hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,499 Commits 1,673 Branches 157 Tags
d909f2bc4f77fc5b73500c39f48dff0733e52410
Commit Graph

62 Commits

Author SHA1 Message Date
Max Schaefer
deb78b248b Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2024-04-09 14:38:17 +01:00
Max Schaefer
32ebd4eebb Automodel: Filter unexploitable types in application mode. 
We already did this in framework mode.
 2024-03-27 12:22:24 +00:00
Max Schaefer
48105db5b0 Fix isNeutral predicates. 2024-02-08 13:22:53 +00:00
Max Schaefer
4b9443eb15 Properly recognise existing models involving subtypes. 
If an existing source/sink model specifies `subtypes=True` we should apply it to endpoints on overriding methods.
 2024-02-08 13:22:53 +00:00
Max Schaefer
a9c0fed4f5 Add test showing spurious sink candidate from method overriding a method for which we have a model. 2024-02-08 13:22:53 +00:00
Max Schaefer
02547d3839 Improve representation of implicit varargs arrays to more reliably filter out known flow steps. 2024-02-08 13:22:52 +00:00
Max Schaefer
e47b021050 Do not consider expressions as candidates whose type is annotated with @FunctionalInterface. 2024-02-01 11:04:14 +00:00
Max Schaefer
99c99145a2 Rename {source,sink}Model to {source,sink}ModelCandidate. 2024-01-22 13:10:51 +00:00
Max Schaefer
a3816d75b3 Remove redundant imports. 2024-01-22 10:54:01 +00:00
Max Schaefer
7bc03040ec Make tags for positive and negative examples more precise. 2024-01-17 15:57:27 +00:00
Max Schaefer
ae23920a6d Fix spurious source models for primitive types in framework mode. 2024-01-17 15:36:31 +00:00
Max Schaefer
6d2bf68a86 Use inline expectations for all framework-mode tests. 2024-01-17 14:52:42 +00:00
Max Schaefer
adea805546 Refactor application-mode tests so we can reuse most of it for framework mode. 2024-01-17 14:49:19 +00:00
Max Schaefer
312dd16956 Consolidate application mode tests. 2024-01-17 14:48:27 +00:00
Max Schaefer
692d5e55a2 Use inline expectations for positive examples. 2024-01-17 14:48:22 +00:00
Max Schaefer
83c567385f Use inline expectations for negative-example tests as well. 2024-01-17 14:47:39 +00:00
Max Schaefer
1ebd0747a8 Fix treatment of void method calls. 2024-01-17 14:40:47 +00:00
Max Schaefer
18e44b6f5c Turn AutomodelApplicationModeExtractCandidates into an inline-expectations test. 2024-01-17 14:40:46 +00:00
Max Schaefer
587d69e88c Refactor application-mode candidate-extraction query so we can test its results before sampling. 2024-01-17 14:40:46 +00:00
Max Schaefer
800a78d258 Treat unexploitable types more centrally. 
The apparently missing test result is due to sampling.
 2024-01-17 14:40:37 +00:00
Max Schaefer
8614d7bddb Address review feedback. 2024-01-17 14:29:52 +00:00
Max Schaefer
9f443d4f83 Make Unexploitable*Characteristic more precise. 2024-01-12 12:03:41 +00:00
Max Schaefer
6e9c90a6bb Properly distinguish negative source and sink characteristics. 
In particular, `IsSanitizerCharacteristic` is a negative _source_ characteristic (not a negative sink characteristic), while `NeutralModelCharacteristic` is both.

This eliminates the erroneous test results.
 2024-01-11 12:36:48 +00:00
Max Schaefer
ff4555ac5b Get rid of negative sink types. 
Instead of positively implying the negative sink type, negative sink characteristics now negatively imply all sink types (but not source types). This is simpler and sice we will never have a huge number of sink types it doesn't impact performance either.

Changes to test results:

- The call to `createDirectories` at `Test.java:87` is now correctly classified as a source candidate, having previously been erroneously excluded by a negative _sink_ characteristic.
- The call to `compareTo` at `Test.java:48` is now erroneously classified as a source candidate; it should be suppressed by `IsSanitizerCharacteristic`, which is a negative sink characteristic, but should really be a negative source characteristic.
- In framework mode, several endpoints are now erroneously classified as source candidates even though they have neutral models, because `NeutralModelCharacteristic` is currently only a negative sink characteristic and not a negative source characteristic.
 2024-01-11 12:19:53 +00:00
Max Schaefer
a6d996b478 Add an example of a missed source candidate. 
`Files.list` has a taint step from its first argument to its result, so that first argument should not be considered a sink candidate (and it is not). However, due to a bug in `IsMaDTaintStepCharacteristic` it is also not considered a source candidate, which is wrong: as the example shows, if that argument is a call we do very much want to consider it as a source candidate.
 2024-01-11 11:27:34 +00:00
Stephan Brandauer
737aab66f5 Java automodel: drop primitive parameters from endpoints 2023-11-20 15:09:05 +01:00
Stephan Brandauer
e34a9de008 Java Automodel: drop return values of primitive return type methods from consideration for extraction in framework mode 2023-11-20 14:11:14 +01:00
Stephan Brandauer
212a515fa9 Java Automodel: drop return values void methods other than ctors from consideration for extraction in framework mode 2023-11-20 14:00:59 +01:00
Stephan Brandauer
d84501d65c Java automodel extraction: test case for framework mode extraction showing how primitives are currently candidates 2023-11-20 13:36:41 +01:00
Stephan Brandauer
74a195b4f4 Java Automodel extraction: fix extracted meta information by using Object for the type of generic parameters 2023-11-16 16:08:04 +01:00
Stephan Brandauer
84e58b77aa Java Automodel: remove Qualifiers of constructors from endpoints 2023-11-16 12:44:53 +01:00
Stephan Brandauer
3092640115 Java Automodel: make test case for Argument[this] sink candidates in ctors in framework mode 2023-11-16 12:42:50 +01:00
Stephan Brandauer
d7c97d9d92 Java Automodel: remove constructor instance arguments from endpoints and update test expectations 2023-11-16 12:27:23 +01:00
Stephan Brandauer
30925da7d9 Java Automodel: tests that demonstrate that there is no sink candidate of an object being constructed in app mode 2023-11-16 12:24:41 +01:00
Jean Helie
6260768e6a update query message to incoude extensibleType 2023-10-11 14:02:24 +02:00
Stephan Brandauer
fdbc553029 Java: Automodel Framework mode: no longer skip non-public methods 2023-09-28 16:17:44 +02:00
Stephan Brandauer
5d608acd0b Java: Automodel framework mode, fix query string 2023-09-26 10:45:54 +02:00
Stephan Brandauer
2be5b1955f Java: Automodel fr mode: add support for qualifier source candidates 2023-09-26 10:45:53 +02:00
Stephan Brandauer
6121faf671 Java: Automodel: fr mode: connect new endpoints with MaD models 2023-09-26 10:45:53 +02:00
Stephan Brandauer
7f084c90c5 Java: automodel fr mode: add overloadable parameter candidates 2023-09-26 10:45:53 +02:00
Stephan Brandauer
9e6eebb926 Java: Automodel: drive-by: remove unused message logic for candidate extraction 2023-09-26 10:45:53 +02:00
Stephan Brandauer
0d53600b12 Java: automodel fr mode: update test expectations 2023-09-26 10:45:53 +02:00
Stephan Brandauer
b2578f0e30 Java: Automodel Fr Mode: add return value endpoint type 2023-09-26 10:45:52 +02:00
Stephan Brandauer
8cc6466c68 Java: Automodel: add extensibleType metadata to framework mode 2023-09-26 10:45:52 +02:00
Stephan Brandauer
928898e979 Java: automodel: add class and method doc to test code 2023-09-12 15:43:09 +02:00
Stephan Brandauer
bd10ac799a Java: Automodel application mode: add test expectations 2023-09-12 14:20:28 +02:00
Stephan Brandauer
0115ba0df3 Java: Automodel: drive-by, add extensibleType metadata to app mode +/- extraction 2023-09-12 09:29:54 +02:00
Stephan Brandauer
836a5822f3 Java: Automodel App Mode: remove bogus implementation 2023-09-07 15:49:58 +02:00
Stephan Brandauer
c173d9ae40 Java: automodel application mode: generate models for overridden method candidates 2023-09-07 15:49:58 +02:00
Stephan Brandauer
3121949123 Java: automodel application mode: test case for overridden method candidate 2023-09-07 15:49:58 +02:00