hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

1251 Commits

Author SHA1 Message Date
github-actions[bot]
573e53e454 Release preparation for version 2.20.4 2025-02-03 15:19:35 +00:00
Tom Hvitved
cd1ff6a176 Rust: Fix a bad join 
Before
```
[2025-01-31 14:40:10] Evaluated non-recursive predicate SsaImpl::capturedCallRead/4#1f9b0af4@6f60dcog in 10553ms (size: 372366).
Evaluated relational algebra for predicate SsaImpl::capturedCallRead/4#1f9b0af4@6f60dcog with tuple counts:
        1992868487   ~4%    {6} r1 = JOIN `_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#shared` WITH `SsaImpl::variableWriteInOuterScope/4#aca2ef34` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1, Rhs.2, Rhs.3
                            {6}    | REWRITE WITH TEST InOut.3 < InOut.2
         998449075   ~0%    {5}    | SCAN OUTPUT In.4, In.5, In.0, In.1, In.2

          12205909   ~1%    {4} r2 = JOIN `_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#shared` WITH `boundedFastTC:BasicBlocks::BasicBlock.getAPredecessor/0#dispred#268ed41b:_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#higher_order_body` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
          34440992   ~9%    {5}    | JOIN WITH `project#SsaImpl::variableWriteInOuterScope/4#aca2ef34` ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.1, Lhs.2, Lhs.3

        1032890067   ~0%    {5} r3 = r1 UNION r2
            680217  ~74%    {4}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0
                            return r3
```

After
```
[2025-01-31 14:43:05] Evaluated non-recursive predicate SsaImpl::capturedCallRead/4#1f9b0af4@15fdf34h in 74ms (size: 373835).
Evaluated relational algebra for predicate SsaImpl::capturedCallRead/4#1f9b0af4@15fdf34h with tuple counts:
        1106129   ~0%    {3} r1 = SCAN `project#SsaImpl::variableWriteInOuterScope/4#aca2ef34` OUTPUT In.1, In.2, In.0
          25209  ~20%    {2}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.0
         339364   ~6%    {2}    | JOIN WITH `boundedFastTC:BasicBlocks::BasicBlock.getAPredecessor/0#dispred#268ed41b_10#higher_order_body:_SsaImpl::hasCapturedRead/2#847e9f91_project#SsaImpl::variableWriteInOuterScope/4#aca2ef34#higher_order_body` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2095088   ~0%    {4}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 1 OUTPUT Lhs.0, Rhs.1, Rhs.2, Lhs.1

        1121531   ~0%    {4} r2 = SCAN `SsaImpl::variableWriteInOuterScope/4#aca2ef34` OUTPUT In.2, In.3, In.0, In.1
          25820  ~22%    {3}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Lhs.3
         505208   ~1%    {5}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1, Rhs.2
                         {5}    | REWRITE WITH TEST InOut.2 < InOut.3
         344294   ~6%    {4}    | SCAN OUTPUT In.1, In.3, In.4, In.0

        2439382   ~0%    {4} r3 = r1 UNION r2
        2434485   ~7%    {4}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 3 OUTPUT Lhs.2, Lhs.3, Lhs.0, Lhs.1
        2393182   ~3%    {4}    | JOIN WITH ControlFlowGraphImpl::CfgImpl::Cached::TAstNode#8f9a3aff_31#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
         380879   ~0%    {4}    | JOIN WITH `SsaImpl::isControlFlowJump/1#c535656e` ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.1
                         return r3
```
 2025-01-31 14:45:36 +01:00
Tom Hvitved
1cb524f76f Rust: Remove useTreeIsGlobImport workaround 2025-01-31 10:10:58 +01:00
Tom Hvitved
9d06f80902 Rust: Elaborate QL doc on PathResolution.qll 2025-01-31 10:10:57 +01:00
Tom Hvitved
8eb5792f3b Address review comments 2025-01-31 10:10:55 +01:00
Tom Hvitved
1f6d39f520 Rust: Rename modules test to path-resolution 2025-01-31 10:07:10 +01:00
Tom Hvitved
0aee2e6fb2 Rust: Implement path resolution in QL 2025-01-31 10:07:08 +01:00
Arthur Baars
54efb0a4a6 Merge pull request #18611 from github/aibaars/use-tree-star 
Rust: add UseTree::is_star
 2025-01-29 14:42:03 +01:00
Geoffrey White
919e7978cd Rust: Add PrettyPrintModels.ql to the test. I gather this stabilized the output MaD IDs. 2025-01-28 16:23:20 +00:00
Arthur Baars
8d96c87abe Rust: add UseTree::is_star 2025-01-28 16:12:25 +01:00
Tom Hvitved
8b82eaa633 Rust: Fix data flow through callbacks passed to library functions 2025-01-28 13:44:27 +01:00
Geoffrey White
f2564c351f Rust: Changes to other tests - mostly MaD IDs :(. 2025-01-28 09:22:30 +00:00
Geoffrey White
dfd1865b96 Rust: Add some basic flow models. 2025-01-28 08:47:15 +00:00
Geoffrey White
9d42be8305 Rust: Alphabetize lang-core.model.yml. 2025-01-28 08:47:14 +00:00
Geoffrey White
c04d619a3c Rust: Add a couple of extra data flow test cases. 2025-01-28 08:47:13 +00:00
Geoffrey White
185a23b3c6 Rust: Allow implicit flow out of content at the test sinks, so that we see our results. 2025-01-28 08:43:06 +00:00
Geoffrey White
a1980d4d08 Rust: Make sources more accurate (Option / Result contents). 2025-01-28 08:43:05 +00:00
Geoffrey White
fd9fb10bb9 Rust: Accept changes from fixing the ]. 2025-01-27 22:50:09 +00:00
Geoffrey White
494d8f2da0 Rust: Update MaD IDs for an unrelated test. :( 2025-01-27 22:22:41 +00:00
Geoffrey White
9d6a13cec2 Rust: Accept improved results for rust/sql-injection. Note that the lost annotations are only sources, not results, and I suspect will return when we have sufficient flow in these cases. 2025-01-27 22:22:38 +00:00
Geoffrey White
9ea9f3ae19 Update rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-01-27 21:09:21 +00:00
Geoffrey White
7cf872baad Rust: Adjust the tests to work around test processing of /. 2025-01-27 21:00:08 +00:00
Geoffrey White
23ac35e5ca Rust: Model more Reqwest methods (.await still doesn't work though). 2025-01-27 20:52:31 +00:00
Geoffrey White
9583a2a7d3 Rust: Additional test cases for reqwest sources. 2025-01-27 20:42:35 +00:00
Geoffrey White
f32fd38f74 Merge pull request #18582 from geoffw0/logging 
Rust: Query for cleartext logging of sensitive information
 2025-01-27 10:37:17 +00:00
Geoffrey White
0a3d44c44e Rust: Re-apply suggested changes (I accidentally force-pushed them away). 2025-01-24 17:31:38 +00:00
Geoffrey White
117db8a9b2 Rust: Make the test runnable. 2025-01-24 17:22:42 +00:00
Simon Friis Vindum
c195840ec8 Rust: Add two additional control flow tests 2025-01-24 16:09:32 +01:00
Simon Friis Vindum
e13a7a224f Merge branch 'main' into shared-basic-block-library 2025-01-24 09:54:26 +01:00
Simon Friis Vindum
b84adec407 Merge pull request #18568 from paldepind/rust-container 
Rust: Change array element content type into a general collection element content type
 2025-01-24 09:40:46 +01:00
Simon Friis Vindum
e7ad091b0f Rust: Remove unnecessary characteristic predicate 2025-01-24 08:56:41 +01:00
Tom Hvitved
10f55133fe Merge pull request #18482 from hvitved/rust/nested-functions 
Rust: Take nested functions into account when resolving variables
 2025-01-24 08:41:34 +01:00
Geoffrey White
037d496a68 Rust: Fix some more tests (MaD ID changes and extraction consistency issues). 2025-01-23 19:14:28 +00:00
Geoffrey White
814118d3e8 Merge remote-tracking branch 'upstream/main' into logging 2025-01-23 19:04:25 +00:00
Geoffrey White
f5459d7ba8 Rust: Accept changes to integration test results. 2025-01-23 18:48:51 +00:00
Geoffrey White
44b9a1188b Rust: Another .qhelp fix. 2025-01-23 18:46:35 +00:00
Geoffrey White
951d1fc9e0 Rust: Add missing file. 2025-01-23 18:38:48 +00:00
Geoffrey White
d27a71eaaf Rust: Minor fixes. 2025-01-23 18:21:27 +00:00
Geoffrey White
55705232f6 Update rust/ql/src/queries/security/CWE-312/CleartextLoggingBad.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-01-23 18:18:05 +00:00
Geoffrey White
613a1656f3 Rust: Simplify QL slightly. 2025-01-23 18:13:59 +00:00
Geoffrey White
4214c837b8 Rust: Clean up the query message. 2025-01-23 18:03:25 +00:00
Geoffrey White
ccc124360e Rust: Add .qhelp and examples. 2025-01-23 17:46:04 +00:00
Geoffrey White
e70816727b Rust: Add the sinks to metrics. 2025-01-23 17:17:25 +00:00
Geoffrey White
59c3ac6f80 Rust: Allow flow through reference taking (&). 2025-01-23 17:17:07 +00:00
Geoffrey White
78c58aa5f1 Rust: Allow implicit taint reads from tuple contents at sinks. 2025-01-23 17:17:05 +00:00
Geoffrey White
64444940a6 Rust: Add taint sinks for target and key-value arguments. 2025-01-23 17:17:04 +00:00
Geoffrey White
2bbf493991 Rust: Model assert_failed. 2025-01-23 17:17:03 +00:00
Geoffrey White
484331c303 Rust: Model StdoutLock, StderrLock methods and String.as_bytes. 2025-01-23 17:17:02 +00:00
Geoffrey White
1d2950c70c Rust: Add some sinks. 2025-01-23 17:17:00 +00:00
Geoffrey White
4297d05c05 Rust: Implement the query. 2025-01-23 17:16:59 +00:00