hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,068 Commits 1,693 Branches 160 Tags
c19085e56e6830c190efd307c271f44851ed06df
Commit Graph

4521 Commits

Author SHA1 Message Date
Tom Hvitved
92359e539b Fix another bad join 
Before
```
[2023-03-01 08:19:51] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 in 6751ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 with tuple counts:
         3872025  ~3%    {2} r1 = JOIN _CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_DataFlowPrivate#462ff392::Cached::TExprNode#ff#shared WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         3637917  ~0%    {2} r2 = JOIN r1 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          679799  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Method#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
         3069328  ~0%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        22039083  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10051483  ~0%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~5%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10057538  ~5%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::SelfVariableAccessCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~0%    {3} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10033937  ~1%    {3} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           83281  ~2%    {2} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                         return r11
```

After
```
[2023-03-01 08:31:20] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q in 161ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q with tuple counts:
         23680  ~2%    {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0
         23680  ~2%    {1} r2 = STREAM DEDUP r1
         23680  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.0
         54790  ~4%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        202490  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         98332  ~5%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         83491  ~1%    {2} r7 = JOIN r6 WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
         83584  ~0%    {2} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83584  ~0%    {2} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83265  ~2%    {2} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                       return r10
```
 2023-03-01 08:34:07 +01:00
erik-krogh
36b33765a5 use allowImplicitRead instead of a taint-step from elements to the array 2023-02-28 16:09:52 +01:00
Arthur Baars
6c57823232 Merge branch 'main' into diagnostics-2 2023-02-27 19:00:03 +01:00
erik-krogh
b0797a2559 Merge branch 'main' into more-shell-taint 2023-02-27 18:27:09 +01:00
Anders Schack-Mulligen
bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
Maikypedia
44997d6b5f Change query id 2023-02-25 15:51:04 +01:00
Maikypedia
61fe3704c0 Remove unused imports 2023-02-25 15:43:48 +01:00
Maikypedia
dd1f7cc1d2 Remove missed file 2023-02-25 15:35:16 +01:00
Maikypedia
ff50513441 Add initial query for Ruby SSTI 2023-02-25 15:33:23 +01:00
Alex Ford
a54ca38e31 Ruby: DataFlow::CallableNode extends DataFlow::StmtSequenceNode 2023-02-24 16:40:35 +00:00
Alex Ford
e948e22186 Ruby: all Exprs have a corresponding DataFlow::Node that is more specific than just DataFlow::ExprNode 2023-02-24 16:40:35 +00:00
Grzegorz Niedziela
48007d14d5 move tests to experimental as well and fix .qlref reference 2023-02-24 10:38:21 +00:00
gregxsunday
34b441c3cc move query to experimental folder 2023-02-23 12:12:04 +00:00
gregxsunday
5a85fa12c7 add block test cases and update tests 2023-02-23 12:09:22 +00:00
gregxsunday
f9b5846675 add detection of sources directly used with blocks 2023-02-23 12:09:12 +00:00
Grzegorz Niedziela
4ab6a7bdfd Merge branch 'github:main' into main 2023-02-23 10:50:15 +00:00
Tom Hvitved
bd5ae88a9a Ruby: Move FileSystem.qll implementation into shared util pack 2023-02-23 10:21:04 +01:00
Tom Hvitved
c3679d0661 Fix bad join 2023-02-21 19:28:55 +13:00
Tom Hvitved
9880952e72 Revert "Ruby: Fix performance of Filter.getAnAction" 
This reverts commit f6c863c13bc840cba983ed12232725b8a8552cb4.
 2023-02-21 19:28:55 +13:00
Harry Maclean
710ddb1f96 Ruby: Fix performance of Filter.getAnAction 
Only look at the current class and the immediate superclass.
This will miss some edge cases but is much faster.
 2023-02-21 19:28:54 +13:00
Harry Maclean
2bc7d4e1ee Ruby: Clean up 2023-02-21 19:28:54 +13:00
Harry Maclean
7a01c4a974 Ruby: Add change note for filter dataflow 2023-02-21 19:28:54 +13:00
Harry Maclean
ba4d0a81d5 Ruby: Simplify filter dataflow 
This introduces some false flow (the `ThreeController` and
`FourController` examples in `filter_flow.rb`) but is simpler and
in line with how we model flow for normal method calls.
 2023-02-21 19:28:53 +13:00
Harry Maclean
0a02b45ad7 Ruby: More filter flow steps 
Add a jump step from the last self post-update node in a method to the self parameter of the
next method.
 2023-02-21 19:28:26 +13:00
Harry Maclean
fae5320c3a Ruby: Add filter flow tests 2023-02-21 19:27:53 +13:00
Harry Maclean
04e80fa48f Ruby: Use lookupMethod 
The hope is that this predicate is already used elsewhere, so its cost
is amortized.
 2023-02-21 19:26:36 +13:00
Harry Maclean
889d97163e Ruby: Refactor getFilterCallable 
Try to force a join with the filter argument string first, to reduce
tuple counts.
 2023-02-21 19:26:36 +13:00
Harry Maclean
2590682262 Ruby: inline RenderCallUtils::getBaseName 
This seems to yield a small performance increase.
 2023-02-21 19:26:36 +13:00
Harry Maclean
ae3d91b546 Ruby: First draft of rails callback flow 2023-02-21 19:26:36 +13:00
Harry Maclean
6eeb711988 Ruby: Add AdditionalJumpStep class 2023-02-21 19:26:36 +13:00
Arthur Baars
6fd836d3a9 Ruby: improve wording of error messages 2023-02-20 14:32:02 +01:00
Alex Ford
774030a8db Merge pull request #12083 from pwntester/ruby_twirp_support 
[Ruby] Add support for Twirp framework
 2023-02-20 13:16:52 +00:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Tom Hvitved
658cc33bb8 Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line 
Util: Use end line instead of start line for actual results
 2023-02-20 11:41:02 +01:00
Tom Hvitved
879eff41ea Merge branch 'main' into util/inline-expect-test-use-end-line 2023-02-20 10:03:38 +01:00
Harry Maclean
4e07fd3eb1 Ruby: Model ApplicationController.renderer 2023-02-19 13:37:27 +13:00
gregxsunday
fe97d2a05d fix file formatting 2023-02-17 14:01:28 +00:00
Grzegorz Niedziela
9d8c117c61 added QLDocs for ZipSlip module 2023-02-17 12:57:35 +00:00
Grzegorz Niedziela
815b5a0312 add changelog file 2023-02-17 12:50:10 +00:00
Grzegorz Niedziela
c03ba2cc13 fix docs references 2023-02-17 12:50:01 +00:00
Grzegorz Niedziela
652c7ff1ed Push Sanitizer definition to ZipSlipCustomization.qll 2023-02-17 12:49:31 +00:00
Grzegorz Niedziela
8bbbb95a87 Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll 2023-02-17 12:49:04 +00:00
Tom Hvitved
e9bce9f8cd Ruby: Update test expectations 2023-02-17 13:22:28 +01:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
gregxsunday
d1aaa9ad86 Add ZipSlip/TarSlip query for ruby 2023-02-16 11:24:15 +00:00
Alex Ford
74782bf6a2 Merge branch 'main' into ruby_twirp_support 2023-02-15 17:15:08 +00:00
Alex Ford
1556b1a728 Merge branch 'main' into js-use-shared-cryptography 2023-02-15 17:13:53 +00:00
Alex Ford
801ed1ce7c Ruby: add Twirp.expected 2023-02-15 17:05:33 +00:00