hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,361 Commits 1,673 Branches 157 Tags
codeql-cli/v2.14.6
Commit Graph

58361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
b99b6b85ba Merge pull request #13927 from hvitved/csharp/fix-bad-join 
C#: Fix bad join order
 2023-08-10 13:04:16 +02:00
Harry Maclean
5fff9fa8da More precise flow into splat parameters 
We now precisely track flow from positional arguments to splat
parameters, provided that splat arguments are not used and there are no
positional parameters after the splat parameter. For example, in this
case:

    def f(x, y, *z); end

    f(a, b, c, d)

we get flow from `c` to `z[0]` and `d` to `z[1]`.

We get false flow if there are positional parameters after the splat
parameter. For example in this case:

    def g(x, y, *z, w); end

    g(a, b, c, d)

we get flow from `d` to `z[0]` instead of `w`.

We also track flow in this case

    def f(a, *b)
      sink b[0]
    end

    f(1, *[taint, 2])
 2023-08-10 12:02:47 +01:00
Harry Maclean
a58aa17c7a Merge pull request #13878 from hmac/splat-flow 
Ruby: Track flow from splat arguments to positional parameters
 2023-08-10 12:01:38 +01:00
Mathias Vorreiter Pedersen
1455e8bd4c C++: Convert all '<'s to '<='s. 2023-08-10 11:55:57 +01:00
Mathias Vorreiter Pedersen
dcc1429ed8 C++: Get rid of '+ 1' in comments. 2023-08-10 11:38:40 +01:00
Mathias Vorreiter Pedersen
b750016bc1 C++: Fix more comments. 2023-08-10 11:31:30 +01:00
Rasmus Wriedt Larsen
46af77c1af Python: Include all assignments in data flow paths 
Like Ruby did in https://github.com/github/codeql/pull/12566
 2023-08-10 11:45:29 +02:00
Rasmus Wriedt Larsen
9bd5694c3f Python: Add tests of path-graph for dataflow/taint-tracking 
Although this is actually using taint-tracking (so we can use the +=
statement), I would personally forget to check under the
dataflow/tainttracking folder to look for such a test, so I'm opting to
keep it under the dataflow/ folder.
 2023-08-10 11:44:17 +02:00
Jeroen Ketema
2e338cc7b4 Merge pull request #13929 from jketema/buffer 
C++: Only consider the maximum buffer size for badly bounded write
 2023-08-10 10:40:37 +02:00
Tom Hvitved
e40f0a7350 Ruby: Fix bug in isCapturedAccess 2023-08-10 09:37:04 +02:00
Rasmus Lerchedahl Petersen
dbc60140e0 Python: move tests to data extensions 
For these tests, we cannot use the same mechanism, as we want the
data extensions to be available for both tests.

Instead, we create a ql-pack for the test directory and point to
the data entensions from there. This makes the extensions
available for all tests in the directory.
 2023-08-10 09:17:34 +02:00
Tom Hvitved
e7acf8c3a8 Ruby: Add test 2023-08-10 08:53:00 +02:00
Maiky
97f8d1fca9 add getValue() method 2023-08-10 00:39:35 +02:00
Maiky
e60fa6f1a7 Remove unnecesary } 2023-08-10 00:25:47 +02:00
Maiky
c5c2df4593 fix Singleton set literal 2023-08-10 00:13:02 +02:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Mathias Vorreiter Pedersen
ce9b018789 C++: Move bounds checkout out of 'operandGuardChecks' for clarity. 2023-08-09 18:37:17 +01:00
Geoffrey White
c20a17e7b7 Swift: Update the consistency test .expecteted as well. 2023-08-09 15:47:28 +01:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Geoffrey White
23f0dd5542 Swift: Support MAD tuple content flow. 2023-08-09 15:08:11 +01:00
Harry Maclean
b03f6efa60 Ruby: Refactor 2023-08-09 15:01:40 +01:00
Harry Maclean
142393b599 Ruby: Handle unknown content in splat flow 2023-08-09 15:01:40 +01:00
Harry Maclean
4239268efd Ruby: Prevent some false flow into splat params 
In cases where there are positional parameters after a splat parameter,
don't attempt to match the splat parameter to a splat argument. We need
more sophisticated modelling to handle these cases, which is future
work.
 2023-08-09 15:01:40 +01:00
Harry Maclean
6f3e2cdde3 Ruby: Add change note 2023-08-09 15:01:40 +01:00
Harry Maclean
c0baa5116f Ruby: add test for example splat arg/param matches 2023-08-09 15:01:40 +01:00
Harry Maclean
72356d1515 Ruby: track flow from *args to positional params 
This models flow in the following case:

    def foo(x, y)
      sink x # 1
      sink y # 2
    end

    args = [source 1, source 2]
    foo(*args)

We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
 2023-08-09 15:01:40 +01:00
Jeroen Ketema
e04d30a676 C++: Update expected test changes due to the line in test2.cpp having shifted 2023-08-09 15:50:07 +02:00
Jeroen Ketema
6100425274 C++: Add change note 2023-08-09 15:47:19 +02:00
Geoffrey White
b4b2338144 Swift: Test for MAD tuple content flow. 2023-08-09 14:41:32 +01:00
Jeroen Ketema
6d7a75d1b9 Merge pull request #13931 from MathiasVP/revert-constant-bounds-and-prep 
C++: Revert constant bounds for new range analysis
codeql-cli/v2.14.2 		2023-08-09 15:39:53 +02:00
Mathias Vorreiter Pedersen
8a490775d8 Merge branch 'main' into fix-barriers-in-invalid-pointer-deref 2023-08-09 14:32:58 +01:00
Ian Lynagh
0eb6d1c76e Kotlin: useFunction might return null 2023-08-09 13:45:15 +01:00
Rasmus Lerchedahl Petersen
885e25ff2d Python: use file-name-convention of *.model.yml 2023-08-09 14:25:33 +02:00
Mathias Vorreiter Pedersen
acd16afddd Revert "Merge pull request #13880 from MathiasVP/type-bounds-preparation" 
This reverts commit 3e9d9e72dc, reversing
changes made to 877ee7047d.
 2023-08-09 13:03:06 +01:00
Mathias Vorreiter Pedersen
cb1076c335 Revert "Merge pull request #13783 from MathiasVP/type-bounds-for-new-range-analysis" 
This reverts commit e9750af89f, reversing
changes made to 37a546253e.
 2023-08-09 13:02:54 +01:00
erik-krogh
fe542565c3 fix performance 2023-08-09 13:48:07 +02:00
Michael B. Gale
01ff690d51 Merge pull request #13923 from github/mbg/go/bump-go-libraries 2023-08-09 11:36:35 +01:00
Mathias Vorreiter Pedersen
da66136ded Merge pull request #13911 from MathiasVP/fix-taint-for-frontend-upgrade 
C++: Fix taint-flow in preparation for frontend upgrade
 2023-08-09 11:30:07 +01:00
Jeroen Ketema
d0e7354a1b C++: Only consider the maximum buffer size for badly bounded write 2023-08-09 12:30:00 +02:00
Jeroen Ketema
9572b9d308 C++: Add test where buffer initialized with literal is reassigned an allocation 2023-08-09 12:26:10 +02:00
Rasmus Wriedt Larsen
c0dec21546 Merge pull request #13925 from RasmusWL/fixup-script 
Misc: Fixup `accept-expected-changes-from-ci.py`
 2023-08-09 11:45:34 +02:00
Tom Hvitved
7dac819730 C#: Fix bad join order 
Before
```
Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb in 6096ms on iteration 4 (delta size: 592145).
Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb on iteration 4 running pipeline standard with tuple counts:
          204507  ~0%    {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0
          204507  ~0%    {3} r2 = JOIN r1 WITH _@callable#f_ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#j__#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
        17844283  ~0%    {3} r3 = JOIN r2 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
          592145  ~0%    {2} r4 = JOIN r3 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1
          592145  ~0%    {2} r5 = r4 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1)
                         return r5
```

After
```
Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 in 310ms on iteration 4 (delta size: 592145).
Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 on iteration 4 running pipeline standard with tuple counts:
        204507  ~0%    {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0
        204507  ~0%    {2} r2 = r1 AND NOT _statements_10#join_rhs#antijoin_rhs#13(Lhs.0)
        592145  ~2%    {3} r3 = JOIN r2 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
        592145  ~0%    {3} r4 = JOIN r3 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
        592145  ~0%    {2} r5 = JOIN r4 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.0
        592145  ~0%    {2} r6 = r5 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1)
                       return r6
```
 2023-08-09 11:28:06 +02:00
AlexDenisov
6e8f600cb9 Merge pull request #13924 from github/alexdenisov/cherry-pick-reverted-pr 
Revert "Swift: Route compiler diagnostics through our log."
 2023-08-09 11:02:19 +02:00
Rasmus Wriedt Larsen
69aa099ed1 Misc: Fixup accept-expected-changes-from-ci.py 
I guess there has been a rename of the URL from `/jobs/` to `/job/`, since the script has been working previously.
 2023-08-09 10:44:31 +02:00
Geoffrey White
e828d8dace Swift: Add UIKit to supported-frameworks.rst as well. 2023-08-09 09:25:43 +01:00
Geoffrey White
131b2b3e0c Swift: Change note. 2023-08-09 09:25:43 +01:00
Geoffrey White
09346c76e7 Swift: Add models. 2023-08-09 09:25:43 +01:00
AlexDenisov
fa729faa0a Revert "Swift: Route compiler diagnostics through our log." 2023-08-09 10:02:59 +02:00
Mathias Vorreiter Pedersen
499b6f35e5 C++: Also key SSA defs and uses by the base address. 2023-08-09 08:44:16 +01:00