hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 11:10:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,731 Commits 1,675 Branches 157 Tags
daad69bb3062fb0bfc333955f9af391d4d20e9f8
Commit Graph

58731 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
daad69bb30 Data flow: Fix two consistency checks 2023-09-18 16:36:11 +02:00
Mathias Vorreiter Pedersen
cdf5872eb3 Merge pull request #14217 from alexet/is-trivial-built-in 
CPP:Make __is_trivial a builtin operation.
 2023-09-15 16:01:25 +01:00
Chris Smowton
f160c6c646 Merge pull request #14195 from Kwstubbs/SQL_int_sanitizer 
Add Integer/Boolean Sanitizer to SQL injection Query
 2023-09-15 14:13:35 +01:00
Chris Smowton
aaa230a791 Merge branch 'main' into SQL_int_sanitizer 2023-09-15 13:44:58 +01:00
Chris Smowton
062024b3d6 Merge pull request #14232 from smowton/smowton/fix/autoformat 
Fix formatting mistake
 2023-09-15 13:00:40 +01:00
Chris Smowton
a63bb1bbed Tidy 2023-09-15 12:58:44 +01:00
Chris Smowton
e62fcf9a45 Fix formatting mistake 2023-09-15 12:37:34 +01:00
Chris Smowton
24dc09efad Merge pull request #14206 from smowton/smowton/feature/add-java-miscompilation-tests 
Java: add tests for programs that don't compile
 2023-09-15 11:14:04 +01:00
Mathias Vorreiter Pedersen
6c7833f28c Merge pull request #14223 from MathiasVP/add-explicit-dereferenced-by-operation-base-case-predicate 
C++: Add a `directDereferencedByOperation` predicate
 2023-09-15 10:19:26 +01:00
Tom Hvitved
14561c414b Merge pull request #14225 from hvitved/ruby/fix-bad-join 
Ruby: Fix a bad join
 2023-09-15 10:59:24 +02:00
Chris Smowton
c5001a86f6 Fix test expectations 2023-09-14 20:45:54 +01:00
Tom Hvitved
c83a29c27f Ruby: Fix a bad join 
Before
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@22c05bb6 with tuple counts:
          212957   ~2195%    {1} r1 = JOIN _Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_Expr#6fb2af19::Expr::getConstantV__#shared WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1
        43862468   ~6045%    {2} r2 = JOIN r1 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0
        43862468   ~6581%    {2} r3 = JOIN r2 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        43844886  ~40661%    {2} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           15004   ~8295%    {3} r5 = JOIN r4 WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Rhs.1
           15004   ~8890%    {3} r6 = SCAN r5 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                             return r6
```

After
```
Evaluated relational algebra for predicate Sinatra#e09174a3::Sinatra::ErbLocalsAccessSummary#fff@f6249cga with tuple counts:
         10237       ~0%    {3} r1 = JOIN locations_default_10#join_rhs WITH project#Sinatra#e09174a3::Sinatra::ErbLocalsHashSyntheticGlobal#ffff_201#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
          4015       ~5%    {3} r2 = JOIN r1 WITH AST#a6718388::AstNode::getLocation#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           825      ~96%    {3} r3 = JOIN r2 WITH Call#841c84e8::MethodCall::getMethodName#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           940       ~0%    {4} r4 = JOIN r3 WITH Constant#54e8b051::ConstantValue::getStringlikeValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
        325402       ~0%    {4} r5 = JOIN r4 WITH Expr#6fb2af19::Expr::getConstantValue#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
        231819  ~133147%    {3} r6 = JOIN r5 WITH Expr#6fb2af19::Pair::getKey#0#dispred#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.3, Lhs.1
        231819  ~138805%    {3} r7 = SCAN r6 OUTPUT ("sinatra_erb_locals_access()" ++ In.0 ++ "#" ++ In.1), In.2, In.1
                            return r7
```
 2023-09-14 21:34:17 +02:00
Ian Lynagh
730480360e Merge pull request #14221 from igfoo/igfoo/gradle_seq 
Kotlin: Add more tests to the "gradle sequential" set
 2023-09-14 18:39:11 +01:00
Chris Smowton
5f6a40b9e8 Note Kotlin test no longer has CFG dead-ends if ErrorExpr participates in the CFG 2023-09-14 17:42:00 +01:00
Chris Smowton
d9f7180b5c Add missing diagnostic expectations 2023-09-14 17:42:00 +01:00
Chris Smowton
8f940c311a Update expectations and add expected diagnostics 2023-09-14 17:42:00 +01:00
Chris Smowton
a1a7640427 Give ErrorExpr default control flow 
This prevents a CFG dead-end because of one ErrorExpr
 2023-09-14 17:42:00 +01:00
Chris Smowton
b1e128b5c1 Pretty-print a ClassInstanceExpr without a bound constructor nicely 2023-09-14 17:42:00 +01:00
Chris Smowton
9670f20bd7 Add test for method reference whose LHS has unknown type 
This can happen when imports or source classes are missing.
 2023-09-14 17:42:00 +01:00
Chris Smowton
6ea7b195db Add test for a module declaration made in a file named other than module-info.java 
This triggers a weird corner case in our extractor, which used to throw a null pointer exception.
 2023-09-14 17:42:00 +01:00
Chris Smowton
c47ba000d6 Add test exercising the case of a missing type used as an interface 
This induces the TypeEnter phase to create an ErrorType with a parameter, which in turn used to cause a stack overflow in comparing the TypeWrapper objects involved.

Note the output remains somewhat broken, exposing an <any> type, but at least the overflow is resolved.
 2023-09-14 17:42:00 +01:00
Chris Smowton
4b5651bde9 Add test for Java extracting ErrorType 2023-09-14 17:42:00 +01:00
Chris Smowton
c0f8973749 Add test for extracting a Java AST with an error expression 
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
 2023-09-14 17:42:00 +01:00
Mathias Vorreiter Pedersen
8aeb9b9ae0 Merge pull request #14219 from MathiasVP/fix-phi-flow-2 
C++: Fix `phi`->`phi` flow
 2023-09-14 17:22:51 +01:00
Mathias Vorreiter Pedersen
b18de9e641 C++: Add a named base case predicate for 'dereferencedByOperation' that can be used in queries. 2023-09-14 17:12:58 +01:00
Ian Lynagh
e5ac7620e3 Kotlin: Add more tests to the "gradle sequential" set 2023-09-14 15:44:32 +01:00
AlexDenisov
ff7ff6dcfa Merge pull request #14201 from MathiasVP/add-ast-consistency-query 
C++: Add AST consistency query
 2023-09-14 16:34:20 +02:00
Robert Marsh
55546fe61c Merge pull request #14205 from rdmarsh2/rdmarsh2/swift/unify-array-collection-content 
Swift: Unify `ArrayContent` and `CollectionContent`
 2023-09-14 10:08:37 -04:00
Tom Hvitved
c0e600c515 Merge pull request #12672 from hvitved/ruby/implicit-array-reads-at-sinks 
Ruby: Allow for implicit array reads at all sinks during taint tracking
 2023-09-14 15:39:37 +02:00
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Mathias Vorreiter Pedersen
6ce7a56b41 Merge pull request #14190 from github/alexdenisov/await-inconsistencies 
Swift: fix CFG for identity expressions (await, dot_self, parent)
 2023-09-14 14:15:31 +01:00
Robert Marsh
62953cb250 Swift: document "ArrayElement" case in MaD 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-09-14 09:11:35 -04:00
Robert Marsh
6ad78eba05 Swift: ArrayContent aliased to CollectionContent 2023-09-14 13:08:36 +00:00
Mathias Vorreiter Pedersen
b0566af938 C++: Accept test changes. 2023-09-14 14:04:12 +01:00
Mathias Vorreiter Pedersen
36b7b6cffe C++: Fix phi-phi flow. 2023-09-14 14:02:03 +01:00
Mathias Vorreiter Pedersen
2a55034e55 C++: Add failing test. 2023-09-14 14:01:48 +01:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Alex Eyers-Taylor
d79a2c7674 CPP:Make __is_trivial a builtin operation. 2023-09-14 12:50:36 +01:00
Michael Nebel
b9acf1a4ee Merge pull request #14111 from michaelnebel/csharp/reduceprojectrestore 
C#: Avoid explicitly restoring projects in solution files.
 2023-09-14 10:06:49 +02:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Erik Krogh Kristensen
111227e763 Merge pull request #14211 from erik-krogh/usingOutOfBounds 
JS: fix out of bounds string access in isUsingDecl
 2023-09-13 22:23:15 +02:00
Robert Marsh
20de4c625c Swift: autoformat DataFlowPrivate 2023-09-13 18:57:27 +00:00
Robert Marsh
86bd2168ec Swift: breaking change note for array content removal 2023-09-13 18:34:30 +00:00
Robert Marsh
0b66be5f07 Swift: restore ArrayElement as an alias for CollectionElement 2023-09-13 18:29:03 +00:00
Robert Marsh
43ca192ceb Swift: remove ArrayContent in UnsafeJsEvalQuery 2023-09-13 18:26:06 +00:00
erik-krogh
fdd349c1a3 fix out of bounds string access in isUsingDecl 2023-09-13 20:11:21 +02:00
Geoffrey White
e109892388 Merge pull request #14189 from geoffw0/protocol2 
Swift: Consistent additional taint steps between the cleartext-* queries
 2023-09-13 18:44:20 +01:00
Chuan-kai Lin
00c83f185a Merge pull request #14182 from cklin/deprecate-assume-small-delta 
Document assume_small_delta deprecation
 2023-09-13 07:54:33 -07:00
Mathias Vorreiter Pedersen
18fa6f5d64 Merge pull request #14202 from alexet/translated-element-location 
CPP: Add a location to TranslatedElement to help with debugging IR creation
 2023-09-13 15:19:24 +01:00
Michael Nebel
84ec823ac0 C#: Add some explanatory comments about parallel restore. 2023-09-13 16:07:47 +02:00