hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,684 Branches 159 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
4913a7a911 Merge branch 'main' into js/resource-exhaustion-no-buffer.from 2022-05-25 09:25:00 +02:00
ihsinme
57127a5343 Update cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousUseMbtowc.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-25 09:38:02 +03:00
Michael Nebel
9cab92b16f C#: Update flow summaries test after rebase. The rebase included a fix to the isAutoGenerated predicate, which means that a summary is only considered autogenerated, if no hand-written version exist. This affects the printing as well. 2022-05-25 08:28:15 +02:00
Michael Nebel
5b405bb4cf C#: Update FlowSummaries test with generated printing (needed due to rebase). 2022-05-25 08:28:15 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
75532432af C#: Update flow summaries test (note that the test doesn't correctly print the generated flag at the moment). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
268230ef19 C#: Add QlDoc to the Generated file. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
d9c7ba471d C#: Update taint steps test as the generated models now include a model for the getters for KeyValuePair (we only had manual summaries for the constructor). 2022-05-25 08:28:14 +02:00
Michael Nebel
f8e729025f C#: Add generated Dotnet Runtime summary models that allows to up two reads and two stores and update flow summaries test. 2022-05-25 08:28:14 +02:00
Michael Nebel
3b62b45ea8 C#: Add generated framework models to ExternalFlow. 2022-05-25 08:28:14 +02:00
Tom Hvitved
efda248bea Merge pull request #9315 from michaelnebel/swift/dataflowsync 
Swift: Sync changes to DataFlowImplCommon from PR #9024.
 2022-05-25 08:24:15 +02:00
Michael Nebel
5f3a039c65 Swift: Sync changes to DataFlowImplCommon from PR #9024. 2022-05-25 08:05:22 +02:00
Erik Krogh Kristensen
2da001ebd7 bump TypeScript version to stable release 2022-05-24 22:55:59 +02:00
Robert Marsh
8cc509e5e9 Merge pull request #9275 from MathiasVP/swift-add-dataflow-lib 
Swift: Add shared dataflow library
 2022-05-24 15:11:42 -04:00
Robert Marsh
54ac36718c Merge pull request #9284 from MathiasVP/more-cfg-for-exprs 
Swift: CFG for `TypeExpr`, `MemberRefExpr`, `DefaultArgumentExpr` and `ForceValueExpr`
 2022-05-24 14:51:26 -04:00
Chris Smowton
98ef22358e Merge pull request #9213 from smowton/smowton/fix/inherited-single-abstract-method 
Kotlin: fix implementation of SAM classes that inherit their abstract method
 2022-05-24 18:22:55 +01:00
Rasmus Wriedt Larsen
ae65af2c07 Ruby: Fix Argument[any] in Hash.qll 
With this PR, `self` have to be explicitly added. A few edges were
removed, and I don't know why. It doesn't seem to affect results, so I
did not worry too much.
 2022-05-24 18:09:52 +02:00
Rasmus Wriedt Larsen
04ac466189 Merge branch 'main' into ruby-mad-argument-self 2022-05-24 18:04:02 +02:00
Rasmus Wriedt Larsen
911ddb9b2c Dataflow: Sync DataFlowImplCommon 2022-05-24 17:39:23 +02:00
Rasmus Wriedt Larsen
c9a833fc07 Ruby: Fix performance for argumentPositionMatch 
before

[2022-05-24 17:29:07] (50s) Tuple counts for DataFlowImplCommon::argumentPositionMatch#4f8df883#fff/3@03b4073c after 35.8s:
                      156250456 ~2%     {4} r1 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff CARTESIAN PRODUCT OUTPUT Rhs.2, Lhs.0 'ppos', Rhs.0, Rhs.1 'call'

                      0         ~0%     {3} r2 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyKeywordArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call'
                      0         ~0%     {3} r3 = JOIN r2 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.2 'call', Lhs.1 'arg', Lhs.0 'ppos'

                      156250456 ~2%     {4} r4 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff CARTESIAN PRODUCT OUTPUT Lhs.0 'ppos', Rhs.0, Rhs.1 'call', Rhs.2

                      252424    ~0%     {4} r5 = JOIN r4 WITH DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      121009    ~0%     {3} r6 = JOIN r5 WITH DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      121009    ~0%     {3} r7 = r3 UNION r6

                      252424    ~0%     {4} r8 = JOIN r4 WITH DataFlowDispatch::Cached::TBlockParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      11764     ~5%     {3} r9 = JOIN r8 WITH DataFlowDispatch::Cached::TBlockArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      252424    ~2%     {4} r10 = JOIN r4 WITH DataFlowDispatch::Cached::TAnyKeywordParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      20865     ~2%     {3} r11 = JOIN r10 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.3 'call', Lhs.2 'arg', Lhs.1 'ppos'

                      32629     ~4%     {3} r12 = r9 UNION r11
                      153638    ~4%     {3} r13 = r7 UNION r12

                      252424    ~1%     {4} r14 = JOIN r4 WITH DataFlowDispatch::Cached::TAnyParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call', Lhs.3
                      131415    ~0%     {4} r15 = r14 AND NOT DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f(Lhs.3)
                      131415    ~0%     {3} r16 = SCAN r15 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      0         ~0%     {4} r17 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call', Lhs.0
                      0         ~0%     {4} r18 = r17 AND NOT DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f(Lhs.0 'ppos')
                      0         ~0%     {3} r19 = SCAN r18 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      131415    ~0%     {3} r20 = r16 UNION r19

                      5553328   ~5%     {5} r21 = JOIN r4 WITH DataFlowDispatch::Cached::TPositionalParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      98201     ~0%     {3} r22 = JOIN r21 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.4 'call', Lhs.3 'arg', Lhs.2 'ppos'

                      149435008 ~0%     {5} r23 = JOIN r4 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call'
                      17930     ~3%     {3} r24 = JOIN r23 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.4 'call', Lhs.3 'arg', Lhs.2 'ppos'

                      252424    ~0%     {5} r25 = JOIN r4 WITH DataFlowDispatch::Cached::TPositionalParameterLowerBoundPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Lhs.0 'ppos', Lhs.1 'arg', Lhs.2 'call', Rhs.1
                      98786     ~0%     {6} r26 = JOIN r25 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.2 'arg', Lhs.3 'call', Lhs.0, Lhs.4, Rhs.1
                      98786     ~0%     {6} r27 = SELECT r26 ON In.5 >= In.4
                      98786     ~3%     {3} r28 = SCAN r27 OUTPUT In.2 'call', In.1 'arg', In.0 'ppos'

                      116716    ~0%     {3} r29 = r24 UNION r28
                      214917    ~0%     {3} r30 = r22 UNION r29
                      346332    ~0%     {3} r31 = r20 UNION r30
                      499970    ~1%     {3} r32 = r13 UNION r31
                                        return r32

now

[2022-05-24 17:26:06] (14s) Tuple counts for DataFlowImplCommon::argumentPositionMatch#4f8df883#fff/3@97d3444p after 149ms:
                      1000304 ~9%     {2} r1 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowDispatch::Cached::TArgumentPosition#36b84300#f CARTESIAN PRODUCT OUTPUT Lhs.0 'ppos', Rhs.0

                      1616    ~0%     {2} r2 = JOIN r1 WITH DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1       ~0%     {2} r3 = JOIN r2 WITH DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      1616    ~5%     {2} r4 = JOIN r1 WITH DataFlowDispatch::Cached::TBlockParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1       ~0%     {2} r5 = JOIN r4 WITH DataFlowDispatch::Cached::TBlockArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      2       ~0%     {2} r6 = r3 UNION r5

                      1616    ~0%     {2} r7 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyKeywordParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'
                      1533    ~0%     {2} r8 = JOIN r7 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'ppos'

                      1000304 ~0%     {2} r9 = JOIN DataFlowDispatch::Cached::TParameterPosition#36b84300#f WITH DataFlowDispatch::Cached::TArgumentPosition#36b84300#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'ppos'

                      619     ~0%     {2} r10 = JOIN r9 WITH DataFlowDispatch::Cached::TAnyKeywordArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0
                      592     ~0%     {2} r11 = JOIN r10 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_1#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos'

                      2125    ~1%     {2} r12 = r8 UNION r11
                      2127    ~1%     {2} r13 = r6 UNION r12

                      1616    ~0%     {2} r14 = JOIN r1 WITH DataFlowDispatch::Cached::TAnyParameterPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.0 'ppos', Lhs.1
                      1615    ~0%     {2} r15 = r14 AND NOT DataFlowDispatch::Cached::TSelfArgumentPosition#36b84300#f(Lhs.1)
                      1615    ~2%     {2} r16 = SCAN r15 OUTPUT In.1, In.0 'ppos'

                      619     ~0%     {2} r17 = JOIN r9 WITH DataFlowDispatch::Cached::TAnyArgumentPosition#36b84300#f ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0
                      618     ~0%     {2} r18 = r17 AND NOT DataFlowDispatch::Cached::TSelfParameterPosition#36b84300#f(Lhs.0 'ppos')
                      618     ~0%     {2} r19 = SCAN r18 OUTPUT In.1, In.0 'ppos'

                      2233    ~0%     {2} r20 = r16 UNION r19

                      35552   ~0%     {3} r21 = JOIN r1 WITH DataFlowDispatch::Cached::TPositionalParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 'ppos'
                      22      ~0%     {2} r22 = JOIN r21 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.1, Lhs.2 'ppos'

                      956672  ~0%     {3} r23 = JOIN r1 WITH DataFlowDispatch::Cached::TKeywordParameterPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 'ppos'
                      592     ~0%     {2} r24 = JOIN r23 WITH DataFlowDispatch::Cached::TKeywordArgumentPosition#36b84300#ff ON FIRST 2 OUTPUT Lhs.1, Lhs.2 'ppos'

                      1616    ~0%     {3} r25 = JOIN r1 WITH DataFlowDispatch::Cached::TPositionalParameterLowerBoundPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'ppos', Rhs.1
                      79      ~0%     {4} r26 = JOIN r25 WITH DataFlowDispatch::Cached::TPositionalArgumentPosition#36b84300#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'ppos', Lhs.0, Lhs.2, Rhs.1
                      79      ~0%     {4} r27 = SELECT r26 ON In.3 >= In.2
                      79      ~1%     {2} r28 = SCAN r27 OUTPUT In.1, In.0 'ppos'

                      671     ~0%     {2} r29 = r24 UNION r28
                      693     ~0%     {2} r30 = r22 UNION r29
                      2926    ~0%     {2} r31 = r20 UNION r30
                      5053    ~0%     {2} r32 = r13 UNION r31
                      499970  ~6%     {3} r33 = JOIN r32 WITH DataFlowImplCommon::ArgNode::argumentOf#dispred#f0820431#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.2 'call', Rhs.1 'arg', Lhs.1 'ppos'
                                      return r33
 2022-05-24 17:31:36 +02:00
Ian Lynagh
2e1db7ddcd Merge pull request #9290 from igfoo/igfoo/kotlin1.7 
Kotlin: Add support for the 1.7 RC
 2022-05-24 16:16:19 +01:00
Nick Rolfe
dd52a70454 Merge pull request #9292 from github/nickrolfe/cfg_scope 
Ruby: rename CfgScope::Range_ to CfgScopeImpl
 2022-05-24 15:53:16 +01:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix 
C#: Summarized callable
 2022-05-24 16:36:44 +02:00
Anders Schack-Mulligen
a3177368f0 Java: Add support for BarrierGuards as parameterised modules. 2022-05-24 16:36:03 +02:00
Jeroen Ketema
1075a141a4 Merge pull request #9293 from jketema/query-typo 
C++: Fix missing closing quote in `cpp/potential-buffer-overflow` qldoc
 2022-05-24 16:16:57 +02:00
Ian Lynagh
81e876a27b Kotlin: Update build.gradle to include the 1.7.0 RC 2022-05-24 15:14:17 +01:00
Ian Lynagh
d7c17b2bac Kotlin: Add more withHasQuestionMark.kt's 2022-05-24 15:12:29 +01:00
Ian Lynagh
398f86bcc3 Kotlin: Build system tweaks 2022-05-24 15:11:35 +01:00
Ian Lynagh
f46a7c0a0f Kotlin: Add 1.7.0 RC 2022-05-24 15:11:13 +01:00
Ian Lynagh
846edf825a Kotlin: Use withHasQuestionMark wrapper 2022-05-24 15:10:39 +01:00
Ian Lynagh
807f03a878 Kotlin: Add withHasQuestionMark for older releases 2022-05-24 15:10:39 +01:00
Ian Lynagh
4448ba1111 Kotlin: Add compatibility source for 1.7.0-RC 2022-05-24 15:10:39 +01:00
Ian Lynagh
078733c5fe Merge pull request #9263 from tamasvajk/kotlin-versions 
Kotlin: Add support for versions 1.5.0, 1.5.10, and 1.5.21
 2022-05-24 15:10:09 +01:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Jeroen Ketema
f93fde564b C++: Fix missing closing quote in cpp/potential-buffer-overflow qldoc 2022-05-24 15:36:37 +02:00
Nick Rolfe
4b4a15c1b6 Ruby: rename CfgScope::Range_ to CfgScopeImpl 2022-05-24 14:34:44 +01:00
Chris Smowton
edb678f7d0 Rename function 2022-05-24 14:15:40 +01:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Tom Hvitved
d61f6453d0 Merge pull request #8942 from hvitved/ruby/dataflow/hashes 
Ruby: Data-flow through hashes
 2022-05-24 14:48:55 +02:00
Asger F
ced1d21405 JS: Add getters for DeclarationSpace members 2022-05-24 14:30:36 +02:00
Asger F
039a7ba828 JS: Handle .d.mts files when generating module bindings 2022-05-24 14:30:36 +02:00
Asger Feldthaus
a5f2c949d3 JS: Add UnionOrIntersectionTypeExpr 2022-05-24 14:30:36 +02:00
Asger F
ec55c84abf JS: Whitespace fixes in ASTExtractor 2022-05-24 14:30:36 +02:00