hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

571 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
db6d27bd2b C++: Count return dispatch based on 2nd level scopes. 2024-04-15 15:13:08 +02:00
Anders Schack-Mulligen
b87b8329a0 Dataflow: Use default fieldFlowBranchLimit in qltests. 2024-04-15 15:13:03 +02:00
Anders Schack-Mulligen
f945687a93 Dataflow: Simplify branch and join. 2024-04-15 15:13:01 +02:00
Anders Schack-Mulligen
82afbbc17b Dataflow: Adjust fieldFlowBranchLimit count (block less) and adjust return edge condition (block more) 2024-04-15 15:12:58 +02:00
Anders Schack-Mulligen
1389c7220b Dataflow: Amend change note. 2024-04-15 14:35:39 +02:00
Anders Schack-Mulligen
b4e23d9487 Dataflow: Address review comments 2024-04-12 09:20:45 +02:00
Anders Schack-Mulligen
31a86574bb Dataflow: Add change note. 2024-04-12 09:20:42 +02:00
Anders Schack-Mulligen
2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Tom Hvitved
5f8eb7b138 Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content 
Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`
 2024-04-09 11:26:24 +02:00
Tom Hvitved
79440f6734 Data flow: Fix bad join 
```
Evaluated relational algebra for predicate DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::storeEx/5#34133ef9@0425e0m7 with tuple counts:
           2209132     ~1%    {6} r1 = SCAN `DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::storeExUnrestricted/5#3a86a98e` OUTPUT In.1, In.0, In.1, In.2, In.3, In.4
        4338565685     ~1%    {6}    | JOIN WITH `DataFlowPublic::ContentSet.getAReadContent/0#dispred#e4acf74e_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
          34811200  ~1428%    {5}    | JOIN WITH `project#DataFlowImpl::Impl<PolynomialReDoSQuery::PolynomialReDoSFlow::C>::readSetEx/3#35ac556a` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                              return r1
```
 2024-04-04 10:02:02 +02:00
Tom Hvitved
7871fb8ce6 Data flow: Block flow at expectsContents nodes in parameterValueFlow 2024-04-03 15:19:34 +02:00
Tom Hvitved
550e251d68 Data flow: Do not require stores to have matching reads in flow exploration 2024-04-03 13:28:24 +02:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved
ee3e38f0eb Simplify test interface in FlowSummaryImpl.qll 2024-03-19 14:35:00 +01:00
Michael Nebel
5b37ee4ec7 Re-factor TestOutput into a param module. 2024-03-19 14:20:42 +01:00
Michael Nebel
90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved
0cecbf5239 Update 2024-02-28-hidden-subpaths.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-18 15:36:01 +01:00
Tom Hvitved
7a3b8ebb3a Address review comments 2024-03-18 14:49:35 +01:00
Tom Hvitved
40089e8088 Add change note 2024-03-18 14:49:35 +01:00
Tom Hvitved
d7c9bfa08b Data flow: Account for hidden subpath wrappers 2024-03-18 14:47:11 +01:00
Tom Hvitved
d83500de5d Address review comments 2024-03-18 14:24:07 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Tom Hvitved
d7790faece Address review comments 2024-03-12 13:34:55 +01:00
Tom Hvitved
0e0b73a5e6 Address review comment 2024-03-12 11:22:04 +01:00
Tom Hvitved
e82e3180f0 Data flow: Replace hasLocationInfo with getLocation 2024-03-11 20:56:38 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Tom Hvitved
63bb772ef9 Variable capture: Avoid overlapping and false-positive data flow paths 2024-03-08 10:00:42 +01:00
Tom Hvitved
2896bfbd9f Merge pull request #15821 from hvitved/dataflow/clears-content-store 
Data flow: Allow for direct stores into nodes with `clearsContent`
 2024-03-08 09:59:29 +01:00
Tom Hvitved
76564edc93 Address review comment 2024-03-07 16:50:28 +01:00
Geoffrey White
b71b43a2fb Merge pull request #15705 from geoffw0/qldoc3 
Shared: Fill some QLDoc holes
 2024-03-07 14:12:51 +00:00
Tom Hvitved
22b168beee Data flow: Allow for direct stores into nodes with clearsContent 2024-03-07 12:47:12 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Anders Schack-Mulligen
caa45058ae Dataflow: Improve join-order. 
Join with the functional getApprox before filtering with revFlow as this
is always better.
 2024-03-06 11:29:08 +01:00
Anders Schack-Mulligen
55e6255e05 Dataflow: Extend the first join to also include argApa. 
Improves from
2024-03-04 13:29:20] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 in 126ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@6dd478n9 with tuple counts:
              1  ~0%    {2} r1 = SCAN `DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::TAccessPathApproxNone#dom#04382804` OUTPUT _, _
              1  ~0%    {0}    | REWRITE WITH Tmp.0 := true, Tmp.1 := false, TEST Tmp.0 != Tmp.1 KEEPING 0
          83798  ~0%    {4}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/8#ffafcf14` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.3, Rhs.1, Rhs.2
        4044102  ~3%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2013#join_rhs` ON FIRST 1 OUTPUT Rhs.2, Lhs.2, Lhs.3, Rhs.3, Lhs.1, Lhs.0, Rhs.1
         398332  ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
         398332  ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
to
[2024-03-04 15:20:26] Evaluated non-recursive predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u in 35ms (size: 398332).
Evaluated relational algebra for predicate DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowThroughIntoCall/6#b44155c7@97bd358u with tuple counts:
         83798   ~0%    {7} r1 = SCAN `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::returnFlowsThrough/9#53894c55` OUTPUT In.0, In.1, In.2, In.3, In.4, _, _
                        {5}    | REWRITE WITH Tmp.5 := true, Tmp.6 := false, TEST Tmp.5 != Tmp.6 KEEPING 5
         83798   ~3%    {5}    | SCAN OUTPUT In.0, In.3, In.4, In.1, In.2
        416847   ~2%    {7}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::flowIntoCallApaTaken/6#d989a8d1#cpe#12346_2301#join_rhs` ON FIRST 2 OUTPUT Rhs.3, Lhs.3, Lhs.4, Lhs.1, Lhs.2, Lhs.0, Rhs.2
        398332   ~3%    {6}    | JOIN WITH `project#DataFlowImpl::Impl<TaintedPath::TaintedPath::C>::Stage5::fwdFlow/9#00ae2fc8#2` ON FIRST 4 OUTPUT Lhs.6, Lhs.0, Lhs.5, _, Lhs.2, Lhs.4
        398332   ~1%    {6}    | REWRITE WITH Out.3 := true
                        return r1
 2024-03-06 11:29:08 +01:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Tom Hvitved
d5c34264ad Data flow: Prune call-context sensitivity relations 2024-03-05 10:44:12 +01:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00