hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
40,952 Commits 1,746 Branches 166 Tags
7cef4322e70e10c0c62e9ce933ca9f6db44b6ec1
Commit Graph

40952 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Alex Ford
578a967160 Merge pull request #9641 from boveus/patch-1 
Make ActiveRecordInstanceMethodCall Public
 2022-06-29 14:39:36 +01:00
Paolo Tranquilli
d00fec34c3 Merge pull request #9336 from MathiasVP/swift-decls-in-cfg 
Swift: CFG for local declarations
 2022-06-29 15:10:45 +02:00
Brandon Stewart
5888325549 Merge branch 'main' into patch-1 2022-06-29 08:42:24 -04:00
Mathias Vorreiter Pedersen
e03646aba4 Merge pull request #9737 from geoffw0/arithmetic 
Swift: Add ArithmeticOperation.qll library
 2022-06-29 13:40:20 +01:00
yoff
8988a02806 Merge pull request #9733 from tausbn/python-fix-bad-mro-flatten-list-join 
Python: Fix bad join in MRO `flatten_list`
 2022-06-29 13:29:48 +02:00
yoff
f122af81ea Merge pull request #9741 from tausbn/python-fix-bad-join-in-regexpbackref-getgroup 
Python: Fix bad join in `RegExpBackRef::getGroup`
 2022-06-29 13:23:07 +02:00
Mathias Vorreiter Pedersen
f35ab7c292 Swift: Accept test changes to the cfg. These happen due to the fixes in 9e0cf62cda. 2022-06-29 12:20:07 +01:00
yoff
731f866242 Merge pull request #9717 from tausbn/python-fix-bad-mro-linearization-of-bases-join 
Python: Fix bad join in MRO
 2022-06-29 13:08:18 +02:00
Mathias Vorreiter Pedersen
15dc08351e Merge pull request #9747 from MathiasVP/fix-joins-in-swift-cwe-135 
Swift: Don't join on index in `swift/string-length-conflation`
 2022-06-29 11:58:36 +01:00
Geoffrey White
8b7535af81 Swift: Don't use abstract classes. 2022-06-29 11:49:22 +01:00
Geoffrey White
2cf65c7d35 Swift: Autoformat tests. 2022-06-29 11:49:21 +01:00
Geoffrey White
822002d37d Swift: Missing qldoc. 2022-06-29 11:49:20 +01:00
Mathias Vorreiter Pedersen
cc25e2644f Swift: Don't join on index in 'swift/string-length-conflation'. 2022-06-29 11:40:46 +01:00
Ian Lynagh
d285e19e77 Merge pull request #9731 from igfoo/igfoo/private 
Kotlin: Make more methods private
 2022-06-29 11:24:33 +01:00
Mathias Vorreiter Pedersen
4356155eeb Merge branch 'main' into swift-decls-in-cfg 2022-06-29 10:03:34 +01:00
AlexDenisov
1997d6b18c Merge pull request #9745 from github/alexdenisov/put-traps-into-a-temp-folder 
Swift: store TRAP files in a temporary folder until the extraction is complete
 2022-06-29 10:55:27 +02:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
AlexDenisov
e1ef637c54 Update swift/extractor/SwiftExtractorConfiguration.h 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-06-29 10:16:14 +02:00
AlexDenisov
968ede3d4a Merge pull request #9746 from github/alexdenisov/add-test-case-showing-modules-loading-issue 
Swift: add a test case showing module loading problem
 2022-06-29 10:07:56 +02:00
Paolo Tranquilli
296b8cb630 Merge pull request #9719 from github/redsun82/swift-enum-is-case 
Swift: add EnumIsCase test
 2022-06-29 09:55:20 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Jeroen Ketema
8b13d1fab8 Merge pull request #9726 from github/rdmarsh2/stack-address-join-order 
C++: fix join order in UsingExpiredStackAddress
 2022-06-29 09:35:47 +02:00
Tony Torralba
741b2a923a Merge pull request #9207 from joefarebrother/android-external-storage 
Java: Add sources for Android external storage
 2022-06-29 09:34:51 +02:00
Alex Denisov
57811a4efc Swift: add a test case showing module loading problem 
Extractor fails to load separate modules that were built by another
version of an actual compiler.
 2022-06-29 07:38:18 +02:00
Alex Denisov
488befb577 Swift: store TRAP files in a temporary folder until the extraction is complete 
Currently, we have a number of assertions in the codebase and certain
assumptions about the AST. These don't always hold, sometimes leading to
a crash in the extractor.
The crashes leave incomplete TRAP files that cannot be imported into the
database.

With this change, we still get those incomplete TRAP files, but we also
get a database in the end (even thoough it is also incomplete as we
cannot import everything).
 2022-06-29 07:17:06 +02:00
AlexDenisov
6c68872163 Merge pull request #9743 from MathiasVP/fix-path-problem 
Swift: Fix `kind` in `swift/string-length-conflation`
 2022-06-29 06:58:36 +02:00
Mathias Vorreiter Pedersen
c2e57c3c9b Swift: Fix 'kind' in 'swift/string-length-conflation'. 2022-06-28 22:33:28 +01:00
Brandon Stewart
13fae22756 Merge branch 'main' into patch-1 2022-06-28 17:27:07 -04:00
Taus
38b8640582 Python: Fix bad join in RegExpBackRef::getGroup 
Although this wasn't (as far as I know) causing any performance issues,
it was making the join-order badness report quite noisy, and so I
figured it was worth fixing.

Before:
```
Tuple counts for RegexTreeView::RegExpBackRef::getGroup#dispred#f0820431#ff/2@d3441d0b after 84ms:
1501195 ~3%     {2} r1 = JOIN RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff_10#join_rhs WITH RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1 'result'
149     ~0%     {5} r2 = JOIN r1 WITH RegexTreeView::RegExpBackRef#class#31aac2a7#ffff ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Rhs.3, Lhs.1 'result', Lhs.0 'this'
149     ~1%     {3} r3 = JOIN r2 WITH regex::RegexString::numbered_backreference#dispred#f0820431#ffff ON FIRST 3 OUTPUT Lhs.3 'result', Rhs.3, Lhs.4 'this'
4       ~0%     {2} r4 = JOIN r3 WITH RegexTreeView::RegExpGroup::getNumber#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.0 'result'

1501195 ~3%     {2} r5 = JOIN RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff_10#join_rhs WITH RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'result', Rhs.1 'result'
42526   ~0%     {5} r6 = JOIN r5 WITH RegexTreeView::RegExpGroup#31aac2a7#ffff ON FIRST 1 OUTPUT Lhs.1 'this', Lhs.0 'result', Rhs.1, Rhs.2, Rhs.3
22      ~0%     {8} r7 = JOIN r6 WITH RegexTreeView::RegExpBackRef#class#31aac2a7#ffff ON FIRST 1 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.1 'result', Lhs.0 'this', Rhs.1, Rhs.2, Rhs.3
0       ~0%     {6} r8 = JOIN r7 WITH regex::RegexString::getGroupName#dispred#f0820431#ffff ON FIRST 3 OUTPUT Lhs.5, Lhs.6, Lhs.7, Rhs.3, Lhs.3 'result', Lhs.4 'this'
0       ~0%     {2} r9 = JOIN r8 WITH regex::RegexString::named_backreference#dispred#f0820431#ffff ON FIRST 4 OUTPUT Lhs.5 'this', Lhs.4 'result'

4       ~0%     {2} r10 = r4 UNION r9
                return r10
```

In this case I opted for a classical solution: tying together the
literal and number (or name) part of the backreference in order to
encourage a two-column join.

After:
```
Tuple counts for RegexTreeView::RegExpBackRef::getGroup#dispred#f0820431#ff/2@b0cc4d5n after 0ms:
898  ~1%     {3} r1 = JOIN RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff WITH RegexTreeView::RegExpGroup::getNumber#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0 'result'
4    ~0%     {2} r2 = JOIN r1 WITH RegexTreeView::RegExpBackRef::hasLiteralAndNumber#f0820431#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2 'this', Lhs.2 'result'

1110 ~0%     {5} r3 = JOIN RegexTreeView::RegExpGroup#31aac2a7#ffff WITH RegexTreeView::RegExpTerm::getLiteral#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.0 'result', Rhs.1
146  ~0%     {3} r4 = JOIN r3 WITH regex::RegexString::getGroupName#dispred#f0820431#ffff ON FIRST 3 OUTPUT Lhs.4, Rhs.3, Lhs.3 'result'
0    ~0%     {2} r5 = JOIN r4 WITH RegexTreeView::RegExpBackRef::hasLiteralAndName#f0820431#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2 'this', Lhs.2 'result'

4    ~0%     {2} r6 = r2 UNION r5
            return r6
```
 2022-06-28 16:51:09 +00:00
Mathias Vorreiter Pedersen
f97cc9e37c Merge pull request #9739 from MathiasVP/swift-conflation-query-high-precision 
Swift: Set 'swift/string-length-conflation' to precision `high`
 2022-06-28 17:26:23 +01:00
Mathias Vorreiter Pedersen
1a7f5db8e2 Swift: Set 'swift/string-length-conflation' to precision high and delete the placeholder query. 2022-06-28 17:01:06 +01:00
Mathias Vorreiter Pedersen
f2ae73b6be Merge pull request #9738 from geoffw0/misc 
Swift: Add a Locatable.getFile() shortcut similar to the one in CPP.
 2022-06-28 16:44:02 +01:00
Erik Krogh Kristensen
b81251865f Merge pull request #9716 from erik-krogh/htmlTypeSan 
JS: sanitize non-strings from html-constructed-from-input
 2022-06-28 17:31:00 +02:00
Mathias Vorreiter Pedersen
677f6dafcd Merge pull request #9732 from github/redsun82/swift-dot-syntax-call-expr 
Swift: add DotSyntaxCallExpr tests
 2022-06-28 16:09:10 +01:00
Geoffrey White
ff06e3cb6b Swift: Add a Locatable.getFile() shortcut similar to the one in CPP. 2022-06-28 15:49:49 +01:00
Geoffrey White
8a8a7ead9b Swift: Add tests for ArithmeticOperation.qll. 2022-06-28 15:34:23 +01:00
Geoffrey White
a5fff9af5d Swift: Create ArithmeticOperation.qll. 2022-06-28 15:34:15 +01:00
Geoffrey White
9e0cf62cda Swift: Fix + simplify LogicalOperation.qll. 2022-06-28 15:33:03 +01:00
Taus
b98c482c47 Python: Fix bad join in MRO flatten_list 
This bad join was identified by the join-order-badness report, which
showed that:

py/use-of-input:MRO::flatten_list#f4eaf05f#fff#9c5fe54whnlqffdgu65vhb8uhpg# (order_500000)

calculated a whopping 212,820,108 tuples in order to produce an output of
size 55516, roughly 3833 times more effort than needed.

Here's a snippet of the slowest iteration of that predicate:
```
Tuple counts for MRO::flatten_list#f4eaf05f#fff/3@i1839#0265eb3w after 14ms:
0     ~0%     {3} r1 = JOIN MRO::need_flattening#f4eaf05f#f#prev_delta WITH MRO::ConsList#f4eaf05f#fff#reorder_2_0_1#prev ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'list', Rhs.2
0     ~0%     {3} r2 = JOIN r1 WITH MRO::ClassList::length#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'list', Rhs.1 'n'
0     ~0%     {3} r3 = JOIN r2 WITH MRO::ClassListList::flatten#dispred#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1 'list', Lhs.2 'n', Rhs.1 'result'

0     ~0%     {3} r4 = SCAN MRO::ConsList#f4eaf05f#fff#prev_delta OUTPUT In.2 'list', In.0, In.1
0     ~0%     {3} r5 = JOIN r4 WITH MRO::need_flattening#f4eaf05f#f#prev ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0 'list'
0     ~0%     {3} r6 = JOIN r5 WITH MRO::ClassList::length#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1, Lhs.2 'list', Rhs.1 'n'
0     ~0%     {3} r7 = JOIN r6 WITH MRO::ClassListList::flatten#dispred#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1 'list', Lhs.2 'n', Rhs.1 'result'

0     ~0%     {3} r8 = r3 UNION r7

26355 ~2%     {3} r9 = SCAN MRO::ConsList#f4eaf05f#fff#prev OUTPUT In.2 'list', In.0, In.1

0     ~0%     {3} r10 = JOIN r9 WITH MRO::need_flattening#f4eaf05f#f#prev ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0 'list'
0     ~0%     {3} r11 = JOIN r10 WITH MRO::ClassList::length#f0820431#ff#prev_delta ON FIRST 1 OUTPUT Lhs.1, Lhs.2 'list', Rhs.1 'n'
0     ~0%     {3} r12 = JOIN r11 WITH MRO::ClassListList::flatten#dispred#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1 'list', Lhs.2 'n', Rhs.1 'result'
...
```
(... and a bunch more lines. The same construction appears several times,
but the join order is the same each time.)

Clearly it would be better to start with whatever is in `need_flattening`,
and then do the other joins. This is what the present fix does (by
unbinding `list` in all but the `needs_flattening` call).

After the fix, the slowest iteration is as follows:

```
Tuple counts for MRO::flatten_list#f4eaf05f#fff/3@i2617#8155ab3w after 9ms:
0 ~0%     {2} r1 = SCAN MRO::need_flattening#f4eaf05f#f#prev_delta OUTPUT In.0 'list', In.0 'list'

0 ~0%     {3} r2 = JOIN r1 WITH MRO::ConsList#f4eaf05f#fff#reorder_2_0_1#prev ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'list', Rhs.2
0 ~0%     {3} r3 = JOIN r2 WITH MRO::ClassList::length#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'list', Rhs.1 'n'
0 ~0%     {3} r4 = JOIN r3 WITH MRO::ClassListList::flatten#dispred#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1 'list', Lhs.2 'n', Rhs.1 'result'

1 ~0%     {2} r5 = SCAN MRO::need_flattening#f4eaf05f#f#prev OUTPUT In.0 'list', In.0 'list'

0 ~0%     {3} r6 = JOIN r5 WITH MRO::ConsList#f4eaf05f#fff#reorder_2_0_1#prev_delta ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'list', Rhs.2
0 ~0%     {3} r7 = JOIN r6 WITH MRO::ClassList::length#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'list', Rhs.1 'n'
0 ~0%     {3} r8 = JOIN r7 WITH MRO::ClassListList::flatten#dispred#f0820431#ff#prev ON FIRST 1 OUTPUT Lhs.1 'list', Lhs.2 'n', Rhs.1 'result'
...
```
(... and so on. The remainder is 0 tuples all the way.)

In total, we went from
```
40.6s |  7614 |  15ms @ 1839 | MRO::flatten_list#f4eaf05f#fff@0265eb3w
```
to
```
7.8s |  7614 |  11ms @ 2617 | MRO::flatten_list#f4eaf05f#fff@8155ab3w
```
 2022-06-28 14:17:47 +00:00
Paolo Tranquilli
5c6ac2a5f2 Swift: accept test results 2022-06-28 16:15:05 +02:00
Geoffrey White
63376da90f Swift: Add tests for LogicalOperaion.qll. 2022-06-28 15:04:47 +01:00
Paolo Tranquilli
6ff45d3dbe Merge main into redsun82/swift-enum-is-case 2022-06-28 16:03:38 +02:00
Brandon Stewart
c7b4133fbe Merge branch 'main' into patch-1 2022-06-28 09:46:46 -04:00
Paolo Tranquilli
364085a596 Swift: add DotSyntaxCallExpr tests 2022-06-28 15:44:42 +02:00
AlexDenisov
c4c3a52804 Merge pull request #9730 from github/redsun82/swift-trap-newlines 
Swift: add missing newlines in trap
 2022-06-28 15:41:05 +02:00
Ian Lynagh
3026456a39 Kotlin: Make more methods private 2022-06-28 14:38:13 +01:00
Paolo Tranquilli
7175869518 Swift: add missing newlines in trap 
This is mostly cosmetic and for debugging, as the trap importer is
perfectly happy with trap entries on the same line without spaces
between them.
 2022-06-28 15:17:18 +02:00
Brandon Stewart
33d1aae92a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:51:01 -04:00
Brandon Stewart
1dc26a0ca3 Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:50:54 -04:00