hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4731 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Erik Krogh Kristensen
536d226a6b fix bad CP in the charPred for CipherOperation 2022-06-01 23:36:11 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
thiggy1342
09f082081f Simple tests passing 2022-05-28 23:29:58 +00:00
thiggy1342
39baadbdd2 test ql packs must be in the security directory 2022-05-28 23:19:32 +00:00
Adam Thigpen
52ac93b82e adding skeleton for experimental unit tests 2022-05-28 15:14:42 -04:00
Adam Thigpen
a37443106b reduce false positives with some sanitizers 2022-05-28 15:14:42 -04:00
Adam Thigpen
2bf160c008 initial draft of decompression-api query 2022-05-28 15:14:32 -04:00
Alex Ford
5d4473bb2a Merge pull request #8845 from alexrford/ruby/rbi-lib 
Ruby: Add partial support for working with RBI (Ruby Interface) files
 2022-05-27 11:43:44 +01:00
Alex Ford
919555d168 Merge pull request #9341 from alexrford/ruby/activerecordinstance-public 
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
 2022-05-27 11:21:58 +01:00
Arthur Baars
e3ef258b0e Merge pull request #9287 from aibaars/instance-variable-flow-2 
Ruby: flow through getters/setters
 2022-05-27 10:49:20 +02:00
Alex Ford
30f24697b4 Ruby: add missing qldoc 2022-05-26 18:50:57 +01:00
Alex Ford
4e0e4f9b5b Ruby: make ActiveRecordInstance public 2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f Ruby: fix some misidentification of ActiveRecordModelInstantiations 2022-05-26 17:54:01 +01:00
Harry Maclean
c80a06a6d8 Ruby: Simplify posix-spawn modeling 2022-05-26 14:29:04 +01:00
Harry Maclean
ee827604f7 Ruby: Model the posix-spawn gem 
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
 2022-05-26 14:16:08 +01:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Tom Hvitved
47051ec8c9 Merge pull request #9320 from hvitved/ruby/hash-splat-flow 
Ruby: Flow through hash-splat parameters
 2022-05-25 19:31:09 +02:00
Nick Rolfe
385e442f7f Ruby: fix spelling errors 2022-05-25 16:38:48 +01:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
af428a1ac2 Address comments 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00
Tom Hvitved
ce4959287a Ruby: Flow through hash-splat expressions 2022-05-25 15:40:08 +02:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
Tom Hvitved
3d072abcff Data flow: Fix bad join in prohibitsUseUseFlow 
Before
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@fdf8bdrq:
              6099   ~0%    {2} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.2, In.0
         787252695   ~2%    {3} r2 = JOIN r1 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, true, Lhs.1
        5360462712   ~0%    {4} r3 = JOIN r2 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_021#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, true, Lhs.0
              7132   ~2%    {2} r4 = JOIN r3 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb ON FIRST 3 OUTPUT Lhs.0, Lhs.3

              5869  ~25%    {1} r5 = JOIN r4 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              1263   ~9%    {1} r6 = JOIN r4 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              7132  ~52%    {1} r7 = r5 UNION r6
             29593  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                            return r8
```

After
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@aa7a37lj:
         6099   ~4%    {3} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.0, true, In.2
         8434   ~5%    {2} r2 = JOIN r1 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2

         5869   ~5%    {3} r3 = JOIN r2 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         1278   ~6%    {3} r4 = JOIN r2 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         7147   ~6%    {3} r5 = r3 UNION r4
         7147  ~57%    {2} r6 = JOIN r5 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
         5892  ~26%    {1} r7 = JOIN r6 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff ON FIRST 2 OUTPUT Lhs.0
        29589  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                       return r8
```
 2022-05-25 14:21:22 +02:00
Tom Hvitved
a7b39ebeca Ruby: Flow through hash-splat parameters 2022-05-25 12:37:22 +02:00
Nick Rolfe
134cf4e0e1 Ruby: tweak join order in API::Impl::edge 2022-05-25 10:54:43 +01:00
Rasmus Wriedt Larsen
f7e58a9335 Ruby: Apply nomagic on parameterMatch instead 2022-05-25 10:07:02 +02:00
Anders Schack-Mulligen
673355df65 Fix markdown lists 2022-05-25 10:02:48 +02:00
Rasmus Wriedt Larsen
0bf0e0e16c Revert "Ruby: Fix performance for argumentPositionMatch" 
as requested to use a different performance fix

and

Revert "Dataflow: Sync `DataFlowImplCommon`"

This reverts commit c9a833fc07
This reverts commit 911ddb9b2c.
 2022-05-25 09:56:10 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Rasmus Wriedt Larsen
ae65af2c07 Ruby: Fix Argument[any] in Hash.qll 
With this PR, `self` have to be explicitly added. A few edges were
removed, and I don't know why. It doesn't seem to affect results, so I
did not worry too much.
 2022-05-24 18:09:52 +02:00
Rasmus Wriedt Larsen
04ac466189 Merge branch 'main' into ruby-mad-argument-self 2022-05-24 18:04:02 +02:00
Rasmus Wriedt Larsen
c9a833fc07 Ruby: Fix performance for argumentPositionMatch 
before

[2022-05-24 17:29:07] (50s) Tuple counts for DataFlowImplCommon::argumentPositionMatch#4f8df883#fff/3@03b4073c after 35.8s:
                      156250456 ~2%     {4} r1 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff CARTESIAN PRODUCT OUTPUT Rhs.2, Lhs.0 'ppos', Rhs.0, Rhs.1 'call'

                      0         ~0%     {3} r2 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyKeywordArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call'
                      0         ~0%     {3} r3 = JOIN r2 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2 'call', Lhs.1 'arg', Lhs.0 'ppos'

                      156250456 ~2%     {4} r4 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff CARTESIAN PRODUCT OUTPUT Lhs.0 'ppos', Rhs.0, Rhs.1 'call', Rhs.2

                      252424    ~0%     {4} r5 = JOIN r4 WITH DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      121009    ~0%     {3} r6 = JOIN r5 WITH DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      121009    ~0%     {3} r7 = r3 UNION r6

                      252424    ~0%     {4} r8 = JOIN r4 WITH DataFlowDispatch::Cached::TBlockParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      11764     ~5%     {3} r9 = JOIN r8 WITH DataFlowDispatch::Cached::TBlockArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      252424    ~2%     {4} r10 = JOIN r4 WITH DataFlowDispatch::Cached::TAnyKeywordParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      20865     ~2%     {3} r11 = JOIN r10 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      32629     ~4%     {3} r12 = r9 UNION r11
                      153638    ~4%     {3} r13 = r7 UNION r12

                      252424    ~1%     {4} r14 = JOIN r4 WITH DataFlowDispatch::Cached::TAnyParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call', Lhs.3
                      131415    ~0%     {4} r15 = r14 AND NOT DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f(Lhs.3)
                      131415    ~0%     {3} r16 = SCAN r15 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      0         ~0%     {4} r17 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call', Lhs.0
                      0         ~0%     {4} r18 = r17 AND NOT DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f(Lhs.0 'ppos')
                      0         ~0%     {3} r19 = SCAN r18 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      131415    ~0%     {3} r20 = r16 UNION r19

                      5553328   ~5%     {5} r21 = JOIN r4 WITH DataFlowDispatch::Cached::TPositionalParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      98201     ~0%     {3} r22 = JOIN r21 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.4 'call', Lhs.3 'arg', Lhs.2 'ppos'

                      149435008 ~0%     {5} r23 = JOIN r4 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      17930     ~3%     {3} r24 = JOIN r23 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.4 'call', Lhs.3 'arg', Lhs.2 'ppos'

                      252424    ~0%     {5} r25 = JOIN r4 WITH DataFlowDispatch::Cached::TPositionalParameterLowerBoundPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call', Rhs.1
                      98786     ~0%     {6} r26 = JOIN r25 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call', Lhs.0, Lhs.4, Rhs.1
                      98786     ~0%     {6} r27 = SELECT r26 ON In.5 >= In.4
                      98786     ~3%     {3} r28 = SCAN r27 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      116716    ~0%     {3} r29 = r24 UNION r28
                      214917    ~0%     {3} r30 = r22 UNION r29
                      346332    ~0%     {3} r31 = r20 UNION r30
                      499970    ~1%     {3} r32 = r13 UNION r31
                                        return r32

now

[2022-05-24 17:26:06] (14s) Tuple counts for DataFlowImplCommon::argumentPositionMatch#4f8df883#fff/3@97d3444p after 149ms:
                      1000304 ~9%     {2} r1 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowDispatch::Cached::TArgumentPosition#36b84300#f CARTESIAN PRODUCT OUTPUT Lhs.0 'ppos', Rhs.0

                      1616    ~0%     {2} r2 = JOIN r1 WITH DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1       ~0%     {2} r3 = JOIN r2 WITH DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      1616    ~5%     {2} r4 = JOIN r1 WITH DataFlowDispatch::Cached::TBlockParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1       ~0%     {2} r5 = JOIN r4 WITH DataFlowDispatch::Cached::TBlockArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      2       ~0%     {2} r6 = r3 UNION r5

                      1616    ~0%     {2} r7 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyKeywordParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1533    ~0%     {2} r8 = JOIN r7 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      1000304 ~0%     {2} r9 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowDispatch::Cached::TArgumentPosition#36b84300#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'ppos'

                      619     ~0%     {2} r10 = JOIN r9 WITH DataFlowDispatch::Cached::TAnyKeywordArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0
                      592     ~0%     {2} r11 = JOIN r10 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'

                      2125    ~1%     {2} r12 = r8 UNION r11
                      2127    ~1%     {2} r13 = r6 UNION r12

                      1616    ~0%     {2} r14 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0 'ppos', Lhs.1
                      1615    ~0%     {2} r15 = r14 AND NOT DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f(Lhs.1)
                      1615    ~2%     {2} r16 = SCAN r15 OUTPUT In.1, In.0 'ppos'

                      619     ~0%     {2} r17 = JOIN r9 WITH DataFlowDispatch::Cached::TAnyArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0
                      618     ~0%     {2} r18 = r17 AND NOT DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f(Lhs.0 'ppos')
                      618     ~0%     {2} r19 = SCAN r18 OUTPUT In.1, In.0 'ppos'

                      2233    ~0%     {2} r20 = r16 UNION r19

                      35552   ~0%     {3} r21 = JOIN r1 WITH DataFlowDispatch::Cached::TPositionalParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 'ppos'
                      22      ~0%     {2} r22 = JOIN r21 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.1, Lhs.2 'ppos'

                      956672  ~0%     {3} r23 = JOIN r1 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 'ppos'
                      592     ~0%     {2} r24 = JOIN r23 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.1, Lhs.2 'ppos'

                      1616    ~0%     {3} r25 = JOIN r1 WITH DataFlowDispatch::Cached::TPositionalParameterLowerBoundPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos', Rhs.1
                      79      ~0%     {4} r26 = JOIN r25 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0, Lhs.2, Rhs.1
                      79      ~0%     {4} r27 = SELECT r26 ON In.3 >= In.2
                      79      ~1%     {2} r28 = SCAN r27 OUTPUT In.1, In.0 'ppos'

                      671     ~0%     {2} r29 = r24 UNION r28
                      693     ~0%     {2} r30 = r22 UNION r29
                      2926    ~0%     {2} r31 = r20 UNION r30
                      5053    ~0%     {2} r32 = r13 UNION r31
                      499970  ~6%     {3} r33 = JOIN r32 WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2 'call', Rhs.1 'arg', Lhs.1 'ppos'
                                      return r33
 2022-05-24 17:31:36 +02:00
Nick Rolfe
dd52a70454 Merge pull request #9292 from github/nickrolfe/cfg_scope 
Ruby: rename CfgScope::Range_ to CfgScopeImpl
 2022-05-24 15:53:16 +01:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix 
C#: Summarized callable
 2022-05-24 16:36:44 +02:00
Nick Rolfe
4b4a15c1b6 Ruby: rename CfgScope::Range_ to CfgScopeImpl 2022-05-24 14:34:44 +01:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Tom Hvitved
1ae8087379 Update ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-05-24 14:27:59 +02:00
Tom Hvitved
daf81ae90d Address review comments 2022-05-24 14:27:59 +02:00
Tom Hvitved
ab46c075f7 Ruby: Add change note 2022-05-24 14:27:58 +02:00
Tom Hvitved
63c70b9e7a Address review comments 2022-05-24 14:27:58 +02:00
Tom Hvitved
faf24a4f18 Ruby: Data-flow through hashes 2022-05-24 14:27:55 +02:00
Harry Maclean
334c43a2b7 Ruby: Add tests for ActiveSupport modelling 2022-05-24 09:35:26 +01:00
Harry Maclean
deff24e8e0 Fix singleton set literal 2022-05-24 09:35:26 +01:00