hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,699 Branches 161 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
8c7431c4ae C++: Put {true,false}cond_base back as deprecated predicates for now 2020-09-02 19:10:36 +01:00
Ian Lynagh
c980ccf7c5 C++: Add an upgrade script 2020-09-02 19:05:05 +01:00
Ian Lynagh
8ce1edbed3 C++: Update stats now CFG tables have been removed 2020-09-02 19:05:05 +01:00
Tom Hvitved
26639a113e C#: Rename Layout.Condition to FilePattern and move to separate file 2020-09-02 19:41:22 +02:00
Max Schaefer
82d92dc726 JavaScript: Avoid bad join order. 
The optimiser decided that it would be a great idea to start the pipeline with `getReturn().getAUse().(DataFlow::InvokeNode)`. It's not.
 2020-09-02 17:42:33 +01:00
Max Schaefer
500f7bd8fa JavaScript: Reduce complexity of SystemCommandExecutors charpred. 2020-09-02 17:42:32 +01:00
Max Schaefer
e3a9906071 JavaScript: Switch MissingRateLimiting.qll to API graphs. 
The added test shows how this helps us avoid false positives.
 2020-09-02 17:35:47 +01:00
Max Schaefer
e34a821cc6 JavaScript: Switch system-command executor modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
6d68036d85 JavaScript: Add test demonstrating more SQL flow. 2020-09-02 17:35:47 +01:00
Max Schaefer
68b3ccdc65 JavaScript: Switch SQL modelling from source nodes to API graphs. 2020-09-02 17:35:47 +01:00
Max Schaefer
f3e9104be4 JavaScript: Add implementation of API graphs. 2020-09-02 17:35:47 +01:00
Arthur Baars
babe69d6e9 Update unit tests 2020-09-02 17:59:56 +02:00
Mathias Vorreiter Pedersen
3cbc4cf0b9 C++: Add field to object taint tests 2020-09-02 17:32:46 +02:00
Rasmus Wriedt Larsen
bf34b07605 Python: Add a few taint tests for default sanitizer 
specifically the ones removes from dataflow tests in https://github.com/yoff/codeql/pull/1
 2020-09-02 16:56:05 +02:00
Taus
8e86d56bce Merge pull request #4189 from RasmusWL/python-experimental-file-structure 
Python: Move files in experimental dirs to be consistent
 2020-09-02 16:34:35 +02:00
Arthur Baars
90f013d74f Merge pull request #4176 from aibaars/missing-qhelp 
Add missing QHelp files
 2020-09-02 16:12:42 +02:00
Asger F
2c0e9f0c86 Merge pull request #4186 from github/rc/1.25 
Mergeback: 1.25 -> main
 2020-09-02 15:12:25 +01:00
Mathias Vorreiter Pedersen
7f5f6b15f7 C++: Make FieldContent private again 2020-09-02 16:05:40 +02:00
Rasmus Wriedt Larsen
4387d106aa Python: Fix formatting (last time, promise) 2020-09-02 15:36:50 +02:00
Rasmus Wriedt Larsen
8aab0c8be7 Python: Fix .qlref for experimental security tests 2020-09-02 15:35:50 +02:00
Max Schaefer
cd64ce7b1a JavaScript: Add utility predicate SSA::implicitInit. 2020-09-02 14:34:52 +01:00
CodeQL CI
c017308505 Merge pull request #4134 from erik-krogh/genCalls 
Approved by asgerf
 2020-09-02 14:23:39 +01:00
Alessio Della Libera
785f335ab8 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:33 +02:00
Alessio Della Libera
548cb65a64 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:23 +02:00
Alessio Della Libera
26046a4847 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:22:07 +02:00
Alessio Della Libera
6ad88bf93f Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-02 15:21:55 +02:00
Arthur Baars
3ed6465716 Address comments 2020-09-02 15:18:31 +02:00
Jonas Jensen
5760213490 Merge pull request #4190 from lcartey/cpp/range-analysis-extensible-assign-ops 
C++: Support `AssignOperation`s with `SimpleRangeAnalysisExpr`s
 2020-09-02 15:16:35 +02:00
Anders Schack-Mulligen
ed6c1798e2 Java: Fix reference to Unit. 2020-09-02 14:47:01 +02:00
Anders Schack-Mulligen
ca8fd6197a Merge pull request #4187 from RasmusWL/java-experimental-file-structure 
Java: Move files in experiemntal dirs to be consistent
 2020-09-02 14:41:26 +02:00
Mathias Vorreiter Pedersen
69c1eadfdc Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-02 14:21:23 +02:00
Erik Krogh Kristensen
bb0e5d5718 give V8 build-ins their correct name 2020-09-02 14:05:59 +02:00
Rasmus Wriedt Larsen
bf3a266f58 Python: dataflow regression tests: remove taint tracking tests 
they will be reintroduced in an other PR
 2020-09-02 13:51:00 +02:00
Mathias Vorreiter Pedersen
5546830af7 C++: Fix a join order in readStep using the unbindInt predicate from the shared dataflow library. This is the tuple counts on ChakraCore before the fix: 
(5539s) Tuple counts for DataFlowPrivate::readStep#fff:
3208924     ~0%      {2} r1 = SCAN Operand::NonPhiMemoryOperand::getAnyDef_dispred#3#ff AS I OUTPUT I.<1>, I.<0>
3208924     ~2%      {2} r2 = JOIN r1 WITH DataFlowUtil::TInstructionNode#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<1>
751306      ~8%      {2} r3 = JOIN r2 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>
751306      ~0%      {3} r4 = JOIN r3 WITH DataFlowUtil::TInstructionNode#ff AS R ON FIRST 1 OUTPUT r3.<0>, r3.<1>, R.<1>
751306      ~0%      {4} r5 = JOIN r4 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r4.<1>, r4.<0>, r4.<2>
751306      ~2%      {4} r6 = JOIN r5 WITH Operand::NonPhiMemoryOperand::getAnyDef_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r5.<1>, r5.<2>, r5.<3>
209341      ~0%      {4} r7 = JOIN r6 WITH Instruction::Instruction::getResultType_dispred#fb AS R ON FIRST 1 OUTPUT R.<1>, r6.<1>, r6.<2>, r6.<3>
7115323     ~1%      {6} r8 = JOIN r7 WITH DataFlowPrivate::FieldContent#class#ffff_1023#join_rhs AS R ON FIRST 1 OUTPUT R.<2>, R.<3>, r7.<1>, r7.<2>, r7.<3>, R.<1>
81341188413 ~0%      {5} r9 = JOIN r8 WITH SSAConstruction::Cached::getUsedInterval#fff_120#join_rhs AS R ON FIRST 2 OUTPUT r8.<3>, R.<2>, r8.<2>, r8.<4>, r8.<5>
137684      ~7%      {3} r10 = JOIN r9 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff AS R ON FIRST 2 OUTPUT r9.<2>, r9.<4>, r9.<3>
751306      ~0%      {3} r11 = JOIN r4 WITH Instruction::LoadInstruction::getSourceAddress_dispred#ff AS R ON FIRST 1 OUTPUT R.<1>, r4.<1>, r4.<2>
94306       ~0%      {3} r12 = JOIN r11 WITH Instruction::FieldInstruction::getField_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r11.<1>, r11.<2>
152363      ~6%      {3} r13 = JOIN r12 WITH DataFlowPrivate::FieldContent::getField_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r12.<1>, R.<1>, r12.<2>
290047      ~22%     {3} r14 = r10 \/ r13
                     return r14

and after:

(851s) Tuple counts for DataFlowPrivate::readStep#fff:
3208924 ~0%      {2} r1 = SCAN Operand::NonPhiMemoryOperand::getAnyDef_dispred#3#ff AS I OUTPUT I.<1>, I.<0>
3208924 ~2%      {2} r2 = JOIN r1 WITH DataFlowUtil::TInstructionNode#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<1>
751306  ~8%      {2} r3 = JOIN r2 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>
751306  ~0%      {3} r4 = JOIN r3 WITH DataFlowUtil::TInstructionNode#ff AS R ON FIRST 1 OUTPUT r3.<0>, r3.<1>, R.<1>
751306  ~0%      {4} r5 = JOIN r4 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff AS R ON FIRST 1 OUTPUT r4.<0>, r4.<1>, r4.<2>, R.<1>
751306  ~0%      {5} r6 = JOIN r5 WITH Instruction::CopyInstruction::getSourceValueOperand_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r5.<1>, r5.<0>, r5.<2>, r5.<3>
751306  ~0%      {5} r7 = JOIN r6 WITH Operand::NonPhiMemoryOperand::getAnyDef_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r6.<1>, r6.<2>, r6.<3>, r6.<4>
209341  ~1%      {5} r8 = JOIN r7 WITH Instruction::Instruction::getResultType_dispred#fb AS R ON FIRST 1 OUTPUT R.<1>, r7.<1>, r7.<2>, r7.<3>, r7.<4>
7115323 ~0%      {7} r9 = JOIN r8 WITH DataFlowPrivate::FieldContent#class#ffff_1023#join_rhs AS R ON FIRST 1 OUTPUT r8.<4>, r8.<1>, r8.<2>, r8.<3>, R.<1>, R.<2>, R.<3>
7116087 ~0%      {9} r10 = JOIN r9 WITH SSAConstruction::Cached::getUsedInterval#fff@staged_ext AS R ON FIRST 1 OUTPUT r9.<1>, r9.<2>, r9.<3>, r9.<0>, r9.<4>, r9.<5>, r9.<6>, R.<1>, R.<2>
449879  ~4%      {9} r11 = SELECT r10 ON r10.<5> <= r10.<7>
193804  ~1%      {9} r12 = SELECT r11 ON r11.<5> >= r11.<7>
154980  ~0%      {9} r13 = SELECT r12 ON r12.<6> <= r12.<8>
137684  ~0%      {9} r14 = SELECT r13 ON r13.<6> >= r13.<8>
137684  ~7%      {3} r15 = SCAN r14 OUTPUT r14.<0>, r14.<4>, r14.<2>
751306  ~0%      {3} r16 = JOIN r4 WITH Instruction::LoadInstruction::getSourceAddress_dispred#ff AS R ON FIRST 1 OUTPUT R.<1>, r4.<1>, r4.<2>
94306   ~0%      {3} r17 = JOIN r16 WITH Instruction::FieldInstruction::getField_dispred#3#ff AS R ON FIRST 1 OUTPUT R.<1>, r16.<1>, r16.<2>
152363  ~6%      {3} r18 = JOIN r17 WITH DataFlowPrivate::FieldContent::getField_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r17.<1>, R.<1>, r17.<2>
290047  ~22%     {3} r19 = r15 \/ r18
                 return r19
 2020-09-02 13:50:55 +02:00
Rasmus Wriedt Larsen
552637a446 Python: dataflow regression tests: fix flow_in_iteration 2020-09-02 13:50:24 +02:00
Rasmus Wriedt Larsen
4977790617 Python: dataflow regression tests: fix source2 2020-09-02 13:49:56 +02:00
Mathias Vorreiter Pedersen
7d00b49d05 C++: Accept test changes 2020-09-02 13:42:35 +02:00
Rasmus Wriedt Larsen
34c5da563e Python: Move files in experiemntal dirs to be consistent 
Except for dataflow (where we have a lot of changes, and I don't want to
introduce lots of merge conflicts right now).
 2020-09-02 13:39:01 +02:00
Rasmus Wriedt Larsen
9c8b829d65 Python: Fix formatting 2020-09-02 13:27:35 +02:00
Arthur Baars
223d94219e C#: autobuild: fix buildless mode for CodeQL 2020-09-02 13:23:23 +02:00
lcartey@github.com
fdfa75f3ec C++: Range analysis, allow extensible assign operations 
- defDependsOnDef supporting all analyzable AssignOperations
 - getDef(Upper|Lower)Bound supporting all analyzable AssignOperations
 2020-09-02 12:22:14 +01:00
Rasmus Wriedt Larsen
7a54d0b493 Java: Move files in experiemntal dirs to be consistent 2020-09-02 13:19:21 +02:00
Jonas Jensen
8e8c65a164 Merge pull request #4146 from jbj/partiallyDefinesVariableAt 
C++: Fix two join orders in FlowVar.qll
 2020-09-02 13:11:29 +02:00
Erik Krogh Kristensen
a24db09418 only flag unused array-destructs if it is the last variable 2020-09-02 11:40:35 +02:00
CodeQL CI
48a1ee6233 Merge pull request #4130 from erik-krogh/bbFix 
Approved by asgerf
 2020-09-02 10:38:50 +01:00
Anders Schack-Mulligen
89829e870d Java: Clean up SqlInjectionLib. 2020-09-02 11:17:56 +02:00
Tom Hvitved
701e189c1b C#: Add change note 2020-09-02 10:52:22 +02:00
Tom Hvitved
1b769ebac9 C#: Address more review comments 2020-09-02 10:52:05 +02:00
Tom Hvitved
51dc1515ab C#: Address review comments 2020-09-02 10:52:05 +02:00
Tom Hvitved
92bf830a8a C#: Avoid bad magic in UselessUpcast.ql 2020-09-02 10:52:05 +02:00