hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,274 Commits 1,684 Branches 159 Tags
facda77852aabce63721cb66f8b16ff0941cb647
Commit Graph

2274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
facda77852 Dataflow relations: narrow all dataflow nodes before taking product with Configurations 
This is particularly important for ConversionWithoutBoundsCheckConfig which has 20 configs. By paring DataFlow::Node down to only those that have a local-flow successor, or only those with an isAdditionalFlowStep for some related configuration, the result size can be significantly reduced prior to taking the product against Configuration and finally paring down using config.fullBarrier etc.

Saves about 1m20s per analysis on cockroachdb.
 2021-12-09 16:56:38 +00:00
Owen Mansel-Chan
b234ba7f26 Fix bad join order in getAFalsifiedGuard 
viableParamArg should be evaluated first.
 2021-12-08 17:33:59 -05:00
Owen Mansel-Chan
06f889fce6 Update tests for no flow through receivers when no function body 
This branch originally included a commit to enable flow through receivers
when there is no function body. This was dropped, to be pursued later.
 2021-12-08 16:03:18 -05:00
Owen Mansel-Chan
88e7c44a6d Update expected test results with extra nodes 2021-12-08 15:28:28 -05:00
Owen Mansel-Chan
a01f90b903 Give DataFlowCallable a user-facing name (Callable), move to Scopes.qll 
I removed asFunctionNode() because it would need an import, but it
doesn't seem to be used anywhere.
 2021-12-08 11:30:39 -05:00
Owen Mansel-Chan
a6532b988f Allow implicit taint reads through more content types 2021-12-08 11:20:38 -05:00
Owen Mansel-Chan
754c838cc0 Fix accidental cartesian product 
PointerContent needs to have the PointerType specified as well
 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
d70307243c Fix bad join order in BarrierGuard.guards/2 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
1a9ea38c0b Update non-shared dataflow files to match sync 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
095fe6e4a7 Do not allow "Argument" on its own 
# Conflicts:
#	ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
 2021-12-08 11:20:36 -05:00
Sauyon Lee
b2f62b185d Allow for Return[i] specifications 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
578a31ecd8 Keep call to defaultTaintSanitizerGuard 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
01bfbde9ae Sync dataflow libraries again 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
1a299d2e09 Update sync-dataflow-libraries target in Makefile 
The location of the dataflow libraries in codeql-go has changed
and there is a new file to be synced.
 2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
16fdb9aa11 Do not test ReturnValue as input for sink 
The documentation in ExternalFlow.qll does not specify
that "ReturnValue" can be used as the input column.
 2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
63b944a1b4 Another instance of getEnclosingFunction -> getRoot 2021-12-08 11:20:34 -05:00
Chris Smowton
3cf1459c4f Revert getACallee type change 2021-12-08 11:20:33 -05:00
Chris Smowton
6110506e02 Revert "Make getACallee return DataFlowCallable" 
This reverts commit b4742ccdf81bec3f872923da79953c61dea103f6.
 2021-12-08 11:20:33 -05:00
Owen Mansel-Chan
5ec0b09160 Diasble clearing content and add test for it 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
e940a53cc6 Test models of flow through fields 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
2d8fd71189 Comment on why summaryDataFlowCall is none() 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
adf3dc0c61 Move type assertion into declared type 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
9f763dd044 Move built-in models to ExternalFlow 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d717734820 Do not allow "Argument" on its own 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d2ca1fb2eb Address review comments #2 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
12058a2621 Fix containerStoreStep and containerReadStep 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
ab8096b717 Add tests for more content types (Element, MapKey, MapValue) 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
b7aa85b054 Address some review comments 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
f375553933 Add variadic functions test for function models 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
b75def62fe Add variadic functions test for external flow 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
d9848fe515 Add more tests for variadic functions 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
8044fb2519 Add more flow tests for external flow 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
63d997f820 (Unimportant) Fix module name for vendored stubs 
This doesn't affect the test, but does mean that you can run
`go build` to check the test would build.
 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
1929a1f7a7 Fix unrelated test in experimental 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
5e38f48b74 Autoformat 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
a3df3614a5 Convert completetest to an inline flow test 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
8f7a34f9cb Fix external flow tests 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
71bf834765 Fix incorrect assumption 
node2 doesn't have to be a PostUpdateNode
 2021-12-08 11:20:23 -05:00
Sauyon Lee
3379790686 add flow test involving CSV 2021-12-08 11:20:22 -05:00
Sauyon Lee
a632a58221 add CSV models of append 2021-12-08 11:20:22 -05:00
Sauyon Lee
070e383516 allow empty namespaces for Go 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
70c9ca5611 Update documentation in ExternalFlow.qll 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
038f951e9f Fix containerStoreStep 
Update some comments as well, and change a variable name
 2021-12-08 11:20:20 -05:00
Owen Mansel-Chan
be6501d8e4 Add tests for data and taint flow through arrays and var args 2021-12-08 11:20:20 -05:00
Sauyon Lee
2060731077 Add tests for external flow 2021-12-08 11:20:20 -05:00
Sauyon Lee
873f496038 Use basicLocalFlowStep instead of .getASuccessor 
This prevents non-monotonic recursion through summary post-update nodes
 2021-12-07 07:39:28 -05:00
Sauyon Lee
afe7edc093 Fix test output 
Includes a bunch of new edges, but no new results
 2021-12-07 07:39:28 -05:00
Sauyon Lee
0572c4785c Model net http sources as csv 2021-12-07 07:39:27 -05:00
Sauyon Lee
bebdb0ba53 Add RangeIndexNode 2021-12-07 07:39:27 -05:00
Sauyon Lee
3750af41d3 Add standard container steps 2021-12-07 07:39:27 -05:00