r1 UNION r2 UNION r3 UNION r4 UNION r5 UNION r6 UNION r7 UNION r10 UNION r11
                                             return r12
```
 2024-12-16 10:20:30 +01:00
Tom Hvitved
2d16b5276d Rust: Fix bad join 
```
Evaluated relational algebra for predicate DataFlowImpl::RustDataFlow::pathResolveToVariantCanonicalPath/2#dc73aca0@34414869 with tuple counts:
          422639   ~3%    {3} r1 = JOIN `DataFlowImpl::resolveExtendedCanonicalPath/3#0454a346` WITH Synth::Synth::TPathAstNode#a7913307 ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
        73033499   ~7%    {6}    | JOIN WITH DataFlowImpl::MkVariantCanonicalPath#ab1ecb00 ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.3, _, Rhs.1, Rhs.2
                          {4}    | REWRITE WITH Tmp.3 := "::", Out.3 := (In.4 ++ Tmp.3 ++ In.5), TEST Out.3 = InOut.1 KEEPING 4
          170993   ~1%    {2}    | SCAN OUTPUT In.0, In.2
                          return r1
```
 2024-12-16 10:20:01 +01:00
Simon Friis Vindum
31717524f0 Merge pull request #18270 from paldepind/rust-captured-variables 
Rust: Flow through captured variables
 2024-12-16 10:08:53 +01:00