hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,617 Commits 1,672 Branches 157 Tags
fd649c1702a11748d090321b69ff6160ed46e48c
Commit Graph

9569 Commits

Author SHA1 Message Date
Michael Nebel
df6f5d52b9 C#: Use dependency injection in the auto builder for Diagnostic classifier. 2023-03-03 13:05:28 +00:00
Michael B. Gale
4f0a93295a Move Language class to Semmle.Util 2023-03-03 13:05:27 +00:00
Michael B. Gale
04aaccb186 Fix C++ test missing env var 2023-03-03 13:05:26 +00:00
Michael B. Gale
9d19752c2e Make improvements based on PR feedback 2023-03-03 13:05:24 +00:00
Michael B. Gale
62cd8ca26f Update C/C++ autobuilder 2023-03-03 13:05:24 +00:00
Jeroen Ketema
87b1c3eaa8 Merge pull request #12381 from jketema/silence 
C++: Silence some more bogus consistency errors in syntax zoo
 2023-03-03 12:51:39 +01:00
Mathias Vorreiter Pedersen
16e817c814 Merge pull request #12356 from MathiasVP/use-phi-reads 
C++: Include "phi reads" in `DataFlow::Node`
 2023-03-03 11:14:08 +00:00
Jeroen Ketema
4faede0e2c C++: Silence some more bogus consistency errors in syntax zoo 
These were due to several functions occurring that would have the same TRAP key.
By making the functions static or wrapping the defining class in an anonymous
namespace the TRAP keys will differ from each other.
 2023-03-03 12:07:33 +01:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
Asger F
8f0b77d54f Revert "C#: Tool status page support" 2023-03-03 11:44:42 +01:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Jeroen Ketema
f649def3f8 C++: Silence a number of bogus consistency errors in syntax zoo 
These were due to several functions occurring that would have the same TRAP
key. By making the functions static the TRAP keys will differ from each other.
 2023-03-03 11:16:19 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Mathias Vorreiter Pedersen
959237e8d2 C++: Fix missing type for Phi nodes. 2023-03-02 22:48:10 +00:00
Mathias Vorreiter Pedersen
2963dc1cb1 C++: Include phi read nodes in SSA. 
There's a small fix to the mapping from 'global def -> use'.

Finally, this commit also accepts a test failure related to new missing
types for phi nodes. The fix for that is in the next commit.
 2023-03-02 22:48:06 +00:00
Mathias Vorreiter Pedersen
b3f92fcf0f C++: Add FN caused by missing static local initialization in SSA. 2023-03-02 22:37:52 +00:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Michael B. Gale
fd9b279ef9 Merge pull request #12217 from github/mbg/csharp/tsp-support 2023-03-02 11:47:30 +00:00
Michael Nebel
2525ac3dd2 C#: Use dependency injection in the auto builder for Diagnostic classifier. 2023-03-02 09:18:56 +01:00
Mathias Vorreiter Pedersen
2f8d71762c C++: Disable standard order for 'convertsIntoArgumentRev'. 2023-03-01 15:16:49 +00:00
Mathias Vorreiter Pedersen
0469df1c18 Merge pull request #12338 from MathiasVP/expr-sanitizer-for-exec-tainted 
C++: Speedup `cpp/command-line-injection`
 2023-03-01 11:40:05 +00:00
Mathias Vorreiter Pedersen
d5b0ad6bfc C++: Remove cached predicate that's no longer used. 2023-02-28 16:20:29 +00:00
Mathias Vorreiter Pedersen
075a83c987 Stage stats before on 'ExecTainted.ql' before: 
```
1	10	1 Fwd	609968	1398	-1	94	769936	ExecTaintConfiguration
2	15	1 Rev	239464	774	-1	52	320663	ExecTaintConfiguration
3	20	2 Fwd	205794	511	650	39	18576546	ExecTaintConfiguration
4	25	2 Rev	161966	351	428	39	13639502	ExecTaintConfiguration
5	30	3 Fwd	31889	322	791	39	5982574	ExecTaintConfiguration
6	35	3 Rev	30068	303	661	39	4181421	ExecTaintConfiguration
7	40	4 Fwd	24031	232	1432	39	14725618	ExecTaintConfiguration
8	45	4 Rev	21506	219	907	39	5962780	ExecTaintConfiguration
9	50	5 Fwd	20149	204	1527	38	8350094	ExecTaintConfiguration
10	55	5 Rev	20102	204	1472	38	7515307	ExecTaintConfiguration
11	60	6 Fwd	19950	200	904	33	9673369	ExecTaintConfiguration
12	65	6 Rev	18431	200	901	33	7030957	ExecTaintConfiguration
```

Stage stats after:
```
1	10	1 Fwd	368610	699	-1	65	445199	ExecTaintConfiguration
2	15	1 Rev	112848	336	-1	23	150522	ExecTaintConfiguration
3	20	2 Fwd	91528	219	270	22	4120713	ExecTaintConfiguration
4	25	2 Rev	66017	141	159	22	2657398	ExecTaintConfiguration
5	30	3 Fwd	12161	119	208	22	792468	ExecTaintConfiguration
6	35	3 Rev	11640	111	167	22	569193	ExecTaintConfiguration
7	40	4 Fwd	11423	109	331	22	1203871	ExecTaintConfiguration
8	45	4 Rev	10851	107	323	22	904017	ExecTaintConfiguration
9	50	5 Fwd	10694	107	763	22	2428404	ExecTaintConfiguration
10	55	5 Rev	10332	104	735	22	2355698	ExecTaintConfiguration
11	60	6 Fwd	10302	104	729	22	5772762	ExecTaintConfiguration
12	65	6 Rev	9482	102	725	22	4020951	ExecTaintConfiguration
```
 2023-02-28 15:05:29 +00:00
Mathias Vorreiter Pedersen
8dd0bdbdb0 C++: Rename 'fst' and 'snd' to 'incoming' and 'outgoing'. 2023-02-28 15:05:18 +00:00
Michael B. Gale
e3762c7f93 Move Language class to Semmle.Util 2023-02-28 14:16:33 +00:00
Jeroen Ketema
3014f207f3 C++: Add tests for all dataflow examples that occur in our docs 2023-02-28 14:45:00 +01:00
Mathias Vorreiter Pedersen
d93d22ba3e C++: Fix FPs in 'cpp/non-constant-format'. 2023-02-28 10:05:05 +00:00
Mathias Vorreiter Pedersen
1e5b235f4b C++: Accept test changes in 'cpp/non-constant-format'. These are actually FPs. 2023-02-28 10:02:32 +00:00
Mathias Vorreiter Pedersen
85c7116e8f C++: Fix the following join (I canceled it mid-way): 
```
Tuple counts for SsaInternals#7b362d2f::getAPriorDefinition#1#ff/2@bfabfc7o after 11.4s:
  1000      ~4%     {2} r1 = SCAN Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.1, In.0
  474321529 ~0%     {4} r2 = JOIN r1 WITH SsaInternals#7b362d2f::DefOrUse::hasIndexInBlock#3#dispred#ffff_3012#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.2, Rhs.3, Rhs.1
  0         ~0%     {2} r3 = JOIN r2 WITH SsaInternals#7b362d2f::SsaCached::lastRefRedef#4#ffff ON FIRST 3 OUTPUT Lhs.3, Rhs.3
  0         ~0%     {2} r4 = JOIN r3 WITH SsaInternals#7b362d2f::nodeToDefOrUse#3#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'result'
  0         ~0%     {2} r5 = JOIN r4 WITH SsaInternals#7b362d2f::ssaDefinition#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'defOrUse', Lhs.1 'result'
                    return r5
```
 2023-02-28 09:53:37 +00:00
Mathias Vorreiter Pedersen
04b84320c9 C++: Accept more query-test changes. 2023-02-28 00:06:35 +00:00
Mathias Vorreiter Pedersen
3906a1923b Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 18:40:04 +00:00
Mathias Vorreiter Pedersen
f9c724d9a3 Merge pull request #12325 from MathiasVP/gets-return-deref 
C++: Make `gets` indirect output a LocalFlowSource
 2023-02-27 18:39:36 +00:00
Jeroen Ketema
9c202f508f Merge pull request #12324 from jketema/taint-fix 
C++: Use correct DataFlow import in new TaintTracking.qll
 2023-02-27 18:37:46 +01:00
Mathias Vorreiter Pedersen
7bb806563f Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 17:19:36 +00:00
Mathias Vorreiter Pedersen
2a9133aae0 C++: Accept query-test changes. 2023-02-27 17:15:53 +00:00
Mathias Vorreiter Pedersen
d628905156 C++: Accept more test changes. 2023-02-27 17:13:23 +00:00
Mathias Vorreiter Pedersen
a4c075f03b C++: The data pointed to by 'gets' is also a source of user input. 2023-02-27 16:25:32 +00:00
Jeroen Ketema
b4f6d519db C++: Use correct DataFlow import in new TaintTracking.qll 
Using the IR version directly gives errors about conflicting imports if both
DataFlow and TaintTracking are imported.
 2023-02-27 17:22:12 +01:00
Mathias Vorreiter Pedersen
b36d4931f2 C++: Fix test annotation. 2023-02-27 15:47:52 +00:00
Mathias Vorreiter Pedersen
d2f8cb6920 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into fix-enclosing-callable 2023-02-27 15:02:39 +00:00
Mathias Vorreiter Pedersen
31f3504113 C++: Remove this bad materialization: 
```
Evaluated relational algebra for predicate _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared@ec353boa with tuple counts:
  459594    ~0%     {2} r1 = JOIN _IRVariable#e9bf30b2::IRVariable::getAst#0#dispred#ff_Parameter#ed81dd8f::Parameter#f#shared WITH SsaInternalsCommon#3c4fa02d::BaseIRVariable::getIRVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'arg1', Rhs.1
  461383    ~2%     {3} r2 = JOIN r1 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'arg1', Lhs.1, Rhs.1
  477945    ~6%     {4} r3 = JOIN r2 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'arg1', Lhs.1, Rhs.1
  346338    ~2%     {4} r4 = JOIN r3 WITH SsaInternalsCommon#3c4fa02d::Indirection::getNumberOfIndirections#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1 'arg1', Lhs.2, Rhs.1 'arg2'
  178593374 ~0%     {4} r5 = JOIN r4 WITH CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'arg1', Lhs.3 'arg2', Rhs.1 'arg3'
  934806228 ~0%     {4} r6 = JOIN r5 WITH SsaInternals#50208335::DefOrUse::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.1 'arg1', Lhs.2 'arg2', Lhs.3 'arg3'
                    return r6

Tuple counts for _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs/4@305d42l5 after 25.6s:
  180185672 ~0%     {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.0 'arg3', Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2'
  180185672 ~0%     {5} r2 = JOIN r1 WITH SsaInternals#50208335::Def::getValue#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.0 'arg3'
  180185672 ~0%     {5} r3 = JOIN r2 WITH DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3'
  178459578 ~1%     {4} r4 = JOIN r3 WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3'
                    return r4

Tuple counts for SsaInternals#7b362d2f::TFinalParameterUse#dom#ff/2@9ff4dbcg after 7.9s:
  180185672 ~1%         {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3, Lhs.0
  1726094   ~0%         {4} r2 = r1 AND NOT _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs(Lhs.0 'p', Lhs.1, Lhs.2, Lhs.3)
  1726094   ~54%        {4} r3 = SCAN r2 OUTPUT In.0 'p', In.1, In.2, 1
  1769636   ~54%        {5} r4 = JOIN r3 WITH PRIMITIVE range#bbf ON Lhs.3,Lhs.1

  1769636   ~45%        {4} r5 = SCAN r4 OUTPUT In.2, (In.4 'indirectionIndex' + 1), In.0 'p', In.4 'indirectionIndex'
  591253    ~11541%     {2} r6 = JOIN r5 WITH SsaInternalsCommon#3c4fa02d::isModifiableAtImpl#2#ff ON FIRST 2 OUTPUT Lhs.2 'p', Lhs.3 'indirectionIndex'

  1769636   ~52%        {4} r7 = SCAN r4 OUTPUT In.2, In.0 'p', In.4 'indirectionIndex', (In.4 'indirectionIndex' + 1)
  1724893   ~41%        {5} r8 = JOIN r7 WITH CppType#d1355c92::CppType::hasType#2#dispred#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.0, Lhs.2 'indirectionIndex', Lhs.3
  1718843   ~46%        {5} r9 = JOIN r8 WITH Type#2e8eb3ef::Type::stripType#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4
  8608      ~0%         {5} r10 = JOIN r9 WITH SmartPointer#917721ba::SmartPtr#f ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4, Lhs.0
  8608      ~0%         {5} r11 = r10 AND NOT PointerWrapper#7cc81d2d::PointerWrapper::pointsToConst#0#dispred#f(Lhs.4)
  8608      ~4986%      {2} r12 = SCAN r11 OUTPUT In.0 'p', In.2 'indirectionIndex'

  599861    ~11711%     {2} r13 = r6 UNION r12
                        return r13
```
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
1db24dd28d C++: Fix missing types. We now assign the node corresponding to **p 
an `UnknownType`.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
4e16bb65e3 C++: Accept test changes. Because we now allocate _three_ indirect nodes 
for a value of type `void*` (i.e., `p`, `*p` and `**p`) we need to decide
on a type for the `**p` value. We will do this in the next commit.
 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
16ba4652af C++: Allocate an additional indirection for void pointers. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
f6b9ca3da6 C++: Add failing test. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
da4a059388 C++: Accept test changes. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
52e6e1dece C++: Fix flow through partial definitions. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
575ac46bf3 C++: Add failing test. 2023-02-27 14:57:35 +00:00