hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 02:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,301 Commits 1,673 Branches 157 Tags
f5ca459795491f86a68bbf950f32ec944cdc9704
Commit Graph

17301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
f5ca459795 Add remote source of Android intent extra 2020-10-23 11:57:01 +01:00
Jonas Jensen
08bf464437 Merge pull request #4540 from criemen/printast-performance 
C++: Improve PrintAST performance if only individual files are printed
 2020-10-23 12:46:34 +02:00
Cornelius Riemenschneider
6b072686ab C++: Improve PrintAST performance. 
This improves the performance of the printAst.ql query by excluding a lot of string concatenations that happen in files unrelated to the one the user is interested in printing.
This is supposed to help the performance of the AST Viewer on bigger databases.
 2020-10-22 16:38:52 +02:00
Mathias Vorreiter Pedersen
a1b59e2d6c Merge pull request #4538 from geoffw0/taintbug 
C++: Add taint test for memcpy-ing into a vector
 2020-10-22 16:05:56 +02:00
Mathias Vorreiter Pedersen
90c027f291 Merge pull request #4532 from geoffw0/wrongtypeformaterr 
C++: Harden queries against ErroneousType
 2020-10-22 14:21:14 +02:00
Geoffrey White
ceea947f5e C++: Add another test case. 2020-10-22 12:41:23 +01:00
Calum Grant
7544bc872a Merge pull request #3974 from owen-mc/docs/query-classification-and-display 
Docs: Query classification and display
 2020-10-22 10:01:19 +01:00
Geoffrey White
3cca8443f8 C++: Add memcpy(vector test. 2020-10-22 09:46:07 +01:00
Geoffrey White
227bf91626 C++: Correct test annotation. 2020-10-22 09:45:09 +01:00
Erik Krogh Kristensen
e89e99deaa Merge pull request #4461 from erik-krogh/pyPrint 
Python: implement printAst for Python
 2020-10-22 09:37:10 +02:00
Aditya Sharad
9ff5142529 Merge pull request #4525 from adityasharad/js/autobuild-github-hidden-folder 
JavaScript: Include .github hidden folders in autobuild
 2020-10-21 07:10:42 -07:00
Rasmus Wriedt Larsen
a6abee9b3a Merge pull request #4476 from yoff/python-port-sql-injection 
Python: Port SqlInjection
 2020-10-21 15:55:19 +02:00
Geoffrey White
678e769553 C++: Change note. 2020-10-21 14:52:43 +01:00
Geoffrey White
d97f03c2be C++: Exclude error types from NonPortablePrintf. 2020-10-21 14:51:52 +01:00
yoff
ea4ea6b3e6 Merge pull request #4529 from tausbn/python-remove-cartesian-product-in-tkwoverflownode 
Python: Remove bad join in `getCallableScope`
 2020-10-21 15:36:38 +02:00
Rasmus Lerchedahl Petersen
060481053a Python: Add note about incompleteness 
I was going to do this in an issue, but it makes sense
to have it in the code. We could still add an issue as well.
 2020-10-21 15:15:19 +02:00
Rasmus Lerchedahl Petersen
c57c798bfa Python: Add TODO 2020-10-21 15:10:40 +02:00
yoff
ee5221abb4 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-21 15:08:16 +02:00
Jonas Jensen
2479402a9d Merge pull request #4522 from geoffw0/odasa704 
C++: Non-constant format string test case
 2020-10-21 14:58:02 +02:00
Jonas Jensen
6a80f3380e Merge pull request #4527 from geoffw0/odasa3940 
C++: Improve SizeCheck queries
 2020-10-21 14:55:57 +02:00
Taus Brock-Nannestad
31c169daac Python: Remove bad join in getCallableScope 
Clause timing report had this suspicious entry

```
CommandInjection.ql-12:DataFlowPublic::Node::getCallableScope#bbf .................. 7.2s
    (4 evaluations with max 6.4s in DataFlowPublic::Node::getCallableScope#bbf/3@i3#119d7b)
```

which indeed was a bad join:
```
Tuple counts for DataFlowPublic::Node::getCallableScope#bbf:
293509   ~2%     {3} r1 = JOIN DataFlowPublic::Node::getCallableScope#bbf#prev_delta AS L WITH DataFlowPublic::TNode#f AS R ON FIRST 1 OUTPUT L.<1>, L.<0>, L.<2>
22337162 ~0%     {3} r2 = JOIN r1 WITH Scope::Scope::getEnclosingScope_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r1.<1>, r1.<2>, R.<1>
22337162 ~0%     {3} r3 = r2 AND NOT DataFlowPublic::Node::getCallableScope#bbf#prev AS R(r2.<0>, r2.<2>, r2.<1>)
22337162 ~0%     {3} r4 = SCAN r3 OUTPUT r3.<0>, r3.<2>, r3.<1>
722      ~1%     {3} r5 = JOIN r4 WITH m#DataFlowPublic::Node::getCallableScope#bbf AS R ON FIRST 2 OUTPUT r4.<0>, r4.<1>, r4.<2>
722      ~1%     {3} r6 = JOIN r5 WITH m#DataFlowPublic::Node::getCallableScope#bbf AS R ON FIRST 2 OUTPUT r5.<0>, r5.<2>, r5.<1>
722      ~1%     {3} r7 = r6 AND NOT project#DataFlowPrivate::DataFlowCallable::getScope_dispred#ff AS R(r6.<2>)
722      ~1%     {3} r8 = SCAN r7 OUTPUT r7.<0>, r7.<2>, r7.<1>
                 return r8
```

In this case, the join went away by simply moving the helper predicate
out of the class it was situated in (and since it doesn't mention
`this`, it didn't really belong there in the first place).

Result:
```
DataFlowPublic.qll-8:DataFlowPublic::getCallableScope#ff ........................... 26ms
    (4 evaluations with max 15ms in DataFlowPublic::getCallableScope#ff/2@i3#709a9e)
```
 2020-10-21 14:45:05 +02:00
yoff
9bd808c924 Merge pull request #4528 from tausbn/python-remove-cartesian-product-in-tkwoverflownode 
Python: Prevent early join on `argName` in `getArg`
 2020-10-21 14:43:39 +02:00
Rasmus Lerchedahl Petersen
53ff1a32c1 Merge branch 'main' of github.com:github/codeql into python-port-sql-injection 2020-10-21 14:38:02 +02:00
Geoffrey White
ac1e0692bb C++: Exclude error types from WrongTypeFormatArguments. 2020-10-21 13:25:57 +01:00
Rasmus Lerchedahl Petersen
77d4cbc0df Python: Only allow unsafe positional args to extra 2020-10-21 14:21:36 +02:00
Rasmus Lerchedahl Petersen
3a416bce2d Python: Move test annotation 2020-10-21 14:18:16 +02:00
Rasmus Lerchedahl Petersen
4571b3188c Python: Fix false negative 2020-10-21 14:16:35 +02:00
Rasmus Lerchedahl Petersen
03c62fd267 Python: Fix typo in test case 2020-10-21 14:03:46 +02:00
yoff
75357727c4 Merge pull request #4490 from RasmusWL/python-model-django-sources 
Python: model Django HttpRequest as RemoteFlowSource
 2020-10-21 13:46:51 +02:00
Rasmus Lerchedahl Petersen
7087522ed9 Python: Move doc reference 2020-10-21 13:30:38 +02:00
Rasmus Lerchedahl Petersen
e49c7d64bd Python: test for keyword arguments to extra 2020-10-21 13:28:12 +02:00
Rasmus Lerchedahl Petersen
d249b51a5e Python: Add test-case for indirect RawSQL 2020-10-21 13:23:19 +02:00
Taus Brock-Nannestad
eb3333c0ce Python: Prevent early join on argName in getArg 2020-10-21 13:23:09 +02:00
Rasmus Lerchedahl Petersen
e51543ea79 Python: allow any positional argument in annotate 2020-10-21 13:17:20 +02:00
Rasmus Lerchedahl Petersen
2c855c739b Python: Ignore relatively safe arguments of extra 2020-10-21 13:15:46 +02:00
Rasmus Lerchedahl Petersen
6805fb63cc Python: Use modern pattern for RawSQL class 2020-10-21 13:14:32 +02:00
Rasmus Lerchedahl Petersen
e44247bb00 Python: Add links to function docs 2020-10-21 13:03:14 +02:00
yoff
8e7e107365 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-21 12:55:38 +02:00
Geoffrey White
ba29591b83 C++: Change note. 2020-10-21 11:21:53 +01:00
CodeQL CI
da58306f2d Merge pull request #4506 from asgerf/js/separate-jquery-config 
Approved by esbena
 2020-10-21 03:13:42 -07:00
Rasmus Wriedt Larsen
5874a7b422 Merge pull request #4488 from yoff/SharedDataflow_ArgumentPassingTests 
Python: Shared dataflow, argument passing tests
 2020-10-21 12:01:37 +02:00
Geoffrey White
6d91d55669 C++: Use the AllocationExpr model. 2020-10-21 11:00:15 +01:00
CodeQL CI
9faf675f1f Merge pull request #4486 from erik-krogh/lessTokens 
Approved by asgerf
 2020-10-21 02:56:38 -07:00
Mathias Vorreiter Pedersen
3fe2a17933 Merge pull request #4509 from geoffw0/intmultlong 
C++: Add IntMultToLong test cases.
 2020-10-21 11:03:13 +02:00
CodeQL CI
eaed93fa7d Merge pull request #4513 from RasmusWL/python-model-fabric 
Approved by yoff
 2020-10-21 01:58:19 -07:00
Rasmus Lerchedahl Petersen
9ee5a01d7e Python: Reword comment on isBarrierIn 2020-10-21 10:30:40 +02:00
Rasmus Wriedt Larsen
ba9caacee1 Merge pull request #4524 from tausbn/python-remove-cartesian-product-in-tkwoverflownode 
Python: Remove cartesian product in `TKwOverflowNode`
 2020-10-21 10:22:45 +02:00
Rasmus Wriedt Larsen
b0af0b94d0 Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-10-21 09:58:37 +02:00
Erik Krogh Kristensen
e18cf08d99 documentation changes based on review 2020-10-21 09:45:16 +02:00
Erik Krogh Kristensen
c1dba2ee9f add a few shouldPrint calls to improve performance 2020-10-21 09:37:53 +02:00