hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,056 Commits 1,673 Branches 157 Tags
0e45c9982bc861c2c01ddc93070dc7061e8a810c
Commit Graph

8656 Commits

Author SHA1 Message Date
Jeroen Ketema
0e45c9982b C++: Introduce wrapper for the semantic range analysis mimicking the simple one 2023-03-10 13:30:24 +01:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
Mathias Vorreiter Pedersen
c7b41ca470 C++: Disable standard order for 'fwdFlow' in stage 1 of dataflow. 2023-03-09 10:41:06 +00:00
Mathias Vorreiter Pedersen
f19f7967c2 C++: Fix join order. 
Before (I stopped midway):

```
(72s) Tuple counts for _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1/3@fb0627h8 after 1m4s:
  ...

  20000     ~0%       {5} r28 = r26 UNION r27
  224367484 ~7%       {9} r29 = JOIN r28 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff_1023#join_rhs ON FIRST 1 OUTPUT Rhs.3, "protected", Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.0, Lhs.4, Rhs.1, Rhs.2

  111914129 ~0%       {7} r30 = JOIN r29 WITH specifiers ON FIRST 2 OUTPUT Lhs.6, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5, Lhs.7, Lhs.8

  123503367 ~0%       {8} r31 = JOIN r30 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Lhs.3 'arg2', Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0, Lhs.5, Lhs.6
  331748250 ~0%       {10} r32 = JOIN r31 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.3 'arg1', Lhs.0 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.1, Rhs.2, Rhs.3
  331748250 ~0%       {10} r33 = SELECT r32 ON In.8 = In.9
  331748250 ~2%       {9} r34 = SCAN r33 OUTPUT In.7, In.5, In.8, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.4, In.6
  38000     ~4%       {10} r35 = JOIN r34 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Rhs.3, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.5 'arg2', Lhs.6, Lhs.7, Lhs.1, Lhs.8, Lhs.0, Lhs.2
  37500     ~0%       {11} r36 = JOIN r35 WITH specifiers ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.8, Lhs.9, Lhs.0, Rhs.1
  28973     ~0%       {11} r37 = SELECT r36 ON In.10 >= "protected"
  28973     ~98%      {6} r38 = SCAN r37 OUTPUT In.8, "public", In.0 'arg0', In.1 'arg1', In.2 'arg2', In.6

  111913629 ~6%       {7} r39 = JOIN r29 WITH specifiers ON FIRST 2 OUTPUT Lhs.6, Lhs.4 'arg2', Lhs.2 'arg0', Lhs.3 'arg1', Lhs.5, Lhs.7, Lhs.8
  110582830 ~0%       {8} r40 = JOIN r39 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 2 OUTPUT Lhs.1 'arg2', Lhs.5, Lhs.6, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.1 'arg2', Lhs.4, Lhs.0

  123503367 ~0%       {8} r41 = JOIN r30 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3 'arg2', Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0, Lhs.5, Lhs.6
  0         ~0%       {8} r42 = JOIN r41 WITH #Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.6, Lhs.7, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.1 'arg2', Lhs.4, Lhs.5

  110582830 ~0%       {8} r43 = r40 UNION r42
  15000     ~6%       {8} r44 = JOIN r43 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Lhs.5 'arg2', Lhs.1, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.6, Lhs.7, Lhs.2, Lhs.0
  ...
```

After:

```
Tuple counts for _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1/3@997a3ai9 after 744ms:
  ...

  78600   ~8%       {6} r29 = r26 UNION r28
  437816  ~0%       {9} r30 = JOIN r29 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.0 'arg2', Lhs.3, Lhs.4, Lhs.5, Rhs.1, Rhs.2, Rhs.3
  430928  ~0%       {9} r31 = SELECT r30 ON In.7 = In.8
  430928  ~0%       {7} r32 = SCAN r31 OUTPUT In.5, In.6, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.7
  1096333 ~0%       {7} r33 = JOIN r32 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.1, Lhs.5, Rhs.2, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.6
  777970  ~0%       {8} r34 = JOIN r33 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.3, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.5 'arg2', Lhs.6

  334217  ~0%       {6} r35 = JOIN r14 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Lhs.3 'arg2', Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0
  235623  ~0%       {8} r36 = JOIN r35 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.3 'arg1', Lhs.0 'arg2', Lhs.4, Lhs.5, Lhs.1, Rhs.2, Rhs.3
  235623  ~0%       {8} r37 = SELECT r36 ON In.6 = In.7
  235623  ~0%       {7} r38 = SCAN r37 OUTPUT In.5, In.6, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.4
  437303  ~0%       {9} r39 = JOIN r38 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff_0213#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5, Lhs.6, Lhs.0, Lhs.1, Rhs.2
  437303  ~4%       {10} r40 = JOIN r39 WITH specifiers ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.8, Lhs.0, Rhs.1
  352102  ~1%       {10} r41 = SELECT r40 ON In.9 >= "protected"
  352102  ~0%       {6} r42 = SCAN r41 OUTPUT In.7, In.3, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.6
  775332  ~0%       {8} r43 = JOIN r42 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.0, Lhs.1, Rhs.2, Rhs.3, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5

  1553302 ~51%      {8} r44 = r34 UNION r43
  1553302 ~152%     {7} r45 = JOIN r44 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 4 OUTPUT Lhs.7, "public", Lhs.4 'arg0', Lhs.5 'arg1', Lhs.6 'arg2', Lhs.2, Lhs.3
  ...
```
 2023-03-09 09:23:56 +00:00
Mathias Vorreiter Pedersen
540ce1f0db Contrary to what the QLDoc says, this predicate was way too large to be 
evaluated on the 'quick-lint/quick-lint-js' project.

Before:
```
Most expensive predicates for completed query RuleOfTwo.ql:
        time  | evals |   max @ iter | predicate
        ------|-------|--------------|----------
        25m9s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff@8a38e2tm
        17m1s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb@0796c497
         3.5s |   130 | 116ms @ 3    | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@926a68j9
         3.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_1230#join_rhs@25e9ffj8
         1.7s |     3 |  1.7s @ 1    | Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49
         1.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_0132#join_rhs@9c2065t1
         1.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff_0132#join_rhs@672330eh
         1.1s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_102#join_rhs@f7d5464o
        829ms |   336 |  85ms @ 6    | Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1
        615ms |       |              | Expr#ef463c5d::Expr::getType#ff@e265e79q
```

After:
```
Most expensive predicates for completed query RuleOfTwo.ql:
        time  | evals |  max @ iter | predicate
        ------|-------|-------------|----------
        11.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1@fb0627h8
        4.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#4@c43dbeia
        3.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#3@313e5963
        3.4s |   130 | 93ms @ 3    | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@a0289bfg
        1.5s |     3 | 1.5s @ 1    | Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49
        806ms |       |             | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_021#join_rhs@cc1b76s7
        721ms |   336 | 61ms @ 5    | Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1
        489ms |       |             | Expr#ef463c5d::Expr::getType#ff@e265e79q
        337ms |   130 | 62ms @ 5    | Class#bacd9b46::Class::accessOfBaseMemberMulti#ffff@0165b0dr
        329ms |       |             | Variable#7a968d4e::ParameterDeclarationEntry::getAnonymousParameterDescription#0#dispred#ff@0f12bdvq
        211ms |       |             | exprs_10#join_rhs@5481143i
```
 2023-03-08 17:44:19 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Paolo Tranquilli
bdad847584 Merge pull request #12422 from github/redsun82/cpp-scanf-fp 
C++: add false positives to `MissingCheckScanf` test
 2023-03-07 13:29:22 +01:00
Paolo Tranquilli
429518bcea C++: add further FP to test 2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd C++: add false positives to MissingCheckScanf test 
See https://github.com/github/codeql/issues/12412 for the initial
report.
 2023-03-07 11:56:05 +01:00
Jeroen Ketema
3a4c0a2aae Merge pull request #12389 from jketema/more-deprecated 
C++: Add `deprecated` to predicates that are deprecated according to the QLDoc
 2023-03-07 11:21:43 +01:00
Jeroen Ketema
c9bccd9b43 C++: Fix more tests that used deprecated function 2023-03-07 09:01:13 +01:00
Mathias Vorreiter Pedersen
92ad099c1b DataFlow: Remove bindingsets, remove the call column, and swap parameter and argument columns. 2023-03-06 13:47:59 +00:00
Mathias Vorreiter Pedersen
3bf28cc752 DataFlow: Sync identical files. 2023-03-06 13:46:21 +00:00
Mathias Vorreiter Pedersen
05314b48e8 C++: Add stub. 2023-03-06 13:44:23 +00:00
Mathias Vorreiter Pedersen
6e8a2a6375 DataFlow: Add a language-specific predicate for modifying 'branch' and 'join'. 2023-03-06 13:44:19 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
Jeroen Ketema
72d03e4060 C++: Fix test that used deprecated function 2023-03-06 09:07:52 +01:00
Dave Bartolomeo
e169702165 Merge branch 'main' into post-release-prep/codeql-cli-2.12.4 2023-03-04 09:20:44 -05:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Jeroen Ketema
aa00424b75 C++: Fix experimental query that uses the deprecated freeCall predicate 2023-03-03 17:53:49 +01:00
Jeroen Ketema
391d9bed5b C++: Add deprecated to predicates that are deprecated according to the QLDoc 2023-03-03 17:15:47 +01:00
Jeroen Ketema
6495f1911f C++: Properly deprecate hasQualifiedName by using the deprecated keyword 2023-03-03 15:57:59 +01:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Anders Schack-Mulligen
7e3e10c34b C/C++: Remove reference to Partial Flow. 2023-02-27 14:30:05 +01:00
Anders Schack-Mulligen
bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
ihsinme
213abc6642 Update DivideByZeroUsingReturnValue.expected 2023-02-19 21:42:48 +03:00
ihsinme
54acbf7676 Update test.cpp 2023-02-19 21:42:14 +03:00
ihsinme
49af5ec536 Update DivideByZeroUsingReturnValue.ql 2023-02-19 21:41:28 +03:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Mathias Vorreiter Pedersen
746f04bafc C++: Construct fewer strings. 2023-02-07 11:44:32 +00:00
Mathias Vorreiter Pedersen
ff29356ae9 Merge pull request #12106 from MathiasVP/fewer-strings 
C++: Replace `toUpperCase().matches("...")` with case-insensitive `regexpMatch`
 2023-02-07 11:31:36 +00:00
Jeroen Ketema
1c35109675 C++: Add experimental tag to experimental query 2023-02-06 20:31:26 +01:00
Jeroen Ketema
868f07bc91 Merge branch 'main' into ihsinme-patch-102 2023-02-06 20:16:53 +01:00
ihsinme
065ca3c227 Update DivideByZeroUsingReturnValue.ql 2023-02-06 19:42:46 +03:00
Mathias Vorreiter Pedersen
4016299aa8 Update cpp/ql/lib/semmle/code/cpp/security/Encryption.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-02-06 15:55:15 +00:00
Mathias Vorreiter Pedersen
1c9a526afa C++: Construct fewer strings. 2023-02-06 15:18:15 +00:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
Anders Schack-Mulligen
67d4ed53b9 Dataflow: Sync. 2023-02-02 16:33:00 +01:00