hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 16:23:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,688 Branches 159 Tags
codeql-cli/v2.8.5
Commit Graph

867 Commits

Author SHA1 Message Date
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Ian Lynagh
46c27dd20f Merge pull request #8514 from github/post-release-prep/codeql-cli-2.8.4 
Post-release preparation for codeql-cli-2.8.4
 2022-03-30 16:36:14 +01:00
Tom Hvitved
f429dafb09 Address review comments 2022-03-29 10:23:59 +02:00
Tom Hvitved
15ef8c1d8f Ruby: Cache ConstantReadAccess::getValue 2022-03-29 10:23:54 +02:00
Tom Hvitved
fe50c2879e Ruby: Rework getConstantValue implementation 2022-03-29 10:23:49 +02:00
Tom Hvitved
ec82fb1221 Ruby: Fix bad join-order in RegExpTerm::hasLocationInfo 
Before:
```
[2022-03-23 14:50:16] (776s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@5f6cf7if after 1m4s:
                      707103    ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721     ~0%     {5} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1 'this', Rhs.2, Rhs.3
                      64721     ~0%     {5} r3 = JOIN r2 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~0%     {5} r4 = JOIN r3 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~3%     {6} r5 = JOIN r4 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff ON FIRST 1 OUTPUT Rhs.1 'filepath', Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4, Rhs.4 'endline'
                      353247577 ~1%     {10} r6 = JOIN r5 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.1, 0, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.0 'filepath', Lhs.5 'endline', Rhs.1, Rhs.2 'startline', Rhs.3
                      353247577 ~0%     {9} r7 = JOIN r6 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.7, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.5 'filepath', Lhs.6 'endline', Lhs.8 'startline', Lhs.9
                      64721     ~2%     {6} r8 = JOIN r7 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.5 'filepath', Lhs.7 'startline', (Lhs.8 + Lhs.3), Lhs.6 'endline', ((Lhs.8 + Lhs.4) - 1)
                                        return r8
```

After:
```
[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff/7@de55ac7l after 1.1s:
                      12956   ~0%     {3} r1 = SCAN files OUTPUT In.0, 0, In.1 'filepath'
                      9850785 ~0%     {7} r2 = JOIN r1 WITH locations_default_102345#join_rhs ON FIRST 1 OUTPUT Rhs.1, 0, Lhs.2 'filepath', Rhs.2 'startline', Rhs.3 'startcolumn', Rhs.4 'endline', Rhs.5 'endcolumn'
                      823486  ~0%     {8} r3 = JOIN r2 WITH AST::AstNode::getLocation#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT 0, Rhs.1, 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                      698251  ~4%     {7} r4 = JOIN r3 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, 0, Lhs.3 'filepath', Lhs.4 'startline', Lhs.5 'startcolumn', Lhs.6 'endline', Lhs.7 'endcolumn'
                      64721   ~1%     {7} r5 = JOIN r4 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                                      return r5

[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@ad66b12q after 53ms:
                      707103 ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721  ~0%     {4} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.1, Rhs.2, Rhs.3
                      64721  ~5%     {5} r3 = JOIN r2 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#bffffff ON FIRST 2 OUTPUT Lhs.0 'this', Rhs.2 'filepath', Lhs.2, Lhs.3, Rhs.3 'endline'
                      64721  ~2%     {6} r4 = JOIN r3 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.1 'filepath', Rhs.2 'startline', (Rhs.3 + Lhs.2), Lhs.4 'endline', ((Rhs.3 + Lhs.3) - 1)
                                     return r4
```
 2022-03-29 10:23:32 +02:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage 
Ruby: add `rb/clear-text-storage-sensitive-data` query
 2022-03-21 10:05:39 +00:00
Arthur Baars
beef8e29bc Merge pull request #8332 from hvitved/ruby/regexp-taint-flow 
Ruby: Use taint tracking instead of type tracking to define `regExpSource`
 2022-03-18 18:24:02 +01:00
Tom Hvitved
1437aefe9d Ruby: Use taint tracking instead of type tracking to define regExpSource 2022-03-18 14:48:12 +01:00
Tom Hvitved
d97eaba070 Ruby: Add dataflow/taintracking copies for use in libraries 2022-03-18 14:48:12 +01:00
Arthur Baars
4a27928728 Ruby/JS add missing ^ in qhelp 2022-03-18 14:00:10 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Asger F
929419abba Merge pull request #8254 from asgerf/ruby/mad-prototype 
Ruby: initial prototype of models-as-data
 2022-03-18 10:48:33 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Tom Hvitved
4df12dc6e6 Data flow: State-changing taint steps should not be stepped over by the big step relation 2022-03-17 14:03:58 +01:00
Arthur Baars
1a51f0cf56 Ruby: regex: fix getGroupNumber 
non-capture groups should not have a group number
 2022-03-16 18:50:51 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
e168da4c5f Shared: make a predicate private 2022-03-16 13:48:56 +01:00
Asger Feldthaus
8cef512234 Ruby: ensure ApiGraphs.qll imports its entry points 2022-03-16 13:40:14 +01:00
Asger Feldthaus
e3fbaf5d8f Shared: prefer exists(var) instead of var = any(string s) 2022-03-16 13:37:08 +01:00
Asger Feldthaus
102540072e Shared: remove documentation prone to falling out of date 2022-03-16 13:32:55 +01:00
Asger Feldthaus
2ca45ef9f9 Ruby: support BlockArgument in identifying access path 2022-03-16 12:51:14 +01:00
Nick Rolfe
94ce578ea4 Ruby: implement getComponent(n) for simple and hash-key symbols 2022-03-16 11:43:46 +00:00
Asger Feldthaus
c9355095e3 Ruby: Use Receiver instead of Argument[-1] in ActiveStorage 2022-03-16 12:37:21 +01:00
Asger Feldthaus
71f195d1e0 Ruby: add test for Receiver in summary 2022-03-16 12:37:21 +01:00
Arthur Baars
6b323eeda8 Update expected output 2022-03-16 12:34:03 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Nick Rolfe
76918238f0 Ruby: test ExprCfgNode::getConstantValue() 2022-03-16 11:21:57 +00:00
Asger Feldthaus
2b02a173c1 Ruby: canonicalize callables based on package;type;path instead of input;output;kind 2022-03-16 12:04:41 +01:00
Nick Rolfe
82ef2a12f6 Merge pull request #8164 from github/nickrolfe/escape_sequences 
Ruby: interpret string escape sequences in getConstantValue()
 2022-03-16 10:45:39 +00:00
Nick Rolfe
1a850028e7 Ruby: update date in changenote filename 2022-03-16 10:32:43 +00:00
Erik Krogh Kristensen
cd9d61c1fc Merge pull request #8450 from erik-krogh/importAs 
disallow lowercase import-as aliases
 2022-03-16 11:32:37 +01:00
Asger Feldthaus
33ca55770c Ruby: EntryPoint.getNode -> getANode 2022-03-16 11:02:26 +01:00
Asger Feldthaus
ecf7073bf1 Shared: codeql -> ql in code blocks 2022-03-16 11:00:24 +01:00
Erik Krogh Kristensen
89af50f6d5 rename all lower-case import-as statements 2022-03-15 14:40:38 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Asger Feldthaus
d628dc0b52 Ruby: sync ApiGraphModels.qll 2022-03-15 10:52:41 +01:00
Asger Feldthaus
7f8205684e Ruby: verify tokens in identifying access path 2022-03-15 10:25:59 +01:00
Asger Feldthaus
65249dabd3 Ruby: add warning for wrong number of columns in CSV row 2022-03-15 09:28:21 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Asger Feldthaus
f28acbf3dc Ruby: autoformat 2022-03-15 08:15:18 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Asger Feldthaus
fee32d3480 Elaborate on qldoc for API::EntryPoint 2022-03-14 17:52:07 +01:00
Asger Feldthaus
be65b9bebc Ruby: remove spurious Instance token from getExtraSuccessorFromInvoke 2022-03-14 17:39:43 +01:00
Asger Feldthaus
072ad8f4a7 Ruby: add (from model) to remote flow description 2022-03-14 17:39:17 +01:00
Asger Feldthaus
37bbd46e43 Ruby: fix broken comment 2022-03-14 17:33:57 +01:00