hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,083 Commits 1,671 Branches 157 Tags
955cc5a1bed4fa9ff83a85dd193ecb651747af67
Commit Graph

8820 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
159d8e978c Dataflow: one more autoformat post rebase 2023-03-10 10:04:35 +01:00
Anders Schack-Mulligen
ef97e539ec C/C++: Autoformat 2023-03-10 09:39:41 +01:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
Mathias Vorreiter Pedersen
c7b41ca470 C++: Disable standard order for 'fwdFlow' in stage 1 of dataflow. 2023-03-09 10:41:06 +00:00
Mathias Vorreiter Pedersen
f19f7967c2 C++: Fix join order. 
Before (I stopped midway):

```
(72s) Tuple counts for _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1/3@fb0627h8 after 1m4s:
  ...

  20000     ~0%       {5} r28 = r26 UNION r27
  224367484 ~7%       {9} r29 = JOIN r28 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff_1023#join_rhs ON FIRST 1 OUTPUT Rhs.3, "protected", Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.0, Lhs.4, Rhs.1, Rhs.2

  111914129 ~0%       {7} r30 = JOIN r29 WITH specifiers ON FIRST 2 OUTPUT Lhs.6, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5, Lhs.7, Lhs.8

  123503367 ~0%       {8} r31 = JOIN r30 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Lhs.3 'arg2', Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0, Lhs.5, Lhs.6
  331748250 ~0%       {10} r32 = JOIN r31 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.3 'arg1', Lhs.0 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.1, Rhs.2, Rhs.3
  331748250 ~0%       {10} r33 = SELECT r32 ON In.8 = In.9
  331748250 ~2%       {9} r34 = SCAN r33 OUTPUT In.7, In.5, In.8, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.4, In.6
  38000     ~4%       {10} r35 = JOIN r34 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Rhs.3, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.5 'arg2', Lhs.6, Lhs.7, Lhs.1, Lhs.8, Lhs.0, Lhs.2
  37500     ~0%       {11} r36 = JOIN r35 WITH specifiers ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.8, Lhs.9, Lhs.0, Rhs.1
  28973     ~0%       {11} r37 = SELECT r36 ON In.10 >= "protected"
  28973     ~98%      {6} r38 = SCAN r37 OUTPUT In.8, "public", In.0 'arg0', In.1 'arg1', In.2 'arg2', In.6

  111913629 ~6%       {7} r39 = JOIN r29 WITH specifiers ON FIRST 2 OUTPUT Lhs.6, Lhs.4 'arg2', Lhs.2 'arg0', Lhs.3 'arg1', Lhs.5, Lhs.7, Lhs.8
  110582830 ~0%       {8} r40 = JOIN r39 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 2 OUTPUT Lhs.1 'arg2', Lhs.5, Lhs.6, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.1 'arg2', Lhs.4, Lhs.0

  123503367 ~0%       {8} r41 = JOIN r30 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3 'arg2', Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0, Lhs.5, Lhs.6
  0         ~0%       {8} r42 = JOIN r41 WITH #Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.6, Lhs.7, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.1 'arg2', Lhs.4, Lhs.5

  110582830 ~0%       {8} r43 = r40 UNION r42
  15000     ~6%       {8} r44 = JOIN r43 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Lhs.5 'arg2', Lhs.1, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.6, Lhs.7, Lhs.2, Lhs.0
  ...
```

After:

```
Tuple counts for _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1/3@997a3ai9 after 744ms:
  ...

  78600   ~8%       {6} r29 = r26 UNION r28
  437816  ~0%       {9} r30 = JOIN r29 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.0 'arg2', Lhs.3, Lhs.4, Lhs.5, Rhs.1, Rhs.2, Rhs.3
  430928  ~0%       {9} r31 = SELECT r30 ON In.7 = In.8
  430928  ~0%       {7} r32 = SCAN r31 OUTPUT In.5, In.6, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.7
  1096333 ~0%       {7} r33 = JOIN r32 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.1, Lhs.5, Rhs.2, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.6
  777970  ~0%       {8} r34 = JOIN r33 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 3 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.3, Lhs.3 'arg0', Lhs.4 'arg1', Lhs.5 'arg2', Lhs.6

  334217  ~0%       {6} r35 = JOIN r14 WITH Declaration#4bfb53be::DirectAccessHolder::isFriendOfOrEqualTo#1#dispred#ff ON FIRST 1 OUTPUT Lhs.3 'arg2', Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.4, Lhs.0
  235623  ~0%       {8} r36 = JOIN r35 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.3 'arg1', Lhs.0 'arg2', Lhs.4, Lhs.5, Lhs.1, Rhs.2, Rhs.3
  235623  ~0%       {8} r37 = SELECT r36 ON In.6 = In.7
  235623  ~0%       {7} r38 = SCAN r37 OUTPUT In.5, In.6, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3, In.4
  437303  ~0%       {9} r39 = JOIN r38 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff_0213#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5, Lhs.6, Lhs.0, Lhs.1, Rhs.2
  437303  ~4%       {10} r40 = JOIN r39 WITH specifiers ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4, Lhs.5, Lhs.6, Lhs.7, Lhs.8, Lhs.0, Rhs.1
  352102  ~1%       {10} r41 = SELECT r40 ON In.9 >= "protected"
  352102  ~0%       {6} r42 = SCAN r41 OUTPUT In.7, In.3, In.0 'arg0', In.1 'arg1', In.2 'arg2', In.6
  775332  ~0%       {8} r43 = JOIN r42 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 2 OUTPUT Lhs.0, Lhs.1, Rhs.2, Rhs.3, Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2', Lhs.5

  1553302 ~51%      {8} r44 = r34 UNION r43
  1553302 ~152%     {7} r45 = JOIN r44 WITH Class#bacd9b46::Class::accessOfBaseMember#2#dispred#ffff ON FIRST 4 OUTPUT Lhs.7, "public", Lhs.4 'arg0', Lhs.5 'arg1', Lhs.6 'arg2', Lhs.2, Lhs.3
  ...
```
 2023-03-09 09:23:56 +00:00
Mathias Vorreiter Pedersen
540ce1f0db Contrary to what the QLDoc says, this predicate was way too large to be 
evaluated on the 'quick-lint/quick-lint-js' project.

Before:
```
Most expensive predicates for completed query RuleOfTwo.ql:
        time  | evals |   max @ iter | predicate
        ------|-------|--------------|----------
        25m9s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff@8a38e2tm
        17m1s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb@0796c497
         3.5s |   130 | 116ms @ 3    | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@926a68j9
         3.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_1230#join_rhs@25e9ffj8
         1.7s |     3 |  1.7s @ 1    | Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49
         1.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#fffb_0132#join_rhs@9c2065t1
         1.3s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCouldAccessMember#3#dispred#ffff_0132#join_rhs@672330eh
         1.1s |       |              | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_102#join_rhs@f7d5464o
        829ms |   336 |  85ms @ 6    | Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1
        615ms |       |              | Expr#ef463c5d::Expr::getType#ff@e265e79q
```

After:
```
Most expensive predicates for completed query RuleOfTwo.ql:
        time  | evals |  max @ iter | predicate
        ------|-------|-------------|----------
        11.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#1@fb0627h8
        4.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#4@c43dbeia
        3.8s |       |             | _#Class#bacd9b46::Class::getADerivedClass#0#dispredPlus#ff_#Declaration#4bfb53be::AccessHolder::getE__#antijoin_rhs#3@313e5963
        3.4s |   130 | 93ms @ 3    | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff@a0289bfg
        1.5s |     3 | 1.5s @ 1    | Element#496c7fc2::ElementBase::toString#0#dispred#ff@fcd81c49
        806ms |       |             | Declaration#4bfb53be::DirectAccessHolder::thisCanAccessClassTrans#fff_021#join_rhs@cc1b76s7
        721ms |   336 | 61ms @ 5    | Enclosing#c50c5fbf::exprEnclosingElement#1#ff@e34d9wq1
        489ms |       |             | Expr#ef463c5d::Expr::getType#ff@e265e79q
        337ms |   130 | 62ms @ 5    | Class#bacd9b46::Class::accessOfBaseMemberMulti#ffff@0165b0dr
        329ms |       |             | Variable#7a968d4e::ParameterDeclarationEntry::getAnonymousParameterDescription#0#dispred#ff@0f12bdvq
        211ms |       |             | exprs_10#join_rhs@5481143i
```
 2023-03-08 17:44:19 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Paolo Tranquilli
bdad847584 Merge pull request #12422 from github/redsun82/cpp-scanf-fp 
C++: add false positives to `MissingCheckScanf` test
 2023-03-07 13:29:22 +01:00
Michael B. Gale
b75f138507 Merge pull request #12385 from github/mbg/csharp/readd-tsp-support 
C#: Add support for the tool status page
 2023-03-07 12:10:52 +00:00
Paolo Tranquilli
429518bcea C++: add further FP to test 2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd C++: add false positives to MissingCheckScanf test 
See https://github.com/github/codeql/issues/12412 for the initial
report.
 2023-03-07 11:56:05 +01:00
Jeroen Ketema
3a4c0a2aae Merge pull request #12389 from jketema/more-deprecated 
C++: Add `deprecated` to predicates that are deprecated according to the QLDoc
 2023-03-07 11:21:43 +01:00
Jeroen Ketema
c9bccd9b43 C++: Fix more tests that used deprecated function 2023-03-07 09:01:13 +01:00
Mathias Vorreiter Pedersen
92ad099c1b DataFlow: Remove bindingsets, remove the call column, and swap parameter and argument columns. 2023-03-06 13:47:59 +00:00
Mathias Vorreiter Pedersen
3bf28cc752 DataFlow: Sync identical files. 2023-03-06 13:46:21 +00:00
Mathias Vorreiter Pedersen
05314b48e8 C++: Add stub. 2023-03-06 13:44:23 +00:00
Mathias Vorreiter Pedersen
6e8a2a6375 DataFlow: Add a language-specific predicate for modifying 'branch' and 'join'. 2023-03-06 13:44:19 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
Jeroen Ketema
72d03e4060 C++: Fix test that used deprecated function 2023-03-06 09:07:52 +01:00
Dave Bartolomeo
e169702165 Merge branch 'main' into post-release-prep/codeql-cli-2.12.4 2023-03-04 09:20:44 -05:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Jeroen Ketema
aa00424b75 C++: Fix experimental query that uses the deprecated freeCall predicate 2023-03-03 17:53:49 +01:00
Jeroen Ketema
391d9bed5b C++: Add deprecated to predicates that are deprecated according to the QLDoc 2023-03-03 17:15:47 +01:00
Jeroen Ketema
6495f1911f C++: Properly deprecate hasQualifiedName by using the deprecated keyword 2023-03-03 15:57:59 +01:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Michael B. Gale
9dc9925f59 Abstract over DiagnosticsStream for tests 2023-03-03 13:05:43 +00:00
Michael Nebel
df6f5d52b9 C#: Use dependency injection in the auto builder for Diagnostic classifier. 2023-03-03 13:05:28 +00:00
Michael B. Gale
4f0a93295a Move Language class to Semmle.Util 2023-03-03 13:05:27 +00:00
Michael B. Gale
04aaccb186 Fix C++ test missing env var 2023-03-03 13:05:26 +00:00
Michael B. Gale
9d19752c2e Make improvements based on PR feedback 2023-03-03 13:05:24 +00:00
Michael B. Gale
62cd8ca26f Update C/C++ autobuilder 2023-03-03 13:05:24 +00:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
Asger F
8f0b77d54f Revert "C#: Tool status page support" 2023-03-03 11:44:42 +01:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Michael B. Gale
fd9b279ef9 Merge pull request #12217 from github/mbg/csharp/tsp-support 2023-03-02 11:47:30 +00:00
Michael Nebel
2525ac3dd2 C#: Use dependency injection in the auto builder for Diagnostic classifier. 2023-03-02 09:18:56 +01:00
Michael B. Gale
e3762c7f93 Move Language class to Semmle.Util 2023-02-28 14:16:33 +00:00
Anders Schack-Mulligen
7e3e10c34b C/C++: Remove reference to Partial Flow. 2023-02-27 14:30:05 +01:00
Anders Schack-Mulligen
bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
Michael B. Gale
b203533fc6 Fix C++ test missing env var 2023-02-24 14:16:20 +00:00
Michael B. Gale
0f320996cf Make improvements based on PR feedback 2023-02-22 12:32:07 +00:00
ihsinme
213abc6642 Update DivideByZeroUsingReturnValue.expected 2023-02-19 21:42:48 +03:00
ihsinme
54acbf7676 Update test.cpp 2023-02-19 21:42:14 +03:00
ihsinme
49af5ec536 Update DivideByZeroUsingReturnValue.ql 2023-02-19 21:41:28 +03:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00