hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,069 Commits 1,738 Branches 165 Tags
4dcf67940cf432e6febf0da660e1c7e191f50144
Commit Graph

184 Commits

Author SHA1 Message Date
Max Schaefer
e47b021050 Do not consider expressions as candidates whose type is annotated with @FunctionalInterface. 2024-02-01 11:04:14 +00:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
Max Schaefer
5c43a0b1e4 Merge pull request #15356 from github/max-schaefer/automodel-void-source-candidates 
Automodel: Switch tests to inline expectations
 2024-01-22 17:05:10 +00:00
Max Schaefer
78e5a1a546 Autoformat. 2024-01-22 10:45:33 +00:00
Max Schaefer
3ae484868a Merge pull request #15326 from github/max-schaefer/automodel-negative-sink-models 
Automodel: Apply negative characteristics only to endpoints of the right kind.
 2024-01-17 15:54:28 +00:00
Max Schaefer
ae23920a6d Fix spurious source models for primitive types in framework mode. 2024-01-17 15:36:31 +00:00
Max Schaefer
9975f974ee Autoformat. 2024-01-17 14:53:09 +00:00
Max Schaefer
6c47a5d5f9 Refactor framework-mode queries to make them more easily testable. 2024-01-17 14:51:58 +00:00
Max Schaefer
adea805546 Refactor application-mode tests so we can reuse most of it for framework mode. 2024-01-17 14:49:19 +00:00
Max Schaefer
692d5e55a2 Use inline expectations for positive examples. 2024-01-17 14:48:22 +00:00
Max Schaefer
83c567385f Use inline expectations for negative-example tests as well. 2024-01-17 14:47:39 +00:00
Max Schaefer
1ebd0747a8 Fix treatment of void method calls. 2024-01-17 14:40:47 +00:00
Max Schaefer
587d69e88c Refactor application-mode candidate-extraction query so we can test its results before sampling. 2024-01-17 14:40:46 +00:00
Max Schaefer
800a78d258 Treat unexploitable types more centrally. 
The apparently missing test result is due to sampling.
 2024-01-17 14:40:37 +00:00
Max Schaefer
8614d7bddb Address review feedback. 2024-01-17 14:29:52 +00:00
Max Schaefer
90a4552c4f Fix omittable exists. 2024-01-15 13:45:03 +00:00
Max Schaefer
fee44074f7 Autoformat. 2024-01-15 13:44:45 +00:00
Max Schaefer
3befce98b3 When checking whether an endpoint has already been modelled, make sure to take the extensibleType into account. 2024-01-15 12:09:39 +00:00
Max Schaefer
68cf9aca12 Remove a few getExtensibleType checks which are now unnecessary. 2024-01-15 11:50:59 +00:00
Max Schaefer
919330fb53 Some more performance refactoring. 2024-01-12 17:38:58 +00:00
Max Schaefer
bb63fcde43 Refactor to avoid bad join order. 2024-01-12 15:24:24 +00:00
Max Schaefer
45ca301593 Rename a predicate. 2024-01-12 13:18:05 +00:00
Max Schaefer
ea26e21454 Extend negative characteristics for exceptions to source models. 2024-01-12 12:20:22 +00:00
Max Schaefer
06ba5ea9f8 Eliminate GetCallable modules and use getCallable instead. 2024-01-12 12:03:49 +00:00
Max Schaefer
76b84301e3 Share some code. 2024-01-12 12:03:49 +00:00
Max Schaefer
9f443d4f83 Make Unexploitable*Characteristic more precise. 2024-01-12 12:03:41 +00:00
Max Schaefer
6e9c90a6bb Properly distinguish negative source and sink characteristics. 
In particular, `IsSanitizerCharacteristic` is a negative _source_ characteristic (not a negative sink characteristic), while `NeutralModelCharacteristic` is both.

This eliminates the erroneous test results.
 2024-01-11 12:36:48 +00:00
Max Schaefer
ff4555ac5b Get rid of negative sink types. 
Instead of positively implying the negative sink type, negative sink characteristics now negatively imply all sink types (but not source types). This is simpler and sice we will never have a huge number of sink types it doesn't impact performance either.

Changes to test results:

- The call to `createDirectories` at `Test.java:87` is now correctly classified as a source candidate, having previously been erroneously excluded by a negative _sink_ characteristic.
- The call to `compareTo` at `Test.java:48` is now erroneously classified as a source candidate; it should be suppressed by `IsSanitizerCharacteristic`, which is a negative sink characteristic, but should really be a negative source characteristic.
- In framework mode, several endpoints are now erroneously classified as source candidates even though they have neutral models, because `NeutralModelCharacteristic` is currently only a negative sink characteristic and not a negative source characteristic.
 2024-01-11 12:19:53 +00:00
Max Schaefer
bcf4f4febd Drop a conjunct which is now spurious. 2024-01-11 11:56:59 +00:00
Max Schaefer
03ca244df2 Associate endpoints with their potential endpoint types and check these when determining candidates. 
This prevents us from associating a sink candidate with a source type and vice versa.

However, this does not fix the problem of negative characteristics for sink types excluding source candidates.
 2024-01-11 11:44:14 +00:00
Max Schaefer
8e429bd399 Rename isSinkCandidate (and a related predicate) to isCandidate. 
This reflects the fact that these predicates also deal with source candidates.
 2024-01-11 11:20:51 +00:00
Max Schaefer
8d56ee4a56 Release automodel extraction queries v0.0.12. 2024-01-10 11:29:36 +00:00
Max Schaefer
ac8e92eec5 Merge pull request #15264 from github/max-schaefer/automodel-exclude-generated-calls 
Automodel: Do not generate features for compiler-generated program elements.
 2024-01-10 10:22:00 +00:00
Max Schaefer
9b7cfd88cd Clarify relationship of isFromSource and Element::fromSource. 2024-01-09 16:21:36 +00:00
Max Schaefer
3e8775daaa Automodel: Do not generate features for compiler-generated program elements. 
These have dummy locations, which breaks certain invariants that break downstream processing.
 2024-01-09 13:39:46 +00:00
Ian Wright
dab28edfa9 0.0.11 release of automodel extraction queries 2024-01-04 13:10:46 +00:00
Ian Wright
45b1790fa2 add publication warning 2024-01-04 11:02:57 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Stephan Brandauer
2e5971bb57 Java automodel: also drop boxed types and number types from endpoints 2023-11-24 15:04:13 +01:00
Stephan Brandauer
f2de449ce4 Merge branch 'main' into kaeluka/automodel-extraction-skip-primitive-types-candidates 2023-11-21 14:57:24 +01:00
Max Schaefer
b5c92408f4 Merge pull request #14845 from github/max-schaefer/minor 
Automodel: Fix a few nits.
 2023-11-20 15:24:45 +00:00
Stephan Brandauer
737aab66f5 Java automodel: drop primitive parameters from endpoints 2023-11-20 15:09:05 +01:00
Stephan Brandauer
e34a9de008 Java Automodel: drop return values of primitive return type methods from consideration for extraction in framework mode 2023-11-20 14:11:14 +01:00
Stephan Brandauer
212a515fa9 Java Automodel: drop return values void methods other than ctors from consideration for extraction in framework mode 2023-11-20 14:00:59 +01:00
Max Schaefer
1bed9f9003 Automodel: Fix a few nits. 2023-11-20 11:06:02 +00:00
Arthur Baars
db180d9872 Merge pull request #14823 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-19 12:13:42 +01:00