hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,078 Commits 1,679 Branches 158 Tags
codeql-cli/v2.11.6
Commit Graph

47078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
e29fe54b3c Swift: remove redudant import 2022-10-18 12:35:35 +02:00
Paolo Tranquilli
f4f5e3e382 Swift: remove redundant module namespace 2022-10-18 12:32:31 +02:00
Paolo Tranquilli
af3f782ad5 Swift: fix TypeDecl.qll 2022-10-18 12:21:06 +02:00
Paolo Tranquilli
581939d139 Swift: replace non-genereated Base suffixes 
This is the effect of running
```
find swift/ql/lib/codeql/swift/elements -type f | xargs sed -ri 's/\b([A-Z]\w+)Base\b/Generated::\1/g'
```
followed by reformatting.
 2022-10-18 12:21:06 +02:00
Paolo Tranquilli
307c885c1f Swift: use Generated:: instead of Base suffix 
This commit changes `codegen` and the generated classes.
 2022-10-18 12:21:06 +02:00
Chris Smowton
2713b3ee06 Comment extraction: don't treat anonymous classes differently 2022-10-18 11:10:29 +01:00
Calum Grant
643cfced6a Merge pull request #10837 from github/calumgrant/ruby-frameworks2 
Ruby: Add more frameworks to the list of supported frameworks
 2022-10-18 11:06:14 +01:00
Tamás Vajk
0069fd9681 Merge pull request #10860 from tamasvajk/kotlin-clinit-static 
Kotlin: Add `static` modifier to `clinit`
 2022-10-18 11:39:34 +02:00
Chris Smowton
50f99d8e82 Don't produce interface forwarders directed at an abstract target 2022-10-18 10:31:01 +01:00
erik-krogh
8a3e255e12 remove FPs in rb/stored-xss from spurious sources 2022-10-18 11:07:48 +02:00
Chris Smowton
67aa6c7737 Merge pull request #10822 from smowton/smowton/feature/kotlin-collection-literals 
Koltin: support collection literals
 2022-10-18 09:45:59 +01:00
erik-krogh
e47e20c5e7 remove use of HtmlSafeCall from tests 2022-10-18 10:43:24 +02:00
erik-krogh
5a98f66bef simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink 2022-10-18 10:43:22 +02:00
Alex Denisov
0c3fd9fdcf Swift: %/\t/\s/ 2022-10-18 10:17:02 +02:00
Alex Denisov
ad9f5efcd7 Swift: stream directly instead of using intermediate string 2022-10-18 10:15:16 +02:00
Alex Denisov
eba7f1a744 Swift: simplify Bazel a bit 2022-10-18 10:04:50 +02:00
Tom Hvitved
19bcd287cb Merge pull request #10867 from hvitved/ruby/orm-tracking-redundant-additional-step 
Ruby: Remove redundant additional flow step from `OrmTracking::Configuration`
 2022-10-18 10:03:51 +02:00
Tom Hvitved
d362296f1c Merge pull request #10864 from hvitved/ruby/get-a-barrier-node-join-fix 
Ruby: Fix bad join-order in `BarrierGuard::getABarrierNode`
 2022-10-18 10:03:02 +02:00
Alex Denisov
a3b5f2239d Swift: do not use C casts 2022-10-18 10:01:02 +02:00
Alex Denisov
44c26be2c4 Swift: make dealing with CF types typesafe 2022-10-18 09:53:06 +02:00
Tom Hvitved
1266d248ed Ruby: Remove redundant additional flow step from OrmTracking::Configuration 2022-10-18 09:33:29 +02:00
Tamas Vajk
b67a8877a7 Kotlin: Add static modifier to clinit 2022-10-18 09:26:06 +02:00
Alex Denisov
d97669f9aa Swift: add CMake target for xcode-autobuilder 2022-10-18 09:22:40 +02:00
Alex Denisov
6d754c42d7 Swift: do not use relative include paths 2022-10-18 09:14:48 +02:00
Alex Denisov
023fea68d0 Merge branch 'main' into alexdenisov/xcode-autobuilder 2022-10-18 09:12:47 +02:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Jami Cogswell
5f39888a2d minor code restructure 2022-10-17 16:28:06 -04:00
Tom Hvitved
6c765a95ff Ruby: Fix bad join-order in BarrierGuard::getABarrierNode 
Before
```
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@6c9d334e with tuple counts:
                 0   ~0%    {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0

            554860   ~0%    {2} r2 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

                 1   ~0%    {1} r3 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

                 1   ~0%    {1} r4 = r1 UNION r3

                 7   ~0%    {1} r5 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

           3045081   ~1%    {3} r6 = JOIN DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
           3045081   ~1%    {3} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
            554860   ~1%    {3} r8 = JOIN r7 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        1462917146   ~0%    {3} r9 = JOIN r8 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
           5082692   ~1%    {4} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Rhs.2, Lhs.1

                33   ~0%    {1} r11 = JOIN r10 WITH BarrierGuards#2462899b::stringConstArrayInclusionCall#3#fff ON FIRST 3 OUTPUT Lhs.3

                57   ~0%    {1} r12 = JOIN r10 WITH BarrierGuards#2462899b::stringConstCompare#3#fff ON FIRST 3 OUTPUT Lhs.3

                90   ~0%    {1} r13 = r11 UNION r12
                97   ~0%    {1} r14 = r5 UNION r13
                98   ~0%    {1} r15 = r4 UNION r14
                            return r15
```

After
```
[2022-10-17 20:35:01] Evaluated non-recursive predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar in 65ms (size: 98).
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar with tuple counts:
             0   ~0%    {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0

            33   ~0%    {1} r2 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3

            33   ~0%    {1} r3 = r1 UNION r2

            57   ~1%    {1} r4 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3

        554860   ~0%    {2} r5 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1

             1   ~0%    {1} r6 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

             7   ~0%    {1} r7 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1

             8   ~0%    {1} r8 = r6 UNION r7
            65   ~2%    {1} r9 = r4 UNION r8
            98   ~1%    {1} r10 = r3 UNION r9
                        return r10
```
 2022-10-17 20:39:30 +02:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
baaa06391c Extract interface forwarders with public visiblity 2022-10-17 18:43:12 +01:00
Chris Smowton
1613e47388 Improve and accept changes to compiler-generated methods test 2022-10-17 18:43:11 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
fff9a75ff8 Accept test changes 2022-10-17 18:38:13 +01:00
Chris Smowton
4201031ae0 Restrict interface override synthesis to cases where both the overriding class and the interface are Kotlin-defined. 
If the interface is Java-defined and it provides a default interface implementation then real class-file default methods are being used and kotlinc won't synthesise anything. If the loaded .class file wasn't made by Kotlin, then we see all the real methods and there is no need to synthesise anything either.
 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
595a66a3a4 Fix extraction of primitive-typed arrays 2022-10-17 18:29:59 +01:00
Chris Smowton
ecb3788467 Make useAnonymousClass private 2022-10-17 18:24:04 +01:00
Chris Smowton
f358be85eb Accept test changes 2022-10-17 18:23:10 +01:00
Chris Smowton
9611fea479 Fix mistaking unspecialised for raw types, and failing to account for an empty declaration stack 2022-10-17 18:22:41 +01:00
Geoffrey White
040d72e7f1 Merge pull request #10857 from geoffw0/locationstring 
Swift: Give Location a useful toString
 2022-10-17 18:10:51 +01:00
james
d917416479 fix document anchor in codeql-library-for-ruby 2022-10-17 16:51:48 +01:00
James Fletcher
4d7195509c Merge branch 'main' into lgtm-cli-vs-code 2022-10-17 16:24:29 +01:00
james
51c0287905 address review comments 2022-10-17 16:19:15 +01:00
Paolo Tranquilli
3a99b9845e Merge pull request #10856 from github/redsun82/swift-show-ql-class-in-collapsed-hierarchy-tests 
Swift: show QL class in generated tests on collapsed hierarchies
 2022-10-17 16:38:24 +02:00
Chris Smowton
eb97735568 Merge pull request #10797 from smowton/smowton/fix/byte-short-inversion 
Kotlin: fix bit-inversion operator for Byte and Short types
 2022-10-17 15:05:57 +01:00
Chris Smowton
e1c93c9284 Merge pull request #10816 from smowton/smowton/fix/kotlin-adapted-function-references 
Kotlin: extract function references using compiler-generated adapters
 2022-10-17 15:05:16 +01:00
erik-krogh
bb4bc55c6a update expected output 2022-10-17 15:52:21 +02:00
Geoffrey White
dcf254a9e3 Swift: Make QL-for-QL happy. 2022-10-17 14:23:28 +01:00
Taus
f5b2eb94a6 Merge pull request #10783 from yoff/python/subscript-nodes 
Python: API graph improvements for subscripts
 2022-10-17 15:21:56 +02:00
Tamas Vajk
21c13fb9a3 Kotlin: Exclude variables of live literals from java/field-masks-super-field 2022-10-17 15:07:44 +02:00