hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,865 Commits 1,691 Branches 159 Tags
codeql-cli/v2.13.1
Commit Graph

53865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
34d3040ce2 Add change note 2023-04-17 12:59:14 +02:00
Asger F
e180b7e2ba Ruby: add locations for module object nodes 2023-04-17 12:49:35 +02:00
Asger F
8c0c335daf Ruby: update test output 2023-04-17 12:47:23 +02:00
Asger F
8363171f1f Ruby: Add MkModuleObject as API node for a module/class 2023-04-17 12:47:23 +02:00
Asger F
7332cec9a5 Ruby: fix missing 'self' parameters in ModuleNode.getAnImmediateReferenc 2023-04-17 12:47:23 +02:00
Asger F
29a20550f6 Ruby: use MkUse/MkDef for successors, use/def for predecessors 2023-04-17 12:47:23 +02:00
Asger F
13b1e97caa JS: Fix the ExtendCall restriction 2023-04-17 12:30:08 +02:00
Asger F
eafef91dbc JS: Update test output after ExtendCall restriction 2023-04-17 12:28:23 +02:00
Asger F
024760610a JS: Add prototype pollution test 2023-04-17 12:27:34 +02:00
Asger F
2f4a181a7d JS: revert path sanitizers in proto pollution query 2023-04-17 12:21:00 +02:00
Asger F
04079752f7 JS: update test output after adding 'this' sanitizer 2023-04-17 12:15:46 +02:00
Asger F
f87f6c8556 JS: Add test to unsafe jquery plugin 2023-04-17 12:15:05 +02:00
Asger F
b728f71b4b JS: Move 'this' sanitizer to customizations 2023-04-17 12:11:18 +02:00
Michael Nebel
e8e25b8e55 C#: Re-factor HashWithoutSalt to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
c7b0ae8490 C#: Re-factor the CollectionFlow test to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
518aceba64 Re-factor the Types testcase to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
388cb704d0 C#: Re-factor the CallSensitivityFlow test to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
eaddb627ef C#: Re-factor the GlobalFlow test to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
73ddc0530a C#: Re-factor InsecureSqlConnection to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
3687770dab C#: Re-factor AddCertToRootStore to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
ec68e91ba9 C#: Re-factor LambdaDataFlow to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
49d335695a C#: Re-factor FlowToDataSerializerConstructor to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
5964daa44d C#: Re-factor FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
a4ee35302d C#: Re-factor CookieOptionsTracking to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
b3de105665 C#: Re-factor TypeNameTracking to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
ee7d15ac5d C#: Re-factor ExponentialRegexDataFlow to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
8d5ca53126 C#: Re-refactor another SettingsDataFlow to use the new API. 2023-04-17 11:38:37 +02:00
Michael Nebel
5b8544343b C#: Re-factor SettingsDataFlow to use the new API. 2023-04-17 11:38:36 +02:00
Michael Nebel
5ea6cea894 C#: Re-factor DapperCommandDefinitionMethodCallSqlExpr to use the new API. 2023-04-17 11:38:36 +02:00
Paolo Tranquilli
fdd975b992 Merge pull request #12842 from github/redsun82/swift-qlgen-qldoc 
Swift: add QLdoc for generated `Raw` and `Synth` modules
 2023-04-17 10:57:54 +02:00
Mathias Vorreiter Pedersen
2a14479bf3 C++: Autoformat. 2023-04-17 09:34:44 +01:00
Mathias Vorreiter Pedersen
a87e67d89d C++: Fix join orders. 
Before:

```
Tuple counts for RangeAnalysisStage#38d7ce80::RangeStage#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisImpl#edd69a76::ConstantBounds#FloatDelta#0eab55d1::FloatOverflow#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::potentiallyOverflowingExpr#2#ff/2@36ed7auu after 42.1s:
    365        ~0%     {2} r1 = JOIN num#SemanticOpcode#e6f455a5::TNegate#f WITH SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs ON FIRST 1 OUTPUT false, Rhs.1 'expr'

    0          ~0%     {2} r2 = JOIN num#SemanticOpcode#e6f455a5::TSubOne#f WITH SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs ON FIRST 1 OUTPUT false, Rhs.1 'expr'

    365        ~0%     {2} r3 = r1 UNION r2

    0          ~0%     {2} r4 = JOIN num#SemanticOpcode#e6f455a5::TAddOne#f WITH project#SemanticExpr#91573b9a::SemKnownExpr#class#fff_10#join_rhs ON FIRST 1 OUTPUT true, Rhs.1 'expr'

    2          ~0%     {2} r5 = JOIN m#RangeAnalysisStage#38d7ce80::RangeStage#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisImpl#edd69a76::ConstantBounds#FloatDelta#0eab55d1::FloatOverflow#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::boundedPhiInp1#6#ffbfff WITH num#SemanticOpcode#e6f455a5::TMul#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'positively'
    22026      ~0%     {2} r6 = JOIN r5 WITH SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'positively', Rhs.1 'expr'

    2          ~0%     {2} r7 = JOIN m#RangeAnalysisStage#38d7ce80::RangeStage#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisImpl#edd69a76::ConstantBounds#FloatDelta#0eab55d1::FloatOverflow#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::boundedPhiInp1#6#ffbfff WITH num#SemanticOpcode#e6f455a5::TShiftLeft#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'positively'
    1978       ~0%     {2} r8 = JOIN r7 WITH SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'positively', Rhs.1 'expr'

    24004      ~0%     {2} r9 = r6 UNION r8
    24004      ~0%     {2} r10 = r4 UNION r9
    24369      ~0%     {2} r11 = r3 UNION r10

    2726       ~1%     {2} r12 = JOIN project#SemanticExpr#91573b9a::SemDivExpr#fffff WITH project#SemanticExpr#91573b9a::SemKnownExpr#class#fff#2 ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'expr'
    1900       ~2%     {2} r13 = JOIN r12 WITH SemanticType#3725723c::SemFloatingPointType#ff ON FIRST 1 OUTPUT false, Lhs.1 'expr'

    4500       ~0%     {1} r14 = JOIN SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs WITH num#SemanticOpcode#e6f455a5::TAdd#f ON FIRST 1 OUTPUT Lhs.1 'expr'

    0          ~0%     {1} r15 = JOIN SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs WITH num#SemanticOpcode#e6f455a5::TPointerAdd#f ON FIRST 1 OUTPUT Lhs.1 'expr'

    4500       ~0%     {1} r16 = r14 UNION r15
    4000       ~0%     {2} r17 = JOIN r16 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff#2 ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'expr'
    7000       ~0%     {2} r18 = JOIN r17 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'expr'

    1264       ~0%     {2} r19 = JOIN r18 WITH num#Sign#2ecc774b::TNeg#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'expr'
    188324151  ~0%     {2} r20 = JOIN r19 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'expr', Rhs.1
    1000       ~0%     {2} r21 = JOIN r20 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff ON FIRST 2 OUTPUT false, Lhs.0 'expr'

    2900       ~0%     {2} r22 = r13 UNION r21

    3259       ~2%     {2} r23 = JOIN r18 WITH num#Sign#2ecc774b::TPos#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'expr'
    1521124720 ~0%     {2} r24 = JOIN r23 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'expr', Rhs.1
    3000       ~2%     {2} r25 = JOIN r24 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff ON FIRST 2 OUTPUT true, Lhs.0 'expr'
```
(I stopped evaluation midway.)

After:

```ql
Evaluated relational algebra for predicate RangeAnalysisStage#38d7ce80::RangeStage#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisImpl#edd69a76::ConstantBounds#FloatDelta#0eab55d1::FloatOverflow#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::potentiallyOverflowingExpr#2#ff@dc3a0712 with tuple counts:
  26269   ~2%    {2} r1 = _SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs_m#RangeAnalysisStage#38d7ce80::R__#shared UNION _SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs_SemanticType#3725723c::SemFloati__#shared

  26269   ~2%    {2} r2 = _num#SemanticOpcode#e6f455a5::TAddOne#f_project#SemanticExpr#91573b9a::SemKnownExpr#class#fff_10#joi__#shared UNION r1

  41333   ~1%    {2} r3 = JOIN _SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs_num#SemanticOpcode#e6f455a5::TAd__#shared WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  5806   ~2%    {2} r4 = JOIN r3 WITH num#Sign#2ecc774b::TNeg#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
  5806   ~1%    {3} r5 = JOIN r4 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff#2 ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
  3612   ~0%    {2} r6 = JOIN r5 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 2 OUTPUT false, Lhs.2

  18476   ~1%    {2} r7 = JOIN r3 WITH num#Sign#2ecc774b::TPos#f ON FIRST 1 OUTPUT Lhs.1, Lhs.0
  18476   ~1%    {3} r8 = JOIN r7 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff#2 ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
  18444   ~2%    {2} r9 = JOIN r8 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 2 OUTPUT true, Lhs.2

  22056   ~0%    {2} r10 = r6 UNION r9

  24137   ~2%    {2} r11 = JOIN _SemanticExpr#91573b9a::SemExpr::getOpcode#0#dispred#fb_10#join_rhs_num#SemanticOpcode#e6f455a5::TPo__#shared WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  16966   ~2%    {1} r12 = JOIN r11 WITH num#Sign#2ecc774b::TPos#f ON FIRST 1 OUTPUT Lhs.1
  16966   ~4%    {2} r13 = JOIN r12 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff ON FIRST 1 OUTPUT Rhs.1, Lhs.0
  24917   ~1%    {2} r14 = JOIN r13 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
  2781   ~0%    {2} r15 = JOIN r14 WITH num#Sign#2ecc774b::TNeg#f ON FIRST 1 OUTPUT false, Lhs.1

  2817   ~0%    {1} r16 = JOIN r11 WITH num#Sign#2ecc774b::TNeg#f ON FIRST 1 OUTPUT Lhs.1
  2817   ~0%    {2} r17 = JOIN r16 WITH project#SemanticExpr#91573b9a::SemBinaryExpr#fffff ON FIRST 1 OUTPUT Rhs.1, Lhs.0
  6922   ~0%    {2} r18 = JOIN r17 WITH SignAnalysisCommon#4b1623af::SignAnalysis#FloatDelta#0eab55d1::FloatDelta#RangeUtils#6da26777::RangeUtil#FloatDelta#0eab55d1::FloatDelta#RangeAnalysisConstantSpecific#878f81e8::CppLangImplConstant##::semExprSign#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
  2765   ~1%    {2} r19 = JOIN r18 WITH num#Sign#2ecc774b::TPos#f ON FIRST 1 OUTPUT true, Lhs.1

  5546   ~0%    {2} r20 = r15 UNION r19
  27602   ~0%    {2} r21 = r10 UNION r20
  53871   ~0%    {2} r22 = r2 UNION r21
                  return r22
```
 2023-04-17 09:28:31 +01:00
Paolo Tranquilli
cbe247e123 Merge branch 'main' into redsun82/swift-logging 2023-04-17 10:27:14 +02:00
Paolo Tranquilli
3f139bd93b Swift: address logging review comments 2023-04-17 10:27:01 +02:00
Paolo Tranquilli
edb355b47f Swift: add QLdoc for generated Raw and Synth modules 2023-04-17 09:38:26 +02:00
Tony Torralba
f5702f5c69 Address review comment 
Handle more regex cases that cover line breaks
 2023-04-17 09:33:44 +02:00
Tony Torralba
e167d3ce00 Add line break sanitizers 2023-04-17 09:33:44 +02:00
Erik Krogh Kristensen
4e49df1615 Merge pull request #12839 from jcogs33/jcogs33/update-QueryDoc-regex 
QL: update regexes used in `QueryDoc.getQueryName()` and in `QueryDoc.getQueryId()/getQueryLanguage()`
 2023-04-17 09:03:03 +02:00
Mathias Vorreiter Pedersen
7eee589304 Merge pull request #12569 from andersfugmann/andersfugmann/use_after_free 
C++: Implement use-after-free and double-free queries using the new IR use-use dataflow
 2023-04-17 08:01:58 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00
Mathias Vorreiter Pedersen
dba46bd324 Update cpp/ql/src/Critical/DoubleFree.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:38:30 +01:00
Asger F
ccb57f2a84 Merge pull request #12804 from asgerf/rb/api-graphs-cached 
Ruby: restrict join order of API graph predicates
 2023-04-17 08:24:07 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
Asger F
c250ba7f27 JS: Undo sanitization of path.normalize() 2023-04-17 08:23:04 +02:00
Asger F
9db63c3a6a JS: Change note 2023-04-17 08:23:04 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
Asger F
0d598c437d JS: Fix observed FPs in UnsafeJQueryPlugin 2023-04-17 08:20:18 +02:00
Asger F
b321151a28 JS: Restrict ExtendCall flow in proto pollution query 2023-04-17 08:20:18 +02:00
Asger F
efb582b661 JS: Drive-by fix to newly gained FPs 2023-04-17 08:20:18 +02:00