hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.6
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
228c0e221d Merge branch 'main' into nsstring 2023-03-01 09:12:36 +00:00
Geoffrey White
11e0efee68 Merge pull request #12308 from geoffw0/taintplusequals2 
Swift: Model assignment operators (+= etc)
 2023-03-01 09:02:29 +00:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Tony Torralba
4e7dbbf5f0 Add stubs 2023-03-01 09:48:33 +01:00
Tom Hvitved
92359e539b Fix another bad join 
Before
```
[2023-03-01 08:19:51] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 in 6751ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 with tuple counts:
         3872025  ~3%    {2} r1 = JOIN _CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_DataFlowPrivate#462ff392::Cached::TExprNode#ff#shared WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         3637917  ~0%    {2} r2 = JOIN r1 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          679799  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Method#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
         3069328  ~0%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        22039083  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10051483  ~0%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~5%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10057538  ~5%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::SelfVariableAccessCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~0%    {3} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10033937  ~1%    {3} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           83281  ~2%    {2} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                         return r11
```

After
```
[2023-03-01 08:31:20] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q in 161ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q with tuple counts:
         23680  ~2%    {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0
         23680  ~2%    {1} r2 = STREAM DEDUP r1
         23680  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.0
         54790  ~4%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        202490  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         98332  ~5%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         83491  ~1%    {2} r7 = JOIN r6 WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
         83584  ~0%    {2} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83584  ~0%    {2} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83265  ~2%    {2} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                       return r10
```
 2023-03-01 08:34:07 +01:00
Aditya Sharad
aa6c60abfc Merge pull request #12342 from github/codeql-cli-2.12.3-mergeback 
Mergeback: codeql-cli-2.12.3 into main
 2023-02-28 10:30:51 -08:00
Felicity Chapman
6224d6ce31 Merge branch 'codeql-cli-2.12.3' into codeql-cli-2.12.3-mergeback 2023-02-28 17:08:49 +00:00
Mathias Vorreiter Pedersen
a96145a4ac Merge pull request #12340 from MathiasVP/remove-uncertain-write-def-input-predicate 
C++: Remove dead code
 2023-02-28 17:07:17 +00:00
Mathias Vorreiter Pedersen
d5b0ad6bfc C++: Remove cached predicate that's no longer used. 2023-02-28 16:20:29 +00:00
Michael B. Gale
49039246e1 Apply ql-for-ql suggestion 2023-02-28 15:55:50 +00:00
Michael B. Gale
f22c86442e Fix expected test output for Windows tests 2023-02-28 15:53:52 +00:00
Jeroen Ketema
2f797fffc1 C++: Add copy of dataflow docs for new use-use dataflow library 2023-02-28 16:48:26 +01:00
Michael B. Gale
fea29d5172 Refactor to avoid public setters 2023-02-28 15:22:36 +00:00
Erik Krogh Kristensen
f3f5f6eacf Merge pull request #12190 from erik-krogh/fix-erb 
JS: Actually extract `.html.erb` files.
 2023-02-28 16:11:32 +01:00
Mathias Vorreiter Pedersen
075a83c987 Stage stats before on 'ExecTainted.ql' before: 
```
1	10	1 Fwd	609968	1398	-1	94	769936	ExecTaintConfiguration
2	15	1 Rev	239464	774	-1	52	320663	ExecTaintConfiguration
3	20	2 Fwd	205794	511	650	39	18576546	ExecTaintConfiguration
4	25	2 Rev	161966	351	428	39	13639502	ExecTaintConfiguration
5	30	3 Fwd	31889	322	791	39	5982574	ExecTaintConfiguration
6	35	3 Rev	30068	303	661	39	4181421	ExecTaintConfiguration
7	40	4 Fwd	24031	232	1432	39	14725618	ExecTaintConfiguration
8	45	4 Rev	21506	219	907	39	5962780	ExecTaintConfiguration
9	50	5 Fwd	20149	204	1527	38	8350094	ExecTaintConfiguration
10	55	5 Rev	20102	204	1472	38	7515307	ExecTaintConfiguration
11	60	6 Fwd	19950	200	904	33	9673369	ExecTaintConfiguration
12	65	6 Rev	18431	200	901	33	7030957	ExecTaintConfiguration
```

Stage stats after:
```
1	10	1 Fwd	368610	699	-1	65	445199	ExecTaintConfiguration
2	15	1 Rev	112848	336	-1	23	150522	ExecTaintConfiguration
3	20	2 Fwd	91528	219	270	22	4120713	ExecTaintConfiguration
4	25	2 Rev	66017	141	159	22	2657398	ExecTaintConfiguration
5	30	3 Fwd	12161	119	208	22	792468	ExecTaintConfiguration
6	35	3 Rev	11640	111	167	22	569193	ExecTaintConfiguration
7	40	4 Fwd	11423	109	331	22	1203871	ExecTaintConfiguration
8	45	4 Rev	10851	107	323	22	904017	ExecTaintConfiguration
9	50	5 Fwd	10694	107	763	22	2428404	ExecTaintConfiguration
10	55	5 Rev	10332	104	735	22	2355698	ExecTaintConfiguration
11	60	6 Fwd	10302	104	729	22	5772762	ExecTaintConfiguration
12	65	6 Rev	9482	102	725	22	4020951	ExecTaintConfiguration
```
 2023-02-28 15:05:29 +00:00
Mathias Vorreiter Pedersen
8dd0bdbdb0 C++: Rename 'fst' and 'snd' to 'incoming' and 'outgoing'. 2023-02-28 15:05:18 +00:00
Felicity Chapman
770326e770 Merge pull request #12321 from github/fc-7775-docs-update 
CodeQL extension for VS Code docs update
 2023-02-28 14:59:46 +00:00
Jeroen Ketema
5845528bae Merge pull request #12336 from jketema/docs-examples 
C++: Add tests for all dataflow examples that occur in our docs
 2023-02-28 15:45:46 +01:00
Alex Denisov
97d5401118 Swift: extract mangler into a separate class 2023-02-28 15:29:44 +01:00
Michael B. Gale
e3762c7f93 Move Language class to Semmle.Util 2023-02-28 14:16:33 +00:00
Felicity Chapman
a7d221cdab Update docs/codeql/reusables/beta-note-mrva.rst 2023-02-28 14:12:57 +00:00
Michael B. Gale
e60676fbde Fix IDisposable contract violation 2023-02-28 13:56:06 +00:00
Jeroen Ketema
3014f207f3 C++: Add tests for all dataflow examples that occur in our docs 2023-02-28 14:45:00 +01:00
Mathias Vorreiter Pedersen
484f761c6d Merge pull request #12316 from MathiasVP/no-taint-indirect-direct-conflation 
C++: Remove indirect -> direct taint-flow
 2023-02-28 13:43:04 +00:00
Anders Schack-Mulligen
5469a82efb Go,Java,Python: Fix some tests. 2023-02-28 14:31:00 +01:00
Michael Nebel
734001b7c4 Merge pull request #12334 from michaelnebel/csharp/staticinitialisers 
C#: Update query to handle static field writes from properties.
 2023-02-28 14:10:46 +01:00
Geoffrey White
d5952a174e Merge pull request #12329 from geoffw0/network 
Swift: Modernize the cleartext-* queries
 2023-02-28 13:04:10 +00:00
Michael Nebel
51746627d2 C#: Address review comments. 2023-02-28 13:38:34 +01:00
Felicity Chapman
aba7440293 Update docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 12:29:16 +00:00
Felicity Chapman
832dc27b08 Update docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 12:22:26 +00:00
Michael Nebel
4ef866b3a3 C#: Add change note. 2023-02-28 13:21:31 +01:00
Michael Nebel
baea74fa1b C#: Add new testexamples and update expected testoutput. 2023-02-28 13:21:31 +01:00
Michael Nebel
621674e82e C#: Update cs/static/field-written-by-instance to handle properties. 2023-02-28 13:21:30 +01:00
Chris Smowton
687f3c6b2e Merge pull request #12330 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-02-28 11:27:00 +00:00
Felicity Chapman
0af529ed7b Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-28 11:12:29 +00:00
Kasper Svendsen
86925646f3 ReflectedXss: Prevent bad join order 2023-02-28 12:06:27 +01:00
Mathias Vorreiter Pedersen
d93d22ba3e C++: Fix FPs in 'cpp/non-constant-format'. 2023-02-28 10:05:05 +00:00
Michael Nebel
2db3694015 C#: Add code comment explaining the exclusion of the declared accessibility extraction for file scoped types. 2023-02-28 11:02:38 +01:00
Mathias Vorreiter Pedersen
1e5b235f4b C++: Accept test changes in 'cpp/non-constant-format'. These are actually FPs. 2023-02-28 10:02:32 +00:00
Felicity Chapman
b21253732b Update for review feedback 2023-02-28 09:58:51 +00:00
Mathias Vorreiter Pedersen
85c7116e8f C++: Fix the following join (I canceled it mid-way): 
```
Tuple counts for SsaInternals#7b362d2f::getAPriorDefinition#1#ff/2@bfabfc7o after 11.4s:
  1000      ~4%     {2} r1 = SCAN Ssa#da392372::Make#SsaInternals#7b362d2f::SsaInput#::Definition::definesAt#3#dispred#ffff OUTPUT In.1, In.0
  474321529 ~0%     {4} r2 = JOIN r1 WITH SsaInternals#7b362d2f::DefOrUse::hasIndexInBlock#3#dispred#ffff_3012#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.2, Rhs.3, Rhs.1
  0         ~0%     {2} r3 = JOIN r2 WITH SsaInternals#7b362d2f::SsaCached::lastRefRedef#4#ffff ON FIRST 3 OUTPUT Lhs.3, Rhs.3
  0         ~0%     {2} r4 = JOIN r3 WITH SsaInternals#7b362d2f::nodeToDefOrUse#3#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'result'
  0         ~0%     {2} r5 = JOIN r4 WITH SsaInternals#7b362d2f::ssaDefinition#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'defOrUse', Lhs.1 'result'
                    return r5
```
 2023-02-28 09:53:37 +00:00
Anders Schack-Mulligen
64c60d59b1 Go: Fix compilation. 2023-02-28 09:57:22 +01:00
github-actions[bot]
b6f81fc938 Add changed framework coverage reports 2023-02-28 00:17:14 +00:00
Mathias Vorreiter Pedersen
04b84320c9 C++: Accept more query-test changes. 2023-02-28 00:06:35 +00:00
Geoffrey White
5110cf1e02 Swift: Convert some fiddly GRDB database sinks to CSV. 2023-02-27 23:31:48 +00:00
Geoffrey White
f289811473 Swift: Fix and autoformat. 2023-02-27 23:01:05 +00:00
Geoffrey White
ea4c2e4321 Swift: Add CSV extension points. 2023-02-27 23:01:05 +00:00
Geoffrey White
c533334470 Swift: Implementation classes should be private. 2023-02-27 23:01:04 +00:00
Geoffrey White
c21ec1c3f5 Swift: Standardize the taint sources, sinks, sanitizers. 2023-02-27 23:01:04 +00:00
Geoffrey White
6928e62d8b Swift: Split the three sensitive exprs queries into separate QL and QLL files. 2023-02-27 23:01:04 +00:00