hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,685 Branches 159 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
25c8b8141c Swift: add params to CFG 2022-05-26 16:48:24 +00:00
Harry Maclean
c80a06a6d8 Ruby: Simplify posix-spawn modeling 2022-05-26 14:29:04 +01:00
Anna Railton
4cf3467ad7 Merge pull request #9338 from github/annarailton-patch-1 
ATM: add `workflow_dispatch` to ATM JS tests
 2022-05-26 14:25:48 +01:00
Harry Maclean
ee827604f7 Ruby: Model the posix-spawn gem 
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
 2022-05-26 14:16:08 +01:00
Geoffrey White
2bcf7e17c8 Understand syscalls better. 2022-05-26 14:01:09 +01:00
Anna Railton
202d2e037d Add workflow_dispatch to Action 
This is so we can trigger scheduled runs of these tests
 2022-05-26 13:07:57 +01:00
Geoffrey White
e3ea7751d1 C++: Define sources better so that we catch all the test cases. 2022-05-26 12:44:17 +01:00
Robert Marsh
3213549a73 Merge pull request #9329 from MathiasVP/fixes-for-9291 
Swift: Fixups for #9291
 2022-05-26 07:25:24 -04:00
Chris Smowton
1f2248c1c8 Warn if jar file path not in expected form 2022-05-26 11:59:23 +01:00
Chris Smowton
3bd581a052 Kotlin: use the same mtimes as Java 
Previously Kotlin's use of IntelliJ's VirtualFile interface meant we got the containing JAR file's mtime, not that of the individual file entry.
 2022-05-26 11:59:23 +01:00
Tom Hvitved
ae1f5bbe25 Merge pull request #9334 from hvitved/ruby/dataflow/hash-splat-literal 2022-05-26 10:36:04 +02:00
Mathias Vorreiter Pedersen
c7cc8d2592 Swift: Fix copy-paste error. 2022-05-25 21:36:24 +01:00
Robert Marsh
da90440ea3 Merge pull request #9333 from rdmarsh2/rdmarsh2/swift/dataflow-local-flow 
Swift: local dataflow
 2022-05-25 15:59:50 -04:00
Robert Marsh
aa77ea6bef Swift: minimal tests for interprocedural flow 2022-05-25 19:24:34 +00:00
Robert Marsh
9f64622f31 Swift: data flow configurations working 2022-05-25 19:23:43 +00:00
Robert Marsh
d326b3a91c Swift: global dataflow WIP 2022-05-25 18:54:47 +00:00
Robert Marsh
bba3564187 Swift: adjust for changes in main 2022-05-25 18:52:47 +00:00
Robert Marsh
91b34d5e8f Swift: make LambdaCallKind a TODO 2022-05-25 18:26:38 +00:00
Robert Marsh
765e1e1115 Swift: autoformat 2022-05-25 18:26:38 +00:00
Robert Marsh
cf22ade9f3 Swift: initial local data flow implementation 2022-05-25 18:26:37 +00:00
Robert Marsh
117a1ad2f4 Swift: DataFlow expr and parameter nodes 2022-05-25 18:26:37 +00:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Tom Hvitved
47051ec8c9 Merge pull request #9320 from hvitved/ruby/hash-splat-flow 
Ruby: Flow through hash-splat parameters
 2022-05-25 19:31:09 +02:00
Nick Rolfe
d5c8188625 Merge pull request #9330 from github/nickrolfe/ruby-typos 
Ruby: fix spelling errors
 2022-05-25 17:56:50 +01:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Nick Rolfe
385e442f7f Ruby: fix spelling errors 2022-05-25 16:38:48 +01:00
Mathias Vorreiter Pedersen
fafdb016fa Swift: Fixup based on review comments in #9291. 2022-05-25 16:10:44 +01:00
Mathias Vorreiter Pedersen
f17afa8a11 Swift: Accept test changes. 2022-05-25 16:01:42 +01:00
Mathias Vorreiter Pedersen
dc2ba5b410 Swift: Implement better 'toString' overrides for all AST nodes. 2022-05-25 15:59:45 +01:00
Mathias Vorreiter Pedersen
0b6e35a2a9 Merge pull request #9291 from MathiasVP/swift-ipa-the-cfg 
Swift: CFG for property reads and writes
 2022-05-25 15:57:32 +01:00
Erik Krogh Kristensen
361b2aa6bb Merge pull request #9325 from erik-krogh/CWE-940 
JS: add CWE-940 to js/missing-origin-check
 2022-05-25 16:41:40 +02:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
af428a1ac2 Address comments 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00
Asger F
a60caced98 JS: Update TRAP output 2022-05-25 15:59:58 +02:00
Nick Rolfe
79fb9e8fd2 Merge pull request #9159 from github/nickrolfe/join_order_tweak 
Ruby: tweak join order in `API::Impl::edge`
 2022-05-25 14:57:24 +01:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Asger F
893f4ab8fb Merge pull request #9288 from asgerf/js/resource-exhaustion-no-buffer.from 
JS: Remove Buffer.from sink from js/resource-exhaustion
 2022-05-25 15:51:54 +02:00
Tom Hvitved
ce4959287a Ruby: Flow through hash-splat expressions 2022-05-25 15:40:08 +02:00
Nick Rolfe
8cd261af0e Merge pull request #9324 from hvitved/dataflow/prohibits-use-use-fix-join 
Data flow: Fix bad join in `prohibitsUseUseFlow`
codeql-cli/v2.9.3 		2022-05-25 14:39:06 +01:00
Mathias Vorreiter Pedersen
80fad348bb Swift: Implement CFG for property reads, writes, and observers. 2022-05-25 13:46:14 +01:00
Mathias Vorreiter Pedersen
67cc1b503b Swift: Implement step 3 from the previous commit message. 2022-05-25 13:44:59 +01:00
Mathias Vorreiter Pedersen
1f4924f978 Swift: Create a custom "AST" version of the public CFG classes. This is 
necessary because the CFG library doesn't support the following
       two requirements simultaneously:
       1. Traverse AST classes by virtual dispatch
       2. Construct ControlFlowElements from non-AST classes

       Because the CFG trees derive from the a base type that must be a
       subtype of `ControlFlowElement`. So if we make `ControlFlowElement`
       an IPA type, we cannot write:
       ```
       class AssignTree extends PostOrderTree instanceof AssignExpr { ... }
       ```
       because `AssignExpr` is not a subtype of PostOrderTree (since
       PostOrderTree is now a subtype of the new IPA type).

       To fix this, Tom suggested the following (which is implemented in
       this PR):
       1. Create a copy of the CFG tree classes (i.e., Pre/PostOrderTree,
          LeafTree, etc.) and call them AstPreOrderTree/AstPostOrderTree,
          AstLeafTree, etc.
       2. For each tree AstTree from step 1, create a instance of the
          internal CFG library's appropriate class.
       3. In `ControlFlowGraphImpl`, proceed as normal with virtual
          dispatch using `instanceof`, but extend the AstTree classes
          from step 1 instead of the CFG's own tree classes.

       This works because each AstTree implements one of the CFG
       library's tree classes (as per step 2).
       This commit performs step 1 and 2. Step 3 will be the next commit.
 2022-05-25 13:39:48 +01:00
Mathias Vorreiter Pedersen
ab268514a1 Swift: Create a custom IPA type for 'ControlFlowElement's and fixup various type annotations. 2022-05-25 13:39:48 +01:00
Tom Hvitved
4f95abc4f6 Python: Update expected test output 2022-05-25 14:39:37 +02:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
Tom Hvitved
a4023b8a1d Data flow: Make PathGraph::edges/2 and PathNode::getASuccessor/1 consistent 2022-05-25 14:39:37 +02:00
Tom Hvitved
42f05dadc4 Data flow: Sync files 2022-05-25 14:21:22 +02:00
Tom Hvitved
3d072abcff Data flow: Fix bad join in prohibitsUseUseFlow 
Before
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@fdf8bdrq:
              6099   ~0%    {2} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.2, In.0
         787252695   ~2%    {3} r2 = JOIN r1 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, true, Lhs.1
        5360462712   ~0%    {4} r3 = JOIN r2 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_021#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, true, Lhs.0
              7132   ~2%    {2} r4 = JOIN r3 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb ON FIRST 3 OUTPUT Lhs.0, Lhs.3

              5869  ~25%    {1} r5 = JOIN r4 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              1263   ~9%    {1} r6 = JOIN r4 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1

              7132  ~52%    {1} r7 = r5 UNION r6
             29593  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                            return r8
```

After
```
Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@aa7a37lj:
         6099   ~4%    {3} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.0, true, In.2
         8434   ~5%    {2} r2 = JOIN r1 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2

         5869   ~5%    {3} r3 = JOIN r2 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         1278   ~6%    {3} r4 = JOIN r2 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1

         7147   ~6%    {3} r5 = r3 UNION r4
         7147  ~57%    {2} r6 = JOIN r5 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2
         5892  ~26%    {1} r7 = JOIN r6 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff ON FIRST 2 OUTPUT Lhs.0
        29589  ~26%    {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2
                       return r8
```
 2022-05-25 14:21:22 +02:00
Erik Krogh Kristensen
ed907f6f63 add CWE-940 to js/missing-origin-check 2022-05-25 14:15:48 +02:00