hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

7811 Commits

Author SHA1 Message Date
Robert Marsh
3a35a40062 WIP: start on CWE-611 tests 2022-04-06 12:55:56 +01:00
Robert Marsh
370dd057dc C++: more WIP on Xerces XXE query 2022-04-06 12:55:54 +01:00
Robert Marsh
9b6c1bc691 WIP: Xerces XXE 2022-04-06 12:55:52 +01:00
Tom Hvitved
4099d1318f Data flow: Tweak two join-orders 
Before
```
[2022-04-06 13:19:29] (96s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#aa10f2wi after 4.4s:
                      10681    ~0%     {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config'
                      982      ~1%     {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2
                      83691528 ~2%     {3} r3 = JOIN r2 WITH DataFlowPublic::ContentSet::getAReadContent#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1 'config', Lhs.2, Rhs.1 'c'
                      83581763 ~2%     {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config')
                      83581763 ~0%     {3} r5 = SCAN r4 OUTPUT In.2 'c', In.0 'config', In.1
                      0        ~0%     {3} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlowConsCand#7ad53399#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1 'config', Lhs.0 'c'
                      0        ~0%     {2} r7 = JOIN r6 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config'
                                       return r7
```

After
```
[2022-04-06 13:44:38] (6s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#5abbf2wn after 6ms:
                      10681  ~0%     {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config'
                      982    ~1%     {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2
                      109765 ~0%     {3} r3 = JOIN r2 WITH DataFlowImpl2::Stage1::fwdFlowConsCandSet#7ad53399#fff#reorder_0_2_1 ON FIRST 2 OUTPUT Lhs.1 'config', Lhs.2, Rhs.2 'c'
                      0      ~0%     {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config')
                      0      ~0%     {3} r5 = SCAN r4 OUTPUT In.1, In.0 'config', In.2 'c'
                      0      ~0%     {2} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config'
                                     return r6
```
 2022-04-06 13:52:30 +02:00
4B5F5F4B
04538d0599 Autoformated to make CodeQL happy 2022-04-06 11:59:26 +08:00
ihsinme
275b29a288 Update DangerousUseOfExceptionBlocks.expected 2022-04-05 22:48:11 +03:00
Jeroen Ketema
d19504fca2 C++: Add cpp/unused-local-variable test case with switch initializer 
This is similar to the test case with the `if` initializer, and we should
not forget about it once we support `if` initialization.
 2022-04-05 18:27:53 +02:00
ihsinme
73de757f39 Update DangerousUseOfExceptionBlocks.ql 2022-04-04 21:38:03 +03:00
Geoffrey White
04b8306f06 C++: Add some more patterns. 2022-04-04 16:57:00 +01:00
Geoffrey White
d2e7f22d1b C++: Group all phone number related exprs together. 2022-04-04 16:48:03 +01:00
Geoffrey White
d42ee7d279 C++: Extend tests. 2022-04-04 16:46:56 +01:00
Tom Hvitved
d99bb65ea9 C++: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
c4fbc618a9 Data flow: Sync files 2022-04-04 13:51:44 +02:00
Jeroen Ketema
e91c04234e C++: Update tests for copy constructor calls with implied source 2022-04-04 12:48:02 +02:00
Jeroen Ketema
e710cf7921 C++: Add tests for copy constructor direct initializations 2022-04-04 12:48:01 +02:00
ihsinme
61860c9ae9 Update DangerousUseOfExceptionBlocks.ql 2022-04-02 13:44:40 +03:00
Jeroen Ketema
e1fa58a6f2 C++: Update tests after generating reference conversion 2022-04-01 18:32:46 +02:00
Jeroen Ketema
1d51b618d1 C++: Update tests for handling op bitwise copy in lambda captures 2022-04-01 18:32:46 +02:00
Jeroen Ketema
dea510ac95 C++: Add change note for cpp/unused-local-variable changes 2022-04-01 18:32:46 +02:00
Jeroen Ketema
4f49f9d6e1 C++: Remove exception from cpp/unused-local-variable that is no longer needed 2022-04-01 18:32:46 +02:00
Jeroen Ketema
3fed59fd13 C++: Add more lambda capture IR tests 2022-04-01 18:32:45 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
Chris Smowton
3119885a9b Merge pull request #8638 from smowton/smowton/docs/additional-flow-step-description 
Improve wording of isAdditionalFlow/TaintStep qldoc
 2022-04-01 16:41:04 +01:00
Paolo Tranquilli
a323cce03e Merge pull request #8630 from redsun82/bazel-workspace 
Bazel: add skeleton bazel workspace
 2022-04-01 15:46:59 +02:00
Chris Smowton
28fa49dcd6 dataflow -> data-flow 2022-04-01 13:22:58 +01:00
Paolo Tranquilli
8a5e611453 Bazel: add skeleton bazel workspace 
This moves in codeql some internal bazel definitions in preparation for
future work.
 2022-04-01 14:04:50 +02:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Chris Smowton
3b0bd3bc0f Improve wording 2022-04-01 11:31:31 +01:00
Chris Smowton
99026a6071 Improve wording of isAdditionalFlow/TaintStep qldoc 2022-04-01 11:07:27 +01:00
Geoffrey White
fbd71cd050 C++: Update to regexpMatch. 2022-03-31 11:27:20 +01:00
Mathias Vorreiter Pedersen
dc88f715f8 C++: Fix join order. 2022-03-31 10:35:36 +01:00
Mathias Vorreiter Pedersen
da39c9f5ef C++: Fix bad magic. 2022-03-31 10:35:29 +01:00
Geoffrey White
9035ca236e C++: Change note. 2022-03-31 10:24:18 +01:00
Geoffrey White
b296b0150a C++: Some enhancements to SensitiveExprs.qll as well, inspired by csharp. 2022-03-31 10:24:17 +01:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
Robert Marsh
3ce7c521d1 C++: fix IR global var init for string constants 2022-03-30 14:01:59 -04:00
Robert Marsh
e01799827a C++: add test for string global var inits in IR 2022-03-30 13:38:25 -04:00
Robert Marsh
fb0a848e5a C++: fix inconsistency with global var constructor 2022-03-30 13:32:02 -04:00
Robert Marsh
9d4aac61fd C++: add IR tests for global var with constructor 2022-03-30 13:20:26 -04:00
Robert Marsh
417b0b5353 C++: accept test changes for updated extractor 2022-03-30 10:23:17 -04:00
Dave Bartolomeo
e2396a5e03 Remove PrintIR tests for range analysis 
These were only used for debugging, and don't actually make good tests.
 2022-03-30 06:45:28 -04:00
Dave Bartolomeo
19789fa738 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-30 06:39:14 -04:00
ihsinme
b95094235c Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-03-30 10:51:38 +03:00
4B5F5F4B
9ab773422a refactor some code, and add access_ok cases 2022-03-30 12:25:32 +08:00
Robert Marsh
9442be1a27 Autoformat 2022-03-29 16:23:57 -04:00
Robert Marsh
8d21c8b7c5 Merge pull request #8423 from 4B5F5F4B/main 
[CPP][Linux Kernel]Add ql to detect CVE-2017-5123
 2022-03-29 15:10:15 -04:00
Jeroen Ketema
d1857a9e37 C++: Remove debugging options from library tests 2022-03-29 17:24:18 +02:00
Geoffrey White
e04298d532 C++: Delete experimental PrivateData.qll. 2022-03-29 15:26:46 +01:00
Geoffrey White
cf5c6baadd C++: More test cases for salary. 2022-03-29 15:05:27 +01:00
Geoffrey White
0e3e145e53 C++: Add CWE-359 tag to cpp/cleartext-transmission. 2022-03-29 14:44:06 +01:00