hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,211 Commits 1,672 Branches 157 Tags
e414b8c5be491c957f93526224b51a07c5a73f44
Commit Graph

6881 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
cbd4662696 Merge branch 'main' into skip-safe-conversions-in-range-analysis 2023-03-27 21:18:49 +01:00
Jeroen Ketema
213c4b0818 C++: Fix join-order problem in cpp/overrun-write 
Before on Wireshark:
```
[2023-03-27 12:59:25] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 in 99742ms (size: 52640).
Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@2ba90584 with tuple counts:
        1047588019  ~1%    {3} r1 = JOIN DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
          67558965  ~0%    {4} r2 = JOIN r1 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf_201#join_rhs ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.2, Rhs.1
         613572640  ~0%    {5} r3 = JOIN r2 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Rhs.2
             52640  ~0%    {4} r4 = JOIN r3 WITH Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3
             52640  ~0%    {4} r5 = JOIN r4 WITH Instruction#577b6a83::CallInstruction::getArgument#fbf ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.3, Lhs.0
             52640  ~0%    {5} r6 = JOIN r5 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
             52640  ~0%    {5} r7 = JOIN r6 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.4, Lhs.1, Lhs.2, Rhs.1
                           return r7
```

After:
```
[2023-03-27 13:56:36] Evaluated non-recursive predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd in 777ms (size: 52640).
Evaluated relational algebra for predicate OverrunWriteProductFlow#fb5ce006::isSinkPairImpl#5#fffff@f936aapd with tuple counts:
        565480  ~5%    {2} r1 = SCAN Instruction#577b6a83::CallInstruction::getStaticCallTarget#0#dispred#ff OUTPUT In.1, In.0
          4420  ~1%    {3} r2 = JOIN r1 WITH ArrayFunction#ca0b6b68::ArrayFunction::hasArrayWithVariableSize#2#dispred#fff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
          4420  ~0%    {3} r3 = JOIN r2 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.0
          4420  ~0%    {4} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
          4420  ~0%    {4} r5 = JOIN r4 WITH Instruction#577b6a83::Instruction::getUnconvertedResultExpression#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Rhs.1
          4420  ~3%    {4} r6 = JOIN r5 WITH Instruction#577b6a83::CallInstruction::getArgument#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2, Lhs.3
         52825  ~0%    {5} r7 = JOIN r6 WITH OverrunWriteProductFlow#fb5ce006::bounded#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Rhs.2
         52640  ~0%    {5} r8 = JOIN r7 WITH DataFlowUtil#47741e1f::InstructionNode#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1, Lhs.4, Lhs.3
                       return r8
```
 2023-03-27 14:28:22 +02:00
Mathias Vorreiter Pedersen
125c013052 Merge branch 'main' into skip-safe-conversions-in-range-analysis 2023-03-24 17:01:11 +00:00
Anders Schack-Mulligen
978c5f7bd8 Java/C++: Autoformat 2023-03-23 13:06:19 +01:00
Anders Schack-Mulligen
72415c7c2c C++: Rename references. 2023-03-23 13:06:19 +01:00
Mathias Vorreiter Pedersen
d325082db3 C++: Fix another place that assumed that 'Expr' was always 'Instruction'. 2023-03-22 16:51:39 +00:00
Jeroen Ketema
574b2201cb Merge pull request #12608 from jketema/configsig 
C++: Use `DataFlow::ConfigSig` in more places
 2023-03-21 14:37:32 +01:00
Mathias Vorreiter Pedersen
98dc73c6dd Merge pull request #12611 from MathiasVP/buffer-access-should-be-evaluated 
C++: Exclude unevaluated accesses in `BufferAccess`
 2023-03-21 12:10:37 +00:00
Asger F
6d665da4dc Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Mathias Vorreiter Pedersen
40cc2e7891 C++: Also exclude unevaluated buffers in 'OverflowStatic'. 2023-03-21 09:53:39 +00:00
Jeroen Ketema
2fdfa0808a C++: Refactor experimental queries to use DataFlow::ConfigSig 2023-03-21 09:16:59 +01:00
Jeroen Ketema
9997326804 C++: Refactor BoostorgAsio to use DataFlow::ConfigSig 2023-03-20 13:37:18 +01:00
Ed Minnix
2d5944fb0e Refactor DataFlow configurations to use "Config" naming convention 2023-03-19 17:44:07 -04:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
Mathias Vorreiter Pedersen
a5051655a1 C++: Autoformat. 2023-03-13 15:41:17 +01:00
Nicky Mouha
dc09c9218e Update IfStatementAdditionOverflow.ql 2023-03-12 01:05:18 -05:00
Mathias Vorreiter Pedersen
d25a312557 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-09 18:38:00 +00:00
Mathias Vorreiter Pedersen
84a61d1e02 C++: No need for 'matches'. 2023-03-09 15:36:26 +00:00
Mathias Vorreiter Pedersen
2931e5dea8 C++: Reduce duplication by blocking flow into sources (since we'll already be considering flow starting at those sources) and out of sinks (since we'll already be alerting on this sink if it's relevant). 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
03ba7ea851 C++: Move the weird global property 'not sqlite_encryption_used()' from the sink definition to the source definition. The dataflow library starts tracking flow from the sources, so it's better to to rule out the entire database in the source definition than in the sink definition. 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
7819a7d2bc C++: Severely restrict the set of sinks in 'cpp/cleartext-storage-database'. This reduces the number of sinks considered on the 'sysown/proxysql' from > 62000 sinks to ~1000 sinks. 2023-03-09 14:59:13 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Jeroen Ketema
30cbc91092 C++: Update XXE XML query with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
8253f2d343 C++: Update UnsafeDaclSecurityDescriptor with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
7fe1a9431c C++: Update PotentiallyExposedSystemData with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
53aa34bdd3 C++: Update UnsafeCreateProcessCall with DataFlow::ConfigSig 2023-03-08 15:04:53 +01:00
Jeroen Ketema
af612a12de C++: Update TlsSettingsMisconfiguration with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
4363a8ea30 C++: Update leap year queries with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
e65ba13da4 C++: Update NonConstantFormat with DataFlow::ConfigSig 2023-03-08 15:04:52 +01:00
Jeroen Ketema
661160a98e C++: Update PrivateCleartextWrite with DataFlow::ConfigSig 2023-03-08 15:04:45 +01:00
Mathias Vorreiter Pedersen
a247a8b3ea Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-08 13:35:35 +00:00
Jeroen Ketema
5391b13db9 C++: Make dataflow configuration modules private in qll files 2023-03-08 09:18:09 +01:00
Jeroen Ketema
0f8a12f3ac C++: Add change note for deprecated data flow configurations in qll files 2023-03-08 09:00:43 +01:00
Jeroen Ketema
13bdd9c0c6 C++: Fix query compliation 
Apparently some queries we skipped in the testing I did locally.
 2023-03-07 19:16:10 +01:00
Jeroen Ketema
57c5d5f2c7 C++: Add QLDoc on configuration modules where the original class had one 2023-03-07 19:01:05 +01:00
Jeroen Ketema
0c39d1e5ca C++: Fix query formatting 2023-03-07 18:55:58 +01:00
Jeroen Ketema
2eb2e11ef7 C++: Fix query compilation 2023-03-07 18:53:07 +01:00
Jeroen Ketema
fb57914751 C++: Convert a number of data flow based queries to use ConfigSig 2023-03-07 18:21:52 +01:00
Mathias Vorreiter Pedersen
cc0b8bbebb Merge pull request #12430 from MathiasVP/no-to-string-on-state-in-cast-array-pointer-arith 
C++: Convert `cpp/upcast-array-pointer-arithmetic` to the new API
 2023-03-07 16:48:15 +00:00
Mathias Vorreiter Pedersen
ce02de48a0 C++: Fix Code Scanning error. 2023-03-07 14:40:36 +00:00
Mathias Vorreiter Pedersen
f2b311a008 C++: We don't need to check type equivalence at the end anymore: the dataflow state now precisely tracks the types. 2023-03-07 14:31:11 +00:00
Mathias Vorreiter Pedersen
ce6366f023 C++: Use the parameterized module dataflow API in 'cpp/upcast-array-pointer-arithmetic'. 
This allows us to swap out the old string state with the Type-based state.
 2023-03-07 14:17:12 +00:00
Mathias Vorreiter Pedersen
63690066c5 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-07 13:06:43 +00:00
Mathias Vorreiter Pedersen
b054b9c5cd Merge pull request #12408 from jketema/merge-main 
C++: use-use dataflow merge main
 2023-03-07 13:05:30 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Jeroen Ketema
3a4c0a2aae Merge pull request #12389 from jketema/more-deprecated 
C++: Add `deprecated` to predicates that are deprecated according to the QLDoc
 2023-03-07 11:21:43 +01:00
Jeroen Ketema
9ec479a2a0 C++: Update queries to use DataFlow::ConfigSig 2023-03-07 10:15:11 +01:00
Jeroen Ketema
47930f94e2 Merge remote-tracking branch 'upstream/main' into merge-main 2023-03-06 15:20:39 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00