hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 19:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,790 Commits 1,685 Branches 158 Tags
69dfdf5a34356bca398bca8f573c988b2a3cae7a
Commit Graph

1796 Commits

Author SHA1 Message Date
Paolo Tranquilli
69dfdf5a34 Swift: fix IfConfigDecl in QL libraries 
This fixes `IfConfigDecl` for both the AST printer and control flow
libraries.

It turns out that the active lements of an `IfConfigDecl` are already
listed in the enclosing scope (like a `BraceStmt`), so they should not
be listed as children, and `IfConfigDecl` can be jsut a leaf in the
control flow.
 2022-09-21 12:12:55 +02:00
Erik Krogh Kristensen
7e17a919ae Merge pull request #10304 from erik-krogh/rb-followMsg 
RB: make the alert messages of taint-tracking queries more consistent
 2022-09-20 22:58:31 +02:00
Tom Hvitved
647397759e Merge pull request #10336 from hvitved/ruby/call-graph-rework 
Ruby: Rework call graph implementation
 2022-09-20 15:29:40 +02:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
erik-krogh
0645b11cb1 ruby: remove unused predicate from NfaUtilsSpecific 2022-09-19 15:25:00 +02:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Tom Hvitved
a8cc669251 Ruby: Address review comments 2022-09-18 19:34:54 +02:00
Tom Hvitved
9004e82820 Ruby: Add another call graph test 2022-09-18 19:34:00 +02:00
Tom Hvitved
29bfb4d185 Ruby: Revert changes to isLocalSourceNode and localFlowStepTypeTracker 
Instead, use small-step type tracking, as suggested by @rasmuswl offline.
 2022-09-16 19:38:26 +02:00
Nick Rolfe
b5d648a6b0 Ruby: model ActionView::FileSystemResolver as a FileSystemAccess 2022-09-16 09:24:14 +01:00
Tom Hvitved
ac4d4ff613 Ruby: Rework call graph implementation 2022-09-16 10:22:26 +02:00
Tom Hvitved
41c45c26bc Ruby: Add more call graph tests, and make calls.rb interpretable by irb 2022-09-16 10:22:20 +02:00
Tom Hvitved
40241acbfc Merge pull request #10425 from hvitved/ruby/bad-join-fix 
Ruby: Fix bad join-order in DB upgrade script
 2022-09-15 12:09:14 +02:00
Tom Hvitved
5cfed75e4c Ruby: Fix bad join-order in DB upgrade script 
Before
```
Evaluated relational algebra for predicate #select#query#ffffff@3e1dedi5 with tuple counts:
          30411461   ~0%    {6} r1 = locations_default AND NOT #select#query#ffffff#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5)

          30840645   ~4%    {2} r2 = SCAN #select#query#ffff OUTPUT In.0, In.3
            515559   ~1%    {3} r3 = JOIN r2 WITH #select#query#ffffff#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
            515559   ~0%    {5} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Rhs.4, Rhs.5
        2397708060   ~0%    {9} r5 = JOIN r4 WITH locations_default_1023#join_rhs ON FIRST 1 OUTPUT Lhs.1, 0, Rhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4, Rhs.2, Rhs.3
            515559   ~4%    {6} r6 = JOIN r5 WITH query#f0820431::body_statement#3#bff ON FIRST 3 OUTPUT Lhs.3, Lhs.4, Lhs.7, Lhs.8, Lhs.5, Lhs.6

          30927020   ~0%    {6} r7 = r1 UNION r6
                            return
```

After
```
Evaluated relational algebra for predicate #select#query#ffffff@8810e071 with tuple counts:
        30411461   ~0%    {6} r1 = #select#query#ffffff#shared AND NOT #select#query#ffffff#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5)

        30840645   ~4%    {2} r2 = SCAN #select#query#ffff OUTPUT In.0, In.3
          515559   ~1%    {3} r3 = JOIN r2 WITH #select#query#ffffff#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
          515559   ~0%    {6} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Lhs.1, 0, Lhs.2, Rhs.1, Rhs.4, Rhs.5
          515559   ~0%    {5} r5 = JOIN r4 WITH query#f0820431::body_statement#3#bff ON FIRST 2 OUTPUT Rhs.2, Lhs.3, Lhs.2, Lhs.4, Lhs.5
          515559   ~0%    {6} r6 = JOIN r5 WITH locations_default ON FIRST 2 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.2, Rhs.3
          515559   ~4%    {6} r7 = JOIN r6 WITH files ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.4, Lhs.5, Lhs.2, Lhs.3

        30927020   ~0%    {6} r8 = r1 UNION r7
                          return r8
```
 2022-09-14 19:27:49 +02:00
Tom Hvitved
40e77a0c67 Merge pull request #10415 from hvitved/code-block-fix 
Change two ```codeql to ```ql
 2022-09-14 15:07:55 +02:00
Tom Hvitved
4ea1c0050b Change two ``codeql to ``ql 2022-09-14 13:53:34 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Tom Hvitved
74eb6b2b98 Merge pull request #10400 from hvitved/ruby/singleton-class-object-scope 
Ruby: Adjust the scope of singleton class targets
 2022-09-13 20:01:21 +02:00
Rasmus Wriedt Larsen
511030df48 Ruby: Rewrite a few ::Range uses to instanceof 2022-09-13 15:44:29 +02:00
Tom Hvitved
4247843a27 Ruby: Adjust the scope of singleton class targets 
In

```rb
class << x
  ...
end
```

the scope of `x` is not the singleton class itself, but rather the outer scope.
 2022-09-13 11:39:38 +02:00
Tom Hvitved
87db5fc6b1 Ruby: Add tests for getEnclosing{Method,Module} 2022-09-13 11:39:15 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Arthur Baars
e07e6c9053 Merge pull request #10382 from RasmusWL/ruby-typo-fix 
Ruby: Fix typo in QLDoc
 2022-09-12 19:04:37 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Wriedt Larsen
03cc4a2f7a Ruby: Fix typo in QLDoc 2022-09-12 14:35:20 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
Tony Torralba
569fad667a Merge pull request #10360 from atorralba/atorralba/fix-taint-implicit-reads 
Dataflow: Fix implicit reads in taint tracking when FlowStates are used
 2022-09-09 14:28:39 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tom Hvitved
b3653cc3d0 Merge pull request #10216 from hvitved/ssa/shared-lib 
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
 2022-09-08 15:39:29 +02:00
Tom Hvitved
e3948e6683 Merge pull request #10354 from hvitved/ruby/convert-flow-test 
Ruby: Convert data-flow test to use inline test expectations
 2022-09-08 15:20:58 +02:00
Tom Hvitved
46127f9f59 Ruby: Convert data-flow test to use inline test expectations 2022-09-08 14:32:21 +02:00
Rasmus Wriedt Larsen
978c165cf4 Ruby: Fix ActiveResource HTTP client request modeling 
This was a conflict between the merge of
https://github.com/github/codeql/pull/9974 and
https://github.com/github/codeql/pull/10114
 2022-09-08 12:14:18 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Tom Hvitved
ac307137ad Merge pull request #10341 from hvitved/ruby/inline-getavaluereachablefromsource 
Ruby: Inline `getAValueReachableFromSource`
 2022-09-08 10:20:43 +02:00
Michael Nebel
e265b07a93 Merge pull request #10127 from michaelnebel/csharp/clearscontent 
C#: Replace clears content with CSV summaries.
 2022-09-08 09:26:08 +02:00
Harry Maclean
30c9bea8b3 Merge pull request #9974 from hmac/hmac/active-resource 
Ruby: Model ActiveResource
 2022-09-08 07:44:59 +01:00
Tom Hvitved
0070662072 Ruby: Inline getAValueReachableFromSource 2022-09-07 20:28:38 +02:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00
erik-krogh
79a048968e make the alert messages of taint-tracking queries more consistent 2022-09-07 12:22:50 +02:00
Tom Hvitved
987870bb62 Merge pull request #10315 from hvitved/ruby/parameter-match-join 
Ruby: Fix bad join in `parameterMatch`
 2022-09-07 08:43:15 +02:00
Asger F
95c60858d4 Export as DataFlow instead of DF 2022-09-06 15:02:48 +02:00
Tom Hvitved
b2c38b37de Merge pull request #10296 from hvitved/ruby/call-graph-missing-singletons 
Ruby: Add missing edges to the call graph for singleton methods
 2022-09-06 13:23:24 +02:00
Tom Hvitved
8b8a662c76 Ruby: Fix bad join in parameterMatch 
Before
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@281bdfu5 with tuple counts:
        23338949   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           65011   ~0%    {2} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
           65010   ~0%    {2} r3 = r2 AND NOT DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f(Lhs.1)

        23338949   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::TParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TArgumentPosition#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

             359   ~3%    {2} r5 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             358   ~3%    {2} r6 = r5 AND NOT DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f(Lhs.0)

           65368   ~0%    {2} r7 = r3 UNION r6

           65011   ~0%    {2} r8 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r9 = JOIN r8 WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~0%    {2} r10 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r11 = JOIN r10 WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

           65011   ~3%    {2} r12 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
               1   ~0%    {2} r13 = JOIN r12 WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0

               2   ~0%    {2} r14 = r11 UNION r13
               3   ~0%    {2} r15 = r9 UNION r14
           65371   ~0%    {2} r16 = r7 UNION r15

           65011   ~0%    {2} r17 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
            1645   ~1%    {2} r18 = JOIN r17 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0

             359   ~0%    {2} r19 = JOIN r4 WITH DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
             320   ~0%    {2} r20 = JOIN r19 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1

            1965   ~1%    {2} r21 = r18 UNION r20

        20803520   ~1%    {3} r22 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
             320   ~0%    {2} r23 = JOIN r22 WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

         2145363   ~0%    {3} r24 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
              33   ~0%    {2} r25 = JOIN r24 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1

           65011   ~0%    {3} r26 = JOIN r1 WITH DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           63361   ~0%    {4} r27 = JOIN r26 WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
           63360   ~0%    {4} r28 = SELECT r27 ON In.3 >= In.2
           63360   ~0%    {2} r29 = SCAN r28 OUTPUT In.0, In.1

           63393   ~0%    {2} r30 = r25 UNION r29
           63713   ~0%    {2} r31 = r23 UNION r30
           65678   ~0%    {2} r32 = r21 UNION r31
          131049   ~0%    {2} r33 = r16 UNION r32
                          return r33
```

After
```
Evaluated relational algebra for predicate DataFlowDispatch#36b84300::parameterMatch#2#ff@698b99ci with tuple counts:
             1   ~0%    {2} r1 = JOIN DataFlowDispatch#36b84300::Cached::TSelfParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TSelfArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             1   ~0%    {2} r2 = JOIN DataFlowDispatch#36b84300::Cached::TBlockParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TBlockArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

             2   ~0%    {2} r3 = r1 UNION r2

             1   ~0%    {2} r4 = JOIN DataFlowDispatch#36b84300::Cached::THashSplatParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::THashSplatArgumentPosition#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

         65010   ~0%    {2} r5 = JOIN DataFlowDispatch#36b84300::Cached::TAnyParameterPosition#f WITH DataFlowDispatch#36b84300::argumentPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

           358   ~3%    {2} r6 = JOIN DataFlowDispatch#36b84300::Cached::TAnyArgumentPosition#f WITH DataFlowDispatch#36b84300::parameterPositionIsNotSelf#1#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0

         65368   ~0%    {2} r7 = r5 UNION r6
         65369   ~0%    {2} r8 = r4 UNION r7
         65371   ~0%    {2} r9 = r3 UNION r8

          1645   ~1%    {2} r10 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordParameterPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.1

           320   ~0%    {2} r11 = JOIN DataFlowDispatch#36b84300::Cached::TAnyKeywordArgumentPosition#f WITH DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0

          1965   ~1%    {2} r12 = r10 UNION r11

            33   ~0%    {2} r13 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

           320   ~0%    {2} r14 = JOIN DataFlowDispatch#36b84300::Cached::TKeywordParameterPosition#ff WITH DataFlowDispatch#36b84300::Cached::TKeywordArgumentPosition#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

         63361   ~1%    {4} r15 = JOIN DataFlowDispatch#36b84300::Cached::TPositionalParameterLowerBoundPosition#ff WITH DataFlowDispatch#36b84300::Cached::TPositionalArgumentPosition#ff CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
         63360   ~1%    {4} r16 = SELECT r15 ON In.2 >= In.0
         63360   ~0%    {2} r17 = SCAN r16 OUTPUT In.1, In.3

         63680   ~0%    {2} r18 = r14 UNION r17
         63713   ~0%    {2} r19 = r13 UNION r18
         65678   ~0%    {2} r20 = r12 UNION r19
        131049   ~0%    {2} r21 = r9 UNION r20
                        return r21
```
 2022-09-06 13:02:36 +02:00
Rasmus Wriedt Larsen
7895a5859d Ruby: Autoformat 2022-09-06 11:01:06 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00