hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,038 Commits 1,673 Branches 157 Tags
a4f97dd67a2f107725bfd8e2dcdc76f55304f0bb
Commit Graph

1236 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Alex Ford
5d4473bb2a Merge pull request #8845 from alexrford/ruby/rbi-lib 
Ruby: Add partial support for working with RBI (Ruby Interface) files
 2022-05-27 11:43:44 +01:00
Alex Ford
919555d168 Merge pull request #9341 from alexrford/ruby/activerecordinstance-public 
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
 2022-05-27 11:21:58 +01:00
Arthur Baars
e3ef258b0e Merge pull request #9287 from aibaars/instance-variable-flow-2 
Ruby: flow through getters/setters
 2022-05-27 10:49:20 +02:00
Alex Ford
30f24697b4 Ruby: add missing qldoc 2022-05-26 18:50:57 +01:00
Alex Ford
4e0e4f9b5b Ruby: make ActiveRecordInstance public 2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f Ruby: fix some misidentification of ActiveRecordModelInstantiations 2022-05-26 17:54:01 +01:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Tom Hvitved
47051ec8c9 Merge pull request #9320 from hvitved/ruby/hash-splat-flow 
Ruby: Flow through hash-splat parameters
 2022-05-25 19:31:09 +02:00
Nick Rolfe
385e442f7f Ruby: fix spelling errors 2022-05-25 16:38:48 +01:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
af428a1ac2 Address comments 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00
Tom Hvitved
ce4959287a Ruby: Flow through hash-splat expressions 2022-05-25 15:40:08 +02:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
Tom Hvitved
3d072abcff Data flow: Fix bad join in prohibitsUseUseFlow 
Before
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@fdf8bdrq:
              6099   ~0%    {2} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.2, In.0
         787252695   ~2%    {3} r2 = JOIN r1 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, true, Lhs.1
        5360462712   ~0%    {4} r3 = JOIN r2 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_021#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, true, Lhs.0
              7132   ~2%    {2} r4 = JOIN r3 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb ON FIRST 3 OUTPUT Lhs.0, Lhs.3

              5869  ~25%    {1} r5 = JOIN r4 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              1263   ~9%    {1} r6 = JOIN r4 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              7132  ~52%    {1} r7 = r5 UNION r6
             29593  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                            return r8
```

After
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@aa7a37lj:
         6099   ~4%    {3} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.0, true, In.2
         8434   ~5%    {2} r2 = JOIN r1 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2

         5869   ~5%    {3} r3 = JOIN r2 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         1278   ~6%    {3} r4 = JOIN r2 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         7147   ~6%    {3} r5 = r3 UNION r4
         7147  ~57%    {2} r6 = JOIN r5 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
         5892  ~26%    {1} r7 = JOIN r6 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff ON FIRST 2 OUTPUT Lhs.0
        29589  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                       return r8
```
 2022-05-25 14:21:22 +02:00
Tom Hvitved
a7b39ebeca Ruby: Flow through hash-splat parameters 2022-05-25 12:37:22 +02:00
Nick Rolfe
134cf4e0e1 Ruby: tweak join order in API::Impl::edge 2022-05-25 10:54:43 +01:00
Anders Schack-Mulligen
673355df65 Fix markdown lists 2022-05-25 10:02:48 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Nick Rolfe
dd52a70454 Merge pull request #9292 from github/nickrolfe/cfg_scope 
Ruby: rename CfgScope::Range_ to CfgScopeImpl
 2022-05-24 15:53:16 +01:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix 
C#: Summarized callable
 2022-05-24 16:36:44 +02:00
Nick Rolfe
4b4a15c1b6 Ruby: rename CfgScope::Range_ to CfgScopeImpl 2022-05-24 14:34:44 +01:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Tom Hvitved
1ae8087379 Update ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-05-24 14:27:59 +02:00
Tom Hvitved
daf81ae90d Address review comments 2022-05-24 14:27:59 +02:00
Tom Hvitved
ab46c075f7 Ruby: Add change note 2022-05-24 14:27:58 +02:00
Tom Hvitved
63c70b9e7a Address review comments 2022-05-24 14:27:58 +02:00
Tom Hvitved
faf24a4f18 Ruby: Data-flow through hashes 2022-05-24 14:27:55 +02:00
Michael Nebel
94664f11f5 C#/Java/Ruby: Sync files. 2022-05-24 08:21:39 +02:00
Arthur Baars
cf2eb0d3a1 Merge branch 'main' into instance-variable-flow 2022-05-23 18:48:51 +02:00
Harry Maclean
905a37c273 Merge pull request #9137 from hmac/hmac/cfg-ql-class 
Ruby: Add getAPrimaryQlClass to CfgNodes classes
 2022-05-23 15:37:51 +01:00
Harry Maclean
ae3a30256b Ruby: Add getAPrimaryQlClass to CfgNode 2022-05-23 14:02:23 +01:00
Tom Hvitved
64be958c52 Merge pull request #9262 from hvitved/ruby/local-source-node-antijoin 
Ruby: Eliminate bad `isLocalSourceNode` antijoin
 2022-05-23 14:36:03 +02:00
Arthur Baars
965f83e198 Reformat ControlFlowGraphImpl.qll 2022-05-23 12:22:47 +02:00
Arthur Baars
eabf2ed2d3 Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-05-23 12:18:48 +02:00
Tom Hvitved
d6b0772f7c Ruby: Improve performance of instanceVariableSelfSynthesis 2022-05-23 12:08:41 +02:00
Arthur Baars
d86983b7c8 Ruby: use InstanceVariableRead/WriteAccess CFG nodes 2022-05-23 12:03:11 +02:00
Arthur Baars
5fa4f07f7d Improve QLDoc 2022-05-23 11:59:28 +02:00
Arthur Baars
7ed60b19a2 Ruby: improve test case 2022-05-23 11:59:12 +02:00
Arthur Baars
29ea1b2f24 Ruby: rename getSelfVariableAccess to getReceiver 2022-05-23 11:30:29 +02:00
Arthur Baars
f6ca3921f9 Add change note 2022-05-23 10:59:54 +02:00
Tom Hvitved
bbdedf5f14 Ruby: Eliminate bad isLocalSourceNode antijoin 
Gets rid of
```
Tuple counts for DataFlowPrivate::Cached::isLocalSourceNode#462ff392#f#antijoin_rhs@dd2f927s:
        20905019     ~3%    {2} r1 = JOIN DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body WITH boundedFastTC(DataFlowPrivate::Cached::localFlowStepTypeTracker#462ff392#ff_10#higher_order_body,DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body) ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        10420128  ~1496%    {1} r2 = JOIN r1 WITH DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body ON FIRST 1 OUTPUT Lhs.1

          480918     ~8%    {1} r3 = JOIN r1 WITH DataFlowPrivate::Cached::entrySsaDefinition#462ff392#f ON FIRST 1 OUTPUT Lhs.1

        10901046  ~1218%    {1} r4 = r2 UNION r3
                            return r4
```
 2022-05-23 10:54:17 +02:00
Michael Nebel
bf958ff5bb Merge pull request #9255 from michaelnebel/csharp/test-clearscontent 
C#: Remove default clears content.
 2022-05-23 10:30:30 +02:00
Anders Schack-Mulligen
f2218944f6 Merge pull request #9214 from hvitved/dataflow/lambda-fp-flow 
Data flow: Do not discard call context when computing reverse lambda flow through jumps
 2022-05-23 10:02:51 +02:00