hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,714 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
572c773345 Change provenance for MaD models that use package grouping 2024-08-06 13:13:39 +01:00
Dave Bartolomeo
32b3924548 Merge pull request #17156 from hvitved/ruby/update-expected 2024-08-06 08:07:07 -04:00
Tom Hvitved
0f1b5327ef Ruby: Update expected test output 2024-08-06 13:58:05 +02:00
Tom Hvitved
a7410e4a16 Java: Fix bad join 
Before
```
[2024-08-06 10:37:59] Evaluated non-recursive predicate BoundingChecks::arrayReference/1#754911ba@0628dahn in 20981ms (size: 2009682526).
Evaluated relational algebra for predicate BoundingChecks::arrayReference/1#754911ba@0628dahn with tuple counts:
             94480   ~0%    {2} r1 = SCAN `Expr::ArrayAccess.getArray/0#dispred#b90c658a` OUTPUT In.1, In.0

                32   ~0%    {2} r2 = JOIN r1 WITH `Expr::MethodCall.getMethod/0#dispred#41989dc9` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
              1013   ~1%    {2}    | JOIN WITH `Expr::MethodCall.getMethod/0#dispred#41989dc9_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1

             92091   ~4%    {2} r3 = JOIN r1 WITH variableBinding ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2009681513   ~0%    {2}    | JOIN WITH variableBinding_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1

        2009682526   ~0%    {2} r4 = r2 UNION r3
                            return r4

[2024-08-06 10:38:02] Evaluated non-recursive predicate BoundingChecks::lessthanLength/1#48b5e1b7@2885308n in 0ms (size: 108).
Evaluated relational algebra for predicate BoundingChecks::lessthanLength/1#48b5e1b7@2885308n with tuple counts:
        1518  ~0%    {2} r1 = JOIN `Expr::ComparisonExpr.isStrict/0#dispred#fd8c6ddb` WITH `Expr::ComparisonExpr.getGreaterOperand/0#dispred#e8df4b14` ON FIRST 1 OUTPUT Rhs.1, Lhs.0
         455  ~2%    {2}    | JOIN WITH Expr::FieldAccess#2b664c37 ON FIRST 1 OUTPUT Lhs.1, Lhs.0
         455  ~1%    {3}    | JOIN WITH `Expr::ComparisonExpr.getLesserOperand/0#dispred#d7744bc2` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
         455  ~0%    {5}    | JOIN WITH `Expr::FieldAccess.getField/0#dispred#29ef4aa0` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Lhs.0, Lhs.2
         455  ~0%    {5}    | REWRITE WITH Out.1 := "length"
         116  ~0%    {3}    | JOIN WITH `Element::Element.hasName/1#dispred#8acbbbde` ON FIRST 2 OUTPUT Lhs.4, Lhs.2, Lhs.3
          93  ~0%    {3}    | JOIN WITH variableBinding ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
          93  ~1%    {3}    | JOIN WITH `Expr::VarAccess.getQualifier/0#dispred#2b0f1cd1` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         484  ~2%    {3}    | JOIN WITH variableBinding_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
         277  ~3%    {2}    | JOIN WITH `BoundingChecks::conditionHolds/2#fa0354b9#bb` ON FIRST 2 OUTPUT Lhs.1, Lhs.2
         166  ~5%    {2}    | JOIN WITH `Expr::ArrayAccess.getIndexExpr/0#dispred#345f6cf4_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         110  ~0%    {1}    | JOIN WITH `BoundingChecks::arrayReference/1#754911ba` ON FIRST 2 OUTPUT Lhs.0
                     return r1
```

After
```
[2024-08-06 13:29:50] Evaluated non-recursive predicate BoundingChecks::lengthAccess/2#54b10eff@719e68tb in 0ms (size: 309).
Evaluated relational algebra for predicate BoundingChecks::lengthAccess/2#54b10eff@719e68tb with tuple counts:
        6241  ~0%    {2} r1 = JOIN `BoundingChecks::getAnAccess/1#152ad44e_10#join_rhs` WITH `Expr::VarAccess.getQualifier/0#dispred#2b0f1cd1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        6240  ~0%    {4}    | JOIN WITH `Expr::FieldAccess.getField/0#dispred#29ef4aa0` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Lhs.0
        6240  ~0%    {4}    | REWRITE WITH Out.1 := "length"
         309  ~2%    {2}    | JOIN WITH `Element::Element.hasName/1#dispred#8acbbbde` ON FIRST 2 OUTPUT Lhs.3, Lhs.2
                     return r1

[2024-08-06 13:29:50] Evaluated non-recursive predicate BoundingChecks::lessthanLength/1#48b5e1b7@0fcac509 in 1ms (size: 108).
Evaluated relational algebra for predicate BoundingChecks::lessthanLength/1#48b5e1b7@0fcac509 with tuple counts:
        94480  ~0%    {3} r1 = JOIN `Expr::ArrayAccess.getArray/0#dispred#b90c658a` WITH `Expr::ArrayAccess.getIndexExpr/0#dispred#345f6cf4` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
          648  ~4%    {4}    | JOIN WITH variableBinding ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
          621  ~1%    {4}    | JOIN WITH `BoundingChecks::getAnAccess/1#152ad44e_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Rhs.1
          344  ~0%    {4}    | JOIN WITH `BoundingChecks::conditionHolds/2#fa0354b9#bb_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
          341  ~0%    {4}    | JOIN WITH `Expr::ComparisonExpr.isStrict/0#dispred#fd8c6ddb` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3
          341  ~0%    {5}    | JOIN WITH `Expr::ComparisonExpr.getGreaterOperand/0#dispred#e8df4b14` ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2, Lhs.0
          110  ~2%    {3}    | JOIN WITH `BoundingChecks::lengthAccess/2#54b10eff` ON FIRST 2 OUTPUT Lhs.4, Lhs.2, Lhs.3
          110  ~0%    {3}    | JOIN WITH `Expr::ComparisonExpr.getLesserOperand/0#dispred#d7744bc2` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1
          110  ~0%    {1}    | JOIN WITH variableBinding ON FIRST 2 OUTPUT Lhs.2
                      return r1
```
 2024-08-06 13:30:19 +02:00
Cornelius Riemenschneider
2377546240 Merge pull request #17150 from github/criemen/upgrade-rules-rust 
Bazel: Upgrade rules_rust.
 2024-08-06 12:53:07 +02:00
Alvaro Muñoz
9f79e51e89 Bump qlpack versions 2024-08-06 12:46:28 +02:00
Alvaro Muñoz
76210f53c8 Merge pull request #69 from github/improve_cache_poisoning 
Improve Cache Poisoning Query
 2024-08-06 12:45:51 +02:00
Asger F
2d814428d6 JS: Update expected output with provenance 2024-08-06 12:45:08 +02:00
Asger F
0a143a5f52 JS: Do not include type in path explanation 2024-08-06 12:45:07 +02:00
Asger F
1a532dac29 JS: Update VariableCapture instantiation after merge 2024-08-06 12:45:06 +02:00
Asger F
c8bbad6c4d Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-06 12:43:13 +02:00
Cornelius Riemenschneider
4e013af530 Merge branch 'main' into criemen/upgrade-rules-rust 2024-08-06 12:40:39 +02:00
Alvaro Muñoz
d18179850d Split Cache Poisoning queries in 3 
Split them into 3 queries depending of how the cache can be poisoned:
- control of cached files
- execution of controlled code
- code injection

Remove `setup-XXX` actions from CacheWriting class since the cached
files are not in the CWD
 2024-08-06 12:04:34 +02:00
Rasmus Wriedt Larsen
d50898e114 Python: Downgrade packaging for Python 3.7 support 2024-08-06 11:15:48 +02:00
Alvaro Muñoz
fbc2e1e7e8 Remove caching actions that cache files outside of the CWD 2024-08-06 10:47:12 +02:00
Joe Farebrother
e47d4ccb79 Merge pull request #17002 from Flying-Tom/add-get-response 
Ruby: Add get_response for Net::HTTP
 2024-08-06 09:44:21 +01:00
Tom Hvitved
87c5627024 Merge pull request #16937 from hvitved/ruby/ssa-integration 
Ruby: Adopt shared SSA data-flow integration
 2024-08-06 10:39:41 +02:00
Paolo Tranquilli
79740ed72b Merge pull request #17145 from github/redsun82/go 
Go/Bazel: fix gazelle invocation to use bundled bazel go
 2024-08-06 10:36:40 +02:00
Dave Bartolomeo
f08f17511e Merge pull request #17139 from github/dbartol/provenance/qltest 
Update test expectations after extension numbering fix
 2024-08-05 18:17:26 -04:00
Alvaro Muñoz
14f1672e74 Fix query message 2024-08-05 23:54:26 +02:00
Alvaro Muñoz
2273aadb4b Improve Cache Poisoning query 
The untrusted files path is compared with the path written to the cache
to check if the cache can really be poisoned
 2024-08-05 23:47:00 +02:00
Alvaro Muñoz
34b48d559b Add expected tests results 2024-08-05 23:45:51 +02:00
Alvaro Muñoz
c5314aeb6c Add new tests 2024-08-05 23:44:27 +02:00
Alvaro Muñoz
397eb2a762 Add getPath() to PRHeadCheckout and CacheWriting classes 
Add getPath() methods to get the path where a checkout step writes the
code and where a Cache write reads the files from.
 2024-08-05 23:44:20 +02:00
Cornelius Riemenschneider
d42e424289 Port integration tests to pytest. 2024-08-05 22:07:42 +02:00
Dave Bartolomeo
7e82986e7c Update Go test expectations 2024-08-05 13:20:12 -04:00
Dave Bartolomeo
a6e2fbb241 Merge remote-tracking branch 'origin/main' into dbartol/provenance/qltest 2024-08-05 13:16:31 -04:00
Alvaro Muñoz
0990774302 feat(poisonable_steps): Add python -m pip install 2024-08-05 18:53:53 +02:00
Chris Smowton
59572e5633 Merge pull request #16708 from am0o0/am0o0-java-PathInjection 
Java: new path injection sinks
 2024-08-05 17:23:09 +01:00
Chris Smowton
e88bf31270 Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 16:35:35 +01:00
Dave Bartolomeo
aea13b46ce Merge remote-tracking branch 'origin/main' into dbartol/provenance/qltest 2024-08-05 10:33:31 -04:00
Tamas Vajk
a4e357e46d Remove unused FileIsUpToDate 2024-08-05 15:56:12 +02:00
Tamas Vajk
ec9de41fea Add change note 2024-08-05 15:55:32 +02:00
Tamas Vajk
968c279fd7 Add DB upgrade/downgrade scripts 2024-08-05 15:55:29 +02:00
Tamas Vajk
a31d90897d C#: Do not skip extraction of already seen source files 2024-08-05 15:55:26 +02:00
Alexandre Boulgakov
6f23819f60 Merge pull request #17140 from github/jketema/generic-broken 
C++ Add IR test for `_Generic`s
 2024-08-05 14:36:40 +01:00
am0o0
e4deb7d304 apply autoformating for HardcodedCredentials.ql 2024-08-05 14:58:37 +02:00
Paolo Tranquilli
841f317cbd Merge branch 'main' into redsun82/go 2024-08-05 14:30:28 +02:00
Cornelius Riemenschneider
3721e346c6 Bazel: Upgrade rules_rust. 2024-08-05 14:29:25 +02:00
am0o0
fce183c7cb apply autoformat to HardcodedCredentialsCustomizations.qll 2024-08-05 14:25:15 +02:00
Rasmus Wriedt Larsen
4eb6afa880 Python: Update poetry.lock 2024-08-05 14:14:41 +02:00
Cornelius Riemenschneider
133a0914b5 Delete old go integration test library. 2024-08-05 13:31:33 +02:00
Cornelius Riemenschneider
6cb6aeffbb Rename build-environment.expected to build_environment.expected. 
This follows the convention of our other expected files.
 2024-08-05 13:30:23 +02:00
Cornelius Riemenschneider
aec06c8100 Port go tests. 2024-08-05 13:22:03 +02:00
Geoffrey White
4225774a3a Swift: Add test cases for swift/hardcoded-key. 2024-08-05 11:42:18 +01:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
Geoffrey White
0f7598786c Swift: Test spacing. 2024-08-05 11:23:38 +01:00
Michael B. Gale
fe00dbc96c Merge pull request #17143 from github/dependabot/go_modules/go/extractor/extractor-dependencies-fbcabf3719 2024-08-05 10:33:21 +01:00
Jeroen Ketema
28702046aa C++: Rename function to match what is actually being tested 2024-08-05 10:32:54 +01:00
Jeroen Ketema
bfae86e9e8 C++: Update test after extractor fix 2024-08-05 10:32:54 +01:00