hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,294 Commits 1,684 Branches 159 Tags
c2b42ce0918de00a5168f9d9ae6cb4ef2d7651bc
Commit Graph

2294 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
c2b42ce091 Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection 2021-12-14 12:37:18 +00:00
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Chris Smowton
89b2a2f9b0 Merge pull request #633 from owen-mc/database-sql-model-incorrect 
Fix incorrect type name in database/sql model
 2021-12-13 11:01:38 +00:00
Chris Smowton
559aec1d64 Merge pull request #632 from owen-mc/refactor-variadic-helper-functions-for-builtin-functions 
Refactor isVariadic helper functions
 2021-12-13 10:59:42 +00:00
Chris Smowton
08c10bf97b Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
 2021-12-13 10:36:02 +00:00
Owen Mansel-Chan
ce27b0da52 Fix incorrect type name in database/sql model 
This error seems to have been introduced in
36bbf1eeb9
 2021-12-12 17:47:52 -05:00
Owen Mansel-Chan
353aa8d603 Refactor isVariadic helper functions 
Store information more naturally for built-in functions.
 2021-12-12 16:56:26 -05:00
Dave Bartolomeo
b57d3296f1 Merge pull request #620 from github/aeisenberg/version-policies 
Add version policies
 2021-12-10 17:39:15 -05:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Chris Smowton
e9e4f5a687 Improve performance: join-order AllocationSizeOverflow's source and use matches not regexpFind 
The join order fix takes 10 seconds off that predicate; the get-a-flag changes take about 25% off compared to using regexes.
 2021-12-10 12:23:50 +00:00
Chris Smowton
facda77852 Dataflow relations: narrow all dataflow nodes before taking product with Configurations 
This is particularly important for ConversionWithoutBoundsCheckConfig which has 20 configs. By paring DataFlow::Node down to only those that have a local-flow successor, or only those with an isAdditionalFlowStep for some related configuration, the result size can be significantly reduced prior to taking the product against Configuration and finally paring down using config.fullBarrier etc.

Saves about 1m20s per analysis on cockroachdb.
 2021-12-09 16:56:38 +00:00
Andrew Eisenberg
cedf55c46e Update pack dependency 2021-12-09 07:58:14 -08:00
Owen Mansel-Chan
b234ba7f26 Fix bad join order in getAFalsifiedGuard 
viableParamArg should be evaluated first.
 2021-12-08 17:33:59 -05:00
Owen Mansel-Chan
06f889fce6 Update tests for no flow through receivers when no function body 
This branch originally included a commit to enable flow through receivers
when there is no function body. This was dropped, to be pursued later.
 2021-12-08 16:03:18 -05:00
Owen Mansel-Chan
88e7c44a6d Update expected test results with extra nodes 2021-12-08 15:28:28 -05:00
Owen Mansel-Chan
a01f90b903 Give DataFlowCallable a user-facing name (Callable), move to Scopes.qll 
I removed asFunctionNode() because it would need an import, but it
doesn't seem to be used anywhere.
 2021-12-08 11:30:39 -05:00
Owen Mansel-Chan
a6532b988f Allow implicit taint reads through more content types 2021-12-08 11:20:38 -05:00
Owen Mansel-Chan
754c838cc0 Fix accidental cartesian product 
PointerContent needs to have the PointerType specified as well
 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
d70307243c Fix bad join order in BarrierGuard.guards/2 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
1a9ea38c0b Update non-shared dataflow files to match sync 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
095fe6e4a7 Do not allow "Argument" on its own 
# Conflicts:
#	ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
 2021-12-08 11:20:36 -05:00
Sauyon Lee
b2f62b185d Allow for Return[i] specifications 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
578a31ecd8 Keep call to defaultTaintSanitizerGuard 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
01bfbde9ae Sync dataflow libraries again 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
1a299d2e09 Update sync-dataflow-libraries target in Makefile 
The location of the dataflow libraries in codeql-go has changed
and there is a new file to be synced.
 2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
16fdb9aa11 Do not test ReturnValue as input for sink 
The documentation in ExternalFlow.qll does not specify
that "ReturnValue" can be used as the input column.
 2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
63b944a1b4 Another instance of getEnclosingFunction -> getRoot 2021-12-08 11:20:34 -05:00
Chris Smowton
3cf1459c4f Revert getACallee type change 2021-12-08 11:20:33 -05:00
Chris Smowton
6110506e02 Revert "Make getACallee return DataFlowCallable" 
This reverts commit b4742ccdf81bec3f872923da79953c61dea103f6.
 2021-12-08 11:20:33 -05:00
Owen Mansel-Chan
5ec0b09160 Diasble clearing content and add test for it 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
e940a53cc6 Test models of flow through fields 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
2d8fd71189 Comment on why summaryDataFlowCall is none() 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
adf3dc0c61 Move type assertion into declared type 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
9f763dd044 Move built-in models to ExternalFlow 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d717734820 Do not allow "Argument" on its own 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d2ca1fb2eb Address review comments #2 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
12058a2621 Fix containerStoreStep and containerReadStep 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
ab8096b717 Add tests for more content types (Element, MapKey, MapValue) 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
b7aa85b054 Address some review comments 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
f375553933 Add variadic functions test for function models 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
b75def62fe Add variadic functions test for external flow 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
d9848fe515 Add more tests for variadic functions 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
8044fb2519 Add more flow tests for external flow 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
63d997f820 (Unimportant) Fix module name for vendored stubs 
This doesn't affect the test, but does mean that you can run
`go build` to check the test would build.
 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
1929a1f7a7 Fix unrelated test in experimental 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
5e38f48b74 Autoformat 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
a3df3614a5 Convert completetest to an inline flow test 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
8f7a34f9cb Fix external flow tests 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
71bf834765 Fix incorrect assumption 
node2 doesn't have to be a PostUpdateNode
 2021-12-08 11:20:23 -05:00
Sauyon Lee
3379790686 add flow test involving CSV 2021-12-08 11:20:22 -05:00