hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,329 Commits 1,684 Branches 158 Tags
15f641893ef9f98197231d253bbf26877c8cc5ff
Commit Graph

1905 Commits

Author SHA1 Message Date
Michael Nebel
82294c1349 Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr 
Ruby: Postupdate notes for assignment expressions.
 2022-09-30 10:00:02 +02:00
Harry Maclean
4a39bc8f47 Merge pull request #10598 from hmac/hmac/actioncontroller-metal 
Ruby: Identify ActionController::Metal controllers
 2022-09-30 13:07:03 +13:00
Michael Nebel
dd0f19d0b0 Ruby: Update expected test output. 2022-09-29 14:12:20 +02:00
Michael Nebel
999eb19c3d Ruby: Support postupdate notes for assignment expressions. 2022-09-29 14:12:20 +02:00
Tom Hvitved
1fcd22b0f6 Merge pull request #10621 from hvitved/ruby/fix-bad-join 
Ruby: Fix bad join-order
 2022-09-29 13:56:18 +02:00
Michael Nebel
af4db77046 Ruby: Update expected test output. 2022-09-29 13:54:59 +02:00
Michael Nebel
9ee831a378 Ruby: Add (failing) test case for flow out via assignment expression. 2022-09-29 13:54:32 +02:00
Tom Hvitved
2bf087677f Ruby: Fix bad join-order 
Before
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@ba617c9q with tuple counts:
          1066626  ~2%    {3} r1 = SCAN project#Module#fe82a56b::Cached::lookupMethod#2 OUTPUT In.0, In.0, In.1
        931393128  ~0%    {4} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1, Rhs.2
           298573  ~0%    {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff_14023#join_rhs ON FIRST 2 OUTPUT Rhs.2, Rhs.3, Rhs.4, Lhs.2, Lhs.3, Lhs.1
                          return r3
```

After
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@f68de4dn with tuple counts:
        583298  ~1%    {5} r1 = SCAN DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff OUTPUT In.1, In.0, In.2, In.3, In.4
        583298  ~1%    {5} r2 = JOIN r1 WITH DataFlowPrivate#462ff392::ArgumentNode#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        442278  ~0%    {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.4, Lhs.1, Lhs.2, Lhs.3, Rhs.2
        298573  ~0%    {6} r4 = JOIN r3 WITH project#Module#fe82a56b::Cached::lookupMethod#2 ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0, Lhs.5, Lhs.1
                       return r4
```
 2022-09-29 12:00:26 +02:00
Asger F
296c0a7925 Merge pull request #10603 from asgerf/type-model-api-node 
Add TypeModel.getAnApiNode
 2022-09-29 11:39:09 +02:00
Harry Maclean
0e5aa97c46 Fix changenote month 2022-09-29 09:24:42 +13:00
Harry Maclean
76cfd44478 Add change note 2022-09-29 09:24:42 +13:00
Harry Maclean
4217a50900 Treat ActiveRecord.create as a model instantiation 2022-09-29 09:24:42 +13:00
Harry Maclean
424f31a24a Add test for AR Model.create instantiations 
These currently aren't recognised.
 2022-09-29 09:24:42 +13:00
Harry Maclean
63309150e0 Make some space 2022-09-29 09:24:37 +13:00
Harry Maclean
e7d19e849f Merge pull request #10090 from hmac/hmac/activestorage 
Ruby: Model Activestorage
 2022-09-29 09:16:25 +13:00
Harry Maclean
0ce0ada4df Merge pull request #10002 from hmac/hmac/protected-methods 
Ruby: Model protected methods
 2022-09-29 08:39:29 +13:00
Asger F
65de5d014c Ruby: add test case 2022-09-28 12:23:58 +02:00
Asger F
c8162f80bf Ruby: add TypeModel.getAnApiNode 2022-09-28 12:17:10 +02:00
Asger F
a48b893ed6 Merge pull request #10588 from asgerf/rb/rbi-instantiated-type 
Ruby: add RbiInstantiatedType
 2022-09-28 11:51:20 +02:00
Tom Hvitved
99b2df0605 Ruby: Make get(Explicit)VisibilityModifier private 2022-09-28 11:16:13 +02:00
Asger F
182d7d38a8 Update ruby/ql/lib/codeql/ruby/experimental/Rbi.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-09-28 10:36:09 +02:00
Harry Maclean
eada74a15c Add change note 2022-09-28 11:43:31 +13:00
Tom Hvitved
31806b84ba Ruby: Add more flow summaries tests 
The tests highlight the differences between `(With|Without)?Element[1]` and
`(With|Without)?Element[1!]`.
 2022-09-27 20:16:31 +02:00
Tom Hvitved
2351c0288a Ruby: Fix spurious flow through reverse stores 2022-09-27 20:16:31 +02:00
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00
Tom Hvitved
fea1e47daa Ruby: Add data-flow test for spurious flow through a reverse store 2022-09-27 20:05:35 +02:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Asger F
52b6dd5bec Ruby: update test expectation 2022-09-27 14:41:59 +02:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Asger F
ea4ba27297 Ruby: add RbiInstantiatedType 2022-09-27 10:51:29 +02:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Harry Maclean
cb8865f3ff Add missing doc 2022-09-27 11:23:08 +13:00
Harry Maclean
49572a5218 Remove redundant import 2022-09-27 10:35:39 +13:00
Tom Hvitved
3717cb30eb Ruby: Fix two join orders 
`getExplicitVisibilityModifier`

Before
[2022-08-17 09:03:16] (186s) Tuple counts for quick_eval#ff/2@2005f7ku after 113ms:
                      39910   ~0%     {2} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT 0, In.0 'this'
                      39910   ~0%     {2} r2 = STREAM DEDUP r1
                      135     ~2%     {2} r3 = JOIN r2 WITH Call#ee92d596::CallImpl::getArgumentImpl#dispred#fbb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2 'result', Lhs.1 'this'
                      134     ~0%     {2} r4 = JOIN r3 WITH Method#8b49e67f::VisibilityModifier#f ON FIRST 1 OUTPUT Lhs.1 'this', Lhs.0 'result'

                      39910   ~0%     {1} r5 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910   ~0%     {1} r6 = STREAM DEDUP r5
                      39910   ~0%     {2} r7 = JOIN r6 WITH Method#8b49e67f::Method::getName#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1
                      39770   ~1%     {3} r8 = JOIN r7 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'this', Lhs.1
                      1859722 ~0%     {3} r9 = JOIN r8 WITH project#Method#8b49e67f::isDeclaredIn#fff#2_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1 'this', Lhs.2
                      11757   ~0%     {4} r10 = JOIN r9 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#bf ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'this', Lhs.0 'result', Rhs.1
                      24206   ~0%     {4} r11 = JOIN r10 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'this', Lhs.2 'result'
                      292     ~0%     {2} r12 = JOIN r11 WITH Expr#6fb2af19::Expr::getConstantValue#dispred#ff ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.3 'result'

                      426     ~0%     {2} r13 = r4 UNION r12
                                      return r13

After
[2022-08-17 09:30:31] (0s) Tuple counts for quick_eval#ff/2@e014fd45 after 5ms:
                      39910 ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910 ~0%     {1} r2 = STREAM DEDUP r1

                      134   ~1%     {2} r3 = JOIN r2 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      37225 ~1%     {3} r4 = JOIN r2 WITH project#Method#8b49e67f::methodIsDeclaredIn#ffff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      382   ~1%     {2} r5 = JOIN r4 WITH Method#8b49e67f::modifiesIn#fff_120#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      516   ~0%     {2} r6 = r3 UNION r5
                                    return r6

`getVisibilityModifier()`

Before
[2022-08-17 09:16:18] (1s) Tuple counts for quick_eval#ff/2@0e9b6ctl after 52ms:
                      39910   ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910   ~0%     {1} r2 = STREAM DEDUP r1
                      424     ~0%     {2} r3 = JOIN r2 WITH Method#8b49e67f::Method::getExplicitVisibilityModifier#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      34953   ~0%     {3} r4 = JOIN quick_eval#ff#shared WITH Method#8b49e67f::isDeclaredIn#fff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      2338    ~0%     {2} r5 = JOIN r4 WITH quick_eval#ff#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      3861    ~0%     {1} r6 = SCAN Method#8b49e67f::SingletonMethod#ff OUTPUT In.0 'this'
                      3861    ~0%     {1} r7 = STREAM DEDUP r6
                      3859    ~6%     {2} r8 = JOIN r7 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1
                      3859    ~6%     {2} r9 = JOIN r8 WITH Method#8b49e67f::SingletonMethod#ff ON FIRST 1 OUTPUT Lhs.0 'this', Lhs.1

                      0       ~0%     {3} r10 = JOIN r9 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1, Lhs.0 'this'

                      3859    ~0%     {3} r11 = JOIN r9 WITH Method#8b49e67f::SingletonMethod::getName#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'this', Lhs.1
                      7731    ~0%     {3} r12 = JOIN r11 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'this', Lhs.2
                      1343055 ~1%     {3} r13 = JOIN r12 WITH Expr#6fb2af19::Expr::getConstantValue#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'this', Lhs.2
                      6546    ~2%     {3} r14 = JOIN r13 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.2, Lhs.1 'this'

                      6546    ~2%     {3} r15 = r10 UNION r14
                      120     ~2%     {2} r16 = JOIN r15 WITH AST#a6718388::AstNode::getEnclosingModule#dispred#ff ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.0 'result'

                      2458    ~0%     {2} r17 = r5 UNION r16
                      2882    ~0%     {2} r18 = r3 UNION r17
                                      return r18

After
[2022-08-17 09:29:42] (2s) Tuple counts for quick_eval#ff/2@77b18cdg after 5ms:
                      39910 ~0%     {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0 'this'
                      39910 ~0%     {1} r2 = STREAM DEDUP r1
                      516   ~0%     {2} r3 = JOIN r2 WITH Method#8b49e67f::Method::getExplicitVisibilityModifier#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      3861  ~0%     {1} r4 = SCAN Method#8b49e67f::SingletonMethod#ff OUTPUT In.0 'this'
                      3861  ~0%     {1} r5 = STREAM DEDUP r4

                      0     ~0%     {2} r6 = JOIN r5 WITH Method#8b49e67f::VisibilityModifier::getMethodArgument#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'this', Rhs.1 'result'

                      516   ~0%     {2} r7 = r3 UNION r6

                      36845 ~0%     {3} r8 = JOIN quick_eval#ff#shared WITH Method#8b49e67f::isDeclaredIn#fff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      2421  ~0%     {2} r9 = JOIN r8 WITH quick_eval#ff#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      2584  ~0%     {3} r10 = JOIN r5 WITH project#Method#8b49e67f::methodIsDeclaredIn#ffff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.0 'this'
                      39    ~0%     {2} r11 = JOIN r10 WITH Method#8b49e67f::modifiesIn#fff_120#join_rhs ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'

                      2460  ~1%     {2} r12 = r9 UNION r11
                      2976  ~0%     {2} r13 = r7 UNION r12
                                    return r13
 2022-09-27 10:29:06 +13:00
Harry Maclean
92715bac3a Attempt to fix bad join candidates 2022-09-27 10:29:06 +13:00
Harry Maclean
5cdaae7378 Update tests 2022-09-27 10:29:04 +13:00
Harry Maclean
4df7fd248e Ruby: Ensure explicit modifiers take priority 
In Ruby, "explicit" visibility modifiers override "implicit" ones. For
example, in the following:

```rb
class C

  private

  def m1
  end

  public m2
  end

  def m3
  end
  public :m3
end
```

`m1` is private whereas `m2` and `m3` are public.
 2022-09-27 10:28:23 +13:00
Harry Maclean
d90257fd50 Add change note 2022-09-27 10:22:54 +13:00
Harry Maclean
bda4cfbe5d Ruby: Update test 2022-09-27 10:22:53 +13:00
Harry Maclean
79abb36faf Ruby: Remove MethodModifier 2022-09-27 10:21:06 +13:00
Harry Maclean
97e9eab7fc Fix QL4QL error 2022-09-27 10:21:06 +13:00
Harry Maclean
d7f40c41c5 Ruby: protected_class_method does not exist 2022-09-27 10:21:06 +13:00
Harry Maclean
5e9196e51c Ruby: Add test for protected methods 2022-09-27 10:21:04 +13:00
Harry Maclean
494fb4c966 Ruby: Make room for new test cases 2022-09-27 10:18:43 +13:00
Harry Maclean
1d728b234f Ruby: Add test for protected method visibility 2022-09-27 10:16:09 +13:00
Harry Maclean
58dd521ee9 Ruby: further refactor to method visibility 2022-09-27 10:13:23 +13:00
Harry Maclean
c5f36613da Ruby: Refactor method visibility modeling 2022-09-27 10:13:21 +13:00
Harry Maclean
dea5036912 Ruby: Update for Http concept changes 2022-09-27 10:03:17 +13:00
Tom Hvitved
45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00