hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
66,447 Commits 1,685 Branches 159 Tags
codeql-cli/v2.17.2
Commit Graph

66447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Harry Maclean
a58aa17c7a Merge pull request #13878 from hmac/splat-flow 
Ruby: Track flow from splat arguments to positional parameters
 2023-08-10 12:01:38 +01:00
Mathias Vorreiter Pedersen
1455e8bd4c C++: Convert all '<'s to '<='s. 2023-08-10 11:55:57 +01:00
Mathias Vorreiter Pedersen
dcc1429ed8 C++: Get rid of '+ 1' in comments. 2023-08-10 11:38:40 +01:00
Mathias Vorreiter Pedersen
b750016bc1 C++: Fix more comments. 2023-08-10 11:31:30 +01:00
Rasmus Wriedt Larsen
46af77c1af Python: Include all assignments in data flow paths 
Like Ruby did in https://github.com/github/codeql/pull/12566
 2023-08-10 11:45:29 +02:00
Rasmus Wriedt Larsen
9bd5694c3f Python: Add tests of path-graph for dataflow/taint-tracking 
Although this is actually using taint-tracking (so we can use the +=
statement), I would personally forget to check under the
dataflow/tainttracking folder to look for such a test, so I'm opting to
keep it under the dataflow/ folder.
 2023-08-10 11:44:17 +02:00
Jeroen Ketema
2e338cc7b4 Merge pull request #13929 from jketema/buffer 
C++: Only consider the maximum buffer size for badly bounded write
 2023-08-10 10:40:37 +02:00
Geoffrey White
376479325d Swift: Model LosslessStringConvertible. 2023-08-10 09:27:05 +01:00
Geoffrey White
effe3762b8 Swift: More robust OptionalSomePattern flow. 2023-08-10 08:49:46 +01:00
Tom Hvitved
e40f0a7350 Ruby: Fix bug in isCapturedAccess 2023-08-10 09:37:04 +02:00
Rasmus Lerchedahl Petersen
dbc60140e0 Python: move tests to data extensions 
For these tests, we cannot use the same mechanism, as we want the
data extensions to be available for both tests.

Instead, we create a ql-pack for the test directory and point to
the data entensions from there. This makes the extensions
available for all tests in the directory.
 2023-08-10 09:17:34 +02:00
Tom Hvitved
e7acf8c3a8 Ruby: Add test 2023-08-10 08:53:00 +02:00
Geoffrey White
aa2e79b6da Swift: Model numeric conversions. 2023-08-10 00:19:50 +01:00
Maiky
97f8d1fca9 add getValue() method 2023-08-10 00:39:35 +02:00
Maiky
e60fa6f1a7 Remove unnecesary } 2023-08-10 00:25:47 +02:00
Maiky
c5c2df4593 fix Singleton set literal 2023-08-10 00:13:02 +02:00
Geoffrey White
e86ccf8498 Swift: Test flow through various conversions. 2023-08-09 23:05:45 +01:00
Brandon Stewart
74567041a7 remove pathgraph 2023-08-09 19:51:07 +00:00
Brandon Stewart
cca4c35cf8 add pathgraph 2023-08-09 19:23:21 +00:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
Brandon Stewart
7f07422a5d Merge branch 'main' into add-cwe-208 2023-08-09 14:52:51 -04:00
Brandon Stewart
07d5beca34 run format document 2023-08-09 18:51:55 +00:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Brandon Stewart
26401fec70 address PR comments 2023-08-09 18:44:42 +00:00
Mathias Vorreiter Pedersen
ce9b018789 C++: Move bounds checkout out of 'operandGuardChecks' for clarity. 2023-08-09 18:37:17 +01:00
Geoffrey White
c20a17e7b7 Swift: Update the consistency test .expecteted as well. 2023-08-09 15:47:28 +01:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Geoffrey White
23f0dd5542 Swift: Support MAD tuple content flow. 2023-08-09 15:08:11 +01:00
Harry Maclean
b03f6efa60 Ruby: Refactor 2023-08-09 15:01:40 +01:00
Harry Maclean
142393b599 Ruby: Handle unknown content in splat flow 2023-08-09 15:01:40 +01:00
Harry Maclean
4239268efd Ruby: Prevent some false flow into splat params 
In cases where there are positional parameters after a splat parameter,
don't attempt to match the splat parameter to a splat argument. We need
more sophisticated modelling to handle these cases, which is future
work.
 2023-08-09 15:01:40 +01:00
Harry Maclean
6f3e2cdde3 Ruby: Add change note 2023-08-09 15:01:40 +01:00
Harry Maclean
c0baa5116f Ruby: add test for example splat arg/param matches 2023-08-09 15:01:40 +01:00
Harry Maclean
72356d1515 Ruby: track flow from *args to positional params 
This models flow in the following case:

    def foo(x, y)
      sink x # 1
      sink y # 2
    end

    args = [source 1, source 2]
    foo(*args)

We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
 2023-08-09 15:01:40 +01:00
Jeroen Ketema
e04d30a676 C++: Update expected test changes due to the line in test2.cpp having shifted 2023-08-09 15:50:07 +02:00
Jeroen Ketema
6100425274 C++: Add change note 2023-08-09 15:47:19 +02:00
Geoffrey White
b4b2338144 Swift: Test for MAD tuple content flow. 2023-08-09 14:41:32 +01:00
Jeroen Ketema
6d7a75d1b9 Merge pull request #13931 from MathiasVP/revert-constant-bounds-and-prep 
C++: Revert constant bounds for new range analysis
codeql-cli/v2.14.2 		2023-08-09 15:39:53 +02:00
Mathias Vorreiter Pedersen
8a490775d8 Merge branch 'main' into fix-barriers-in-invalid-pointer-deref 2023-08-09 14:32:58 +01:00
Ian Lynagh
0eb6d1c76e Kotlin: useFunction might return null 2023-08-09 13:45:15 +01:00
Rasmus Lerchedahl Petersen
885e25ff2d Python: use file-name-convention of *.model.yml 2023-08-09 14:25:33 +02:00
Mathias Vorreiter Pedersen
acd16afddd Revert "Merge pull request #13880 from MathiasVP/type-bounds-preparation" 
This reverts commit 3e9d9e72dc, reversing
changes made to 877ee7047d.
 2023-08-09 13:03:06 +01:00
Mathias Vorreiter Pedersen
cb1076c335 Revert "Merge pull request #13783 from MathiasVP/type-bounds-for-new-range-analysis" 
This reverts commit e9750af89f, reversing
changes made to 37a546253e.
 2023-08-09 13:02:54 +01:00
erik-krogh
fe542565c3 fix performance 2023-08-09 13:48:07 +02:00
Michael B. Gale
01ff690d51 Merge pull request #13923 from github/mbg/go/bump-go-libraries 2023-08-09 11:36:35 +01:00
Mathias Vorreiter Pedersen
da66136ded Merge pull request #13911 from MathiasVP/fix-taint-for-frontend-upgrade 
C++: Fix taint-flow in preparation for frontend upgrade
 2023-08-09 11:30:07 +01:00
Jeroen Ketema
d0e7354a1b C++: Only consider the maximum buffer size for badly bounded write 2023-08-09 12:30:00 +02:00
Jeroen Ketema
9572b9d308 C++: Add test where buffer initialized with literal is reassigned an allocation 2023-08-09 12:26:10 +02:00
Rasmus Wriedt Larsen
c0dec21546 Merge pull request #13925 from RasmusWL/fixup-script 
Misc: Fixup `accept-expected-changes-from-ci.py`
 2023-08-09 11:45:34 +02:00
Tom Hvitved
7dac819730 C#: Fix bad join order 
Before
```
Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb in 6096ms on iteration 4 (delta size: 592145).
Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb on iteration 4 running pipeline standard with tuple counts:
          204507  ~0%    {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0
          204507  ~0%    {3} r2 = JOIN r1 WITH _@callable#f_ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#j__#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
        17844283  ~0%    {3} r3 = JOIN r2 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
          592145  ~0%    {2} r4 = JOIN r3 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1
          592145  ~0%    {2} r5 = r4 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1)
                         return r5
```

After
```
Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 in 310ms on iteration 4 (delta size: 592145).
Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 on iteration 4 running pipeline standard with tuple counts:
        204507  ~0%    {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0
        204507  ~0%    {2} r2 = r1 AND NOT _statements_10#join_rhs#antijoin_rhs#13(Lhs.0)
        592145  ~2%    {3} r3 = JOIN r2 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
        592145  ~0%    {3} r4 = JOIN r3 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
        592145  ~0%    {2} r5 = JOIN r4 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.0
        592145  ~0%    {2} r6 = r5 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1)
                       return r6
```
 2023-08-09 11:28:06 +02:00