hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,397 Commits 1,740 Branches 165 Tags
bad9262f126dc4b3ddbbed2b7a61ba05ff52534d
Commit Graph

71397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
ae4a4bb881 Python: Flip test expectation 
This test should now validate that we no longer have dataset check
errors even when there are unencodable characters.
 2024-10-21 15:32:23 +00:00
Taus
cc39ae57dc Python: Fix dataset check error for string encoding 
Here's an example of one of these errors:
```
INVALID_KEY predicate py_cobjectnames(@py_cobject obj, string name)

The key set {obj} does not functionally determine all fields. Here is a
pair of tuples that agree on the key set but differ at index 1: Tuple 1
in row 63874: (72088,"u'<X>'") Tuple 2 in row 63875: (72088,"u'<?>'")
```
(Here, the substring `X` should really be the Unicode character U+FFFD,
but for some reason I'm not allowed to put that in this commit message.)

Inside the extractor, we assign IDs based on the string type (bytestring
or Unicode) and a hash of the UTF-8 encoded content of the string. In
this case, however, certain _different_ strings were receiving the same
hash, due to replacement characters in the encoding process.

In particular, we were converting unencodable characters to question
marks in one place, and to U+FFFD in another place. This caused a
discrepancy that lead to the dataset check error.

To fix this, we put in a custom error handler that always puts the
U+FFFD character in place of unencodable characters. With this, the
strings now agree, and hence there is no clash.
 2024-10-21 15:31:16 +00:00
Jeroen Ketema
e36a1c717d Merge branch 'main' into aliasperf2 2024-10-21 16:40:01 +02:00
Arthur Baars
490f81437b Merge pull request #17804 from github/aibaars/local-defs-1 
Rust: add ide-contextual-queries/localDefinitions.ql
 2024-10-21 15:30:44 +02:00
Tom Hvitved
f72af4f1f3 Rust: Use Callable to define CfgScope 2024-10-21 15:22:04 +02:00
Tom Hvitved
c4c936d6fa Rust: Speedup SummaryStats.ql 2024-10-21 15:21:13 +02:00
Michael Nebel
dec2c61e5d Java: Update LdapInjection expected test output. 2024-10-21 15:19:46 +02:00
Michael Nebel
d59df1f938 Java: Re-generate JDK 17 models. 2024-10-21 15:19:45 +02:00
Michael Nebel
23d285c698 Java: Update model generator expected output. 2024-10-21 15:19:44 +02:00
Michael Nebel
786d04e939 Java: Add the clone method to the model generation exclusions. 2024-10-21 15:19:43 +02:00
Michael Nebel
7919dcfb12 Java: Add modelgenerator clone example. 2024-10-21 15:19:42 +02:00
Michael Nebel
e2ada2536b Java: Update java.net expected output. 2024-10-21 15:19:41 +02:00
Michael Nebel
97f0037a7b Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname. 2024-10-21 15:19:40 +02:00
Michael Nebel
0a931aa69f Java: Add change note. 2024-10-21 15:19:38 +02:00
Michael Nebel
9a44eec04c Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode). 2024-10-21 15:19:37 +02:00
Michael Nebel
b356c3cd48 Java: Manually model ZipFile (due to CWE-522 compression bombs test failure). 2024-10-21 15:19:36 +02:00
Michael Nebel
f537e04532 Java: Update LdapInjection expected test output. 2024-10-21 15:19:35 +02:00
Michael Nebel
f7b38a8955 Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models. 2024-10-21 15:19:34 +02:00
Michael Nebel
e94cacd449 Java: Update test expected output where the query results are not affected. 2024-10-21 15:19:33 +02:00
Michael Nebel
24d1e9927b Java: Update expected test output for the model editor tests. 2024-10-21 15:19:32 +02:00
Michael Nebel
ea14547643 Java: Update TopJdkApisTest expected output. 2024-10-21 15:19:31 +02:00
Michael Nebel
cbd9cc6dae Java: Update request forgery expected output. 2024-10-21 15:19:30 +02:00
Michael Nebel
3b6f39931b Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17. 2024-10-21 15:19:28 +02:00
Michael Nebel
f50734f0ee Java: Delete all generated Java JDK models. 2024-10-21 15:19:27 +02:00
Tom Hvitved
e9adbf231f Merge pull request #17816 from hvitved/rust/expr-trees-module 
Rust: Move all expression CFG trees inside an `ExprTrees` module
 2024-10-21 15:12:51 +02:00
Tom Hvitved
d2623cf4c3 Merge pull request #17814 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2024-10-21 15:01:31 +02:00
Tom Hvitved
a6a68ef8be Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-10-21 14:43:22 +02:00
Taus
d01593e571 Python: Add test for string encoding dataset check 
Note that this test checks that the current setup creates dataset check
violations. A later commit will fix this (and flip the negation in the
test).
 2024-10-21 12:08:46 +00:00
Tom Hvitved
1f5e02f539 Rust: Move all expression CFG trees inside an ExprTrees module 2024-10-21 13:41:11 +02:00
Michael Nebel
1217c55c36 C#: Add change note. 2024-10-21 12:08:03 +02:00
Michael Nebel
191658f637 C#: Update expected test output. 2024-10-21 12:04:31 +02:00
Michael Nebel
b2b1a3ea65 C#: Consider string.ReplaceLineEndings(string) as a sanitizer for log forging. 2024-10-21 12:03:59 +02:00
Michael Nebel
0b8e83dc87 C#: Add log forging false positive example using ReplaceLineEndings. 2024-10-21 11:55:09 +02:00
Cornelius Riemenschneider
ce53964edf Merge pull request #17812 from github/redsun82/rust-move-integration-tests 
Rust: move integration tests to where other languages have them
 2024-10-21 11:41:16 +02:00
Tom Hvitved
7e82595cae Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate MatchExprImpl::Impl::MatchExpr.getLastArm/0#dispred#24e5f4cf@9cf607tl with tuple counts:
            660677  ~0%    {4} r1 = SCAN `MatchExprImpl::Impl::MatchExpr.getArm/1#dispred#817de8a3` OUTPUT _, In.0, In.2, In.1
            660677  ~0%    {3}    | REWRITE WITH Tmp.0 := 1, Out.0 := (Tmp.0 + In.3) KEEPING 3
        5342095756  ~0%    {3}    | JOIN WITH `MatchArmList::Generated::MatchArmList.getNumberOfArms/0#dispred#9ad72f08_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
             96597  ~3%    {2}    | JOIN WITH `MatchExpr::Generated::MatchExpr.getMatchArmList/0#dispred#11f1a73e` ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                           return r1
```

After
```
Evaluated relational algebra for predicate MatchExprImpl::Impl::MatchExpr.getLastArm/0#dispred#24e5f4cf@9d7a92pu with tuple counts:
        660677   ~0%    {5} r1 = JOIN `MatchExprImpl::Impl::MatchExpr.getArm/1#344daffc` WITH `MatchExprImpl::Impl::MatchExpr.getNumberOfArms/0#ab0d8732` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, _, Rhs.1
                        {4}    | REWRITE WITH Tmp.3 := 1, Out.3 := (In.4 - Tmp.3), TEST Out.3 = InOut.1 KEEPING 4
         96597   ~3%    {2}    | SCAN OUTPUT In.0, In.2
                        return r1
```
 2024-10-21 11:40:13 +02:00
Simon Friis Vindum
5e4ce8f66d Merge pull request #17800 from paldepind/rust-cfg-fixes 
Rust: Various fixes to the CFG construction
 2024-10-21 10:39:27 +02:00
Chris Smowton
5ba37bd7a3 Rename change note 2024-10-21 09:36:07 +01:00
Simon Friis Vindum
a1ebf98552 Merge branch 'main' into rust-cfg-fixes 2024-10-21 10:12:07 +02:00
Simon Friis Vindum
3ae04752c4 Rust: Accept less CFG inconsistencies 2024-10-21 10:07:11 +02:00
Simon Friis Vindum
9c172f62a4 Rust: Fix dead end in CFG for match expressions with no arms 2024-10-21 09:59:23 +02:00
Paolo Tranquilli
7b870d30a4 Rust: move integration tests to where other languages have them 2024-10-21 09:29:37 +02:00
Simon Friis Vindum
381f061e7f Rust: Add CFG test for match with no arms 2024-10-21 09:29:28 +02:00
Simon Friis Vindum
e149071634 Merge pull request #17803 from paldepind/unreachable2 
Rust: More test cases for rust/dead-code
 2024-10-21 08:30:36 +02:00
Calum Grant
c5a082fd8e C++: Fix CWE-022 2024-10-18 19:45:29 +01:00
Chris Smowton
241f951db1 Add change-note for Java buildless packaging its required Maven plugin 2024-10-18 17:43:18 +01:00
Chris Smowton
74ef91649b Merge pull request #17780 from smowton/smowton/admin/add-buildless-maven-packaging-test 
Java buildless: add tests checking usage of a local copy of the Maven dependency graph plugin
 2024-10-18 17:38:59 +01:00
Arthur Baars
08af7d0007 Merge pull request #17810 from github/post-release-prep/codeql-cli-2.19.2 
Post-release preparation for codeql-cli-2.19.2
 2024-10-18 18:28:07 +02:00
github-actions[bot]
272f6c2541 Post-release preparation for codeql-cli-2.19.2 2024-10-18 15:56:02 +00:00
Arthur Baars
3990d0e11a Merge pull request #17808 from github/release-prep/2.19.2 
Release preparation for version 2.19.2
codeql-cli/v2.19.2 		2024-10-18 17:36:23 +02:00
Arthur Baars
aaf220d41e Fix typos in changelogs 2024-10-18 15:28:05 +00:00