hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,698 Branches 161 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
5327847744 C++: No need to exclude static and global initializers now that we inline the predicates. 2024-12-16 14:02:46 +00:00
Mathias Vorreiter Pedersen
3bdfdd0573 C++: Change all the 'ensures' and (and most 'compares') predicates to be inlined to prevent explosions. Also remove the caching since this is't necessary now that the main recursion is cached. 2024-12-16 14:02:44 +00:00
Mathias Vorreiter Pedersen
404dd33498 C++: Move the main recursion into to a cached module. 2024-12-16 14:02:42 +00:00
Mathias Vorreiter Pedersen
6f73aa552d C++: Convert IRGuards to use final abstract classes. 2024-12-16 14:02:40 +00:00
Mathias Vorreiter Pedersen
20dfbdc5cc Revert "Merge pull request #18057 from jketema/codeql-cli-2.19.4" 
This reverts commit ed922f6519, reversing
changes made to aa4cc72f30.
 2024-12-16 14:02:38 +00:00
Tom Hvitved
5ed03e266a Rust: Fix semantic merge conflicts 2024-12-16 14:47:13 +01:00
Michael Nebel
32bfbb832b Merge pull request #18293 from michaelnebel/fixmain 
Fix failing tests on main.
 2024-12-16 14:26:25 +01:00
Jeroen Ketema
da3fcda4fc C++: Address review comments 2024-12-16 14:25:41 +01:00
Paolo Tranquilli
4c4a8d7619 Rust: extract isRef for SelfParam 2024-12-16 14:24:56 +01:00
Michael Nebel
d0e9c3bb70 Fix failing tests on main. 2024-12-16 14:16:47 +01:00
Paolo Tranquilli
e4eb2697eb Swift: fix typo in autobuild.cmd 2024-12-16 13:44:33 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
f2968f4e14 Shared: Ensure subpath-induced edges are handled properly 
Argument-passing and flow-through edges are present in 'edges' in addition to 'subpaths', but the implementation didn't take this into account.
 2024-12-16 13:21:43 +01:00
Simon Friis Vindum
cad4f39aee Rust: Database name capitalization 2024-12-16 13:15:42 +01:00
Asger F
0edb30638a Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-12-16 13:14:27 +01:00
Simon Friis Vindum
defbbb2a24 Rust: Add additional models for stdlib and sqlx 2024-12-16 11:46:57 +01:00
Simon Friis Vindum
aab3428bc7 Rust: Model address-of and dereference as stores and loads 2024-12-16 11:31:15 +01:00
Simon Friis Vindum
df0375103c Rust: Add data flow tests 2024-12-16 11:09:22 +01:00
Tom Hvitved
aabcc108dd Rust: Fix bad join 
```
[2024-12-16 10:10:36] (247s) Tuple counts for DataFlowImpl::RustDataFlow::storeStep/3#98e80e57/3@0618fdm6 after 3m8s:
                      33711       ~0%        {3} r1 = SCAN `DataFlowImpl::VariableCapture::storeStep/3#cb0fdcf6` OUTPUT In.1, In.0 'node1', In.2 'node2'
                      33711       ~6%        {3}    | JOIN WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.1 'node1', Rhs.1 'cs', Lhs.2 'node2'

                      0           ~0%        {3} r2 = JOIN `FlowSummaryImpl::Private::Steps::summaryStoreStep/3#2c853d0d` WITH DataFlowImpl::TFlowSummaryNode#2b28ecb7 ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node1'
                      0           ~0%        {3}    | JOIN WITH DataFlowImpl::TFlowSummaryNode#2b28ecb7 ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node1'

                      1554        ~0%        {3} r3 = JOIN _DataFlowImpl::TExprNode#83a34c2e__DataFlowImpl::TArrayElement#b9fb9b7b_DataFlowImpl::TSingletonCont__#shared WITH `CfgNodes::ArrayRepeatExprCfgNode.getRepeatOperand/0#dispred#b264e402_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node1'
                      1554        ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      870         ~2%        {3} r4 = SCAN `DataFlowImpl::RustDataFlow::tupleAssignment/3#bf3c8690` OUTPUT In.2, In.0 'node1', In.1
                      870         ~0%        {3}    | JOIN WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.2, Rhs.1 'cs', Lhs.1 'node1'
                      870         ~0%        {3}    | JOIN WITH `DataFlowImpl::Node::PostUpdateNode.getPreUpdateNode/0#dispred#53daedc2_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      40037       ~4%        {3} r5 = JOIN _DataFlowImpl::TExprNode#83a34c2e__DataFlowImpl::TArrayElement#b9fb9b7b_DataFlowImpl::TSingletonCont__#shared WITH `CfgNodes::ArrayExprCfgNode.getAnExpr/0#dispred#9d00a6f1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node1'
                      36929       ~4%        {3}    | JOIN WITH CfgNodes::ArrayListExprCfgNode#07eee614 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'cs', Lhs.2 'node1'
                      36929       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2 'node1', Lhs.1 'cs', Rhs.1 'node2'

                      14          ~0%        {2} r6 = JOIN DataFlowImpl::TTuplePositionContent#f1d90606_10#join_rhs WITH DataFlowImpl::TSingletonContentSet#9b15eaba ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'cs'
                      47949       ~0%        {3}    | JOIN WITH `CfgNodes::TupleExprCfgNode.getField/1#dispred#9f7c9c63_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Rhs.2
                      47949       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      47949       ~2%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      59801       ~0%        {3} r7 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TVariantPositionContent#ca6baca0_201#join__#shared WITH `DataFlowImpl::RustDataFlow::tupleVariantConstruction/2#10613c55_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      45509       ~0%        {3}    | JOIN WITH CfgNodes::CallExprCfgNode#9c2a4686_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      45509       ~2%        {4}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      45509       ~0%        {3}    | JOIN WITH `CfgNodes::CallExprBaseCfgNode.getArgument/1#dispred#9ebb27c0` ON FIRST 2 OUTPUT Rhs.2, Lhs.2 'cs', Lhs.3 'node2'
                      45509       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      75147       ~1%        {3} r8 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TStructFieldContent#1d6d7b05_201#join_rhs#shared WITH `DataFlowImpl::RustDataFlow::structConstruction/2#a9656db0_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      59186       ~3%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getRecordExpr/0#dispred#659ad1af_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2

                      5641        ~2%        {3} r9 = JOIN _DataFlowImpl::TSingletonContentSet#9b15eaba_DataFlowImpl::TVariantFieldContent#4e05bcf1_201#join_rh__#shared WITH `DataFlowImpl::RustDataFlow::recordVariantConstruction/2#34b016f6_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2
                      5268        ~0%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getRecordExpr/0#dispred#659ad1af_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2

                      64454       ~1%        {3} r10 = r8 UNION r9
                      64454       ~0%        {4}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      25923       ~0%        {3}    | JOIN WITH `CfgNodes::RecordExprCfgNode.getFieldExpr/1#d72dca6e` ON FIRST 2 OUTPUT Rhs.2, Lhs.2 'cs', Lhs.3 'node2'
                      25923       ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      67759289500 ~251%      {4} r11 = JOIN DataFlowImpl::TSingletonContentSet#9b15eaba WITH DataFlowImpl::TExprNode#83a34c2e CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1 'cs', Rhs.0, Rhs.1 'node2'
                      3568000     ~1488%     {3}    | JOIN WITH DataFlowImpl::TArrayElement#b9fb9b7b ON FIRST 1 OUTPUT Lhs.3, Lhs.1 'cs', Lhs.2
                      1223000     ~1291%     {3}    | JOIN WITH `DataFlowImpl::Node::PostUpdateNode.getPreUpdateNode/0#dispred#53daedc2_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'cs', Rhs.1 'node2'
                      11500       ~0%        {3}    | JOIN WITH `CfgNodes::IndexExprCfgNode.getBase/0#dispred#19aba7d8_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      1000        ~3%        {3}    | JOIN WITH `CfgNodes::BinaryExprCfgNode.getLhs/0#dispred#bd1c02e7_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      500         ~3%        {3}    | JOIN WITH CfgNodes::AssignmentExprCfgNode#a9a5c022 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'cs', Lhs.2 'node2'
                      0           ~0%        {3}    | JOIN WITH `CfgNodes::BinaryExprCfgNode.getRhs/0#dispred#4a1146e4` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cs', Lhs.2 'node2'
                      0           ~0%        {3}    | JOIN WITH DataFlowImpl::TExprNode#83a34c2e ON FIRST 1 OUTPUT Rhs.1 'node2', Lhs.1 'cs', Lhs.2 'node2'

                      192445      ~1%        {3} r12 = r1 UNION r2 UNION r3 UNION r4 UNION r5 UNION r6 UNION r7 UNION r10 UNION r11
                                             return r12
```
 2024-12-16 10:20:30 +01:00
Tom Hvitved
2d16b5276d Rust: Fix bad join 
```
Evaluated relational algebra for predicate DataFlowImpl::RustDataFlow::pathResolveToVariantCanonicalPath/2#dc73aca0@34414869 with tuple counts:
          422639   ~3%    {3} r1 = JOIN `DataFlowImpl::resolveExtendedCanonicalPath/3#0454a346` WITH Synth::Synth::TPathAstNode#a7913307 ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
        73033499   ~7%    {6}    | JOIN WITH DataFlowImpl::MkVariantCanonicalPath#ab1ecb00 ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.3, _, Rhs.1, Rhs.2
                          {4}    | REWRITE WITH Tmp.3 := "::", Out.3 := (In.4 ++ Tmp.3 ++ In.5), TEST Out.3 = InOut.1 KEEPING 4
          170993   ~1%    {2}    | SCAN OUTPUT In.0, In.2
                          return r1
```
 2024-12-16 10:20:01 +01:00
Paolo Tranquilli
8efd127010 Swift: improve diagnostics for OS incompatibility 
* do not mention any more that one might make analysis happen on Linux with
  advanced setup
* say that outright Swift analysis is only supported on macOS, not just
  autobuild.
* emit the error diagnostics even for traced builds, not only for autobuilds
  (by using a dummy `extractor` executable).
 2024-12-16 10:12:31 +01:00
Simon Friis Vindum
31717524f0 Merge pull request #18270 from paldepind/rust-captured-variables 
Rust: Flow through captured variables
 2024-12-16 10:08:53 +01:00
Simon Friis Vindum
9da5d7128b Rust: Add test with data flow inconsistency 2024-12-16 09:40:13 +01:00
Owen Mansel-Chan
7ab06fca2f Merge pull request #18275 from owen-mc/go/mad/variadic-params-sources 
Go: Make models-as-data source models for variadic parameters work
 2024-12-15 13:22:21 +00:00
Alvaro Muñoz
1370102d45 Bump qlpack versions 2024-12-14 10:10:50 +01:00
Alvaro Muñoz
b8e23c1f01 Merge pull request #110 from github/ext_prefix 
Expect external workflows and actions in .github/workflow/external and .github/actions/external
 2024-12-14 10:06:55 +01:00
Paolo Tranquilli
0c5e260ae6 Merge pull request #18282 from github/redsun82/swift-remove-linux 
Swift: remove linux from standard pack
 2024-12-13 22:44:44 +01:00
Owen Mansel-Chan
906c51733c Merge pull request #18266 from owen-mc/misc/prepare-db-upgrade-improvement 
Misc: Look up remote name instead of using `origin` in `misc/prepare-db-upgrade.sh`
 2024-12-13 21:42:18 +00:00
Edward Minnix III
9948f6e255 Merge pull request #18284 from egregius313/egregius313/go/dataflow/sources/commandargs/os-args 
Go: Model `os.Args` as a `commandargs` source
 2024-12-13 16:33:45 -05:00
Ed Minnix
7852c8666c Update provenance in test results 2024-12-13 15:22:17 -05:00
Ed Minnix
88256e269a Convert model from QL to MaD 2024-12-13 14:59:32 -05:00
Edward Minnix III
f844105722 Fix test result 2024-12-13 14:53:58 -05:00
Dave Bartolomeo
4a9355c5de Add required signature predicate implementation 2024-12-13 14:39:19 -05:00
Dave Bartolomeo
1fb707f080 Bump minor version to prepare for public release 2024-12-13 13:00:24 -05:00
Ed Minnix
129388c78a Fix change note 2024-12-13 12:48:01 -05:00
Dave Bartolomeo
5aa3328b07 Upgrade to latest package versions 2024-12-13 12:46:39 -05:00
Ed Minnix
4ee60138b7 Fix test results 2024-12-13 12:44:57 -05:00
Ed Minnix
f8cfa39492 Change note 2024-12-13 12:42:02 -05:00
Ed Minnix
3f9af5bfe4 Tests 2024-12-13 12:42:01 -05:00
Ed Minnix
63a3054aeb os.Args variable read 2024-12-13 12:41:59 -05:00
Dave Bartolomeo
34844539d7 Fix pack names 2024-12-13 12:33:22 -05:00
Dave Bartolomeo
f99f5e8309 Merge remote-tracking branch 'origin/master' into dbartol/move-to-codeql 2024-12-13 11:49:32 -05:00
Paolo Tranquilli
a8238b1896 Swift: fix pack 2024-12-13 17:39:16 +01:00
Paolo Tranquilli
a75f5fac15 Swift: remove linux from standard pack 
This still defines a pack with linux included for development.
`//swift:install` will still also include linux.
 2024-12-13 17:01:22 +01:00
Alvaro Muñoz
455afc2bb2 Expect external workflows and actions in .github/workflow/external and .github/actions/external 2024-12-13 16:50:21 +01:00
Owen Mansel-Chan
e9dcd69cc0 Add readStep back to local taint flow 2024-12-13 13:30:18 +00:00
Owen Mansel-Chan
3a3e053f12 Only add taint steps for implicit varargs slice post-update nodes 2024-12-13 13:17:44 +00:00
Paolo Tranquilli
2cbb072668 Merge pull request #17699 from github/redsun82/swift-6 
Swift: make extractor compilable with Swift 6
 2024-12-13 12:27:35 +01:00
Asger F
820f81fc10 JS: Migrate UnsafeDynamicMethodAccess 2024-12-13 11:32:25 +01:00
Asger F
a9e89ed8e3 JS: Migrate PrototypePollutingAssignment 2024-12-13 11:23:31 +01:00