hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

3071 Commits

Author SHA1 Message Date
Geoffrey White
83ec1d0254 Rust: Add the new query sinks to the Stats.qll import, so that they're reported correctly. 2025-08-05 20:20:40 +01:00
Geoffrey White
0d4f8765a6 Merge pull request #20167 from geoffw0/mdlcleanup 
Rust: Clean up some odds and ends
 2025-08-05 19:25:46 +01:00
Tom Hvitved
a396f9345e Rust: Remove restriction in PathTypeMention 2025-08-05 15:05:43 +02:00
Geoffrey White
c8e9ed3eda Merge branch 'main' into cleartextstorage 2025-08-05 12:44:55 +01:00
Paolo Tranquilli
27650267a1 Merge branch 'main' into redsun82/cargo-upgrade-2 2025-08-05 11:18:56 +02:00
Tom Hvitved
b426d84e1c Merge pull request #20164 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2025-08-05 09:55:51 +02:00
Geoffrey White
dcda6db88b Rust: Lets not try to maintain this list. 2025-08-04 19:51:34 +01:00
Geoffrey White
0a49b65887 Rust: Make the rust/cleartext-transmission alert message more consistent with similar queries. 2025-08-04 19:47:33 +01:00
Geoffrey White
6c024a5f9e Rust: Remove unnecessary pattern matching in cleartext logging query sinks (probably inherited from another query or language where it is used). 2025-08-04 19:28:40 +01:00
Geoffrey White
eab7481b97 Rust: Accept CWE-312 consistency check failures. 2025-08-04 18:26:09 +01:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
Geoffrey White
def655f994 Rust: Accept changes to the CWE-089 test (there are some duplicate results that an existing unmerged PR will address). 2025-08-04 17:15:48 +01:00
Chuan-kai Lin
4df1c12876 Minor CHANGELOG updates 2025-08-04 09:09:25 -07:00
Geoffrey White
b60faadf70 Rust: Change note. 2025-08-04 17:07:58 +01:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
Geoffrey White
836f797def Rust: Accept suite changes. 2025-08-04 16:43:21 +01:00
Tom Hvitved
651e1624a6 Rust: Fix bad join 
```
Evaluated relational algebra for predicate _Crate::Crate.getSourceFile/0#dispred#e7adf9d7_Crate::Generated::Crate.getName/0#dispred#f4d3b3bf_Pa__#join_rhs@5a04a7t0 with tuple counts:
        34471980   ~0%    {3} r1 = JOIN `PathResolution::isSourceFile/1#803de032` WITH `Crate::Crate.getSourceFile/0#dispred#e7adf9d7` CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Rhs.1
        34471980  ~37%    {4}    | JOIN WITH `Crate::Generated::Crate.getName/0#dispred#f4d3b3bf` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1, _
                          {3}    | REWRITE WITH NOT [Tmp.3 := "std", TEST InOut.2 != Tmp.3, Tmp.3 := "core", TEST InOut.2 != Tmp.3] KEEPING 3
           93420  ~91%    {3}    | SCAN OUTPUT In.1, _, In.0
           93420  ~87%    {3}    | REWRITE WITH Out.1 := "prelude"
                          return r1
```
 2025-08-04 17:33:26 +02:00
Tom Hvitved
65bf76e3ed Merge pull request #20161 from hvitved/rust/fix-bad-joins 
Rust: Fix two bad joins introduced by magic
 2025-08-04 17:32:54 +02:00
Geoffrey White
a86479eba9 Rust: Accept consistency check failures. 2025-08-04 16:26:41 +01:00
Geoffrey White
8b5603cf71 Merge pull request #20160 from geoffw0/exec 
Rust: Add type inference test cases resembling missing call targets in SQLx.
 2025-08-04 16:03:12 +01:00
Geoffrey White
e368ee4b1b Rust: Accept that sql-injection sinks are sinks for this query, and that the existing sinks created for this query are also new sql-injection sinks. 2025-08-04 15:23:04 +01:00
Geoffrey White
989b48d576 Rust: Add tests for rusqlite. 2025-08-04 15:00:06 +01:00
Geoffrey White
f1cb1a3f5a Rust: Add computed security-severity tag. 2025-08-04 13:41:16 +01:00
Tom Hvitved
125a4b9b10 Rust: Fix two bad joins introduced by magic 
```
Evaluated relational algebra for predicate TypeInference::closureParameterPath/2#9d0bf423#bbf@ba08cc1s with tuple counts:
           565067    ~172652%    {2} r1 = JOIN `Callable::Callable.getParam/1#dispred#ce0254b3_01#count_range` WITH `Callable::Generated::Callable.getNumberOfParams/0#dispred#abb45996` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            24684     ~11784%    {3}    | JOIN WITH Type::TTupleTypeParameter#5ca17706 ON FIRST 2 OUTPUT Rhs.2, Lhs.1, Lhs.0
             2970      ~1391%    {3}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
              664       ~242%    {4}    | JOIN WITH `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
              303        ~49%    {4}    | JOIN WITH Type::TDynTraitTypeParameter#e16268df ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
              198         ~0%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, _, _, Rhs.1, Lhs.3, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
              198         ~0%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
              198         ~0%    {3}    | SCAN OUTPUT In.1, In.0, In.2

           877984   ~1444714%    {1} r2 = SCAN `CallExprBase::CallExprBase.getArg/1#dispred#d775f13d` OUTPUT In.1
           299888     ~83707%    {3}    | JOIN WITH Type::TTupleTypeParameter#5ca17706_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Rhs.2
        515462762     ~59140%    {4}    | JOIN WITH `CallExprBase::Generated::CallExprBase.getNumberOfArgs/0#dispred#0975fe12_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
          9429188  ~25728933%    {3}    | JOIN WITH TypeInference::InvokedClosureExpr#24e5dacb_1#join_rhs ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2
            53669    ~142315%    {3}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
             4003     ~10522%    {4}    | JOIN WITH `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
              370       ~910%    {4}    | JOIN WITH Type::TDynTraitTypeParameter#e16268df ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
              148       ~293%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, _, _, Rhs.1, Lhs.3, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
              148       ~316%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
              148       ~293%    {3}    | SCAN OUTPUT In.1, In.0, In.2

              346        ~75%    {3} r3 = r1 UNION r2
                                 return r3
```

and

```
Evaluated relational algebra for predicate TypeInference::fnParameterPath/2#4dea2880#bbf@d56000vi with tuple counts:
                1         ~0%    {1} r1 = SCAN `Stdlib::FnOnceTrait.getTypeParam/0#dispred#93f20bbc` OUTPUT In.1
                1         ~0%    {1}    | JOIN WITH Type::TTypeParamTypeParameter#868c69a5 ON FIRST 1 OUTPUT Rhs.1
                1         ~0%    {1}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Rhs.1
           877984   ~1350201%    {2}    | JOIN WITH `ArgList::Generated::ArgList.getArg/1#dispred#b07adc80` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0
           321252     ~90755%    {4}    | JOIN WITH Type::TTupleTypeParameter#5ca17706_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Rhs.2
        553043191     ~65412%    {5}    | JOIN WITH `CallExprBase::Generated::CallExprBase.getNumberOfArgs/0#dispred#0975fe12_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3
         10089088  ~26772053%    {4}    | JOIN WITH TypeInference::InvokedClosureExpr#24e5dacb_1#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.1, Lhs.2, Lhs.3
            57729    ~157423%    {8}    | JOIN WITH `TypeInference::TypePath::singleton/1#ee45de3b` ON FIRST 1 OUTPUT Lhs.2, Lhs.3, _, _, Lhs.1, Rhs.1, _, _
                                 {4}    | REWRITE WITH Out.2 := (In.4 ++ In.5), Tmp.3 := (In.4 ++ In.5), Tmp.6 := "[0-9]+", Tmp.7 := "", Out.3 := regexpReplaceAll(Tmp.3,Tmp.6,Tmp.7) KEEPING 4
            57729    ~157423%    {6}    | SCAN OUTPUT In.0, In.1, In.2, _, In.3, _
                                 {4}    | REWRITE WITH Out.3 := length(In.4), Tmp.5 := 10, TEST Out.3 <= Tmp.5 KEEPING 4
            57729    ~157423%    {3}    | SCAN OUTPUT In.1, In.0, In.2
                                 return r1
```
 2025-08-04 14:22:50 +02:00
Simon Friis Vindum
3ba285c298 Rust: Implement certain type information for annotation and simple calls 2025-08-04 14:06:38 +02:00
Simon Friis Vindum
c3349bbb04 Rust: Add type inference example with cycle blowup 2025-08-04 14:06:37 +02:00
Geoffrey White
2ec6dafd18 Rust: Add a type inference test case resembling missing call targets in SQLx. 2025-08-04 10:21:59 +01:00
Geoffrey White
01d24c4f83 Merge branch 'main' into sqlx 2025-07-31 16:02:36 +01:00
Geoffrey White
58680c94bc Rust: Repair BadCtorInitialization.ql's StdCall using getCanonicalPath. 2025-07-31 13:28:56 +01:00
Simon Friis Vindum
abc58ac8b3 Rust: Add metric and debug predicates for type that reach the length limit 2025-07-31 14:20:32 +02:00
Geoffrey White
42ced8aa3d Rust: Add examples to tests. 2025-07-30 17:51:32 +01:00
Geoffrey White
b6e60e4087 Rust: Address small bugs in the test. 2025-07-30 17:51:31 +01:00
Geoffrey White
215fe7d0b3 Rust: Clean up the alert message. 2025-07-30 17:51:30 +01:00
Geoffrey White
e585e677c8 Rust: Add qhelp and examples. 2025-07-30 17:51:28 +01:00
Simon Friis Vindum
3bc1d47738 Merge pull request #20130 from paldepind/rust/type-inference-fn 
Rust: Implement type inference for closures and calls to closures
 2025-07-30 13:13:57 +02:00
Anders Schack-Mulligen
5ca9c090a8 Merge pull request #20132 from aschackmull/ssa/guardvalue 
SSA: Update data flow integration and BarrierGuard interface to use GuardValue.
 2025-07-30 12:23:17 +02:00
Geoffrey White
a3110a9091 Rust: Implement query. 2025-07-29 18:19:52 +01:00
Simon Friis Vindum
5b152cfdec Rust: Fix typo in change note 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-07-29 18:38:14 +02:00
Simon Friis Vindum
5540b9df71 Merge branch 'main' into rust/type-inference-fn 2025-07-29 16:43:17 +02:00
Geoffrey White
5c64d4e9b7 Rust: Query framework. 2025-07-28 16:59:01 +01:00
Geoffrey White
897822dff5 Rust: The Cargo.lock file has changed as well. 2025-07-28 16:55:43 +01:00
Geoffrey White
9972aaf6a1 Rust: Add tests cases for cleartext storage. 2025-07-28 16:12:34 +01:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Simon Friis Vindum
92bce4e432 Rust: Split getFunctionReturnPos into two predicates 2025-07-28 10:45:59 +02:00
Simon Friis Vindum
9761580b7e Merge branch 'main' into rust/type-inference-assoc-type-tp 2025-07-28 10:39:00 +02:00
Simon Friis Vindum
8e474c946e Rust: Add change note for type inference for closures 2025-07-28 10:27:33 +02:00
Simon Friis Vindum
2c758a9842 Rust: Add type inference for closures and calls to first-class functions 2025-07-27 21:28:10 +02:00
Simon Friis Vindum
8c6c28d61f Rust: Add type inference tests for closures 2025-07-27 21:16:30 +02:00
Simon Friis Vindum
13d9d8ad3f Merge pull request #20122 from paldepind/rust/type-inference-dyn-assoc 
Rust: Fix type inference for trait objects for traits with associated types
 2025-07-26 12:40:09 +02:00
Geoffrey White
4b947db0f8 Merge pull request #19804 from geoffw0/dotdot 
Rust: Update DotDotCheck to use getCanonicalPath
 2025-07-25 15:50:29 +01:00