hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,793 Commits 1,684 Branches 159 Tags
a5293fa8356e0f2b95a61ae3eef153e2aa20decb
Commit Graph

1793 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
a5293fa835 Use index to determine selector base 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
015c0537c2 Add index to FieldReadInstruction 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
0d071b2119 Use depth for implicit field selection 2021-03-30 10:13:26 +01:00
Chris Smowton
204e313c3b Improve documentation 2021-03-30 10:13:26 +01:00
Chris Smowton
6645613eb8 Deduplicate and document helper types 2021-03-30 10:13:25 +01:00
Chris Smowton
9a427931b7 Explicitly walk pointer types 
In a previous draft these could use getBaseType*
 2021-03-30 10:13:25 +01:00
Chris Smowton
660ba4e31c Optimise selectorBase, similar to existing work on implicitFieldRead 2021-03-30 10:13:25 +01:00
Chris Smowton
8cde56dfc2 Neaten and fix documentation of selectorBase 2021-03-30 10:13:24 +01:00
Chris Smowton
9444774895 Add further hints that the range of possible addressed fields, and therefore the interesting selector expressions, are small 2021-03-30 10:13:24 +01:00
Chris Smowton
22a3fccf79 Use type to hint that constraining to embedded fields is a good first step 
This improves the join order for `implicitFieldSelection`
 2021-03-30 10:13:23 +01:00
Sauyon Lee
e1b4867a19 Refactor embedded field calculation to expose access chain 
This allows us to reuse the embedded field calculation in the
logic for generating implicit field selection nodes.
 2021-03-30 10:13:23 +01:00
Owen Mansel-Chan
c192a255c5 Add change note 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
f1b6139ace Update expected results for ZipSlip to include implicit field reads 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
13cd19ee40 Make ImplicitFieldReadInstruction include implicit deref when needed 
When an ImplicitFieldReadInstruction reads an embedded field which has
a pointer type, it now includes the implicit dereference.

It might be better to extend MkImplicitDeref to cover this case, so we have
an explicit instruction for this. Then it would be easier to see when
dereferences are happening, and hence when they might cause a nil pointer
dereference.
 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
2d3caf48c1 Add implicit field reads for promoted fields 
This may not work when the embedded fields are pointer types, as
we don't have anything corresponding to MkImplicitDeref
 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
7ded91e81d Make depth of promoted fields accessible 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
b6dddd36e1 Update FieldTarget.getBaseType() 
It wasn't defined when `getBase()` was an EvalImplicitDerefInstruction.
Rewriting it like this means it should work no matter what type of
instruction `getBase()` is.
 2021-03-30 10:13:20 +01:00
Owen Mansel-Chan
b32b3157d4 (Minor) Add missing this. to method call 2021-03-30 10:13:19 +01:00
Sauyon Lee
3045eec63d Merge pull request #518 from smowton/smowton/fix/restore-extraction-under-codeql 
Tolerate empty-string CODEQL_PLATFORM, and add smoke tests
 2021-03-29 13:55:27 -07:00
Chris Smowton
87d8bc8d6f Add basic extractor smoke test 
This exercises the extractor via 'codeql', with and without tracing.
 2021-03-29 14:53:44 +01:00
Chris Smowton
23b8af3a56 Tolerate empty-string CODEQL_PLATFORM 
This is normal when invoked with tracing disabled, so we also don't log when this happens.
 2021-03-29 11:34:50 +01:00
Chris Smowton
a8422ffe26 Merge pull request #517 from smowton/smowton/fix/restore-extraction-under-odasa 
Unify two implementations of GetExtractorPath
 2021-03-25 19:35:24 +00:00
Chris Smowton
aef0a07a50 Prefer CODEQL_* environment variables when set 2021-03-25 16:20:16 +00:00
Chris Smowton
244f66c358 Make diagnostics test platform-neutral 2021-03-25 14:44:18 +00:00
Chris Smowton
c2c88b0835 Unify two implementations of GetExtractorPath 
This retains both their features:
* The new util.go one cached its result.
* The old go-autobuilder.go one worked under ODASA, where CODEQL_GO_EXTRACTOR_ROOT is unset but os.Executable is a useful substitute.
 2021-03-25 11:24:39 +00:00
Aditya Sharad
a9235d4c76 Merge pull request #516 from github/adityasharad/actions/remove-docs-review-workflow 
Actions: Remove docs-review workflow
 2021-03-24 12:31:29 -07:00
Aditya Sharad
1937664c66 Actions: Remove docs-review workflow 
Being replaced by internal automation that polls the repo for open labelled PRs, since this workflow currently cannot tag the docs team in a comment.
 2021-03-24 11:25:08 -07:00
Tom Hvitved
ef50020cce Merge pull request #514 from github/merge-rc/3.1 
Merge branch 'rc/3.1' into 'main'
 2021-03-23 10:28:50 +01:00
Tom Hvitved
e119e15f84 Merge branch 'rc/3.1' into 'main' 2021-03-23 09:10:20 +01:00
Sauyon Lee
5de362edd8 Merge pull request #510 from simon-engledew/patch-1 
Add an example query for catching cases where defer is used in a loop.
 2021-03-22 11:08:34 -07:00
Chris Smowton
af9c7c0dd9 Merge pull request #512 from smowton/smowton/admin/pick-performance-fix-onto-rc-31 
Apply package perf fix to rc/3.1
 2021-03-21 11:59:32 +00:00
Sauyon Lee
bcee55c402 Remove now-unnecessary bindingset annotations 2021-03-20 18:54:26 +00:00
Sauyon Lee
426a65b981 Restrict 'package' to real package paths 2021-03-20 18:54:26 +00:00
Simon Engledew
43b4cd69f8 Add review feedback 2021-03-19 14:21:45 +00:00
Simon Engledew
c6ae48f090 Create deferinloop.ql 
Add example query for highlighting defers inside loops.
 2021-03-19 13:16:21 +00:00
Sauyon Lee
d73d0f3b79 Merge pull request #499 from sauyon/extractor-profiling 
Extract diagnostic information
 2021-03-19 05:36:30 -07:00
Sauyon Lee
92c5999c4d Update stats 2021-03-19 04:34:16 -07:00
Sauyon Lee
394feb03f1 Add tests for extractor diagnostics 2021-03-19 04:34:16 -07:00
Sauyon Lee
104b9cffbd Extract extractor diagnostic information 2021-03-19 04:34:15 -07:00
Sauyon Lee
1ca2164058 Add GetExtractorPath util function 2021-03-19 04:34:14 -07:00
Sauyon Lee
95f93b8641 Add FileFor utility function for trap files 2021-03-19 04:34:14 -07:00
Sauyon Lee
d8885c580a Add extractor diagnostic tables to the database 2021-03-19 04:34:13 -07:00
Sauyon Lee
25cc1b451d Add support for float dbscheme columns 2021-03-19 04:30:01 -07:00
Sauyon Lee
104f58151c Merge pull request #473 from sauyon/revel 
Add models for Revel and HTML templates
 2021-03-18 18:21:53 -07:00
Sauyon Lee
f2b390af5f Force git not to modify line endings for HTML test files as well 2021-03-18 10:54:34 -07:00
Sauyon Lee
870fcb4531 Explicity pass working directory to index-files 2021-03-18 10:54:33 -07:00
Sauyon Lee
012825323d Add change note 2021-03-18 10:54:33 -07:00
Sauyon Lee
68dca955a8 Rework tests and fix output 2021-03-18 10:54:32 -07:00
Sauyon Lee
c2321bd365 Add support for XSS sink kinds 2021-03-18 10:51:16 -07:00
Sauyon Lee
9f5a9cf7b8 Add HTTP template response body concept 2021-03-18 10:51:15 -07:00