hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,820 Commits 1,690 Branches 160 Tags
codeql-cli/v2.12.7
Commit Graph

51820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
59a2aa817c Merge branch 'main' into nsstring 2023-02-27 22:34:04 +00:00
Geoffrey White
bb55456885 Merge branch 'main' into taintplusequals2 2023-02-27 22:33:26 +00:00
Mathias Vorreiter Pedersen
3906a1923b Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 18:40:04 +00:00
Mathias Vorreiter Pedersen
f9c724d9a3 Merge pull request #12325 from MathiasVP/gets-return-deref 
C++: Make `gets` indirect output a LocalFlowSource
 2023-02-27 18:39:36 +00:00
Arthur Baars
6c57823232 Merge branch 'main' into diagnostics-2 2023-02-27 19:00:03 +01:00
Jeroen Ketema
9c202f508f Merge pull request #12324 from jketema/taint-fix 
C++: Use correct DataFlow import in new TaintTracking.qll
 2023-02-27 18:37:46 +01:00
Geoffrey White
36a33bc718 Swift: Delete file that was resurrected by the merge. 2023-02-27 17:33:21 +00:00
Nick Rolfe
0f4df0da99 Merge pull request #12326 from RasmusWL/python-fix-expected 
Python: Fix expected of call-graph after merge
 2023-02-27 17:30:10 +00:00
Geoffrey White
296093ded6 Merge branch 'main' into nsstring 2023-02-27 17:26:57 +00:00
Mathias Vorreiter Pedersen
7bb806563f Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 17:19:36 +00:00
Mathias Vorreiter Pedersen
d90d895944 Merge pull request #12323 from MathiasVP/fix-enclosing-callable 
C++: Fix missing enclosing callables
 2023-02-27 17:19:06 +00:00
Erik Krogh Kristensen
50aa5e072a Merge pull request #12177 from erik-krogh/alias-html 
JS: More precise type-test sanitizer guards in unsafe-html-construction
 2023-02-27 18:16:11 +01:00
Mathias Vorreiter Pedersen
2a9133aae0 C++: Accept query-test changes. 2023-02-27 17:15:53 +00:00
Mathias Vorreiter Pedersen
d628905156 C++: Accept more test changes. 2023-02-27 17:13:23 +00:00
Felicity Chapman
1d13811e46 Revise troubleshooting article 2023-02-27 16:42:07 +00:00
Rasmus Wriedt Larsen
d198b91c82 Python: Fix expected of call-graph after merge 
Since the import resolution was fixed, but tests not rerun, these
expectations were not updated to reflect that we now handle them
properly 💪
 2023-02-27 17:38:28 +01:00
Edward Minnix III
7f607fb46b Merge pull request #12032 from egregius313/egregius313/promote-hardcoded-jwt-credential 
Java: Promote Hardcoded JWT credential query
 2023-02-27 11:33:53 -05:00
Mathias Vorreiter Pedersen
a4c075f03b C++: The data pointed to by 'gets' is also a source of user input. 2023-02-27 16:25:32 +00:00
Jeroen Ketema
b4f6d519db C++: Use correct DataFlow import in new TaintTracking.qll 
Using the IR version directly gives errors about conflicting imports if both
DataFlow and TaintTracking are imported.
 2023-02-27 17:22:12 +01:00
Felicity Chapman
8e4eb9ad46 Tweaks to mention variant analysis in related articles 2023-02-27 16:21:09 +00:00
erik-krogh
505168f24b fix upper-case .html.erb files 2023-02-27 17:19:43 +01:00
Felicity Chapman
49ec539b60 Updates following initial PM review 2023-02-27 16:07:28 +00:00
Mathias Vorreiter Pedersen
b36d4931f2 C++: Fix test annotation. 2023-02-27 15:47:52 +00:00
Felicity Chapman
29802af647 Fix typo in heading 2023-02-27 15:06:19 +00:00
Mathias Vorreiter Pedersen
d2f8cb6920 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into fix-enclosing-callable 2023-02-27 15:02:39 +00:00
Felicity Chapman
9bee9c003a Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2023-02-27 14:58:17 +00:00
Mathias Vorreiter Pedersen
31f3504113 C++: Remove this bad materialization: 
```
Evaluated relational algebra for predicate _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared@ec353boa with tuple counts:
  459594    ~0%     {2} r1 = JOIN _IRVariable#e9bf30b2::IRVariable::getAst#0#dispred#ff_Parameter#ed81dd8f::Parameter#f#shared WITH SsaInternalsCommon#3c4fa02d::BaseIRVariable::getIRVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'arg1', Rhs.1
  461383    ~2%     {3} r2 = JOIN r1 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'arg1', Lhs.1, Rhs.1
  477945    ~6%     {4} r3 = JOIN r2 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'arg1', Lhs.1, Rhs.1
  346338    ~2%     {4} r4 = JOIN r3 WITH SsaInternalsCommon#3c4fa02d::Indirection::getNumberOfIndirections#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1 'arg1', Lhs.2, Rhs.1 'arg2'
  178593374 ~0%     {4} r5 = JOIN r4 WITH CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'arg1', Lhs.3 'arg2', Rhs.1 'arg3'
  934806228 ~0%     {4} r6 = JOIN r5 WITH SsaInternals#50208335::DefOrUse::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.1 'arg1', Lhs.2 'arg2', Lhs.3 'arg3'
                    return r6

Tuple counts for _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs/4@305d42l5 after 25.6s:
  180185672 ~0%     {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.0 'arg3', Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2'
  180185672 ~0%     {5} r2 = JOIN r1 WITH SsaInternals#50208335::Def::getValue#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.0 'arg3'
  180185672 ~0%     {5} r3 = JOIN r2 WITH DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3'
  178459578 ~1%     {4} r4 = JOIN r3 WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3'
                    return r4

Tuple counts for SsaInternals#7b362d2f::TFinalParameterUse#dom#ff/2@9ff4dbcg after 7.9s:
  180185672 ~1%         {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3, Lhs.0
  1726094   ~0%         {4} r2 = r1 AND NOT _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs(Lhs.0 'p', Lhs.1, Lhs.2, Lhs.3)
  1726094   ~54%        {4} r3 = SCAN r2 OUTPUT In.0 'p', In.1, In.2, 1
  1769636   ~54%        {5} r4 = JOIN r3 WITH PRIMITIVE range#bbf ON Lhs.3,Lhs.1

  1769636   ~45%        {4} r5 = SCAN r4 OUTPUT In.2, (In.4 'indirectionIndex' + 1), In.0 'p', In.4 'indirectionIndex'
  591253    ~11541%     {2} r6 = JOIN r5 WITH SsaInternalsCommon#3c4fa02d::isModifiableAtImpl#2#ff ON FIRST 2 OUTPUT Lhs.2 'p', Lhs.3 'indirectionIndex'

  1769636   ~52%        {4} r7 = SCAN r4 OUTPUT In.2, In.0 'p', In.4 'indirectionIndex', (In.4 'indirectionIndex' + 1)
  1724893   ~41%        {5} r8 = JOIN r7 WITH CppType#d1355c92::CppType::hasType#2#dispred#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.0, Lhs.2 'indirectionIndex', Lhs.3
  1718843   ~46%        {5} r9 = JOIN r8 WITH Type#2e8eb3ef::Type::stripType#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4
  8608      ~0%         {5} r10 = JOIN r9 WITH SmartPointer#917721ba::SmartPtr#f ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4, Lhs.0
  8608      ~0%         {5} r11 = r10 AND NOT PointerWrapper#7cc81d2d::PointerWrapper::pointsToConst#0#dispred#f(Lhs.4)
  8608      ~4986%      {2} r12 = SCAN r11 OUTPUT In.0 'p', In.2 'indirectionIndex'

  599861    ~11711%     {2} r13 = r6 UNION r12
                        return r13
```
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
1db24dd28d C++: Fix missing types. We now assign the node corresponding to **p 
an `UnknownType`.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
4e16bb65e3 C++: Accept test changes. Because we now allocate _three_ indirect nodes 
for a value of type `void*` (i.e., `p`, `*p` and `**p`) we need to decide
on a type for the `**p` value. We will do this in the next commit.
 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
16ba4652af C++: Allocate an additional indirection for void pointers. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
f6b9ca3da6 C++: Add failing test. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
da4a059388 C++: Accept test changes. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
52e6e1dece C++: Fix flow through partial definitions. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
575ac46bf3 C++: Add failing test. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
b952f619db C++: Accept test changes. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
057e810122 C++: Fix flow through arrays. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
9d64c0a023 C++: Add failing test. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
1e4caca23a C++: Accept query changes. Nothing bad to see here. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
2cb4a554ea C++: Fix a bug in Expr <-> Node mapping. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
09df318e9e C++: Also track flow out of indirect sources. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
a806569b5f C++: The next commit is going to track flow out of both direct and indirect sources. This means we'll get a lot of duplication since there'll be flow from indirect source -> indirect sink and direct source -> direct sink (which both map to the same expressions). This commit changes the testing so that we only report a duplication when they're at different locations. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
5a8b900394 C++: Properly track smart pointer wrappers. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
64abf5b163 C++: Add conflation into DefaultTaintTracking. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
b951bf0f8f C++: Remove conflation from taint-tracking. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
a5bb093935 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-02-27 14:57:06 +00:00
Erik Krogh Kristensen
927c322b7b Merge pull request #11769 from erik-krogh/moreSan 
JS: Sanitizer for `sanitizer(x) === true`
 2023-02-27 15:48:34 +01:00
Mathias Vorreiter Pedersen
332b759873 Merge pull request #12275 from jketema/uniform-ssa 
Make "Detecting a potential buffer overflow" example more uniform
 2023-02-27 14:38:11 +00:00
Mathias Vorreiter Pedersen
1dd95a61c1 Merge pull request #12292 from github/calumgrant/aggregate-domain 
Query and tests for sum without domain
 2023-02-27 14:19:20 +00:00
Mathias Vorreiter Pedersen
7437de2909 C++: Fix issue where 'getEnclosingCallable' didn't exist for some globals. 2023-02-27 14:06:13 +00:00