Compare commits

...

8463 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Erik Krogh Kristensen
efa895e912 update expected output 2022-05-25 10:33:39 +00:00
Erik Krogh Kristensen
f38d1f9a4e merge main into ts47 2022-05-25 10:13:25 +00:00
Tom Bolton
67572bb770 Merge pull request #9193 from github/tombolton/add-counting-queries
JS: Add individual per-security-query counting queries
2022-05-25 10:02:28 +01:00
Michael Nebel
e9d371c650 Merge pull request #8600 from michaelnebel/csharp/dotnetruntimemodels
C#: Dotnet Runtime models.
2022-05-25 10:33:09 +02:00
AlexDenisov
8b131adeb1 Merge pull request #9283 from github/alexdenisov/swift-integration-tests
Swift: add integration tests
2022-05-25 10:04:08 +02:00
Michael Nebel
9cab92b16f C#: Update flow summaries test after rebase. The rebase included a fix to the isAutoGenerated predicate, which means that a summary is only considered autogenerated, if no hand-written version exist. This affects the printing as well. 2022-05-25 08:28:15 +02:00
Michael Nebel
5b405bb4cf C#: Update FlowSummaries test with generated printing (needed due to rebase). 2022-05-25 08:28:15 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
75532432af C#: Update flow summaries test (note that the test doesn't correctly print the generated flag at the moment). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
268230ef19 C#: Add QlDoc to the Generated file. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
d9c7ba471d C#: Update taint steps test as the generated models now include a model for the getters for KeyValuePair (we only had manual summaries for the constructor). 2022-05-25 08:28:14 +02:00
Michael Nebel
f8e729025f C#: Add generated Dotnet Runtime summary models that allows to up two reads and two stores and update flow summaries test. 2022-05-25 08:28:14 +02:00
Michael Nebel
3b62b45ea8 C#: Add generated framework models to ExternalFlow. 2022-05-25 08:28:14 +02:00
Tom Hvitved
efda248bea Merge pull request #9315 from michaelnebel/swift/dataflowsync
Swift: Sync changes to DataFlowImplCommon from PR #9024.
2022-05-25 08:24:15 +02:00
Michael Nebel
5f3a039c65 Swift: Sync changes to DataFlowImplCommon from PR #9024. 2022-05-25 08:05:22 +02:00
Erik Krogh Kristensen
2da001ebd7 bump TypeScript version to stable release 2022-05-24 22:55:59 +02:00
Robert Marsh
8cc509e5e9 Merge pull request #9275 from MathiasVP/swift-add-dataflow-lib
Swift: Add shared dataflow library
2022-05-24 15:11:42 -04:00
Robert Marsh
54ac36718c Merge pull request #9284 from MathiasVP/more-cfg-for-exprs
Swift: CFG for `TypeExpr`, `MemberRefExpr`, `DefaultArgumentExpr` and `ForceValueExpr`
2022-05-24 14:51:26 -04:00
Chris Smowton
98ef22358e Merge pull request #9213 from smowton/smowton/fix/inherited-single-abstract-method
Kotlin: fix implementation of SAM classes that inherit their abstract method
2022-05-24 18:22:55 +01:00
Ian Lynagh
2e1db7ddcd Merge pull request #9290 from igfoo/igfoo/kotlin1.7
Kotlin: Add support for the 1.7 RC
2022-05-24 16:16:19 +01:00
Nick Rolfe
dd52a70454 Merge pull request #9292 from github/nickrolfe/cfg_scope
Ruby: rename CfgScope::Range_ to CfgScopeImpl
2022-05-24 15:53:16 +01:00
Michael Nebel
daace0fe68 Merge pull request #9270 from michaelnebel/csharp/summarized-callable-fix
C#: Summarized callable
2022-05-24 16:36:44 +02:00
Jeroen Ketema
1075a141a4 Merge pull request #9293 from jketema/query-typo
C++: Fix missing closing quote in `cpp/potential-buffer-overflow` qldoc
2022-05-24 16:16:57 +02:00
Ian Lynagh
81e876a27b Kotlin: Update build.gradle to include the 1.7.0 RC 2022-05-24 15:14:17 +01:00
Ian Lynagh
d7c17b2bac Kotlin: Add more withHasQuestionMark.kt's 2022-05-24 15:12:29 +01:00
Ian Lynagh
398f86bcc3 Kotlin: Build system tweaks 2022-05-24 15:11:35 +01:00
Ian Lynagh
f46a7c0a0f Kotlin: Add 1.7.0 RC 2022-05-24 15:11:13 +01:00
Ian Lynagh
846edf825a Kotlin: Use withHasQuestionMark wrapper 2022-05-24 15:10:39 +01:00
Ian Lynagh
807f03a878 Kotlin: Add withHasQuestionMark for older releases 2022-05-24 15:10:39 +01:00
Ian Lynagh
4448ba1111 Kotlin: Add compatibility source for 1.7.0-RC 2022-05-24 15:10:39 +01:00
Ian Lynagh
078733c5fe Merge pull request #9263 from tamasvajk/kotlin-versions
Kotlin: Add support for versions 1.5.0, 1.5.10, and 1.5.21
2022-05-24 15:10:09 +01:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Jeroen Ketema
f93fde564b C++: Fix missing closing quote in cpp/potential-buffer-overflow qldoc 2022-05-24 15:36:37 +02:00
Nick Rolfe
4b4a15c1b6 Ruby: rename CfgScope::Range_ to CfgScopeImpl 2022-05-24 14:34:44 +01:00
Chris Smowton
edb678f7d0 Rename function 2022-05-24 14:15:40 +01:00
Tom Hvitved
728ccafe2b Merge pull request #9024 from hvitved/dataflow/content-flow-lib
Data flow: Introduce `ContentDataFlow.qll`
2022-05-24 15:09:16 +02:00
Tom Hvitved
d61f6453d0 Merge pull request #8942 from hvitved/ruby/dataflow/hashes
Ruby: Data-flow through hashes
2022-05-24 14:48:55 +02:00
Tom Hvitved
1ae8087379 Update ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-05-24 14:27:59 +02:00
Tom Hvitved
daf81ae90d Address review comments 2022-05-24 14:27:59 +02:00
Tom Hvitved
ab46c075f7 Ruby: Add change note 2022-05-24 14:27:58 +02:00
Tom Hvitved
63c70b9e7a Address review comments 2022-05-24 14:27:58 +02:00
Tom Hvitved
faf24a4f18 Ruby: Data-flow through hashes 2022-05-24 14:27:55 +02:00
Arthur Baars
6781a76b96 Merge pull request #9206 from aibaars/instance-variable-flow
Ruby: flow through instance variables
2022-05-24 14:02:33 +02:00
Tamás Vajk
730f54ade2 Merge pull request #9280 from tamasvajk/kotlin-map-kj-properties
Kotlin: Fix missing kotlin to java property mapping
2022-05-24 13:16:29 +02:00
Chris Smowton
ae56b823e0 Merge pull request #9282 from github/smowton/admin/go-tests-owner
Change owner of Go-related workflows
2022-05-24 11:47:09 +01:00
Chris Smowton
71017a3b44 Alphabetically sort workflow codeowners 2022-05-24 11:20:51 +01:00
Erik Krogh Kristensen
2423c77b0c Merge pull request #9281 from erik-krogh/jsQL
JS: various QL-for-QL fixes
2022-05-24 12:12:31 +02:00
Ian Lynagh
07e450d513 Merge pull request #9269 from igfoo/igfoo/cfg
Kotlin: Fix CFG
2022-05-24 10:53:00 +01:00
Alex Denisov
fa09078976 Swift: do not keep trap files for tests 2022-05-24 11:48:45 +02:00
Alex Denisov
8e8da66325 Swift: share .gitignore across all tests 2022-05-24 11:48:06 +02:00
Chris Smowton
fd60ab420d Merge pull request #9278 from github/dependabot/github_actions/actions/setup-go-3
Bump actions/setup-go from 1 to 3
2022-05-24 10:24:31 +01:00
Mathias Vorreiter Pedersen
3e1a6a777e Swift: Accept test changes. 2022-05-24 10:22:06 +01:00
Mathias Vorreiter Pedersen
dda60abfef Swift: Add CFG for a couple more expressions. 2022-05-24 10:21:04 +01:00
Erik Krogh Kristensen
b2d3a7dca5 add change-note for the public renamed predicate 2022-05-24 11:20:08 +02:00
Alex Denisov
528f6f73c5 Swift: add integration tests 2022-05-24 11:12:35 +02:00
Mathias Vorreiter Pedersen
7752a38ee5 Merge pull request #9274 from MathiasVP/swift-extract-semantics-and-accessor-kinds
Swift: Extract semantics and accessor kinds
2022-05-24 10:12:30 +01:00
Chris Smowton
bd06a071c4 Change owner of Go-related workflows 2022-05-24 10:11:36 +01:00
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00
Erik Krogh Kristensen
b48806968c delete redundant import 2022-05-24 11:02:41 +02:00
Erik Krogh Kristensen
395ec106b9 remove unused field 2022-05-24 11:02:18 +02:00
Mathias Vorreiter Pedersen
21641eb1cd Swift: Make the 'semantics.ql' test plantform-independent. 2022-05-24 10:00:14 +01:00
Erik Krogh Kristensen
d58fe8e193 add explicit this 2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen
d1ad08ecb5 fix misspellings in predicate names 2022-05-24 10:57:13 +02:00
Tom Hvitved
6345816acf Rework ContentDataFlow implementation 2022-05-24 10:34:06 +02:00
Mathias Vorreiter Pedersen
be453142b8 Merge pull request #8730 from geoffw0/reachesperf
C++: Better join order for reachesWithoutAssignment.
2022-05-24 09:22:21 +01:00
Jeroen Ketema
05f09919b0 Merge pull request #9276 from jketema/upgrade-script-script
Support Go and Swift in the `prepare-db-upgrade` script
2022-05-24 10:09:31 +02:00
Tamas Vajk
5a54218ac7 Kotlin: Fix missing kotlin to java property mapping 2022-05-24 10:03:17 +02:00
Tamas Vajk
19400249a9 Kotlin: Add test for missing kotlin to java property mapping 2022-05-24 10:02:32 +02:00
Mathias Vorreiter Pedersen
a0659072b5 Swift: Add tests and accept test changes. 2022-05-24 09:00:34 +01:00
Mathias Vorreiter Pedersen
cf5f1e593e Swift: Extract new entities. 2022-05-24 08:57:05 +01:00
Mathias Vorreiter Pedersen
cdb081eaec Swift: Update schema and update generated files. 2022-05-24 08:57:05 +01:00
Michael Nebel
42be60ea57 C#: Address codereview comments. 2022-05-24 08:21:39 +02:00
Michael Nebel
a8b103b89c Java: Update dependencies. 2022-05-24 08:21:39 +02:00
Michael Nebel
94664f11f5 C#/Java/Ruby: Sync files. 2022-05-24 08:21:39 +02:00
Michael Nebel
eed02a2a9f C#: Fix issue with isAutoGenerated predicate and make sure that data flow only use relevant summaries. 2022-05-24 08:21:38 +02:00
dependabot[bot]
dfa9d9ff85 Bump actions/setup-go from 1 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 1 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 03:39:16 +00:00
Arthur Baars
8248f607e4 Merge pull request #9277 from github/aibaars/go-test-workflow
Go: trigger CI jobs on Go related changes only
2022-05-23 23:51:34 +02:00
Aditya Sharad
7853ea607f Merge pull request #9243 from github/adityasharad/merge-codeql-go-docs
Docs: Update references to github/codeql-go
2022-05-23 14:37:23 -07:00
Arthur Baars
7a85ab1690 Go: trigger CI jobs on Go related changes only 2022-05-23 21:25:27 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj
JS: recognize functions that return object of methods as library input
2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
0c10927adc Merge pull request #9261 from erik-krogh/passport
JS: remove support for passport in the session-fixation query
2022-05-23 19:56:42 +02:00
Aditya Sharad
42f2fc2287 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-05-23 10:55:50 -07:00
Jeroen Ketema
34df9dc835 Support Go and Swift in the prepare-db-upgrade script 2022-05-23 19:09:00 +02:00
Mathias Vorreiter Pedersen
9b67912da2 Updated sync-identical-files. 2022-05-23 18:04:32 +01:00
Mathias Vorreiter Pedersen
f46fc34481 Swift: Add skeleton for shared dataflow library. 2022-05-23 18:03:47 +01:00
Mathias Vorreiter Pedersen
b681a10bfe Swift: Add shared SSA library. 2022-05-23 18:01:43 +01:00
Arthur Baars
cf2eb0d3a1 Merge branch 'main' into instance-variable-flow 2022-05-23 18:48:51 +02:00
Chuan-kai Lin
d3ebc814f5 Merge pull request #8631 from github/cklin/merge-codeql-go
Merge codeql-go repository into codeql
2022-05-23 09:22:28 -07:00
Mathias Vorreiter Pedersen
9b0d84c1a3 Merge pull request #9268 from MathiasVP/swift-add-cfg-library
Swift: Extend AST classes and add control-flow library
2022-05-23 16:37:51 +01:00
Harry Maclean
905a37c273 Merge pull request #9137 from hmac/hmac/cfg-ql-class
Ruby: Add getAPrimaryQlClass to CfgNodes classes
2022-05-23 15:37:51 +01:00
Mathias Vorreiter Pedersen
358a8aba7a Merge pull request #8994 from HansmannThibaut/main
C/C++ : Wrong Uint access
2022-05-23 15:31:23 +01:00
Mathias Vorreiter Pedersen
4ba29845e9 Swift: Fix Code Scanning alerts. 2022-05-23 15:18:36 +01:00
Ian Lynagh
8e64978ffd Kotlin: Autoformat 2022-05-23 14:51:41 +01:00
Geoffrey White
dcbd5dd98a Merge branch 'main' into reachesperf 2022-05-23 14:49:32 +01:00
Taus
3745526d69 Merge pull request #9108 from RasmusWL/promote-pam
Python: Promote `py/pam-auth-bypass`
2022-05-23 15:27:12 +02:00
Mathias Vorreiter Pedersen
ba28632c96 Update cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp 2022-05-23 14:11:13 +01:00
CodeQL CI
04ca9cfaf4 Merge pull request #9234 from asgerf/js/api-graph-accessors
Approved by erik-krogh
2022-05-23 06:08:50 -07:00
Erik Krogh Kristensen
aadbc989ce fix typo in comment
Co-authored-by: Asger F <asgerf@github.com>
2022-05-23 15:07:29 +02:00
Harry Maclean
ae3a30256b Ruby: Add getAPrimaryQlClass to CfgNode 2022-05-23 14:02:23 +01:00
Tom Hvitved
64be958c52 Merge pull request #9262 from hvitved/ruby/local-source-node-antijoin
Ruby: Eliminate bad `isLocalSourceNode` antijoin
2022-05-23 14:36:03 +02:00
Tamas Vajk
ccc6d2501a Kotlin: adjust build scripts to include versions 1.5.0, 1.5.10, and 1.5.21 2022-05-23 14:19:53 +02:00
Tamas Vajk
0dfbe7adfb Kotlin: Add 1.5.21 specific files 2022-05-23 14:19:53 +02:00
Tamas Vajk
9df9d3ad03 Kotlin: Add 1.5.10 specific files 2022-05-23 14:19:53 +02:00
Tamas Vajk
83a1f687a1 Kotlin: Add 1.5.0 specific files 2022-05-23 14:19:52 +02:00
Erik Krogh Kristensen
ba844aa0ab Merge branch 'main' into exportObj 2022-05-23 14:18:31 +02:00
yoff
23d64ffa04 Merge pull request #9135 from tausbn/python-modernise-py-jinja2-autoescape-false
Python: Modernise py/jinja2/autoescape-false
2022-05-23 14:18:06 +02:00
Mathias Vorreiter Pedersen
2882c42698 Swift: Sync identical files. 2022-05-23 13:13:26 +01:00
Mathias Vorreiter Pedersen
6540e1e8bf Swift: Share 'ControlFlowGraphImplShared.qll' for Swift with Ruby and C#. 2022-05-23 13:12:45 +01:00
Mathias Vorreiter Pedersen
e98728b788 Swift: Fix casing on import alias. 2022-05-23 13:08:09 +01:00
Mathias Vorreiter Pedersen
83bcb53199 Swift: Add tests accept test changes. 2022-05-23 13:05:55 +01:00
Tamás Vajk
487425670e Merge pull request #9229 from tamasvajk/kotlin-df-fix-list
Kotlin: extract non-private members of class supertypes
2022-05-23 14:04:31 +02:00
Mathias Vorreiter Pedersen
9f8fbd7aa7 Swift: Add control-flow library. 2022-05-23 12:59:06 +01:00
Mathias Vorreiter Pedersen
26f0d3ac43 Swift: Add helper predicates on AST classes 2022-05-23 12:51:51 +01:00
Paolo Tranquilli
06a8cf6f1e Merge pull request #9198 from github/redsun82/swift-self-contained-cpp-code-gen
Swift: make C++ code generation more self-contained
2022-05-23 13:45:58 +02:00
Asger F
0929f5eb49 JS: Update test assertions to new syntax 2022-05-23 13:12:52 +02:00
Asger Feldthaus
33dac5e95f JS: API graph support for accessors (and classes) 2022-05-23 13:12:52 +02:00
Tom Hvitved
9cc9991c74 C#: Update ContentDataFlow test
Illustrates missing flow when the sink is inside a method that is also part of
a `subpath`.
2022-05-23 13:05:28 +02:00
Paolo Tranquilli
1e9fcfb338 Merge pull request #9265 from github/redsun82/swift-rm-codeqlmanifest
Swift: remove `.codeqlmanifest`
2022-05-23 13:00:58 +02:00
Erik Krogh Kristensen
7a3bbede1b remove support for passport in the session-fixation query 2022-05-23 12:55:11 +02:00
Paolo Tranquilli
63f5a86699 Merge pull request #9264 from github/redsun82/swift-fix-ndebug-build
Swift: fix extractor built with `NDEBUG`
2022-05-23 12:50:49 +02:00
Paolo Tranquilli
a3f6682bbb Swift: remove .codeqlmanifest
The extractor pack entry in there has been moved to the root manifest.
2022-05-23 12:49:08 +02:00
Paolo Tranquilli
ea6a249fee Swift: fix extractor built with NDEBUG
There was a call with side effects in an `assert`, that was therefore
not being called with `NDEBUG` turned on, changing extractor results.
2022-05-23 12:35:54 +02:00
Ian Lynagh
62ece16cf4 Kotlin: Accept test changes 2022-05-23 11:27:22 +01:00
Ian Lynagh
42da7c6c58 Kotlin: Fix CFG 2022-05-23 11:27:22 +01:00
Arthur Baars
965f83e198 Reformat ControlFlowGraphImpl.qll 2022-05-23 12:22:47 +02:00
Arthur Baars
eabf2ed2d3 Apply suggestions from code review
Co-authored-by: Tom Hvitved <hvitved@github.com>
2022-05-23 12:18:48 +02:00
Tom Hvitved
d6b0772f7c Ruby: Improve performance of instanceVariableSelfSynthesis 2022-05-23 12:08:41 +02:00
Arthur Baars
d86983b7c8 Ruby: use InstanceVariableRead/WriteAccess CFG nodes 2022-05-23 12:03:11 +02:00
Arthur Baars
5fa4f07f7d Improve QLDoc 2022-05-23 11:59:28 +02:00
Arthur Baars
7ed60b19a2 Ruby: improve test case 2022-05-23 11:59:12 +02:00
Arthur Baars
29ea1b2f24 Ruby: rename getSelfVariableAccess to getReceiver 2022-05-23 11:30:29 +02:00
Arthur Baars
f6ca3921f9 Add change note 2022-05-23 10:59:54 +02:00
Tom Hvitved
bbdedf5f14 Ruby: Eliminate bad isLocalSourceNode antijoin
Gets rid of
```
Tuple counts for DataFlowPrivate::Cached::isLocalSourceNode#462ff392#f#antijoin_rhs@dd2f927s:
        20905019     ~3%    {2} r1 = JOIN DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body WITH boundedFastTC(DataFlowPrivate::Cached::localFlowStepTypeTracker#462ff392#ff_10#higher_order_body,DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body) ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        10420128  ~1496%    {1} r2 = JOIN r1 WITH DataFlowPrivate::Cached::TExprNode#462ff392#ff_1#higher_order_body ON FIRST 1 OUTPUT Lhs.1

          480918     ~8%    {1} r3 = JOIN r1 WITH DataFlowPrivate::Cached::entrySsaDefinition#462ff392#f ON FIRST 1 OUTPUT Lhs.1

        10901046  ~1218%    {1} r4 = r2 UNION r3
                            return r4
```
2022-05-23 10:54:17 +02:00
Tamas Vajk
4732793fb6 Change type tests
Linux and MacOS produced different results, so the queried types are now limited to ones that are visible in the source code.
2022-05-23 10:39:22 +02:00
Tamas Vajk
d3e64f5135 Kotlin: extract non-private members of class supertypes 2022-05-23 10:39:22 +02:00
Tamas Vajk
b0c6db4cfc Kotlin: add missing dataflow test for List::iterator 2022-05-23 10:39:22 +02:00
Tamas Vajk
ab920d31dc Repro for kotlin-java difference with generic types 2022-05-23 10:39:22 +02:00
Michael Nebel
bf958ff5bb Merge pull request #9255 from michaelnebel/csharp/test-clearscontent
C#: Remove default clears content.
2022-05-23 10:30:30 +02:00
Michael Nebel
c82ab6813f Merge pull request #9256 from michaelnebel/csharp/test-ranking
C#: Rank summaries and source code in dataflow callables.
2022-05-23 10:29:52 +02:00
Anders Schack-Mulligen
f2218944f6 Merge pull request #9214 from hvitved/dataflow/lambda-fp-flow
Data flow: Do not discard call context when computing reverse lambda flow through jumps
2022-05-23 10:02:51 +02:00
Michael Nebel
217c414b6e C#: Now that SummarizedCallableDefaultClears content has been removed, we need to explicitly say that fields are cleared. 2022-05-23 08:58:09 +02:00
Michael Nebel
ddde1d4607 C#: Remove default clears content. 2022-05-22 15:16:44 +02:00
Michael Nebel
f141336f64 C#: Fake location of methods as we want to use the defined summaries for testing purposes. 2022-05-22 15:14:58 +02:00
Michael Nebel
9f611d79ac C#: Rank summaries and source code such that only one is used. 2022-05-22 15:14:19 +02:00
Chris Smowton
5119de8d22 Merge pull request #9238 from atorralba/atorralba/remove-xxe-sinks
Java: Remove org.dom4j.DocumentHelper:parseText as XXE sink
2022-05-21 17:33:06 +01:00
Erik Krogh Kristensen
7971b54771 Merge pull request #8891 from erik-krogh/qlMergeFix
QL: point the dataset measure workflow to a merge_stats.py file that exists
2022-05-20 22:33:59 +02:00
Aditya Sharad
4d74282175 Actions: Avoid cloning codeql-go when building query list docs 2022-05-20 12:10:21 -07:00
Aditya Sharad
beddd306f5 Docs: Update references to github/codeql-go
github/codeql-go is being merged into github/codeql.
Update references to `codeql-go` within the CodeQL CLI docs.
Add Go to the list of mentioned languages where applicable.

Leave an explanatory note in the setup instructions about the
previous requirement to check out `github/codeql-go`, and
mention this is no longer necessary.

The remaining references are to historical commits,
which will continue to exist.
2022-05-20 12:10:21 -07:00
Chuan-kai Lin
7f96319b37 Clean up direct references to codeql-go
This commit removes special handling of the github/codeql-go repository in the
ql-for-ql-dataset_measure.yml and the query-list.yml workflows.
2022-05-20 10:23:48 -07:00
Chuan-kai Lin
827c7ab153 Go: fix search and tool paths for 'make test' 2022-05-20 10:22:47 -07:00
Arthur Baars
7bc6c10f5b Go: fix search-path for 'make test' 2022-05-20 10:22:47 -07:00
Chuan-kai Lin
c58b5397c2 Go: delete test qhelp file
There shouldn't be qhelp files in the ql/test tree.
https://github.com/github/codeql/pull/8631#issuecomment-1087316116
2022-05-20 10:22:47 -07:00
Chuan-kai Lin
1276c41e83 codeql-go merge prep: integrate go/ into codeql 2022-05-20 10:22:47 -07:00
Chuan-kai Lin
097d5189e9 Merge branch 'main' into cklin/merge-codeql-go-prep 2022-05-20 10:22:19 -07:00
Chuan-kai Lin
aa514fff32 codeql-go merge prep: move into go/ directory 2022-05-20 10:07:19 -07:00
Arthur Baars
439dcc0731 Merge pull request #9241 from aibaars/fix-history
Kotlin changes
2022-05-20 17:31:57 +02:00
Arthur Baars
f3f0e06127 Merge branch 'main' into fix-history 2022-05-20 17:20:42 +02:00
Paolo Tranquilli
f2bc73bf8f Merge pull request #9239 from github/redsun82/swift-visitors
Swift: transfer all visitors
2022-05-20 16:38:06 +02:00
Arthur Baars
68aeb2ba85 Update test output 2022-05-20 16:30:58 +02:00
Arthur Baars
d9c2b78aa2 Ruby: flow through instance variables 2022-05-20 16:30:58 +02:00
Paolo Tranquilli
fc165c1975 Swift: remove IDE generated comment header 2022-05-20 16:25:33 +02:00
Paolo Tranquilli
f52a849ab8 Merge branch 'main' into redsun82/swift-self-contained-cpp-code-gen 2022-05-20 16:16:35 +02:00
Tamás Vajk
144937a753 Merge pull request #9154 from tamasvajk/kotlin-error-warning-1
Kotlin: Adjust diagnostic message severity
2022-05-20 16:12:39 +02:00
Paolo Tranquilli
e6f2ab003c Swift: remove empty DB-CHECK.expected files 2022-05-20 16:01:56 +02:00
Paolo Tranquilli
b0668ee6c2 Swift: remove unused decl properties 2022-05-20 15:42:28 +02:00
Paolo Tranquilli
553930d9e3 Swift: type visitor
This transfers the current state of `TypeVisitor` from the
proof-of-concept.
2022-05-20 15:42:20 +02:00
Paolo Tranquilli
922608c65a Swift: expression visitor
This transfers the current status of `ExprVisitor` from the
proof-of-concept, together with some changes required for swift 5.6.
2022-05-20 15:41:27 +02:00
Paolo Tranquilli
3f45b73d62 Swift: pattern visitor
This transfers the current state of `PatternVisitor` from the
proof-of-concept.
2022-05-20 15:41:27 +02:00
Paolo Tranquilli
19506dae74 Swift: statement visitor
This transfers the current state of `StmtVisitor` in the PoC, plus some
changes required for the update to swift 5.6.

Also `getLabel` in `SwiftDispatcher` got renamed to `createLabel`, and
is now correctly outputting the label assignment to the trap file.
2022-05-20 15:41:27 +02:00
Paolo Tranquilli
d6ced16aa8 Swift: declaration visitor
This transfers the current state of `DeclVisitor` from the
proof-of-concept.

TODO: make the `declarations` tests in `extractor-tests` more
comprehensive.
2022-05-20 15:41:22 +02:00
Paolo Tranquilli
da7e700a8f Merge pull request #9185 from github/redsun82/swift-tbd-rework
Swift: move TBD code to ql
2022-05-20 15:39:31 +02:00
Stephan Brandauer
cdceb66b07 add test for moduleSuffixes 2022-05-20 15:10:13 +02:00
Ian Lynagh
6652c27591 Merge pull request #9236 from igfoo/igfoo/kotlinc
Kotlin: Use 'which' to find kotlinc
2022-05-20 14:06:59 +01:00
Tamas Vajk
7aafc5f88c Kotlin: Adjust diagnostic message severity
Make extraction messages `warning` if code is still extracted regardless of the reported issue. Make extraction messages `error` if some code is not extracted.
2022-05-20 14:55:16 +02:00
Ian Lynagh
73759705ae Merge pull request #9121 from github/igfoo/mjson
Kotlin: Write the log file as Line-delimited JSON
2022-05-20 13:51:20 +01:00
Tony Torralba
98f70dc7d3 Remove org.dom4j.DocumentHelper:parseText as XXE sink 2022-05-20 14:45:26 +02:00
Tony Torralba
aba4a9aa4a Merge pull request #9233 from atorralba/atorralba/fix-field-init-test
Kotlin: Fix test to correctly highlight lack of flow from field init
2022-05-20 14:37:22 +02:00
Stephan Brandauer
d6abb2e6bd add new supported file types to versions-compilers.rst
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-20 14:34:53 +02:00
Stephan Brandauer
cb4b2e983b delete test of removed feature 2022-05-20 14:33:07 +02:00
Ian Lynagh
3fd61581b3 Kotlin: Call the right kotlinc 2022-05-20 12:59:04 +01:00
Ian Lynagh
44efb34447 Kotlin: Use 'which' to find kotlinc
This means we handle kotlinc.batr and kotlinc.cmd on Windows.
2022-05-20 12:44:55 +01:00
Stephan Brandauer
813fbf27de support for .mts and .cts file extensions 2022-05-20 13:33:52 +02:00
Ian Lynagh
4eddb6224b Kotlin: Format a query 2022-05-20 12:07:35 +01:00
Ian Lynagh
df9f75832c Kotlin: Fix diagnostics test 2022-05-20 12:07:35 +01:00
Ian Lynagh
f7fa00ef6c Kotlin: Accept test output 2022-05-20 12:07:35 +01:00
Ian Lynagh
d6f8342431 Kotlin: Write the log file as Line-delimited JSON 2022-05-20 12:07:35 +01:00
Ian Lynagh
b5ad6f9c04 Kotlin: Add a LogMessage class 2022-05-20 12:07:35 +01:00
Ian Lynagh
d900c3d994 Merge pull request #9221 from smowton/smowton/admin/handle-missing-kotlinc-gracefully
Kotlin: Handle missing kotlinc gracefully
2022-05-20 12:06:06 +01:00
Ian Lynagh
d2cb1aa89c Merge pull request #9218 from igfoo/igfoo/geninst
Kotlin: Avoid "generic specialisation" label collisions
2022-05-20 11:42:22 +01:00
Ian Lynagh
9844ae703e Merge pull request #9219 from igfoo/igfoo/livelits
Improve LiveLiterals
2022-05-20 11:42:16 +01:00
Anders Schack-Mulligen
8beef45599 Merge pull request #9195 from aschackmull/java/perf-local-flow
Java: Performance fixes for local flow relation
2022-05-20 12:38:02 +02:00
Tony Torralba
775b53b7b4 Fix test to correctly highlight lack of flow from field init 2022-05-20 12:36:10 +02:00
Paolo Tranquilli
09967bfd42 Swift: add comment about CRTP 2022-05-20 12:35:58 +02:00
Paolo Tranquilli
f5b2c31a3c Swift: rename DispatcherWrapper to VisitorBase 2022-05-20 12:25:45 +02:00
Paolo Tranquilli
da00bf99a1 Swift: move TBD code to ql
This allows to avoid bypassing label type correcness in the extractor,
and allows to independently resolve TBD extractions, as with this
approach TBD nodes do have the correctly typed trap label. The TBD
status is now a predicate on the QL side.

This requires:
* a default visit using the correct type, which is achieved via macro
  metaprogramming in `VisitorBase.h`, following the way
  `swift::ASTVisitor` is programmed
* a mapping from labels to corresponding binding trap entries. The
  functor is defined in `TrapTagTraits.h` and instantiated in generated
  `TrapEntries.h`
* Binding trap entries for TBD unknown entities must not have any other
  field than the `id` (after all, we are supposed to not extract them
  yet). This is why all unextracted fields in `schema.yml` have been
  commented out, and will be uncommentend when visitors are added
2022-05-20 09:52:27 +02:00
Michael Nebel
20af134ff0 Merge pull request #9210 from michaelnebel/dataflow/summarizedcallablerefactor
DataFlow - SummarizedCallable refactor
2022-05-20 09:32:30 +02:00
Tamás Vajk
3407b0f055 Merge pull request #9152 from tamasvajk/kotlin-fix-parcelize-reflection-1
Kotlin: Fix extraction of reflective call generated by Parcelize
2022-05-20 09:06:21 +02:00
Chris Smowton
d9f65fe34f Handle missing kotlinc gracefully 2022-05-19 21:54:18 +01:00
Chris Smowton
e80254b0a6 Fix generated implementation of an inherited single abstract method
For example, UnaryOperator<T> extends Function<T, T> without overriding / defining its own `apply` method.
2022-05-19 20:57:54 +01:00
Ian Lynagh
f918b2e763 Merge pull request #9217 from igfoo/igfoo/tweak_logging
Kotlin: Tweak logging
2022-05-19 18:31:40 +01:00
Tony Torralba
5498f41248 Apply code review suggestion to increase precision in getValue 2022-05-19 17:35:34 +01:00
Tony Torralba
bc84ff2031 Improve docs of LiveLiteral
Also remove transitive closure from calls
2022-05-19 17:35:27 +01:00
Ian Lynagh
e153f30c01 Kotlin: Avoid "generic specialisation" label collisions
We had a global set of labels for generic specialisations that we'd
extracted, but these labels could contain references to other labels,
and thus you can get false collisions between labels for different TRAP
files. We now only keep the set for a single TRAP file, and live with
the extra TRAP duplication that we get from that.
2022-05-19 17:29:41 +01:00
Ian Lynagh
9e3cde001a Kotlin: Tweak logging
Makes it easier to filter out the peak memory info
2022-05-19 16:59:52 +01:00
Chris Smowton
01aaa6ccbf Merge pull request #9123 from smowton/smowton/fix/type-variable-in-scope-consistency
Kotlin: fix cases where type variables were used out of scope
2022-05-19 16:57:41 +01:00
Tom Hvitved
3ebd4af24e C#: Fix another test 2022-05-19 16:23:31 +02:00
Chris Smowton
c9232c075c Autoformat 2022-05-19 15:18:10 +01:00
Stephan Brandauer
67697e1066 update meta information and release note for typescript 4.7 upgrade 2022-05-19 15:45:27 +02:00
Stephan Brandauer
0f3448dc24 update tests for typescript 4.7 2022-05-19 15:45:19 +02:00
Tom Hvitved
909ad2a61a Address review comment 2022-05-19 15:37:18 +02:00
Tom Hvitved
f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Tom Hvitved
a18aef23f9 Data flow: Do not discard call context when computing reverse lambda flow through jumps 2022-05-19 15:19:41 +02:00
Tom Hvitved
ea703bc49a Ruby: Add test that illustrates false negative lambda flow 2022-05-19 15:19:34 +02:00
Ian Lynagh
d18e03cf9a Merge pull request #9212 from igfoo/igfoo/kotlin_mem
Kotlin: Log peak memory usge before and after extractor
2022-05-19 14:01:07 +01:00
Ian Lynagh
e319ab1b70 Kotlin: Format a query 2022-05-19 13:56:04 +01:00
Chris Smowton
1039e29b90 Adjust test result 2022-05-19 13:42:28 +01:00
Michael Nebel
575b8376f3 C#: Update Flow summaries QL test code based on refactor. 2022-05-19 14:41:24 +02:00
Chris Smowton
4f08981586 Expand warning message to note that there are known Java extractor bugs relating to this query 2022-05-19 13:37:18 +01:00
Ian Lynagh
9b40724dcb Kotlin: Log peak memory usge before and after extractor
Ideally this would be in a more JSON-friendly format, and also in the
database, but this at least makes the information available.
2022-05-19 13:36:11 +01:00
AlexDenisov
480c6b985b Merge pull request #9211 from github/redsun82/swift-no-pip-install
remove `pip install` mention from README.md
2022-05-19 13:55:14 +02:00
Tom Hvitved
0a52420581 C#: Add ContentDataFlow test 2022-05-19 13:28:56 +02:00
Tom Hvitved
2b2ac06128 Data flow: Sync files 2022-05-19 13:28:56 +02:00
Tom Hvitved
bd9b6567c7 Data flow: Introduce ContentDataFlow.qll 2022-05-19 13:28:56 +02:00
Michael Nebel
ff1e6637ac C#: Fix issue with summaryElement predicate. 2022-05-19 13:06:24 +02:00
Chris Smowton
e722c99218 Autoformat 2022-05-19 11:55:31 +01:00
Chris Smowton
4f54bb66b8 Accept consistency check failure
The Java extractor assigns a type with unbound type variables to the result of ImmutableSortedMap.of calls.
2022-05-19 11:55:31 +01:00
Chris Smowton
ea9aa59627 Add test 2022-05-19 11:55:31 +01:00
Chris Smowton
8a90ddefbb Accept test changes
These are mainly moving the source locations and type specialisations in SAM-converted methods.
2022-05-19 11:55:31 +01:00
Chris Smowton
ada31f3075 Distinguish result type parameter names
This makes debugging a little easier.
2022-05-19 11:55:31 +01:00
Chris Smowton
49c9c36daf Type-variable-in-scope consistency query: account for all enclosing elements that declare type parameters. 2022-05-19 11:55:31 +01:00
Chris Smowton
4e15f5f8c7 Fix extracted type arguments of kotlin.jvm.functions.FunctionN
Previously we accidentally extracted an argument type instead of the result type.
2022-05-19 11:55:31 +01:00
Chris Smowton
102cdcdab8 Fix type substitution and source locations in SAM-converted generic interface implementations
For example, in implementing Producer<T> by an actual lambda of type () -> Int, the return type should be Int, not T. This produced type-variable-out-of-scope consistency check failures.
2022-05-19 11:55:31 +01:00
Chris Smowton
048a530aac Type parameter scoping check: distinguish type arguments from type parameters
I had forgotten that the Java QL lib regards a ParameterizedType as either an instantiation Generic<String>, or the unbound declaration Generic<T>.
2022-05-19 11:55:31 +01:00
Chris Smowton
b09b769932 Extract type parameters without substituting their parent functions
Otherwise references to type variables declared on kotlin.Xyz.someFunction can refer to its Java equivalent java.Xyz.someFunction if it has one.
2022-05-19 11:55:31 +01:00
Chris Smowton
d291e0cf10 Fix typeParametersInScope consistency query
The selection of type variables mentioned in a particular class previously didn't work as intended, so the consistency query would always pass.
2022-05-19 11:55:31 +01:00
Paolo Tranquilli
b66f1b27b0 remove pip install mention from README.md
It is not needed any more since pip requirements were coded in bazel.
2022-05-19 12:47:20 +02:00
Anders Schack-Mulligen
651d9d0a44 Java: Ensure cached predicates are in the same stage. 2022-05-19 11:39:41 +02:00
Michael Nebel
22b9ef2e7b Java: Adapt ExternalApi to refactor. 2022-05-19 11:30:36 +02:00
Anders Schack-Mulligen
0e830f6052 C#/Ruby/Java: Fix pragmas. 2022-05-19 11:26:38 +02:00
Michael Nebel
94a72ec051 Java: Refactor SummarizedCallable. 2022-05-19 11:10:58 +02:00
Michael Nebel
73802cbd6d Ruby: Refactor SummarizedCallable. 2022-05-19 11:04:18 +02:00
Michael Nebel
be79f20ef1 C#: Refactor SummarizedCallable. 2022-05-19 11:03:50 +02:00
Stephan Brandauer
b928ca518f update dependency version to 4.7.1-rc 2022-05-19 10:47:08 +02:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp
use string equality instead of regexps to compare constant strings
2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor
C#: Dataflow callable refactoring.
2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen
6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Anders Schack-Mulligen
a4dac9fd2b Merge pull request #9201 from Marcono1234/marcono1234/NumericType-type-qll
Java: Move `NumericType` to `Type.qll`
2022-05-18 10:31:40 +02:00
Rasmus Wriedt Larsen
b54de13d97 Python: Apply suggestions from code review
Co-authored-by: Taus <tausbn@github.com>
2022-05-18 10:30:29 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-05-18 10:26:55 +02:00
Tom Hvitved
5e57e82997 Merge pull request #9191 from hvitved/ruby/taint-tracking-stage
Ruby: Force cached taint tracking predicates to be evaluated in data flow stage
2022-05-18 09:54:38 +02:00
Anders Schack-Mulligen
af7df79289 Autoformat 2022-05-18 09:38:11 +02:00
Anders Schack-Mulligen
a4a004a322 Java: Simplify recursion prevention. 2022-05-18 09:27:55 +02:00
Anders Schack-Mulligen
d4c9fddae3 Java: Use fastTC. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
48ab5b2403 C#/Ruby/Java: Fix references. 2022-05-18 09:27:54 +02:00
Anders Schack-Mulligen
829eb7f7a5 C#/Ruby: Sync FlowSummaryImpl. 2022-05-18 09:27:48 +02:00
Anders Schack-Mulligen
25fda206b2 Java: Prevent accidental recursion through AdditionalValueStep. 2022-05-18 09:25:23 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize
Data flow: Do not materialize `summaryArgParam`
2022-05-18 09:17:57 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field
QL: add unused-field query
2022-05-18 09:15:16 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00
Michael Nebel
4f7297715d C#: Also extract callable from FlowSummary SummarizedCallable in DataFlowCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
3fa990a984 C#: Make sure that all callables with a summary are added to the external SummarizedCallable class. 2022-05-18 07:48:20 +02:00
Michael Nebel
4810419dfd C#: Extend SummarizedCallable from FlowSummaryImpl. 2022-05-18 07:48:20 +02:00
Michael Nebel
eb022118f3 C#: Fix issue in ExternalApi. 2022-05-18 07:48:20 +02:00
Michael Nebel
68055bc022 C#: Update flow summaries test code. 2022-05-18 07:48:20 +02:00
Michael Nebel
c8a7354086 C#: Refactor to align implementation between languages. 2022-05-18 07:48:20 +02:00
Michael Nebel
0d61a2c797 C#: Add QL doc to SummarizedCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
2f2ca18898 C#: Update dependencies. 2022-05-18 07:48:20 +02:00
Michael Nebel
e70a283cfd C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates). 2022-05-18 07:48:19 +02:00
github-actions[bot]
91694b4bac Add changed framework coverage reports 2022-05-18 00:15:25 +00:00
Marcono1234
c53d315697 Java: Move NumericType to Type.qll 2022-05-18 01:40:17 +02:00
Cornelius Riemenschneider
415c3d1c72 Merge pull request #740 from github/criemen/lua-tracing-config
Update Lua tracing config.
2022-05-18 01:03:16 +02:00
Cornelius Riemenschneider
d352253b02 Merge pull request #9187 from github/criemen/lua-tracing-configs
Update Lua tracing configs.
2022-05-18 01:03:15 +02:00
Mathias Vorreiter Pedersen
5d625d6156 Merge pull request #9188 from MathiasVP/fix-GetAPrimaryQlClassConsistency-for-swift 2022-05-17 20:47:24 +01:00
Erik Krogh Kristensen
6c7c9b6a4b Merge pull request #9082 from erik-krogh/countZero
QL: add query warning about `count(...) = 0`.
2022-05-17 21:46:58 +02:00
Mathias Vorreiter Pedersen
a6ac14f4de QL: Allow class + 'Base' in 'ql/primary-ql-class-consistency'. 2022-05-17 16:54:12 +01:00
Paolo Tranquilli
3a46db3f81 Swift: make C++ code generation more self-contained
This is solving a papercut, where the C++ build was relying on the
local dbscheme file to be up-to-date, even if all the information for
building is actually in `schema.yml`. This made a pure C++ development
cycle with changes to `schema.yml` clumsy, as it required a further
dbscheme generation step.

Now for C++ the dbscheme is generated internally in the build files, and
thus a change in `schema.yml` is reflected immediately in the C++ build.

A `swift/codegen` step for checked in generated code (including the
dbscheme) is still required, but a developer can do it just before
running QL tests or committing, instead of during each C++
recompilation.

Some directory reorganization was also carried out, moving specific
generator modules to a new `generators` python package, and only leaving
the two drivers at the top level.
2022-05-17 17:05:16 +02:00
Paolo Tranquilli
fbe7c5be81 Swift: move TBD code to ql
This allows to avoid bypassing label type correcness in the extractor,
and allows to independently resolve TBD extractions, as with this
approach TBD nodes do have the correctly typed trap label. The TBD
status is now a predicate on the QL side.

This requires:
* a default visit using the correct type, which is achieved via macro
  metaprogramming in `VisitorBase.h`, following the way
  `swift::ASTVisitor` is programmed
* a mapping from labels to corresponding binding trap entries. The
  functor is defined in `TrapTagTraits.h` and instantiated in generated
  `TrapEntries.h`
* Binding trap entries for TBD unknown entities must not have any other
  field than the `id` (after all, we are supposed to not extract them
  yet). This is why all unextracted fields in `schema.yml` have been
  commented out, and will be uncommentend when visitors are added
2022-05-17 16:31:10 +02:00
Tony Torralba
53f32f5a97 Merge pull request #9186 from atorralba/atorralba/kotlin-inline-expectations-tests
Kotlin: Add support for InlineExpectationsTest
2022-05-17 15:28:03 +02:00
Cornelius Riemenschneider
3b4d04dcc4 Update Lua tracing config. 2022-05-17 13:18:56 +00:00
Cornelius Riemenschneider
3836d1550a Update Lua tracing configs. 2022-05-17 13:18:28 +00:00
Taus
ea32299ab0 Python: Use API-graph flow for boolean tracking
Introduces a false positive, but arguably that false positive should
have been there with the local flow as well.
2022-05-17 13:14:55 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Taus
ba8d73c2be Python: Use API::CallNode 2022-05-17 12:00:17 +00:00
Geoffrey White
629e90f14b Merge pull request #9176 from geoffw0/xxe9
C++: Clean up the XXE query QL.
2022-05-17 12:40:39 +01:00
Erik Krogh Kristensen
440e6214f0 CPP: correctly escape underscores in calls to .matches() 2022-05-17 13:21:02 +02:00
Erik Krogh Kristensen
e32a04fc06 QL: add use-string-compare query 2022-05-17 13:20:49 +02:00
Tony Torralba
dbf249b199 Accept only EOL comments as Kotlin expectation comments 2022-05-17 13:05:51 +02:00
Tom Hvitved
f1f96b7e5c Ruby: Force cached taint tracking predicates to be evaluated in data flow stage 2022-05-17 12:54:26 +02:00
Tom Hvitved
284357d2a0 Data flow: Do not materialize summaryArgParam 2022-05-17 12:50:01 +02:00
Geoffrey White
246093d375 C++: Move the two implementation imports. 2022-05-17 11:03:21 +01:00
Arthur Baars
fcb3b82bde Merge pull request #9178 from aibaars/update-tree-sitter-ruby
Ruby: update tree-sitter-ruby
2022-05-17 11:47:41 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2
Post-release preparation for codeql-cli-2.9.2
2022-05-17 10:01:37 +01:00
Mathias Vorreiter Pedersen
0b0161f261 Merge pull request #737 from github/post-release-prep/codeql-cli-2.9.2
Post-release preparation for codeql-cli-2.9.2
2022-05-17 10:01:21 +01:00
Tony Torralba
2b6d7bb3d8 Add support for InlineExpectationsTest to Kotlin 2022-05-17 10:55:00 +02:00
Tamás Vajk
3b07fe70a1 Merge pull request #9174 from tamasvajk/kotlin-fix-isUnspecialised
Kotlin: Fix parent class lookup from field initializers in `isUnspecialised`
2022-05-17 10:48:52 +02:00
Erik Krogh Kristensen
7abb7552a7 Merge pull request #9184 from erik-krogh/actionInjection
JS: change @id from js/actions/injection to js/actions/command-injection
2022-05-17 10:24:51 +02:00
Anders Schack-Mulligen
4f5ccfd76c Merge pull request #9181 from Marcono1234/marcono1234/FloatingPointLiteral-rename
Java: Rename `FloatingPointLiteral` to `FloatLiteral`
2022-05-17 10:08:49 +02:00
Tom Hvitved
f2e28c311a Merge pull request #9180 from hvitved/csharp/entity-framework-sql-sinks
C#: Add missing EntityFramework SQL sinks
2022-05-17 09:50:49 +02:00
Erik Krogh Kristensen
2550988006 change @id from js/actions/injection to js/actions/command-injection 2022-05-17 09:25:05 +02:00
Tamás Vajk
350d137b2e Merge pull request #9145 from tamasvajk/kotlin-useless-param
Kotlin: Respect `override` modifier in useless parameter query
2022-05-17 08:43:59 +02:00
Tamás Vajk
fcb3d78eae Merge pull request #9146 from tamasvajk/kotlin-inner-class-static
Kotlin: exclude Kotlin source from 'inner class could be static' check
2022-05-17 08:43:39 +02:00
Tamás Vajk
26553cefc5 Merge pull request #9149 from tamasvajk/kotlin-maybe-null
Kotlin: Exclude operands of `NotNullExpr` from NullMaybe query
2022-05-17 08:43:24 +02:00
Tamás Vajk
d8c22901c9 Merge pull request #9150 from tamasvajk/kotlin-MissingInstanceofInEquals
Kotlin: Add more type check casts to MissingInstanceofInEquals query
2022-05-17 08:43:06 +02:00
Marcono1234
4e1a73f4d9 Java: Rename FloatingPointLiteral to FloatLiteral
"Floating point" refers to both `double` and `float`, and is also used by
the JLS in this way. Therefore the old CodeQL class name for `float` literals
was misleading.
2022-05-16 22:06:04 +02:00
Tom Hvitved
15449b701f C#: Add missing EntityFramework SQL sinks 2022-05-16 20:57:40 +02:00
Arthur Baars
05dce09037 Ruby: update tree-sitter-ruby 2022-05-16 19:08:46 +02:00
Geoffrey White
cf932eb21c C++: Repair typo fix from main. 2022-05-16 16:46:14 +01:00
Geoffrey White
7b1cd70300 Merge branch 'main' into xxe9 2022-05-16 16:45:24 +01:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling
QL for QL: generalise non-US spelling query
2022-05-16 16:03:36 +01:00
Paolo Tranquilli
9abb3f0066 Merge pull request #9172 from github/redsun82/swift-variant-in-label-store
Swift: replace `getCanonicalPointer` with `std::variant`
2022-05-16 16:21:47 +02:00
Paolo Tranquilli
16e3b5bfc4 Swift: make monostate explicit 2022-05-16 15:51:43 +02:00
Erik Krogh Kristensen
23981cb323 Merge pull request #7626 from erik-krogh/CWE-377
JS: add query for detecting insecure temporary files
2022-05-16 15:25:17 +02:00
Tamas Vajk
d4cf877259 Rework parent lookup in isUnspecialised 2022-05-16 14:59:28 +02:00
Geoffrey White
9f3fa1c45d C++: Consistent QLDoc. 2022-05-16 13:48:57 +01:00
Geoffrey White
b4a840e3ef C++: Make the checks happy. 2022-05-16 13:36:41 +01:00
Geoffrey White
9976825234 C++: Slightly more logical layout. 2022-05-16 12:51:04 +01:00
Geoffrey White
19d1578733 C++: Clean up. 2022-05-16 12:49:01 +01:00
Geoffrey White
b332659fcb C++: Split the XXE query into library files. 2022-05-16 12:41:41 +01:00
Geoffrey White
0ffd0b23ca C++: Create an XmlLibrary class to clean up the code in XXE.ql. 2022-05-16 12:17:20 +01:00
Tamas Vajk
8ebdaf1fc2 Kotlin: Fix parent class lookup from field initializers 2022-05-16 12:14:28 +02:00
Tamas Vajk
de133e80a9 Kotlin: add diagnostic test for 'Unexpected specialised instance of generic anonymous class' 2022-05-16 12:13:33 +02:00
Tom Hvitved
a9f6d203cd Merge pull request #8971 from aibaars/safe-nagivation
Ruby: add safe navigation operator
2022-05-16 10:53:56 +02:00
Tamas Vajk
47ec38c35a Kotlin: Exclude Kotlin files altogether from NullMaybe query 2022-05-16 10:52:20 +02:00
Mathias Vorreiter Pedersen
cee7aed81f Merge pull request #9142 from geoffw0/xxe8
C++: Fixes some typos and increases the XXE query precision.
2022-05-16 09:45:33 +01:00
Anders Schack-Mulligen
83f817ca45 Merge pull request #9134 from aschackmull/dataflow/perf-std-order
Dataflow: Improve standard order through easier type check elimination.
2022-05-16 10:05:17 +02:00
Paolo Tranquilli
1b9dcac2dd Swift: replace getCanonicalPointer with std::variant
This turned out easier than expected previously. `llvm::PointerUnion`
was also considered, which would have less memory footprint, but it
would require more effort as it is lacking the same implicit conversions
and operators that `std::variant` provides.

Also renamed `ToTag<E>` to `TrapTagOf<E>` and introduced a derived
convenience functor `TrapLabelOf<E>`.
2022-05-16 09:59:36 +02:00
Tamás Vajk
f7d2b2767c Merge pull request #9151 from tamasvajk/kotlin-comments-variables-1
Kotlin: Handle variables as comment owners
2022-05-16 09:32:19 +02:00
Tony Torralba
616b12d011 Merge pull request #8956 from atorralba/atorralba/intent-redirection-sanitizer-fix
Java: Fix Intent Redirection sanitizer
2022-05-16 09:21:04 +02:00
thibaut hansmann
e150a39fa0 C/C++ : fix name of cpp file + fix autoformat 2022-05-15 14:27:46 +02:00
Chris Smowton
ae83190629 Merge pull request #9164 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-05-14 08:44:37 +01:00
github-actions[bot]
1d39726604 Add changed framework coverage reports 2022-05-14 00:19:04 +00:00
Chris Smowton
77461f7ad6 Merge pull request #730 from owen-mc/bugfix/build/go-mod-tidy
Run `go mod tidy -e` before building
2022-05-13 19:40:05 +01:00
Chris Smowton
32e294955a Merge pull request #734 from cokeBeer/main
fix https://github.com/github/codeql/issues/9097
2022-05-13 19:38:55 +01:00
Chris Smowton
07c2f6e514 Merge pull request #9155 from smowton/smowton/fix/field-initializer-flow
Kotlin: Fix initializer field flow by extracting field finality
2022-05-13 18:41:55 +01:00
Chris Smowton
305ddb2169 Accept test changes 2022-05-13 17:44:26 +01:00
Chris Smowton
fbdd5a13c5 Autoformat 2022-05-13 17:40:58 +01:00
Chris Smowton
c76a774e35 Accept test changes 2022-05-13 17:40:58 +01:00
Chris Smowton
498d3700bd Update java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-05-13 17:40:58 +01:00
Chris Smowton
81baca2c17 Fix initializer field flow by extracting field finality 2022-05-13 17:40:58 +01:00
Chris Smowton
2930bd4cc2 Only attempt go.mod updating if go >= 1.16
Prior to this (a) Go will attempt to update go.mod/sum anyhow, and (b) the `mod tidy -e` option isn't available.
2022-05-13 17:32:00 +01:00
AlexDenisov
eacb9f1dba Merge pull request #9144 from github/alexdenisov/introduce-visitors
Swift: Introduce visitors
2022-05-13 17:57:47 +02:00
cokeBeer
7f21c0c3b7 fix format 2022-05-13 23:36:50 +08:00
Ian Lynagh
7ef9a19085 Merge pull request #9131 from github/igfoo/capture_output
Kotlin: Don't use capture_output or text
2022-05-13 15:59:14 +01:00
Tony Torralba
168a184602 Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs
Java: Sensitive Info Log query improvements
2022-05-13 16:57:32 +02:00
Alex Denisov
1b75034634 Swift: simplify CRTP monkey-patching 2022-05-13 16:54:15 +02:00
Alex Denisov
f857cd11c4 Swift: add comments about SwiftDispatcher lifetime 2022-05-13 16:47:45 +02:00
Ian Lynagh
153fd3a221 Kotlin: Fix diagnostics test 2022-05-13 15:36:30 +01:00
Ian Lynagh
98b0463e09 Kotlin: Accept test output 2022-05-13 15:36:30 +01:00
Ian Lynagh
b94597568a Kotlin: Write the log file as Line-delimited JSON 2022-05-13 15:36:30 +01:00
Ian Lynagh
3ae5e1a5f7 Kotlin: Add a LogMessage class 2022-05-13 15:36:30 +01:00
Alex Denisov
acbe9ff9f9 Swift: introduce visitors 2022-05-13 16:26:41 +02:00
AlexDenisov
4e9706470d Merge pull request #9112 from AlexDenisov/alexdenisov/introduce-dispatcher
Swift: introduce dispatcher
2022-05-13 16:26:26 +02:00
Alex Denisov
43199fa723 Swift: clarify getCanonicalPointer 2022-05-13 16:14:16 +02:00
Alex Denisov
35467bc252 Swift: rely on llvm::sys::fs::real_path to get absolute path 2022-05-13 16:13:30 +02:00
cokeBeer
aa2d4450ad add v1modulePath() 2022-05-13 21:24:58 +08:00
cokeBeer
75f2edd220 add v2modulePath() 2022-05-13 21:22:23 +08:00
cokeBeer
808dde2fc1 add v2modulePath() 2022-05-13 21:21:16 +08:00
Alex Denisov
043b1b9c4a Swift: resolve symlinks 2022-05-13 15:20:30 +02:00
Alex Denisov
d7f4c6fb0b Swift: add a comment about lifetime 2022-05-13 15:20:30 +02:00
Alex Denisov
c92576690f Swift: change the return types of getCanonicalPointer 2022-05-13 15:20:30 +02:00
Alex Denisov
2f00945a23 Swift: change the return types of getCanonicalPointer 2022-05-13 15:20:30 +02:00
Alex Denisov
039aaec6b7 Swift: make TrapLabelStore store untyped label internally 2022-05-13 15:20:30 +02:00
Alex Denisov
e584afb895 Swift: fix format 2022-05-13 15:20:30 +02:00
Alex Denisov
7b9f88637e Swift: describe TrapTagTraits API and implementation 2022-05-13 15:20:30 +02:00
Alex Denisov
efa4565af2 Swift: move generated code to generated directory 2022-05-13 15:20:29 +02:00
Tony Torralba
b9f3b3bd37 Apply code review suggestion 2022-05-13 15:09:06 +02:00
cokeBeer
252b19063e Merge branch 'github:main' into main 2022-05-13 20:23:24 +08:00
Tamas Vajk
ef08554adb Fix extraction of reflective call generated by Parcelize 2022-05-13 14:01:37 +02:00
Tamas Vajk
7376ec5d42 Handle variables as comment owners 2022-05-13 13:58:06 +02:00
Tamas Vajk
7d5844a9a4 Kotlin: Add more type check casts to MissingInstanceofInEquals query 2022-05-13 13:52:52 +02:00
Tamas Vajk
e2efef7bd7 Kotlin: Add more type check tests for MissingInstanceofInEquals query 2022-05-13 13:50:59 +02:00
Paolo Tranquilli
f52119dc81 Merge branch 'main' into alexdenisov/introduce-dispatcher 2022-05-13 13:44:01 +02:00
Tamas Vajk
c2a8965c90 Kotlin: Exclude operands of NotNullExpr from NullMaybe query 2022-05-13 13:42:10 +02:00
Tamas Vajk
e5d78687aa Kotlin: Add test for NullMaybe query 2022-05-13 13:41:25 +02:00
Paolo Tranquilli
d531631a3a Merge pull request #9147 from github/redsun82/swift-codegen-artifacts
Swift: publish C++ generated code as artifacts
2022-05-13 13:36:25 +02:00
Paolo Tranquilli
ccc77fa4a6 Merge branch 'main' into alexdenisov/introduce-dispatcher 2022-05-13 13:23:21 +02:00
Ian Lynagh
624cd41bd5 Merge pull request #9136 from igfoo/igfoo/qldoc
Kotlin: QLDoc tweaks from intrigus
2022-05-13 12:17:28 +01:00
Chris Smowton
7daba0bf55 Merge pull request #9122 from smowton/smowton/admin/update-kotlin
Kotlin: Apply changes since https://github.com/github/codeql/pull/9109 branched away from kotlin-main
2022-05-13 12:00:03 +01:00
Chris Smowton
e91a51aae6 Merge pull request #9113 from github/smowton/admin/claim-golang-support
Claim Go 1.18 support
2022-05-13 11:58:53 +01:00
Paolo Tranquilli
7a8ab7d2f5 Swift: merge generated headers into one artifact 2022-05-13 12:25:48 +02:00
Paolo Tranquilli
8cb9fd7eec Swift: publish C++ generated code as artifacts 2022-05-13 11:48:27 +02:00
Chris Smowton
211580e608 Merge pull request #738 from hvitved/xml-dbscheme-files-folders
Drop redundant columns from `files` and `folders` relations in `xml.dbscheme`
2022-05-13 10:35:45 +01:00
Tamas Vajk
631ba8adcf Kotlin: exclude Kotlin source from 'inner class could be static' check 2022-05-13 11:20:28 +02:00
Tamas Vajk
cd17e2eb28 Kotlin: add potentially static inner class test 2022-05-13 11:19:29 +02:00
Tamas Vajk
5ce2573cc1 Kotlin: Respect override modifier in useless parameter query 2022-05-13 11:08:35 +02:00
Tamas Vajk
6af4b74528 Kotlin: add useless parameter test for generic override 2022-05-13 11:07:22 +02:00
Tony Torralba
39fd1b48fc Merge pull request #9143 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-05-13 09:37:29 +02:00
github-actions[bot]
05070fb6c4 Add changed framework coverage reports 2022-05-13 00:19:40 +00:00
Chris Smowton
5ec9390482 Autoformat 2022-05-12 22:37:54 +01:00
Chris Smowton
63dadd88aa Revert "Identify data classes during extraction"
This reverts commit a61ba65c9f2182a578a7f4dbdb1c1657197f16cd, pending
adding a proper upgrade script for the DB change.
2022-05-12 22:37:30 +01:00
Tony Torralba
e3c2656ef1 Update java/ql/lib/semmle/code/java/frameworks/KotlinStdLib.qll 2022-05-12 22:37:06 +01:00
Tamas Vajk
cc92c6517b Fix labels of extension function parameters 2022-05-12 22:37:06 +01:00
Tamas Vajk
a0f4960e31 Add test case for extension function called from java 2022-05-12 22:37:06 +01:00
Tamas Vajk
ccaafd74f3 Fix declaring type of companion field 2022-05-12 22:37:06 +01:00
Tamas Vajk
a8cf0383cf Add test for companion field declaring type 2022-05-12 22:37:06 +01:00
Tamas Vajk
8b1a7c845c Fix return type of <clinit> methods 2022-05-12 22:37:06 +01:00
Tamas Vajk
de003fd122 Add test for return type of <clinit> methods 2022-05-12 22:37:06 +01:00
Tamas Vajk
b0ee557a51 Fix expected test files 2022-05-12 22:37:06 +01:00
Tamas Vajk
59581439dd Fix colliding property accessor and function names 2022-05-12 22:37:06 +01:00
Tamas Vajk
a51c2c496f Add test with colliding property accessor and function names 2022-05-12 22:37:06 +01:00
Tamas Vajk
857a74cf14 Adjust class label generation to handle classes in field initializers 2022-05-12 22:37:06 +01:00
Tamas Vajk
394ec56d9d Add test case for local class declaration in field initializer 2022-05-12 22:37:06 +01:00
Chris Smowton
4ceb2f13c4 Add test 2022-05-12 22:37:06 +01:00
Chris Smowton
2600dcd182 Fix extracting type accesses relating to proprerty getters/setters and SAM-converted methods
These should be handled the same as regular methods: extract type accesses for parameters and methods only if we're extracting "from source", i.e. at some point we're descended from extractFileContents.
2022-05-12 22:37:06 +01:00
Chris Smowton
301fa11450 Only extract parameter and method type-accesses once
Previously we extracted them whenever something was non-external, but this led to re-extraction when an instance of a generic type defined in source was extracted multiple times.
2022-05-12 22:37:06 +01:00
Chris Smowton
8d970a3cbd Don't extract private members of instantiated or external classes
This is both consistent with the Java extractor's behaviour, and prevents us from trying to refer to anonymous types (e.g. anonymous objects that directly initialize properties) out of scope.
2022-05-12 22:37:06 +01:00
Tamas Vajk
fbae0f5053 Revert dataflow changes, extract actual iterator function 2022-05-12 22:37:06 +01:00
Tamas Vajk
538e05995a Fix dataflow for kotlin.Array.iterator() 2022-05-12 22:37:03 +01:00
Tamas Vajk
776322bac2 Add foreach dataflow tests 2022-05-12 22:36:28 +01:00
Chris Smowton
7e17074b41 Allow arithmetic functions not mapping to Java equivalents 2022-05-12 22:36:28 +01:00
Chris Smowton
b1849f5f0a Expand error message 2022-05-12 22:36:28 +01:00
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
16af811b69 Allow imprecise matching for Kotlin -> Java method translation
This allows the particular case of Collection.toArray(IntFunction<T>) to match, since both Java and Kotlin functions take an IntFunction<T> but they use different function-local type variables.

This would also allow toArray(Array<T>) to work similarly.
2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
71d2e7be3e Don't replace own callables, and use a more exact replacement-finding test 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Chris Smowton
12e3401ae0 Map special getters onto their correct JVM names
These include Collection.size() for example, which has a Kotlin property called `size` but whose getter is not named `getSize()`.

These would normally be accounted for using `@JvmName`, but some core methods are lowered by a special compiler pass instead.
2022-05-12 22:36:27 +01:00
Chris Smowton
cb6941d212 Account for JVM type equivalency when recognising unspecialised types
(As before, these are not really unspecialised, they are instantiated by their own type parameters, but this replicates the behaviour of the Java extractor)
2022-05-12 22:36:27 +01:00
github-actions[bot]
11c95c576e Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:57 +00:00
Tom Hvitved
e68a727f9a Drop redundant columns from files and folders relations in xml.dbscheme 2022-05-12 20:21:48 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Geoffrey White
776857e08b C++: Change note. 2022-05-12 18:26:32 +01:00
Geoffrey White
7a35a346dc C++: Increase query precision to 'high'. 2022-05-12 17:46:16 +01:00
Geoffrey White
0ad6289618 C++: Fix typos. 2022-05-12 16:32:20 +01:00
Nick Rolfe
6c52831143 Java: sync spelling correction in shared qll 2022-05-12 16:11:29 +01:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
320b6a1942 QL for QL: don't check spelling of deprecated nodes 2022-05-12 16:07:17 +01:00
Nick Rolfe
70666f6351 QL for QL: fix typos in comments 2022-05-12 16:03:39 +01:00
Nick Rolfe
8caad12011 Ruby: fix typos in comments 2022-05-12 16:02:20 +01:00
Nick Rolfe
2efa38aaa6 Python: fix typos in comments 2022-05-12 16:02:20 +01:00
Nick Rolfe
2ed42c327c JS: fix typos in comments 2022-05-12 16:02:19 +01:00
Mathias Vorreiter Pedersen
39551fd84d Merge pull request #9114 from geoffw0/xxe7
C++: Repair support for createLSParser in the CWE-611 XXE query.
2022-05-12 15:47:53 +01:00
Jeroen Ketema
941485d66f Merge pull request #9130 from jketema/cpp17-init
C++: Handle C++17 if and switch initializers
2022-05-12 16:37:44 +02:00
Harry Maclean
64206a1c29 Ruby: Add getAPrimaryQlClass to CfgNodes classes 2022-05-12 15:32:36 +01:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden
Data flow: Add `Configuration::includeHiddenNodes()`
2022-05-12 15:36:12 +02:00
Geoffrey White
df30d2286c Merge branch 'main' into xxe7 2022-05-12 14:35:16 +01:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Nick Rolfe
a50601c367 C#: fix typos in comments 2022-05-12 14:28:40 +01:00
Nick Rolfe
76cf8d1659 C++: fix typos in comments 2022-05-12 14:28:26 +01:00
Nick Rolfe
844eef173c QL for QL: add predicate for other typos not in the shared typo db 2022-05-12 14:25:39 +01:00
Ian Lynagh
75ca116ef9 Kotlin: QLDoc tweaks from intrigus 2022-05-12 14:12:01 +01:00
Jeroen Ketema
723f3b09fe C++: Address review comments 2022-05-12 15:09:06 +02:00
Ian Lynagh
02101fab6a Kotlin: Don't use capture_output or text
Older python versions don't support them
2022-05-12 14:08:19 +01:00
Taus
a0f8e2f0b1 Python: Modernise py/jinja2/autoescape-false
A simple rewrite to use API graphs instead.

The handling of falsy values is potentially a bit more restrictive now,
as it only accounts for local flow. We should probably figure out a
better way of capturing this pattern, but I felt that this was out of
scope for the present PR.
2022-05-12 12:55:42 +00:00
Erik Krogh Kristensen
762f7bf7fe Merge pull request #9115 from erik-krogh/fileAndFolder
JS: resolve main module when there is a folder with the same name as the main file
2022-05-12 14:55:28 +02:00
Jeroen Ketema
72823e9576 Apply suggestions from code review
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-05-12 14:54:43 +02:00
Taus
e8b7262712 Merge pull request #9133 from tausbn/devcontainer-install-test-extension-dependencies
Devcontainer: Install test dependencies
2022-05-12 14:51:18 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos
Java: Add ReDoS queries
2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions
JS: promote `js/actions/injection` out of experimental
2022-05-12 14:38:38 +02:00
Anders Schack-Mulligen
adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00
Nick Rolfe
6058352fb0 QL for QL: add small test for misspelling query 2022-05-12 13:17:32 +01:00
Nick Rolfe
4321b5e1fa QL for QL: generalise non-US spelling query
1. Catch common misspelling as well.
2. Also check names of classes, predicates, etc.
2022-05-12 13:17:32 +01:00
Taus
12b34bcf04 Devcontainer: Install test dependencies
These _should_ get installed automatically if missing, by in my
experience this can be a bit flaky. Installing theme here should make
this a bit more robust.
2022-05-12 12:17:04 +00:00
Rasmus Wriedt Larsen
7cd51d6147 Merge pull request #9126 from RasmusWL/moduleimport-with-dots
Python: Fully disallow `API::moduleImport` of module with dots
2022-05-12 14:16:25 +02:00
Alex Denisov
d0e2e2bec8 Swift: introduce SwiftDispatcher 2022-05-12 14:09:44 +02:00
Alex Denisov
8f8ece63e7 Swift: add extractor test for declarations 2022-05-12 14:09:44 +02:00
Alex Denisov
cfd242e489 Swift: add human readable string representation for Location and UnkownAstNode 2022-05-12 14:09:44 +02:00
AlexDenisov
dd900e622c Merge pull request #9107 from redsun82/swift-arena
Swift: `TrapOutput`
2022-05-12 14:09:18 +02:00
Mathias Vorreiter Pedersen
b13123e66e Merge pull request #9128 from github/release-prep/2.9.2
Release preparation for version 2.9.2
2022-05-12 13:04:08 +01:00
Mathias Vorreiter Pedersen
3423729f4c Merge pull request #736 from github/release-prep/2.9.2
Release preparation for version 2.9.2
2022-05-12 12:55:44 +01:00
Rasmus Wriedt Larsen
795adf0566 Python: Fix API::moduleImport("foo.bar") 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen
3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
2022-05-12 13:29:16 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes
Fix non-US spellings and the corresponding query
2022-05-12 12:29:14 +01:00
Erik Krogh Kristensen
fef4455ccc apply suggestion from doc review
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
2022-05-12 13:28:45 +02:00
Jeroen Ketema
e23e5e5b12 C++: Add change notes for C++17 if and switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
894380d701 C++: Update stats file 2022-05-12 12:56:50 +02:00
Jeroen Ketema
97bba115da C++: Add upgrade and downgrade script 2022-05-12 12:56:50 +02:00
Jeroen Ketema
71c019e126 C++: Handle C++17 switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
ebbd9c5b90 C++: Handle C++17 if initializers 2022-05-12 12:56:50 +02:00
Mathias Vorreiter Pedersen
46f237efcb Update ruby/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:47:26 +01:00
Mathias Vorreiter Pedersen
103c589c1d Update python/ql/lib/change-notes/released/0.3.0.md 2022-05-12 11:47:19 +01:00
Mathias Vorreiter Pedersen
7b8c3bdcf9 Update ruby/ql/lib/CHANGELOG.md 2022-05-12 11:47:13 +01:00
Mathias Vorreiter Pedersen
499878a44d Update python/ql/lib/CHANGELOG.md 2022-05-12 11:47:08 +01:00
Mathias Vorreiter Pedersen
f76d52407d Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:47:01 +01:00
Mathias Vorreiter Pedersen
1143b48338 Update java/ql/lib/CHANGELOG.md 2022-05-12 11:46:53 +01:00
Mathias Vorreiter Pedersen
55ce069e30 Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:43:55 +01:00
Mathias Vorreiter Pedersen
43265c4133 Update python/ql/lib/change-notes/released/0.3.0.md 2022-05-12 11:43:39 +01:00
Mathias Vorreiter Pedersen
b069d1bd17 Update python/ql/lib/CHANGELOG.md 2022-05-12 11:43:33 +01:00
Mathias Vorreiter Pedersen
eb3a35eaea Update java/ql/src/change-notes/released/0.1.2.md 2022-05-12 11:43:27 +01:00
Mathias Vorreiter Pedersen
11707f8522 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:19 +01:00
Mathias Vorreiter Pedersen
2ef976a152 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:08 +01:00
Mathias Vorreiter Pedersen
22bdde6eaa Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:43:01 +01:00
Mathias Vorreiter Pedersen
e9e8f3810b Update java/ql/lib/CHANGELOG.md 2022-05-12 11:41:20 +01:00
Mathias Vorreiter Pedersen
1f7eefe95c Update java/ql/lib/CHANGELOG.md 2022-05-12 11:41:13 +01:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
github-actions[bot]
edbd5dd77a Release preparation for version 2.9.2 2022-05-12 10:17:26 +00:00
Tony Torralba
f0a0ac100b Add live literals as sanitizers for sensitive logging 2022-05-12 11:57:44 +02:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens
Ruby: Introduce `With(out)Element` MaD input tokens
2022-05-12 11:49:51 +02:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info
Require variables to be static to be considered constants
2022-05-12 11:46:52 +02:00
Nick Rolfe
12a43b6fae C++: fix another use of AnalysedString 2022-05-12 10:38:13 +01:00
Harry Maclean
e8972b814f Merge pull request #8635 from hmac/hmac/io-popen
Ruby: Model IO.popen
2022-05-12 21:17:55 +12:00
Nick Rolfe
a86b5a1586 C++: fix changenote formatting 2022-05-12 09:26:30 +01:00
Erik Krogh Kristensen
9050f9999c recognize functions that return object of methods as library input 2022-05-12 09:56:19 +02:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes
Kotlin: Fix some alerts
2022-05-12 08:29:34 +02:00
Erik Krogh Kristensen
b1e8b3332c resolve main module when there is a folder with the same name as the main file 2022-05-12 08:20:30 +02:00
Erik Krogh Kristensen
6014614a31 Merge pull request #9103 from erik-krogh/nextParam
JS: add support for typed NextJS route-handlers
2022-05-12 08:18:26 +02:00
cokeBeer
ebcb040050 update fix 2022-05-12 09:53:49 +08:00
cokeBeer
c70358033d update fix 2022-05-12 09:31:35 +08:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security
Java: tolerate `cookie.setSecure(request.isSecure())`
2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf
Dataflow: Performance fixes
2022-05-11 20:41:48 +02:00
Nick Rolfe
7cd6dc1a74 CPP: add changenote for AnalysedString -> AnalyzedString 2022-05-11 18:16:26 +01:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Nick Rolfe
2d246a4034 QL for QL: fix checking spelling of 'analyze' in multi-line comments
`.` does not match a newline in `regexpMatch`, so we were missing some
comments.
2022-05-11 17:43:39 +01:00
Nick Rolfe
0af1976b74 JS: fix typos in qldoc comment 2022-05-11 17:42:43 +01:00
Paolo Tranquilli
ddb567b639 Swift: remove Tag nested alias in TrapLabel 2022-05-11 17:44:00 +02:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge
Initial Kotlin support
2022-05-11 16:16:22 +01:00
Paolo Tranquilli
f1413f29c6 Swift: move back file opening code 2022-05-11 16:53:51 +02:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key
Java: CWE-321 Query to detect hardcoded JWT secret keys
2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry
Java: Tag telemetry queries with `telemetry`
2022-05-11 15:13:35 +01:00
Henry Mercer
a626078423 Merge pull request #9118 from github/henrymercer/csharp/tag-telemetry
C#: Tag telemetry queries with `telemetry`
2022-05-11 15:13:29 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00
Tom Hvitved
884d3b2ff4 Ruby: Introduce With(out)Element MaD input tokens 2022-05-11 15:17:27 +02:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components
Data flow: Introduce 'with/without content' summary components
2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
2022-05-11 14:13:09 +01:00
Rasmus Wriedt Larsen
044829c3bb Python: Add @security-severity to py/pam-auth-bypass
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
2022-05-11 14:57:21 +02:00
Geoffrey White
94e190c63a C++: getClassAndName. 2022-05-11 13:47:51 +01:00
Rasmus Wriedt Larsen
46f309c373 Merge pull request #6360 from jorgectf/jorgectf/python/insecure-cookie
Python: Add cookie security-related queries
2022-05-11 14:47:11 +02:00
Paolo Tranquilli
a46582d7d5 Swift: replace friend in TrapLabel with unsafeCreateFromExplicitId 2022-05-11 14:42:55 +02:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
2022-05-11 13:29:25 +01:00
Henry Mercer
cdd6e0e104 C#: Tag telemetry queries with telemetry
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
2022-05-11 13:27:49 +01:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen
0956d506de Python: Actually promote py/pam-auth-bypass
🤦
2022-05-11 13:44:47 +02:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression
Java: Add `ValueDiscardingExpr`
2022-05-11 13:37:24 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
d9e7d34e03 Merge pull request #735 from github/smowton/admin/generics-change-note
Add change note announcing generics support
2022-05-11 12:06:09 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Paolo Tranquilli
e679612a5a Swift: move most of TrapArena to TrapFile 2022-05-11 12:32:14 +02:00
Chris Smowton
1af0e9b619 Servlets.qll: don't use deprecated library visiblity modifier. 2022-05-11 11:31:14 +01:00
Geoffrey White
f27c2f3031 C++: Fix more capitalization. 2022-05-11 11:27:57 +01:00
Arthur Baars
e1e13b599a Fix CFG 2022-05-11 12:09:17 +02:00
Geoffrey White
00f7453fcb C++: Fix capitalization. 2022-05-11 11:08:03 +01:00
Arthur Baars
d91b1891f1 Add change note 2022-05-11 12:06:08 +02:00
Arthur Baars
dbd9c1859d Add more test cases for &. operator 2022-05-11 12:06:08 +02:00
Arthur Baars
76f806159c Ruby: desugar safe navigation calls 2022-05-11 12:06:08 +02:00
Arthur Baars
c9f7568ca3 Ruby: add Call::isSafeNavigation 2022-05-11 12:06:08 +02:00
Arthur Baars
a47e429945 Merge pull request #8909 from aibaars/tree-sitter-update
Tree sitter update
2022-05-11 12:02:14 +02:00
Geoffrey White
3dddc560a1 C++: Add LSParser specific transformer. 2022-05-11 11:02:01 +01:00
Geoffrey White
e3be7749ea C++: Repair the LSParser sinks. 2022-05-11 11:02:01 +01:00
Geoffrey White
8852043558 C++: Additional test cases. 2022-05-11 11:01:26 +01:00
Rasmus Wriedt Larsen
add6579385 Merge pull request #9022 from RasmusWL/ruby-fix
Ruby: Fix `isLocalSourceNode` implementation
2022-05-11 11:52:44 +02:00
Chris Smowton
72022e65d5 Copyedit 2022-05-11 10:46:16 +01:00
Chris Smowton
7530943e07 Add change note announcing generics support 2022-05-11 10:42:58 +01:00
Rasmus Wriedt Larsen
27b99c51e9 Python: Add placeholder precision for py/insecure-cookie 2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen
a902d3d8f0 Python: Add security-severity for py/insecure-cookie
Matching the Java query
7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)
2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen
84ad45c665 Python: Fix Django import 2022-05-11 11:33:35 +02:00
Paolo Tranquilli
e63d079322 Swift: transfer TrapArena 2022-05-11 11:28:38 +02:00
Chris Smowton
d41da9eabb Claim Go 1.18 support
As of https://github.com/github/codeql-go/pull/686 landing we support extracting generics, dataflow analysis in programs that use generics, etc. Note this hasn't  gone out in a release yet but I would expect it to be in 2.9.2.
2022-05-11 10:26:22 +01:00
Chris Smowton
440b3118cb Merge pull request #686 from owen-mc/extract-generics
Extract generics
2022-05-11 10:14:58 +01:00
Rasmus Wriedt Larsen
d127d2164a Merge branch 'main' into jorgectf/python/insecure-cookie 2022-05-11 11:13:47 +02:00
Anders Schack-Mulligen
25336df302 Merge pull request #8873 from atorralba/atorralba/android-startactivity-flowstep
Java: Add flow step from startActivity to getIntent
2022-05-11 11:08:08 +02:00
Anders Schack-Mulligen
c217a1e502 Update java/ql/lib/semmle/code/java/Expr.qll 2022-05-11 11:03:13 +02:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs
Java: Add OkHttp and Retrofit models
2022-05-11 10:48:08 +02:00
Arthur Baars
907c3db5ca Address comments
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-05-11 09:59:42 +02:00
Erik Krogh Kristensen
f5329a3d1b PY: fix ql/field-only-used-in-charpred warning 2022-05-11 09:54:55 +02:00
Erik Krogh Kristensen
94a9b3e873 fix all ql/counting-to-zero in some languages 2022-05-11 09:54:53 +02:00
Erik Krogh Kristensen
7149b98bb4 add ql/counting-to-zero 2022-05-11 09:51:56 +02:00
Erik Krogh Kristensen
5e02a76dfd add support for typed NextJS route-handlers 2022-05-11 09:45:34 +02:00
Cornelius Riemenschneider
506e09ef32 Merge pull request #9105 from github/criemen/dotnet-lua-tracing-config
C#: Lua tracing config: Use API function.
2022-05-11 09:28:09 +02:00
cokeBeer
2b51b4206e fix https://github.com/github/codeql/issues/9097 2022-05-11 11:22:23 +08:00
Erik Krogh Kristensen
872b275bd4 Merge pull request #9110 from erik-krogh/qlPackAll
QL: add implicit -all to a query pack to match the CodeQL pack resolution
2022-05-10 23:41:26 +02:00
Erik Krogh Kristensen
a5acaeb59c QL: add implicit -all to a query pack to match the CodeQL pack resolution 2022-05-10 23:25:32 +02:00
Ian Lynagh
b7a0b56e41 Kotlin: Add a this. 2022-05-10 19:51:31 +01:00
Ian Lynagh
8a89251c4f Kotlin: Tweak dbscheme 2022-05-10 19:51:31 +01:00
Ian Lynagh
3662611b04 Kotlin: Fix compilation_finished upgrade script 2022-05-10 19:51:31 +01:00
Ian Lynagh
b5572422df Kotlin: Autoformat 2022-05-10 19:51:31 +01:00
Ian Lynagh
8b809459d9 Kotlin: Remove kotlin branch CI test 2022-05-10 19:51:31 +01:00
Ian Lynagh
ab2946cf10 Kotlin: Add release notes 2022-05-10 19:51:31 +01:00
Ian Lynagh
e1d832c2e9 Upgrades: All old diagnostics are generated by the Java extractor 2022-05-10 19:51:31 +01:00
Tamas Vajk
26dfca8010 Add DB upgrade scripts for diagnostics and compilation_finished 2022-05-10 19:51:31 +01:00
Tony Torralba
a5a31db835 Rename AnyEqualsExpr and AnyNotEqualsExpr 2022-05-10 19:51:31 +01:00
Tony Torralba
0e3db78eba Make GeneratedFileMarker an instance of JavadocElement 2022-05-10 19:51:31 +01:00
Tamas Vajk
4f256d2958 Change LambdaExpr::asMethod to return the big-arity invoke instead of the wrapper 2022-05-10 19:51:31 +01:00
Ian Lynagh
af3bc4f44d Kotlin: Apply review feedback 2022-05-10 19:51:31 +01:00
Ian Lynagh
2e3d2b8e11 Java: Use the Diagnostics class in DiagnosticsReporting.qll
We shouldn't use database types/tables directly in src/
2022-05-10 19:51:31 +01:00
Tamas Vajk
464d13775d Add QL doc for LambdaExpr::isKotlinFunctionN 2022-05-10 19:51:31 +01:00
Ian Lynagh
1151f79eca Kotlin: Apply some review feedback 2022-05-10 19:51:31 +01:00
Ian Lynagh
726a005cc2 Update java/ql/lib/semmle/code/java/Expr.qll
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-05-10 19:51:31 +01:00
Ian Lynagh
1a36b1ab53 Kotlin: Format queries 2022-05-10 19:51:31 +01:00
Ian Lynagh
efe3c0d1ea Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00
Ian Lynagh
653e74d181 Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00
Ian Lynagh
b9be79473a Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00
Ian Lynagh
65afd0d776 Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00
Ian Lynagh
f5c0b0ebfe Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00
Ian Lynagh
e0053cd471 Kotlin: qlformat a query 2022-05-10 19:51:30 +01:00
Ian Lynagh
bfe36558c1 Java/Kotlin: Update stats 2022-05-10 19:51:30 +01:00
Ian Lynagh
43035aef2d Java: Add an upgrade script 2022-05-10 19:51:30 +01:00
Ian Lynagh
4a6c2c2914 Revert "Java: Add an upgrade script"
This reverts commit c964d3262bb344d6c8e55d9bf69ffe2291b2f2cf.
2022-05-10 19:51:30 +01:00
Tamas Vajk
e8b3bf55fa Code quality improvements 2022-05-10 19:51:30 +01:00
Tamas Vajk
749d606f84 Fix expected file of useless null check test 2022-05-10 19:51:30 +01:00
Tamas Vajk
465a85bb8c Explicitly check if a when expression is in the expected &&/|| form 2022-05-10 19:51:30 +01:00
Tamas Vajk
3af8273620 Modify extraction of &&/|| to resugar it from when expression 2022-05-10 19:51:30 +01:00
Tamas Vajk
d33224a058 Add test case for missing CFG successor 2022-05-10 19:51:30 +01:00
Tamas Vajk
b66a3141f6 Extract functions using their name from JvmName annotation 2022-05-10 19:51:30 +01:00
Tamas Vajk
a24753f552 Extract final modifier on local variables 2022-05-10 19:51:30 +01:00
Tamas Vajk
4efb87a7dd Extract enum entry initializers 2022-05-10 19:51:30 +01:00
Ian Lynagh
2647a45239 Kotlin: Fix TypeVariableHidesType performance regression 2022-05-10 19:51:30 +01:00
Tamas Vajk
fc5229a0a5 Extract type access expression for static field access in initializer 2022-05-10 19:51:29 +01:00
Tamas Vajk
c6a75957e9 Fix expected files, fix type access extraction of file level static declarations 2022-05-10 19:51:29 +01:00
Tamas Vajk
1e529b2563 Add missing type access expression for static field accesses 2022-05-10 19:51:29 +01:00
Tamas Vajk
246f228a3b Add static field access test 2022-05-10 19:51:29 +01:00
Tamas Vajk
f43296a157 Extract type access for enum value access 2022-05-10 19:51:29 +01:00
Tamas Vajk
b5c8d29e40 Extract enum field declarations 2022-05-10 19:51:29 +01:00
Tamas Vajk
d6cbcdc847 Extract type access expression for parameter types 2022-05-10 19:51:29 +01:00
Tamas Vajk
f557719fe5 Extract type access expression for function return types 2022-05-10 19:51:29 +01:00
Tamas Vajk
dcac285a99 Add type access tests 2022-05-10 19:51:29 +01:00
Chris Smowton
7ef9420bfd Accept test changes 2022-05-10 19:51:29 +01:00
Chris Smowton
23e3bbea73 Fix: don't treat local classes as unspecialised
This shouldn't matter either way since they can't be subject to external references
2022-05-10 19:51:29 +01:00
Chris Smowton
4477482990 Share a class instance, not just a label 2022-05-10 19:51:29 +01:00
Chris Smowton
11fed0b4f8 Adjust test expectations 2022-05-10 19:51:29 +01:00
Chris Smowton
d63124a761 Extract a generic specialisation using its own type parameters in the same order like an unbound type
This replicates an oddity in the Java extractor that it doesn't differentiate a specialisation Generic<T1, T2, ...> from the unbound type, if T1, T2, ... are Generic's declared type variables occurring in the same order. For example, in `class MyList<T> { void addAll(MyList<T> param) { ... } }`, the type of `param` is an instantiated type, but
gets extracted as an unbound type. This commit can be reverted (except for the improvement to isUnspecialised) if/when that is fixed.
2022-05-10 19:51:29 +01:00
Chris Smowton
f3bd89a5cf Adjust test expectations 2022-05-10 19:51:29 +01:00
Chris Smowton
375199508e Always extract static initializers if a class has static members
This may not be necessary for anonymous objects, but it is certainly unrelated to `init { ... }` blocks.
2022-05-10 19:51:29 +01:00
Chris Smowton
e21a60bb4b Only extract anonymous init blocks in an instance initializer context 2022-05-10 19:51:29 +01:00
Chris Smowton
a317dc4246 Extract field initializers 2022-05-10 19:51:29 +01:00
Chris Smowton
9e8e99f4c3 Add interface-delegate test 2022-05-10 19:51:28 +01:00
Chris Smowton
5219ead4d4 Plugin version selection: fix test polarity and use integer not string comparison
(Otherwise we'll think that 1.6.10 comes before 1.6.9, for example.) This now implements the desired test: pick a version that exactly matches major and minor versions and which is the least patchlevel that is >= the target compiler.
2022-05-10 19:51:28 +01:00
Chris Smowton
d8b163a589 Fix running on patchlevel versions below the highest of that minor version
(For example, picking 1.6.10 to match the host kotlinc when both 1.6.10 and 1.6.20 are available)
2022-05-10 19:51:28 +01:00
Chris Smowton
62f39d7a22 Add test expectation 2022-05-10 19:51:28 +01:00
Chris Smowton
bfe3722018 Extract synthetic coroutine classes 2022-05-10 19:51:28 +01:00
Chris Smowton
a740ead56d Populate files table once per file, per trap file
Otherwise there's a chance the other trap file we're relying upon to populate the files table on our behalf gets overwritten (e.g. superceded by a newer .class file or more appropriate extractor) and we end up with a dangling reference.

This adds only populating the tables when the label is new, to avoid emitting files entries every single time a generic class specialisation is mentioned.
2022-05-10 19:51:28 +01:00
Ian Lynagh
b35b74779a Revert "Fix CFG construction of ExprStmt and StmtExpr"
This reverts commit db8d718cdbf0bef9cdf246221a921b99d4b22bea.

It broke ql/java/ql/test/library-tests/successors/TestDeclarations
2022-05-10 19:51:28 +01:00
Ian Lynagh
d2f6871868 Revert "Fix ExprStmt and StmtExpr in Boolean context"
This reverts commit 8a42837578e1c4361ed25682312ea5497ad0a12e.
2022-05-10 19:51:28 +01:00
Ian Lynagh
3aa25013c8 C#: CastingExpr is no longer needed in the main libraries 2022-05-10 19:51:28 +01:00
Tamas Vajk
82b937dedd Add query and script to plot CFG from DB 2022-05-10 19:51:28 +01:00
Tamas Vajk
037d66de15 Fix ExprStmt and StmtExpr in Boolean context 2022-05-10 19:51:28 +01:00
Ian Lynagh
385691287f C#: Define CastingExpr 2022-05-10 19:51:28 +01:00
Tamas Vajk
8282e57db5 Fix CFG construction of ExprStmt and StmtExpr 2022-05-10 19:51:28 +01:00
Tamas Vajk
81cb81366b Add test case for CFG issue with && in if condition 2022-05-10 19:51:28 +01:00
Tamas Vajk
10ef737a60 Adjust kotlin CI job 2022-05-10 19:51:28 +01:00
Tamas Vajk
953c6fdb7b Fix expected test file 2022-05-10 19:51:28 +01:00
Tamas Vajk
47799ae040 Code quality improvements + add dedicated DeadRefTypes test 2022-05-10 19:51:28 +01:00
Tamas Vajk
cdc7ed0e14 Extract container of adapter function as compiler generated 2022-05-10 19:51:28 +01:00
Tamas Vajk
7f94495601 Add test for adapter function 2022-05-10 19:51:28 +01:00
Tamas Vajk
fc66b73e3b Extract override modifier for lambda and reflection-like constructs 2022-05-10 19:51:28 +01:00
Tamas Vajk
505ccbbcf6 Extract override modifier 2022-05-10 19:51:28 +01:00
Tamas Vajk
92de139805 Add override tests 2022-05-10 19:51:27 +01:00
Tamas Vajk
ca99cb4999 Code quality improvements 2022-05-10 19:51:27 +01:00
Tamas Vajk
22af7f0e89 Remove duplications of locatable and element in the DB scheme 2022-05-10 19:51:27 +01:00
Ian Lynagh
400654d326 Kotlin: Add latest-url to kotlin_plugin_versions.py 2022-05-10 19:51:27 +01:00
Tamas Vajk
6ab86a1f46 Fix expected test files after 1.6.20 upgrade 2022-05-10 19:51:27 +01:00
Tamas Vajk
4e93134225 Add 1.6.20 support 2022-05-10 19:51:27 +01:00
Ian Lynagh
ff35088b49 Java: Add an upgrade script 2022-05-10 19:51:27 +01:00
Ian Lynagh
843310c466 Kotlin: Remove incorrect upgrade 2022-05-10 19:51:27 +01:00
Tamas Vajk
ad11b3e84a Add consistency query to verify we always have qualifier for calls 2022-05-10 19:51:27 +01:00
Tamas Vajk
4f3e89dd49 Fix expected test file 2022-05-10 19:51:27 +01:00
Tamas Vajk
a1842f9f17 Remove ExtensionMethodAccess and revert all dataflow changes 2022-05-10 19:51:27 +01:00
Tamas Vajk
95cb0149a3 Fix data flow through ExtensionMethodAccess 2022-05-10 19:51:27 +01:00
Tamas Vajk
38ab7acf3e Revert "Remove ExtensionMethodAccess to see extension method flows"
This reverts commit 9df4f2074379ba4668054a2a66eaaaaf5cb9b6c8.
2022-05-10 19:51:27 +01:00
Tamas Vajk
a9711b8c88 Remove ExtensionMethodAccess to see extension method flows 2022-05-10 19:51:27 +01:00
Tamas Vajk
6fccbaa93b Add extension method dataflow tests 2022-05-10 19:51:27 +01:00
Ian Lynagh
fac3699a5b Kotlin: Generate stats 2022-05-10 19:51:27 +01:00
Ian Lynagh
19270369c8 Java: Add an upgrade script 2022-05-10 19:51:27 +01:00
Ian Lynagh
c1629530e5 Kotlin: Fix build on Windows 2022-05-10 19:51:27 +01:00
Chris Smowton
de9648e515 Accept test changes
- generics gains extra excluded generic "specialisations" (specifically raw types)
- java_properties stops overwriting the Java extractor's output, which specifically flags isDefConstructor which kotlinc does not
- types naturally gains a lot of new raw types
2022-05-10 19:51:27 +01:00
Chris Smowton
239aab67b6 Populate the files table for generic class instances
This is because different instances might see the code in different locations (e.g., the class file exists in more than one jar) or with no location (seen as a .java file passed to kotlinc).

While I'm there, improve the order of checks and fix a trivial bug in withFileOfClass
2022-05-10 19:51:26 +01:00
Chris Smowton
db9ab22437 Erasure: produce raw types, not unbound types
This affects the trap labels for methods, and therefore consistency with the Java extractor.

TODO: check whether we can unify `erase` and `toRawType` entirely.
2022-05-10 19:51:26 +01:00
Chris Smowton
97d44d9583 Ensure external class extractions without a VirtualFile are lowest priority
Previously by using major version 0 to represent the no-virtual-file case these got highest priority. This meant that a class extracted relating to a .java file seen by the Kotlin compiler, which necessarily lacks a useful source-location, was highest priority. Now that should get overwritten whenever anybody sees it in the form of a .class
file, since this will have version information.

This should in particular eliminate the case where a generic class is extracted with no useful source location (based on .java source), then generic instances are extracted with a useful source location (based on a .class source), but the location isn't in the database.
2022-05-10 19:51:26 +01:00
Tamas Vajk
613d81d231 Extract static modifier and missing type access qualifier for static calls 2022-05-10 19:51:26 +01:00
Ian Lynagh
4cfda638cb Kotlin: Use -Xopt-in=kotlin.RequiresOptIn when compiling 2022-05-10 19:51:26 +01:00
Ian Lynagh
37cf36bc33 Kotlin: useDeclarationParent: Don't use fakeLabel 2022-05-10 19:51:26 +01:00
Ian Lynagh
5c8e0ff49b Kotlin: extractTypeParameter: Don't use fakeLabel 2022-05-10 19:51:26 +01:00
Tamás Vajk
48b6c61fdb Quality improvement: add explicit this in QL
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-05-10 19:51:26 +01:00
Tamas Vajk
e0afaa462e Fix Parameter.getACallArgument for parameters of extension methods 2022-05-10 19:51:26 +01:00
Ian Lynagh
1e8d077522 Kotlin: Fix some warnings 2022-05-10 19:51:26 +01:00
Ian Lynagh
f75e711474 Kotlin: Make the build noisier
We need to capture output for some commands we run during the build,
but this ended up being refactored so that we ate the output for all
commands. This means that we don't see warnings from the compiler.

Now we not only show the output, but we also print what commands we are
running.
2022-05-10 19:51:26 +01:00
Ian Lynagh
05c062da99 Kotlin: Stop useValueDeclaration returning fakeLabel 2022-05-10 19:51:26 +01:00
Ian Lynagh
c5e73cd6df Kotlin: Add TypeResult.cast() 2022-05-10 19:51:26 +01:00
Ian Lynagh
86c31cb2e8 Kotlin: Add Label.cast() 2022-05-10 19:51:26 +01:00
Tamas Vajk
c89f3163f9 Revert PrintAst changes related to wrong locations 2022-05-10 19:51:26 +01:00
Tamas Vajk
026ce2a27a Fix location of parameters in methods of parameterized types 2022-05-10 19:51:26 +01:00
Tamas Vajk
bfcd553c6c Change location of properties inside parameterized types 2022-05-10 19:51:26 +01:00
Tamas Vajk
0726b6410f Change location of methods inside parameterized types 2022-05-10 19:51:26 +01:00
Tamas Vajk
3813e6fc10 Fix expected files 2022-05-10 19:51:26 +01:00
Tamas Vajk
acb310e46a Change parameterized type location to the class file 2022-05-10 19:51:26 +01:00
Tamas Vajk
53f484cd98 Add test for inconsistent generic instantiation locations 2022-05-10 19:51:26 +01:00
Tamas Vajk
49bf53da5d Make extracted file class public and final 2022-05-10 19:51:25 +01:00
Ian Lynagh
77fec17a36 Kotlin: Autoformat QL 2022-05-10 19:51:25 +01:00
Ian Lynagh
c5e3aefe10 Kotlin: Fix build on Mac (Arm)
We were getting:

$ echo foo > bar
$ jar -c -f baz.jar bar
-f : no such file or directory
baz.jar : no such file or directory
K-*��ϳR0�3��r.JM,IM�u�MEX��)h8������y�xk�r�rPYJO�?y_wTbarK���P�e2`wT    META-INF/�`wTYJO�??=META-INF/MANIFEST.My_wT�e2~�barPK��
2022-05-10 19:51:25 +01:00
Ian Lynagh
7c571dd551 Kotlin: Allow decoding errors
If an error happens, we'd rather see /something/ than get a decoding
error.
2022-05-10 19:51:25 +01:00
Ian Lynagh
aed32cd69b C#: Autoformat 2022-05-10 19:51:25 +01:00
Tony Torralba
f8ad93a530 Add test case for local variable in anonymous init
Also fix another instance of the same issue in extractLocalTypeDeclStmt
2022-05-10 19:51:25 +01:00
Tony Torralba
1926bef050 Don't extract static init when the class already contains an anonymous init 2022-05-10 19:51:25 +01:00
Tony Torralba
3920b64d62 Add support for live literals 2022-05-10 19:51:25 +01:00
Tony Torralba
1f812f856c Extract static initializers of inner classes 2022-05-10 19:51:25 +01:00
Tamas Vajk
8c50e857e4 Add comments to clarify JVM type substitution for invoke methods 2022-05-10 19:51:25 +01:00
Tamas Vajk
1317d2d578 Fix DB inconsistencies with KFunction and KFunction::invoke call extraction 2022-05-10 19:51:25 +01:00
Tamas Vajk
0b4cf6ec82 Adjust extractEnclosingClass extraction 2022-05-10 19:51:25 +01:00
Tamas Vajk
44c8249a33 Remove outdated TODO comments 2022-05-10 19:51:25 +01:00
Tamas Vajk
5f729f8131 Merge two implementation of enclosing class extraction 2022-05-10 19:51:25 +01:00
Tamas Vajk
fe9333898f Minor code quality improvements 2022-05-10 19:51:25 +01:00
Tamas Vajk
f12bcc5715 Add dataflow test for property reference being used as lambda 2022-05-10 19:51:25 +01:00
Tamas Vajk
257224aa59 Change base class of property reference classes 2022-05-10 19:51:25 +01:00
Tamas Vajk
cf0be05b44 Add property reference invoke method implementation 2022-05-10 19:51:25 +01:00
Tamas Vajk
abcb367495 Add dataflow tests for lambda-like constructs
This commit adds tests for dataflow involving lambdas, big-arity lambdas, SAM conversions, and function references.
2022-05-10 19:51:25 +01:00
Chris Smowton
aab271d81e Fix extraction of data classes with array members
These use compiler-internal intrinsics at the IR layer, which are later lowered to java.util.Arrays calls. This performs that lowering in the same manner.
2022-05-10 19:51:25 +01:00
Chris Smowton
ae2ca183cc Improve logging when function resolution fails 2022-05-10 19:51:25 +01:00
Ian Lynagh
7dfd99d873 Kotlin: Accept test changes 2022-05-10 19:51:25 +01:00
Ian Lynagh
dbc5e73709 Kotlin: Add a test for annotation classes 2022-05-10 19:51:24 +01:00
Ian Lynagh
34f8d9b9b7 Kotlin: Handle annotation classes
Fixes:

[TYPES_NOT_DISJOINT] Base types @class and @interface are not disjoint. A common value is 225832
    Relevant element: id=225832
        Full ID for 225832: @"class;kotlin.internal.LowPriorityInOverloadResolution"

when Kotlin and Java both see such a class.
2022-05-10 19:51:24 +01:00
Ian Lynagh
b4d04f62b2 Kotlin: Log to the right TRAP file
Diagnostics for external classes were ending up in the source file's
TRAP file, and then breaking because `#compilation` isn't defined.
2022-05-10 19:51:24 +01:00
Tamas Vajk
91b7de42ad Make generated invoke/get/set public
The generated `invoke`/`get`/`set` methods are implementing interface members, so they need to be `public`.
2022-05-10 19:51:24 +01:00
Tamas Vajk
878352f69c Add test for checking generated invoke/get/set visibility 2022-05-10 19:51:24 +01:00
Chris Smowton
61b0efb401 Add test case 2022-05-10 19:51:24 +01:00
Chris Smowton
96908d153d Accept and amend check for anonymous types with type parameters 2022-05-10 19:51:24 +01:00
Chris Smowton
c0f3988aaa Tolerate nullable references to anonymous classes
This also adds a test case illustrating when this can arise
2022-05-10 19:51:24 +01:00
Chris Smowton
8d6ae50d21 Don't try to assign comments to fake overrides 2022-05-10 19:51:24 +01:00
Chris Smowton
613e6b29a9 Don't log every time a type alias is ignored
This is a known TODO; runtime output not required.
2022-05-10 19:51:24 +01:00
Tamas Vajk
5a5d0e15eb Extract calls to big-arity lambda's invoke by converting the artificial invoke to the existing one
Big arity lambda calls in IR look like standard method calls to an `invoke` with N arguments. However, this method doesn't exist in JVM, so instead we need to extract a call to `FunctionN.invoke(Object[])`.
2022-05-10 19:51:24 +01:00
Tamas Vajk
c6bc501207 Fix expected test file 2022-05-10 19:51:24 +01:00
Tamas Vajk
222f2415e2 Fix local function reference extraction 2022-05-10 19:51:24 +01:00
Ian Lynagh
62d9b85b46 Kotlin: This might fix building on Windows 2022-05-10 19:51:24 +01:00
Ian Lynagh
967619f26a Kotlin: Remove non-ascii character 2022-05-10 19:51:24 +01:00
Ian Lynagh
f138ba5246 C#/Kotlin: Sync SignAnalysisCommon.qll 2022-05-10 19:51:24 +01:00
Chris Smowton
9f294d1ecd Adjust more test expectations 2022-05-10 19:51:24 +01:00
Chris Smowton
2ea1a6c1f0 Adjust test expectations
These all just refer to re-adding empty blocks for classes whose constructors have no initializer statements for simplicity's sake.
2022-05-10 19:51:24 +01:00
Chris Smowton
35d213afc0 Extract varargs constructors 2022-05-10 19:51:24 +01:00
Chris Smowton
e24d78ae14 Create instance variable initializer block eagerly
Otherwise when the init block is followed by other constructor statements we can get a gap in a BasicBlock's child sequence due to the child init block never getting created at all.
2022-05-10 19:51:23 +01:00
Chris Smowton
9fd9894f6a Move abbreviation to external-decl extractor; record full signature. 2022-05-10 19:51:23 +01:00
Chris Smowton
1a656af96a Make truncation consistent 2022-05-10 19:51:23 +01:00
Chris Smowton
1b91a35df0 Truncate (but keep unique-ish) the names of very long file declarations 2022-05-10 19:51:23 +01:00
Tamas Vajk
b26044b327 Change extension receiver this access to be a parameter access 2022-05-10 19:51:23 +01:00
Tamas Vajk
21f6867cd4 Add test cases for delegating properties to other properties 2022-05-10 19:51:23 +01:00
Tamas Vajk
2f0ad50c08 Adjust trap file names of external file class declarations 2022-05-10 19:51:23 +01:00
Tamas Vajk
f5383bbc17 Add extension receiver type to function signature in trap file names 2022-05-10 19:51:23 +01:00
Ian Lynagh
61728e6a69 Kotlin: Tweak kotlin_plugin_versions.py 2022-05-10 19:51:23 +01:00
Ian Lynagh
0610917435 Kotlin: Workaround for CI on Windows 2022-05-10 19:51:23 +01:00
Ian Lynagh
ef5950197d Kotlin: Broaden isFake 2022-05-10 19:51:23 +01:00
Ian Lynagh
aee74dd570 Kotlin: Be more consistent in how we deal with "fake" elements 2022-05-10 19:51:23 +01:00
Ian Lynagh
8f85f5552b Kotlin: Accept test changes 2022-05-10 19:51:23 +01:00
Ian Lynagh
1ff6ada955 Kotlin: Tweak logging 2022-05-10 19:51:23 +01:00
Tamas Vajk
d6feb58bfc Fix property references to fake overrides 2022-05-10 19:51:23 +01:00
Tony Torralba
4eb1e3a47b Update ExtensionMethodAccess QLDoc 2022-05-10 19:51:23 +01:00
Tony Torralba
fcb334180d Create ExtensionMethodAccess class 2022-05-10 19:51:23 +01:00
Ian Lynagh
270beecef5 Kotlin: Write diagnostics to the write TRAP file
When a TRAP writer wrote a warning, it was going to the wrong TRAP
file.
2022-05-10 19:51:23 +01:00
Ian Lynagh
62ce28eb68 Kotlin: Populate diagnostic_for 2022-05-10 19:51:23 +01:00
Tamas Vajk
ac3c635fe3 Extract set function for field accessing property references 2022-05-10 19:51:23 +01:00
Tamas Vajk
a6f036d94e Extract property references with only backing field 2022-05-10 19:51:23 +01:00
Tamas Vajk
90ca47a46b Extract local delegated property reference 2022-05-10 19:51:23 +01:00
Ian Lynagh
47d8eb458e Kotlin: Improve top-level error handling 2022-05-10 19:51:23 +01:00
Ian Lynagh
a653054eb3 Kotlin: Make sure the context is empty when it should be 2022-05-10 19:51:23 +01:00
Ian Lynagh
3f4f0e5bec Kotlin: Accept test changes 2022-05-10 19:51:22 +01:00
Ian Lynagh
43a92f60b2 Kotlin: Give context to diagnostics
We now get e.g.

[2022-03-09 13:59:04 K] [ERROR] Diagnostic(com.github.codeql.KotlinUsesExtractor.useSimpleType(KotlinUsesExtractor.kt:505)): Type alias ignored for <root>.Test<kotlin.String>{ <root>.Alias1<kotlin.String> }
  ...while extracting a function at file:///home/ian/code/dev/ql/java/ql/test/kotlin/library-tests/type_aliases/aliases_with_type_parameters.kt:7:1:7:41
  ...while extracting a function if real at file:///home/ian/code/dev/ql/java/ql/test/kotlin/library-tests/type_aliases/aliases_with_type_parameters.kt:7:1:7:41
  ...while extracting a declaration at file:///home/ian/code/dev/ql/java/ql/test/kotlin/library-tests/type_aliases/aliases_with_type_parameters.kt:7:1:7:41
  ...while extracting a file at file:///home/ian/code/dev/ql/java/ql/test/kotlin/library-tests/type_aliases/aliases_with_type_parameters.kt:1:1:8:0
2022-05-10 19:51:22 +01:00
Tamas Vajk
a7e6ec9d02 Add test case for delegated properties initialized through provideDelegate operator 2022-05-10 19:51:22 +01:00
Tamas Vajk
a3992950b1 Add delegated property call tests 2022-05-10 19:51:22 +01:00
Tamas Vajk
126d780f34 Add delegated property declaration test 2022-05-10 19:51:22 +01:00
Tony Torralba
a6326b69dc Update java/ql/lib/config/semmlecode.dbscheme
Apply suggestion by @igfoo

Co-authored-by: Ian Lynagh <igfoo@github.com>
2022-05-10 19:51:22 +01:00
Tony Torralba
64531dd717 Fix AST representation of WhenExpr and WhenBranch 2022-05-10 19:51:22 +01:00
Tony Torralba
4b22e1a378 Extract WhenBranch as Stmt 2022-05-10 19:51:22 +01:00
Tony Torralba
10ab11cdf7 Handle WhenBranch CFG properly 2022-05-10 19:51:22 +01:00
Tony Torralba
5ea3228768 Fix test expectations 2022-05-10 19:51:22 +01:00
Tony Torralba
9735423c79 Fix WhenExpr flow 2022-05-10 19:51:22 +01:00
Tony Torralba
5979981199 Add test for missing WhenExpr flow 2022-05-10 19:51:22 +01:00
Tamas Vajk
d4701d72d9 Add DelegatedProperty QL class and use it in tests 2022-05-10 19:51:22 +01:00
Tamas Vajk
0ba2daf31a Adjust extraction to reuse KtProperty* relations 2022-05-10 19:51:22 +01:00
Tamas Vajk
78b4c9403d Add lazy local delegated property test case 2022-05-10 19:51:22 +01:00
Tamas Vajk
f8343b8cc7 Extract local delegated properties 2022-05-10 19:51:22 +01:00
Chris Smowton
48b99cf55c Don't try to attribute comments to the implicit this parameter. 2022-05-10 19:51:22 +01:00
Chris Smowton
6abb2529f5 Extract a clinit method for Kotlin files 2022-05-10 19:51:22 +01:00
Tamas Vajk
2d0bb43efe Do not extract local function containers as anonymous classes 2022-05-10 19:51:22 +01:00
Tamas Vajk
9597932112 Add test that calls a local function multiple times 2022-05-10 19:51:22 +01:00
Ian Lynagh
ea74803053 Kotlin: Add a comment 2022-05-10 19:51:22 +01:00
Ian Lynagh
44375fe1ae Kotlin: Add LoggerBase to the list of logging classes 2022-05-10 19:51:22 +01:00
Ian Lynagh
79c2ce7f1c Kotlin: Add tags to log messages (WARN, INFO, etc)
Makes it easier to see what's going on
2022-05-10 19:51:21 +01:00
Ian Lynagh
84c7b2310a Kotlin: Catch all Throwables
We want to try to continue even if we hit a stack overflow or an
assertion error.
2022-05-10 19:51:21 +01:00
Chris Smowton
8f929e2498 Avoid recursion through extractFunctionLaterIfExternalFileMember -> useType -> useDeclarationParent 2022-05-10 19:51:21 +01:00
Chris Smowton
1835022c84 Extract external file declarations to individual trap files 2022-05-10 19:51:21 +01:00
Ian Lynagh
2551bb58da Kotlin: Add a test of recursive instantiations
This used to cause a stack overflow
2022-05-10 19:51:21 +01:00
Ian Lynagh
0d79dfc412 Kotlin: Add a test of recursive instantiations
This used to cause a stack overflow
2022-05-10 19:51:21 +01:00
Ian Lynagh
90f7cc1223 Kotlin: Move anonymousTypeMapping and locallyVisibleFunctionLabelMapping
They're now in LabelManager, so they are shared between extractors.
2022-05-10 19:51:21 +01:00
Ian Lynagh
aad9e5601a Kotlin: Keep our own stack of extractor contexts
For now we only use its length, but in the future we might use this to
give more informatino about the cause of warnings.
2022-05-10 19:51:21 +01:00
Ian Lynagh
9c2df20117 Kotlin: When verbose, make with log when it starts and finishes doing something 2022-05-10 19:51:21 +01:00
Ian Lynagh
8b56302644 Kotlin: Add a concept of 'verbosity' 2022-05-10 19:51:21 +01:00
Ian Lynagh
cffcff93a8 Kotlin: Add a log message 2022-05-10 19:51:21 +01:00
Tamas Vajk
57d4d8e2a8 Code quality improvements 2022-05-10 19:51:21 +01:00
Tamas Vajk
7b2b40cc86 Fix type access extraction of nested generic constructor references 2022-05-10 19:51:21 +01:00
Tamas Vajk
46af85621a Add nested generic constructor reference test 2022-05-10 19:51:21 +01:00
Tamas Vajk
5e1ebb2545 Fix generic constructor reference extraction 2022-05-10 19:51:21 +01:00
Tamas Vajk
415fcaf605 Add generic constructor reference test 2022-05-10 19:51:21 +01:00
Tamas Vajk
b228ac4814 Code quality improvements 2022-05-10 19:51:21 +01:00
Tamas Vajk
91409534e2 Unify parameter order in type access extraction functions 2022-05-10 19:51:21 +01:00
Tamas Vajk
a8f595c50a Refactor type access extraction 2022-05-10 19:51:21 +01:00
Tamas Vajk
92e59a3ae1 Add SAM conversion tests 2022-05-10 19:51:21 +01:00
Tamas Vajk
eebfe56c95 Extract more type access expressions 2022-05-10 19:51:21 +01:00
Tamas Vajk
f730aa12b6 Refactor type access extraction for function references and lambdas 2022-05-10 19:51:21 +01:00
Tamas Vajk
a70ade224f Fix (generic) type access extraction for lambdas 2022-05-10 19:51:21 +01:00
Ian Lynagh
a8c94c500e Kotlin: Simplify PrimitiveTypeInfo
Removes a load of argument-passing
2022-05-10 19:51:20 +01:00
Ian Lynagh
0bf1ff9f2f Kotlin: Comments and tweaks in Label 2022-05-10 19:51:20 +01:00
Ian Lynagh
2c5dc42db4 Kotlin: Comments and tweaks to TrapWriter. 2022-05-10 19:51:20 +01:00
Ian Lynagh
b1ebcdd524 Kotlin: Add some warnings 2022-05-10 19:51:20 +01:00
Tamas Vajk
4af12e7c9d Change array.get calls to array indexing in FunctionN.invoke body 2022-05-10 19:51:20 +01:00
Tony Torralba
2da98148dc Add NotNullExpr flow 2022-05-10 19:51:20 +01:00
Tony Torralba
cf5152baa2 Add test for NotNullExpr flow 2022-05-10 19:51:20 +01:00
Tamas Vajk
4e18974889 Fix type access expression extraction for function/property references 2022-05-10 19:51:20 +01:00
Chris Smowton
73c5f8c591 Accept more test changes 2022-05-10 19:51:20 +01:00
Chris Smowton
f513fdce7b Accept test changes 2022-05-10 19:51:20 +01:00
Chris Smowton
dc64b536b3 Ensure that initializers are only printed once in a PrintAst run
Otherwise the output becomes a DAG not a tree. Java achieves the same by omitting all PrintAst of `<obinit>` routines.
2022-05-10 19:51:20 +01:00
Chris Smowton
13cd145a76 Retain Member.getInitializer for Kotlin programs
I opt to identify any syntactic initializer. These are broader in scope than Java's member initializers, which are necessarily context-free, whereas in Kotlin the primary constructor's parameters can be referred to.
2022-05-10 19:51:20 +01:00
Chris Smowton
37543e7a86 Switch to expanding property initializers and init blocks in-place
Pros:
* <obinit> no longer emitted: one less function per class
* Parameters to the primary constructor, if any, are no longer referred to out of scope
* Simple primary constructor `val` and `var` declarations work as expected

Cons:
* If there are multiple secondary constructors, no primary constructor and long init blocks, there could be considerable duplicate extraction of those init blocks. Hopefully this case is very rare.
2022-05-10 19:51:20 +01:00
Ian Lynagh
af7d809b8a Kotlin: Log to a file, not stdout
We shouldn't interfere with a build's stdout
2022-05-10 19:51:20 +01:00
Ian Lynagh
a112e9ab5c Kotlin: Add conditional dumping 2022-05-10 19:51:20 +01:00
Chris Smowton
8d8a2482f1 Accept test changes
These are just ordering changes because the bounds of assignment statements relative to their operands have changed.
2022-05-10 19:51:20 +01:00
Chris Smowton
789fe971e4 Fix locations and enclosing statement/callable for assignments 2022-05-10 19:51:20 +01:00
Ian Lynagh
cc0f5d8700 Kotlin: KotlinExtractorExtension tweaks
Added/fixed a load of comments.
Adjusted some function visibilities.
2022-05-10 19:51:20 +01:00
Tamas Vajk
67be6a18de Fix generic callable bindings inside invoke methods 2022-05-10 19:51:20 +01:00
Tamas Vajk
6742496fe3 Get type arguments for property/function references 2022-05-10 19:51:20 +01:00
Tamas Vajk
4b55dce0e9 Add generic function and property reference test cases 2022-05-10 19:51:20 +01:00
Tamas Vajk
18812c810c Add PropertyRefExpr QL class, change extraction to use it, and add tests 2022-05-10 19:51:19 +01:00
Tamas Vajk
5fea49a3c9 Merge function and property reference extraction logic in helper class 2022-05-10 19:51:19 +01:00
Tamas Vajk
b4b1976bc4 Add get/set method extraction for property references 2022-05-10 19:51:19 +01:00
Tamas Vajk
4ce813a720 Extract anonymous class for property references (class, constructor, call to constructor, optional parameters) 2022-05-10 19:51:19 +01:00
Tamas Vajk
d057530584 Add property reference tests 2022-05-10 19:51:19 +01:00
Chris Smowton
f3b92e7549 Explain why there is no syntheticToRealPropertyMap 2022-05-10 19:51:19 +01:00
Chris Smowton
110a2c7b87 Try our best to fix up the truncated class graph exposed by the Kotlin Android extensions plugin 2022-05-10 19:51:19 +01:00
Chris Smowton
2d1308980a Remove accidentally committed change 2022-05-10 19:51:19 +01:00
Chris Smowton
9671668782 Remove accidentally committed change 2022-05-10 19:51:19 +01:00
Chris Smowton
dbb7b0bbf0 Update control-flow test expectations 2022-05-10 19:51:19 +01:00
Chris Smowton
5fe65ed983 Extract no-when-branch-found calls
These are extracted as "throw new kotlin.NoWhenBranchFoundException();", which is the Java lowering of the intrinsic.

In the process, amend the control-flow graph to let when branches propagate `throw`s outwards, and similarly statement expressions.
2022-05-10 19:51:19 +01:00
Ian Lynagh
d09dff482c Kotlin: Add diagnostics table to the 'trap' test 2022-05-10 19:51:19 +01:00
Ian Lynagh
a512ee7ac1 Kotlin: Extend long-comment test 2022-05-10 19:51:19 +01:00
Ian Lynagh
f8673d86b5 Kotlin: Don't double-escape TRAP strings
The TrapWriter.write* functions are going to escape them for us.
2022-05-10 19:51:19 +01:00
Ian Lynagh
4454ef7f95 Kotlin: Add tests for long comments 2022-05-10 19:51:18 +01:00
Ian Lynagh
9af99c584e Kotlin: Tweak test 2022-05-10 19:51:18 +01:00
Ian Lynagh
dc7f8a6a5a Kotlin: Refactor TrapWriter/Logger
It's now Tpossible for TrapWriter to log warnings. This required a
little juggling to break the dependency loop between the two classes.
2022-05-10 19:51:18 +01:00
Ian Lynagh
1d824a4e2f Kotlin: Add a test for truncated literals 2022-05-10 19:51:18 +01:00
Ian Lynagh
6c19409804 Java/Kotlin: Add Diagnostics.qll 2022-05-10 19:51:18 +01:00
Ian Lynagh
0e689a9d35 Kotlin: Avoid name clash 2022-05-10 19:51:18 +01:00
Chris Smowton
da159d7239 Add test showing assign expressions 2022-05-10 19:51:18 +01:00
Chris Smowton
7cb6e19e44 Extract array update operations
These are of the form arrExpr[indexExpr] op= rhs
2022-05-10 19:51:18 +01:00
Tamas Vajk
d9c72b1c04 Fix changed expected file 2022-05-10 19:51:18 +01:00
Tamas Vajk
ff5bbee75a Change extracted base type of function references 2022-05-10 19:51:18 +01:00
Tamas Vajk
55428c0c3c Update test 2022-05-10 19:51:18 +01:00
Tamas Vajk
42803a161c WIP: add test for reflective calls 2022-05-10 19:51:18 +01:00
Tony Torralba
c4c254587e Add StmtExpr flow 2022-05-10 19:51:18 +01:00
Tony Torralba
b626e80a61 Add test for StmtExpr flow 2022-05-10 19:51:18 +01:00
Chris Smowton
8af0f26411 Extract simple in-place operators
Complex in-place operators (someFieldOrArrayCell += e) get a harder-to-parse lowering which needs to be intercepted at the IrBlock level
2022-05-10 19:51:18 +01:00
Chris Smowton
2fb54de269 Extract ordinary array get and set operations as ArrayAccesses, not calls 2022-05-10 19:51:18 +01:00
Tamas Vajk
387e8db161 Minor code quality improvements 2022-05-10 19:51:18 +01:00
Tamas Vajk
6154c2be18 Change arguments of big arity invoke call 2022-05-10 19:51:18 +01:00
Tamas Vajk
3f2c275e5f Fix functional interface selection 2022-05-10 19:51:18 +01:00
Tamas Vajk
46bd6b096e Add big arity SAM conversion test case 2022-05-10 19:51:18 +01:00
Tamas Vajk
8ab4335562 Add some error handling 2022-05-10 19:51:17 +01:00
Tamas Vajk
a598c7fc0c Rework SAM conversion extraction (handle arbitrary expression that's being converted) 2022-05-10 19:51:17 +01:00
Tamas Vajk
34ae00fa62 Extract SAM lambda conversion 2022-05-10 19:51:17 +01:00
Chris Smowton
377a0f91f0 Add missing times operator 2022-05-10 19:51:17 +01:00
Chris Smowton
96f3ea460f Make varargs extraction more Java-like:
* Extract varargs as if they are ordinary positional arguments
* Adapt the QL that distinguishes varargs from ordinary arguments to account for Kotlin's varargs which can occur in the middle of the arg list
* Add a test checking dataflow through varargs which doesn't work yet due to array-get and array-set not being extracted as IndexExprs
* Extract the special case arrayOf(*x) as a clone call, which is (equivalent to) the Java lowering of that operation
2022-05-10 19:51:17 +01:00
Chris Smowton
7368b49b16 Implement Any?.String using java.lang.String.valueOf
This is how kotlinc does it, and doesn't involve an unchecked null deref like the existing use of Object.toString.
2022-05-10 19:51:17 +01:00
Tamas Vajk
616f20fa52 Handle more cases of qualified this references 2022-05-10 19:51:17 +01:00
Chris Smowton
7fe260c1a2 Convert type-parameter-out-of-scope warning into consistency query
The warning in the extractor is inaccurate due to references to enclosing types' type parameters. A consistency query can check that the type parameter is indeed in scope exploiting broader knowledge of the enclosing types.
2022-05-10 19:51:17 +01:00
Chris Smowton
36356c2937 Make IntelliJ parse block TODO properly 2022-05-10 19:51:17 +01:00
Chris Smowton
2a6afff8ba Remove TODO for method source-declarations
This was resolved when method type arguments were implemented.
2022-05-10 19:51:17 +01:00
Chris Smowton
1ecbf8e84b Clean up and document erase function 2022-05-10 19:51:17 +01:00
Chris Smowton
65f3016a13 Note class-labelling todos resolved
Type arguments: yes outer classes can have arguments; they are appended after the full name.

String concatenation: this used to be worse before this unquoted version of the function existed; I think that's what the comment was complaining about.
2022-05-10 19:51:17 +01:00
Chris Smowton
7389e5d687 Note array type signatures are correctly extracted 2022-05-10 19:51:17 +01:00
Chris Smowton
38ad86f850 Note type substitution TODO done
`getUnquotedClassLabel` uses `useType` on its args to get their labels; consequently they get substituted for Java types as required.
2022-05-10 19:51:17 +01:00
Chris Smowton
d103bf65bd Remove inapplicable TODO re: K<->J type substitution
Turns out the two use cases the TODO worried about are already taken care of: `Unit` is replaced with `void` only in contexts where primitives can be used, and `List` and similar only have incompatible extension methods, which are declared by `CollectionsKt` not `List`. This is likely deliberate to enable the Kotlin <-> Java substitution to be implemented simply by kotlinc.
2022-05-10 19:51:17 +01:00
Chris Smowton
d593185a8c Quieten errors relating to generic type aliases
Turns out type aliases are always substituted by the compiler, with the `IrSimpleType.abbreviation` field indicating what the original alias was if any. Therefore we're already extracting the right types. This commit simply omits extracting a kt_type for a type alias that uses type parameters as this certainly won't work at present because we don't have IrTypes for the type parameters declared by the alias and used in its RHS.
2022-05-10 19:51:17 +01:00
Chris Smowton
1d47ea30eb Remove unused function 2022-05-10 19:51:17 +01:00
Chris Smowton
f6db91f294 Update test expectations 2022-05-10 19:51:17 +01:00
Chris Smowton
7dec3f4835 Use EqualityTest for either value or ref comparions, and ReferenceEqualityTest for strictly ref comparison. 2022-05-10 19:51:17 +01:00
Chris Smowton
f95effcf82 Always extract ValueEQ/NEExpr for Kotlin ==/!=
I introduce AnyEqualsExpr for either reference or value equality and AnyEqualityTest for the same concept including not-equals operators, and use them wherever the written QL clearly doesn't care about the difference between reference and value comparison, typically because it is concerned with testing against null or against a primitive constant.
2022-05-10 19:51:17 +01:00
Chris Smowton
a120fab9f7 Complete implementation of equality tests
- Create a new operator representing an infix value [in]equality test, equivalent to Objects.equals(lhs, rhs)
- Continue to use simple equality where it is clearly possible at the callsite
- Note that ieee754equals is the same as Java's == and != operators
2022-05-10 19:51:17 +01:00
Chris Smowton
b339cf7f2b Restore CI_TOKEN secret 2022-05-10 19:51:16 +01:00
Chris Smowton
658e6f4009 Try no token 2022-05-10 19:51:16 +01:00
Chris Smowton
f870805c0c Create test-kotlin.yml 2022-05-10 19:51:16 +01:00
Ian Lynagh
97793b58cd Kotlin: Tweak diagnostic writing
In particular, we now write full exception information, so we can
diagnose problems.

We were using `warn` to log errors in some cases, and generally using
lower-level functions than necessary. We now use the appropriate
functions. I've lost the distinction between e.g. ErrorHigh and ErrorSevere
in this, but we can add it back if it's important.
2022-05-10 19:51:16 +01:00
Ian Lynagh
48c4438a78 Kotlin: Rename the final warn function to diagnostic 2022-05-10 19:51:16 +01:00
Ian Lynagh
ee9f9bb07e Kotlin: Move a function 2022-05-10 19:51:16 +01:00
Ian Lynagh
79f80e6541 Kotlin: Rename CODEQL_EXTRACTOR_KOTLIN_WARNING_LIMIT to CODEQL_EXTRACTOR_KOTLIN_DIAGNOSTIC_LIMIT 2022-05-10 19:51:16 +01:00
Ian Lynagh
a25b411dd0 Kotlin: Rename "warning" to "diagnostic" a lot 2022-05-10 19:51:16 +01:00
Ian Lynagh
458cb850a7 Kotlin: Accept test changes 2022-05-10 19:51:16 +01:00
Ian Lynagh
9296bf3079 Kotlin: Write extractor name to TRAP file metadata 2022-05-10 19:51:16 +01:00
Chris Smowton
629af664c6 Explicitly specify whether a dispatch or an extension receiver is intended 2022-05-10 19:51:16 +01:00
Chris Smowton
377bd8f2e9 Extract String?.plus as either an AddExpr or a call to an intrinsic
If it is used by the compiler to implement the infix plus operator, resugar it and extract a `+` as Java would. If it is literally called by the user (e.g. `(if (x) then "not null" else null).plus(something)`), then extract a call to the real method Intrinsics.stringPlus (a two-arg static method).
2022-05-10 19:51:16 +01:00
Chris Smowton
93e8d5a2d6 Add tests for mutually-recursive types 2022-05-10 19:51:16 +01:00
Chris Smowton
8bb23651ae Extract type parameter bounds 2022-05-10 19:51:16 +01:00
Tamas Vajk
ec5bc8dad5 Add workaround for unbound symbols (get stub from descriptor) 2022-05-10 19:51:16 +01:00
Tamas Vajk
2965e780cc Add local dataflow test for string templates 2022-05-10 19:51:16 +01:00
Tony Torralba
6bd6097ed1 Add taint step for StringTemplateExpr 2022-05-10 19:51:16 +01:00
Tamas Vajk
b7914ed77b Code quality improvements 2022-05-10 19:51:16 +01:00
Tamas Vajk
695b3a6dbd Add fallback symbol lookup for IrFunctionReference extraction 2022-05-10 19:51:16 +01:00
Tamas Vajk
d495badc1e Rename companion object QL class 2022-05-10 19:51:16 +01:00
Tamas Vajk
535610452f Fix missing newline in DB scheme generator 2022-05-10 19:51:16 +01:00
Chris Smowton
b9d8fe72f0 TRAP formatting: adopt Java's standards
* Encode dates with D"" strings
* Truncate exceedingly long string values
* Note that floats don't require any special handling
2022-05-10 19:51:16 +01:00
Tamas Vajk
4adf5829e4 Fix expected files 2022-05-10 19:51:16 +01:00
Tamas Vajk
9ff9bbe1c5 Fix merge conflict 2022-05-10 19:51:16 +01:00
Tamas Vajk
b4beddf2f9 Introduce cast for <unsafe-coerce> calls 2022-05-10 19:51:15 +01:00
Ian Lynagh
8d754f5129 Kotlin: Fix bug in, and performance of, NullGuards::clearlyNotNullExpr 2022-05-10 19:51:15 +01:00
Ian Lynagh
03c1845053 Kotlin: Add a TODO comment 2022-05-10 19:51:15 +01:00
Ian Lynagh
76ca0b2776 Kotlin: Pull Kotlin type for localvars out into its own table 2022-05-10 19:51:15 +01:00
Ian Lynagh
7862229807 Kotlin: Pull Kotlin type for params out into its own table 2022-05-10 19:51:15 +01:00
Ian Lynagh
dc26abe341 Kotlin: Pull Kotlin type for methods/constrs out into their own tables 2022-05-10 19:51:15 +01:00
Ian Lynagh
ee008773dc Kotlin: Pull Kotlin type for fields out into its own table 2022-05-10 19:51:15 +01:00
Ian Lynagh
0f7f90dd4e Kotlin: Add a consistency query for Kotlin types 2022-05-10 19:51:15 +01:00
Ian Lynagh
86bf126ed8 Kotlin: Pull Kotlin type for expressions out into its own table 2022-05-10 19:51:15 +01:00
Tamas Vajk
cd5555a5dd Extract companion objects from interfaces 2022-05-10 19:51:15 +01:00
Tamas Vajk
53f40a3f31 Do not extract fake properties 2022-05-10 19:51:15 +01:00
Tamas Vajk
5c38b4e84d Extract expression body 2022-05-10 19:51:15 +01:00
Chris Smowton
4d408159aa When extracting a call to an inherited method, substitute the callee's type parameters appropriately. 2022-05-10 19:51:15 +01:00
Chris Smowton
8c9c37ca47 Revert "Kotlin: Extract fake overrides for now"
This reverts commit a1ffa7b66b6bc1a9b6fd93da60e7a16c0dc2fb21.
2022-05-10 19:51:15 +01:00
Ian Lynagh
16a27f5258 Kotlin: Provide a way for tests to cause an exception 2022-05-10 19:51:15 +01:00
Ian Lynagh
89eae2407b Kotlin: Improve error handling
Each compilation, and each file within a cmopilation, now gets a
"result" indicating whether it had recoverable or non-recoverable
errors.
2022-05-10 19:51:15 +01:00
Tamas Vajk
4c68b583de Do not report negative index warning on extension parameters 2022-05-10 19:51:15 +01:00
Ian Lynagh
8d15d0acfb Kotlin: Extract fake overrides for now
When we have Kotlin:

class A {
    fun foo(z: OB<G1, G2>.B<E1, E2>) {
        val foo = z.someFun()
    }
}

and Java:

public class OB<S1, S2> extends OC<F1, F2> {
        public class B<T1, T2> extends OC<F1, F2>.C<D1, D2, T1, T2> {
        }
}

class OC<U1, U2> {
        public class C<X1, X2, Y1, Y2> {
            int someFun() {
                return 5;
            }
        }
}

the `someFun` call is to a fake override, and has 4 type arguments.
If we treat it as calling the real function, then 6 type are expected,
and we get IndexOutOfBoundsException when we try to reorder the
type parameters in orderTypeArgsLeftToRight.

So for now, we just extract the fake overrides, so that we at least
don't crash.
2022-05-10 19:51:15 +01:00
Ian Lynagh
46ccd45833 Kotlin: Add tests for fake overrides 2022-05-10 19:51:15 +01:00
Chris Smowton
fdb1668cff CommentExtractor: use actual file label instead of hopefully correctly guessing its string form 2022-05-10 19:51:15 +01:00
Tamas Vajk
bb7e01988a Change kotlin dependency version from 1.6.0-RC2 to 1.6.10 2022-05-10 19:51:15 +01:00
Chris Smowton
0d90148f3e Prefer the Kotlin extractor's version of trap files 2022-05-10 19:51:15 +01:00
Chris Smowton
69c645a594 Log when a class version can't be read 2022-05-10 19:51:15 +01:00
Tamas Vajk
300719a07a Do not delete temp TRAP files when file level exception is caught 2022-05-10 19:51:14 +01:00
Tamas Vajk
82fe08ea8e Improve exception handling 2022-05-10 19:51:14 +01:00
Tamas Vajk
29f4eb96e1 Handle exceptions on file level 2022-05-10 19:51:14 +01:00
Ian Lynagh
468a911f83 Kotlin: Use with in a number more cases 2022-05-10 19:51:14 +01:00
Ian Lynagh
f985671d7f Kotlin: Make with an inline function 2022-05-10 19:51:14 +01:00
Ian Lynagh
3cc79f8b56 Kotlin: 'with' PoC 2022-05-10 19:51:14 +01:00
Ian Lynagh
2868644d36 Kotlin: Remove some code marked 'delete' 2022-05-10 19:51:14 +01:00
Ian Lynagh
4cf88e1a8d Kotlin: Remove some comments
These are now in Kotlin #38
2022-05-10 19:51:14 +01:00
Ian Lynagh
c62ad4b802 Kotlin: Pass dependencyCollector when making a new KotlinFileExtractor
I think this only wasn't done previously because it used to make a
KotlinSourceFileExtractor.
2022-05-10 19:51:14 +01:00
Ian Lynagh
5f176beb09 Kotlin: Refactoring: Use a more idiomatic way to prepend to a list 2022-05-10 19:51:14 +01:00
Ian Lynagh
8d2221ea60 Kotlin: getFunctionLabel: Add comments 2022-05-10 19:51:14 +01:00
Ian Lynagh
d1a0a9668f Kotlin: Remove a default argument
It was only defaulted in one case, and it's probably clearer to be
explicit.
2022-05-10 19:51:14 +01:00
Ian Lynagh
c125c1a698 Kotlin: getFunctionLabel: Make parentId be nullable
This allows us to simplify the set of functions.
2022-05-10 19:51:14 +01:00
Ian Lynagh
dd51141029 Kotlin: Use variable names more consistently 2022-05-10 19:51:14 +01:00
Ian Lynagh
2f8ede2ae5 Kotlin: Fix a variable shadowing warning 2022-05-10 19:51:14 +01:00
Ian Lynagh
72a6bfe7db Kotlin: getFunctionLabel: Small refactoring
We now pass the IrDeclarationParent of the function to the final
getFunctionLabel function, and that takes care of finding the
enclosing class.
2022-05-10 19:51:14 +01:00
Chris Smowton
27b0d579d0 Add compilation-units test 2022-05-10 19:51:14 +01:00
Chris Smowton
7a756e3be9 Extract compilation-unit package and location for class files 2022-05-10 19:51:14 +01:00
Chris Smowton
024f8c651e Accept test changes 2022-05-10 19:51:14 +01:00
Chris Smowton
863037ec41 Always extract methods of user-class supertypes
This matches the Java extractor's behaviour. Also if we re-visit a class to extract its members, revisit its supertypes to extract their members too.
2022-05-10 19:51:14 +01:00
Tamas Vajk
8f48c1b161 Add test for missing generic method 2022-05-10 19:51:14 +01:00
Chris Smowton
20d56094ee Note that unusedLocation can raise an alert for used but inaccessible locations 2022-05-10 19:51:13 +01:00
Ian Lynagh
920599fcf5 Kotlin: Make an unnecessarily-optional argument a required argument 2022-05-10 19:51:13 +01:00
Tamas Vajk
52597e5d63 Fix missing declarations in declaration stack 2022-05-10 19:51:13 +01:00
Tamas Vajk
482a37cfe3 Fix unbound symbol.owner references and add todos 2022-05-10 19:51:13 +01:00
Ian Lynagh
41c36760f7 Kotlin: Small refactorings and comments 2022-05-10 19:51:13 +01:00
Ian Lynagh
c0f194316f Kotlin: Update test following changes to casting operators 2022-05-10 19:51:13 +01:00
Ian Lynagh
ad33c47536 Kotlin: Add a test for Kotlin seeing Java code as properties 2022-05-10 19:51:13 +01:00
Ian Lynagh
579c590ea6 Kotlin: Accept test changes following "casting" operator changes 2022-05-10 19:51:13 +01:00
Ian Lynagh
6566f7b69f Kotlin: Add types for the different kinds of casts that Kotlin has
We might want to unify some of these in future, but doing that
correctly is easier than splitting them up correctly, so I've given each
one its own QL class for now.

I am not familiar with many of the libraries/queries that use CastExpr.
I've briefly looked at them and updated them in a way that looks
superficially reasonable, but some of the uses will probably want to be
refined later.
2022-05-10 19:51:13 +01:00
Ian Lynagh
7cf1289385 Kotlin: Fix build with old JDKs 2022-05-10 19:51:13 +01:00
Chris Smowton
221fa37081 Fix naming of local class instances that fall within generic functions 2022-05-10 19:51:13 +01:00
Ian Lynagh
735520a4ce Kotlin: Accept test changes in types test 2022-05-10 19:51:13 +01:00
Ian Lynagh
e9fcd4749a Kotlin: Use ASM9 rather than ASM7
This fixes
        exception: java.lang.UnsupportedOperationException: PermittedSubclasses requires ASM9
when we encounter ConstantDesc.class in the JDK's modules.
2022-05-10 19:51:13 +01:00
Tamas Vajk
646fc58c25 Fix expected test files 2022-05-10 19:51:13 +01:00
Tamas Vajk
44b731c68e Exclude extraction of fake overridden properties 2022-05-10 19:51:13 +01:00
Tamas Vajk
55b8e4400d Code quality improvements 2022-05-10 19:51:13 +01:00
Tamas Vajk
b6e5e1977d Extract more visibility modifiers 2022-05-10 19:51:13 +01:00
Ian Lynagh
a6d0dc7751 Kotlin: Small refactorings 2022-05-10 19:51:13 +01:00
Ian Lynagh
e1cff50c39 Kotlin: Remove KotlinSourceFileExtractor 2022-05-10 19:51:13 +01:00
Ian Lynagh
c1c4e4f86c Kotlin: Move extractFileContents into KotlinFileExtractor 2022-05-10 19:51:13 +01:00
Ian Lynagh
d43efd4cc7 Kotlin: KotlinSourceFileExtractor: Take filePath rather than file 2022-05-10 19:51:13 +01:00
Tamas Vajk
8e31bd8ec7 Update expected files after rebase 2022-05-10 19:51:13 +01:00
Tamas Vajk
9e21fa838e Test case for generic inner type instantiation 2022-05-10 19:51:13 +01:00
Chris Smowton
978978b86a Accept test changes 2022-05-10 19:51:13 +01:00
Chris Smowton
f4314c1f3d Substitute all generic types into function trap IDs and signatures, and ensure the subbed types are never primitive
The solution for ensuring they are primitive (making the range of the substitution always nullable) will need replacing once we export Kotlin types.
2022-05-10 19:51:12 +01:00
Chris Smowton
3365f3972e Instantiated generic type substitution: substitute outer class parameters too 2022-05-10 19:51:12 +01:00
Chris Smowton
fd495aa783 Name non-generic functions for their non-erased parameter types 2022-05-10 19:51:12 +01:00
Chris Smowton
f177c2c5ae Function trap ids: remove spaces between value parameters
Otherwise these won't match the IDs used by the Java extractor.
2022-05-10 19:51:12 +01:00
Chris Smowton
f38f03e6c9 Value parameters: provide correct source declaration 2022-05-10 19:51:12 +01:00
Chris Smowton
cd07cc448e Class trap labels: include outer type parameters 2022-05-10 19:51:12 +01:00
Chris Smowton
94efb427fe Type parameters: record index Java-style
Previously they received indices offset by the number of surrounding class type parameters.
2022-05-10 19:51:12 +01:00
Chris Smowton
178f128bdc Function labels: include <n> suffix (where n is the number of function type parameters)
This matches the Java extractor's behaviour.
2022-05-10 19:51:12 +01:00
Ian Lynagh
448b3d38d3 Kotlin: Duplicate less TRAP 2022-05-10 19:51:12 +01:00
Ian Lynagh
2f435a1a95 Kotlin: file_classes consistency check now passes 2022-05-10 19:51:12 +01:00
Ian Lynagh
368c330ecf Kotlin: Accept test changes following file-class fixes 2022-05-10 19:51:12 +01:00
Ian Lynagh
194e9fd2da Kotlin: Handle file classes better 2022-05-10 19:51:12 +01:00
Ian Lynagh
4340fe7044 Kotlin: Comments: Small refactoring 2022-05-10 19:51:12 +01:00
Tamas Vajk
b599ff2792 Change variable location extraction 2022-05-10 19:51:12 +01:00
Tamás Vajk
75e4b6c740 Fix typo in PrintAst.qll 2022-05-10 19:51:12 +01:00
Chris Smowton
33a9b4fb16 Add explanatory comment 2022-05-10 19:51:12 +01:00
Chris Smowton
e16a135a09 Add inner generic class test 2022-05-10 19:51:12 +01:00
Chris Smowton
0a4f97b151 Accept changes to standard library types
These are inner classes of the generic class java.lang.invoke.ClassSpecializer, whose generic parameters are no longer inappropriately attributed to its children.
2022-05-10 19:51:12 +01:00
Chris Smowton
997f818643 Accept java-and-kotlin result improvements
This happened because setting the type context for the return-type part of a function's label meant that the label now matches Java <-> Kotlin, and therefore it gets a Kotlin-source source location.
2022-05-10 19:51:12 +01:00
Chris Smowton
ab449e0517 Fix: use void as constructor return types in their labels
Without this we're incompatible with the Java extractor's constructor labelling
2022-05-10 19:51:12 +01:00
Chris Smowton
5188998bc6 Extract outer <-> inner class relationships for generic instances 2022-05-10 19:51:12 +01:00
Chris Smowton
67e3374a23 Fix inner generic type extraction
- Don't attribute type parameters that belong to the outer class to the inner
- Don't extract constructor generic parameters as if they were parameters of the type being instantiated
2022-05-10 19:51:12 +01:00
Tamas Vajk
aa0ddeb29a Fix external type locations in tests 2022-05-10 19:51:12 +01:00
Tamas Vajk
afd71a00d0 Fix extraction of function references without dispatch receiver 2022-05-10 19:51:12 +01:00
Tamas Vajk
ef2795c88b Add ktLocalFunction relation and tests for local and anonymous classes 2022-05-10 19:51:11 +01:00
Tamas Vajk
e0bf7d8246 Extract local class declarations 2022-05-10 19:51:11 +01:00
Tamas Vajk
1e64887903 Extract field receiver in field read/write 2022-05-10 19:51:11 +01:00
Tamas Vajk
10ae157682 Extract function references 2022-05-10 19:51:11 +01:00
Tamas Vajk
6950f868fb Fix type access extraction in field declarations 2022-05-10 19:51:11 +01:00
Tamas Vajk
e5003e4032 Adjust PrintAST query to handle kotlin constructs 2022-05-10 19:51:11 +01:00
Tamas Vajk
73cd497427 Add todo comment to move property from parameter initialization to constructor 2022-05-10 19:51:11 +01:00
Tamas Vajk
313912a131 Fix test expected files 2022-05-10 19:51:11 +01:00
Chris Smowton
2730d07b4c Extract static method qualifier type accesses 2022-05-10 19:51:11 +01:00
Chris Smowton
ef9a213ae1 Cleanup: use extractTypeAccess wherever possible 2022-05-10 19:51:11 +01:00
Chris Smowton
70841a5896 Add test for companion object 2022-05-10 19:51:11 +01:00
Tamas Vajk
30ff5e2517 Change unknown location to whole file location in source extraction 2022-05-10 19:51:11 +01:00
Tamas Vajk
9d7794185e Fix temporary variable locations 2022-05-10 19:51:11 +01:00
Chris Smowton
5c77131637 Add tests for generic methods 2022-05-10 19:51:11 +01:00
Tamas Vajk
67d2c52e86 Extract field declarations 2022-05-10 19:51:11 +01:00
Tamas Vajk
5bc28ab45a Extract externally defined inner classes only once 2022-05-10 19:51:11 +01:00
Chris Smowton
acad36cab4 Implement raw type extraction 2022-05-10 19:51:11 +01:00
Tamas Vajk
6455c988f2 Extract class references 2022-05-10 19:51:11 +01:00
Ian Lynagh
05028e612c Kotlin: Accept test changes 2022-05-10 19:51:11 +01:00
Ian Lynagh
fb90c70e2e Kotlin: Extract visibility for properties 2022-05-10 19:51:11 +01:00
Ian Lynagh
348ae357ed Kotlin: Extract method visibility 2022-05-10 19:51:11 +01:00
Ian Lynagh
6616f452d7 Kotlin: Move extractClassModifiers to KotlinFileExtractor
It doesn't need to be in KotlinUsesExtractor any more, and this gives us
better warnings.
2022-05-10 19:51:11 +01:00
Ian Lynagh
5342b13cb6 Kotlin: Add class modifiers 2022-05-10 19:51:11 +01:00
Ian Lynagh
08bb134022 Java/Kotlin: Tweak consistency queries 2022-05-10 19:51:11 +01:00
Ian Lynagh
7c03ed99dc Java/Kotlin: Add File.is{,Java,Kotlin}SourceFile() 2022-05-10 19:51:10 +01:00
Chris Smowton
70708d69bf Don't extract or call fake-override methods 2022-05-10 19:51:10 +01:00
Chris Smowton
0c7075c749 Give getters and setters their jvm-lowered names 2022-05-10 19:51:10 +01:00
Chris Smowton
248011e828 Improve generics test to indicate callee decltypes 2022-05-10 19:51:10 +01:00
Chris Smowton
26abb4d0e3 Correctly record methods' and constructors' source-declarations 2022-05-10 19:51:10 +01:00
Chris Smowton
2677115385 Switch comment to use Kotlin syntax 2022-05-10 19:51:10 +01:00
Chris Smowton
44c64f0784 Always extract constructor return type as unit 2022-05-10 19:51:10 +01:00
Chris Smowton
d2e626cbee Add declaring type to test to distinguish ambiguously-named methods 2022-05-10 19:51:10 +01:00
Chris Smowton
fa9971c6f3 Uniformly use getFunctionShortName 2022-05-10 19:51:10 +01:00
Chris Smowton
c5e85620e7 Rework conditional generic extraction to use global state 2022-05-10 19:51:10 +01:00
Chris Smowton
25674247a2 Accept test changes relating to generic constructors 2022-05-10 19:51:10 +01:00
Chris Smowton
d57ac71cd0 Anonymous objects: always extract as source classes 2022-05-10 19:51:10 +01:00
Chris Smowton
faa7ccfb01 Add test of selective generic extraction 2022-05-10 19:51:10 +01:00
Chris Smowton
b601cdeb8f Extract generic constructor calls 2022-05-10 19:51:10 +01:00
Chris Smowton
d4519eb1bc Downgrade assert to warning 2022-05-10 19:51:10 +01:00
Chris Smowton
bb3049a686 Extract generic method prototypes
These feature substituted types according to their declaring generic specialisation, with wildcards that reach top-level being converted to their upper or lower bound depending on usage context.

This commit also includes an incidental fix such that constructors declare their return-type as unit, consistent with the Java extractor.
2022-05-10 19:51:10 +01:00
Ian Lynagh
b38f47f9ea Java/Kotlin: Tweak consistency queries 2022-05-10 19:51:10 +01:00
Ian Lynagh
c04912701a Java/Kotlin: Speed up toString.ql
It's less informative now, but manual debugging will likely be needed
to investigate failures.
2022-05-10 19:51:10 +01:00
Ian Lynagh
ab93d166b8 Java/Kotlin: Tweak consistency queries 2022-05-10 19:51:10 +01:00
Tamas Vajk
fa5c3f9159 Remove and replace @anonymousclassdeclstmt with @localtypedeclstmt 2022-05-10 19:51:10 +01:00
Tamas Vajk
e325925f5a Extract field declaration directly inside class 2022-05-10 19:51:10 +01:00
Tamas Vajk
929c50f0b3 Adjust build script based on review 2022-05-10 19:51:10 +01:00
Tamas Vajk
0978e522d0 Fix expected files 2022-05-10 19:51:10 +01:00
Tamas Vajk
7b58d01eff Specify lambda method for big arity lambdas 2022-05-10 19:51:10 +01:00
Tamas Vajk
dec165c5b2 Remove Lambda class as supertype 2022-05-10 19:51:09 +01:00
Tamas Vajk
3cd2583ec8 Handle large arity lambdas, and add missing type access for some constructor calls (needed for anonymous classes) 2022-05-10 19:51:09 +01:00
Tamas Vajk
f4c87cb79d Extract function expressions 2022-05-10 19:51:09 +01:00
Ian Lynagh
b32ac935f6 Revert "Merge pull request #160 from github/smowton/feature/type-substitution-prototypes"
This reverts commit 1dd83a3f0fab407fe94a09fc517c516ed24b1d0c, reversing
changes made to 22aebf8128bfe20bb89e5ecc11e0e8cdd65bf317.
2022-05-10 19:51:09 +01:00
Chris Smowton
4e36b2489c Add test of selective generic extraction 2022-05-10 19:51:09 +01:00
Chris Smowton
b8af2e6e40 Extract generic constructor calls 2022-05-10 19:51:09 +01:00
Chris Smowton
cfb839ac91 Downgrade assert to warning 2022-05-10 19:51:09 +01:00
Chris Smowton
2f8b8fadc3 Extract generic method prototypes
These feature substituted types according to their declaring generic specialisation, with wildcards that reach top-level being converted to their upper or lower bound depending on usage context.

This commit also includes an incidental fix such that constructors declare their return-type as unit, consistent with the Java extractor.
2022-05-10 19:51:09 +01:00
Ian Lynagh
26a0925f99 Kotlin: Add comments saying what generated TRAP files 2022-05-10 19:51:09 +01:00
Ian Lynagh
35ad8f372e Kotlin: Add a test for Kotlin and Java calling each other
Currently kotlin->java causes DB inconsistencies.
2022-05-10 19:51:09 +01:00
Ian Lynagh
1719b921cf Kotlin: Accept test changes 2022-05-10 19:51:09 +01:00
Ian Lynagh
b57d7f5a75 Kotlin: Extract fakeKotlinType for all kt_types
This allows us to make consistent Java+Kotlin databases in the short
term.
2022-05-10 19:51:09 +01:00
Ian Lynagh
40976a91ce Kotlin: Fix a bad label expansion
We were making a key
    @"class;ClassLabelResults(classLabel=java.io.Console, shortName=Console)\$LineReader"
2022-05-10 19:51:09 +01:00
Ian Lynagh
c05aab278a Kotlin: Add a TODO 2022-05-10 19:51:09 +01:00
Ian Lynagh
c35f871c46 Kotlin: Add tests for file classes 2022-05-10 19:51:09 +01:00
Ian Lynagh
43f50888a7 Kotlin: Add a trivial test 2022-05-10 19:51:09 +01:00
Ian Lynagh
c63918d431 Kotlin: Add an empty test 2022-05-10 19:51:09 +01:00
Ian Lynagh
509860b7cf Kotlin: Add a file_classes consistency query 2022-05-10 19:51:09 +01:00
Ian Lynagh
33757a1266 Kotlin: Extract whether a class is a "file" class 2022-05-10 19:51:09 +01:00
Tamas Vajk
fd27243ec6 Add todo comment regarding class declaration stmt 2022-05-10 19:51:09 +01:00
Tamas Vajk
c446b0ecaf Move anonymous class and local function label generation to KotlinUsesExtractor 2022-05-10 19:51:09 +01:00
Tamas Vajk
6dbf278269 Add extension tests 2022-05-10 19:51:08 +01:00
Tamas Vajk
058ff0a60b Remove empty file 2022-05-10 19:51:08 +01:00
Tamas Vajk
2f06c9c03f Fix spacing 2022-05-10 19:51:08 +01:00
Tamas Vajk
05f22576d1 Fix extraction state resetting 2022-05-10 19:51:08 +01:00
Tamas Vajk
ebf91b79a9 Revert moving extraction to SourceFileExtractor 2022-05-10 19:51:08 +01:00
Tamas Vajk
01f46555b0 Fix disappearing variable labels 2022-05-10 19:51:08 +01:00
Tamas Vajk
27f58f2929 Improve code quality 2022-05-10 19:51:08 +01:00
Tamas Vajk
16ba27c476 Extract local functions 2022-05-10 19:51:08 +01:00
Ian Lynagh
f0949a4936 Kotlin: Add a test
This caused a stack overflow on a branch, due to the recursino between
the class and the extension function.
2022-05-10 19:51:08 +01:00
Ian Lynagh
9c4c559ab2 Kotlin: Add some TODO comments 2022-05-10 19:51:08 +01:00
Ian Lynagh
5bc1bdb5a3 Kotlin: Refactor PrimitiveTypeInfo
Avoids mentioning the name of IdSignature.PublicSignature, which used to
be IdSignature.CommonSignature, giving us compatibility issues.
2022-05-10 19:51:08 +01:00
Ian Lynagh
d977500047 Kotlin: Make it easier to diagnose build failures 2022-05-10 19:51:08 +01:00
Ian Lynagh
c525d2a633 Kotlin: Consistently use addClassLabel, and have it handle external classes 2022-05-10 19:51:08 +01:00
Tamas Vajk
161463ecae Fix catch clause location 2022-05-10 19:51:08 +01:00
Tamas Vajk
21af31f3ab CFG changes for non-null operator + some tests 2022-05-10 19:51:08 +01:00
Ian Lynagh
de137415b8 Kotlin: Use an IrClass for the Java class in the priomitive type handling
This means we can add a label for it, and indicate that we use it,
properly.
2022-05-10 19:51:08 +01:00
Chris Smowton
7fa4da8b0c Add explanatory comments 2022-05-10 19:51:08 +01:00
Chris Smowton
7d62f1d2de Update test expectations 2022-05-10 19:51:08 +01:00
Chris Smowton
8accd35ce8 Substitute in generic type arguments when extracting the supertypes of an instantiated type 2022-05-10 19:51:08 +01:00
Ian Lynagh
2dcd49c6a5 Kotlin: Build the appropriate single version, rather than always 1.5 2022-05-10 19:51:08 +01:00
Tamas Vajk
abc0da3e60 Extract extension method receivers as parameters 2022-05-10 19:51:08 +01:00
Tamás Vajk
04daa7f28f Revert "Kotlin: Fix extraction of dispatch and extension receivers" 2022-05-10 19:51:08 +01:00
Ian Lynagh
cd84a6a5b6 Kotlin: Avoid external locations appearing in type_equivalences test 2022-05-10 19:51:08 +01:00
Tamas Vajk
a4275865da Fix location of variable access in LHS of assignment 2022-05-10 19:51:07 +01:00
Ian Lynagh
40e4c93615 Kotlin: TODO() now works 2022-05-10 19:51:07 +01:00
Ian Lynagh
669fe616dd Kotlin: Renumber lines in expressions test 2022-05-10 19:51:07 +01:00
Ian Lynagh
50400bf7af Kotlin: Add TODO() to test; doesn't work yet 2022-05-10 19:51:07 +01:00
Ian Lynagh
2b483597f8 Kotlin: Ranges already work
We might want to extract a sugared form of them in the future, but for
now this works.
2022-05-10 19:51:07 +01:00
Ian Lynagh
1abaecf158 Kotlin: String templates are already supported 2022-05-10 19:51:07 +01:00
Ian Lynagh
4c8a87bfb1 Kotlin: Accept test changes 2022-05-10 19:51:07 +01:00
Ian Lynagh
0b3754c932 Kotlin: Fix handling Unit in various places 2022-05-10 19:51:07 +01:00
Ian Lynagh
ec827d2f0a Kotlin: Add ability to give more type contexts 2022-05-10 19:51:07 +01:00
Ian Lynagh
6c1439c180 Kotlin: Add a test for type equivalences 2022-05-10 19:51:07 +01:00
Ian Lynagh
606b36e21f Kotlin: Accept test changes 2022-05-10 19:51:07 +01:00
Ian Lynagh
7ca6da1d13 Kotlin/Java: children consistency query: extension receiver is now a gap 2022-05-10 19:51:07 +01:00
Ian Lynagh
75e22da096 Kotlin: Fix extraction of dispatch and extension receivers
It is possible for a call to have both, e.g. the `arg.ext()` call in:

class Class1 {
    val y = 4
}
class Class2 (val arg:Class1) {
    val x = 3
    fun someFun() {
        arg.ext();
    }
    fun Class1.ext() {
        val z = x + y
    }
}
2022-05-10 19:51:07 +01:00
Ian Lynagh
76d7ac9898 Kotlin: Accept test changes 2022-05-10 19:51:07 +01:00
Ian Lynagh
6a16588484 Kotlin: Allow comments on enum entries 2022-05-10 19:51:07 +01:00
Ian Lynagh
cc478eb6ee Kotlin: Add comments on enum test 2022-05-10 19:51:07 +01:00
Ian Lynagh
03199091cd Kotlin: Add SAFE_CAST support 2022-05-10 19:51:07 +01:00
Ian Lynagh
1c5f6d70bc Kotlin: Accept changes 2022-05-10 19:51:07 +01:00
Ian Lynagh
25ccf0569e Kotlin: ReturnStmt CFG isn't handled properly yet 2022-05-10 19:51:07 +01:00
Ian Lynagh
db7f5a04be Kotlin: BreakStmt CFG isn't handled properly yet 2022-05-10 19:51:07 +01:00
Ian Lynagh
712d70248a Kotlin: Add CFG for VarArgExpr 2022-05-10 19:51:07 +01:00
Ian Lynagh
8440bafc42 Kotlin: Add CFG for KtAnonymousClassDeclarationStmt 2022-05-10 19:51:07 +01:00
Ian Lynagh
5ae74949a0 Kotlin: Add CFG for ClassExpr 2022-05-10 19:51:07 +01:00
Ian Lynagh
2135a870d3 Kotlin: Fix CFG for StmtExpr 2022-05-10 19:51:06 +01:00
Ian Lynagh
2e5cf92f8a Kotlin: Fix CFG for string templates 2022-05-10 19:51:06 +01:00
Ian Lynagh
fcbe4331b4 Kotlin/Java: Add a (currently rather lax) cfgDeadEnds consistency query 2022-05-10 19:51:06 +01:00
Tamas Vajk
874afa7fd7 Fix missing extension receiver extraction 2022-05-10 19:51:06 +01:00
Tamas Vajk
23c5caadc8 Fix String?.plus extraction 2022-05-10 19:51:06 +01:00
Tamas Vajk
ea4e919af5 Extract missing functions directly in kotlin package 2022-05-10 19:51:06 +01:00
Tamas Vajk
3a2f7bec1c Fix test expected files 2022-05-10 19:51:06 +01:00
Tamas Vajk
6246b2142c Add enclosing stmt to arrayOf extraction 2022-05-10 19:51:06 +01:00
Tamas Vajk
8de5e39309 Extract arrayOf-like calls 2022-05-10 19:51:06 +01:00
Tamas Vajk
8b81ee7e59 Add array creation tests 2022-05-10 19:51:06 +01:00
Chris Smowton
64e1367e59 Make standard library locations consistent between Java and Kotlin 2022-05-10 19:51:06 +01:00
Ian Lynagh
547b60d68f Kotlin: Add paramTypes test 2022-05-10 19:51:06 +01:00
Ian Lynagh
d5b4931b7f Kotlin: Tweak superTypes test to give better locations 2022-05-10 19:51:06 +01:00
Ian Lynagh
50c2d10777 Kotlin: Improve the supertypes test
Note the line
        | file://<external>/superChain.kt:2:1:2:60 | SuperChain2<T5,String> | file://<external>/superChain.kt:1:1:1:33 | SuperChain1<T3,String> |
is currently wrong; the supertype of SuperChain2<T5,String> should be
SuperChain1<T5,String>.
2022-05-10 19:51:06 +01:00
Ian Lynagh
c05aa7bb68 Kotlin: Add superChain test 2022-05-10 19:51:06 +01:00
Ian Lynagh
b876ee98e5 Kotlin: Tweak the superTypes test 2022-05-10 19:51:06 +01:00
Ian Lynagh
90d7c2b3ce Java/Kotlin: Add a statementEnclosingExpr consistency test 2022-05-10 19:51:06 +01:00
Ian Lynagh
7baefbb9e5 Kotlin: Add WhenBranch.getWhenExpr() 2022-05-10 19:51:06 +01:00
Ian Lynagh
46f103c243 Kotlin: Accept test changes 2022-05-10 19:51:06 +01:00
Ian Lynagh
5c2ce95b1a Kotlin: Populate statementEnclosingExpr 2022-05-10 19:51:06 +01:00
Ian Lynagh
2b973fa3b1 Kotlin: Add support for IrSyntheticBody
I'm not sure it's worth adding an entity to the database for them,
although that would allow us to use a 'case' in the dbscheme for
the different kinds.

There's no QLL support for this info yet.
2022-05-10 19:51:06 +01:00
Tamas Vajk
4ca024f043 Fix try statement extraction 2022-05-10 19:51:06 +01:00
Tamas Vajk
716b87d200 Extract not-null expression 2022-05-10 19:51:06 +01:00
Ian Lynagh
6603767d94 Kotlin: Clarify !/ paths 2022-05-10 19:51:06 +01:00
Ian Lynagh
f40ab39447 Kotlin: Small fixes and a little more documentation for TrapWriter 2022-05-10 19:51:06 +01:00
Ian Lynagh
d1fefe0246 Kotlin: Refactor TrapWriters
Now ClassFileTrapWriter is just FileTrapWriter, which no longer takes a
nullable IrFileEntry.

SourceFileTrapWriter still extends FileTrapWriter, and adds the
IrFileEntry, allowing it to override the location functions with more
useful variants.

populateFileTables no longer has a default. I think that for the sake
of a handful of calls, it's simpler to be explicit so we aren't
confused.
2022-05-10 19:51:05 +01:00
Ian Lynagh
1990b68c21 Kotlin: Return more precise types from PopulateFile.java 2022-05-10 19:51:05 +01:00
Ian Lynagh
83ac77dccc Kotlin: Start documenting TrapWriter 2022-05-10 19:51:05 +01:00
Tamas Vajk
afabe652c1 Add anonymous class declaration stmt 2022-05-10 19:51:05 +01:00
Ian Lynagh
3e9d12aff0 Kotlin: Accept test changes 2022-05-10 19:51:05 +01:00
Ian Lynagh
37d6bc29dc Kotlin: Fix Byte tests 2022-05-10 19:51:05 +01:00
Ian Lynagh
1eda692ec8 Kotlin: Import org.jetbrains.kotlin.ir.util.* in KotlinFileExtractor
This makes dump() available
2022-05-10 19:51:05 +01:00
Ian Lynagh
2d8a2abe5c Kotlin: Recognise more numeric types 2022-05-10 19:51:05 +01:00
Ian Lynagh
76151b413f Kotlin: Add more Long tests 2022-05-10 19:51:05 +01:00
Ian Lynagh
6b5fe14e94 Kotlin: Add tesets for more integer types 2022-05-10 19:51:05 +01:00
Ian Lynagh
1b40f78b9c Kotlin: Recognise + etc for Double 2022-05-10 19:51:05 +01:00
Ian Lynagh
5b5a6042a9 Kotlin: Add tests for more Double operators 2022-05-10 19:51:05 +01:00
Chris Smowton
35e6b06fe3 Revert "Fix failing tests"
This reverts commit 940db3d0828422bc26d7167c138199aa51ab4e89.
2022-05-10 19:51:05 +01:00
Chris Smowton
bb7a17b5bd Add missing test file 2022-05-10 19:51:05 +01:00
Ian Lynagh
f447d40740 Kotlin: Temporary consistency query tweak to get the tests passing 2022-05-10 19:51:05 +01:00
Tamas Vajk
ae86fcb499 Split main extractor file 2022-05-10 19:51:05 +01:00
Tamas Vajk
2dfe50cbaa Change constructor and type name of anonymous classes to empty string 2022-05-10 19:51:05 +01:00
Tamas Vajk
b7faa33c60 Fix constructor call type access 2022-05-10 19:51:05 +01:00
Tamas Vajk
b7e0828f78 Extract anonymous object creation 2022-05-10 19:51:05 +01:00
Tamas Vajk
ab6b500475 Fix failing tests 2022-05-10 19:51:05 +01:00
Ian Lynagh
10004c77d1 Kotlin: some TODO stuff works now 2022-05-10 19:51:05 +01:00
Ian Lynagh
a3e70fdb5c Kotlin: Add support for ieee754equals 2022-05-10 19:51:05 +01:00
Ian Lynagh
78d2ef52c1 Kotlin: Towards better equality checking 2022-05-10 19:51:05 +01:00
Ian Lynagh
5da15ca03b Kotlin: Resugar != 2022-05-10 19:51:04 +01:00
Ian Lynagh
b4c3f57bab Kotlin: Get != working again 2022-05-10 19:51:04 +01:00
Chris Smowton
956c479db3 Document TypeResult 2022-05-10 19:51:04 +01:00
Chris Smowton
ccf21b7183 Implement Java signature extraction 2022-05-10 19:51:04 +01:00
Chris Smowton
6391484692 Add modifiers to array built-in functions 2022-05-10 19:51:04 +01:00
Chris Smowton
b33f2d9952 Merge shortName recursion into useType 2022-05-10 19:51:04 +01:00
Ian Lynagh
36dae240df Kotlin: Allow building only a single way 2022-05-10 19:51:04 +01:00
Ian Lynagh
0ce6e53386 Kotlin: Remove unused expressions and fix a copy/paste-o 2022-05-10 19:51:04 +01:00
Tamas Vajk
da0e2c276f Add comment explaining why the annotation is needed 2022-05-10 19:51:04 +01:00
Tamas Vajk
cb406619cb Reintroduce sealed interfaces for generated DB types 2022-05-10 19:51:04 +01:00
Tamas Vajk
c4ad2f3463 Add kotlin 1.4 support 2022-05-10 19:51:04 +01:00
Tamas Vajk
3939a2a47c Change build script to build multiple versions of the plugin 2022-05-10 19:51:04 +01:00
Ian Lynagh
22c87b20cc Kotlin: Add an exception for a consistency check 2022-05-10 19:51:04 +01:00
Ian Lynagh
be5e478718 Kotlin: Accept test change 2022-05-10 19:51:04 +01:00
Ian Lynagh
744f3db68d Kotlin: Handle binops correctly 2022-05-10 19:51:04 +01:00
Ian Lynagh
d63ef23bda Kotlin: Remove an out-of-date consistency exception 2022-05-10 19:51:04 +01:00
Ian Lynagh
755bf4d8b3 Java/Kotlin: Add 'children' consistency query 2022-05-10 19:51:04 +01:00
Ian Lynagh
8f1f137fa1 Java/Kotlin: Add UnaryExpr consistency query 2022-05-10 19:51:04 +01:00
Ian Lynagh
90365c9c58 Java/Kotlin: Add a consistency query for BinaryExpr 2022-05-10 19:51:04 +01:00
Ian Lynagh
9e2a3a9da8 Java/Kotlin: Add a consistency query for blocks 2022-05-10 19:51:04 +01:00
Tamas Vajk
ab86778e1d Remove external property related log messages 2022-05-10 19:51:04 +01:00
Chris Smowton
5ee9135643 Couple more style fixes 2022-05-10 19:51:04 +01:00
Chris Smowton
970e3d64c0 Fix various style warnings highlighted by IntelliJ 2022-05-10 19:51:04 +01:00
Chris Smowton
8f5bbc7bd8 superTypes test: restore location info without full paths 2022-05-10 19:51:03 +01:00
Chris Smowton
87d6313278 Move extractClassInstance to the file extractor
Since now we know the file context has been set correctly at this point
2022-05-10 19:51:03 +01:00
Chris Smowton
c4d6321e60 Fix whitespace 2022-05-10 19:51:03 +01:00
Chris Smowton
fcab0474c9 Amend call.ql to avoid external source locations and accept changes 2022-05-10 19:51:03 +01:00
Chris Smowton
2bcc3d425e Amend a test to avoid external paths and accept changes 2022-05-10 19:51:03 +01:00
Chris Smowton
87b04bc22b Add test for expected filenames 2022-05-10 19:51:03 +01:00
Chris Smowton
5ec546bcb0 Extract locations for generic instantiations 2022-05-10 19:51:03 +01:00
Chris Smowton
f06285e9c7 Fix: use source information for class actually extracted in case of K<->J substitution 2022-05-10 19:51:03 +01:00
Chris Smowton
bde4534050 Only report locations without a source offset in non-source files
Also adjust tests that would otherwise report types with locations outside the source tree (i.e., for the most part in the standard library)
2022-05-10 19:51:03 +01:00
Chris Smowton
c2fef58b21 Extract source files for external types 2022-05-10 19:51:03 +01:00
Tamas Vajk
4c5b4b15a9 Allow associating comments with fields 2022-05-10 19:51:03 +01:00
Tamas Vajk
097d87604f Add test case to cover comments on properties 2022-05-10 19:51:03 +01:00
Tamas Vajk
d0c470dbac Add direct field access support 2022-05-10 19:51:03 +01:00
Ian Lynagh
b741dea100 Kotlin: Accept test changes 2022-05-10 19:51:03 +01:00
Ian Lynagh
3a0435b196 Kotlin: Towards 'this' qualifiers
This probably handles most cases well enough
2022-05-10 19:51:03 +01:00
Ian Lynagh
9158f0192b Kotlin: Enhance 'this' test 2022-05-10 19:51:03 +01:00
Ian Lynagh
2320553723 Kotlin: Add tests for this 2022-05-10 19:51:03 +01:00
Ian Lynagh
87e8425603 Kotlin: Extract the abstractness of classes. 2022-05-10 19:51:03 +01:00
Ian Lynagh
45658e5d89 Kotlin: Add writeCallableEnclosingExpr calls 2022-05-10 19:51:03 +01:00
Ian Lynagh
854a03d696 Kotlin: Fix property initialisers 2022-05-10 19:51:03 +01:00
Ian Lynagh
aefe5c5c58 Kotlin: Accept test changes 2022-05-10 19:51:03 +01:00
Ian Lynagh
e6e56238c5 Kotlin: Handle properties better 2022-05-10 19:51:03 +01:00
Chris Smowton
44bf35e623 Add and update tests 2022-05-10 19:51:03 +01:00
Chris Smowton
1b7e33b6e3 Remove Kotlin element and component type from arrays
Now that these are no longer required, array extraction can extract kt-types consistently with other parameterised classes.
2022-05-10 19:51:03 +01:00
Chris Smowton
70294bd26b Array types: distinguish (e.g.) Array<Int> from IntArray 2022-05-10 19:51:03 +01:00
Chris Smowton
380da465b9 Fix bad rebase 2022-05-10 19:51:02 +01:00
Chris Smowton
b4138838fe Update TODOs 2022-05-10 19:51:02 +01:00
Chris Smowton
329ead2b52 Pull out and tidy array extraction 2022-05-10 19:51:02 +01:00
Ian Lynagh
e947e6234e Kotlin: Use 2G when compiling
For me, kotlinc default to 256M, which isn't enough when we are
extracting.
2022-05-10 19:51:02 +01:00
Ian Lynagh
2625c101ad Kotlin: Show class name in log messages 2022-05-10 19:51:02 +01:00
Ian Lynagh
0bf60fff53 Kotlin: Add a test that was failing dbcheck, and comment out the cause 2022-05-10 19:51:02 +01:00
Ian Lynagh
8fc75abc6c Kotlin: Accept test changes 2022-05-10 19:51:02 +01:00
Ian Lynagh
e1cfaaaa9a Kotlin: Extract listOf(...) 2022-05-10 19:51:02 +01:00
Chris Smowton
3c7fb94002 Update test expectations 2022-05-10 19:51:02 +01:00
Chris Smowton
06c4fd9060 Properly extract wildcard bounds 2022-05-10 19:51:02 +01:00
Tamas Vajk
356639dadd Add optional exitProcess after extraction 2022-05-10 19:51:02 +01:00
Tamas Vajk
69e8db06cb Add optional compilation start plugin option + remove exitProcess 2022-05-10 19:51:02 +01:00
Chris Smowton
6fb5854589 Array types: record dimensionality 2022-05-10 19:51:02 +01:00
Chris Smowton
239ee588a6 Update test expectations 2022-05-10 19:51:02 +01:00
Chris Smowton
805b54897e KotlinType: accept non-class-or-interface Java types 2022-05-10 19:51:02 +01:00
Chris Smowton
1d95431a7a Always use the nullable type for arrays 2022-05-10 19:51:02 +01:00
Chris Smowton
0ba4753b8f Restrict Kotlin types describing arrays
* Always use a nullable type
* Never use a type projection (same behaviour as IrType.getArrayElementType)

Otherwise the kotlin type doesn't functionally depend on the type label
2022-05-10 19:51:02 +01:00
Chris Smowton
a6dc408c4e Fix: bracket string template expression properly 2022-05-10 19:51:02 +01:00
Chris Smowton
8016aa7027 Adapt to refactor; useType changes 2022-05-10 19:51:02 +01:00
Chris Smowton
660988d8ac Ensure Unit type is extracted when needed 2022-05-10 19:51:02 +01:00
Chris Smowton
efe3a77efe shortName: use boxed types for type arguments and use K->J class substitutions 2022-05-10 19:51:02 +01:00
Chris Smowton
16335b126f Include type parameters in class short names 2022-05-10 19:51:02 +01:00
Chris Smowton
8acf7d74c1 Restore check for Array<T> type argument 2022-05-10 19:51:02 +01:00
Chris Smowton
dd3bb053e5 Add extracted array length and clone members 2022-05-10 19:51:02 +01:00
Chris Smowton
d62af44baa Extract array type inheritence graph 2022-05-10 19:51:02 +01:00
Chris Smowton
23553f15ee Arrays: extract dimensionality 2022-05-10 19:51:01 +01:00
Chris Smowton
c571657fb1 Abbreviate array test 2022-05-10 19:51:01 +01:00
Chris Smowton
f1a3c9ca20 Arrays: note TODOs 2022-05-10 19:51:01 +01:00
Chris Smowton
2cc5f3e5b7 kt_*_types tables: cite correct Kotlin classid for arrays 2022-05-10 19:51:01 +01:00
Chris Smowton
b926521e7a Only write arrays table on first usage 2022-05-10 19:51:01 +01:00
Chris Smowton
055e9b7797 Convert primitive arrays to Java arrays 2022-05-10 19:51:01 +01:00
Chris Smowton
a92e20e526 Extract nullable arrays as Java arrays
Nullability doesn't matter to this conversion since Java's arrays are reftypes
2022-05-10 19:51:01 +01:00
Ian Lynagh
80e2140ca7 Kotlin: Add TrapWriter.writeComment 2022-05-10 19:51:01 +01:00
Ian Lynagh
5cf14e6f39 Kotlin: Tweak a comment 2022-05-10 19:51:01 +01:00
Ian Lynagh
8853489f04 Kotlin: Add a "generted by" field to the diagnostics table 2022-05-10 19:51:01 +01:00
Ian Lynagh
512e4ce41e Kotlin: Fix bug in DB scheme generator 2022-05-10 19:51:01 +01:00
Ian Lynagh
be75d30ee0 Kotlin: Add support for varargs 2022-05-10 19:51:01 +01:00
Ian Lynagh
497263e92d Kotlin: Accept test changes 2022-05-10 19:51:01 +01:00
Ian Lynagh
bdaa3ce2b3 Kotlin: Add support for companion objects 2022-05-10 19:51:01 +01:00
Ian Lynagh
f726e6acf8 Kotlin: Fix handling of objects in external dependencies 2022-05-10 19:51:01 +01:00
Ian Lynagh
b460c92c61 Kotlin: Add modifiers to object INSTANCEs 2022-05-10 19:51:01 +01:00
Ian Lynagh
112fac6286 Kotlin: We only support non-companion objects for now 2022-05-10 19:51:01 +01:00
Ian Lynagh
e5cd32bdfe Kotlin: Get the tests passing again 2022-05-10 19:51:01 +01:00
Ian Lynagh
ceb1e57ddd Kotlin: Add support for objects 2022-05-10 19:51:01 +01:00
Tamás Vajk
35a15d7eb4 Fix typo 2022-05-10 19:51:01 +01:00
Ian Lynagh
cb1124b5ff Kotlin: Add a test for type aliases 2022-05-10 19:51:01 +01:00
Ian Lynagh
87b433142c Kotlin: Add support for Kotlin type aliases 2022-05-10 19:51:01 +01:00
Ian Lynagh
8330a404df Kotlin: Add warning location to warnings
This also tweaks how the "too many warnings" logic works
2022-05-10 19:51:01 +01:00
Ian Lynagh
41d4c21910 Kotlin: Add a warning 2022-05-10 19:51:01 +01:00
Ian Lynagh
2d43e7b2d1 Kotlin: Speed up getAPrimaryQlClass
It now gives less useful info, but can be manually investigated if it
fails.
2022-05-10 19:51:00 +01:00
Ian Lynagh
59307285e8 Kotlin: Speed up the toString consistency query
Using Top.getAQlClass() means we have to evaluate
SummarizedCallableExternal's charpred, and hence summaryElement,
which is slow.
2022-05-10 19:51:00 +01:00
Ian Lynagh
9a621479cc Kotlin: accept test changes 2022-05-10 19:51:00 +01:00
Ian Lynagh
9b3f36d1ae Kotlin: Remove useTypeOld 2022-05-10 19:51:00 +01:00
Ian Lynagh
e61ff60bf8 Kotlin: Add KotlinType to ExtensionMethod 2022-05-10 19:51:00 +01:00
Ian Lynagh
6cf0b755f0 Kotlin: Add KotlinType to localvars 2022-05-10 19:51:00 +01:00
Ian Lynagh
06a41b3923 Kotlin: Add KotlinTypes to arrays 2022-05-10 19:51:00 +01:00
Ian Lynagh
ba56517900 Kotlin: Add Variable.getKotlinType() 2022-05-10 19:51:00 +01:00
Ian Lynagh
ef22194eed Kotlin: Add KotlinType to params 2022-05-10 19:51:00 +01:00
Ian Lynagh
0d5e471b96 Kotlin: Give methods and constructors a KotlinType 2022-05-10 19:51:00 +01:00
Ian Lynagh
d9822266f5 Kotlin: Fix SafeCastConversionContext QLL 2022-05-10 19:51:00 +01:00
Ian Lynagh
c20ee76826 Kotlin: Give fields a Kotlin type
This meant refactoring the EnumEntry extraction a bit. The IR doesn't
give us a type for fields, so we have to make it up based on the parent.
2022-05-10 19:51:00 +01:00
Ian Lynagh
e120059a18 Kotlin: Accept test changes 2022-05-10 19:51:00 +01:00
Ian Lynagh
b3a28af319 Kotlin: Move extractTypeParameter back to KotlinFileExtractor 2022-05-10 19:51:00 +01:00
Ian Lynagh
118d630125 Kotlin: Add a test for instances 2022-05-10 19:51:00 +01:00
Ian Lynagh
7421e95816 Kotlin: Pull more out into KotlinUsesExtractor 2022-05-10 19:51:00 +01:00
Ian Lynagh
db0360d211 Kotlin: Accept test changes 2022-05-10 19:51:00 +01:00
Ian Lynagh
b381556a06 Kotlin: Fix up things that got pulled out into KotlinUsesExtractor 2022-05-10 19:51:00 +01:00
Ian Lynagh
a5a42b4416 Kotlin: Refactor so that we can't give locations to "used" things
Things we use may not be in the same file as us, so we aren't able to
generate valid locations for them.
2022-05-10 19:51:00 +01:00
Ian Lynagh
960c436824 Kotlin: Call extractClassCommon later
This fixes a "Missing type parameter label" warning from the extractor
with
    interface Foo<T>
    class Bar<T>: Foo<T> { }
caused by the `: Foo<T>` being extracted before extracting the `T`
in `Bar<T>`.
2022-05-10 19:51:00 +01:00
Ian Lynagh
6c957284de Kotlin: Add support for enum value accesses 2022-05-10 19:51:00 +01:00
Ian Lynagh
d565a16fe6 Kotlin: Add enums to expr test 2022-05-10 19:51:00 +01:00
Ian Lynagh
84b53ba9cf Kotlin: Accept test changes 2022-05-10 19:51:00 +01:00
Ian Lynagh
976cc31c7a Kotlin: Add support for string templates 2022-05-10 19:50:59 +01:00
Ian Lynagh
168786ae71 Kotlin: Add string concatenations to exprs test 2022-05-10 19:50:59 +01:00
Ian Lynagh
81fd7c735a Kotlin: Add suport for enum classes 2022-05-10 19:50:59 +01:00
Ian Lynagh
2b01c5d825 Kotlin: Follow changes in main 2022-05-10 19:50:59 +01:00
Ian Lynagh
9996d77701 Kotlin: Reinstate disabled test now bug is fixed 2022-05-10 19:50:59 +01:00
Chris Smowton
97f380eddc Don't abort external class extraction after first duplicate 2022-05-10 19:50:59 +01:00
Ian Lynagh
5bb9357dbe Kotlin: Disable part of a test that gives us DB check inconsistencies 2022-05-10 19:50:59 +01:00
Ian Lynagh
e8fd9ed948 Kotlin: Add a warning suppression 2022-05-10 19:50:59 +01:00
Ian Lynagh
cbd265ab7a Kotlin: Add support for try statements 2022-05-10 19:50:59 +01:00
Ian Lynagh
6b5663df46 Kotlin: Handle Short and Byte literals
I don't think we need separate DB types for them
2022-05-10 19:50:59 +01:00
Ian Lynagh
f0ac63c466 Kotlin: Extend expressions test 2022-05-10 19:50:59 +01:00
Ian Lynagh
49d2e86b5e Kotlin: Accept test changes 2022-05-10 19:50:59 +01:00
Ian Lynagh
ba335b0c69 Kotlin: Add StmtExpr
In some contexts, Kotlin has what we would call a Stmt inside what we
would call an Expr. This allows us to handle this case.
2022-05-10 19:50:59 +01:00
Ian Lynagh
2ba8ccafa9 Kotlin: Make build compatible with older javac's 2022-05-10 19:50:59 +01:00
Ian Lynagh
6fd8d638a3 Kotlin: Accept test output 2022-05-10 19:50:59 +01:00
Ian Lynagh
9a886260cd Kotlin: Add support for IMPLICIT_COERCION_TO_UNIT 2022-05-10 19:50:59 +01:00
Ian Lynagh
924c615216 Kotlin: Enhance exprs test 2022-05-10 19:50:59 +01:00
Ian Lynagh
46e55f5990 Kotlin: Add support for IMPLICIT_NOTNULL 2022-05-10 19:50:59 +01:00
Ian Lynagh
d181b4b9cc Kotlin: Enhance the exprs test 2022-05-10 19:50:59 +01:00
Chris Smowton
dfa9bef5bd Fix gradle homedir search 2022-05-10 19:50:59 +01:00
Ian Lynagh
a6c504abe3 Kotlin: Add support for implicit casts 2022-05-10 19:50:59 +01:00
Ian Lynagh
62b3e07ae6 Kotlin: Accept test changes 2022-05-10 19:50:58 +01:00
Ian Lynagh
ba7a7535e9 Kotlin: Add support for more type operators 2022-05-10 19:50:58 +01:00
Ian Lynagh
d247e4fcff Kotlin: WhenBranch isn't postorder 2022-05-10 19:50:58 +01:00
Ian Lynagh
c4880cc935 Kotlin: Fix handling of non-true conditions 2022-05-10 19:50:58 +01:00
Ian Lynagh
b9d6712371 Kotlin: Update test output 2022-05-10 19:50:58 +01:00
Ian Lynagh
7f3ae94d73 Tweak the WhenExpr CFG and QL class 2022-05-10 19:50:58 +01:00
Ian Lynagh
f95934a0c5 Kotlin: Use trace (silently for now) rather than info for writing TRAP files
The on-demand "Writing trap file for: " messages are drowning out
everything else while running the tests.
2022-05-10 19:50:58 +01:00
Ian Lynagh
d6692e434a Kotlin: Add support for "is" ("instanceof") 2022-05-10 19:50:58 +01:00
Ian Lynagh
d05643fa88 Kotlin: Add library-tests/controlflow/paths test (copied from Java) 2022-05-10 19:50:58 +01:00
Ian Lynagh
e755cc92b6 Kotlin: Add controlflow/dominance test (copied from Java) 2022-05-10 19:50:58 +01:00
Ian Lynagh
aebd8edf85 Kotlin: Make library-tests/controlflow/basic quieter 2022-05-10 19:50:58 +01:00
Ian Lynagh
d0bf462a45 Kotlin: Add a copy of Java's controlflow/basic test 2022-05-10 19:50:58 +01:00
Ian Lynagh
715a92c602 Kotlin: Add CFG for when expressions 2022-05-10 19:50:58 +01:00
Chris Smowton
070c0a03f4 Add .fromSource() qualifier to tests 2022-05-10 19:50:58 +01:00
Chris Smowton
3cb68bd7be kotlin-extractor build: include Java source files 2022-05-10 19:50:58 +01:00
Chris Smowton
124dcb0e5f Update test expectations 2022-05-10 19:50:58 +01:00
Chris Smowton
4dda475a8d Fix source location column numbers 2022-05-10 19:50:58 +01:00
Chris Smowton
e65f451af6 erase: retain question-mark qualifier if present 2022-05-10 19:50:58 +01:00
Chris Smowton
48d5561c95 Use getClassLabel for Kotlin <-> Java type correspondences
Without this, the table can be non-functional due to mapping one unqualified Kotlin type onto several qualified Java types
2022-05-10 19:50:58 +01:00
Chris Smowton
f5021e8e68 Java: produce Java 8 class files for compatibility with packaged Java 11 binary 2022-05-10 19:50:58 +01:00
Chris Smowton
e5e694f7d3 Adjust Kotlin type correspondence tables when extracting a substituted type 2022-05-10 19:50:58 +01:00
Chris Smowton
12ce2d5829 Substitute Kotlin classes for Java equivalents 2022-05-10 19:50:58 +01:00
Chris Smowton
6de5a36cdc Write Java class files in gzip format
This means our names match those expected by javac
2022-05-10 19:50:58 +01:00
Chris Smowton
4a18705d73 Write .set file for source file 2022-05-10 19:50:58 +01:00
Chris Smowton
b299779750 Create Files table entries for JAR/JRT files 2022-05-10 19:50:58 +01:00
Chris Smowton
8e63d10c1f Populate Folders, containerparent tables 2022-05-10 19:50:57 +01:00
Chris Smowton
4c3b9e658b Fix trap file output paths
These should be named for the class name, not its fs location
2022-05-10 19:50:57 +01:00
Chris Smowton
debb942c0e Implement mtime and class version extraction 2022-05-10 19:50:57 +01:00
Chris Smowton
a0671cafb1 Remove trap file compression for now 2022-05-10 19:50:57 +01:00
Chris Smowton
2cc003ff0e External class extraction prototype 2022-05-10 19:50:57 +01:00
Mathias Vorreiter Pedersen
a7fe37a631 Merge pull request #9047 from geoffw0/xxe6
C++: Add support for SAX2XMLReader in the CWE-611 XXE query.
2022-05-10 19:07:35 +01:00
Tamas Vajk
e9b249855b Add gitignore to kotlin-explorer 2022-05-10 18:46:02 +01:00
Tamas Vajk
b7b506a23d Improve temp directory cleanup 2022-05-10 18:46:02 +01:00
Tamas Vajk
52341dc99f Modify build script to build both standalone and embeddable plugin variant 2022-05-10 18:46:02 +01:00
Ian Lynagh
f458745eff Kotlin: Update tests 2022-05-10 18:46:02 +01:00
Ian Lynagh
286e29cd81 Kotlin: Add exprstmt's where appropriate 2022-05-10 18:46:02 +01:00
Ian Lynagh
8704536f35 Kotlin: local variable indexes start from 1 2022-05-10 18:46:02 +01:00
Ian Lynagh
b3d459d122 Kotlin: Accept test changes 2022-05-10 18:46:02 +01:00
Ian Lynagh
8df5abaef9 Kotlin: Add localvariabledeclstmt 2022-05-10 18:46:02 +01:00
Ian Lynagh
e5e6225d57 Kotlin: Add a build.py script that uses kotlinc to build 2022-05-10 18:46:02 +01:00
Ian Lynagh
1d1b9fe805 Kotlin: Add support for more kind of literal
And a test
2022-05-10 18:46:02 +01:00
Tamas Vajk
731d601cdd Add optional dbscheme path parameter to KotlinExtractorDbScheme.kt generator 2022-05-10 18:46:02 +01:00
Tamas Vajk
48b388daf7 Remove version number from output artifact name 2022-05-10 18:46:02 +01:00
Tamas Vajk
ab102245da Add codeql-kotlin to the CODEOWNERS file 2022-05-10 18:46:01 +01:00
Ian Lynagh
14a10564f3 Kotlin: Fix File locations, and fromSource/hasSourceLocation for Kotlin code 2022-05-10 18:46:01 +01:00
Ian Lynagh
b9359bd119 Kotlin: Add a test case to be added
Found by Tamás
2022-05-10 18:46:01 +01:00
Ian Lynagh
cd41d5b9cf Kotlin: Add KotlinType to exprs 2022-05-10 18:46:01 +01:00
Ian Lynagh
63e96dffea Kotlin: Add a testcase as a comment for now, so we don't lose it 2022-05-10 18:46:01 +01:00
Ian Lynagh
45cade8ff8 Kotlin: Accept/update tests 2022-05-10 18:46:01 +01:00
Ian Lynagh
1bce9a131a Kotlin: Towards KotlinType support 2022-05-10 18:46:01 +01:00
Ian Lynagh
ca96d55476 Typo 2022-05-10 18:46:01 +01:00
Ian Lynagh
636e15f422 Kotlin: Split extractClass into extractClassSource, extractClassInstance 2022-05-10 18:46:01 +01:00
Ian Lynagh
9eadbea5cd Kotlin: Split useClass into useClassSource and useClassInstance 2022-05-10 18:46:01 +01:00
Ian Lynagh
490e803098 Kotlin: Be more specific about function parents 2022-05-10 18:46:01 +01:00
Tamas Vajk
6f3ae8da47 Improve todo comment 2022-05-10 18:46:01 +01:00
Tamas Vajk
ec889f933f Remove unneeded extraction warning 2022-05-10 18:46:01 +01:00
Tamas Vajk
1a6d693618 Implement review findings + fix ID of nested types 2022-05-10 18:46:00 +01:00
Tamas Vajk
85e713fa31 Extract generic type parameters as reference types even for primitive Kotlin types + add simplified array extraction 2022-05-10 18:46:00 +01:00
Tamas Vajk
b542769fe9 Fix constructor extraction and extract type arguments of constructor calls 2022-05-10 18:46:00 +01:00
Tamas Vajk
936c29b70c Handle star type argument 2022-05-10 18:46:00 +01:00
Tamas Vajk
8dff527a0e WIP: type arg extraction 2022-05-10 18:46:00 +01:00
Tamas Vajk
0c6e20928c Kotlin: extract type parameters 2022-05-10 18:46:00 +01:00
Tamas Vajk
db5afe84b4 Code quality improvement (fix warning) 2022-05-10 18:46:00 +01:00
Ian Lynagh
088e7adf8c Kotlin: Handle zero-width locations for generated elements 2022-05-10 18:46:00 +01:00
Tamas Vajk
76fd386055 Extract content of <obinit> methods 2022-05-10 18:46:00 +01:00
Tamas Vajk
b87c8e2529 Extract generated <obinit> method, and calls to it 2022-05-10 18:46:00 +01:00
Tamas Vajk
e31c573fb5 Remove redundant cast 2022-05-10 18:46:00 +01:00
Tamas Vajk
f18ab2e913 Reduce parameter passing, and compute label for enclosing callable on the fly 2022-05-10 18:46:00 +01:00
Tamas Vajk
13048392af Add constructor tests 2022-05-10 18:46:00 +01:00
Tamas Vajk
84e9fd8dbd Extract external types with members, so that tests don't produce DB constraint violations
The constructor of `Any` was missing. Also, previously members of external types were not extracted to not end up with DB constraint violations, but these I can't reproduce currently in tests.
2022-05-10 18:46:00 +01:00
Tamas Vajk
481c53a44d Fix merge conflict 2022-05-10 18:45:59 +01:00
Tamas Vajk
a46a9b579e Extract 'IsEnumType' 2022-05-10 18:45:59 +01:00
Tamas Vajk
5c72b52b97 Extract IrEnumConstructorCall 2022-05-10 18:45:59 +01:00
Tamas Vajk
9587e91f71 WIP: IrAnonymousInitializer/IrInstanceInitializerCall 2022-05-10 18:45:59 +01:00
Tamas Vajk
91eafafcc3 Extract delegating constructor calls 2022-05-10 18:45:59 +01:00
Tamas Vajk
661958488c Extract constructor calls 2022-05-10 18:45:59 +01:00
Ian Lynagh
2c5a2910d2 Kotlin: Add explorer 2022-05-10 18:45:59 +01:00
Tamas Vajk
5749dbf7d9 Fix package of Location 2022-05-10 18:45:59 +01:00
Tamas Vajk
ab77ed085f Add QL classes and tests for comments 2022-05-10 18:45:59 +01:00
Ian Lynagh
7d479943db Kotlin: Remove a redundant warning suppression 2022-05-10 18:45:59 +01:00
Ian Lynagh
93f6b23a91 Kotlin: Revert some now-unnecessary changes to dbscheme 2022-05-10 18:45:59 +01:00
Ian Lynagh
7eebf81ffc Kotlin: Remove some now-unnecessary casts 2022-05-10 18:45:59 +01:00
Ian Lynagh
bcbcd612a3 Kotlin: Improve the dbscheme generator
We now work out the supertype relationships based on the sets of leaf
types that are included, rather than simply following the hierarchy of
declarations. This means that we know about more supertype relationships
that exist, so there is less need to cast types.
2022-05-10 18:45:59 +01:00
Tamas Vajk
5aac46f20f Fix DB relation names to use plurals 2022-05-10 18:45:58 +01:00
Tamas Vajk
bf4fb13326 Revert extracting this and this@TYPE parameters 2022-05-10 18:45:58 +01:00
Tamas Vajk
d6ec230e2f Recognize qualified this access of outer class instance 2022-05-10 18:45:58 +01:00
Tamas Vajk
3bfc93daab Add ExtensionMethod class 2022-05-10 18:45:58 +01:00
Tamas Vajk
7d8b6bac06 Fix this and qualified this parameter extraction 2022-05-10 18:45:58 +01:00
Tamas Vajk
575e5134bb Extract 'this'-like value parameters 2022-05-10 18:45:58 +01:00
Tamas Vajk
ebee830a01 Handle type parameters which are nullable without question mark 2022-05-10 18:45:58 +01:00
Tamas Vajk
32a61c16cb Add break/continue QL and tests 2022-05-10 18:45:58 +01:00
Tamas Vajk
aa190f9d65 Store break/continue targets 2022-05-10 18:45:58 +01:00
Tamas Vajk
ae7aa30bda Extract break/continue/throw 2022-05-10 18:45:58 +01:00
Tamas Vajk
63c22ca5df Fix failing tests after changing external type declaration extraction 2022-05-10 18:45:58 +01:00
Tamas Vajk
9889f49560 Add QL for ::class expression, and add test 2022-05-10 18:45:58 +01:00
Tamas Vajk
e8a079b56a Extract all external class declarations (without members) 2022-05-10 18:45:58 +01:00
Tamas Vajk
1cc1daa88b Extract externally declared classes 2022-05-10 18:45:57 +01:00
Tamas Vajk
3e60841774 Extract ::class expressions 2022-05-10 18:45:57 +01:00
Tamas Vajk
f04eb6b1fa Add Nothing type test 2022-05-10 18:45:57 +01:00
Tamas Vajk
28afa19bf5 Change tests to select QL class name too 2022-05-10 18:45:57 +01:00
Tamas Vajk
9d76acad5c Add null extraction test 2022-05-10 18:45:57 +01:00
Tamas Vajk
f97c6af117 Extract nullable types as non-nullable 2022-05-10 18:45:57 +01:00
Tamas Vajk
fb44f1326f Extract Nothing as null 2022-05-10 18:45:57 +01:00
Tamas Vajk
f222fc6d42 Extract null literal 2022-05-10 18:45:57 +01:00
Ian Lynagh
bb3ebd7325 Kotlin: Fix warnElement counting
We were counting calls of warnElement, whereas we want to count its
callers.
2022-05-10 18:45:57 +01:00
Tamas Vajk
c64c950d9a Remove leftover comment class 2022-05-10 18:45:57 +01:00
Tamas Vajk
7ecb3650cb Cleanup getLabel 2022-05-10 18:45:57 +01:00
Tamas Vajk
48d019ebbe Fix review findings, add DB scheme for comments 2022-05-10 18:45:57 +01:00
Tamas Vajk
c23472d736 Rework and simplify comment extraction 2022-05-10 18:45:57 +01:00
Tamas Vajk
1c8be155c9 Extract comments (based on C# comments extraction with element stack) 2022-05-10 18:45:56 +01:00
Ian Lynagh
fd8dd21f75 Kotlin: Follow change in files(...) table 2022-05-10 18:45:56 +01:00
Ian Lynagh
598a2f8cb0 Kotlin: Record compilation and extraction times 2022-05-10 18:45:56 +01:00
Ian Lynagh
396b5882ef Kotlin: Add a compilations consistency query 2022-05-10 18:45:56 +01:00
Ian Lynagh
79e3cb38a8 Kotlin: Pull TrapWriter out into its own file 2022-05-10 18:45:56 +01:00
Ian Lynagh
2721f6aabf Kotlin: Pull Logger out into its own file 2022-05-10 18:45:56 +01:00
Ian Lynagh
e8d3125b40 Kotlin: Tweak a string 2022-05-10 18:45:56 +01:00
Chris Smowton
b5a8442e50 Extract type variable references
Also erase the types used to name methods; otherwise type-var labels and method labels are mutually recursive.
2022-05-10 18:45:56 +01:00
Ian Lynagh
87204f1634 Kotlin: Populate the compilation_compiling_files table 2022-05-10 18:45:56 +01:00
Ian Lynagh
dc3cc0e72e Kotlin: Refactoring: Give diagnostic messages locations and severities 2022-05-10 18:45:56 +01:00
Ian Lynagh
90eccc634b Kotlin: Refactor locations
Amongst other tidyups, we now generate correct "unknown location"s
2022-05-10 18:45:56 +01:00
Ian Lynagh
5c06ffae69 Kotlin: Use a TrapWriter for the invocation TRAP
We'll probably want to shuffle some more stuff from FileTrapWriter to
TrapWriter, but for now at least we are using the generated TRAP-writing
functions rather than writing raw TRAP.
2022-05-10 18:45:56 +01:00
Ian Lynagh
651847d202 Java/Kotlin: Enhance 'compilations' support 2022-05-10 18:45:56 +01:00
Tamas Vajk
9e4614e574 Add gitignore 2022-05-10 18:45:56 +01:00
Ian Lynagh
059d6798bb Kotlin: Tweak the definition of "eqwuivalent TRAP file"
TRAP files that only differ in their comments are equivalent
2022-05-10 18:45:55 +01:00
Ian Lynagh
c3dd35d98b Kotlin: Put temporary TRAP files in the correct directory 2022-05-10 18:45:55 +01:00
Ian Lynagh
774616450b Kotlin: Don't give stack traces for fake labels
There might be a significant performance hit for it.
2022-05-10 18:45:55 +01:00
Ian Lynagh
9bd0391c04 Kotlin: Don't fail if a file already exists in the source archive 2022-05-10 18:45:55 +01:00
Ian Lynagh
19ff50d0a6 Kotlin: Add a comment to each TRAP file linking to its invocation TRAP file 2022-05-10 18:45:55 +01:00
Ian Lynagh
4bc326ef82 Kotlin: Fix extraction when 2 invocations produce the same TRAP file
The second invocation was failing with a "file already exists" error.

I've also added a checkTrapIdentical flag, which is enabled for now.
This means that if 2 invocations write the same TRAP file, we will awrn
if they are not identical. It may be that this produces false positives,
but we can look at that if it happens.
2022-05-10 18:45:55 +01:00
Ian Lynagh
3e8f9f52a6 Kotlin: Start using invocation TRAP files 2022-05-10 18:45:55 +01:00
Ian Lynagh
71c3a64ff5 Kotlin: Simplify location extraction 2022-05-10 18:45:55 +01:00
Ian Lynagh
330727678a Kotlin: Add some location information to a warning 2022-05-10 18:45:55 +01:00
Ian Lynagh
486cff5df1 Kotlin: Add support for interfaces 2022-05-10 18:45:55 +01:00
Ian Lynagh
14e970044a Kotlin: Add some flushes
This will make it easier to see where we are if we get crashes in the
future.
2022-05-10 18:45:55 +01:00
Ian Lynagh
dbc3f29426 Kotlin: Put diagnostics in a TRAP file
Currently we just put everything in as severe with no location.
2022-05-10 18:45:55 +01:00
Ian Lynagh
a40ebd2520 Kotlin: Add support for supertypes 2022-05-10 18:45:55 +01:00
Ian Lynagh
d10024e7e9 Kotlin: Don't make a *Kt class unless we need one 2022-05-10 18:45:54 +01:00
Chris Smowton
c6deabd6a3 Update path to Java dbscheme
This changed when the Java tree was restructured for packaging
2022-05-10 18:45:54 +01:00
Ian Lynagh
f29a45ea98 Kotlin: Add getAPrimaryQlClass.ql consistenty check 2022-05-10 18:45:54 +01:00
Ian Lynagh
4837e4e46a Kotlin: More top-level stuff 2022-05-10 18:45:54 +01:00
Ian Lynagh
f0e2de1fa9 Kotlin: Add file classes
Kotlin invents a class for each file that has a top-level
functionp/property, so that Java can use them.
2022-05-10 18:45:54 +01:00
Ian Lynagh
ed2c6e68ea Kotlin: Function calls 2022-05-10 18:45:54 +01:00
Ian Lynagh
94eefbff17 Kotlin: Add IrContainerExpression 2022-05-10 18:45:54 +01:00
Ian Lynagh
e7cabfb965 Kotlin: Add assign exprs 2022-05-10 18:45:54 +01:00
Ian Lynagh
a64fedf764 Kotlin: When expressions 2022-05-10 18:45:54 +01:00
Ian Lynagh
bbb9d013e0 Kotlin: Escape TRAP strings 2022-05-10 18:45:54 +01:00
Ian Lynagh
f85cf27df8 Kotlin: Better logging infrastructure 2022-05-10 18:45:54 +01:00
Ian Lynagh
4ae7d19235 Kotlin: More expressions 2022-05-10 18:45:54 +01:00
Ian Lynagh
bb89b25e91 Kotlin: More expressions 2022-05-10 18:45:54 +01:00
Ian Lynagh
1de12e72d4 Kotlin: More expressions 2022-05-10 18:45:53 +01:00
Ian Lynagh
90161b9e9d Kotlin: Add more expressions 2022-05-10 18:45:53 +01:00
Ian Lynagh
492dc3dfb3 Kotlin: More tests (of unhandled expressions) 2022-05-10 18:45:53 +01:00
Ian Lynagh
b4bc40630f Kotlin: More expressions 2022-05-10 18:45:53 +01:00
Ian Lynagh
14a46b08b5 Kotlin: Variable accesses 2022-05-10 18:45:53 +01:00
Ian Lynagh
4c8ff16552 Kotlin: Fixes 2022-05-10 18:45:53 +01:00
Ian Lynagh
3daec4376f Kotlin: Variable initialisers 2022-05-10 18:45:53 +01:00
Ian Lynagh
f5e2826b9f Kotlin: Accept test changes 2022-05-10 18:45:53 +01:00
Ian Lynagh
4ba13d3663 Kotlin: Extract parameters 2022-05-10 18:45:53 +01:00
Ian Lynagh
799cf64fd2 Kotlin: Local variables 2022-05-10 18:45:53 +01:00
Ian Lynagh
46add88bb5 Kotlin: Add more types 2022-05-10 18:45:53 +01:00
Ian Lynagh
1c39f001e5 Kotlin: Add variables test 2022-05-10 18:45:53 +01:00
Ian Lynagh
b91660a0f0 Kotlin: Extract properties 2022-05-10 18:45:53 +01:00
Ian Lynagh
97722faee9 Kotlin: Add do/while loops 2022-05-10 18:45:52 +01:00
Ian Lynagh
0c429e4f80 Kotlin: Add blocks 2022-05-10 18:45:52 +01:00
Ian Lynagh
a8a6b4c09f Kotlin: Move some expressions to the right place 2022-05-10 18:45:52 +01:00
Ian Lynagh
b25ea03211 Kotlin: Add while statements 2022-05-10 18:45:52 +01:00
Ian Lynagh
00cff5593f Kotlin: Fix the tests
The handling of Unit is very kludgy at the moment. Will need rethinking.
2022-05-10 18:45:52 +01:00
Ian Lynagh
f0903726bf Kotlin: Add some if-stmt support 2022-05-10 18:45:52 +01:00
Ian Lynagh
d48739cc92 Kotlin: Check a call actually is an addition 2022-05-10 18:45:52 +01:00
Ian Lynagh
9a75ca7f62 Kotlin: Identify the int type better 2022-05-10 18:45:52 +01:00
Ian Lynagh
f608384085 Kotlin: Add a "bug" case 2022-05-10 18:45:52 +01:00
Ian Lynagh
b68178e8cc Kotlin: Handle enums better when generating dbscheme 2022-05-10 18:45:52 +01:00
Ian Lynagh
5f991653c1 Kotlin: Generate type aliases for dbscheme 2022-05-10 18:45:52 +01:00
Ian Lynagh
dbef421204 Kotlin: Generate dbscheme deterministically 2022-05-10 18:45:52 +01:00
Ian Lynagh
afea1871a7 Java: Add a variables consistency query 2022-05-10 18:45:52 +01:00
Ian Lynagh
15be80631f Java: Add a consistency test for expressions
They should have exactly 1 Type.
2022-05-10 18:45:52 +01:00
Ian Lynagh
bbbd5d78a7 Java: Add toString consistency query 2022-05-10 18:45:51 +01:00
Ian Lynagh
06d9d305c2 Java: More consistency queries 2022-05-10 18:45:51 +01:00
Ian Lynagh
b2acb7d7a1 Add a consistency query 2022-05-10 18:45:51 +01:00
Ian Lynagh
03d5646c19 Kotlin: Add stmt/expr support 2022-05-10 18:45:51 +01:00
Ian Lynagh
49a4e479da Kotlin: Extract methods 2022-05-10 18:45:51 +01:00
Ian Lynagh
6dd1027315 Kotlin: Refactoring 2022-05-10 18:45:51 +01:00
Ian Lynagh
fb26859425 Kotlin: Suppress an unchecked cast warning
I don't think we can easily do better here.
2022-05-10 18:45:51 +01:00
Ian Lynagh
4e27da33e4 Kotlin: Tweak generator 2022-05-10 18:45:51 +01:00
Ian Lynagh
d28059a1c0 Kotlin: Generate a module from the dbscheme 2022-05-10 18:45:51 +01:00
Ian Lynagh
4721ccd965 Kotlin: Add tests 2022-05-10 18:45:51 +01:00
Ian Lynagh
f15c6dede1 Kotlin: Get extractor working in a Java context 2022-05-10 18:45:51 +01:00
Ian Lynagh
e3ecf4c52d Kotlin: Add kotlin-extractor 2022-05-10 18:45:51 +01:00
Rasmus Wriedt Larsen
c890f9c4ac Python: Fix change-note 2022-05-10 18:08:43 +02:00
Rasmus Wriedt Larsen
f68b281762 Python: Add change-note 2022-05-10 18:04:52 +02:00
Rasmus Wriedt Larsen
7e87e18b32 Python: Adjust name/description/select of PamAuthorization.ql
Thought that calling out the actual vulnerability would make things
easier for our end users :)
2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen
c84f693151 Python: Adjust PamAuthorization examples
They did not have proper formatting (only 2 spaces), and I restructured
them a bit more so they look like code in the wild
2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen
0c534444ad Python: Format .qhelp file
99% of our .qhelp files have manually wrapped lines, so just wanted to
keep things consistent
2022-05-10 17:59:21 +02:00
Cornelius Riemenschneider
7c10f3e76b C#: Lua tracing config: Use API function. 2022-05-10 14:38:53 +00:00
Chris Smowton
c0fbd03133 Add qldoc for getTermInIntersection 2022-05-10 14:52:10 +01:00
Chris Smowton
3129c3dd69 Remove commented-out debug code 2022-05-10 14:52:10 +01:00
Chris Smowton
d330033908 Make objects-map-changed warning non-fatal 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
3c4b5202e3 Fix type aliases for instantiated generic types 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
d098bdc7f8 Reintroduce noinlined predicate to fix performance 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
ac081dc47a Make TypeParamParent map global 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
8477053c90 Test calling generic functions from other files 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
7f1f428b41 Remove invalid code in test
"type declarations inside generic functions are not currently supported"
2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
aa62fabe26 Fix another place where type could be nil 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
06d139848d Fix panic when type is unknown 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
2e8b9a9a7d Fix extractor crash when missing type information 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
ba147e8661 Test calls through variables
The tests which involve a flow through a receiver with a non-trivial access path
currently don't give the right result. This should be
fixed in a follow-up issue.
2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
4a9aeacb69 Find callee through function instantiation 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
3790c4eb4d Control flow for generic function instantiations 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
0dee215e8c Update CodeQL tests to go 1.18.1 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
a8a351f6ae Improve comment 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
20562cb43d Add missing this. to member predicate calls 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
5257c4ab45 Add control flow test 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
26d4acd3b6 generic function instantions aren't type exprs 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
ce9c9cfe9d CallExpr.getCalleeExpr should get uninstantiated function 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
7a7ca619b3 Add data flow tests for generic structs, methods and functions 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
4e71ab5cfc Update comment above first extraction of packages 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
25b91d8155 Update tests 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
8c15199ca9 Use generic struct field not instantiated one in Uses
We do not extract instantiated named types, and instead use the generic
type. But fields of the underlying struct of an instantiated named types
are obtained from the Uses map. We solve this keeping track of which
objects should be overridden by which other objects.
2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
8276ca04b4 Use generic method not instantiated one in Uses 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
253ca2bb67 Address review comments 2 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
59aa7426ec Add comments about entities without a parent scope 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
9abc7ea617 Address review comments 1 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
4828430fd4 Extract all object types before emitting them
Note that `extractObjectType` calls `extractType` which may add
additional objects to the list that `ForEachObject` loops over, so
we should emit object types as a second pass.
2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
4fa972fdc5 Rename variable for clarity 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
1da5399652 Fix obvious test failures 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
0194eb98d7 Add an upgrade and downgrade script 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
4d9937d1c6 Add tests 2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
63d1663eb2 bug fix: label pointer-typed receivers correctly
We were trying to convert the object's type to a named type
to iterate through its methods, forgetting that it could also be
a pointer to a named type.

This bug was exposed because we no longer extract an object's
type before extracting it (unless it is a receiver), and when we
extracted a named type we extract its methods and when
extracting a method we extract its receiver and we always give
it the correct label in that situation.
2022-05-10 14:52:10 +01:00
Owen Mansel-Chan
92c331402d Extract type parameters in types, not just decls 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
213fa1fec2 Break out of loop when a match has been found 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
982f11f8c7 Make ScopedObjectID take a function
This is so that ExtractType() won't be called except in the case
of a receiver variable, which is important for extracting type
parameters.
2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
f908a6f1dc Rename parm to param for clarity 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
1e08201632 Extract type param declarations 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
3510f2cdcd Support non-basic interfaces in extractor 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
a05a525755 Extract generic type instantiations to new table 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
e84db95f9c Extract generic function instantiations to new table 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
b8ab46d969 Add QL class for type parameter types 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
3952b1c07a Extract type parameter types (and update dbscheme) 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
f7dcb11816 Extract uninstantiated generic types only 2022-05-10 14:52:09 +01:00
Owen Mansel-Chan
7f0a37913f Use Go 1.18 2022-05-10 14:52:09 +01:00
Mathias Vorreiter Pedersen
1d10f14629 Merge pull request #9100 from redsun82/swift-tbd-rework
Swift: changes required for TBD node rework
2022-05-10 13:31:43 +01:00
Rasmus Wriedt Larsen
2b6e0cfb44 Merge pull request #8340 from yoff/python/simple-csrf
python: minimal CSRF implementation
2022-05-10 13:36:38 +02:00
Rasmus Wriedt Larsen
cb17e2a649 Merge pull request #8595 from porcupineyhairs/pypam
Python : Add query to detect PAM authorization bypass
2022-05-10 13:35:12 +02:00
Erik Krogh Kristensen
09360bce20 Merge pull request #9085 from erik-krogh/cash
JS: add model for the cash library
2022-05-10 13:20:57 +02:00
Paolo Tranquilli
bf71e4c500 Swift: getPrimaryQlClass -> getAPrimaryQlClass 2022-05-10 12:42:18 +02:00
Tom Hvitved
712fe002b9 Data flow: Sync files 2022-05-10 12:41:10 +02:00
Tom Hvitved
bfabfc3601 Data flow: Add Configuration::includeHiddenNodes() 2022-05-10 12:40:46 +02:00
Paolo Tranquilli
0b9dc9703f Swift: changes required for TBD node rework
These changes are required to allow a new type-safe approach to TBD
nodes, that will come in a separate commit.

This introduces:
* the possibility to add properties to the root `Element`
* a functor taking tags to the corresponding binding trap entry
* `hasProp()` methods for optional properties in QL
* `getPrimaryQlClass()` method
2022-05-10 11:59:25 +02:00
Rasmus Lerchedahl Petersen
aa3d7babf4 python: fix bad merge
caused by an optimistic attempt at solving a
merge conflict in the online GUI.
2022-05-10 11:37:41 +02:00
Rasmus Wriedt Larsen
2421076d2f Merge pull request #8696 from RasmusWL/new-nosql-examples
Python: Improve experimental modeling for `pymongo`
2022-05-10 11:03:05 +02:00
yoff
6c3e2db7fd Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00
Cornelius Riemenschneider
7aa3d0fd26 Merge pull request #9091 from github/criemen/dotnet-lua-tracing-config
C#: Port the existing compiler-tracing.spec files to Lua.
2022-05-10 10:54:20 +02:00
Anders Schack-Mulligen
f85e06c2e4 Dataflow: Sync. 2022-05-10 10:12:39 +02:00
Cornelius Riemenschneider
40503aa368 Address review. 2022-05-10 08:06:25 +00:00
Harry Maclean
a6cab022f6 Ruby: Add missing import 2022-05-10 17:32:01 +12:00
Harry Maclean
7b63493fa9 Ruby: Fix identification IO.open args 2022-05-10 17:32:00 +12:00
Harry Maclean
79c6dc1af0 Refactor IO/File modelling
The main goal here is to get rid of the duplicate definitions of module
`IO`, which currently exist in both `frameworks/core/IO.qll` and
`frameworks/Files.qll`.

We do this by moving the classes inside `Files::IO` to `core/IO.qll`,
but moving most of the actual definitions of those classes to an
internal module `core.internal.FileOrIO`. This means both `Files.qll`
and `IO.qll` can depend on them without leaking them to end users.
2022-05-10 17:32:00 +12:00
Harry Maclean
2d12ad6238 Ruby: Model IO.popen
This method is very similar to `Kernel.system`: it executes its
arguments as a system command in various ways.
2022-05-10 17:32:00 +12:00
yoff
b6605bc330 Merge pull request #8634 from RasmusWL/promote-xxe
Python: Promote XXE and XML-bomb queries
2022-05-09 21:54:55 +02:00
Rasmus Lerchedahl Petersen
1c7e533144 python: format 2022-05-09 21:22:27 +02:00
Erik Krogh Kristensen
e80ee46fe4 add model for the cash library 2022-05-09 21:01:07 +02:00
Mathias Vorreiter Pedersen
66ca01a717 Merge pull request #9094 from redsun82/swift-codegen-predicate-properties
Swift codegen: add predicate properties
2022-05-09 17:17:10 +01:00
luchua-bc
75e7148912 Standardize the query and update qldoc 2022-05-09 16:10:11 +00:00
Paolo Tranquilli
c08e6fdc1e Swift codegen: add predicate properties
Properties marked with `predicate` in the schema are now accepted.

* in the dbscheme, they will translate to a table with a single `id`
  column (and the table name will not be pluralized)
* in C++ classes, they will translate to `bool` fields
* in QL classes, they will translate to predicates

Closes https://github.com/github/codeql-c-team/issues/1016
2022-05-09 17:50:49 +02:00
Paolo Tranquilli
effa9ee207 Merge pull request #9034 from redsun82/swift-cpp-gen
Swift: add structured C++ generated classes
2022-05-09 17:49:23 +02:00
Geoffrey White
265500faa8 Merge pull request #8800 from geoffw0/unsafeput
C++: Add a test for experimental query NoCheckBeforeUnsafePutUser.ql.
2022-05-09 16:20:19 +01:00
Rasmus Lerchedahl Petersen
2a5908ff49 python: require all settings be vulnerable
at least all thos not in tests
2022-05-09 17:08:49 +02:00
Cornelius Riemenschneider
bf0e32ae82 C#: Port the existing compiler-tracing.spec files to Lua. 2022-05-09 14:45:34 +00:00
Rasmus Wriedt Larsen
4a6789182d Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-05-09 16:37:12 +02:00
Anders Schack-Mulligen
135d7f6e32 Dataflow: Prune more cons-candidates. 2022-05-09 16:21:12 +02:00
Anders Schack-Mulligen
1b0e9d5cd7 Dataflow: Fix join order in nodeMayUseSummary. 2022-05-09 16:21:12 +02:00
Henry Mercer
3c4715928e Merge pull request #9083 from github/henrymercer/fetch-codeql-with-gh-cli
Actions: Fetch CodeQL CLI using `gh` rather than third-party Action
2022-05-09 14:40:29 +01:00
Anders Schack-Mulligen
f24364d951 Merge pull request #9045 from hvitved/dataflow/subpaths-perf-take2
Data flow: Speedup `subpaths` predicate (take 2)
2022-05-09 15:39:11 +02:00
Henry Mercer
71d1069a0a Fix typo 2022-05-09 14:31:05 +01:00
Henry Mercer
198c96982c Add a comment to explain the unusual Action path 2022-05-09 14:30:41 +01:00
CodeQL CI
e099b94cc4 Merge pull request #9081 from asgerf/js/global-step-refactor
Approved by erik-krogh
2022-05-09 06:30:37 -07:00
Rasmus Wriedt Larsen
c218162104 Merge branch 'main' into pypam 2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen
ab1252d196 Python: Add @precision high for py/pam-auth-bypass 2022-05-09 14:19:40 +02:00
Geoffrey White
85cc9b8901 C++: Use getClassAndName. 2022-05-09 13:06:44 +01:00
Geoffrey White
28dca3fa9f Merge pull request #8245 from ihsinme/ihsinme-patch-67
CPP: Add query for CWE-476: NULL Pointer Dereference when using exception handling blocks
2022-05-09 12:26:20 +01:00
Geoffrey White
9709c2fa94 C++: Use compliant PascalCase / make the checks happy. 2022-05-09 11:58:57 +01:00
Henry Mercer
804ca3e1a7 Actions: Fetch CodeQL CLI using gh rather than third-party Action 2022-05-09 11:42:01 +01:00
Erik Krogh Kristensen
53b26eba17 Merge pull request #8724 from erik-krogh/postMessage
JS: promote the `js/missing-origin-verification` query
2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen
fe1e47bc17 Merge pull request #8710 from bananabr/dragAndDrop
JS: drag and drop API Xss sources
2022-05-09 12:22:28 +02:00
Erik Krogh Kristensen
611a412f2a Merge pull request #8990 from bananabr/selection
JS: Selection API DOM text source
2022-05-09 12:22:18 +02:00
Paolo Tranquilli
93f8b6b29d Swift: add missing trap_affix 2022-05-09 12:20:22 +02:00
Paolo Tranquilli
20317a280b Swift: make width fields unsigned 2022-05-09 12:19:52 +02:00
thibaut hansmann
f3f2e59472 C/C++ : Fix remove the useless variable 2022-05-09 12:01:42 +02:00
Asger F
88b5bbe024 JS: Update test expectation 2022-05-09 11:55:07 +02:00
Rasmus Wriedt Larsen
de05b108fa Python: Fix singleton set 2022-05-09 11:01:13 +02:00
Rasmus Wriedt Larsen
36349222a9 Python: Fix casing of XMLDomParsing 2022-05-09 11:00:25 +02:00
Rasmus Wriedt Larsen
f22bd039f3 Python: Slight refactor of LxmlParsing 2022-05-09 10:56:39 +02:00
Rasmus Wriedt Larsen
f5854f33da Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-05-09 10:53:25 +02:00
Michael Nebel
9a45949e8c Merge pull request #9044 from michaelnebel/csharp/flowsummariestest
C#: Flow summaries test should print, whether a summary is generated or not.
2022-05-09 10:06:19 +02:00
Michael Nebel
1401e7ddb3 Merge pull request #8855 from michaelnebel/csharp/singlereadstore
C#: Only allow two read and two store steps in model capturing.
2022-05-09 10:05:53 +02:00
Paolo Tranquilli
9c5b2d7e9d Swift: tweaks for use in the PoC branch 2022-05-09 09:46:47 +02:00
Paolo Tranquilli
918ba1b1fc Swift: make generator.run accept options 2022-05-09 09:34:49 +02:00
AlexDenisov
c21849bb2e Merge pull request #9015 from redsun82/swift-enable-dynamic-library
Swift: enable dynamic mode
2022-05-09 09:15:37 +02:00
AlexDenisov
fe72dfe7d4 Merge pull request #9028 from redsun82/swift-trapgen
Swift: add `trapgen` unit tests
2022-05-09 09:15:22 +02:00
Paolo Tranquilli
6cbfb5a10c Swift cppgen: emit final trap before bases 2022-05-09 09:02:20 +02:00
Michael Nebel
83aa65ff53 C#/Java: Remove redudandant QL comment in CaptureModel. 2022-05-09 07:36:41 +02:00
Michael Nebel
76fd424795 C#: Turn isAutogenerated predicate into a predicate without result. 2022-05-09 07:30:06 +02:00
Michael Nebel
9b855c30cc Merge pull request #9043 from michaelnebel/csharp/xml-injection-path
C#: Convert xml injection query to a path problem.
2022-05-09 07:18:01 +02:00
Marcono1234
c760d39d59 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-05-09 00:28:19 +02:00
Marcono1234
36f56b5a18 Java: Rename StmtExpr to ValueDiscardingExpr
As mentioned by aschackmull during review, StatementExpression as defined
by the JLS only lists possible types of expressions, it does _not_ specify
that their value is discarded. Therefore, for example any method call could
be considered a StatementExpression.

The name ValueDiscardingExpr was chosen as replacement because the JLS uses
the phrase "if the expression has a value, the value is discarded" multiple
times.
2022-05-09 00:27:15 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1
Post-release preparation for codeql-cli-2.9.1
2022-05-06 13:15:17 +01:00
Mathias Vorreiter Pedersen
ef7363c48e Merge pull request #732 from github/post-release-prep/codeql-cli-2.9.1
Post-release preparation for codeql-cli-2.9.1
2022-05-06 13:15:10 +01:00
github-actions[bot]
fea657ce01 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:56 +00:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
ihsinme
b98ddc72f5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 21:05:22 +03:00
Paolo Tranquilli
a7129c1f4c Swift: add --ql-format/--no-ql-format to codegen 2022-05-05 18:33:05 +02:00
ihsinme
6dec1182bf Update DangerousUseOfExceptionBlocks.expected 2022-05-05 19:17:31 +03:00
ihsinme
185a60f034 Update test.cpp 2022-05-05 19:16:54 +03:00
Geoffrey White
453dadea1a C++: Fix QLDoc. 2022-05-05 16:43:31 +01:00
ihsinme
2d4d7aa094 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 18:40:29 +03:00
Geoffrey White
6b5a1921dd C++: Support the SAX2XMLReader interface. 2022-05-05 16:35:21 +01:00
Paolo Tranquilli
b2b5fd281f Swift: add more parametrization
This enables codegen to run on the swift PoC branch.
2022-05-05 17:34:00 +02:00
Geoffrey White
c4bc7050a9 C++: Additional test cases. 2022-05-05 16:26:09 +01:00
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs
Java: Improvements to UnsafeAndroidAccess
2022-05-05 16:46:54 +02:00
Paolo Tranquilli
ac3cceab19 Swift: turn some generated paths to relative 2022-05-05 16:15:16 +02:00
Paolo Tranquilli
7bcc5db4a6 Swift: parametrize namespace and other things in codegen
This is so that we can use this in the PoC branch.
2022-05-05 16:01:54 +02:00
thibaut hansmann
3006935141 C/C++ : FIx the research for UInt16, 32 and 64 + Fix 2 first line of the query 2022-05-05 15:22:50 +02:00
thibaut hansmann
c15c216c47 C/C++ : change Variable and ArrayType name + Add detection for Uint 32 and 64 2022-05-05 14:27:50 +02:00
Tom Hvitved
04cc73823d Java: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
Tom Hvitved
2972af2602 C#: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
Tom Hvitved
2e780154e2 Ruby: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
yoff
6169ac6122 Merge pull request #7776 from RasmusWL/django-filefield-uploadto
Python: Support Django FileField.upload_to
2022-05-05 14:25:08 +02:00
Erik Krogh Kristensen
58db9226dc add missing word in qhelp 2022-05-05 14:24:45 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
Tom Hvitved
de6e2c95e7 Data flow: Speedup subpaths predicate (take 2) 2022-05-05 13:36:08 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Michael Nebel
a8556f4d50 C#: Make sure that test output prints whether the summary is generated or not. 2022-05-05 13:07:22 +02:00
Erik Krogh Kristensen
2d7c7ff372 apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-05-05 13:03:35 +02:00
Asger F
c4d597d60f JS: Enumerate type-tracking steps through global access paths 2022-05-05 12:59:10 +02:00
ihsinme
75244effc5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 13:27:17 +03:00
Erik Krogh Kristensen
0c0e280637 update the qhelp to mention that the GITHUB_TOKEN only sometimes has write-access 2022-05-05 12:12:29 +02:00
Paolo Tranquilli
c87fb4df53 Swift: remove now unused ql.Property.params 2022-05-05 12:01:13 +02:00
Mathias Vorreiter Pedersen
6f9752ead1 Merge pull request #9019 from geoffw0/xxe4
C++: More XXE Tests
2022-05-05 10:59:40 +01:00
Michael Nebel
e416a0629a C#: Add isAutoGenerated predicate to SummarizedCallable. 2022-05-05 11:54:04 +02:00
Paolo Tranquilli
9798d8ba26 Swift: add ?* modifier to schema specification
This indicates a list of optional entries. This is different than
simply repeatind entries because of the indexing.
2022-05-05 11:50:12 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs
Python: Clarify `getArg` is about positional arguments
2022-05-05 11:28:17 +02:00
Erik Krogh Kristensen
c0152a46bc rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse 2022-05-05 11:02:47 +02:00
Arthur Baars
25d9ffd18c Merge pull request #9033 from github/aibaars/atm-label
JS: exclude ATM folder from labeler
2022-05-05 10:53:39 +02:00
Michael Nebel
13f142f143 C#: Convert xml injection query to a path problem. 2022-05-05 10:43:23 +02:00
Erik Krogh Kristensen
dc1dc2a33a parse the uses field in the getters instead of the charpred 2022-05-05 10:40:08 +02:00
Erik Krogh Kristensen
9ea0f71581 convert TODO to a note in Actions::Uses 2022-05-05 10:28:00 +02:00
Erik Krogh Kristensen
1f00ba812a move YAMLMappingLikeNode to the standard library 2022-05-05 10:22:52 +02:00
Jonas Jensen
d747c6eaa9 Merge pull request #8930 from jbj/lower-case-variables-spec
QL language reference: variables must be lowerId
2022-05-05 10:02:16 +02:00
Paolo Tranquilli
c2d3aac349 Swift: fix no functools.cache in python 3.8 2022-05-05 09:48:07 +02:00
Michael Nebel
21eb5a1db5 Merge pull request #8894 from michaelnebel/csharp/upgrade-dotnet
C#: Upgrade dotnet to 6.0.202.
2022-05-05 09:42:23 +02:00
Erik Krogh Kristensen
bf6663ab12 run the autoformatter 2022-05-05 09:16:27 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content
Data flow: Introduce `expectsContent`
2022-05-05 09:01:40 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Daniel Santos
33e85f8db8 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-04 11:43:56 -05:00
Paolo Tranquilli
d5d1eb717d Swift: add structured C++ generated classes
This adds `cppgen`, creating structured C++ classes mirroring QL classes
out of `schema.yml`.

An example of generated code at the time of this commit can be found
[in this gist][1].

[1]: https://gist.github.com/redsun82/57304ddb487a8aa40eaa0caa695048fa

Closes https://github.com/github/codeql-c-team/issues/863
2022-05-04 18:20:25 +02:00
Paolo Tranquilli
10c5c8e71f Swift: add trapgen unit tests
Closes: https://github.com/github/codeql-c-team/issues/981
2022-05-04 18:20:06 +02:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
c7d30087d1 Fix issue with named backrefs; add needed import 2022-05-04 15:41:42 +01:00
Joe Farebrother
2d82dfba38 Reorder backreference predicates 2022-05-04 15:41:41 +01:00
Joe Farebrother
9078e13f1c Apply reveiw suggestions
- make java imports private
- qdoc fixes
- reorder predicates
- simplifications
2022-05-04 15:41:41 +01:00
Joe Farebrother
b854a2185e Fix use of sinkModel 2022-05-04 15:41:41 +01:00
Joe Farebrother
b08f22c24d Remove unnecassary import 2022-05-04 15:41:41 +01:00
Joe Farebrother
66ab2bca75 Update PrintAst test output 2022-05-04 15:41:41 +01:00
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
2a80540157 Sync shared files 2022-05-04 15:41:40 +01:00
Joe Farebrother
5e3ba130dc Add a test for deeply nested sequences 2022-05-04 15:41:40 +01:00
Joe Farebrother
4ed2e8d1fd Update tests to account for only regexes with quantifiers being considered 2022-05-04 15:41:40 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
2022-05-04 15:41:39 +01:00
Joe Farebrother
0f606d987d Remove redundant super call.
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-05-04 15:41:39 +01:00
Joe Farebrother
522a8aff6f Fix filename case 2022-05-04 15:41:39 +01:00
Joe Farebrother
3d65a9cafc Update shared files 2022-05-04 15:41:39 +01:00
Joe Farebrother
375ded4ede Move check to exlude test cases so that it also covers exponential redos 2022-05-04 15:41:39 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
04edc10f1e Exclude regexes from test code 2022-05-04 15:41:38 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
c1290d9e2b Sync shared redos library files. 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string
Also some fixes and additional tests
2022-05-04 15:41:38 +01:00
Joe Farebrother
0a5268aeb4 Sync shared library changes across languages. 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack.
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
5ba6bafbef Use occursInRegex more ccnsistently throughout 2022-05-04 15:41:37 +01:00
Chris Smowton
f5809a7440 ReDoS performance fixes 2022-05-04 15:41:37 +01:00
Joe Farebrother
2d963176bf Fix change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
9bd3916800 Add change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00
Joe Farebrother
5364001aa2 Update docs to be about Java 2022-05-04 15:41:36 +01:00
Joe Farebrother
c312b4b6b0 Add missing qldoc 2022-05-04 15:41:36 +01:00
Joe Farebrother
57ba8a4d1b Improve handling of hex escapes; and support some named character classes 2022-05-04 15:41:36 +01:00
Joe Farebrother
5143585080 Fix to PolynomialRedos not finding results and to test cases not finding that 2022-05-04 15:41:36 +01:00
Joe Farebrother
91887ab229 Sync shared files 2022-05-04 15:41:36 +01:00
Joe Farebrother
e23162d91b Add test cases for PolynomialRedos dataflow logic; make fixes 2022-05-04 15:41:35 +01:00
Joe Farebrother
5a4316d945 Add test cases for exponential redos query 2022-05-04 15:41:35 +01:00
Joe Farebrother
457cf41825 Support more escaped characters 2022-05-04 15:41:35 +01:00
Joe Farebrother
4b845d5dac Move test cases to their own directory to avoid conflict 2022-05-04 15:41:35 +01:00
Joe Farebrother
9f4da65030 Improve calculation of locations of regex terms 2022-05-04 15:41:35 +01:00
Joe Farebrother
dd200e29d4 Improve char set depth calculation 2022-05-04 15:41:35 +01:00
Joe Farebrother
e797d2195c Topologically sort RegexString 2022-05-04 15:41:34 +01:00
Joe Farebrother
bc109521aa Simplify octal handling 2022-05-04 15:41:34 +01:00
Joe Farebrother
9e88c67c19 Add more test cases; make some fixes 2022-05-04 15:41:34 +01:00
Joe Farebrother
aa1337db86 Apply style suggestions from code review 2022-05-04 15:41:34 +01:00
Joe Farebrother
e954db293a Convert snake case predicates to camel case 2022-05-04 15:41:34 +01:00
Joe Farebrother
5b61de67de Implement style/doc suggestions from code review 2022-05-04 15:41:33 +01:00
Joe Farebrother
28649da187 Add parser tests; fix some parser issues.
[temporarily renamed existing regex/Test.java during rebasing to avoid conflict]
2022-05-04 15:41:33 +01:00
Joe Farebrother
8e1918216e Add PrintAst support for regex terms 2022-05-04 15:41:33 +01:00
Joe Farebrother
ca422a2186 Use explicit this 2022-05-04 15:41:33 +01:00
Joe Farebrother
f9f7a01f57 Add Java ReDoS libraries to identical-files.json 2022-05-04 15:41:33 +01:00
Joe Farebrother
11e465f2ac Implement remaining syntax differences 2022-05-04 15:41:33 +01:00
Joe Farebrother
7530902ad7 Add approximate support for nested character classes.
This shouldn't fail to parse on any correctly formed character class; but may give incorrect contents when nested classes are involved.
2022-05-04 15:41:33 +01:00
Joe Farebrother
d04c99b0be Support quote sequences 2022-05-04 15:41:32 +01:00
Joe Farebrother
59945cd8b3 Add dataflow logic to PolynomialRedDoS 2022-05-04 15:41:30 +01:00
Joe Farebrother
37240f01d2 Copy Redos queries from python
Todo: Implement dataflow for polynomialredos; update docs to reference java rather than python
2022-05-04 15:40:58 +01:00
Joe Farebrother
a8f7a4459e Port redos libraries from Python 2022-05-04 15:40:56 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf
Data flow: Speedup `subpaths` predicate
2022-05-04 16:37:52 +02:00
Erik Krogh Kristensen
0d8bef7e92 Merge pull request #6736 from erik-krogh/polyReplace
JS: track flow through string replace calls that just replace single chars for js/polynomial-redos
2022-05-04 16:30:20 +02:00
Erik Krogh Kristensen
8425eaf919 Merge pull request #8549 from erik-krogh/unreachableJoin
JS: fix bad join in js/unreachable-method-overloads
2022-05-04 16:28:06 +02:00
Erik Krogh Kristensen
b4d4b51bc7 Merge pull request #8147 from erik-krogh/cacheReg
JS: cache RegExpCreationNode::getAReference
2022-05-04 16:25:25 +02:00
Arthur Baars
c7b2da5e39 JS: exclude ATM folder from labeler 2022-05-04 16:16:19 +02:00
Erik Krogh Kristensen
8e2b00d209 make the big disjunctions more readable by using a set literal 2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen
31a4de902e add missing security severity 2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen
7530923af3 add missing qldoc 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
d8cc82bdb1 add change-note 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
df4bfef8c7 expand the qhelp for js/actions/injection 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
48fb01f9f7 set js/actions/injection as a high precision warning query 2022-05-04 16:14:54 +02:00
Erik Krogh Kristensen
2a65d1d3ec move js/actions/injection out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
fc6eedd07a generalize the file pattern for github/actions related YAML 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
bc470b89f1 leave a deprecated alias for Actions.qll 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
9db67d4988 move the Actions API out of experimental 2022-05-04 16:14:19 +02:00
Rasmus Wriedt Larsen
7bd7bedb1b Ruby: Simplify isLocalSourceNode implementation
The need for `SynthReturnNode` goes away if we don't restrict the nodes
that can't be reached from another entry definition or expression to be
`ExprNode`s
2022-05-04 16:12:20 +02:00
Nick Rolfe
5f59e96fa9 Merge pull request #8975 from github/nickrolfe/flow_summary_joins 2022-05-04 14:24:45 +01:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tom Hvitved
7f7742216c Address review comment
This reverts commit 2b4fde74bb.
2022-05-04 14:49:03 +02:00
Nick Rolfe
276f8d40f9 Ruby: add comments to address review feedback 2022-05-04 12:07:46 +01:00
Mathias Vorreiter Pedersen
f499f8e946 Merge pull request #9029 from redsun82/swift-codeowners
Swift: set @github/codeql-c as owner
2022-05-04 11:34:51 +01:00
Tony Torralba
2d3b15f936 Add more taint models 2022-05-04 12:32:59 +02:00
Michael Nebel
5f1a176a02 Java: Sync CaptureModels implementation to only allow at most two reads and two stores. 2022-05-04 12:29:57 +02:00
Michael Nebel
a488d6b80c C#: Add an initial flow state to the model generator. 2022-05-04 12:27:34 +02:00
Tony Torralba
8601137602 Fix bad join order by moving WebViewRef::getAnAccess from callsites into predicates 2022-05-04 11:58:47 +02:00
Owen Mansel-Chan
570d3f47c4 Use os.Stat instead of os.File.Stat 2022-05-04 10:11:53 +01:00
Tony Torralba
3b1210eacb Update java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll
Co-authored-by: Chris Smowton <smowton@github.com>
2022-05-04 10:53:31 +02:00
Tony Torralba
192017635a Update java/ql/src/change-notes/2022-03-24-unsafe-android-access-improvements.md
Co-authored-by: Chris Smowton <smowton@github.com>
2022-05-04 10:53:31 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models
This reverts commit c6c72eb.
2022-05-04 10:53:31 +02:00
Tony Torralba
dce11f3984 Removed unnecessary imports 2022-05-04 10:53:30 +02:00
Tony Torralba
f5e72e6e33 Remove getUnderlyingExpr 2022-05-04 10:53:30 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b678467e9d Move things around 2022-05-04 10:53:30 +02:00
Tony Torralba
d68311e26d Consider implicit this accesses in WebViewRef 2022-05-04 10:53:30 +02:00
Tony Torralba
51dfebf4c9 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-05-04 10:53:29 +02:00
Tony Torralba
b9859fe165 Add change note 2022-05-04 10:53:29 +02:00
Tony Torralba
91bdb4299f Improvements to UnsafeAndroidAccess 2022-05-04 10:53:29 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
2022-05-04 10:12:28 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
ac3bfa1788 Data flow: Mention expectsContent in dataflow.md 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Tom Hvitved
a50f18ab50 Data flow: Introduce expectsContent 2022-05-04 09:57:58 +02:00
bananabr
2e2d4c6e1f updated tests to consider document.getSelection() 2022-05-03 21:03:35 -05:00
Daniel Santos
880e3e1885 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-03 11:38:32 -05:00
Daniel Santos
4cd6dcc4d0 Update javascript/ql/lib/change-notes/2022-04-30-xss-selection-source.md
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-03 11:37:45 -05:00
Daniel Santos
d52980573a Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-03 11:37:26 -05:00
Paolo Tranquilli
b7cdc4ae1f Swift: set @github/codeql-c as owner 2022-05-03 17:41:23 +02:00
Geoffrey White
5aa862acfd C++: Fixup after merge. 2022-05-03 16:12:42 +01:00
Geoffrey White
fd5b4dfff2 Merge branch 'main' into xxe4 2022-05-03 16:08:54 +01:00
Mathias Vorreiter Pedersen
b8fd07c0ac Merge pull request #9018 from geoffw0/xxe5
C++: Support libxml2 in the XXE query
2022-05-03 16:00:52 +01:00
Michael Nebel
b8ec2254e8 C#: Update unit tests (looks like new NFloat operator has been introduced). 2022-05-03 16:36:32 +02:00
Michael Nebel
94b046c554 C#: Upgrade dotnet to 6.0.202. 2022-05-03 16:36:32 +02:00
Joe Farebrother
f65f833b11 Merge pull request #9020 from joefarebrother/predictable-seed
Java: Add CWE-377 tag to java/predictable-seed
2022-05-03 15:13:58 +01:00
Tony Torralba
02822c6284 Merge pull request #9013 from atorralba/atorralba/private-externalflow-imports
Java: Make more ExternalFlow imports private
2022-05-03 16:02:09 +02:00
Owen Mansel-Chan
22ccbbaae8 Run go mod tidy -e if go.mod exists 2022-05-03 14:57:13 +01:00
Tony Torralba
cf55f180c4 Add change note 2022-05-03 15:46:17 +02:00
Tony Torralba
7b3a803d19 Add flow step from startActivity to getIntent 2022-05-03 15:46:17 +02:00
Tony Torralba
9c92454fa7 Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep
Java: Add Editable.toString flow step
2022-05-03 15:27:52 +02:00
Joe Farebrother
61f13817cf Add change note 2022-05-03 14:27:47 +01:00
Geoffrey White
d5be11bf14 C++: Address review comments. 2022-05-03 14:08:19 +01:00
Rasmus Wriedt Larsen
a7b43f7356 Ruby: Accept changes to TypeTracker tests
Since this is not using inline-expectation-tests, I'm not entirely sure
whether these changes are OK or not, so hope to get someone else to
signoff on that.
2022-05-03 14:59:06 +02:00
Rasmus Wriedt Larsen
6cacf7b9a6 Ruby: isLocalSourceNode needs SynthReturnNode 2022-05-03 14:43:57 +02:00
Tony Torralba
fbceb8de57 Update java/ql/lib/semmle/code/java/frameworks/OkHttp.qll
Co-authored-by: Chris Smowton <smowton@github.com>
2022-05-03 14:40:40 +02:00
Rasmus Wriedt Larsen
d012eaa892 Python: Clarify getArg is about positional arguments 2022-05-03 14:26:23 +02:00
Rasmus Wriedt Larsen
89c4b6c235 Ruby: Fix isLocalSourceNode implementation
The old code was equivalent with the code below, which seems wrong

```
not n instanceof ExprNode
or
n instanceof ExprNode and
localFlowStepTypeTracker+(..., n)
```

From running on real DB I found that this meant that the following node
types were also included as local source nodes:

- `TReturningNode`
- `TSynthReturnNode`
- `TSummaryNode`
- `TSsaDefinitionNode`

My understanding is that the first 3 should not be included.

I would guess that SsaDefinitionNode should indeed be included as a
LocalSourceNode, but I'm not 100% sure, so I'll see what the test
results say before making further changes.
2022-05-03 14:16:19 +02:00
Joe Farebrother
f7d0884db1 Java: Add cwe-377 tag to predictable-seed 2022-05-03 12:28:14 +01:00
Geoffrey White
42a78a27e0 C++: Fixup spacing in tests. 2022-05-03 11:48:03 +01:00
Paolo Tranquilli
c2be267feb Swift: enable dynamic mode
Providing `--dynamic_mode=fully` (for example setting it in
`local.bazelrc`) will now work.

All runfiles are now copied in the extractor pack: in dynamic mode,
those will be the executable and the dynamic libraries, while in static
mode only the executable will be part of the runfiles.

Setting the correct `LD_LIBRARY_PATH` in `qltest.sh` then allows to
run tests with this pakcage. If we need something more, we can switch to
a wrapper script in place of `extractor` in the future.

Notice that `LD_LIBRARY_PATH` is also set in static mode, but that has
no consequence.
2022-05-03 12:33:24 +02:00
yoff
56ed68b3eb Merge pull request #9001 from RasmusWL/files-refactoring
Python: Flask: Improve `request.files` modeing
2022-05-03 12:19:55 +02:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Tom Hvitved
2b4fde74bb Data flow: Speedup subpaths predicate
Before
```
[2022-05-02 15:47:16] (1280s) Tuple counts for DataFlowImpl::Subpaths::subpaths#656de156#ffff/4@c5f3dclb after 3m22s:
                      8389013    ~4%     {5} r1 = JOIN DataFlowImpl::Subpaths::subpaths#656de156#ffff#shared WITH DataFlowImpl::PathNode::getASuccessor#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg', Lhs.1, Lhs.2, Lhs.3, Lhs.4 'out'
                      6689751    ~0%     {4} r2 = JOIN r1 WITH DataFlowImpl::Subpaths::subpaths03#656de156#ffffff_034512#join_rhs ON FIRST 4 OUTPUT Rhs.4, Lhs.4 'out', Lhs.0 'arg', Rhs.5 'ret'

                      1513839768 ~1%     {5} r3 = JOIN r2 WITH DataFlowImpl::PathNodeImpl::getNodeEx#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'out', Lhs.2 'arg', Lhs.3 'ret', Rhs.1 'par', Lhs.3 'ret'
                      1513839768 ~1%     {5} r4 = r3 AND NOT DataFlowImpl::PathNodeImpl::isHidden#dispred#f0820431#f(Lhs.4 'ret')
                      1513839768 ~5%     {4} r5 = SCAN r4 OUTPUT In.1 'arg', In.3 'par', In.0 'out', In.4 'ret'

                      1513839768 ~2%     {4} r6 = JOIN r2 WITH DataFlowImpl::PathNodeImpl::getNodeEx#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3 'ret', Lhs.1 'out', Lhs.2 'arg', Rhs.1 'par'
                      0          ~0%     {5} r7 = JOIN r6 WITH boundedFastTC(DataFlowImpl::Subpaths::localStepToHidden#656de156#ff_10#higher_order_body,DataFlowImpl::Subpaths::subpaths#656de156#ffff#higher_order_body) ON FIRST 1 OUTPUT Lhs.1 'out', Lhs.2 'arg', Lhs.0, Lhs.3 'par', Rhs.1 'ret'
                      0          ~0%     {5} r8 = r7 AND NOT DataFlowImpl::PathNodeImpl::isHidden#dispred#f0820431#f(Lhs.4 'ret')
                      0          ~0%     {4} r9 = SCAN r8 OUTPUT In.1 'arg', In.3 'par', In.0 'out', In.4 'ret'

                      1513839768 ~5%     {4} r10 = r5 UNION r9
                      6689751    ~0%     {4} r11 = JOIN r10 WITH DataFlowImpl::PathNode::getASuccessor#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.0 'arg', Lhs.1 'par', Lhs.3 'ret', Lhs.2 'out'
                                         return r11
```

After
```
[2022-05-03 11:44:10] (969s) Tuple counts for DataFlowImpl::Subpaths::subpaths#656de156#ffff/4@b26b969r after 11.8s:
                      8372525 ~0%     {3} r1 = JOIN DataFlowImpl::PathNode::getASuccessor#dispred#f0820431#ff_10#join_rhs WITH DataFlowImpl::PathNodeImpl::getNodeEx#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1 'arg', Rhs.1, Rhs.0
                      6673799 ~6%     {9} r2 = JOIN r1 WITH DataFlowImpl::Subpaths::subpaths03#656de156#fffffffff ON FIRST 2 OUTPUT Rhs.3, Rhs.4, Rhs.5, Rhs.7, Rhs.6, Rhs.8, Lhs.2 'par', Lhs.0 'arg', Rhs.2 'ret'

                      6637884 ~0%     {5} r3 = JOIN r2 WITH project#DataFlowImpl::pathNode#656de156#ffffffff_1234560#join_rhs ON FIRST 6 OUTPUT Lhs.6 'par', Lhs.7 'arg', Lhs.8 'ret', Rhs.6 'out', Lhs.8 'ret'

                      6637884 ~0%     {4} r4 = JOIN r2 WITH project#DataFlowImpl::pathNode#656de156#ffffffff_1234560#join_rhs ON FIRST 6 OUTPUT Rhs.6 'out', Lhs.6 'par', Lhs.7 'arg', Lhs.8 'ret'

                      51867   ~0%     {5} r5 = JOIN r4 WITH DataFlowImpl::PathNodeMid::projectToSink#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1 'par', Lhs.2 'arg', Lhs.3 'ret', Rhs.1 'out', Lhs.3 'ret'

                      6689751 ~0%     {5} r6 = r3 UNION r5
                      6689751 ~0%     {5} r7 = r6 AND NOT DataFlowImpl::PathNodeImpl::isHidden#dispred#f0820431#f(Lhs.4 'ret')
                      6689751 ~0%     {4} r8 = SCAN r7 OUTPUT In.1 'arg', In.0 'par', In.4 'ret', In.3 'out'

                      6637884 ~0%     {4} r9 = JOIN r2 WITH project#DataFlowImpl::pathNode#656de156#ffffffff_1234560#join_rhs ON FIRST 6 OUTPUT Lhs.8 'ret', Lhs.6 'par', Lhs.7 'arg', Rhs.6 'out'

                      51867   ~0%     {4} r10 = JOIN r4 WITH DataFlowImpl::PathNodeMid::projectToSink#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3 'ret', Lhs.1 'par', Lhs.2 'arg', Rhs.1 'out'

                      6689751 ~0%     {4} r11 = r9 UNION r10
                      0       ~0%     {5} r12 = JOIN r11 WITH boundedFastTC(DataFlowImpl::Subpaths::localStepToHidden#656de156#ff_10#higher_order_body,DataFlowImpl::Subpaths::subpaths#656de156#ffff#higher_order_body) ON FIRST 1 OUTPUT Lhs.1 'par', Lhs.2 'arg', Lhs.0, Lhs.3 'out', Rhs.1 'ret'
                      0       ~0%     {5} r13 = r12 AND NOT DataFlowImpl::PathNodeImpl::isHidden#dispred#f0820431#f(Lhs.4 'ret')
                      0       ~0%     {4} r14 = SCAN r13 OUTPUT In.1 'arg', In.0 'par', In.4 'ret', In.3 'out'

                      6689751 ~0%     {4} r15 = r8 UNION r14
                                      return r15
```
2022-05-03 11:45:28 +02:00
Anders Schack-Mulligen
249f771fad Merge pull request #8952 from cklin/fix-ql-comments-syntax
Fix syntax errors in QL comments
2022-05-03 11:15:56 +02:00
Jeroen Ketema
904ff1a569 Merge pull request #8943 from jbj/remove-gvn-imports
C++: Remove import order workarounds
2022-05-03 11:01:02 +02:00
Nick Rolfe
00bf352b50 Ruby: fix some flow summary join orders
The flow summaries that are implemented with an abstract base class
restricting the method name, and child classes using that method name,
had unfortunate join orders:

r1 = JOIN Call::MethodCall::getMethodName#dispred#f0820431#ff WITH Call::MethodCall::getMethodName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, (Lhs.1 ++ "_arg"), Rhs.1
2022-05-03 09:58:40 +01:00
mc
58a2677cf7 Merge pull request #8860 from github/jf205-patch-1
Fix broken link in analyzing-databases-with-the-codeql-cli.rst
2022-05-03 09:56:49 +01:00
Mathias Vorreiter Pedersen
73886b1040 Merge pull request #8948 from geoffw0/xxe3
C++: Add support for SAXParser to the CWE-611 XXE query.
2022-05-03 09:42:10 +01:00
Tony Torralba
c66e583aea Make more ExternalFlow imports private 2022-05-03 10:31:29 +02:00
Arthur Baars
19e4d34581 Update ruby/ql/lib/change-notes/2022-04-30-update-grammar.md
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-05-03 10:08:29 +02:00
Erik Krogh Kristensen
806dacb0e3 Merge pull request #8989 from erik-krogh/mentionAll
JS/RB: have `ApiGraphModelsSpecific.qll` mention all the required predicates
2022-05-03 09:42:41 +02:00
Tony Torralba
5c574906fe Merge pull request #9010 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-05-03 09:23:53 +02:00
github-actions[bot]
433beaf637 Add changed framework coverage reports 2022-05-03 00:15:34 +00:00
Daniel Santos
fddb465260 Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-05-02 14:00:45 -05:00
Tony Torralba
de8b5f927b Adjust test expectations 2022-05-02 16:55:11 +02:00
Tony Torralba
29b430e49b Make commits private 2022-05-02 16:55:01 +02:00
Anders Schack-Mulligen
86516b157b Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow
Java: Add additional `File` taint value flow models
2022-05-02 16:30:45 +02:00
Tony Torralba
9a35aba465 Add change notes 2022-05-02 15:45:44 +02:00
Tony Torralba
1cf4b60769 Simplify non-https-url query 2022-05-02 15:43:07 +02:00
Tony Torralba
8602a6f6c9 Add models for OkHttp and Retrofit 2022-05-02 15:42:15 +02:00
Rasmus Wriedt Larsen
7e1be3172e Python: Add change-note 2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen
de4390cdf6 Python: Improve Flask request.files handling even more 2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen
fb0133d276 Python: Fix Flask request.files modeling 2022-05-02 14:14:58 +02:00
Rasmus Wriedt Larsen
0c62916af5 Python: Highlight problem with Flask request.files modeling 2022-05-02 14:14:53 +02:00
yoff
1d44694280 Merge pull request #8732 from RasmusWL/dataflow-imports
Python: Don't re-export `python` under `DataFlow::`
2022-05-02 12:08:28 +02:00
Taus
231def026f Merge pull request #8890 from tausbn/python-add-global-attribute-writes
Python: Add support for global attribute writes
2022-05-02 12:03:41 +02:00
yoff
c67b06b1fd Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py
Co-authored-by: Taus <tausbn@github.com>
2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen
714465bf39 Python: Refactor SaxParserSetFeatureCall
Originally made by @erik-krogh in
https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398

Could not be applied directly to this PR, since this PR deletes the file.
2022-05-02 11:29:54 +02:00
Rasmus Wriedt Larsen
5f01fc24e4 Merge branch 'main' into promote-xxe 2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen
3c1a37e7e1 Merge branch 'main' into new-nosql-examples 2022-05-02 11:21:36 +02:00
Tom Hvitved
29f30a19e7 Merge pull request #8955 from hvitved/csharp/useless-cast-fp
C#: Add FP test for `cs/useless-cast-to-self`
2022-05-02 10:32:28 +02:00
Anders Schack-Mulligen
b2e9555075 Merge pull request #8345 from jorgectf/mybatis-new-sinks
Java: Add `MyBatis`' `Providers` sinks
2022-05-02 09:44:28 +02:00
bananabr
ed58ee86fe documented getSelectionCall 2022-05-01 20:41:43 -05:00
thibaut hansmann
83e26f41c0 C/C++ : Wrong Uint access 2022-05-01 14:53:52 +02:00
bananabr
57ae07017f adds the Selection API as a new DOM text source 2022-04-30 18:27:31 -05:00
Erik Krogh Kristensen
f87312d4ba have ApiGraphModelsSpecific.qll mention all the required predicates/types 2022-04-30 20:29:44 +02:00
luchua-bc
920a7cd2e6 Put back the taint step removed during merge 2022-04-29 20:29:04 +00:00
Geoffrey White
034c4faf19 Merge branch 'main' into xxe3 2022-04-29 21:06:16 +01:00
Jonathan Leitschuh
c8e0d7f847 Summary model for File should include overriden methods 2022-04-29 14:51:26 -04:00
Henry Mercer
811a2c0053 Merge pull request #8957 from github/henrymercer/upgrade-codeql-action
Use codeql-action/upload-sarif@main in CSV coverage metrics workflow
2022-04-29 17:06:21 +01:00
Arthur Baars
cf4325c86f Add change note 2022-04-29 16:19:11 +02:00
Geoffrey White
614a7650a6 Merge pull request #8775 from porcupineyhairs/cpam
CPP: PAM Authorization Bypass
2022-04-29 14:55:33 +01:00
Erik Krogh Kristensen
4585e8a874 QL: point the dataset measure workflow to a merge_stats.py file that exists 2022-04-29 15:31:07 +02:00
Jorge
37b051a851 Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-04-29 14:44:17 +02:00
AlexDenisov
5c6e5173ad Merge pull request #8959 from AlexDenisov/alexdenisov/pip-install-from-bazel
Swift: teach bazel to install python dependencies
2022-04-29 14:31:37 +02:00
Paolo Tranquilli
8fc78fae74 Merge pull request #8960 from redsun82/swift-cc-wrappers
Swift: cc wrapper rules
2022-04-29 14:30:54 +02:00
Geoffrey White
812a24fc18 C++: Add test cases for libxml2. 2022-04-29 13:23:29 +01:00
Paolo Tranquilli
2fe38c2bbb Swift: cc wrapper rules 2022-04-29 14:18:36 +02:00
Alex Denisov
7332460268 Swift: teach bazel to install python dependencies 2022-04-29 14:05:36 +02:00
yoff
7efb4ab4e4 Merge pull request #8581 from tausbn/python-fix-bad-join-in-import_star_read
Python: Fix bad join in `import_star_read`
2022-04-29 13:14:14 +02:00
Henry Mercer
d1cc835cad Merge pull request #8949 from github/henrymercer/fix-typo
JS: Nit: Fix typo in QLDoc
2022-04-29 12:04:09 +01:00
Henry Mercer
08b6b1d209 Use codeql-action/upload-sarif@main in CSV coverage metrics workflow 2022-04-29 11:26:32 +01:00
Tony Torralba
12320aa5d2 Fix Intent Redirection sanitizer 2022-04-29 12:19:49 +02:00
Tom Hvitved
a0e003e33c C#: Add FP test for cs/useless-cast-to-self 2022-04-29 11:59:51 +02:00
Henry Mercer
d3e92f72c4 JS: Nit: Fix typo in QLDoc 2022-04-29 10:54:07 +01:00
Geoffrey White
dd258781ed C++: More test cases. 2022-04-29 10:38:31 +01:00
Geoffrey White
1d71f042db C++: Turns out DOMLSParser is not an AbstractDOMParser and works a little differently than I'd thought. 2022-04-29 10:38:31 +01:00
Geoffrey White
c6deddb290 C++: For consistency. 2022-04-29 10:35:34 +01:00
Geoffrey White
4be3161891 C++: Move some stuff from tests3.cpp to common tests.h 2022-04-29 10:35:34 +01:00
Geoffrey White
397efd1648 C++: Split off the createLSParser tests into their own file. 2022-04-29 10:35:33 +01:00
Geoffrey White
b02519bf0b C++: Make the createLSParser test a bit closer to real life. 2022-04-29 10:33:47 +01:00
Geoffrey White
a1542322e2 C++: Add test cases for SAX2XMLReader. 2022-04-29 10:33:46 +01:00
Erik Krogh Kristensen
080271f14f Merge pull request #8221 from erik-krogh/libProto
JS: recognize more module exports from the factory pattern
2022-04-29 11:23:53 +02:00
Erik Krogh Kristensen
dfe2140902 slight simplification 2022-04-29 11:22:12 +02:00
Stephan Brandauer
fa377ac763 Merge pull request #8946 from kaeluka/deepFillIn-FN
JS: fix a FN for prototype polluting function query
2022-04-29 10:14:41 +01:00
Erik Krogh Kristensen
b74d1fdb1a Merge pull request #8783 from erik-krogh/jsAbstractBi
JS: don't initialize sanitizer-guards in the standard library
2022-04-29 11:12:16 +02:00
Geoffrey White
7fb1069d69 C++: Use GVN on the values passed into set* functions. 2022-04-29 10:09:52 +01:00
Owen Mansel-Chan
ee94eb5962 Merge pull request #727 from cklin/fix-ql-comments-syntax
Fix Beego references
2022-04-29 09:19:24 +01:00
Geoffrey White
215453e4db Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-04-29 09:07:25 +01:00
Tony Torralba
9eb6022bbe Merge pull request #8954 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-04-29 10:06:57 +02:00
Geoffrey White
33d499c12d C++: Address review comments. 2022-04-29 09:02:11 +01:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
github-actions[bot]
1032dcd7e6 Add changed framework coverage reports 2022-04-29 00:15:05 +00:00
jorgectf
548721a8cf Fix MyBatisInjectionSink 2022-04-28 23:36:51 +02:00
Jorge
193ea1a86e Merge branch 'main' into mybatis-new-sinks 2022-04-28 22:26:38 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
Jorge
50e95b5aad Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-04-28 21:56:20 +02:00
Jorge
834f2e845d Delete MyBatisAbstractSql and inline MyBatisAbstractSqlMethodsStep 2022-04-28 21:55:15 +02:00
Chuan-kai Lin
d2fccbea95 Fix Beego references 2022-04-28 12:52:21 -07:00
Chuan-kai Lin
d6f0bbb816 Fix syntax errors in QL comments 2022-04-28 11:53:36 -07:00
AlexDenisov
f6769735e5 Merge pull request #8939 from AlexDenisov/alexdenisov/swift-tracer-integration
Swift: tracer integration
2022-04-28 19:20:55 +02:00
Geoffrey White
79d1ffc1d9 C++: Change note. 2022-04-28 17:49:41 +01:00
Tom Hvitved
3fd93b460f Merge pull request #8935 from hvitved/ruby/typetracker-kw-test 2022-04-28 18:22:51 +02:00
Geoffrey White
2ccd5a5531 C++: Add support for SAXParser in the query. 2022-04-28 16:13:21 +01:00
Geoffrey White
4e2344c488 C++: Add test cases for SAXParser. 2022-04-28 16:11:08 +01:00
Paolo Tranquilli
75265f7c42 Merge pull request #8947 from redsun82/swift-pragma-once
Swift: use `#pragma once`
2022-04-28 16:59:50 +02:00
AlexDenisov
a59d7f6a85 Update swift/extractor/main.cpp 2022-04-28 16:52:34 +02:00
Paolo Tranquilli
c4fae0806f Swift: use #pragma once 2022-04-28 16:39:27 +02:00
AlexDenisov
84bcc2e64a Merge branch 'main' into alexdenisov/swift-tracer-integration 2022-04-28 16:28:48 +02:00
Paolo Tranquilli
2374e6b401 Merge pull request #8934 from redsun82/swift-trapgen
Swift: added trapgen
2022-04-28 16:00:46 +02:00
Mathias Vorreiter Pedersen
69af3b123d Merge pull request #8941 from github/release-prep/2.9.1
Release preparation for version 2.9.1
2022-04-28 14:45:32 +01:00
Mathias Vorreiter Pedersen
ff677cd756 Merge pull request #726 from github/release-prep/2.9.1
Release preparation for version 2.9.1
2022-04-28 14:45:19 +01:00
Jonas Jensen
f1fa7cba5a C++: Remove import order workarounds
These workarounds are no longer needed from CodeQL CLI 2.9.0.
2022-04-28 14:40:57 +02:00
Anders Schack-Mulligen
9d2f386032 Merge pull request #8878 from aschackmull/java/validationmethod-joinorder
Java: Fix join-order.
2022-04-28 14:35:20 +02:00
Tom Hvitved
8d2bf2228b Merge pull request #7914 from hvitved/ruby/generalize-element-content
Ruby: Generalize `ArrayElementContent` to `ElementContent`
2022-04-28 14:23:08 +02:00
Jeroen Ketema
2e6addab03 Fix one more change note 2022-04-28 14:22:41 +02:00
Jeroen Ketema
4a648f3c89 Fix change note items 2022-04-28 14:14:19 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00
github-actions[bot]
bcd2c009e3 Release preparation for version 2.9.1 2022-04-28 11:58:54 +00:00
Michael Nebel
ec316750d3 Merge pull request #8905 from michaelnebel/csharp/generatedcomment
C#: Add auto generated comment to generated models as data files.
2022-04-28 13:57:38 +02:00
Tom Hvitved
f7669815ce Address review comments 2022-04-28 13:50:26 +02:00
Arthur Baars
ccc18640db Ruby: add upgrade and downgrade scripts 2022-04-28 13:47:14 +02:00
Arthur Baars
d055f9a186 Update tests 2022-04-28 13:47:10 +02:00
Alex Denisov
85918173a6 Swift: ensure the folder for trap files exists 2022-04-28 13:19:25 +02:00
Alex Denisov
9c73ae5a97 Swift: teach extractor to not produce artifacts 2022-04-28 13:18:20 +02:00
Michael Nebel
9d767b8ad8 Merge pull request #8869 from michaelnebel/csharp/frameworkcoverage
C#: Port the java FrameworkCoverage query.
2022-04-28 13:17:50 +02:00
Alex Denisov
5b75b4db79 Swift: add tracer config 2022-04-28 13:17:35 +02:00
Alex Denisov
4a03976a15 Swift: set compiler flags explicitly 2022-04-28 13:17:05 +02:00
Taus
95d235416c Python: Fix bad antijoin in getAKeyword
Before:

```
Tuple counts for Exprs::Call::getAKeyword_dispred#ff#antijoin_rhs/3@7bc202ij after 9s:
1        ~0%     {1} r1 = CONSTANT(unique int)[2]
4244385  ~2%     {1} r2 = JOIN r1 WITH py_dict_items_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0'
4244352  ~3%     {3} r3 = JOIN r2 WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg1', Lhs.0 'arg0', Rhs.2 'arg2'
66618690 ~3%     {5} r4 = JOIN r3 WITH AstGenerated::Call_::getNamedArg_dispred#ffb ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.0 'arg1', Lhs.2 'arg2', Rhs.1, Rhs.2
31187133 ~0%     {5} r5 = SELECT r4 ON In.3 < In.2 'arg2'
31187133 ~1%     {5} r6 = SCAN r5 OUTPUT In.4, 0, In.0 'arg0', In.1 'arg1', In.2 'arg2'
0        ~0%     {3} r7 = JOIN r6 WITH py_dict_items ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.3 'arg1', Lhs.4 'arg2'
                 return r7

Tuple counts for Exprs::Call::getAKeyword_dispred#ff/2@1dc9468b after 421ms:
1       ~0%     {1} r1 = CONSTANT(unique int)[2]
4244385 ~2%     {1} r2 = JOIN r1 WITH py_dict_items_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result'
4244352 ~0%     {3} r3 = JOIN r2 WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Lhs.0 'result', Rhs.1 'this', Rhs.2
4244352 ~0%     {3} r4 = r3 AND NOT Exprs::Call::getAKeyword_dispred#ff#antijoin_rhs(Lhs.0 'result', Lhs.1 'this', Lhs.2)
4244352 ~6%     {2} r5 = SCAN r4 OUTPUT In.1 'this', In.0 'result'
                return r5
```

Oof. All that work to produce zero tuples. Luckily we can improve
matters somewhat.

Basically, there's no reason to test _all_ dictionary unpackings, since
we're only interested in a lower bound. Thus, we can use `min` instead
which is much more efficient. For convenience I factored this into its
own (private) helper predicate.

Now the tuple counts look as follows:

```
Tuple counts for Exprs::Call::getMinimumUnpackingIndex_dispred#ff#min_range/2@39b0e9sm after 1ms:
246 ~0%     {2} r1 = JOIN Keywords::DictUnpackingOrKeyword#class#f#shared WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Rhs.2 'arg1'
            return r1
Registering Exprs::Call::getMinimumUnpackingIndex_dispred#ff#min_range/2@39b0e9sm +  with content 9ea2f123k8necpu015v6tpsc2t1
 >>> Created relation Exprs::Call::getMinimumUnpackingIndex_dispred#ff#min_range/2@39b0e9sm with 246 rows.
Starting to evaluate predicate Exprs::Call::getMinimumUnpackingIndex_dispred#ff#min_term/3@9f4ca5g8
Tuple counts for Exprs::Call::getMinimumUnpackingIndex_dispred#ff#min_term/3@9f4ca5g8 after 0ms:
246 ~2%     {3} r1 = JOIN Keywords::DictUnpackingOrKeyword#class#f#shared WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Rhs.2 'arg2', Rhs.2 'arg2'
            return r1

Tuple counts for Exprs::Call::getAKeyword_dispred#ff/2@000a0alb after 906ms:
1       ~0%     {1} r1 = CONSTANT(unique int)[2]
4244385 ~2%     {1} r2 = JOIN r1 WITH py_dict_items_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'result'

4244352 ~0%     {3} r3 = JOIN r2 WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Lhs.0 'result', Rhs.1 'this', Rhs.2
4244280 ~0%     {3} r4 = r3 AND NOT Exprs::Call::getMinimumUnpackingIndex_dispred#ff_0#antijoin_rhs(Lhs.1 'this')
4244280 ~6%     {2} r5 = SCAN r4 OUTPUT In.1 'this', In.0 'result'

4244352 ~3%     {3} r6 = JOIN r2 WITH AstGenerated::Call_::getNamedArg_dispred#ffb_201#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.0 'result', Rhs.2
72      ~4%     {4} r7 = JOIN r6 WITH Exprs::Call::getMinimumUnpackingIndex_dispred#ff ON FIRST 1 OUTPUT Lhs.1 'result', Lhs.0 'this', Lhs.2, Rhs.1
72      ~4%     {4} r8 = SELECT r7 ON In.2 <= In.3
72      ~0%     {2} r9 = SCAN r8 OUTPUT In.1 'this', In.0 'result'

4244352 ~6%     {2} r10 = r5 UNION r9
                return r10
```

This is not the perfect join order (note the similarity between `r3`
and `r6`) but overall it's a win.
2022-04-28 11:11:37 +00:00
Taus
80ef09f034 Python: Fix bad join in declaredAttributeVar
Before:
```
Tuple counts for PointsTo::declaredAttributeVar#fbf/3@99d5aenq after 1.1s:
451054   ~7%     {2} r1 = SCAN variable OUTPUT In.0, In.2 'name'
1296149  ~0%     {2} r2 = JOIN r1 WITH Essa::EssaVariable::getSourceVariable_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'var', Lhs.1 'name'
12179900 ~4%     {3} r3 = JOIN r2 WITH Essa::EssaVariable::getAUse_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'name', Lhs.0 'var'
8028     ~2%     {3} r4 = JOIN r3 WITH Scope::Scope::getANormalExit_dispred#bf_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'name', Lhs.2 'var'
8028     ~2%     {3} r5 = JOIN r4 WITH Classes::PythonClassObjectInternal::getScope_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'cls', Lhs.1 'name', Lhs.2 'var'
                 return r5
```

After:
```
Tuple counts for PointsTo::declaredAttributeVar#fbf/3@cccf36hb after 4ms:
1450 ~0%     {2} r1 = SCAN Classes::PythonClassObjectInternal::getScope_dispred#ff OUTPUT In.1, In.0 'cls'
1450 ~7%     {2} r2 = JOIN r1 WITH Scope::Scope::getANormalExit_dispred#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cls'
8028 ~0%     {2} r3 = JOIN r2 WITH Essa::EssaVariable::getAUse_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'var', Lhs.1 'cls'
8028 ~0%     {3} r4 = JOIN r3 WITH Essa::EssaVariable::getSourceVariable_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'cls', Lhs.0 'var'
8028 ~2%     {3} r5 = JOIN r4 WITH variable ON FIRST 1 OUTPUT Lhs.1 'cls', Rhs.2 'name', Lhs.2 'var'
return r5
```
2022-04-28 11:11:37 +00:00
Taus
d28f9f41e8 Python: Fix bad join in import_star_read
Makes this

```
(21s) Tuple counts for DataFlowPublic::import_star_read#ff/2@fcd5e6nr after 8.5s:
9743      ~6%     {3} r1 = SCAN num#DataFlowPublic::TModuleVariableNode#fff OUTPUT In.1, In.0, In.2 'result'
9743      ~1%     {3} r2 = JOIN r1 WITH Variables::Variable::getId_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 'result'
390808917 ~3%     {3} r3 = JOIN r2 WITH Flow::NameNode::getId_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 'result'
307       ~0%     {2} r4 = JOIN r3 WITH ImportStar::ImportStar::importStarResolvesTo#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2 'result'
307       ~0%     {2} r5 = JOIN r4 WITH num#DataFlowPublic::TCfgNode#ff ON FIRST 1 OUTPUT Rhs.1 'n', Lhs.1 'result'
                  return r5
```

become this

```
(17s) Tuple counts for DataFlowPublic::resolved_import_star_module#fff/3@f5e84aic after 0ms:
307 ~0%     {3} r1 = JOIN ImportStar::ImportStar::importStarResolvesTo#ff WITH num#DataFlowPublic::TCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1 'm', Rhs.1 'n'
307 ~0%     {3} r2 = JOIN r1 WITH Flow::NameNode::getId_dispred#ff ON FIRST 1 OUTPUT Lhs.1 'm', Rhs.1 'name', Lhs.2 'n'
            return r2
(17s) Registering DataFlowPublic::resolved_import_star_module#fff/3@f5e84aic +  with content f29281ig38r98icro4ege09mrva
(17s)  >>> Created relation DataFlowPublic::resolved_import_star_module#fff/3@f5e84aic with 307 rows.
(17s) Starting to evaluate predicate DataFlowPublic::import_star_read#ff/2@57b0c06e
(17s) Tuple counts for DataFlowPublic::import_star_read#ff/2@57b0c06e after 2ms:
9743 ~0%     {3} r1 = SCAN num#DataFlowPublic::TModuleVariableNode#fff OUTPUT In.1, In.0, In.2 'result'
9743 ~0%     {3} r2 = JOIN r1 WITH Variables::Variable::getId_dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2 'result'
307  ~0%     {2} r3 = JOIN r2 WITH DataFlowPublic::resolved_import_star_module#fff ON FIRST 2 OUTPUT Rhs.2 'n', Lhs.2 'result'
             return r3
```
2022-04-28 11:11:37 +00:00
Arthur Baars
20a3e3a8ae Update library 2022-04-28 13:00:02 +02:00
Arthur Baars
65989ae564 Update dbscheme stats 2022-04-28 13:00:02 +02:00
Arthur Baars
a848929069 Regenerate QLL library 2022-04-28 13:00:02 +02:00
Arthur Baars
0d9354322e Update tree-sitter-ruby 2022-04-28 13:00:02 +02:00
Arthur Baars
7359ffaa2e Ruby: add tree-sitter test case 2022-04-28 12:59:56 +02:00
Erik Krogh Kristensen
3c07ab59a1 Merge pull request #8936 from jketema/camel-case
QL: Improve camel case query
2022-04-28 12:32:46 +02:00
yoff
4553a0913f Merge pull request #8897 from tausbn/python-fix-bad-methodcallsite-join
Python: Fix bad join in `MethodCallsiteRefinement`
2022-04-28 12:17:33 +02:00
Jeroen Ketema
b6cf536f01 QL: Fix formatting 2022-04-28 12:05:47 +02:00
Paolo Tranquilli
773ef62406 Swift: added trapgen
This checks in the trapgen script generating trap entries in C++.

The codegen suite has been slightly reorganized, moving the templates
directory up one level and chopping everything into smaller bazel
packages. Running tests is now done via
```
bazel run //swift/codegen/test
```

With respect to the PoC, the nested `codeql::trap` namespace has been
dropped in favour of a `Trap` prefix (or suffix in case of entries)
within the `codeql` namespace. Also, generated C++ code is not checked
in in git any more, and generated during build. Finally, labels get
printed in hex in the trap file.

`TrapLabel` is for the moment only default-constructible, so only one
single label is possible. `TrapArena`, that is responsible for creating
disjoint labels will come in a later commit.
2022-04-28 12:01:59 +02:00
Tony Torralba
604a5fc71f Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements
Java: Improve Spring models
2022-04-28 11:59:51 +02:00
Michael Nebel
150d9ba52c Update .github/workflows/csv-coverage-metrics.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-04-28 11:57:53 +02:00
Henry Mercer
52a417b02d Merge pull request #8921 from github/dependabot/github_actions/actions/setup-python-3
Bump actions/setup-python from 2 to 3
2022-04-28 10:57:02 +01:00
Jeroen Ketema
62831e93fe QL: Add filter for NewType to camel case query 2022-04-28 11:54:42 +02:00
Henry Mercer
03c311181a Merge pull request #8922 from github/dependabot/github_actions/actions/download-artifact-3
Bump actions/download-artifact from 2 to 3
2022-04-28 10:45:49 +01:00
Jeroen Ketema
3db9d56259 QL: Improve message for camel cazse query 2022-04-28 11:41:17 +02:00
Jeroen Ketema
52fc2dac47 QL: Add camel case tests 2022-04-28 11:38:14 +02:00
Mathias Vorreiter Pedersen
2517371a37 Merge pull request #8933 from MathiasVP/revert-globals
C++: Revert #8515
2022-04-28 10:38:08 +01:00
Tom Hvitved
29f1c533a9 Ruby: Add type tracker tests for flow through keyword/positional parameters 2022-04-28 11:34:12 +02:00
Michael Nebel
c606121ae7 C#: Move autogenerated comment to file level instead of having it on each class. 2022-04-28 11:27:49 +02:00
Michael Nebel
57fc4d987f C#: Fix indentation. 2022-04-28 11:19:54 +02:00
Michael Nebel
583b9b61de C#: Add job for running the framework coverage query for C#. 2022-04-28 11:19:49 +02:00
Michael Nebel
98b2bc06ce C#: Port the java FrameworkCoverage query. 2022-04-28 11:18:12 +02:00
Tom Hvitved
db856798b9 Merge pull request #8920 from github/dependabot/github_actions/actions/setup-dotnet-2
Bump actions/setup-dotnet from 1 to 2
2022-04-28 10:47:28 +02:00
Stephan Brandauer
f4104e2b72 Merge pull request #8886 from kaeluka/add-rest-parameter-flowstep
JS: Add flow step to `...rest` parameters
2022-04-28 08:39:50 +01:00
Tony Torralba
1f1581cc97 Merge pull request #8913 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-04-28 09:34:52 +02:00
Jonas Jensen
0c65e67d18 QL language reference: variables must be lowerId
To prepare for a future QL language change where variable names must
start with a lower-case letter, this commit updates the QL language
reference (including the language specification) to change the variable
name grammar from `simpleId` to `lowerId`.
2022-04-28 09:13:36 +02:00
dependabot[bot]
8c4e92d065 Bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-28 03:32:59 +00:00
dependabot[bot]
c8fd94a830 Bump actions/setup-python from 2 to 3
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-28 03:32:57 +00:00
dependabot[bot]
6526ee797d Bump actions/setup-dotnet from 1 to 2
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1 to 2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-28 03:32:55 +00:00
github-actions[bot]
018558b823 Add changed framework coverage reports 2022-04-28 00:18:25 +00:00
Harry Maclean
ba1d43dd42 Merge pull request #8658 from hmac/hmac/insecure-download
Ruby: Add InsecureDownload query
2022-04-28 11:07:35 +12:00
Harry Maclean
f4453f4da2 Merge pull request #8573 from hmac/hmac/missing-regexp-anchor
Ruby: Add MissingRegExpAnchor query
2022-04-28 11:06:33 +12:00
luchua-bc
590b9d8519 Standardize the query and update qldoc 2022-04-27 22:17:17 +00:00
Chris Smowton
bb049bffbd Merge pull request #8765 from artem-smotrakov/cover-jms
Java: Add flow sources and steps for RabbitMQ and JMS
2022-04-27 21:27:05 +01:00
Taus
b4a31e572f Python: Add global attribute writes 2022-04-27 16:45:00 +00:00
Taus
f71cf2e1fc Python: Add test 2022-04-27 15:48:11 +00:00
Paolo Tranquilli
f95b5853c1 Merge pull request #8788 from AlexDenisov/alexdenisov/swift-first-extractor-test
Swift: file extraction
2022-04-27 17:47:17 +02:00
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2
C++: Add support for createLSParser to the CWE-611 XXE query.
2022-04-27 16:24:27 +01:00
Anna Railton
00b74d8b1c Merge pull request #8895 from github/annarailton-patch-1
ATM: Update `TaintedPathInjection` -> `TaintedPath`
2022-04-27 16:15:46 +01:00
Mathias Vorreiter Pedersen
abbb7f861f Merge pull request #8904 from MathiasVP/sync-swift-schema
Swift: Sync schema after extractor changes
2022-04-27 16:14:46 +01:00
Alex Denisov
272aa594cc Swift: compiler options moved to .bazelrc 2022-04-27 17:11:16 +02:00
Mathias Vorreiter Pedersen
75c1e56bbd Revert "Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars"
This reverts commit 800e4ea7df, reversing
changes made to 7ce040f331.
2022-04-27 16:04:28 +01:00
Henry Mercer
897bc2374a Merge pull request #8906 from github/henrymercer/workflow-codeowners
Add CODEOWNERS for Actions workflows
2022-04-27 15:47:11 +01:00
Tony Torralba
e99cee4913 Merge branch 'main' into java/unsafe-get-resource 2022-04-27 16:45:42 +02:00
Geoffrey White
d04078f989 C++: Fix. 2022-04-27 15:45:23 +01:00
Henry Mercer
c39eaf64ca Merge pull request #8901 from github/dependabot/github_actions/actions/checkout-3
Bump actions/checkout from 2 to 3
2022-04-27 15:40:07 +01:00
Henry Mercer
6777090f36 Add CODEOWNERS for Actions workflows 2022-04-27 15:26:15 +01:00
Stephan Brandauer
ee280cda32 Improve docs after PR comment
Co-authored-by: Asger F <asgerf@github.com>
2022-04-27 16:24:20 +02:00
dependabot[bot]
c63a0e7010 Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 14:13:33 +00:00
Henry Mercer
3e80c78612 Merge pull request #8903 from github/dependabot/github_actions/actions/stale-5
Bump actions/stale from 3 to 5
2022-04-27 15:13:03 +01:00
Henry Mercer
b6a787d4a0 Merge pull request #8902 from github/dependabot/github_actions/actions/cache-3
Bump actions/cache from 2 to 3
2022-04-27 15:12:58 +01:00
Henry Mercer
f876ef91a3 Merge pull request #8900 from github/dependabot/github_actions/actions/labeler-4
Bump actions/labeler from 2 to 4
2022-04-27 15:12:52 +01:00
Henry Mercer
52475cd917 Merge pull request #8899 from github/dependabot/github_actions/actions/upload-artifact-3
Bump actions/upload-artifact from 2 to 3
2022-04-27 15:12:39 +01:00
Paolo Tranquilli
cde5ba7987 Merge pull request #8889 from redsun82/swift-codegen-unit-tests
Swift: add unit tests to code generation
2022-04-27 16:07:54 +02:00
Stephan Brandauer
4964f2df9a add flow step to rest parameters 2022-04-27 16:03:19 +02:00
Chris Smowton
db90bf9900 Move change note 2022-04-27 15:00:26 +01:00
Michael Nebel
52b59d0eed C#: Add auto generated comment to generated models as data files. 2022-04-27 15:40:23 +02:00
Mathias Vorreiter Pedersen
141e8fcd5b Swift: Sync schema. 2022-04-27 14:39:13 +01:00
Tony Torralba
51bb33ae65 Merge pull request #8876 from atorralba/atorralba/externalflow-import-private
Java: Make all imports of ExternalFlow private
2022-04-27 15:24:55 +02:00
dependabot[bot]
c71c6f6dbe Bump actions/stale from 3 to 5
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:41 +00:00
dependabot[bot]
2c1ee564aa Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:37 +00:00
dependabot[bot]
70ba8e3a5c Bump actions/labeler from 2 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:30 +00:00
dependabot[bot]
e1e68e96dc Bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:28 +00:00
Henry Mercer
295c0fcbb5 Merge pull request #8896 from github/henrymercer/dependabot-actions-updates
Enable Dependabot updates for Actions
2022-04-27 14:16:46 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-04-27 13:06:02 +01:00
yoff
39753d5a0b Merge pull request #8693 from erik-krogh/pyApi
PY: more API-graphs refactorings
2022-04-27 13:19:50 +02:00
Taus
d3a05b8b7e Python: Fix bad join in MethodCallsiteRefinement
Observed on `FreeCAD/FreeCAD`:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@274967ic after 34.5s:
638284     ~0%     {2} r1 = SCAN Essa::TEssaNodeRefinement#24e22a14#ffff OUTPUT In.0, In.3 'this'
636521     ~0%     {2} r2 = r1 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.1 'this')
1579493668 ~0%     {2} r3 = JOIN r2 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.2
266673     ~3%     {1} r4 = JOIN r3 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.0 'this'
                    return r4
```

After a bit of unbinding, we have:

```
Tuple counts for Essa::MethodCallsiteRefinement#24e22a14#f/1@d73d8e27 after 66ms:
215168 ~1%     {2} r1 = SCAN Definitions::SsaSourceVariable#class#486534ab#f OUTPUT In.0, In.0
283965 ~2%     {2} r2 = JOIN r1 WITH SsaDefinitions::SsaSource::method_call_refinement#9197156e#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1
401274 ~0%     {2} r3 = JOIN r2 WITH Essa::EssaNodeRefinement::getDefiningNode#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'this'
266671 ~2%     {1} r4 = JOIN r3 WITH Essa::TEssaNodeRefinement#24e22a14#ffff_03#join_rhs ON FIRST 2 OUTPUT Lhs.1 'this'
266671 ~2%     {1} r5 = r4 AND NOT Essa::SingleSuccessorGuard#class#24e22a14#f(Lhs.0 'this')
                return r5
```
(I'm somewhat confused about the slight difference in tuples, but it's
probably just because the compiler moved some stuff around.)
2022-04-27 11:13:37 +00:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport
Remove redundant imports
2022-04-27 12:39:51 +02:00
Henry Mercer
60ebf4d9b7 Enable Dependabot updates for Actions
This will automatically create update PRs for workflow files referencing Actions that have since had a major update.
2022-04-27 11:37:22 +01:00
yoff
9d774463f5 Merge pull request #8859 from tausbn/python-fix-bad-essa-joins
Python: Fix a bunch of bad joins
2022-04-27 12:27:50 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
2022-04-27 11:27:43 +01:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00
Tom Hvitved
790d97714f Ruby: Replace Element with Element[any]
To make it look more like `Argument` tokens.
2022-04-27 11:53:25 +02:00
Tom Hvitved
d1c9d68e14 Ruby: Generalize ArrayElementContent to ElementContent 2022-04-27 11:53:21 +02:00
Tom Hvitved
597424809f Merge pull request #8893 from hvitved/ruby/simplify-fetch-summary
Ruby: Simplify flow summary for `fetch`
2022-04-27 11:47:11 +02:00
Paolo Tranquilli
0100c7171d Swift: testing non-trivial dataclass properties 2022-04-27 10:17:49 +02:00
Paolo Tranquilli
7f0476049f Swift: removed spurious mock import 2022-04-27 09:11:14 +02:00
Paolo Tranquilli
68231bfc27 Swift: bump python version to 3.8 in workflow 2022-04-27 08:55:27 +02:00
Tom Hvitved
3b7fe06858 Ruby: Simplify flow summary for fetch 2022-04-27 08:26:24 +02:00
Paolo Tranquilli
f171ce6341 Swift: add unit tests to code generation
Tests can be run with
```
bazel test //swift/codegen:tests
```

Coverage can be checked installing `pytest-cov` and running
```
pytest --cov=swift/codegen swift/codegen/test
```
2022-04-27 08:24:11 +02:00
Harry Maclean
992cc517a8 Ruby: Minor changes to InsecureDownload 2022-04-27 18:04:21 +12:00
Harry Maclean
f35379bf8c Ruby: Add change note for rb/insecure-download 2022-04-27 12:47:09 +12:00
Harry Maclean
a85811ad69 Remove unused field 2022-04-27 12:47:09 +12:00
Harry Maclean
6998608257 Ruby: Document missing test result 2022-04-27 12:47:09 +12:00
Harry Maclean
bb3fb0325b Ruby: Add InsecureDownload query
This query finds cases where a potentially unsafe file is downloaded
over an unsecured connection.
2022-04-27 12:47:09 +12:00
Harry Maclean
ce7675ef43 Ruby: Identify domain in Net::HTTP requests 2022-04-27 12:47:09 +12:00
Harry Maclean
bbc3043836 Add change note for rb/regex/missing-regexp-anchor 2022-04-27 10:12:33 +12:00
Harry Maclean
af2965c2a0 Explain anchors in MissingRegExpAnchor qlhelp 2022-04-27 10:12:33 +12:00
Harry Maclean
6f9dc5eb7e Ruby: Update import for file move 2022-04-27 10:12:33 +12:00
Harry Maclean
2feb4a48be Ruby: Add hasMisleadingAnchorPrecedence to MissingRegExpAnchor 2022-04-27 10:12:33 +12:00
Harry Maclean
3f8b27c0cd Ruby: Add RegExpNonWordBoundary to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
e3c3c00c68 Ruby: Add MissingRegExpAnchor query 2022-04-27 10:12:33 +12:00
Harry Maclean
debc57b417 Ruby: Add RegExpAnchor to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
d95f533d19 Ruby: Add getLastChild to RegExpParent 2022-04-27 10:12:33 +12:00
Nick Rolfe
2d05ea3519 Merge pull request #8885 from SukkaW/replace-git-io-link 2022-04-26 20:29:32 +01:00
Mathias Vorreiter Pedersen
800e4ea7df Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars
C++: generate IR for global variables with initializers
2022-04-26 18:17:13 +01:00
Geoffrey White
7ce040f331 Merge pull request #8736 from geoffw0/xxe
C++: New query for CWE-611 / XML External Entity Expansion (XXE)
2022-04-26 17:21:06 +01:00
Nick Rolfe
649d7dd022 Merge pull request #8607 from github/nickrolfe/incomplete_sanitization
Ruby: port of `js/incomplete-sanitization`
2022-04-26 17:10:24 +01:00
Geoffrey White
742949154b C++: Apply code style suggestion. 2022-04-26 16:53:24 +01:00
Taus
7d736952db Python: Update expected output 2022-04-26 15:49:40 +00:00
Anna Railton
eacfceb6ce Merge pull request #8605 from github/annarailton/new-query-label-mappings
Experimental (ATM): update query label mappings
2022-04-26 16:39:06 +01:00
SukkaW
0c4885caa7 Replace git.io link with the actual URL 2022-04-26 23:28:34 +08:00
Jonathan Leitschuh
2565cdb964 Add additional File taint value flow models
Adds
 - File::getAbsoluteFile
 - File::getCanonicalFile
 - File::getAbsolutePath
 - File::getCanonicalPath
2022-04-26 10:42:53 -04:00
Nick Rolfe
2a4d65f917 Merge pull request #8881 from github/nickrolfe/graph_ordering_typo 2022-04-26 14:30:49 +01:00
Nick Rolfe
a7185e8a75 Ruby: fix typo in edge key for graph query 2022-04-26 13:56:38 +01:00
Erik Krogh Kristensen
7dba2b5868 PY: revert deletion of redundant-import in ClientSuppliedIpUsedInSecurityCheckLib.qll 2022-04-26 14:51:21 +02:00
Chris Smowton
d01c847839 Make import private
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-04-26 13:34:24 +01:00
Chris Smowton
c0c50147b3 Replace singleton set 2022-04-26 13:34:24 +01:00
Artem Smotrakov
03d86306b2 Use doc-comment in JMS.qll 2022-04-26 13:34:24 +01:00
Artem Smotrakov
12ca1f0b11 Fixed library-tests/frameworks/guava/handwritten/flow.ql 2022-04-26 13:34:24 +01:00
Artem Smotrakov
52b7fbf484 Removed non-ASCII characters 2022-04-26 13:34:24 +01:00
Artem Smotrakov
e86fd72529 Moved RabbitMQ tests to java/ql/test/library-tests/frameworks/rabbitmq 2022-04-26 13:34:23 +01:00
Artem Smotrakov
3369ffc3c2 Removed RabbitMQ import in FlowSteps.qll 2022-04-26 13:34:23 +01:00
Artem Smotrakov
d7ad13b8de Fixed typos in JMS.qll 2022-04-26 13:34:23 +01:00
Artem Smotrakov
20f185e772 Use tainted tag in JMS tests 2022-04-26 13:34:23 +01:00
Artem Smotrakov
7158fd1ce8 minorAnalysis in 2022-04-17-jms.md
Co-authored-by: Chris Smowton <smowton@github.com>
2022-04-26 13:34:23 +01:00
Artem Smotrakov
152de1533e Added a change note for JMS 2022-04-26 13:34:23 +01:00
Artem Smotrakov
b6bd4f92d1 Added sources and steps for JMS API 2022-04-26 13:34:21 +01:00
Artem Smotrakov
5c6aa15fe5 Fixed model for DataInput
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2022-04-26 13:34:05 +01:00
Artem Smotrakov
269143a19f Java: Added sources and flow steps for RabbitMQ 2022-04-26 13:34:04 +01:00
Artem Smotrakov
fb39e0f577 Java: Added flow steps for DataInput and ObjectInput 2022-04-26 13:32:48 +01:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Nick Rolfe
3737248deb Merge pull request #8879 from github/nickrolfe/graph_ordering
Ruby: fix graph query tests by defining total ordering
2022-04-26 13:22:53 +01:00
yoff
76f2eca1ee Merge pull request #8560 from erik-krogh/movePolyTest
PY: move the polynomialbacktracking-test to the test folder
2022-04-26 14:21:30 +02:00
Tony Torralba
75b7234a77 Add missing QLDoc 2022-04-26 14:07:07 +02:00
Nick Rolfe
a2f66e8631 Ruby: specify total ordering for test graph queries 2022-04-26 12:58:44 +01:00
Tony Torralba
b69d81ce24 Make all imports of ExternalFlow private 2022-04-26 13:48:44 +02:00
Anders Schack-Mulligen
ff1c6ca4d6 Java: Fix join-order. 2022-04-26 13:43:41 +02:00
Alex Denisov
5db18bb845 Swift: add a comment clarifying swift::FrontendObserver 2022-04-26 13:35:10 +02:00
Tony Torralba
2ee83e2ba2 Add Editable.toString flow step 2022-04-26 13:34:16 +02:00
Alex Denisov
e2332fc5ec Swift: Replace SwiftExtractor class with a function 2022-04-26 13:32:14 +02:00
Anders Schack-Mulligen
e5eef51e9d Merge pull request #8875 from aschackmull/java/useless-imports
Java: Remove some useless imports.
2022-04-26 13:32:09 +02:00
Anders Schack-Mulligen
8cd506e513 Merge pull request #8874 from smowton/smowton/fix/insecure-cookies-look-through-named-constants
Java insecure cookies query: look through named constants
2022-04-26 12:52:12 +02:00
Erik Krogh Kristensen
881e5e16b5 Java: revert deletion of redundant imports 2022-04-26 12:47:39 +02:00
Anders Schack-Mulligen
7002f49abc Java: Remove some useless imports. 2022-04-26 12:37:03 +02:00
Chris Smowton
2a8f179d6f Merge pull request #8865 from smowton/smowton/admin/claim-java-18-support
Claim Java 18 support
2022-04-26 11:25:26 +01:00
Chris Smowton
8d7098245b Add change note 2022-04-26 10:38:20 +01:00
Alex Denisov
ebd2ff4fc0 Swift: rename classes to reflect they belong to Swift 2022-04-26 11:33:35 +02:00
Chris Smowton
7d4767a4f5 Java insecure cookies query: look through named constants 2022-04-26 10:32:13 +01:00
Alex Denisov
81e4f9165e Swift: remove -frontend option as we don't need it yet 2022-04-26 11:27:41 +02:00
Mathias Vorreiter Pedersen
3719875861 Merge pull request #8871 from erik-krogh/qlDeleteSyncScript
QL: delete old copy of the identical files scripts
2022-04-26 10:08:34 +01:00
Erik Krogh Kristensen
ba3aa4f186 QL: delete old copy of the identical files scripts 2022-04-26 10:37:14 +02:00
Erik Krogh Kristensen
6738270b65 Merge pull request #8229 from erik-krogh/parenSan
JS: step through parentheses in barrier functions
2022-04-26 10:30:21 +02:00
Alex Denisov
5fc4fab38e Swift: add missing 'overrides' 2022-04-26 10:07:41 +02:00
Anders Schack-Mulligen
59aedc2872 Merge pull request #8853 from aschackmull/dataflow/fix-join
Dataflow: Fix join-on-config producing a CP.
2022-04-26 09:52:50 +02:00
Jeroen Ketema
e7580b68d8 Merge pull request #8852 from jketema/frontend-update
Fix test regressions due to C++ frontend  update
2022-04-26 09:52:34 +02:00
Mathias Vorreiter Pedersen
8d2bd66d85 Merge pull request #8861 from MathiasVP/update-schema
Swift: Update `schema.yml` and regenerate files
2022-04-26 08:45:54 +01:00
Anders Schack-Mulligen
d5fcb4342e Merge pull request #8868 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-04-26 08:55:38 +02:00
github-actions[bot]
51b2eb78a9 Add changed framework coverage reports 2022-04-26 00:15:54 +00:00
Mathias Vorreiter Pedersen
b8165d47b7 Merge pull request #724 from github/post-release-prep/codeql-cli-2.9.0
Post-release preparation for codeql-cli-2.9.0
2022-04-25 22:53:17 +01:00
Mathias Vorreiter Pedersen
aca4c8727f Merge pull request #8802 from github/post-release-prep/codeql-cli-2.9.0
Post-release preparation for codeql-cli-2.9.0
2022-04-25 22:52:55 +01:00
Chris Smowton
9cebbaa370 Claim Java 18 support 2022-04-25 21:21:03 +01:00
Jeroen Ketema
73e4f0c044 C++: Set clang_version to the default from previous frontend version
This ensures that `__atomic_fetch_min` parses and that the number of
builtins does not changed compared to the previous version of the
frontend.
2022-04-25 21:15:28 +02:00
Jeroen Ketema
ccd545336c C++: Fix tests where float128 error message has changed 2022-04-25 21:14:20 +02:00
Jeroen Ketema
8e7066600a C++: Fix test failures where location of reference dereference in lambda changed 2022-04-25 21:14:17 +02:00
Jeroen Ketema
6c1e21cd91 C++: Fix test where variable access position is more accurate in frontend 2022-04-25 21:14:06 +02:00
Jeroen Ketema
5b0603a5b9 C++: Artificial block insertion for loops and switches has changed in frontend
There are now more artificial blocks containing more than one instruction
(artificial blocks containing a single instruction have the extractor only
emit that instruction and not the block). The second instruction in each case
is the label for breaking out of a loop or switch.
2022-04-25 21:13:52 +02:00
Jeroen Ketema
d43ae9b7ed C++: More artificially inserted blocks carry location information in frontend 2022-04-25 21:13:29 +02:00
Jeroen Ketema
a546e6e01c C++: Update test to run with C++14
The test uses an `auto` return type without a trailing return type, which is
a C++14 feature.
2022-04-25 21:13:24 +02:00
Jeroen Ketema
b9e7045a2f C++: Update vector type test to reflect it uses old-clang features
These features are no longer available and the frontend does stricter checking
on this.
2022-04-25 21:13:04 +02:00
Robert Marsh
d0fc348ad9 C++: autoformat 2022-04-25 14:17:49 -04:00
Mathias Vorreiter Pedersen
2c33a7cdd8 Merge pull request #8862 from github/add-swift-to-labeler
Include Swift in `labeler.yml`
2022-04-25 17:10:38 +01:00
Jean Helie
47fdb79cf8 Merge pull request #8751 from github/jhelie/add-gitkeep-to-model-resources
ML: add .gitkeep to resources dir in which ML models are to be found
2022-04-25 18:08:24 +02:00
Mathias Vorreiter Pedersen
00b1e4b3dd Include Swift in labeler.yml 2022-04-25 16:57:47 +01:00
Mathias Vorreiter Pedersen
8869038b4f Swift: Update schema.yml and regenerate files. 2022-04-25 16:15:37 +01:00
Alex Denisov
906ce34e2f Swift: generate QL files properly 2022-04-25 17:09:29 +02:00
Mathias Vorreiter Pedersen
8e1d079db7 Merge pull request #8858 from github/erik-krogh/enable-ql-for-ql-swift
QL: add swift to QL-for-QL
2022-04-25 16:00:56 +01:00
Alex Denisov
355504a86a Swift: use File from QL library 2022-04-25 16:58:30 +02:00
James Fletcher
5a7043f528 Update analyzing-databases-with-the-codeql-cli.rst 2022-04-25 15:57:18 +01:00
Alex Denisov
6f0ddaa431 Merge branch 'main' into alexdenisov/swift-first-extractor-test 2022-04-25 16:53:22 +02:00
Taus
d4fc096ea8 Python: Use local flow in Pythagorean.ql
The hand-rolled notion of flow was causing some severe performance
issues (on a few databases):

```
Tuple counts for Pythagorean::square#168e234a#f#loop_invariant_prefix/2@c86989kr after 6m35s:
175000     ~5%     {2} r1 = JOIN SSA::SsaVariable::getDefinition#dispred#f0820431#ff_10#join_rhs WITH Flow::ControlFlowNode::getNode#dispred#f0820431#bf ON FIRST 1 OUTPUT Lhs.1, Rhs.1 'arg0'
174500     ~6%     {2} r2 = JOIN r1 WITH SSA::SsaVariable::getVariable#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0'
1467782500 ~5%     {3} r3 = JOIN r2 WITH AstGenerated::Name_::getVariable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT 3, Rhs.1 'arg1', Lhs.1 'arg0'
1467553000 ~0%     {2} r4 = JOIN r3 WITH py_expr_contexts_12#join_rhs ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1'
                    return r4
```

Rewriting it to use the data flow library made all of this go away. 🎉
2022-04-25 14:35:37 +00:00
Taus
b2cc91369a Python: Fix bad join in firstUse
This was what it looked like (at the point when I killed the evaluation):

```
Tuple counts for SsaCompute::SsaComputeImpl::AdjacentUsesImpl::firstUse#c5fa2be7#ff/2@i1#be98bwif after 1m50s:
274000     ~7%     {4} r1 = SCAN SsaCompute::SsaComputeImpl::AdjacentUsesImpl::definesAt#c5fa2be7#ffff OUTPUT In.1, In.0 'def', In.2, In.3
2731768000 ~1%     {7} r2 = JOIN r1 WITH SsaCompute::SsaComputeImpl::AdjacentUsesImpl::variableSourceUse#c5fa2be7#ffff ON FIRST 1 OUTPUT Rhs.0, Lhs.2, Lhs.3, Rhs.2, Rhs.3, Rhs.1 'use', Lhs.1 'def'
178000     ~4%     {2} r3 = JOIN r2 WITH SsaCompute::SsaComputeImpl::AdjacentUsesImpl::adjacentVarRefs#c5fa2be7#fffff ON FIRST 5 OUTPUT Lhs.6 'def', Lhs.5 'use'
                    return r3
```

And this is what it looks like now:

```
Tuple counts for SsaCompute::SsaComputeImpl::AdjacentUsesImpl::firstUse#c5fa2be7#ff/2@i1#f9d6ewsi after 207ms:
931353  ~2%     {4} r1 = SCAN SsaCompute::SsaComputeImpl::AdjacentUsesImpl::variableSourceUse#c5fa2be7#ffff OUTPUT In.0, In.2, In.3, In.1 'use'
1050477 ~0%     {4} r2 = JOIN r1 WITH SsaCompute::SsaComputeImpl::AdjacentUsesImpl::adjacentVarRefs#c5fa2be7#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.0, Rhs.3, Rhs.4, Lhs.3 'use'
506626  ~0%     {2} r3 = JOIN r2 WITH SsaCompute::SsaComputeImpl::AdjacentUsesImpl::definesAt#c5fa2be7#ffff_1230#join_rhs ON FIRST 3 OUTPUT Rhs.3 'def', Lhs.3 'use'
                return r3
```
2022-04-25 14:33:31 +00:00
Erik Krogh Kristensen
f5e1aa7c98 QL: add swift to QL-for-QL 2022-04-25 16:29:44 +02:00
Taus
49233268a9 Python: Fix bad join in getValue
We were building essentially a CP of all control flow nodes:

```
Tuple counts for Essa::AssignmentDefinition::getValue#dispred#f0820431#ff/2@dd1f67vl after 2m45s:
733365     ~6%     {3} r1 = JOIN Essa::TEssaNodeDefinition#24e22a14#ffff_30#join_rhs WITH Essa::EssaNodeDefinition::getDefiningNode#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.0
376588     ~0%     {2} r2 = JOIN r1 WITH SsaDefinitions::SsaSource::assignment_definition#9197156e#fff ON FIRST 2 OUTPUT Lhs.2 'this', Rhs.2 'result'
376588     ~0%     {3} r3 = JOIN r2 WITH Essa::TEssaNodeDefinition#24e22a14#ffff_30#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'this', Lhs.1 'result'
6965593033 ~2%     {3} r4 = JOIN r3 WITH project#SsaDefinitions::SsaSource::assignment_definition#9197156e ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.1, Lhs.2 'result'
376588     ~0%     {2} r5 = JOIN r4 WITH Essa::EssaNodeDefinition::getDefiningNode#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.2 'result'
                    return r5
```

We first tried preventing the join on `result`, but this caused the
characteristic predicate to blow up instead. Finally, we figured just
putting the `value` part in a field would be sufficient, and this did
the trick.
2022-04-25 14:28:00 +00:00
Tony Torralba
85d5b122f7 Merge pull request #8817 from atorralba/atorralba/cleartext-storage-sharedprefs-improvs
Java: Add value-preserving flow steps for Android's SharedPreferences
2022-04-25 16:16:46 +02:00
Erik Krogh Kristensen
0a26e891a2 include startsWith/endsWith checks in js/missing-origin-check 2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen
17005dde2d QL: fix query-id, and add description 2022-04-25 15:21:35 +02:00
Mathias Vorreiter Pedersen
3199a690aa Merge pull request #8854 from redsun82/swift-ql-gen
Swift: QL generation script
2022-04-25 14:05:25 +01:00
Paolo Tranquilli
643471f400 add temporary exception for Swift for QLdoc 2022-04-25 14:24:22 +02:00
Erik Krogh Kristensen
fe3d71ebc2 fix qhelp: the window, not the origin, is sending the message
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-04-25 14:07:01 +02:00
Paolo Tranquilli
cdb10a2151 Swift: fix codegen check 2022-04-25 14:03:48 +02:00
Paolo Tranquilli
9bf4c72085 Swift: split codegen action and fix dependencies 2022-04-25 14:00:41 +02:00
Anders Schack-Mulligen
60eb341b49 Merge pull request #8851 from aschackmull/shared/accesspathsyntax-cleanup
Minor clean-up in AccessPathSyntax.qll
2022-04-25 13:47:22 +02:00
Mathias Vorreiter Pedersen
faaa2cedcd Merge pull request #8849 from JohnMcSandwich/main
C++: add new Windows pool allocation functions in `Allocation.qll`
2022-04-25 12:46:31 +01:00
Paolo Tranquilli
de0fa9e456 Swift: QL generation script
Also added code generation to the swift checks.
2022-04-25 13:23:36 +02:00
Anders Schack-Mulligen
c06efa1f42 Dataflow: Sync. 2022-04-25 13:11:04 +02:00
Anders Schack-Mulligen
f4d93f089a Dataflow: Fix join-on-config producing a CP. 2022-04-25 13:10:31 +02:00
Tony Torralba
f1e5e57d76 Update java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll 2022-04-25 12:39:01 +02:00
Anders Schack-Mulligen
40a16325a9 Minor clean-up in AccessPathSyntax. 2022-04-25 12:27:48 +02:00
Alex Denisov
5b20d580be Swift: use parenthesis instead of curly braces 2022-04-25 12:26:34 +02:00
Anders Schack-Mulligen
cbdd4927ce Merge pull request #8582 from Marcono1234/marcono1234/JumpStmt-superclass
Java: Make `JumpStmt` a proper superclass
2022-04-25 12:22:20 +02:00
Anders Schack-Mulligen
fd2904d49c Merge pull request #8760 from Marcono1234/patch-1
Clarify `min`, `max` and `rank` documentation
2022-04-25 12:20:00 +02:00
Tom Hvitved
bffa8fa7cb Merge pull request #8641 from hvitved/dataflow/interpret-read-store
Data flow: Introduce `ContentSet`
2022-04-25 12:17:34 +02:00
Mathias Vorreiter Pedersen
516ef8d27a Update cpp/ql/lib/change-notes/2022-04-25-windows-pool-allocation-functions.md
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-04-25 10:54:12 +01:00
Mathias Vorreiter Pedersen
12c8d9c60e C++: Add change note. 2022-04-25 10:51:49 +01:00
Alex Denisov
8bcdfb2e4f Swift: initialize LLVM
No need to shutdown LLVM, it's done by the PROGRAM_START macro
2022-04-25 11:49:21 +02:00
Alex Denisov
462133e0f0 Swift: add more comments 2022-04-25 11:48:51 +02:00
Erik Krogh Kristensen
b5193d99d7 have getSourceType() depend on which kind of event it is 2022-04-25 11:32:52 +02:00
Anders Schack-Mulligen
b21f077e8e Update java/ql/lib/semmle/code/java/Statement.qll 2022-04-25 11:02:23 +02:00
Jeroen Ketema
ba2a884a45 Merge pull request #8818 from jketema/links
Replace `help.semmle.com` links by `codeql.github.com` links
2022-04-25 10:25:42 +02:00
JohnMcSandwich
b3dff77d1a C++: add new Windows pool allocation functions in Allocation.qll
Add:
 - ExAllocatePool2
 - ExAllocatePool3
 - ExAllocatePoolZero
2022-04-25 10:21:42 +02:00
Mathias Vorreiter Pedersen
e8b6bfbe0e Merge pull request #8813 from jketema/buffer
C++: Cover variable sized member arrays without a size in `Buffer.qll`
2022-04-25 09:20:31 +01:00
Tom Hvitved
2466288656 Data flow: Simplify revFlowStore 2022-04-25 10:11:54 +02:00
Tom Hvitved
cf0a1e748a Add change notes 2022-04-25 09:17:40 +02:00
Jeroen Ketema
79164056d1 Replace help.semmle.com links by codeql.github.com links 2022-04-22 20:42:11 +02:00
Jeroen Ketema
a4711206c8 Merge pull request #8769 from felickz/patch-1
Docs - Supported Queries - Fixing broken link
2022-04-22 18:29:27 +02:00
Tony Torralba
d982aeaf6f Add change note 2022-04-22 17:50:47 +02:00
Mathias Vorreiter Pedersen
1e61fdde8b Merge pull request #8815 from jketema/unreachable-test-case
C++: Add non-returning function test case using `__builtin_expect`
2022-04-22 16:47:44 +01:00
Tony Torralba
f1c08bc492 Add value-preserving steps for SharedPreferences 2022-04-22 17:44:59 +02:00
Jeroen Ketema
97d4a12fb2 C++: Add non-returning function test case using __builtin_expect 2022-04-22 17:10:54 +02:00
Jeroen Ketema
dee0f09197 C++: Cover variable sized member arrays without a size in Buffer.qll
Currently the extractor incorrectly emits 0 for the array `data` below:
```
struct myStruct { // c
   ...
   char data[]; // v
};
```
This will change in the future, and  no size will be emitted anymore.
This commit makes sure `Buffer.qll` handles arrays without sizes.
2022-04-22 16:57:24 +02:00
Robert Marsh
ebdf553621 Merge pull request #8806 from dbartol/dbartol/typedefs/work
C++: Work around missing size for typedef
2022-04-22 10:09:24 -04:00
Rasmus Wriedt Larsen
3e8274ede8 Merge pull request #8812 from RasmusWL/stdlib-FileSystemAccess-improvement
Python: Minor Stdlib file system access improvement
2022-04-22 16:06:41 +02:00
Tom Hvitved
3edc72feb6 Update CaptureModels.qll 2022-04-22 15:49:17 +02:00
Erik Krogh Kristensen
45080e7777 PY: add missing qldoc 2022-04-22 15:30:31 +02:00
Erik Krogh Kristensen
acac8919b3 PY: update expected output for deprecation warning in test file 2022-04-22 15:28:31 +02:00
Tom Hvitved
bc6ee10583 Data flow: Sync files 2022-04-22 15:10:00 +02:00
Tom Hvitved
488a4ede94 Data flow: Inline getAStoreContent up-front 2022-04-22 15:09:59 +02:00
annarailton
9c25da20a4 Update queryNames 2022-04-22 13:42:29 +01:00
CodeQL CI
06e5962da7 Merge pull request #8791 from asgerf/js/static-accessors
Approved by erik-krogh
2022-04-22 13:39:32 +01:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
Rasmus Wriedt Larsen
03c0366fd4 Merge branch 'main' into stdlib-FileSystemAccess-improvement 2022-04-22 14:31:31 +02:00
Erik Krogh Kristensen
789b0a46d1 Merge pull request #8578 from erik-krogh/labelNaming
JS: update `toString()` on API-graph labels.
2022-04-22 14:27:25 +02:00
Erik Krogh Kristensen
3b0066e93d address review comments 2022-04-22 14:01:24 +02:00
Geoffrey White
d859a91a14 C++: Add support for createLSParser. 2022-04-22 12:24:01 +01:00
Erik Krogh Kristensen
8fcbaea273 Merge branch 'main' into labelNaming 2022-04-22 13:19:44 +02:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Geoffrey White
79aba67036 Merge branch 'main' into xxe 2022-04-22 11:50:41 +01:00
Erik Krogh Kristensen
ae20393e38 QL: add redundant-import query 2022-04-22 12:47:13 +02:00
Erik Krogh Kristensen
a96489b23d delete duplicate imports 2022-04-22 12:41:30 +02:00
Erik Krogh Kristensen
c015ef6ef4 Merge pull request #8810 from erik-krogh/rubyPathgraph
Ruby: dont import the PathGraph module from Query.qll files
2022-04-22 12:02:59 +02:00
Mathias Vorreiter Pedersen
489355cdab Merge pull request #8793 from MathiasVP/exclude-internal-diagnostics
Exclude internal diagnostics from all selectors
2022-04-22 10:55:38 +01:00
Tom Hvitved
093a3879be Merge pull request #8794 from hvitved/ruby/capture-barrier-guards
Ruby: Handle captured variables in `BarrierGuard::getAGuardedNode()`
2022-04-22 11:47:36 +02:00
Erik Krogh Kristensen
a737350f27 RB: dont import the PathGraph module from Query.qll files 2022-04-22 11:46:06 +02:00
Anders Schack-Mulligen
bf921177f4 Merge pull request #8811 from erik-krogh/syncLate
Java: get tainttracking3/TaintTrackingImpl.qll in sync
2022-04-22 11:21:01 +02:00
Asger F
0187e9a3b1 Merge pull request #8808 from vovikhangcdv/doublevkay/fixing-PrototypePollutngAssignment-examples
Javascript: Fix PrototypePollutingAssignment example which is incorrect use of express leads to no result when scanning.
2022-04-22 11:18:23 +02:00
Tom Hvitved
be5363ea53 Merge pull request #8801 from hvitved/ruby/exclude-splat-in-taint-tracking
Ruby: Exclude `SplatExpr` from taint tracking
2022-04-22 11:12:05 +02:00
Rasmus Wriedt Larsen
650d57083b Python: Recognize path arguments to pathlib methods 2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen
bcaba45202 Python: Expand pathlib tests 2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen
059dea713d Python: Fix os.path.samefile modeling 2022-04-22 11:01:59 +02:00
Erik Krogh Kristensen
dca74a1f45 get tainttracking3/TaintTrackingImpl.qll in sync 2022-04-22 10:37:31 +02:00
Chris Smowton
d309e15072 Merge pull request #8748 from smowton/smowton/admin/dependent-dataflow-configs
Java: Avoid higher-numbered dataflow configs that depend on lower-numbered ones
2022-04-22 08:56:00 +01:00
Alex Denisov
aa13891667 Swift: regenerate dbscheme 2022-04-22 09:42:22 +02:00
Mathias Vorreiter Pedersen
35471ff23c Merge pull request #8809 from AlexDenisov/alexdenisov/rename-swift-db-columns
Swift: rename certain dbscheme columns
2022-04-22 08:17:37 +01:00
Mathias Vorreiter Pedersen
52dc016a7a Merge pull request #8798 from jketema/using
C++: Fix tests after extractor changes that improve `using` position accuracy
2022-04-22 08:15:34 +01:00
Alex Denisov
2ce46a9b60 Swift: remove test table from dbscheme 2022-04-22 08:48:44 +02:00
Alex Denisov
c6c51e1ab9 Swift: build with Clang on Linux 2022-04-22 08:48:44 +02:00
Alex Denisov
62d36a29f7 Swift: Extract files 2022-04-22 08:48:38 +02:00
Alex Denisov
e85cdf2ec3 Swift: rename certain dbscheme columns 2022-04-22 08:31:09 +02:00
AlexDenisov
a5189eae9f Merge pull request #8735 from redsun82/swift-dbscheme-gen
Swift: dbscheme generator
2022-04-22 08:26:59 +02:00
Khang. Võ Vĩ
f4581ae866 fix PrototypePollutingAssignment examples 2022-04-22 11:55:45 +07:00
Dave Bartolomeo
83fdff54c4 Work around missing size for typedef
See #8805 for the underlying issue. The symptom was bad IR generation on a large number of functions because we never generated an `IRVariable` for a parameter with the affected type.
2022-04-21 16:16:09 -04:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
59cc2898c9 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:17 +00:00
Tom Hvitved
c20ce62767 Ruby: Exclude SplatExpr from taint tracking
`SplatExpr`s are modelled using flow summaries, so there is no need to include them
explicitly in `defaultAdditionalTaintStep`.
2022-04-21 20:27:04 +02:00
Mathias Vorreiter Pedersen
813de65118 Merge pull request #8799 from jketema/comment-fix
C++: Fix the layout of comments in `getBufferSize`
2022-04-21 17:17:42 +01:00
Mathias Vorreiter Pedersen
7df7e99761 Merge pull request #8797 from github/release-prep/2.9.0
Release preparation for version 2.9.0
2022-04-21 17:14:52 +01:00
Mathias Vorreiter Pedersen
d2d92fad36 Merge pull request #723 from github/release-prep/2.9.0
Release preparation for version 2.9.0
2022-04-21 17:14:45 +01:00
Owen Mansel-Chan
6f91cc1cb1 Merge pull request #719 from owen-mc/bugfix/find-callee-through-function-variables
Look for callees through function variables
2022-04-21 17:00:59 +01:00
Geoffrey White
40da7a1055 C++: Add a test of NoCheckBeforeUnsafePutUser.ql. 2022-04-21 16:55:50 +01:00
Jeroen Ketema
a09fd8c35e C++: Fix the layout of comments in getBufferSize 2022-04-21 17:42:10 +02:00
Jeroen Ketema
8139e1a2a8 C++: Fix tests after extractor changes that improve using position accuracy 2022-04-21 17:36:11 +02:00
Dave Bartolomeo
410bc6f2e0 Fix formatting in change log 2022-04-21 11:04:30 -04:00
Dave Bartolomeo
71b4570765 Fix formatting in change log 2022-04-21 11:03:52 -04:00
Dave Bartolomeo
55e1ec2b47 Fix formatting in change log 2022-04-21 11:03:18 -04:00
Dave Bartolomeo
e9be6fcf86 Fix formatting in change log 2022-04-21 11:02:58 -04:00
Dave Bartolomeo
b2fe530f1c Fix formatting in change log 2022-04-21 11:02:31 -04:00
Dave Bartolomeo
136d3ff1f4 Fix formatting in change log 2022-04-21 11:02:07 -04:00
Dave Bartolomeo
d0687303f4 Fix formatting in change log 2022-04-21 11:01:39 -04:00
Dave Bartolomeo
033694d7f7 Fix formatting in change log 2022-04-21 11:00:38 -04:00
Dave Bartolomeo
b224f81e24 Fix formatting in change log 2022-04-21 10:59:38 -04:00
Dave Bartolomeo
fb710cd944 Fix formatting in change log 2022-04-21 10:59:03 -04:00
Dave Bartolomeo
f042d9bfea Fix formatting in change log 2022-04-21 10:58:26 -04:00
Dave Bartolomeo
36ca792986 Fix formatting in change log 2022-04-21 10:57:35 -04:00
Dave Bartolomeo
ab50df829e Fix formatting in change log 2022-04-21 10:57:05 -04:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
github-actions[bot]
355f4c6186 Release preparation for version 2.9.0 2022-04-21 14:48:55 +00:00
Tom Hvitved
bd09c61504 Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens
Ruby: Implement `Argument[any]` and `Argument[n..]`
2022-04-21 16:31:24 +02:00
Michael Nebel
0ec5aa6095 Merge pull request #8675 from michaelnebel/csharp/capturemodelimprovement
C#: CaptureModel improvements
2022-04-21 15:16:35 +02:00
Tom Hvitved
addb92f13b Ruby: Handle captured variables in BarrierGuard::getAGuardedNode() 2022-04-21 13:25:47 +02:00
Tom Hvitved
325b451288 Ruby: Add barrier guards test involving captured variables 2022-04-21 13:25:40 +02:00
Michael Nebel
6180970ae7 C#: Address review comments. 2022-04-21 13:05:32 +02:00
Owen Mansel-Chan
5f3b913d7f Add change note 2022-04-21 11:34:51 +01:00
Owen Mansel-Chan
62489e1afd Fix viableCallable for function variables 2022-04-21 11:32:08 +01:00
Owen Mansel-Chan
69c9099a24 Look for callees through function variables 2022-04-21 11:32:07 +01:00
Owen Mansel-Chan
373017ab9d Add tests for callees through function variables 2022-04-21 11:32:07 +01:00
Owen Mansel-Chan
528a735a0d Improve CallNode.getCalleeName
Note that any results from expr.getTarget().getName() are also results
from expr.getCalleeName(), so it was redundant to have a disjunction of
both of them.
2022-04-21 11:30:28 +01:00
Owen Mansel-Chan
b6702b644d Improve documentation of CallExpr.getCalleeName 2022-04-21 11:30:27 +01:00
Mathias Vorreiter Pedersen
74906fcbaf Add exclusion rules for internal diagnostics queries to all the suite selectors (previously it was only excluded in the Code Scanning selector). 2022-04-21 10:11:26 +01:00
Tom Hvitved
b6309c9db0 Merge pull request #8792 from hvitved/csharp/exclude-model-generation-from-cs-suites
C#: Exclude model generation queries from all suites
2022-04-21 11:06:56 +02:00
Tom Hvitved
f65b6ae3d1 C#: Exclude model generation queries from all suites 2022-04-21 09:51:52 +02:00
Mathias Vorreiter Pedersen
966c6f108b Merge pull request #8720 from MathiasVP/smaller-join-in-get-root-cause
C++: Remove TC from `Element.getRootCause`
2022-04-21 08:23:05 +01:00
Erik Krogh Kristensen
c1798c4ebd remove redundant extends clause 2022-04-21 09:13:18 +02:00
Erik Krogh Kristensen
6007dfa101 fix qldoc in StoredXssCustomizations
Co-authored-by: Asger F <asgerf@github.com>
2022-04-21 09:11:08 +02:00
Erik Krogh Kristensen
b9a7c563d1 fix typo in change note
Co-authored-by: Asger F <asgerf@github.com>
2022-04-21 09:09:56 +02:00
Asger Feldthaus
c6e66edb97 JS: Change note 2022-04-21 08:32:01 +02:00
Harry Maclean
3ea6ba5398 Merge pull request #8618 from hmac/hmac/qlhelp-comment-workflow
Update existing qhelp comment, if it exists
2022-04-21 14:01:17 +12:00
Erik Krogh Kristensen
9927a82520 Merge pull request #8789 from erik-krogh/apiIpaBranches
JS/PY: mention newtype constructors in API graph label classes
2022-04-20 23:39:46 +02:00
Erik Krogh Kristensen
7e73ecceab add change-note 2022-04-20 23:31:42 +02:00
Porcupiney Hairs
06edb3f3a1 fix formatting issues 2022-04-21 00:23:49 +05:30
Erik Krogh Kristensen
ff5b873557 Merge pull request #8773 from erik-krogh/exhaustion
JS: promote `js/resource-exhaustion` out of experimental
2022-04-20 19:33:42 +02:00
Erik Krogh Kristensen
9c5f3e9406 remove leftover debug comments 2022-04-20 18:42:46 +02:00
Erik Krogh Kristensen
aec8413487 PY: mention newtype constructors in API graph label classes 2022-04-20 18:38:44 +02:00
Erik Krogh Kristensen
ef51b46795 JS: mention newtype constructors in API graph label classes 2022-04-20 18:37:19 +02:00
Erik Krogh Kristensen
8bd975a6ec Merge pull request #8785 from hvitved/ruby/api-graph-labels
Ruby: Mention `newtype` constructors in API graph label classes
2022-04-20 18:32:09 +02:00
Erik Krogh Kristensen
06394c8dc6 move storedXss sources to the Customizations file 2022-04-20 18:17:49 +02:00
Erik Krogh Kristensen
58fcdbc406 QL: remove some benign results from ql/abstract-class-import 2022-04-20 18:17:08 +02:00
Erik Krogh Kristensen
81ce8ac715 ATM: fix compiler warnings about unused variables 2022-04-20 18:10:59 +02:00
Erik Krogh Kristensen
4bc36d82f6 update expected output for ATM 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c1c66a0200 refactor CountAlertAndEndpoints to not refer to deprecated files 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c5f7df17ee add .actual files to .gitignore for ATM tests 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
1c5d59f885 fix an instance of ql/acronyms-should-be-pascal-case 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
ea6b68fc59 add missing qldoc 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
12e60c7a06 move TypeTestGuard to the Query.qll file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
b1bad271d5 only activate the PrefixString label in Query.qll files 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
8a5b1668f9 move initialization of sanitizer-guards to Query.qll files 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
73dbe44824 remove dead import 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
8d3bd9d7cd move the ExceptionXss sources into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
25708c5091 move the XssThroughDom sources into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
ad14bbae90 create a customizations file for StoredXss 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
162a4992a5 move the ReflectedXss sources/sinks into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
173e1d0262 move the DomBasedXss sources/sinks into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
9631b68de9 move LocalUrlSanitizingGuard out of the customizations file 2022-04-20 18:10:52 +02:00
Arthur Baars
040dd09c5a Merge pull request #8718 from github/sj/codeowners-pms
Update CODEOWNERS for documentation and license changes
2022-04-20 18:08:43 +02:00
Arthur Baars
98df392b4f Merge pull request #8719 from github/sj/update-readme-license-explanation
Update README to clarify license explanation
2022-04-20 18:07:00 +02:00
AlexDenisov
a187939424 Merge pull request #8784 from AlexDenisov/alexdenisov/swift-package-test-sdk
Swift: package test SDK
2022-04-20 16:07:40 +02:00
Bas van Schaik
732a2c32a8 Update README.md 2022-04-20 15:03:49 +01:00
Anders Schack-Mulligen
677c436e99 Merge pull request #8703 from aschackmull/dataflow/revert-state-in-out-barriers
Dataflow: Revert support for flow-state based in-/out-barriers
2022-04-20 14:54:02 +02:00
Tom Hvitved
ea229d361c Sync files 2022-04-20 13:55:18 +02:00
Tom Hvitved
b4542c58c2 Ruby: Implement Argument[any] and Argument[n..] 2022-04-20 13:55:18 +02:00
Rasmus Wriedt Larsen
bb6969a175 Merge branch 'main' into promote-xxe 2022-04-20 13:42:02 +02:00
Tom Hvitved
501b03149f Ruby: Mention newtype constructors in API graph label classes 2022-04-20 13:37:55 +02:00
Nick Rolfe
9b2a98326c Ruby: update use of PostUpdateNode now that it's public 2022-04-20 12:08:41 +01:00
Nick Rolfe
9b6e610e24 Merge remote-tracking branch 'origin/main' into nickrolfe/incomplete_sanitization 2022-04-20 12:05:22 +01:00
Nick Rolfe
3d109a4051 Merge pull request #8777 from github/nickrolfe/post_update_node
Ruby: make PostUpdateNode public
2022-04-20 12:04:37 +01:00
Alex Denisov
682c910d49 Swift: package test SDK 2022-04-20 12:35:19 +02:00
Mathias Vorreiter Pedersen
3388196c27 Merge branch 'main' into smaller-join-in-get-root-cause 2022-04-20 11:16:00 +01:00
Rasmus Wriedt Larsen
888a38c060 Python: Add change-note 2022-04-20 11:46:09 +02:00
Rasmus Wriedt Larsen
d70f247001 Python: More private import python 2022-04-20 11:42:13 +02:00
Rasmus Wriedt Larsen
084c8eb22e Python: Don't re-export python under DataFlow:: 2022-04-20 11:42:10 +02:00
Rasmus Wriedt Larsen
5dbbd17bb2 Python: Add test to ensure we keep DataFlow imports clean
Currently we're not in a good state :(
2022-04-20 11:41:01 +02:00
Asger F
e60475618d Merge pull request #8728 from asgerf/ql/library-coverage
QL: Add facilities for data flow
2022-04-20 11:40:18 +02:00
Nick Rolfe
f1b8af1db9 Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl 2022-04-20 10:35:40 +01:00
Asger Feldthaus
44216b29a9 JS: Autoformat 2022-04-20 11:14:42 +02:00
Asger Feldthaus
4c66f50352 JS: More tests 2022-04-20 11:14:42 +02:00
Asger Feldthaus
fec2837c1e JS: Ensure accessors do not appear to be calls 2022-04-20 11:14:42 +02:00
Asger Feldthaus
ddb682b181 JS: Show all accessor calls in CG test 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37a76f4441 JS: PropWrite is not a SourceNode 2022-04-20 11:14:41 +02:00
Asger Feldthaus
c9db6201ef JS: Add call-graph test for accessor calls 2022-04-20 11:14:41 +02:00
Asger Feldthaus
7d5c80433d JS: Handle accessor-calls to static accessors 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37b3a6e5c0 JS: Add ClassNode.getStaticMember 2022-04-20 11:14:41 +02:00
Anders Schack-Mulligen
cb898ae03f Merge pull request #8701 from aschackmull/doc/any-none
Doc: Add any() and none() to the language reference.
2022-04-20 10:49:42 +02:00
yoff
0c7130602a Merge pull request #8731 from RasmusWL/delete-old-readme
Python: Delete old dataflow readme
2022-04-20 10:36:12 +02:00
yoff
a66153d73e Merge pull request #8733 from RasmusWL/split-dataflow-private
Python: Split `DataFlowPrivate`
2022-04-20 10:21:05 +02:00
Erik Krogh Kristensen
10130eef6d Merge pull request #8678 from erik-krogh/fileSource
JS: Add files as a source for `js/xss-through-dom`
2022-04-20 09:18:38 +02:00
Harry Maclean
942388e8bc Pipe to jq --arg instead of gh api --jq 2022-04-20 11:41:38 +12:00
Harry Maclean
eba303dea7 Fix typo 2022-04-20 11:21:06 +12:00
luchua-bc
b76873fc8d Add more test cases 2022-04-19 22:22:15 +00:00
Robert Marsh
f94fcf11cd C++: accept dataflow test changes 2022-04-19 13:32:19 -04:00
Felicity Chapman
b10e7300ae Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 17:29:31 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Felicity Chapman
d663102ffb Update docs/codeql/ql-language-reference/formulas.rst 2022-04-19 16:57:05 +01:00
luchua-bc
f0c4b1955b Change getResource() to be a taint step 2022-04-19 15:55:09 +00:00
Felicity Chapman
6fbe227cbc Try to fix Sphinx warning in formulas.rst 2022-04-19 16:36:42 +01:00
Stephan Brandauer
2fb3147b7b Merge pull request #8430 from kaeluka/js/CVE-2022-24718
JS: Add taint step for handlebars model
2022-04-19 15:57:58 +01:00
Michael Nebel
91324d40b5 Merge pull request #8659 from michaelnebel/csharp/capturemodelsmetadata
C#: Add kind tag to Capture model queries.
2022-04-19 16:39:03 +02:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
4ae59b530b Dataflow: Revert flow-state versions of in-/out-barriers. 2022-04-19 15:29:34 +02:00
Nick Rolfe
08f6fbbe10 Ruby: make comment about backslash escaping clearer 2022-04-19 14:05:17 +01:00
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
2022-04-19 18:24:19 +05:30
Geoffrey White
3326fd5400 C++: Update test .expected. 2022-04-19 13:43:17 +01:00
Geoffrey White
5698638d1f Apply suggestions from code review (documentation)
Co-authored-by: hubwriter <hubwriter@github.com>
2022-04-19 13:38:00 +01:00
Erik Krogh Kristensen
8669bbd948 update expected output of rate-limit query after test reorg 2022-04-19 14:27:24 +02:00
Nick Rolfe
76c6a521fd Ruby: add clarifying comment 2022-04-19 13:10:57 +01:00
Anders Schack-Mulligen
82463c9290 Merge pull request #8774 from MathiasVP/nomagic-revPartialPathStep
Add `nomagic` to `revPartialPathStep`
2022-04-19 14:02:04 +02:00
Michael Nebel
c79c9dd573 C#: Don't generate models for any higher order callables. 2022-04-19 12:50:51 +02:00
Michael Nebel
8726766465 C#: Remove the API special case for GetHashCode, Equals and IEquatable.Equals as these are now excluded based on their type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f6fd401df1 C#: Add some testcases, where we don't get a summary due to the use of simple types. 2022-04-19 12:50:51 +02:00
Michael Nebel
f9e5c6b77d C#: Don't use simple types in summaries test cases as these will be excluded in generation purely based on the type. 2022-04-19 12:50:51 +02:00
Michael Nebel
f533636ad7 C#: Remove taint when it flows via a primitive/simple type (as is the case for java). 2022-04-19 12:50:51 +02:00
Nick Rolfe
76587c4144 Ruby: fix capitalisation of String in qhelp 2022-04-19 11:42:31 +01:00
Nick Rolfe
468c718da0 Ruby: simplify predicate 2022-04-19 11:32:26 +01:00
Nick Rolfe
ac805f0cdc Ruby: simplify predicate by using DataFlow::CallNode 2022-04-19 11:27:33 +01:00
Nick Rolfe
ca4dc0583d Ruby: fix comment typos 2022-04-19 11:15:34 +01:00
Geoffrey White
6e184f2438 C++: Rename variables 'a' and 'b'. 2022-04-19 10:57:42 +01:00
Nick Rolfe
14de91ce94 Ruby: make StringSubstitutionCal extend DataFlow::CallNode 2022-04-19 10:52:14 +01:00
Mathias Vorreiter Pedersen
a7c0113bc7 Merge pull request #8741 from geoffw0/autogen
C++: Fix issue with extremely long comments in AutogeneratedFile.qll
2022-04-19 10:45:16 +01:00
Geoffrey White
da38c9041c C++: Improvements from PR comments. 2022-04-19 10:25:00 +01:00
Geoffrey White
50c7e47dd9 C++: Improve QLDoc. 2022-04-19 10:15:12 +01:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-04-19 10:08:07 +01:00
Geoffrey White
0aa1945f30 C++: Comments. 2022-04-19 10:04:15 +01:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Erik Krogh Kristensen
4b6d8e6865 add missing qldoc 2022-04-19 10:56:58 +02:00
Mathias Vorreiter Pedersen
d5722ffa61 C++: Add 'nomagic' to 'revPartialPathStep'. 2022-04-19 09:56:41 +01:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
e0b5197d3c a slight refactor 2022-04-18 22:21:41 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Robert Marsh
cae08c505f Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:25:03 -04:00
Robert Marsh
b5c8413f5c Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:19:25 -04:00
Chuan-kai Lin
b433f08cef Merge pull request #8770 from cklin/csharp-downgrades-remove-version
C#: remove version from downgrades pack
2022-04-18 09:41:21 -07:00
Chuan-kai Lin
8e850ee564 C#: remove version from downgrades pack 2022-04-18 08:46:05 -07:00
Chad Bentz
990b7a29e8 Docs - Supported Queries - Fixing broken link
update link target
2022-04-18 10:30:24 -04:00
Marcono1234
6a48ba955c Clarify that min, max and rank may have multiple results 2022-04-16 19:12:25 +02:00
Marcono1234
8fdfe5426f Clarify min, max and rank documentation regarding expression type 2022-04-16 18:53:07 +02:00
jorgectf
9e1b98e5a4 Detach MyBatisAbstractSqlMethodsStep from MyBatisAbstractSql 2022-04-15 13:08:04 +02:00
Jean Helie
f1f00ccac5 ML: add .gitkeep to resources dir in which ML models are to be found 2022-04-15 12:19:06 +02:00
Chris Smowton
90505949c7 Generally define lower-numbered data-flow configs in terms of higher-numbered ones
Since usually we have DataFlow3::Configurations that stand alone, DataFlow2::Configurations that depend on them, and finally DataFlow::Configurations that produce a top-level query result (for example), qll files where the reverse pattern holds will usually not be concurrently importable due to dataflow configuration recursion prevention.
2022-04-15 09:25:40 +01:00
Chris Smowton
27d87e9300 Add TaintTracking3 2022-04-15 09:25:26 +01:00
Erik Krogh Kristensen
2e5d435bea add CWE-400, and add a reference to DoS attacks 2022-04-14 18:37:50 +02:00
Geoffrey White
8a32c17c56 C++: Fix the issue. 2022-04-14 17:03:28 +01:00
Paolo Tranquilli
24697feebc Swift: integrated template name in dataclass 2022-04-14 15:53:15 +02:00
Paolo Tranquilli
197ea5b8f3 Swift: use more @property in codegen 2022-04-14 12:28:52 +02:00
Paolo Tranquilli
71f9b25500 Swift: uses classes instead of Enum for Properties 2022-04-14 11:35:11 +02:00
Paolo Tranquilli
64496b4c97 Swift: cleanup and some docstrings for codegen
Also added code generation and clang formatting to the pre-commit
configuration.
2022-04-14 11:27:41 +02:00
Paolo Tranquilli
91fd83a554 Swift: dbscheme generator
This patch introduces the basic infrastructure of the code generation
suite and the `dbscheme` generator.

Notice that the checked in `schema.yml` should reflect swift 5.6 but
might need some tweaking.

Closes https://github.com/github/codeql-c-team/issues/979
2022-04-14 11:27:41 +02:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
2022-04-14 11:21:18 +02:00
Geoffrey White
2ac21d6932 C++: Use isBarrier rather than isBarrierOut (which is going away). 2022-04-14 09:21:57 +01:00
Harry Maclean
cf0611d1e7 Pass args to jq via --arg 2022-04-14 13:50:41 +12:00
Harry Maclean
a90647798e Fail workflow if COMMENT_ID fails validation
And print an error message to STDERR.
2022-04-14 13:21:38 +12:00
Harry Maclean
c9a5cb4bf6 Distinguish between validated and raw COMMENT_ID 2022-04-14 13:19:14 +12:00
Harry Maclean
c3f1fba985 Merge pull request #8598 from hmac/hmac/insecure-dep-resolution
Ruby: Add rb/insecure-dependency query
2022-04-14 02:09:44 +02:00
Erik Krogh Kristensen
4c97f68a3d remove postmessage events as source for js/resource-exhaustion 2022-04-13 23:14:42 +02:00
Erik Krogh Kristensen
51a0b6d501 remove client-side remote-flow from js/resource-exhaustion 2022-04-13 23:05:59 +02:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Nick Rolfe
a1a7d2c088 Ruby: add changenote for rb/incomplete-sanitization 2022-04-13 17:32:38 +01:00
Nick Rolfe
fdca896614 Ruby: improve handling of [g]sub!
rb/incomplete-sanitization has a few cases where we find flow from one
one string substitution call to another, e.g.

    a.sub(...).sub(...)

But this didn't find typical chained uses of the destructive variants,
e.g.

    a.sub!(...)
    a.sub!(...)

We now handle those cases by tracking flow from the post-update node for
the receiver of the first call.
2022-04-13 17:19:25 +01:00
Jean Helie
1e39a9caae ML: update regression test output following fix to getAnUnknown predicate 2022-04-13 18:14:16 +02:00
Jean Helie
f87cd164ce ML: add defensive check to ensure Unknown endpoints cannot also be NotASink 2022-04-13 18:14:16 +02:00
Jean Helie
f2b813a6e7 ML: add regression test for effective sink that is also NotASink 2022-04-13 18:14:16 +02:00
Henry Mercer
6603f8ab94 Merge pull request #8734 from github/henrymercer/non-extending-subtypes-minor-fixes
Docs: Fix typo and formatting in "Non-extending subtypes"
2022-04-13 17:11:33 +01:00
Nick Rolfe
bbb8177176 Ruby: add rc/incomplete-sanitization query 2022-04-13 16:48:43 +01:00
Henry Mercer
54b3d4d0d7 Docs: Fix typo and formatting in "Non-extending subtypes"
- Fix typo `select any(Foo f) would yield bar` -> `select any(Foo f).foo() would yield bar`
- Fix inline code formatting
- Change `foo_method` to `fooMethod` to follow QL style guide
2022-04-13 16:12:42 +01:00
Geoffrey White
2ad81e63a5 C++: Change note. 2022-04-13 16:11:14 +01:00
AlexDenisov
df2cc181a0 Merge pull request #8726 from redsun82/swift-prebuilt-fetching
Swift: fetch prebuilt swift and link against it
2022-04-13 16:58:36 +02:00
Geoffrey White
dfd846bb7b C++: Changes to the qhelp. 2022-04-13 15:53:13 +01:00
Paolo Tranquilli
aaf9e7da2f turn off universal_binaries for now 2022-04-13 16:45:23 +02:00
Paolo Tranquilli
9e3401ce59 make self repository name parametric
In a workspace macro we must use the exact repository name, and this
can be different when importing the workspace (it is different in
semmle-code).
2022-04-13 16:22:27 +02:00
Paolo Tranquilli
73d5691d91 update swift package 2022-04-13 16:22:27 +02:00
Paolo Tranquilli
e68172f4b0 Swift: fetch prebuilt swift and link against it
This is known to break linux integration in sembuild.
2022-04-13 16:22:27 +02:00
Geoffrey White
d83aea5ea3 C++: Copy the qhelp from Javascript. 2022-04-13 15:16:01 +01:00
Geoffrey White
b149666f45 C++: Query metadata (precision is provisional, might up it to 'high' later). 2022-04-13 15:15:28 +01:00
Rasmus Wriedt Larsen
a271e17f04 Python: Move dataflow call-graph to new qll file
Seems like all other languages use a file called `DataFlowDispatch`. I
want to introduce a setup where we have (old) points-to based approach
in one file, and can develop a type-tracking based approach in another
file, so that's the reason for the naming differing slightly.

For which predicates go in which files, I have taken mostly inspiration
from C# and Ruby.
2022-04-13 15:56:57 +02:00
Rasmus Wriedt Larsen
3d15205084 Python: Autoformat 2022-04-13 15:36:16 +02:00
Rasmus Wriedt Larsen
ded4e9250c Python: Move IterableUnpacking to own file 2022-04-13 15:36:05 +02:00
Rasmus Wriedt Larsen
c740894408 Python: Move MatchUnpacking to own file
I had hoped that git would be able to see this as a rename, and
therefore I haven't done autoformat
2022-04-13 15:36:05 +02:00
AlexDenisov
058ac5bcae Merge pull request #8717 from AlexDenisov/alexdenisov/swift-ql-ci
Swift: enable QL tests on CI
2022-04-13 14:42:27 +02:00
Geoffrey White
be0df1662c C++: Rename the query file. 2022-04-13 13:20:02 +01:00
Geoffrey White
ffbe724040 C++: Remove unfinished parts for now. 2022-04-13 13:18:23 +01:00
Jean Helie
407a8a7715 ML: fix ATM expected tests outputs 2022-04-13 14:02:12 +02:00
Rasmus Wriedt Larsen
2e60172bfa Python: Delete old dataflow readme 2022-04-13 12:09:38 +02:00
Rasmus Wriedt Larsen
6235dc5039 Python: Handle find_library assignment to temp variable 2022-04-13 11:44:15 +02:00
Rasmus Wriedt Larsen
c87b3087be Python: Add test for Django FileField upload_to
The output from running the test script is:

```
'rootdir/bar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/bar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/foo%2fbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/%2e%2e%2fbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/foo%c0%afbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
```

I didn't add a `.py` extension, so it wasn't extracted, since we don't
actually care about what we model in that file.
2022-04-13 11:27:18 +02:00
Rasmus Wriedt Larsen
304713ca87 Python: Handle django v4 as well in tests 2022-04-13 11:21:44 +02:00
Paolo Tranquilli
6166f0601c Merge pull request #8727 from redsun82/bazel_workspace_rename
Bazel: rename workspace to codeql
2022-04-13 10:51:10 +02:00
Alex Denisov
60c6241382 Swift: run QL tests on macOS 2022-04-13 10:35:15 +02:00
Rasmus Wriedt Larsen
bdadf2b445 Python: Fix warnings 2022-04-13 10:30:59 +02:00
Asger Feldthaus
a5ad4c8263 QL: Update printAst output
Annotations are not longer their own children/parent.
2022-04-13 10:29:21 +02:00
Rasmus Wriedt Larsen
4927f0018b Merge branch 'main' into django-filefield-uploadto 2022-04-13 10:22:28 +02:00
Erik Krogh Kristensen
41bdd8f4da minor fixes 2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen
b13e7c055b move the sanitizer-guard to the Query.qll file 2022-04-13 09:58:33 +02:00
Erik Krogh Kristensen
96e4633dfe remove more code that did nothing 2022-04-13 09:57:32 +02:00
Erik Krogh Kristensen
a9595af01e update expected output 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
d35604ed82 remove the length sanitizer from loop-bound-injection - it did nothing 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
dd28157d0a add test of a length check 2022-04-13 09:43:21 +02:00
Erik Krogh Kristensen
8e47a9b242 add sanitizer step for .length in js/resource-exhaustion 2022-04-13 09:30:09 +02:00
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Asger Feldthaus
c1827cfd30 QL: Add test for getAStringValue 2022-04-13 08:45:25 +02:00
Asger Feldthaus
4c72c31a5a QL: Add InlineExpectationsTest 2022-04-13 08:45:25 +02:00
Asger Feldthaus
b0801c9b2f QL: Add some missing qldoc 2022-04-13 08:45:25 +02:00
Asger Feldthaus
8188e2876c QL: Autoformat 2022-04-13 08:45:25 +02:00
Asger Feldthaus
6632b7da1c QL: Add FrameworkCoverage query 2022-04-13 08:45:25 +02:00
Alex Denisov
b8c1f1a6e1 Swift: run QL tests on Linux 2022-04-13 07:44:19 +02:00
Geoffrey White
cdce72b87c C++: Better join order for reachesWithoutAssignment. 2022-04-12 17:34:02 +01:00
Porcupiney Hairs
785dc1af3c Include changes from review 2022-04-12 21:17:39 +05:30
Paolo Tranquilli
141ba2e039 Bazel: rename workspace to codeql 2022-04-12 17:37:29 +02:00
Robert Marsh
0e3e35f233 C++: don't dump global vars without initializers 2022-04-12 11:21:41 -04:00
Paolo Tranquilli
03ebf8b049 Merge pull request #8700 from redsun82/swift-skeleton
Swift: first skeleton extractor
2022-04-12 17:14:42 +02:00
Paolo Tranquilli
8ef28787b6 Swift: do not fail pack creation if dir does not exist 2022-04-12 17:05:26 +02:00
Erik Krogh Kristensen
a2d2626c9c add security severity 2022-04-12 16:34:00 +02:00
Erik Krogh Kristensen
d64df30724 reintroduce the reverted qhelp 2022-04-12 16:33:06 +02:00
Erik Krogh Kristensen
ebf9ba7250 remove the type-overloaded new Buffer() as a sink 2022-04-12 16:29:58 +02:00
Erik Krogh Kristensen
e2b7f7d05d reintroduce the number sinks 2022-04-12 16:26:10 +02:00
Erik Krogh Kristensen
029459cc35 reorganize CWE-770 tests 2022-04-12 16:15:40 +02:00
Paolo Tranquilli
6440242268 Swift+Bazel: apply review comments 2022-04-12 16:03:20 +02:00
Erik Krogh Kristensen
688b2b6898 use the Query.qll pattern 2022-04-12 15:52:52 +02:00
Erik Krogh Kristensen
8fb54c3f32 move js/resource-exhaustion out of experimental 2022-04-12 15:51:36 +02:00
Asger Feldthaus
4b74fa628c QL: Add global flow and type-tracking 2022-04-12 15:25:09 +02:00
Asger Feldthaus
0ffb558e48 QL: Support local flow via unification 2022-04-12 15:25:06 +02:00
Asger Feldthaus
49d5b662ff QL: Add Node.getEnclosingPredicate 2022-04-12 15:25:03 +02:00
Asger Feldthaus
2b8454001a QL: Add scoped variable nodes 2022-04-12 15:24:59 +02:00
Asger Feldthaus
2d640e7e95 QL: Add basic data flow nodes 2022-04-12 15:24:55 +02:00
Asger Feldthaus
c9b9751894 QL: Add NodeNumbering library 2022-04-12 15:24:52 +02:00
Asger Feldthaus
60a22b71b4 QL: Remove redundant union part 2022-04-12 15:24:48 +02:00
Asger Feldthaus
f02912bdf5 QL: Add VarDef.getAnAccess 2022-04-12 15:24:45 +02:00
Asger Feldthaus
85403cd4de QL: Fix up parent-child relation in tree 2022-04-12 15:24:42 +02:00
Erik Krogh Kristensen
df295e69d6 add change-note 2022-04-12 14:37:51 +02:00
Erik Krogh Kristensen
bca4d14129 rename files 2022-04-12 14:37:43 +02:00
Erik Krogh Kristensen
591fcda862 various improvements to the js/missing-origin-verification query 2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen
2d6d304d7c add InclusionTest to PostMessageEventSanitizer 2022-04-12 14:12:36 +02:00
Chris Smowton
a8eeef6ef8 Merge pull request #718 from owen-mc/fix-incorrect-integer-conversion-for-type-assertions
Integer conversion should ignore type assertions
2022-04-12 12:44:43 +01:00
Paolo Tranquilli
f2f99611bd .gitignore CLion project files 2022-04-12 12:41:00 +02:00
Paolo Tranquilli
a205b465ba Bazel: reorganization
* fixed 5.0.0 as bazel version
* made dependencies better loadable
* moved `//swift/install` to `//swift:create-extractor-pack` (following
  the clearer ruby naming)
* renamed `extractor_pack` to `extractor-pack` for consistency with Ruby
2022-04-12 12:40:59 +02:00
Paolo Tranquilli
13b2442fed Bazel: code reorganization 2022-04-12 12:40:59 +02:00
Paolo Tranquilli
664d5ba0a9 Swift: moved install to a separate package
When importing the workspace from semmle-code, we do not need nor want
to instantiate `@util`, so that must be in a separate bazel package.
2022-04-12 12:40:59 +02:00
Paolo Tranquilli
95dbf2d666 Swift: first skeleton extractor
This adds a first dummy extractor for swift.

Running `bazel run //swift:install` will create an `extractor_pack`
directory in `swift`. From that moment providing `--search-path=swift`
will pick up the extractor.
2022-04-12 12:40:59 +02:00
Owen Mansel-Chan
f9f21e9891 Integer conversion should ignore type assertions 2022-04-12 10:58:07 +01:00
Erik Krogh Kristensen
e2badab251 update expected output after test reorganization 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
ec9c308d06 reorganize the tests in CWE-020 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
18532bae54 move js/missing-postmessageorigin-verification out of experimental 2022-04-12 10:39:27 +02:00
CodeQL CI
a43f3a21a8 Merge pull request #8550 from erik-krogh/classJoin
Approved by asgerf
2022-04-12 09:23:58 +01:00
Erik Krogh Kristensen
34abef8a6c Merge branch 'main' into dragAndDrop 2022-04-11 23:59:46 +02:00
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
luchua-bc
7029802f3b Add sinks for getClass() and getClassLoader() 2022-04-11 21:03:48 +00:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
121aad7fd2 updated change notes 2022-04-11 12:45:37 -05:00
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main
C++: refactor some code, and add access_ok cases
2022-04-11 15:57:27 +01:00
Mathias Vorreiter Pedersen
e86b6b182f C++: Remove TC from 'Element.getRootCause'. 2022-04-11 15:27:10 +01:00
Bas van Schaik
c3912b2f29 Update README to clarify license explanation 2022-04-11 14:30:56 +01:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes
Approved by erik-krogh
2022-04-11 14:08:15 +01:00
Bas van Schaik
422255b859 Update CODEOWNERS for documentation and license
To make sure the right people are pinged when a change like #5893 is made
2022-04-11 12:33:23 +01:00
Marcono1234
bc5dc6ad50 Java: Remove TODO comment for getRuleExpression() behavior
Predicate behavior has been fixed on `main`.
2022-04-10 18:24:26 +02:00
Marcono1234
7bed14bbf0 Merge remote-tracking branch 'remotes/origin/main' into marcono1234/statement-expression 2022-04-10 18:23:45 +02:00
Marcono1234
348a186df8 Java: Make JumpStmt a concrete class again
Public abstract classes can be error-prone, when users unintentionally
implement a new subclass instead of refining the set of existing subclasses.
2022-04-10 17:54:47 +02:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip
Add query to detect ZipSlip
2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
2022-04-08 23:42:35 +02:00
Taus
3d14c5f3c3 Python: Update tests
We need to import `tty` in order to be able to detect the standard library correctly.
2022-04-08 23:20:47 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
b953fe39c2 Merge pull request #716 from github/edoardo/3.5-mergeback
Merge `rc/3.5` branch into `main`
2022-04-08 20:43:15 +01:00
Edoardo Pirovano
3d41a5cae3 Merge pull request #8704 from github/edoardo/3.5-mergeback
Merge `rc/3.5` branch into `main`
2022-04-08 19:32:58 +01:00
Dave Bartolomeo
e3b7ba6b1f Revert "Bump version of suite-helpers dependency"
This reverts commit 49e568ed44.
2022-04-08 14:06:59 -04:00
Dave Bartolomeo
49e568ed44 Bump version of suite-helpers dependency 2022-04-08 13:11:33 -04:00
Dave Bartolomeo
9f074cd8fd Bump a few more versions
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
2022-04-08 13:01:41 -04:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Owen Mansel-Chan
f196538953 Merge pull request #714 from owen-mc/fix-get-enclosing-callable
Extend DataFlowCallable to include file scopes
2022-04-08 17:02:35 +01:00
Edoardo Pirovano
16c0f11c00 Bump minor version of packs 2022-04-08 15:51:34 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Owen Mansel-Chan
b9ff1ccd45 Add change note 2022-04-08 15:23:24 +01:00
Ian Lynagh
3e5b5bee8a Merge pull request #8642 from github/post-release-prep/codeql-cli-2.8.5
Post-release preparation for codeql-cli-2.8.5
2022-04-08 15:09:21 +01:00
Ian Lynagh
6f6e8bfbd1 Merge pull request #713 from github/post-release-prep/codeql-cli-2.8.5
Post-release preparation for codeql-cli-2.8.5
2022-04-08 15:09:08 +01:00
Owen Mansel-Chan
76a0a51f39 Merge pull request #715 from owen-mc/print-empty-interface-with-single-space
Pretty-print empty interface without double space
2022-04-08 11:46:04 +01:00
Jeroen Ketema
83d35a9a96 C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection 2022-04-08 11:28:17 +02:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
2022-04-08 10:22:13 +01:00
annarailton
b0ab7218db Add test for query mappings 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
2022-04-08 10:22:13 +01:00
annarailton
de4e01a8f2 Change NotASinkType to NegativeType
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
2022-04-08 10:22:13 +01:00
Anders Schack-Mulligen
35d30d6c3c Doc: Add any() and none() to the language reference. 2022-04-08 10:28:13 +02:00
Owen Mansel-Chan
880afea959 Pretty-print empty interface without double space 2022-04-08 06:09:56 +01:00
Geoffrey White
3aaa058308 C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc. 2022-04-07 19:01:30 +01:00
Geoffrey White
9a0880f516 C++: Clean up the tests, make them a bit more realistic, and add many more test cases. 2022-04-07 19:00:30 +01:00
Geoffrey White
e2eda65fe1 C++: Rename test, add .expected. 2022-04-07 18:59:51 +01:00
Tony Torralba
9833fa2451 Add tests for SpringController 2022-04-07 18:17:50 +02:00
Rasmus Wriedt Larsen
517444b5ff Python: Fix SimpleXmlRpcServer.expected 2022-04-07 16:42:40 +02:00
Rasmus Wriedt Larsen
ec66f26ade Python: Handle get_collection on pymongo DB 2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen
89eeaf85d5 Python: Handle get_database on MongoClient instance 2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen
7ca19653df Python: mongoDBInstance refactor 2022-04-07 16:22:57 +02:00
Rasmus Wriedt Larsen
e58e9a273b Python: mongoClientInstance refactoring 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
0ce2ced1aa Python: Model pymongo.mongo_client.MongoClient 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
81fdc1bd78 Python: Add more pymongo NoSQL tests 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
30fff1cf8b Python: Merge pymongo NoSQL tests 2022-04-07 16:04:25 +02:00
Rasmus Wriedt Larsen
8191be9d75 Python: Move last XXE/XML bomb out of experimental 2022-04-07 15:37:56 +02:00
Rasmus Wriedt Larsen
405480c410 Python: Rename sink definitions for XXE/XML bomb 2022-04-07 15:37:56 +02:00
Anders Schack-Mulligen
4eaec3953a Merge pull request #8694 from aschackmull/dataflow/cleanup-unused
Dataflow: Cleanup unused column
2022-04-07 15:16:27 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs
Java: Fix Local Temp File/Dir Incorrect Guard Logic
2022-04-07 14:00:13 +02:00
Anders Schack-Mulligen
7beed570f2 Dataflow: Sync. 2022-04-07 13:53:48 +02:00
Anders Schack-Mulligen
876a9f80ce Dataflow: remove unused column. 2022-04-07 13:53:27 +02:00
Erik Krogh Kristensen
7e4c76c63b revert API-graph change in Flask.qll 2022-04-07 13:52:14 +02:00
Erik Krogh Kristensen
bdfd6bdc79 fix a ql/field-only-used-in-charpred warning 2022-04-07 13:52:14 +02:00
Erik Krogh Kristensen
50bfc8eaa0 refactor uses of API::Node::getAUse() that should have been something else 2022-04-07 13:52:13 +02:00
Erik Krogh Kristensen
4e5afab082 refactor more python type-trackers to API-graphs 2022-04-07 13:51:40 +02:00
Jeroen Ketema
319ff35bd7 Merge pull request #8692 from jketema/implied-cctor-source
Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source""
2022-04-07 13:38:39 +02:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Jeroen Ketema
bfe9fb1721 Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source""
This reverts commit b1d9a070f4.
2022-04-07 12:29:43 +02:00
Mathias Vorreiter Pedersen
a6f7bd102a Merge pull request #8691 from jketema/revert-8592
Revert "Merge pull request #8592 from jketema/implied-cctor-source"
2022-04-07 11:26:33 +01:00
Owen Mansel-Chan
32f96c84ed Merge pull request #8677 from github/RasmusWL/update-codeowners
Remove @xcorail from CODEOWNERS
2022-04-07 11:16:01 +01:00
Jeroen Ketema
b1d9a070f4 Revert "Merge pull request #8592 from jketema/implied-cctor-source"
This reverts commit d4834cb7ff, reversing
changes made to 268a3fd1c5.
2022-04-07 12:02:37 +02:00
Mathias Vorreiter Pedersen
d4834cb7ff Merge pull request #8592 from jketema/implied-cctor-source
C++: Add tests for copy constructor calls with implied source
2022-04-07 11:00:40 +01:00
Rasmus Wriedt Larsen
268a3fd1c5 Merge pull request #8680 from RasmusWL/subclass
Python: Refactor how we find a `Class` from `API::Node`
2022-04-07 11:52:52 +02:00
Rasmus Wriedt Larsen
e9df2f8fca Update CODEOWNERS
remove extra blank line
2022-04-07 11:51:23 +02:00
Rasmus Wriedt Larsen
142ca78c7d Update CODEOWNERS
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2022-04-07 11:28:42 +02:00
Rasmus Wriedt Larsen
7728b6cf1b Python: Change XmlBomb vulnerability kind 2022-04-07 10:56:35 +02:00
Asger Feldthaus
81cf3d4574 JS: Use Class#getAnInstanceReference 2022-04-07 10:43:29 +02:00
Rasmus Wriedt Larsen
218c698498 Update CODEOWNERS
Co-authored-by: Chuan-kai Lin <cklin@github.com>
2022-04-07 10:11:26 +02:00
Asger Feldthaus
2a67085d9d JS: Change note 2022-04-07 10:02:21 +02:00
Erik Krogh Kristensen
ef9b6a11a6 Merge pull request #8679 from erik-krogh/getUrl
Java: rename existing getUrl predicate to getRepositoryUrl
2022-04-07 10:01:14 +02:00
Asger Feldthaus
4eda6f643f JS: Recognize subclasses of HTMLElement in domValueRef 2022-04-07 09:57:31 +02:00
Asger Feldthaus
cff8dc0537 JS: Improve flow through Array.prototype.reduce 2022-04-07 09:57:31 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind
C#: Introduce generated flag as a part of the kind column for flow summaries
2022-04-07 08:43:30 +02:00
Erik Krogh Kristensen
489d4cb908 add change-note 2022-04-06 23:23:50 +02:00
Jonathan Leitschuh
2753521650 Java: Fix Local Temp File/Dir Incorrect Guard Logic
Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906
2022-04-06 12:16:09 -04:00
Rasmus Wriedt Larsen
f2f0873d91 Python: Use new API::CallNode for XML constant check
This also means that the detection of the values passed to these keyword
arguments will no longer just be from a local scope, but can also be
across function boundaries.
2022-04-06 15:49:06 +02:00
Rasmus Wriedt Larsen
c784f15762 Python: Rename more XML classes to follow convention
- `XMLEtree` to `XmlEtree`
- `XMLSax` to `XmlSax`
- `LXML` to `Lxml`
- `XMLParser` to `XmlParser`
2022-04-06 15:44:54 +02:00
Erik Krogh Kristensen
563d0d6532 rename existing getUrl predicate to getRepositoryUrl 2022-04-06 15:32:33 +02:00
Rasmus Wriedt Larsen
f8f41428df Python: Minor refactor for FlaskViewClass 2022-04-06 15:15:42 +02:00
Rasmus Wriedt Larsen
1c2323eb85 Python: Refactor how we find a Class from API::Node
Using `getAnImmediateUse` might give better performance than `getAUse`.

Since all the changed code is about `API::Node`s that are found after
doing `.getASubclass*()`, this change is OK.

It's also nice to align how we actually do this.
2022-04-06 15:12:24 +02:00
Anders Schack-Mulligen
879b8a1200 Merge pull request #8676 from pwntester/java_hotspots_mods
Make security-related TaintTracking Configuration public
2022-04-06 14:40:14 +02:00
Robert Marsh
3a35a40062 WIP: start on CWE-611 tests 2022-04-06 12:55:56 +01:00
Robert Marsh
370dd057dc C++: more WIP on Xerces XXE query 2022-04-06 12:55:54 +01:00
Robert Marsh
9b6c1bc691 WIP: Xerces XXE 2022-04-06 12:55:52 +01:00
Tom Hvitved
4099d1318f Data flow: Tweak two join-orders
Before
```
[2022-04-06 13:19:29] (96s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#aa10f2wi after 4.4s:
                      10681    ~0%     {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config'
                      982      ~1%     {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2
                      83691528 ~2%     {3} r3 = JOIN r2 WITH DataFlowPublic::ContentSet::getAReadContent#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1 'config', Lhs.2, Rhs.1 'c'
                      83581763 ~2%     {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config')
                      83581763 ~0%     {3} r5 = SCAN r4 OUTPUT In.2 'c', In.0 'config', In.1
                      0        ~0%     {3} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlowConsCand#7ad53399#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1 'config', Lhs.0 'c'
                      0        ~0%     {2} r7 = JOIN r6 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config'
                                       return r7
```

After
```
[2022-04-06 13:44:38] (6s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#5abbf2wn after 6ms:
                      10681  ~0%     {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config'
                      982    ~1%     {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2
                      109765 ~0%     {3} r3 = JOIN r2 WITH DataFlowImpl2::Stage1::fwdFlowConsCandSet#7ad53399#fff#reorder_0_2_1 ON FIRST 2 OUTPUT Lhs.1 'config', Lhs.2, Rhs.2 'c'
                      0      ~0%     {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config')
                      0      ~0%     {3} r5 = SCAN r4 OUTPUT In.1, In.0 'config', In.2 'c'
                      0      ~0%     {2} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config'
                                     return r6
```
2022-04-06 13:52:30 +02:00
Erik Krogh Kristensen
943af17d10 Merge pull request #8619 from erik-krogh/atmSteps
JS-ML: fix isKnownStepSrc such that it recognizes taint-steps
2022-04-06 12:56:53 +02:00
Rasmus Wriedt Larsen
23637fd691 Merge branch 'main' into promote-xxe 2022-04-06 12:56:31 +02:00
Erik Krogh Kristensen
0435cee57f add a taint-step through URL.createObjectURL for js/xss-through-dom 2022-04-06 12:18:47 +02:00
Rasmus Wriedt Larsen
b99767ef52 Merge pull request #8668 from RasmusWL/use-instanceof
Python: Rewrite concepts to use `extends ... instanceof ...`
2022-04-06 12:09:12 +02:00
Erik Krogh Kristensen
b11d48e749 add files in the DOM as a source for js/xss-through-dom 2022-04-06 12:09:07 +02:00
Anders Schack-Mulligen
bbb6d08071 Merge pull request #8661 from Marcono1234/marcono1234/getMethod-public-only
Java: Fix reflection predicate for `getMethod` having non-public method result
2022-04-06 12:03:14 +02:00
Alvaro Muñoz Sanchez
9ccd0e564b Add QLDocs 2022-04-06 12:00:41 +02:00
Rasmus Wriedt Larsen
4d2a3b38d2 Merge pull request #8511 from RasmusWL/use-query-suffix
Python: Use `Query.qll` suffix for dataflow configuration definitions
2022-04-06 11:59:29 +02:00
Rasmus Wriedt Larsen
2e9505e7f2 Remove @xcorail from CODEOWNERS
Since @xcorail didn't have write access to this repo, that caused troubles with the CODEOWNERS file.
2022-04-06 11:48:38 +02:00
Anders Schack-Mulligen
d0b5b99e74 Merge pull request #8611 from github/smowton/doc/switch-expr-accessors
Java: make SwitchCase.getRuleExpression/Statement more consistent
2022-04-06 11:16:40 +02:00
Tom Hvitved
31ec2988df Merge pull request #8674 from hvitved/csharp/useless-upcast-lambda-tests
C#: Add more tests for `cs/useless-cast-to-self`
2022-04-06 11:11:40 +02:00
Tom Hvitved
cee527e03a Document flow through arrays in dataflow.md 2022-04-06 11:11:02 +02:00
Alvaro Muñoz Sanchez
19b8d51c0b Update CommandLineQuery
Make TaintTracking configuration public
2022-04-06 10:58:56 +02:00
Alvaro Muñoz Sanchez
abaa71e2c5 Update Sql Injection queries
move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
2022-04-06 10:57:14 +02:00
Geoffrey White
6c70cb4581 Merge pull request #8672 from jketema/unused-locals
C++: Add `cpp/unused-local-variable` test case with `switch` initializer
2022-04-06 09:03:12 +01:00
Tom Hvitved
02b11084bc C#: Add more tests for cs/useless-cast-to-self 2022-04-06 09:36:59 +02:00
4B5F5F4B
04538d0599 Autoformated to make CodeQL happy 2022-04-06 11:59:26 +08:00
ihsinme
275b29a288 Update DangerousUseOfExceptionBlocks.expected 2022-04-05 22:48:11 +03:00
Jeroen Ketema
d19504fca2 C++: Add cpp/unused-local-variable test case with switch initializer
This is similar to the test case with the `if` initializer, and we should
not forget about it once we support `if` initialization.
2022-04-05 18:27:53 +02:00
Owen Mansel-Chan
603c1d518e Extend DataFlowCallable to include file scopes
The motivation is so that getEnclosingCallable() can cope with
nodes that are not in a callable.
2022-04-05 16:00:53 +01:00
Alex Ford
ccd7bb5e70 Merge pull request #8421 from alexrford/ruby/weak-cryptographic-algorithm
Ruby: Add `rb/weak-cryptographic-algorithm` query
2022-04-05 14:34:45 +01:00
Ahmed Farid
29f69bde75 Update zipslip_bad.py 2022-04-05 12:46:51 +00:00
Ahmed Farid
dfe7f532ac Update CopyFile.qll 2022-04-05 12:42:05 +00:00
Ahmed Farid
0d6d07886b Rename Zip.qll to CopyFile.qll 2022-04-05 12:37:14 +00:00
Ahmed Farid
8882bc1533 Update Frameworks.qll 2022-04-05 12:32:10 +00:00
Ahmed Farid
68bfe38529 Update Zip.qll 2022-04-05 12:31:30 +00:00
Michael Nebel
2562910b94 C#: Update Csv validation to allow sources and sink kinds to be prefixed with generated. 2022-04-05 14:25:34 +02:00
Michael Nebel
d7bf024318 Java: Add testcase for generated summary model. 2022-04-05 14:25:34 +02:00
Michael Nebel
0374f84c05 Java: Make support for generated as a part of kind. 2022-04-05 14:25:34 +02:00
Michael Nebel
3a04e9a03d Java: Update java capture models with new kind column (including tests). 2022-04-05 12:55:47 +02:00
Michael Nebel
412699f407 C#: Modify generator and update test output with updated kind column. 2022-04-05 12:51:01 +02:00
Rasmus Wriedt Larsen
5b96db26b3 Python: Rewrite concepts to use extends ... instanceof ...
This solved performance problems experienced in
https://github.com/github/codeql/pull/8634, and this commit+PR is to
ensure we get this change in as fast as possible.
2022-04-05 12:34:15 +02:00
Rasmus Wriedt Larsen
b7f56dd17e Python: Rewrite concepts to use extends ... instanceof ...
This caused compilation time for `ConceptsTest.ql` to go from 1m24s to
7s
2022-04-05 12:31:09 +02:00
Rasmus Wriedt Larsen
a7dab53ed2 Python: Add change-note 2022-04-05 11:46:49 +02:00
Rasmus Wriedt Larsen
1f285b8983 Python: Rename to XmlParsingVulnerabilityKind
To keep up with style guide
2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen
ab59d5c786 Python: Rename to XmlParsing
To follow our style guide
2022-04-05 11:06:22 +02:00
Michael Nebel
c2920405fc C#: Add a query for detecting flow summaries that are discarded due to existing handwritten models. 2022-04-05 08:55:12 +02:00
Michael Nebel
3937714f9f C#: The CaptureSummaryModels query should only produce summary models that will not be discarded at run-time. 2022-04-05 08:55:12 +02:00
Michael Nebel
784327c183 Java/Ruby: Hardcode generated flag to false. 2022-04-05 08:55:12 +02:00
Michael Nebel
8e1fa35367 C#: Add testcase, where generated flow summary is ignored. 2022-04-05 08:55:12 +02:00
Michael Nebel
de76df3988 C#: Only use generated summaries, if no handwritten model exist for a particular dataflow callable. 2022-04-05 08:55:12 +02:00
Michael Nebel
30dc4ae788 C#: Add testcase with multiple generated flow summaries. 2022-04-05 08:55:12 +02:00
Michael Nebel
689e8f1952 C#: Small testcase with a summary flow model that is listed as generated. 2022-04-05 08:55:12 +02:00
Michael Nebel
26ad4861a3 C#: Introduce parsing of the kind field. 2022-04-05 08:55:12 +02:00
Michael Nebel
f8b094ac1f C#: Only use generated flow summaries in case no handwritten summary exists. 2022-04-05 08:55:11 +02:00
Michael Nebel
4d953da480 C#: Initial steps to allow generated as a part of the kind. 2022-04-05 08:55:11 +02:00
Michael Nebel
1f72f6c2cd Merge pull request #8559 from michaelnebel/csharp/generateflowmodelsscript
C#: Generate Flow Models script
2022-04-05 08:43:22 +02:00
Harry Maclean
1df1f42589 Fail workflow if files cannot be uploaded 2022-04-05 14:16:42 +12:00
Harry Maclean
5739a3b4e8 Fix typo 2022-04-05 14:14:39 +12:00
Harry Maclean
342bb17fb6 Simplify shell script 2022-04-05 14:03:29 +12:00
Harry Maclean
de743418e2 Add more validations to workflow inputs 2022-04-05 13:36:34 +12:00
Harry Maclean
815c6f4113 Use env vars instead of contexts 2022-04-05 12:03:10 +12:00
Harry Maclean
8f3578c92a Ruby: Include query results in test 2022-04-05 10:20:02 +12:00
Robert Marsh
a3072fcd83 Merge pull request #8664 from geoffw0/privdata3
C++: More enhancements to PrivateData.qll
2022-04-04 14:43:19 -04:00
ihsinme
73de757f39 Update DangerousUseOfExceptionBlocks.ql 2022-04-04 21:38:03 +03:00
Geoffrey White
04b8306f06 C++: Add some more patterns. 2022-04-04 16:57:00 +01:00
Geoffrey White
d2e7f22d1b C++: Group all phone number related exprs together. 2022-04-04 16:48:03 +01:00
Geoffrey White
d42ee7d279 C++: Extend tests. 2022-04-04 16:46:56 +01:00
Michael Nebel
8c3be653c2 C#: Update test output. 2022-04-04 16:07:46 +02:00
Michael Nebel
3fe941aae2 C#: Add missing empty ext column in generated summaries. 2022-04-04 15:58:35 +02:00
Michael Nebel
c6fe54c41b C#: Add script for running CaptureModel queries and generate qll source file. 2022-04-04 15:58:35 +02:00
Marcono1234
6dd14a6cb3 Java: Fix reflection predicate for getMethod having non-public method result 2022-04-04 15:10:49 +02:00
Tom Hvitved
415a1c2107 Java/C#: Update CaptureModels.qll 2022-04-04 13:51:44 +02:00
Tom Hvitved
57f2a74636 Python: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
7113c1b29c C#: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
b91858e7cf Java: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
d99bb65ea9 C++: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
725d76e934 Ruby: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
c4fbc618a9 Data flow: Sync files 2022-04-04 13:51:44 +02:00
Tom Hvitved
309fd937c1 Data flow: Introduce ContentSet 2022-04-04 13:51:43 +02:00
Tom Hvitved
a5040fd0ce Ruby: Add data-flow test for reverse array stores 2022-04-04 13:51:43 +02:00
Asger F
de169277cb Merge pull request #8576 from asgerf/js/decorated-method-or-class
JS: Add decorator edges in API graphs and corresponding MaD tokens
2022-04-04 12:49:28 +02:00
Jeroen Ketema
e91c04234e C++: Update tests for copy constructor calls with implied source 2022-04-04 12:48:02 +02:00
Jeroen Ketema
e710cf7921 C++: Add tests for copy constructor direct initializations 2022-04-04 12:48:01 +02:00
Jeroen Ketema
82b1cd69d2 Merge pull request #8554 from jketema/bitwise-lambda-capture-init
C++: Handle bitwise copies in lambda captures
2022-04-04 12:23:05 +02:00
Michael Nebel
3466adaf8c C#: Add kind tag to Capture model queries. 2022-04-04 11:00:58 +02:00
Michael Nebel
25881d673e Merge pull request #8626 from michaelnebel/csharp/equalsgethashcodeoverrides
C#: Exclude Equals and GetHashCode overrides from model generation.
2022-04-04 09:40:31 +02:00
Harry Maclean
ee81bf2767 Use --paginate to get all comments 2022-04-04 10:21:26 +12:00
Harry Maclean
1cf2530feb Use environment variable instead of GH context 2022-04-04 10:18:41 +12:00
Harry Maclean
c2b94e8d1d Rename workflow to reflect its generic nature
This workflow can (pretty much) be used by any other workflow that wants
to post a PR comment.
2022-04-04 10:16:48 +12:00
Harry Maclean
e34911118f Use gh api instead of third-party actions
Also move more steps to the unprivileged workflow.
2022-04-04 10:16:48 +12:00
Harry Maclean
9116dbd670 Update QHelp PR comment if it already exists
If we've already commented on a PR with a preview of the QHelp changes,
then update the existing comment instead of creating a new one.
2022-04-04 10:16:48 +12:00
Tom Hvitved
50dc3820c6 Merge pull request #8589 from hvitved/regex/speedup-concretise 2022-04-03 17:56:07 +02:00
ihsinme
61860c9ae9 Update DangerousUseOfExceptionBlocks.ql 2022-04-02 13:44:40 +03:00
Jeroen Ketema
e1fa58a6f2 C++: Update tests after generating reference conversion 2022-04-01 18:32:46 +02:00
Jeroen Ketema
1d51b618d1 C++: Update tests for handling op bitwise copy in lambda captures 2022-04-01 18:32:46 +02:00
Jeroen Ketema
dea510ac95 C++: Add change note for cpp/unused-local-variable changes 2022-04-01 18:32:46 +02:00
Jeroen Ketema
4f49f9d6e1 C++: Remove exception from cpp/unused-local-variable that is no longer needed 2022-04-01 18:32:46 +02:00
Jeroen Ketema
3fed59fd13 C++: Add more lambda capture IR tests 2022-04-01 18:32:45 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
469af4c501 Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:21:57 +00:00
Chris Smowton
3119885a9b Merge pull request #8638 from smowton/smowton/docs/additional-flow-step-description
Improve wording of isAdditionalFlow/TaintStep qldoc
2022-04-01 16:41:04 +01:00
Paolo Tranquilli
a323cce03e Merge pull request #8630 from redsun82/bazel-workspace
Bazel: add skeleton bazel workspace
2022-04-01 15:46:59 +02:00
Ian Lynagh
4551af90f6 Merge pull request #8640 from github/release-prep/2.8.5
Release preparation for version 2.8.5
2022-04-01 14:07:21 +01:00
Ian Lynagh
837d1fbe38 Merge pull request #712 from github/release-prep/2.8.5
Release preparation for version 2.8.5
2022-04-01 14:07:16 +01:00
Mathias Vorreiter Pedersen
002f7cd438 Merge pull request #8623 from geoffw0/privdata2
C++: Some enhancements to SensitiveExprs.qll
2022-04-01 13:49:44 +01:00
Chris Smowton
28fa49dcd6 dataflow -> data-flow 2022-04-01 13:22:58 +01:00
Rasmus Wriedt Larsen
ba011fb13f Merge pull request #8601 from zbazztian/recognize-flask-named-body-param
Python: Flask: Identify body contents passed via named response parameter in invocations of Response constructor
2022-04-01 14:19:28 +02:00
Paolo Tranquilli
1cc7621300 Bazel: add to CODEOWNERS and move around doc note 2022-04-01 14:04:50 +02:00
Paolo Tranquilli
3772efd193 .gitignore bazel symlinks 2022-04-01 14:04:50 +02:00
Paolo Tranquilli
8a5e611453 Bazel: add skeleton bazel workspace
This moves in codeql some internal bazel definitions in preparation for
future work.
2022-04-01 14:04:50 +02:00
Sebastian Bauersfeld
504e7e4a55 Update python/ql/lib/change-notes/2022-03-30-flask-recognize-body-param.md
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-04-01 18:41:27 +07:00
Erik Krogh Kristensen
29a5bdb601 Merge pull request #7339 from erik-krogh/pyPerf
Python: Cache more predicates to improve performance.
2022-04-01 13:37:21 +02:00
Michael Nebel
81904cc993 C#: Refactor isIrrelevantOverrideOrImplementation to make it easier to extend it with more methods later. 2022-04-01 13:27:05 +02:00
Erik Krogh Kristensen
eae2a6af36 update expected output for Locations.ql 2022-04-01 12:58:00 +02:00
Erik Krogh Kristensen
ed7e1206ff rename isBeforeCode to isCommentAfterCode 2022-04-01 12:55:00 +02:00
Tony Torralba
4cf0ebc5a8 Add change note 2022-04-01 12:43:27 +02:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
github-actions[bot]
950519c884 Release preparation for version 2.8.5 2022-04-01 10:39:24 +00:00
Tony Torralba
cc9b16beff Fix wrong models of spring-web 2022-04-01 12:37:30 +02:00
Tony Torralba
3747aec144 Improve models of spring-beans 2022-04-01 12:37:22 +02:00
Chris Smowton
3b0bd3bc0f Improve wording 2022-04-01 11:31:31 +01:00
Chris Smowton
314bd20eb2 Merge pull request #711 from rverme/patch-1
Address incorrectly referenced parameter in QLdoc
2022-04-01 11:22:57 +01:00
Chris Smowton
81e60eb145 Add change note 2022-04-01 11:20:03 +01:00
Chris Smowton
99026a6071 Improve wording of isAdditionalFlow/TaintStep qldoc 2022-04-01 11:07:27 +01:00
Michael Nebel
5cb2bd9245 C#: Exclude IEquatable Equals implementations. 2022-04-01 11:39:41 +02:00
Michael Nebel
02a0cbf0f4 C#: Add test cases. 2022-04-01 11:32:10 +02:00
Michael Nebel
99bbca8c31 C#: Exclude overrides of Equals and GetHashCode in model generation. 2022-04-01 11:32:10 +02:00
Michael Nebel
f480ab9fd2 Merge pull request #8629 from michaelnebel/csharp/capturemodelmetadata
C#: Improve query meta data.
2022-04-01 10:40:05 +02:00
Jeroen Ketema
f2beb9eb2b Merge pull request #8622 from MathiasVP/fix-cpp-performance
C++: Fix bad magic and bad join
2022-04-01 09:51:16 +02:00
rverme
9b6dd60615 Address incorrectly reference parameter in QLdoc
The qldoc of the predicate `isParameterOf` mentions the parameter `fd` that does not exists and is possible replaced by `c`
2022-04-01 09:37:56 +02:00
Michael Nebel
c139850cd6 Merge pull request #8609 from michaelnebel/csharp/operatorsummaries
C#: Operator flow
2022-04-01 09:04:04 +02:00
Michael Nebel
01e57e90c9 C#: Fix query name for source model generation. 2022-04-01 08:54:35 +02:00
Harry Maclean
ae60d40511 Ruby: Fix typo in rb/insecure-dependency qhelp
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-04-01 15:35:53 +13:00
Harry Maclean
5814db19d5 Ruby: Fix bug in rb/insecure-dependency query
Only look at the first component of strings for the prefix.

Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-04-01 15:35:21 +13:00
Harry Maclean
3d96c5e6db Ruby: Add test case for rb/insecure-dependency
This tests that we recognise kwargs in hashrocket style:

    gem "foo", "1.2.3", :git => "..."

as well as the modern style:

    gem "foo", "1.2.3", git: "..."
2022-04-01 15:30:07 +13:00
Chris Smowton
9309a652df Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions
[Java]: Add precondition support for testing library asserts
2022-03-31 22:30:09 +01:00
Rasmus Wriedt Larsen
d2b03bb480 Python: Fix SimpleXmlRpcServer.ql 2022-03-31 20:37:28 +02:00
Rasmus Wriedt Larsen
4abab22066 Python: Promote XXE and XML-bomb queries
Need to write a change-note as well, but will do that tomorrow
2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen
b8d3c5e96f Python: Remove last bits of experimental XML modeling 2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen
5083023aa8 Python: Move XML parsing PoC
Since the folder where it used to live is now empty otherwise :O
2022-03-31 18:37:47 +02:00
Alex Ford
8b0ebbfecc Ruby: replace use of deprecated getStringOrSymbol() 2022-03-31 17:21:17 +01:00
Rasmus Wriedt Larsen
673220b231 Python: Minor cleanup of XmlParsingTest 2022-03-31 18:18:35 +02:00
Alex Ford
882f78c6f9 Merge remote-tracking branch 'origin/main' into ruby/weak-cryptographic-algorithm 2022-03-31 17:17:46 +01:00
Rasmus Wriedt Larsen
b4c0065aeb Python: Extend FileSystemAccess for xml.sax and xml.dom.* parsing 2022-03-31 18:08:47 +02:00
Rasmus Wriedt Larsen
1d7cec60ae Python: xml.sax.parse is not a method call
And it's not possible to provide a parser argument either
2022-03-31 17:50:23 +02:00
Rasmus Wriedt Larsen
e11269715d Python: Promote xml.sax and xml.dom.* modeling 2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen
05bb0ef976 Python: Align xml.etree.ElementTree modeling
I didn't find a good way to actually share the stuff, so we kinda just
have 2 things that look very similar :|
2022-03-31 17:24:16 +02:00
Rasmus Wriedt Larsen
70b3eecdd5 Python: Merge xml.etree.ElementTree models
I forgot about the existing ones when I promoted it
2022-03-31 17:13:11 +02:00
Alex Ford
2b66dfa93e Ruby: replace a range field with instanceof 2022-03-31 15:39:11 +01:00
Chris Smowton
9bcf466aa8 Accept expected test result improvement 2022-03-31 15:19:08 +01:00
Stephan Brandauer
2cbb25acaa another review fix 2022-03-31 16:04:04 +02:00
Erik Krogh Kristensen
06fdaacd82 just look at the field name in the "detect uses of the field in an inbetween class"-check 2022-03-31 15:30:56 +02:00
Erik Krogh Kristensen
fa651d2f60 remove the override restriction from ql/unused-field 2022-03-31 15:30:19 +02:00
Chris Smowton
2829770003 Autoformat and fix typo 2022-03-31 14:11:09 +01:00
Michael Nebel
2edd6d72c0 C#: Improve query meta data. 2022-03-31 14:56:23 +02:00
Anders Schack-Mulligen
f1ec2e3260 Merge pull request #8426 from atorralba/atorralba/missing-severities
Java: Add missing security-severity scores
2022-03-31 14:53:47 +02:00
Chris Smowton
fa8791f1d5 Merge pull request #8620 from jketema/doc-typo-fix
CLI docs: make the running text match the example
2022-03-31 12:36:51 +01:00
Anders Schack-Mulligen
8d9ce5fb4c Merge pull request #8625 from aschackmull/java/qldoc-casing-fix
Java: Fix acronym casing in qldoc referring to Java class names.
2022-03-31 13:33:11 +02:00
Chris Smowton
04325abfa5 Add test 2022-03-31 12:26:38 +01:00
Chris Smowton
c2d461bcee Format 2022-03-31 12:19:53 +01:00
Chris Smowton
0d9c353c37 Represent switch statement and switch expression results alike 2022-03-31 12:19:11 +01:00
Chris Smowton
96bf754f01 Accept intrigus suggested doc clarifications
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-03-31 12:09:45 +01:00
Tom Hvitved
46d69cf544 Regex: Further tweaks to concretise computations 2022-03-31 12:52:43 +02:00
Tom Hvitved
5181544790 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
5052452ef9 SuperlinearBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Tom Hvitved
7efe698e56 Address review comment 2022-03-31 12:52:42 +02:00
Tom Hvitved
0fb28f4bc9 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
20f4d5a584 ExponentialBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Tom Hvitved
9c90385846 Merge pull request #8624 from hvitved/ruby/fix-import
Ruby: Fix broken import
2022-03-31 12:51:50 +02:00
Anders Schack-Mulligen
f28da00ec4 Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323 2022-03-31 12:50:36 +02:00
Stephan Brandauer
8f1a3597a7 autoformat 2022-03-31 12:32:29 +02:00
Tom Hvitved
40986bfcb1 Ruby: Fix broken import 2022-03-31 12:32:03 +02:00
Geoffrey White
fbd71cd050 C++: Update to regexpMatch. 2022-03-31 11:27:20 +01:00
Rasmus Wriedt Larsen
db43d043c4 Python: Add test showing misalignment of xml.etree modeling 2022-03-31 11:55:46 +02:00
Rasmus Wriedt Larsen
543454eff2 Python: Model file access from XML parsing 2022-03-31 11:47:29 +02:00
Michael Nebel
27b1d1e1e0 Merge pull request #8348 from michaelnebel/csharp/externalapi-telemetry
C#: ExternalAPI implementation for Telemetry.
2022-03-31 11:36:07 +02:00
Mathias Vorreiter Pedersen
dc88f715f8 C++: Fix join order. 2022-03-31 10:35:36 +01:00
Mathias Vorreiter Pedersen
da39c9f5ef C++: Fix bad magic. 2022-03-31 10:35:29 +01:00
Rasmus Wriedt Larsen
386ff53614 Python: Model lxml.iterparse 2022-03-31 11:32:22 +02:00
Geoffrey White
9035ca236e C++: Change note. 2022-03-31 10:24:18 +01:00
Geoffrey White
b296b0150a C++: Some enhancements to SensitiveExprs.qll as well, inspired by csharp. 2022-03-31 10:24:17 +01:00
Rasmus Wriedt Larsen
12cbdcde28 Python: Model lxml.etree.XMLID 2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen
6774085e7a Python: Add note about parseid/XMLID 2022-03-31 11:19:25 +02:00
Rasmus Wriedt Larsen
a315aa84b2 Python: Add some links in QLDocs 2022-03-31 11:16:50 +02:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
2022-03-31 10:12:46 +01:00
Rasmus Wriedt Larsen
64aa503cc3 Python: Promote xml.etree modeling 2022-03-31 11:12:02 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization
Incomplete url string sanitization
2022-03-31 10:59:51 +02:00
Stephan Brandauer
a6d2ecdc4d review comments 2022-03-31 10:49:33 +02:00
Rasmus Wriedt Larsen
7f5f7679f8 Python: Promote xmltodict modeling 2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen
80b5cde3a2 Python: Promote lxml parsing modeling 2022-03-31 10:19:08 +02:00
Jeroen Ketema
85e2367769 CLI docs: make the running text match the example 2022-03-31 10:14:30 +02:00
Rasmus Wriedt Larsen
3040adfd9b Python: Handle XMLParser().close() for XPath 2022-03-31 10:08:26 +02:00
Rasmus Wriedt Larsen
c4473c5f65 Python: Rename lxml XPath tests 2022-03-31 10:08:02 +02:00
Arthur Baars
7e866ed376 Merge pull request #8617 from cklin/qldoc-coverage-new-language
QLdoc check: handle new languages gracefully
2022-03-31 10:00:36 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
35ccba2ec1 Python: Promote XMLParsing concept test 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45288e812 Python: => XMLParsingVulnerabilityKind
Since there are other XML vulnerabilities that are not about parsing,
this is more correct.
2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e005a5c0ab Python: Promote XMLParsing concept 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
9caf4be21b Python: Add PortSwigger link to Xxe.qhelp
I found this resource quite good myself at least :)
2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
56b9c891d8 Python: Adjust XmlBomb.qhelp from JS 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
b00766b054 Python: Adjust XXE qhelp
and remove the old copy, we don't need it anymore :)
2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
769f5691d0 Python: Add taint for StringIO and BytesIO 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
57b9780428 Python: XXE: Add example of exfiltrating data through dtd-retrival 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
a1d88e39a7 Python: Adjust XXE PoC for newer lxml versions
Which doesn't raise that syntax error (at least not on my laptop)
2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
91795b8577 Python: Add simple test of Xxe/XmlBomb
Note that most of the testing happens in the framework specific tests,
with an inline-expectation test
2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
e45f9d69cc Python: Adjust Xxe/XmlBomb for Python
I changed a few QLdocs so they fit the style we have used in Python...
although I surely do regret having introduced a new style for how these
QLDocs look :D
2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
65907c9762 Python: Copy Xxe/XmlBomb queries from JS
After internal discussion, these will replace the `XmlEntityInjection`
query, so we can have separate severities on DoS and the other (more
serious) attacks.

Note: These clearly don't work, since they are verbatim copies of the JS
code, but I split it into multiple commits to clearly highlight what
changes were made.
2022-03-31 09:52:54 +02:00
Erik Krogh Kristensen
67e1ffdd3e fix isKnownStepSrc such that it actually includes taint/dataflow-steps 2022-03-31 09:46:01 +02:00
Erik Krogh Kristensen
e038baed36 add .gitignore ignoring test dbs 2022-03-31 09:45:28 +02:00
Chuan-kai Lin
1ff0fda5d1 QLdoc check: handle new languages gracefully 2022-03-30 14:58:13 -07:00
Erik Krogh Kristensen
1218c4f4ed fix ql/name-casing, and drive-by QL-for-QL typo fix 2022-03-30 22:59:14 +02:00
Erik Krogh Kristensen
1847a5713b remove TODO 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
7ca6426ea5 revert the Taint stage, as it caused an alert for ql/abstract-class-import 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
7e4ab4c60b Revert "import all the frameworks that extend RegexString"
This reverts commit 84bc9042de4e876685f8f5ffdd88893383d1cfdc.

It caused ql/abstract-class-import alerts
2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
3b9335c051 nomagic on containsInScope 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
5caff81ff9 import all the frameworks that extend RegexString 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
b959705531 revert changes in MRO.qll 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
b74852ffd6 cache a bit more (again) 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
d9ced55e2c make private predicates private 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
040196f40d cache more basicblock predicates 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
79713e0ef8 a bit more caching 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
7643aac207 revert bad nomagic 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
35c7fa58a7 joiner order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
88e896992e cache the remainder of the pointsto layer 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
79da0970cc various join order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
3e9ee887d4 fix bad mistake 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
758a5d7a85 few join order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
6eca4ba2d3 get around identical files by adding the ref() call somewhere else 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
4089788629 revert caching of some large predicates that caused the DB size to increase too much 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
0da80f90d3 rename the SSA stages to AST 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
c9e3a62953 cached stages iteration 5 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
a8f9a91e38 cached stages iteration 4 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
f68357a063 cached stages iteration 3.5 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
37a9b41e26 cached stages iteration 3 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
60b5af215f cached stages iteration 2 2022-03-30 22:53:59 +02:00
Erik Krogh Kristensen
71eacea90b add the cached stages pattern to Python 2022-03-30 22:53:59 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests
JS: Fix expected test output for ATM queries
2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Robert Marsh
3ce7c521d1 C++: fix IR global var init for string constants 2022-03-30 14:01:59 -04:00
Robert Marsh
e01799827a C++: add test for string global var inits in IR 2022-03-30 13:38:25 -04:00
Robert Marsh
fb0a848e5a C++: fix inconsistency with global var constructor 2022-03-30 13:32:02 -04:00
Robert Marsh
9d4aac61fd C++: add IR tests for global var with constructor 2022-03-30 13:20:26 -04:00
Chris Smowton
19cd97e426 Java: Clarify the meaning of getRuleExpression/Statement 2022-03-30 17:58:11 +01:00
Ian Lynagh
46c27dd20f Merge pull request #8514 from github/post-release-prep/codeql-cli-2.8.4
Post-release preparation for codeql-cli-2.8.4
2022-03-30 16:36:14 +01:00
Ian Lynagh
e9acb4f8e8 Merge pull request #706 from github/post-release-prep/codeql-cli-2.8.4
Post-release preparation for codeql-cli-2.8.4
2022-03-30 16:35:29 +01:00
Nick Rolfe
fa1bb82701 Merge pull request #8610 from github/nickrolfe/re-fix-location-join-order
Ruby: undo accidental revert of #8538
2022-03-30 16:31:52 +01:00
Nick Rolfe
10b75bff76 Ruby: undo accidental revert of 13be9919 2022-03-30 16:02:12 +01:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
2022-03-30 15:56:27 +01:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
2022-03-30 16:38:47 +02:00
Robert Marsh
417b0b5353 C++: accept test changes for updated extractor 2022-03-30 10:23:17 -04:00
Owen Mansel-Chan
79e6f7876b Merge pull request #710 from owen-mc/delete-consistency
Delete unused file DataFlowImplConsistency
2022-03-30 15:15:55 +01:00
Michael Nebel
8238c99199 C#: Only include APIs that has a proper namespace. 2022-03-30 15:22:32 +02:00
Michael Nebel
5c13391580 C#: Add test cases for operators. 2022-03-30 15:09:44 +02:00
Michael Nebel
04960fc0c6 C#: Filter out explicit and implicit conversion operators, when creating summaries. 2022-03-30 15:09:26 +02:00
Michael Nebel
8b08ddf7ad C#: Use callables qualified name instead of name, when printing summary like information. 2022-03-30 15:05:57 +02:00
Michael Nebel
4163078ecc C#: The qualified name of the operator should use the function name instead of the displayed name. 2022-03-30 15:05:03 +02:00
Tom Hvitved
3c50987b9b Merge pull request #8590 from hvitved/ruby/rc-perf-picks
Ruby: Cherry pick performance fixes onto `rc/3.5`
2022-03-30 14:48:33 +02:00
Sebastian Bauersfeld
a3c3a7fe0d Python: Identify alternative body argument in invocations of Response constructor. 2022-03-30 19:34:54 +07:00
Dave Bartolomeo
70c44734e6 Merge pull request #8445 from dbartol/dbartol/ir-range/semantic-scratch
Sign, Modulus, and Range analysis for C++ using sharable semantic layer
2022-03-30 07:08:09 -04:00
Dave Bartolomeo
e2396a5e03 Remove PrintIR tests for range analysis
These were only used for debugging, and don't actually make good tests.
2022-03-30 06:45:28 -04:00
Dave Bartolomeo
19789fa738 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-30 06:39:14 -04:00
Nick Rolfe
a274af2b16 Merge pull request #7985 from github/nickrolfe/constant_regexp
Ruby: separate constant propagation of regexps from strings
2022-03-30 11:37:33 +01:00
Owen Mansel-Chan
8a3a58ca76 Delete unused file DataFlowImplConsistency 2022-03-30 11:03:46 +01:00
ihsinme
b95094235c Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-03-30 10:51:38 +03:00
4B5F5F4B
9ab773422a refactor some code, and add access_ok cases 2022-03-30 12:25:32 +08:00
Harry Maclean
167bda2d4e Ruby: Add QLDoc for InsecureDependencyQuery.qll 2022-03-30 13:50:12 +13:00
Harry Maclean
d13bbbaf35 Ruby: Add change note for rb/insecure-dependency 2022-03-30 13:39:35 +13:00
Harry Maclean
37cedda63a Ruby: Add InsecureDependencyResolution query
This query looks for places in a Gemfile where URLs with insecure
protocols (HTTP or FTP) are specified.
2022-03-30 13:39:15 +13:00
Marcono1234
a93b4ed0f2 Java: Make JumpStmt a proper superclass 2022-03-30 00:30:27 +02:00
Erik Krogh Kristensen
48ef3b106f fix mistake in inlining 2022-03-29 23:39:22 +02:00
Erik Krogh Kristensen
090c5c39f6 add explicit this 2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen
cebba05b8b rename getAClassReferenceStep to getAClassReferenceRec 2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen
be6c122b27 improve the join order of getAClassReference 2022-03-29 22:44:02 +02:00
Erik Krogh Kristensen
979fa2386a autoformat 2022-03-29 22:38:23 +02:00
Robert Marsh
9442be1a27 Autoformat 2022-03-29 16:23:57 -04:00
Porcupiney Hairs
92033047a5 Python : Add query to detect PAM authorization bypass
Using only a call to `pam_authenticate` to check the validity of a login can
lead to authorization bypass vulnerabilities. A `pam_authenticate` only
verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with a
expired login or a password can still access the system.

This PR includes a qhelp describing the issue, a query which detects instances where a call to
`pam_acc_mgmt` does not follow a call to `pam_authenticate` and it's
corresponding tests.

This PR has multiple detections. Some of the public one I can find are :
* [CVE-2022-0860](https://nvd.nist.gov/vuln/detail/CVE-2022-0860) found
in [cobbler/cobbler](https://www.github.com/cobbler/cobbler)
* [fredhutch/motuz](https://www.huntr.dev/bounties/d46f91ca-b8ef-4b67-a79a-2420c4c6d52b/)
2022-03-30 00:47:58 +05:30
Robert Marsh
8d21c8b7c5 Merge pull request #8423 from 4B5F5F4B/main
[CPP][Linux Kernel]Add ql to detect CVE-2017-5123
2022-03-29 15:10:15 -04:00
luchua-bc
fa2a6a7da3 Remove unnecessary taint step and update qldoc 2022-03-29 17:52:49 +00:00
Jeroen Ketema
e5ac492b62 Merge pull request #8593 from jketema/pointless-options
C++: Remove debugging options from library tests
2022-03-29 17:55:47 +02:00
Jeroen Ketema
d1857a9e37 C++: Remove debugging options from library tests 2022-03-29 17:24:18 +02:00
Geoffrey White
e04298d532 C++: Delete experimental PrivateData.qll. 2022-03-29 15:26:46 +01:00
Asger Feldthaus
8bb58a3222 Merge branch 'js/decorated-method-or-class' of github.com:asgerf/codeql into js/decorated-method-or-class 2022-03-29 16:13:54 +02:00
Asger Feldthaus
75a84378ac JS: Do not generate def-nodes for decorated parameters 2022-03-29 16:13:45 +02:00
Asger Feldthaus
ca145f21b0 JS: Add test showing why parameter-sinks wont actually work well in JS 2022-03-29 16:06:53 +02:00
Geoffrey White
cf5c6baadd C++: More test cases for salary. 2022-03-29 15:05:27 +01:00
Asger Feldthaus
3bcfca421f JS: Add test case for decorated parameter sinks 2022-03-29 15:55:43 +02:00
Geoffrey White
0e3e145e53 C++: Add CWE-359 tag to cpp/cleartext-transmission. 2022-03-29 14:44:06 +01:00
Asger F
6e630cccc2 Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-03-29 15:41:20 +02:00
Michael Nebel
db7abb429f C#: Remove unneeded exists. 2022-03-29 14:59:32 +02:00
Michael Nebel
6be41b0c29 C#/Java: Address review comments. 2022-03-29 14:52:57 +02:00
Michael Nebel
b0a24a7a44 C#: Change the implementation on getAnInput and getAnOutput based on hvitveds recommendations. 2022-03-29 14:52:57 +02:00
Michael Nebel
c2196a04aa C#: Update the description of the telemetry queries. 2022-03-29 14:52:57 +02:00
Michael Nebel
bfb206c810 C#: Let ExternalApi extend DataFlowCallable instead of Callable. 2022-03-29 14:52:57 +02:00
Michael Nebel
e1d4c1b68c C#/Java: Reorder code in terms of dependency, rename ExternalAPI to ExternalApi and add some missing predicate qualifiers. 2022-03-29 14:52:52 +02:00
Michael Nebel
4f00666591 C#: Add query and test case for supported external taint. 2022-03-29 14:49:37 +02:00
Michael Nebel
03c1bf6d87 C#: Mark Xunit as uninteresting. 2022-03-29 14:49:37 +02:00
Michael Nebel
18b1b51d07 C#: Add test for known sources telemetry query. 2022-03-29 14:49:37 +02:00
Michael Nebel
1f1059bfc6 C#: Add telemetry query for supported sources. 2022-03-29 14:49:37 +02:00
Michael Nebel
a7ece69f2b C#: Add test for supported sinks query. 2022-03-29 14:49:37 +02:00
Michael Nebel
d81e73f9c6 C#: Add telemetry query for supported sinks. 2022-03-29 14:49:37 +02:00
Michael Nebel
e4f6321851 C#: Add test for unsupported uses of library code. 2022-03-29 14:49:37 +02:00
Michael Nebel
e014cae7df C#: Add test and output for all library usages. 2022-03-29 14:49:37 +02:00
Michael Nebel
7cef859253 C#: Add sample code file that calls both supported and unsupported library code with respect to flow summaries. 2022-03-29 14:49:37 +02:00
Michael Nebel
918a6c7425 C#: Telemetry query for measuring (unsupport dataflow) library usage. 2022-03-29 14:49:37 +02:00
Michael Nebel
c023808657 C#: Telemetry query for measuring all library usage. 2022-03-29 14:49:37 +02:00
Michael Nebel
0650c6d395 C#: Add initial port of the java implementation of ExternalAPI.qll. 2022-03-29 14:49:37 +02:00
Michael Nebel
e9070b010b C#: Add getCall predicate to ArgumentNode. 2022-03-29 14:49:37 +02:00
Michael Nebel
c552ab4138 Java: Remove duplicate import statement in ExternalAPI.qll. 2022-03-29 14:49:37 +02:00
Michael Nebel
c3ac5aba57 Merge pull request #8482 from michaelnebel/csharp/capturesourcesink-models
C#: Capture[Source|Sink]Models utility.
2022-03-29 14:43:10 +02:00
yoff
3416f074e8 Update python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql
Explain why `TestScope` is not used.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-03-29 13:59:04 +02:00
Dave Bartolomeo
c9f79047b3 Improve QLDoc 2022-03-29 07:27:45 -04:00
Dave Bartolomeo
01c747ccb7 Remove debugging code 2022-03-29 07:14:51 -04:00
Dave Bartolomeo
820beed085 Remove Java portion (moved to separate PR) 2022-03-29 07:09:33 -04:00
Tony Torralba
e564481e9f Organize imports 2022-03-29 11:38:24 +02:00
Asger F
68575f3655 Merge pull request #8579 from asgerf/js/literal-csv-rows
JS: write all CSV rows as literals
2022-03-29 11:13:19 +02:00
Michael Nebel
8e60073d5a Java: Remove dataflow imports for java.qll. 2022-03-29 11:07:58 +02:00
Michael Nebel
f734edf8ff C#/Java: Minor refactor and re-arranging of code to align the CaptureModel specific implementations. 2022-03-29 11:07:58 +02:00
Michael Nebel
dd267b353a C#: Move isRelevantMemberAccess out of PropagateToSinkConfigurationSpecific. 2022-03-29 11:07:58 +02:00
Michael Nebel
3933dfa78e Java: Make imports private and add parts of the dataflow library to java.qll (same as in C#). 2022-03-29 11:07:58 +02:00
Michael Nebel
ad90c55bc6 C#: Improve encapsulation in CaptureModelsSpecific. 2022-03-29 11:07:57 +02:00
Michael Nebel
26d5eb64b3 C#/Java: Initial merge ModelGeneratorUtils into CaptureModels. 2022-03-29 11:07:57 +02:00
Michael Nebel
9b7691a5fc C#/Java: Address comments on re-exposing functionality. 2022-03-29 11:07:57 +02:00
Michael Nebel
1710b66003 C#/Java: Some minor variable name changes and QL Doc updates. 2022-03-29 11:07:57 +02:00
Michael Nebel
4298024cd6 C#: Refactor isRelevantForModels. 2022-03-29 11:07:57 +02:00
Michael Nebel
5970fd9904 C#: Also include property reads in possible new sink discovery. Only include public fields and properties. 2022-03-29 11:07:57 +02:00
Michael Nebel
8a65efbae4 C#/Java: Add isRelevantSinkKind predicate with language specific implementation. 2022-03-29 11:07:57 +02:00
Michael Nebel
0009d781d7 Java: Make most imports private. 2022-03-29 11:07:57 +02:00
Michael Nebel
1c7d764d54 C#: Make most module imports private. 2022-03-29 11:07:57 +02:00
Michael Nebel
ad27a5a1a6 C#/Java: Add some more QL Doc to the CaptureModels[Specific] implementation. 2022-03-29 11:07:57 +02:00
Michael Nebel
62dcbff67f C#: Update sync files config. 2022-03-29 11:07:57 +02:00
Michael Nebel
5d62c48890 C#/Java: Move libraries to internal folder as these are for internal use only. 2022-03-29 11:07:57 +02:00
Michael Nebel
3d2ce57c9e Java: Collapse all the specific code for summary, source and sink models into a single file. 2022-03-29 11:07:57 +02:00
Michael Nebel
43c9f9d7bb C#: Collapse all the specific code for summary, source and sink models into a single file. 2022-03-29 11:07:57 +02:00
Michael Nebel
852d8a2770 Java: Collapse all the shared code for summary, source and sink models into a single file. 2022-03-29 11:07:57 +02:00
Michael Nebel
4f2227f206 C#: Collapse all the shared code for summary, source and sink models into a single file. 2022-03-29 11:07:57 +02:00
Michael Nebel
79fd2e6a40 C#/Java: Make configurations private and sprinkle some QL Doc. 2022-03-29 11:07:57 +02:00
Michael Nebel
6194d5cf63 C#: Add test for CaptureSinkModel query. 2022-03-29 11:07:57 +02:00
Michael Nebel
5babb0e66a C#: Update stubs to include one more known sink method. 2022-03-29 11:07:57 +02:00
Michael Nebel
858508fa33 C#: Make sure that language independent parts of CaptureSinkModels is in sync. 2022-03-29 11:07:57 +02:00
Michael Nebel
db21a6a0f3 C#: Add CaptureSummaryModels query. 2022-03-29 11:07:57 +02:00
Michael Nebel
fb2a7dfb48 Java: Refactor CaptureSinkModels into language specific and generic part. 2022-03-29 11:07:57 +02:00
Michael Nebel
cc5fbbb7c5 Java: Minor cleanup in CaptureSinkModels. 2022-03-29 11:07:56 +02:00
Michael Nebel
cc4e26466f C#: Add test case for CaptureSummaryModels query. 2022-03-29 11:07:56 +02:00
Michael Nebel
b4efd0e154 C#: Make sure that the shared CaptureSummaryModel is in sync. 2022-03-29 11:07:56 +02:00
Michael Nebel
4ae5dc323f C#: Add CaptureSourceModel query. 2022-03-29 11:07:56 +02:00
Michael Nebel
45234b1631 Java: Refactor CaptureSourceModel to enable re-use. 2022-03-29 11:07:56 +02:00
Michael Nebel
f00837578b Java: isPublic and fromSource check as this is already ensured by the TargetApi characteristic predicate. 2022-03-29 11:07:56 +02:00
Michael Nebel
f42ed1e3ad Java: Cleanup imports in CaptureSourceModels. 2022-03-29 11:07:56 +02:00
Geoffrey White
b94ade3bdd C++: Improve the regexps. 2022-03-29 10:03:58 +01:00
Erik Krogh Kristensen
ae3b32409a update expected output of tests that relied on API::Node::toString() 2022-03-29 10:59:08 +02:00
Geoffrey White
393819837c C++: Convert to regexp. 2022-03-29 09:33:16 +01:00
Tom Hvitved
f429dafb09 Address review comments 2022-03-29 10:23:59 +02:00
Tom Hvitved
15ef8c1d8f Ruby: Cache ConstantReadAccess::getValue 2022-03-29 10:23:54 +02:00
Tom Hvitved
fe50c2879e Ruby: Rework getConstantValue implementation 2022-03-29 10:23:49 +02:00
Tom Hvitved
ec82fb1221 Ruby: Fix bad join-order in RegExpTerm::hasLocationInfo
Before:
```
[2022-03-23 14:50:16] (776s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@5f6cf7if after 1m4s:
                      707103    ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721     ~0%     {5} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1 'this', Rhs.2, Rhs.3
                      64721     ~0%     {5} r3 = JOIN r2 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~0%     {5} r4 = JOIN r3 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~3%     {6} r5 = JOIN r4 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff ON FIRST 1 OUTPUT Rhs.1 'filepath', Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4, Rhs.4 'endline'
                      353247577 ~1%     {10} r6 = JOIN r5 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.1, 0, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.0 'filepath', Lhs.5 'endline', Rhs.1, Rhs.2 'startline', Rhs.3
                      353247577 ~0%     {9} r7 = JOIN r6 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.7, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.5 'filepath', Lhs.6 'endline', Lhs.8 'startline', Lhs.9
                      64721     ~2%     {6} r8 = JOIN r7 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.5 'filepath', Lhs.7 'startline', (Lhs.8 + Lhs.3), Lhs.6 'endline', ((Lhs.8 + Lhs.4) - 1)
                                        return r8
```

After:
```
[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff/7@de55ac7l after 1.1s:
                      12956   ~0%     {3} r1 = SCAN files OUTPUT In.0, 0, In.1 'filepath'
                      9850785 ~0%     {7} r2 = JOIN r1 WITH locations_default_102345#join_rhs ON FIRST 1 OUTPUT Rhs.1, 0, Lhs.2 'filepath', Rhs.2 'startline', Rhs.3 'startcolumn', Rhs.4 'endline', Rhs.5 'endcolumn'
                      823486  ~0%     {8} r3 = JOIN r2 WITH AST::AstNode::getLocation#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT 0, Rhs.1, 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                      698251  ~4%     {7} r4 = JOIN r3 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, 0, Lhs.3 'filepath', Lhs.4 'startline', Lhs.5 'startcolumn', Lhs.6 'endline', Lhs.7 'endcolumn'
                      64721   ~1%     {7} r5 = JOIN r4 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                                      return r5

[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@ad66b12q after 53ms:
                      707103 ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721  ~0%     {4} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.1, Rhs.2, Rhs.3
                      64721  ~5%     {5} r3 = JOIN r2 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#bffffff ON FIRST 2 OUTPUT Lhs.0 'this', Rhs.2 'filepath', Lhs.2, Lhs.3, Rhs.3 'endline'
                      64721  ~2%     {6} r4 = JOIN r3 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.1 'filepath', Rhs.2 'startline', (Rhs.3 + Lhs.2), Lhs.4 'endline', ((Rhs.3 + Lhs.3) - 1)
                                     return r4
```
2022-03-29 10:23:32 +02:00
Tony Torralba
6799838ece Simplification 2022-03-29 09:43:37 +02:00
4B5F5F4B
9358b824c0 modify select clause to make codeql happy:) 2022-03-29 10:41:12 +08:00
luchua-bc
833d842113 Drop the getPath check from the library 2022-03-28 20:14:40 +00:00
Robert Marsh
3c1ec5a595 Merge branch 'main' into rdmarsh2/ir-global-vars 2022-03-28 16:06:17 -04:00
luchua-bc
657f615703 Fine tune the query and update qldoc 2022-03-28 20:05:12 +00:00
Robert Marsh
af6a4f31e7 C++: TranslatedInstructionContainer to RootElement 2022-03-28 15:20:48 -04:00
Robert Marsh
5811d0b2ad C++: add AliasedDefinition to IR global var inits 2022-03-28 14:53:43 -04:00
Stephan Brandauer
9c3fcb6268 precise tracking of handlebars arguments 2022-03-28 17:26:43 +02:00
Asger Feldthaus
cf596a1856 JS: Add decorator edges in API graphs and corresponding MaD tokens 2022-03-28 15:34:40 +02:00
Erik Krogh Kristensen
20599d1846 Merge branch 'main' of github.com:github/codeql into labelNaming 2022-03-28 15:30:33 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00
Asger F
e5f2b830f3 Merge pull request #8577 from asgerf/fix-mad-warning
JS/Ruby: Fix regexp in MaD checking
2022-03-28 15:29:16 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
2022-03-28 15:28:52 +02:00
Geoffrey White
611b820cbc C++: Change notes. 2022-03-28 14:27:21 +01:00
Erik Krogh Kristensen
e79eecb640 update toString() of API::Node, and update expected output that depends on the former 2022-03-28 15:23:45 +02:00
Nick Rolfe
9406aa2f29 Merge remote-tracking branch 'origin/main' into nickrolfe/constant_regexp 2022-03-28 13:05:34 +01:00
Asger Feldthaus
0b30ecf36a Ruby: add select clause back to Summaries.ql 2022-03-28 13:57:50 +02:00
Erik Krogh Kristensen
36db492aa2 move the polynomialbacktracking-test to the test folder 2022-03-28 13:22:26 +02:00
Erik Krogh Kristensen
c5fb19c377 update the JS API-graph labels toString() to print the predicate calls on the API-graphs 2022-03-28 13:19:16 +02:00
Arthur Baars
85c4daa2bf Address comments 2022-03-28 13:15:32 +02:00
Asger Feldthaus
d5bcd14733 Sync ApiGraphModels.qll 2022-03-28 12:43:55 +02:00
Asger Feldthaus
7e6206ed36 JS: Fix the regexp for valid MaD token arguments 2022-03-28 12:43:43 +02:00
Arthur Baars
2ae5e8158e Python: import RegExpTreeView correctly 2022-03-28 12:41:32 +02:00
Nick Rolfe
a9eac19dac Ruby: address review feedback 2022-03-28 11:19:24 +01:00
Arthur Baars
b103679d8a JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll 2022-03-28 12:17:26 +02:00
Arthur Baars
af1d949d06 Merge pull request #8489 from aibaars/regex-refactor
Ruby: refactor regex libraries
2022-03-28 12:17:00 +02:00
Geoffrey White
18f80eb3e3 C++: Loosen a few constraints slightly. 2022-03-28 11:16:57 +01:00
Geoffrey White
850646b8ba C++: Deprecate the experimental version, forward to the new one. 2022-03-28 11:16:56 +01:00
Geoffrey White
3fed7bf6d0 C++: Extend cpp/cleartext-transmission using PrivateData.qll. 2022-03-28 11:16:56 +01:00
Geoffrey White
202b6d44a5 C++: Update SensitiveExprs.qll to clarify the relationship. 2022-03-28 10:54:56 +01:00
Geoffrey White
0453c0f0a1 C++: Convert to C++ and make it look more like SensitiveExprs.qll. 2022-03-28 10:54:55 +01:00
Geoffrey White
ec98269a24 C++: Copy PrivateData.qll from csharp. 2022-03-28 10:54:54 +01:00
Geoffrey White
bb272003b4 C++: More test cases. 2022-03-28 10:54:54 +01:00
Erik Krogh Kristensen
c98d024c0e Merge pull request #8575 from erik-krogh/qlFixTypo
QL: fix Import::getImportString
2022-03-28 11:41:59 +02:00
Arthur Baars
accdd9499a Ruby: drop unused predicates that do not exist in Python variant 2022-03-28 11:32:52 +02:00
Erik Krogh Kristensen
7ac6f5849c fix Import::getImportString 2022-03-28 11:04:18 +02:00
Ahmed Farid
53f756b078 Update ZipSlip.expected 2022-03-28 08:54:44 +00:00
Mathias Vorreiter Pedersen
57c39e9642 Merge pull request #8574 from erik-krogh/qlForQlFixes
QL: two small improvements
2022-03-28 09:26:43 +01:00
Erik Krogh Kristensen
77aff04429 add a getImportString utility predicate to Import 2022-03-28 10:14:27 +02:00
Erik Krogh Kristensen
d4c8f42336 add QLDoc to the child relation for TopLevel 2022-03-28 09:54:08 +02:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef
Python: Add def nodes to API graphs
2022-03-28 08:09:14 +02:00
Rasmus Lerchedahl Petersen
d39410aa2d python: backport review comment to Ruby 2022-03-28 07:35:14 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Ahmed Farid
d89ed8b98b Update zipslip_bad.py 2022-03-28 01:40:08 +00:00
Ahmed Farid
a50f051cdd Update zipslip_bad.py 2022-03-28 01:38:58 +00:00
Ahmed Farid
cafbd98454 Update zipslip_bad.py 2022-03-28 01:08:39 +00:00
Ahmed Farid
f364e41dbe Update ZipSlip.expected 2022-03-28 01:02:38 +00:00
Ahmed Farid
a8c14ed6c3 Update zipslip_bad.py 2022-03-28 01:00:38 +00:00
Ahmed Farid
ddba3b7784 Update ZipSlip.qll 2022-03-28 00:59:56 +00:00
Ahmed Farid
0fac4f195d Update Concepts.qll 2022-03-28 00:47:27 +00:00
Ahmed Farid
413f1945ce Update Zip.qll 2022-03-28 00:44:56 +00:00
Marcono1234
f19ade3446 Java: Add StmtExpr 2022-03-27 01:42:34 +01:00
4B5F5F4B
2d7b9c0c4f modify a little cute typo 2022-03-26 22:55:27 +08:00
4B5F5F4B
7a091f808b Create NoCheckBeforeUnsafePutUser.ql 2022-03-26 22:45:03 +08:00
4B5F5F4B
64863d493b Delete cve-2017-5123.ql 2022-03-26 22:42:59 +08:00
Edoardo Pirovano
8faabb837a Merge pull request #8561 from erik-krogh/latestTools
QL: use latest tools in codeql-action/init
2022-03-25 15:12:58 -04:00
Erik Krogh Kristensen
21192b7593 use latest tools in codeql-action/init 2022-03-25 19:26:10 +01:00
Andrew Eisenberg
5fb84a774b Merge pull request #8553 from github/aeisenberg/cpp-suites
Suites: Remove self-referential `from` directives
2022-03-25 09:15:53 -07:00
Michael Nebel
79f3da8af1 Merge pull request #8506 from michaelnebel/java/generalize-generate-flow-model
Java/C#: Generalize script for generating flow models.
2022-03-25 16:20:53 +01:00
Geoffrey White
2014599f88 Merge pull request #8318 from geoffw0/cwe497b
C++: New query cpp/potential-system-data-exposure
2022-03-25 14:55:00 +00:00
Taus
b75ac4e827 Merge pull request #8540 from tausbn/python-add-points-to-call-graph-meta-query
Python: Add call graph meta-query
2022-03-25 15:36:33 +01:00
Erik Krogh Kristensen
9e71d9bada Merge pull request #8556 from erik-krogh/bumpAction
QL: update codeql-action version in QL-for-QL
2022-03-25 14:46:31 +01:00
Erik Krogh Kristensen
68c07fe1c0 pin the commit of codeql-action in the remaining steps/workflows 2022-03-25 14:35:44 +01:00
Erik Krogh Kristensen
8f377f4101 pin the commit
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-03-25 14:19:29 +01:00
Erik Krogh Kristensen
cf57eb825c update codeql-action version in QL-for-QL 2022-03-25 13:37:27 +01:00
Taus
d56caa2398 Merge pull request #8547 from RasmusWL/regexstring-imports
Python: Import framework-modeling in `regex.qll`
2022-03-25 13:26:04 +01:00
Geoffrey White
9f3fd57534 Merge branch 'main' into cwe497b 2022-03-25 11:57:30 +00:00
Mathias Vorreiter Pedersen
c115c68247 Merge pull request #8542 from MathiasVP/public-iterated-dominance-frontier
C++: Use `iterated (post)dominance frontier` algorithm in `IRBlock`
2022-03-25 11:51:15 +00:00
Jeroen Ketema
b91914bd89 Merge pull request #8534 from jketema/bitwise-ctor-field-init
C++: Handle bitwise copies in copy constructors
2022-03-25 12:47:57 +01:00
Geoffrey White
e377eebdbc C++: More 'adversary' -> 'malicious user' and related doc changes. 2022-03-25 11:34:37 +00:00
Rasmus Lerchedahl Petersen
1e9840d779 python: broaden local protection concept 2022-03-25 12:28:33 +01:00
Geoffrey White
11074b6d77 Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-03-25 11:08:07 +00:00
Nick Rolfe
c7ba7fd389 Ruby: add changenotes for regexp constant value changes 2022-03-25 11:08:01 +00:00
Geoffrey White
6b6ee61d3f Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-03-25 11:06:46 +00:00
Rasmus Lerchedahl Petersen
179f77b123 python: clearer comment 2022-03-25 11:51:24 +01:00
Rasmus Lerchedahl Petersen
778a88f32c python: update qhelp
removing custom middleware stack
will _not_ enable CSRF protection
2022-03-25 11:49:06 +01:00
Jeroen Ketema
94f014d948 C++: Update tests for handling of bitwise copies in copy constructors 2022-03-25 11:43:01 +01:00
Jeroen Ketema
b18b86b2e2 C++: Remove check for value-less literals in constructors 2022-03-25 11:43:01 +01:00
yoff
85f1d92a0d Apply suggestions from code review
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-03-25 11:42:32 +01:00
Chris Smowton
f0168d00d1 Merge pull request #8529 from github/smowton/admin/commons-lang3-test-typo
Java: Fix harmless search-replace mistake
2022-03-25 10:36:00 +00:00
Asger Feldthaus
8e2ffc2508 Ruby: add the inline test expectations 2022-03-25 11:31:22 +01:00
Asger Feldthaus
5703f63afa Ruby: use InlineFlowTest in Summaries.ql test 2022-03-25 11:18:52 +01:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
2022-03-25 11:13:10 +01:00
Nick Rolfe
034fce0682 Ruby: show constant value type in tests 2022-03-25 08:25:07 +00:00
Andrew Eisenberg
99f14af56a Suites: Remove self-referential from directives
Fixes https://github.com/github/codeql/issues/8412

See https://github.com/github/codeql/issues/8412#issuecomment-1078281668
for more detail.
2022-03-24 14:19:20 -07:00
Nick Rolfe
0613fda57f Ruby: separate constant propagation of regexps from strings 2022-03-24 17:46:58 +00:00
Erik Krogh Kristensen
47a9376e81 fix bad join in js/unreachable-method-overloads 2022-03-24 16:09:10 +01:00
Tom Hvitved
e12b6df118 Merge pull request #8484 from hvitved/ruby/constant-value-rework
Ruby: Rework `getConstantValue` implementation
2022-03-24 14:32:31 +01:00
Rasmus Wriedt Larsen
d51aaf2f91 Python: Import framework-modeling in regex.qll 2022-03-24 14:28:44 +01:00
Mathias Vorreiter Pedersen
80630972b1 Merge branch 'main' into public-iterated-dominance-frontier 2022-03-24 12:50:29 +00:00
Rasmus Wriedt Larsen
98c0d73ffe Merge pull request #8524 from RasmusWL/ruby-update-ssrf-concept
Ruby: Minor change of SSRF concept
2022-03-24 13:48:06 +01:00
Stephan Brandauer
a28e9c5b6e documentation for handlebars.js flow step 2022-03-24 13:08:52 +01:00
Rasmus Lerchedahl Petersen
ce017394e6 python: fix change note (hepofully) 2022-03-24 12:01:46 +01:00
Stephan Brandauer
0bd9e9f298 add handlebars taint step 2022-03-24 11:46:16 +01:00
Rasmus Lerchedahl Petersen
aecf4e48f8 python: add change note 2022-03-24 11:43:07 +01:00
Chris Smowton
005a020f04 Merge pull request #8508 from igfoo/igfoo/error_elements
Java: Add ErrorExpr, ErrorStmt
2022-03-24 10:39:14 +00:00
Arthur Baars
15801fcc85 Apply suggestions from code review
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-24 11:37:03 +01:00
Arthur Baars
eef0da09bb Ruby: move RegExpTreeView.qll out of 'internal' 2022-03-24 11:37:03 +01:00
Arthur Baars
1a9aaf4543 Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-03-24 11:37:03 +01:00
Arthur Baars
5f787144c0 Add change note 2022-03-24 11:37:03 +01:00
Arthur Baars
3c434931ec Ruby: make ParseRegExp.qll and RegExpTreeView.qll internal libraries 2022-03-24 11:37:03 +01:00
Arthur Baars
74aea81fe3 Ruby: refactor regex libraries 2022-03-24 11:37:02 +01:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
Arthur Baars
496aab78a7 Merge pull request #8535 from aibaars/setter-method-arg-location
Ruby: fix location of setter-call argument
2022-03-24 11:26:13 +01:00
Tom Hvitved
eff7cf6396 Merge pull request #8538 from hvitved/ruby/regexpterm-location-perf
Ruby: Fix bad join-order in `RegExpTerm::hasLocationInfo`
2022-03-24 10:01:12 +01:00
Tom Hvitved
2699412160 Merge pull request #8543 from hmac/hmac/test-naming-fix
Ruby: Fix bad name of lambda in test
2022-03-24 09:46:04 +01:00
Harry Maclean
28a430a2f2 Ruby: Fix bad name of lambda in test
This isn't the identity function, so it's confusing for it to be named
so.
2022-03-24 12:44:41 +13:00
Ahmed Farid
eab6568cda Update zipslip_good.py 2022-03-24 00:35:24 +01:00
Ahmed Farid
8dea7248ea Update zipslip_bad.py 2022-03-24 00:34:52 +01:00
Ahmed Farid
b5f1e9de08 Update zipslip_bad.py 2022-03-24 00:33:28 +01:00
Ahmed Farid
a05318f10c Update zipslip_good.py 2022-03-24 00:32:11 +01:00
Ahmed Farid
1836723ecb Merge branch 'main' into ZipSlip 2022-03-23 19:27:12 -04:00
Harry Maclean
3b4206cebf Merge pull request #8517 from hmac/hmac/lambda-captured-var
Ruby: fix bug with captured variable reads in lambdas
2022-03-24 10:00:19 +13:00
Mathias Vorreiter Pedersen
61c944201f Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480
Add query for double-fetch vulnerability
2022-03-23 18:15:05 +00:00
Asger Feldthaus
b0b795dbbb JS: Autoformat 2022-03-23 19:15:01 +01:00
Mathias Vorreiter Pedersen
c76a323246 C++/C#: Sync identical files. 2022-03-23 17:27:25 +00:00
Mathias Vorreiter Pedersen
1b4fb45089 C++: Use the iterated (post)dominance frontier algorithm in the public '(post)dominanceFrontier' predicate on 'IRBlocks'. 2022-03-23 17:27:16 +00:00
Asger Feldthaus
69eb24e748 Ruby: fix toCsv representation of argument/parameter positions 2022-03-23 18:11:09 +01:00
Asger Feldthaus
6870a19ace Ruby: autoformat 2022-03-23 18:06:12 +01:00
Asger Feldthaus
0d51804b5e Ruby: update a comment mentioning Receiver 2022-03-23 18:06:12 +01:00
Asger Feldthaus
ce54eb3c78 Ruby: Add Argument[foo:] syntax for keyword arguments 2022-03-23 18:06:12 +01:00
Asger Feldthaus
c923b9bb9b Ruby: Replace Receiver with Argument[self] 2022-03-23 18:06:12 +01:00
Asger Feldthaus
ec30a0f975 Ruby: replace BlockArgument with Argument[block] 2022-03-23 18:06:12 +01:00
Asger Feldthaus
6d84baf276 Ruby: Support self,block in Argument/Parameter tokens 2022-03-23 18:06:12 +01:00
Asger Feldthaus
95122b2b6c JS: Support Argument[this] token 2022-03-23 18:06:12 +01:00
Asger Feldthaus
d476f976fe JS: Support Parameter[this] token 2022-03-23 18:06:12 +01:00
Taus
af888f7604 Python: Add call graph meta-query 2022-03-23 16:36:28 +00:00
CodeQL CI
ac29d5f51b Merge pull request #8523 from asgerf/js/api-graph-receiver-label
Approved by erik-krogh
2022-03-23 15:31:12 +00:00
Mathias Vorreiter Pedersen
8b8f0ca6e5 Merge pull request #8479 from geoffw0/widecharperf
C++: Fix expensive getWideCharType().
2022-03-23 14:22:17 +00:00
Anna Railton
41418e729e Merge pull request #8536 from github/codeql-ci/js-atm-new-release
JS: Bump version numbers of ML-powered packs after 0.2.0 release
2022-03-23 14:16:11 +00:00
Tom Hvitved
13be99196f Ruby: Fix bad join-order in RegExpTerm::hasLocationInfo
Before:
```
[2022-03-23 14:50:16] (776s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@5f6cf7if after 1m4s:
                      707103    ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721     ~0%     {5} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1 'this', Rhs.2, Rhs.3
                      64721     ~0%     {5} r3 = JOIN r2 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~0%     {5} r4 = JOIN r3 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4
                      64721     ~3%     {6} r5 = JOIN r4 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff ON FIRST 1 OUTPUT Rhs.1 'filepath', Lhs.1, Lhs.2 'this', Lhs.3, Lhs.4, Rhs.4 'endline'
                      353247577 ~1%     {10} r6 = JOIN r5 WITH Locations::Location::hasLocationInfo#dispred#f0820431#ffffff_1023#join_rhs ON FIRST 1 OUTPUT Lhs.1, 0, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.0 'filepath', Lhs.5 'endline', Rhs.1, Rhs.2 'startline', Rhs.3
                      353247577 ~0%     {9} r7 = JOIN r6 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.7, Lhs.2 'this', Lhs.3, Lhs.4, Lhs.5 'filepath', Lhs.6 'endline', Lhs.8 'startline', Lhs.9
                      64721     ~2%     {6} r8 = JOIN r7 WITH AST::AstNode::getLocation#dispred#f0820431#bf ON FIRST 2 OUTPUT Lhs.2 'this', Lhs.5 'filepath', Lhs.7 'startline', (Lhs.8 + Lhs.3), Lhs.6 'endline', ((Lhs.8 + Lhs.4) - 1)
                                        return r8
```

After:
```
[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff/7@de55ac7l after 1.1s:
                      12956   ~0%     {3} r1 = SCAN files OUTPUT In.0, 0, In.1 'filepath'
                      9850785 ~0%     {7} r2 = JOIN r1 WITH locations_default_102345#join_rhs ON FIRST 1 OUTPUT Rhs.1, 0, Lhs.2 'filepath', Rhs.2 'startline', Rhs.3 'startcolumn', Rhs.4 'endline', Rhs.5 'endcolumn'
                      823486  ~0%     {8} r3 = JOIN r2 WITH AST::AstNode::getLocation#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT 0, Rhs.1, 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                      698251  ~4%     {7} r4 = JOIN r3 WITH Literal::StringlikeLiteral::getComponent#dispred#f0820431#fff_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, 0, Lhs.3 'filepath', Lhs.4 'startline', Lhs.5 'startcolumn', Lhs.6 'endline', Lhs.7 'endcolumn'
                      64721   ~1%     {7} r5 = JOIN r4 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', 0, Lhs.2 'filepath', Lhs.3 'startline', Lhs.4 'startcolumn', Lhs.5 'endline', Lhs.6 'endcolumn'
                                      return r5

[2022-03-23 14:58:35] (247s) Tuple counts for RegExpTreeView::RegExpTerm::hasLocationInfo#dispred#f0820431#ffffff/6@ad66b12q after 53ms:
                      707103 ~7%     {2} r1 = SCAN Literal::StringlikeLiteral::getNumberOfComponents#dispred#f0820431#ff OUTPUT In.0, (In.1 - 1)
                      64721  ~0%     {4} r2 = JOIN r1 WITH RegExpTreeView::RegExpTerm#7783c185#ffff_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.1, Rhs.2, Rhs.3
                      64721  ~5%     {5} r3 = JOIN r2 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#bffffff ON FIRST 2 OUTPUT Lhs.0 'this', Rhs.2 'filepath', Lhs.2, Lhs.3, Rhs.3 'endline'
                      64721  ~2%     {6} r4 = JOIN r3 WITH project#RegExpTreeView::RegExpTerm::componentHasLocationInfo#f0820431#fbfffff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.1 'filepath', Rhs.2 'startline', (Rhs.3 + Lhs.2), Lhs.4 'endline', ((Rhs.3 + Lhs.3) - 1)
                                     return r4
```
2022-03-23 14:55:06 +01:00
Geoffrey White
9ae1ec69dc C++: Autoformat. 2022-03-23 13:37:39 +00:00
Michael Nebel
6804e20e4a Merge pull request #8451 from michaelnebel/csharp/modelgenerator-improvements
C#: Model generator improvements and more tests
2022-03-23 13:30:58 +01:00
Arthur Baars
06a99c3987 Ruby: fix location of setter-call argument 2022-03-23 12:55:52 +01:00
github-actions[bot]
1e620c99c6 JS: Bump patch version of ML-powered library and query packs post-release 2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2 JS: Bump minor version of ML-powered library and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd JS: Bump patch version of ML-powered model pack post-release 2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-03-23 11:47:53 +00:00
github-actions[bot]
8d13662315 JS: Bump minor version of ML-powered model pack 2022-03-23 11:47:08 +00:00
Rasmus Lerchedahl Petersen
93336bcb16 python: allow alternative middleware
(observed [on LGTM](9d6a7ee180/files/mozillians/settings.py (L96)))
2022-03-23 12:27:51 +01:00
yoff
647d37492d Merge pull request #8289 from tausbn/python-remove-with-test-syntax-error
Python: Fix syntax error in `with` test output
2022-03-23 12:25:11 +01:00
Rasmus Lerchedahl Petersen
6c2449564a python: add concept tests 2022-03-23 12:05:09 +01:00
Mathias Vorreiter Pedersen
a81024a485 Merge pull request #8525 from MathiasVP/more-precise-is-before
C++: Consider columns in `Location.isBefore`
2022-03-23 11:04:34 +00:00
Mathias Vorreiter Pedersen
0eab54d385 Merge pull request #8491 from jketema/command-line-injection-with-flow-state
C++: Use flow states in `cpp/command-line-injection`
2022-03-23 11:03:29 +00:00
Rasmus Lerchedahl Petersen
441e206cfa python: CSRF -> Csrf 2022-03-23 11:29:27 +01:00
Michael Nebel
b204f783fb C#: Remove special handling of bulk types. 2022-03-23 11:26:49 +01:00
Rasmus Wriedt Larsen
671889372b Ruby: Update wording of change-note
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-23 11:26:41 +01:00
Rasmus Wriedt Larsen
e66932c728 Ruby: Make deprecated getURL work with new modeling
So an "old" query using the deprecated predicate, will still find the
same results, even when the modeling has been updated.
2022-03-23 11:22:34 +01:00
Tom Hvitved
4bcd4d75a9 Address review comments 2022-03-23 11:22:25 +01:00
Asger Feldthaus
f2285709bd JS: Change note 2022-03-23 10:42:51 +01:00
Asger Feldthaus
59d5c54432 JS: Update test output from knex 2022-03-23 10:42:51 +01:00
Asger Feldthaus
73071bdc08 JS: Change getAParameter to not return the receiver 2022-03-23 10:42:51 +01:00
Asger Feldthaus
6bef5a70b3 JS: Add dedicated API graph label for receiver, instead of parameter -1 2022-03-23 10:42:51 +01:00
Mathias Vorreiter Pedersen
a84ee50af0 Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md 2022-03-23 09:35:41 +00:00
Michael Nebel
bbe28bc668 Java: Do not explicitly require python3 when executing the GenerateFlowModel.py. 2022-03-23 10:35:32 +01:00
Michael Nebel
7eddc1e7ec Java: Adjust scripts for new location. 2022-03-23 10:35:32 +01:00
Michael Nebel
7fc11be787 Java: Move generate_flow_model file into a shared models-as-data script folder. 2022-03-23 10:35:32 +01:00
Michael Nebel
bd89de3c43 Java: Make sure to use python3 during workflow execution (required for python string interpolation). 2022-03-23 10:35:32 +01:00
Michael Nebel
6c9d1a3edb Java: Make standalone library for shared functionality. 2022-03-23 10:35:32 +01:00
Michael Nebel
9564f8bf5c Java: Put remainings parts of the generator code into the class. 2022-03-23 10:35:32 +01:00
Michael Nebel
20414c0e56 Java: Move Generator creation into class definition. 2022-03-23 10:35:32 +01:00
Michael Nebel
3f33cdf688 Java: Introduce generator class. 2022-03-23 10:35:32 +01:00
Michael Nebel
6ed1424679 Java: Refactor language specific parts into variable. 2022-03-23 10:35:32 +01:00
Michael Nebel
1ac988323a Java: Add dry-run optional paramteter to generator script. 2022-03-23 10:35:31 +01:00
Michael Nebel
586fd5a43b Java: Rename file for generating flow models. 2022-03-23 10:35:31 +01:00
Rasmus Wriedt Larsen
bbf60b875e Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding
Python/JS/Ruby: Shared concepts scaffolding
2022-03-23 10:22:42 +01:00
Paul1nh0
5a1dc61d9d modify arguments check logic
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
2022-03-23 11:20:08 +08:00
Paul1nh0
6a6cd61d83 automated using CodeQL for VSCode extension 2022-03-23 09:37:45 +08:00
Mathias Vorreiter Pedersen
01929d484e Merge pull request #8526 from MathiasVP/internal-diagmetric-queries-ql
C++: Add internal `ExtractionError` query
2022-03-22 17:26:38 +00:00
Robert Marsh
12ccf3662a C#: match IR global variable changes 2022-03-22 13:22:37 -04:00
Robert Marsh
6be3db8575 C++: update test expectations for extractor changes 2022-03-22 13:01:56 -04:00
Owen Mansel-Chan
efc0d95535 Merge pull request #8528 from github/smowton/admin/fix-go-doc-links
Fix broken links
2022-03-22 16:25:41 +00:00
Taus
f9120167b4 Python: Fix syntax error in with test output
Depends on an internal PR. The two lines in question were caused by
the insertion of an extra node due to the failure to parse a trailing
comma corrcetly.
2022-03-22 16:22:03 +00:00
Jonathan Leitschuh
bd87be636a Refactor to conditionCheckArgument deprecate old method 2022-03-22 11:56:43 -04:00
Rasmus Wriedt Larsen
64a5c5d9aa Ruby: Keep getURL predicate for easier deprecation
Notice that we still don't fully keep our standard deprecation support,
since the new `getAUrlPart` is still abstract, and therefore will cause
compile errors if not implemented.
2022-03-22 16:48:14 +01:00
Paul1nh0
f2728f5284 delete some unused code 2022-03-22 23:20:30 +08:00
Chris Smowton
b5c05a580d Java: Fix harmless search-replace mistake 2022-03-22 14:42:09 +00:00
yoff
47e062cfb9 Merge pull request #8486 from aibaars/incomplete-hostname-python
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
2022-03-22 15:06:14 +01:00
Rasmus Lerchedahl Petersen
53de8287f5 python: rule out test code for CSRF 2022-03-22 14:57:05 +01:00
Erik Krogh Kristensen
8ae04e04d4 Merge pull request #8509 from erik-krogh/fpXss
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
2022-03-22 14:51:17 +01:00
Mathias Vorreiter Pedersen
c35b385383 C++: Fix 'implicit this' warning. 2022-03-22 13:32:46 +00:00
Tom Hvitved
c06508570a Ruby: Cache ConstantReadAccess::getValue 2022-03-22 14:15:07 +01:00
Paul1nh0
afe4a8435f Using globalValueNumber to match same arguments 2022-03-22 21:14:07 +08:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent
for CSRF to be likely
2022-03-22 13:42:52 +01:00
Chris Smowton
35af797683 Fix broken links 2022-03-22 12:34:22 +00:00
Mathias Vorreiter Pedersen
93346a574f C++: Add a new 'Location.isBefore' predicate that also considers columns. 2022-03-22 12:16:53 +00:00
Mathias Vorreiter Pedersen
c6c3206031 C++: Add example of 'goto' on the same line as the destination label. 2022-03-22 12:11:29 +00:00
Mathias Vorreiter Pedersen
5cdf0b5ee2 Merge pull request #8507 from geoffw0/sde-perf
C++: Make getUnderlyingType nomagic
2022-03-22 11:12:44 +00:00
Paul1nh0
d476493c3e Add double-fetch.ql under CWE-362 directory 2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c remove to another directory 2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b query description added 2022-03-22 19:06:03 +08:00
Geoffrey White
5d5904d6c8 C++: Autoformat. 2022-03-22 10:55:04 +00:00
Mathias Vorreiter Pedersen
5cbd86519b C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries. 2022-03-22 10:52:02 +00:00
Michael Nebel
b95a332ded C#: Simplify the isCollectionType predicate. 2022-03-22 11:25:14 +01:00
Rasmus Wriedt Larsen
9254b2904e Ruby: Adjust HttpClients test 2022-03-22 11:19:55 +01:00
Rasmus Wriedt Larsen
6bd9d82610 Merge pull request #8061 from RasmusWL/orm
Python: Add data-flow through Django ORM models
2022-03-22 11:14:08 +01:00
Rasmus Wriedt Larsen
945b52fc46 Ruby: autoformat
😳
2022-03-22 10:59:26 +01:00
Michael Nebel
1d45996001 Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial
C#: Refactor asPartial to allow re-use.
2022-03-22 10:54:54 +01:00
Rasmus Wriedt Larsen
68de6a4e3c Ruby: Add change-note 2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
9c2fc1b415 Ruby: client request: getUrl => getAUrlPart
This is a port of the same change in Python from
f8fc583af3

The description of that commit was:

> I think `getUrl` is a bit too misleading, since from the name, I would
> only ever expect ONE result for one request being made.
>
> `getAUrlPart` captures that there could be multiple results, and that
> they might not constitute a whole URl.
>
> Which is the same naming I used when I tried to model this a long time ago
> a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc
As suggested by @hmac
2022-03-22 10:33:58 +01:00
Rasmus Wriedt Larsen
e50a9421a6 JS: Update dataflow import in ConceptsImports.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-03-22 10:32:20 +01:00
Erik Krogh Kristensen
099d91ba6f update qldoc 2022-03-22 10:27:21 +01:00
Tom Hvitved
99ddfb489f Ruby: Rework getConstantValue implementation 2022-03-22 10:07:44 +01:00
Erik Krogh Kristensen
ea065b7d8a Merge pull request #8521 from erik-krogh/getRubyMoreInSync
Ruby: sync ExponentialBackTracking.qll
2022-03-22 09:59:20 +01:00
Erik Krogh Kristensen
90a6717932 sync ExponentialBackTracking.qll for ruby 2022-03-22 09:27:04 +01:00
Tamás Vajk
36c7e10195 Merge pull request #8519 from github/revert-8294-tamasvajk/fix/mad-adjustments
Revert "Fix MaD workflows to be more resilient to missing files"
2022-03-22 09:19:14 +01:00
Tamás Vajk
87e1641772 Revert "Fix MaD workflows to be more resilient to missing files" 2022-03-22 09:08:56 +01:00
Tamás Vajk
80fb021e32 Merge pull request #8294 from github/tamasvajk/fix/mad-adjustments
Fix MaD workflows to be more resilient to missing files
2022-03-22 09:02:37 +01:00
Rasmus Lerchedahl Petersen
f5b53083ae python: require authentication middleware
for CSRF to be relevant
2022-03-22 08:44:19 +01:00
Harry Maclean
99b5c580a5 Ruby: Fix captured reads in lambdas
These were previously identified as method calls. The fix is to
recognise lambdas as a scope which can inherit variables from its
parent.
2022-03-22 15:35:43 +13:00
Harry Maclean
c891e62a0e Ruby: Add some tests for method calls in lambdas
This reveals a bug where we identify reads of captured variables in
lambdas as method calls. This is fixed in a followup commit.
2022-03-22 15:33:22 +13:00
Harry Maclean
3e8bc8b0f2 Merge pull request #8224 from github/hmac/http-to-file-access
Ruby: Add rb/http-to-file-access query
2022-03-22 13:46:36 +13:00
Jeroen Ketema
2d9b630fa8 C++: Fix ExecTainted.ql formatting 2022-03-21 23:28:58 +01:00
Harry Maclean
b1ae548f4c Ruby: Fix doc comment formatting 2022-03-22 11:10:09 +13:00
Harry Maclean
c2d4bc50c9 Add missing file doc comment 2022-03-22 11:10:09 +13:00
Harry Maclean
91a7e9405c Share HttpToFileAccessQuery between JS and Ruby
There's so little in this query that it may not be worth sharing, but
it's an interesting exercise in figuring out how we do it nicely.
2022-03-22 11:10:08 +13:00
Harry Maclean
130d93dded Ruby: Make HttpToFileAccess more specific
Only consider sources from HTTP requests, rather than any remote flow
source.
2022-03-22 11:09:08 +13:00
Harry Maclean
fac17384c3 Ruby: Add RequestInputAccess concept
This sits in between RemoteFlowSource and specific classes like
ParamsSource from ActionController. It represents any user-controller
input from an incoming HTTP request.

This more closely aligns our concepts with the JS library, and allows us
to specifically target sources from HTTP requests in the
HttpToFileAccess query.
2022-03-22 11:09:08 +13:00
Harry Maclean
ff1d96c922 Ruby: Add rb/http-to-file-access query 2022-03-22 11:09:08 +13:00
Jeroen Ketema
b79eb6d10d C++: Encode string value of data flow nodes in ExecState 2022-03-21 21:29:42 +01:00
Robert Marsh
23e9963a19 Merge branch 'main' into rdmarsh2/ir-global-vars 2022-03-21 16:13:40 -04:00
Robert Marsh
32e128d207 C#: sync IR files 2022-03-21 16:01:53 -04:00
Robert Marsh
5bb6441047 C++: Fix consistency issues with aggregate inits 2022-03-21 16:01:24 -04:00
Harry Maclean
6c18e1d7ac Merge pull request #8272 from hmac/hmac/tainted-format-string 2022-03-22 08:37:47 +13:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
github-actions[bot]
9ba21923a3 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:39 +00:00
Rasmus Wriedt Larsen
88184ba9f5 Python: Update path-injection .expected
AHA! This change happened because we are no longer importing all the old
deprecated implementation.
2022-03-21 20:24:12 +01:00
Robert Marsh
a36c6f2dab C++: restrict IR generation to global vars w inits 2022-03-21 14:26:29 -04:00
Mathias Vorreiter Pedersen
aff76b7295 Merge pull request #8512 from github/fix-dead-select-clause-link
Fix dead link in `CONTRIBUTING.md`
2022-03-21 17:39:07 +00:00
Robert Marsh
c27dfb5120 C++: IR translation for global variable inits 2022-03-21 13:17:05 -04:00
Mathias Vorreiter Pedersen
2e55fd6be3 Update CONTRIBUTING.md
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-03-21 16:49:59 +00:00
Ian Lynagh
30bd1a6eb6 Merge pull request #704 from github/release-prep/2.8.4
Release preparation for version 2.8.4
2022-03-21 16:27:35 +00:00
Ian Lynagh
e41bbfd931 Merge pull request #8510 from github/release-prep/2.8.4
Release preparation for version 2.8.4
2022-03-21 16:27:29 +00:00
Mathias Vorreiter Pedersen
cf54006c86 Fix dead link in CONTRIBUTING.md
cc @felicitymay.
2022-03-21 16:05:57 +00:00
Erik Krogh Kristensen
c8385a1e80 js/xss-through-dom: filter away reads of .src that end in a URL sink 2022-03-21 16:48:59 +01:00
Rasmus Wriedt Larsen
758a81cc0f Python: Remove import of Concepts in DataFlowPrivate
As discussed in PR review
2022-03-21 16:22:15 +01:00
Jonathan Leitschuh
b3ee1bd313 Refactor Preconditions and add Tests 2022-03-21 11:20:05 -04:00
Rasmus Wriedt Larsen
978ef05571 Python: Add change-note 2022-03-21 16:18:40 +01:00
Ian Lynagh
1f8ce3a868 Java: Tweak release notes 2022-03-21 15:14:45 +00:00
Rasmus Wriedt Larsen
b8dee25cce Python: ReflectedXSS -> ReflectedXss for new Query file
So we stick to the naming conventions.

This rename is OK, since the new file was only just introduced in this
PR.
2022-03-21 16:12:38 +01:00
Arthur Baars
79cd7bf8ed Python: create semmle/python/dataflow/new/Regex.qll 2022-03-21 15:57:19 +01:00
Jonathan Leitschuh
db0879ec25 Apply suggestions from code review
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-03-21 10:35:13 -04:00
Rasmus Wriedt Larsen
695553ba9f Python: Deprecate old non-Query.qll dataflow defs 2022-03-21 15:03:22 +01:00
Rasmus Wriedt Larsen
db86a18791 Python: Autoformat 2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
0125aea91b Python: Re-introduce old dataflow configs .qll files
and move all the old deprecated aliases to that file. We now have a
situation where all queries should work as they did before, and we just
have these new Query.qll files that contain the implementation.

(deprecation comes later)
2022-03-21 14:53:53 +01:00
Rasmus Wriedt Larsen
1bf8fa6a3b Python: Adopt Query.qll suffix for dataflow config defs
This commit in itself makes everything break, but should make it easy to
follow the overall changes being made.
2022-03-21 14:53:53 +01:00
Michael Nebel
92f8a90f31 C#: Introduce a collectionType predicate. 2022-03-21 14:44:38 +01:00
github-actions[bot]
b96eba9875 Release preparation for version 2.8.4 2022-03-21 13:26:27 +00:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Michael Nebel
8e2277e4f3 C#: Improve some of the QL Doc string. 2022-03-21 14:24:51 +01:00
Michael Nebel
d31ef371ec Merge pull request #8391 from michaelnebel/csharp/gvn-interface
C#: Deprecate the StructuralComparisonConfiguration interface and use sameGvn instead.
2022-03-21 14:10:53 +01:00
Geoffrey White
97fef4b3a5 C++: Switch strategy to nomagic. 2022-03-21 12:58:06 +00:00
Ian Lynagh
7295a5d313 Java: Add an upgrade script 2022-03-21 11:51:36 +00:00
Ian Lynagh
6284362868 Java: Update stats 2022-03-21 11:44:19 +00:00
Geoffrey White
7f825c12eb C++: Make getUnderlyingType 'nomagic'. 2022-03-21 11:12:18 +00:00
Jeroen Ketema
e05227d3fe C++: Add change note for the cpp/command-line-injection changes 2022-03-21 11:30:39 +01:00
Jeroen Ketema
8b4c42dd07 C++: Add cpp/command-line-injection test using a wrapper macro 2022-03-21 11:19:54 +01:00
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage
Ruby: add `rb/clear-text-storage-sensitive-data` query
2022-03-21 10:05:39 +00:00
CodeQL CI
b04c46f96d Merge pull request #8478 from asgerf/js/store-load-flow-context-sensitivity-bug
Approved by erik-krogh
2022-03-21 08:54:51 +00:00
ihsinme
151c93f502 Update DangerousUseOfExceptionBlocks.cpp 2022-03-21 09:52:14 +03:00
ihsinme
22cf3f7b20 Update test.cpp 2022-03-21 09:50:30 +03:00
Harry Maclean
5a6da827d0 Ruby: Avoid FP in TaintedFormatString query
Kernel#printf supports two call signatures:

    printf(String, *args)
    printf(IO, String, *args)

We want to identify the String argument, which is the format string.
Previously we would return the 0th and 1st arguments, which gives some
FPs when the 1st arg is not a format string.

We now try to rule out the trivial case by checking if arg 0 has a
string value, and then assuming it is the format string. Otherwise we
fall back to returning both arguments.

This still has some false positive potential, but less than previously.
2022-03-21 12:51:47 +13:00
Harry Maclean
5dcf0ad759 Ruby: Make IOPrintfCall more sensitive
It will now identify cases like this:

    file = File.open "foo.txt", "a"
    file.printf(params[:format], arg)
2022-03-21 12:51:47 +13:00
Harry Maclean
c253bddbe0 Ruby: Make getFormatArgument 0-indexed 2022-03-21 12:51:47 +13:00
Harry Maclean
c73dc8ad0c Ruby: Add change note for rb/tainted-format-string 2022-03-21 12:51:47 +13:00
Harry Maclean
10a411e5cc Ruby: Remove duplicate CWE reference 2022-03-21 12:51:47 +13:00
Harry Maclean
d79a6ddcb2 Ruby: Improve qhelp for rb/tainted-format-string 2022-03-21 12:51:47 +13:00
Harry Maclean
0cfe37dff4 Share TaintedFormatString between Ruby and JS 2022-03-21 12:51:46 +13:00
Harry Maclean
4249e30824 Ruby: Test tainted interpolated format arg 2022-03-21 12:51:18 +13:00
Harry Maclean
63199024a2 Add missing QLDoc 2022-03-21 12:51:18 +13:00
Harry Maclean
f6215d4c7e Ruby: Add rb/tainted-format-string query 2022-03-21 12:51:18 +13:00
Alex Ford
b79bb72153 Ruby: split up CipherInstantiation charpred 2022-03-20 18:32:47 +00:00
Jonathan Leitschuh
1d0275344d [Java]: Add precondition support for testing library asserts 2022-03-18 20:39:24 -04:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Robert Marsh
4bf35ad188 Merge pull request #8483 from jketema/command-line-injection-test-cases-with-calls
C++: Add additional command line injection tests
2022-03-18 15:05:12 -04:00
Arthur Baars
beef8e29bc Merge pull request #8332 from hvitved/ruby/regexp-taint-flow
Ruby: Use taint tracking instead of type tracking to define `regExpSource`
2022-03-18 18:24:02 +01:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql""
This reverts commit 6d24591416.
2022-03-18 16:31:22 +01:00
Jeroen Ketema
d37ef1b5ca C++: Add command line injection test that currently results in a false positive 2022-03-18 16:12:09 +01:00
Arthur Baars
bf888f0f0b Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization
Conflicts:
	config/identical-files.json
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
	ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
2022-03-18 16:09:20 +01:00
Arthur Baars
117fb5be7d Merge pull request #7917 from aibaars/incomplete-hostname
Ruby: IncompleteHostnameRegExp.ql
2022-03-18 16:00:09 +01:00
Alex Ford
2bd25da8e3 Ruby: Tidy an exists 2022-03-18 14:43:45 +00:00
Alex Ford
62bc0357ea Ruby: Improve Cryptography module qldoc 2022-03-18 14:38:14 +00:00
Tom Hvitved
1437aefe9d Ruby: Use taint tracking instead of type tracking to define regExpSource 2022-03-18 14:48:12 +01:00
Tom Hvitved
d97eaba070 Ruby: Add dataflow/taintracking copies for use in libraries 2022-03-18 14:48:12 +01:00
Arthur Baars
4a27928728 Ruby/JS add missing ^ in qhelp 2022-03-18 14:00:10 +01:00
Jeroen Ketema
459870ac1e C++: Add additional command line injection tests 2022-03-18 13:42:27 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Arthur Baars
6d24591416 Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"
This reverts commit ce50f35dda.
2022-03-18 13:02:55 +01:00
Chris Smowton
767453520e Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os
Java: Add Guard Classes for checking OS & unify System Property Access
2022-03-18 11:20:36 +00:00
Asger Feldthaus
26b7edccd4 JS: Change note 2022-03-18 11:59:36 +01:00
Erik Krogh Kristensen
693c77f3df add test for string replacement chains of URL schemes 2022-03-18 11:05:59 +01:00
Asger F
929419abba Merge pull request #8254 from asgerf/ruby/mad-prototype
Ruby: initial prototype of models-as-data
2022-03-18 10:48:33 +01:00
Erik Krogh Kristensen
235aa9c24e recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check 2022-03-18 10:37:20 +01:00
Mathias Vorreiter Pedersen
8bf172913e Merge pull request #8474 from hvitved/flow-state-changing-steps-should-be-in-path-explanation-alternative
Dataflow: Flow-state changing steps should always be in path explanations
2022-03-18 09:08:36 +00:00
Asger Feldthaus
8753632193 JS: Fix bug in reachableFromStoreBase 2022-03-17 17:30:46 +01:00
Asger Feldthaus
8c6ca6582e JS: Add test showing missing flow 2022-03-17 17:30:46 +01:00
Geoffrey White
ff3bedcab9 C++: Fix expensive getWideCharType(). 2022-03-17 14:41:57 +00:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Tom Hvitved
4df12dc6e6 Data flow: State-changing taint steps should not be stepped over by the big step relation 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen
870521bd1e Merge pull request #8473 from erik-krogh/redundantAnyCast
QL: expand redundant-inline-cast, and rename to redundant-cast
2022-03-17 10:41:50 +01:00
Erik Krogh Kristensen
fe94421d32 rename redundant-inline-cast to redundant-cast 2022-03-17 10:25:40 +01:00
Erik Krogh Kristensen
f3ca6bbc2e PY: update expected output after fixing bug in flask model 2022-03-17 09:42:30 +01:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Erik Krogh Kristensen
d5fd0d6724 add ql/unused-field query 2022-03-17 09:40:16 +01:00
Erik Krogh Kristensen
86398a8c65 Merge pull request #8304 from erik-krogh/xssUrl
JS: Refactor the XSS / Client-side-url queries
2022-03-17 09:13:09 +01:00
4B5F5F4B
d4c7314484 Delete cve-2016-6480.ql
commit by mistake
2022-03-17 09:49:28 +08:00
Erik Krogh Kristensen
aa8b7c8679 update reference to deprecated class name 2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen
6cdc38748c update expected output 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
d8a5947a08 simplify TaintedUrlSuffix::source() to only consider window.location based sources 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
b3de5d94a6 move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
562dce57e8 rename isXSSSink to isXssSink 2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
87842bb8b7 add client-side-url sinks that may execute JavaScript as XSS sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
b471fec149 split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
2576e1f655 add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
67e6a4c716 add a isXSSSink predicate to the client-side-url-redirection sinks 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
fc79242674 add tests 2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen
559f03ebbc remove unnecessary module qualifier 2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen
2d9d383c55 remove unused import 2022-03-16 22:32:07 +01:00
Arthur Baars
1a51f0cf56 Ruby: regex: fix getGroupNumber
non-capture groups should not have a group number
2022-03-16 18:50:51 +01:00
Dave Bartolomeo
606e015afb Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysis.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 13:07:35 -04:00
Dave Bartolomeo
e275ab3951 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 13:07:15 -04:00
Dave Bartolomeo
6adc11b10e Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 13:07:08 -04:00
Dave Bartolomeo
b36281dd8c Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 13:07:02 -04:00
Dave Bartolomeo
db4963ada0 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 13:06:54 -04:00
Michael Nebel
4a68b74aa3 C#: Re-use the asPartialModel for DataFlowPrivate in tests. 2022-03-16 17:02:00 +01:00
Michael Nebel
115cef2484 C#: Move asPartialModel into DataFlowPrivate (to enable re-use). 2022-03-16 16:44:24 +01:00
Arthur Baars
f95e1efb67 Ruby: remove wrong clause 2022-03-16 16:25:42 +01:00
Arthur Baars
fb8cc6e1a4 Ruby: String.index method returns 'nil', not '-1' 2022-03-16 16:18:19 +01:00
Michael Nebel
138eb485c6 C#: Address review comments. 2022-03-16 16:00:48 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
2022-03-16 15:50:19 +01:00
Michael Nebel
68f24cda0b Merge pull request #8462 from michaelnebel/csharp/capture-models-fix-bad-join-order
C#: Fix bad join order in returnNodeAsOutput.
2022-03-16 15:46:17 +01:00
Dave Bartolomeo
571c034549 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-16 10:14:45 -04:00
Tony Torralba
8790df7a34 Style fixes 2022-03-16 15:11:04 +01:00
Asger Feldthaus
e1976da7f9 JS: Autoformat 2022-03-16 15:01:17 +01:00
Arthur Baars
f2ec5132ba Apply suggestions from code review
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-16 14:46:34 +01:00
Dave Bartolomeo
e669ffa22e Merge pull request #8320 from jketema/structured-binding-array
C++: Handle initialization of structured bindings via bitwise copy in extractor
2022-03-16 09:41:31 -04:00
Ian Lynagh
565f607096 Java: Add a changenote for ErrorExpr/ErrorStmt 2022-03-16 13:20:33 +00:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
e168da4c5f Shared: make a predicate private 2022-03-16 13:48:56 +01:00
Michael Nebel
5f7b5ec5df C#: Fix bad join order in returnNodeAsOutput. 2022-03-16 13:44:11 +01:00
Asger Feldthaus
8cef512234 Ruby: ensure ApiGraphs.qll imports its entry points 2022-03-16 13:40:14 +01:00
Asger Feldthaus
e3fbaf5d8f Shared: prefer exists(var) instead of var = any(string s) 2022-03-16 13:37:08 +01:00
Asger Feldthaus
102540072e Shared: remove documentation prone to falling out of date 2022-03-16 13:32:55 +01:00
Nick Rolfe
f6681f30c6 Merge pull request #8399 from github/nickrolfe/simple_symbol_constant_value
Ruby: implement getComponent(n) for simple and hash-key symbols
2022-03-16 12:10:39 +00:00
Asger Feldthaus
2ca45ef9f9 Ruby: support BlockArgument in identifying access path 2022-03-16 12:51:14 +01:00
Nick Rolfe
94ce578ea4 Ruby: implement getComponent(n) for simple and hash-key symbols 2022-03-16 11:43:46 +00:00
Asger Feldthaus
c9355095e3 Ruby: Use Receiver instead of Argument[-1] in ActiveStorage 2022-03-16 12:37:21 +01:00
Asger Feldthaus
71f195d1e0 Ruby: add test for Receiver in summary 2022-03-16 12:37:21 +01:00
Arthur Baars
6b323eeda8 Update expected output 2022-03-16 12:34:03 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Arthur Baars
852f05bfb7 Address comment 2022-03-16 12:26:39 +01:00
Nick Rolfe
76918238f0 Ruby: test ExprCfgNode::getConstantValue() 2022-03-16 11:21:57 +00:00
Geoffrey White
95a63a69a5 Merge branch 'main' into cwe497b 2022-03-16 11:09:46 +00:00
Asger Feldthaus
f140c13261 JS: Sync ApiGraphModels.qll and update accordingly 2022-03-16 12:04:41 +01:00
Asger Feldthaus
2b02a173c1 Ruby: canonicalize callables based on package;type;path instead of input;output;kind 2022-03-16 12:04:41 +01:00
Asger Feldthaus
d8b4bc81ff JS: Rename EntryPoint.getNode -> getANode 2022-03-16 12:04:39 +01:00
Erik Krogh Kristensen
f53df255b9 Merge pull request #8459 from erik-krogh/addSeverities
JS: add missing @security-severity to JS queries
2022-03-16 12:03:19 +01:00
Nick Rolfe
82ef2a12f6 Merge pull request #8164 from github/nickrolfe/escape_sequences
Ruby: interpret string escape sequences in getConstantValue()
2022-03-16 10:45:39 +00:00
Chris Smowton
b11340c829 Change note tense and detail level 2022-03-16 10:34:25 +00:00
Nick Rolfe
1a850028e7 Ruby: update date in changenote filename 2022-03-16 10:32:43 +00:00
Erik Krogh Kristensen
cd9d61c1fc Merge pull request #8450 from erik-krogh/importAs
disallow lowercase import-as aliases
2022-03-16 11:32:37 +01:00
Jeroen Ketema
37293141ee Merge pull request #8428 from jketema/noreturn
C++: Handle C11 _Noreturn in DefaultOptions
2022-03-16 11:23:23 +01:00
Rasmus Wriedt Larsen
ae1ba11d57 Merge branch 'main' into orm 2022-03-16 11:23:14 +01:00
Paul1nh0
85b22647ac Add query for double-fetch vulnerability 2022-03-16 18:16:49 +08:00
4B5F5F4B
2a29c201ff Merge branch 'github:main' into main 2022-03-16 18:06:16 +08:00
Asger Feldthaus
33ca55770c Ruby: EntryPoint.getNode -> getANode 2022-03-16 11:02:26 +01:00
Asger Feldthaus
ecf7073bf1 Shared: codeql -> ql in code blocks 2022-03-16 11:00:24 +01:00
Rasmus Wriedt Larsen
f1e6271d20 Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-03-16 10:53:19 +01:00
4B5F5F4B
baf1c8d76b Create cve-2016-6480.ql 2022-03-16 17:49:05 +08:00
Rasmus Wriedt Larsen
461e2f3663 Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-03-16 10:43:20 +01:00
Michael Nebel
8b16c1f585 C#: Add some test cases for inheritance. 2022-03-16 10:40:49 +01:00
Erik Krogh Kristensen
d47b0a68e7 exclude tests from ql/missing-security-metadata 2022-03-16 10:40:45 +01:00
Erik Krogh Kristensen
2442beaf9a add missing severities to JS queries 2022-03-16 10:40:34 +01:00
Michael Nebel
e69ea8f577 C#: Add some testcases for generics. 2022-03-16 10:20:55 +01:00
jorgectf
f6eb83fd22 Update MyBatisAnnotationSqlInjection.qlref
By adding more imports in the test file, the expected result's lines changed.
2022-03-16 10:12:38 +01:00
Michael Nebel
814947b876 C#: Add some test cases for methods that are not properly exposed and will this not get their summary captured. 2022-03-16 09:47:14 +01:00
Michael Nebel
a555e04b55 C#: Bulk array flow. 2022-03-16 09:30:15 +01:00
Michael Nebel
226a874a74 C#: Test cases for IEnumerable. 2022-03-16 09:22:18 +01:00
Michael Nebel
ec6dab89d8 C#: Update the Summary model generator with better support for IEnumerable typed parameters. 2022-03-16 09:21:02 +01:00
ihsinme
ccbb4434de Update DangerousUseOfExceptionBlocks.expected 2022-03-16 09:54:35 +03:00
ihsinme
cd561dd19c Update test.cpp 2022-03-16 09:53:45 +03:00
ihsinme
2959150198 Update DangerousUseOfExceptionBlocks.ql 2022-03-16 09:30:38 +03:00
Jeroen Ketema
d51cbe2525 C++: Update IR tests for handling of bitwise copy with explicit source 2022-03-15 23:22:37 +01:00
Jeroen Ketema
8be02b164c C++: Add IR tests exposing incorrect translation due to unhandled bitwise copy
These tests are in addition to exisiting tests involving default copy
constructors, which suffer from the same problem, i.e., the extractor not
handling bitwise copies.
2022-03-15 23:22:37 +01:00
Jeroen Ketema
2894bb0933 C++: Use correct change note file name format 2022-03-15 23:21:14 +01:00
Jeroen Ketema
638b2cac04 C++: Add change note on _Noreturn/noreturn in C11 2022-03-15 23:21:14 +01:00
Jeroen Ketema
1a1c34e1be C++: Handle C11 _Noreturn in DefaultOptions 2022-03-15 23:21:14 +01:00
Geoffrey White
92d748e006 C++: Fix ODR/dbcheck issue in test. 2022-03-15 20:00:19 +00:00
Dave Bartolomeo
7359e3253d Fix reference to deprecated predicate 2022-03-15 15:59:35 -04:00
Dave Bartolomeo
62553ab089 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-15 15:53:50 -04:00
Erik Krogh Kristensen
b45f56ac08 Merge pull request #8431 from erik-krogh/deadCode
Delete dead code
2022-03-15 20:09:06 +01:00
Dave Bartolomeo
f22c91b762 Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeUtils.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-15 15:01:32 -04:00
Dave Bartolomeo
c8a0a86354 Fix Code Scanning warning 2022-03-15 14:53:43 -04:00
Dave Bartolomeo
7623b3d04d Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-15 14:49:20 -04:00
Dave Bartolomeo
ea9a5b782c Don't bother hiding toString() and getLocation() 2022-03-15 14:47:26 -04:00
Ian Lynagh
2116e6d120 Java: Add ErrorExpr, ErrorStmt 2022-03-15 17:30:19 +00:00
Jonathan Leitschuh
09cc8ee09e Add tests for StandardSystemProperty 2022-03-15 12:37:42 -04:00
Mathias Vorreiter Pedersen
57922f56ee Merge pull request #8424 from ihsinme/ihsinme-patch-fix077
Detection reduction on request
2022-03-15 16:17:47 +00:00
jorgectf
e0952ba432 Fix change note
Thanks @atorralba!
2022-03-15 16:41:32 +01:00
Mathias Vorreiter Pedersen
05758181bb Merge pull request #7884 from rdmarsh2/rdmarsh2/template-implicit-copy-constructor
C++: fix hasImplicitCopyConstructor for templates
2022-03-15 15:32:05 +00:00
jorgectf
3356bc4085 Add change note 2022-03-15 16:26:34 +01:00
Anna Railton
a08246a2a7 Merge pull request #8448 from github/annarailton-patch-1
Add docstring to `ExtractEndpointMapping.ql`
2022-03-15 14:54:45 +00:00
Geoffrey White
46f3f28a11 C++: Fix broken merge. 2022-03-15 14:53:25 +00:00
Michael Nebel
4f2678fc72 C#: Add some testcases for model generation of methods using Lists. 2022-03-15 15:44:06 +01:00
Michael Nebel
a9bbe6889b C#: Use CollectionType instead of ArrayType when generating models. 2022-03-15 15:41:46 +01:00
Erik Krogh Kristensen
b0fc958b32 simplify imports
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-03-15 15:10:04 +01:00
Erik Krogh Kristensen
57db7633c8 C#: make csharp import private 2022-03-15 14:59:06 +01:00
Erik Krogh Kristensen
89af50f6d5 rename all lower-case import-as statements 2022-03-15 14:40:38 +01:00
Erik Krogh Kristensen
54582438a1 QL: recognize the names defined by import as statements 2022-03-15 14:29:33 +01:00
Geoffrey White
71e0da738d Merge branch 'main' into cwe497b 2022-03-15 13:29:32 +00:00
Anna Railton
739d94e8f9 Add docstring to ExtractEndpointMapping.ql 2022-03-15 12:50:51 +00:00
jorgectf
ed198709b4 Refactor MyBatisAbstractSQLMethodsStep
Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`.

Thanks @pwntester!
2022-03-15 13:46:06 +01:00
Erik Krogh Kristensen
3067231b1a Merge pull request #8253 from erik-krogh/domWrite
JS: merge hasDominatingWrite and hasDominatingAssignment
2022-03-15 13:37:00 +01:00
jorgectf
9aa440e5b6 Refactor MyBatisAbstractSQLMethodsStep and MyBatisAbstractSQLMethod
See https://github.com/github/codeql/pull/8345\#discussion_r826734537
2022-03-15 13:23:23 +01:00
Erik Krogh Kristensen
154d0171d3 Merge pull request #8438 from erik-krogh/apiDisable
JS: add some API-nodes to js/disabling-certificate-validation
2022-03-15 12:56:59 +01:00
Chris Smowton
451661dd20 Improve guard class names 2022-03-15 11:46:54 +00:00
Mathias Vorreiter Pedersen
9f014be7c7 Merge pull request #8447 from MathiasVP/add-missing-security-severity
C++: Add missing `security-severity` tags
2022-03-15 11:29:28 +00:00
Geoffrey White
28315df405 Merge branch 'main' into cwe497b 2022-03-15 11:23:00 +00:00
Joe Farebrother
8acd8ea01f Merge pull request #8446 from joefarebrother/sensitive-logging
Java: Add security severity to sensitive logging query
2022-03-15 11:17:46 +00:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Mathias Vorreiter Pedersen
7337ebd569 C++: Add missing 'security-severity' tags. 2022-03-15 10:54:36 +00:00
Mathias Vorreiter Pedersen
9642e59349 Merge pull request #8382 from MathiasVP/use-taint-configuration-in-three-more-queries
C++: Use a `TaintTracking::Configuration` in three more queries
2022-03-15 10:43:05 +00:00
Joe Farebrother
e4a16cc700 Add security severity 2022-03-15 10:42:41 +00:00
Tony Torralba
6d5414281e Merge pull request #8437 from atorralba/atorralba/missing-security-severity-query
Added MissingSecurityMetadata query
2022-03-15 11:42:41 +01:00
Dave Bartolomeo
72725875a5 Undo debugging changes 2022-03-15 06:05:33 -04:00
Henry Mercer
f38b498eed Merge pull request #8433 from github/henrymercer/js-atm-remove-isEffectiveSinkWithOverridingScore
JS: Remove `isEffectiveSinkWithOverridingScore` from ML-powered libraries
2022-03-15 10:04:30 +00:00
Dave Bartolomeo
c9fbf83c1c Working range analysis for C++ 2022-03-15 06:02:54 -04:00
Tony Torralba
6f484d3d64 Merge pull request #8440 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-03-15 10:58:27 +01:00
Asger Feldthaus
d628dc0b52 Ruby: sync ApiGraphModels.qll 2022-03-15 10:52:41 +01:00
Asger Feldthaus
82750638c6 JS: Verify models even if package is not used in database 2022-03-15 10:51:44 +01:00
Tony Torralba
fd4c9fd543 Cover a missing @tag security when @security-severity is used 2022-03-15 10:39:42 +01:00
Asger Feldthaus
a19f06ffc0 JS: Port checks to JS 2022-03-15 10:35:49 +01:00
Asger Feldthaus
7f8205684e Ruby: verify tokens in identifying access path 2022-03-15 10:25:59 +01:00
Tony Torralba
82b2fd2d23 Exclude queries without precision 2022-03-15 10:22:10 +01:00
Dave Bartolomeo
f53a66b52a Add working sign and modulus analysis 2022-03-15 05:16:23 -04:00
Mathias Vorreiter Pedersen
7e0e7d5004 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-15 09:06:55 +00:00
Asger Feldthaus
97ca1155c3 JS: Sync ApiGraphModels.qll and test 2022-03-15 09:29:34 +01:00
Asger Feldthaus
65249dabd3 Ruby: add warning for wrong number of columns in CSV row 2022-03-15 09:28:21 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Tony Torralba
18165cbb46 Exclude examples folder 2022-03-15 09:14:11 +01:00
Michael Nebel
ba67ea0445 C#: Fix performance issue with UselessNullCoalescingExpression query. 2022-03-15 09:09:45 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper
Rename all upper-case variables, and all lower-case modules
2022-03-15 09:00:37 +01:00
Asger Feldthaus
f28acbf3dc Ruby: autoformat 2022-03-15 08:15:18 +01:00
ihsinme
62ecf54aaa Update DangerousUseOfExceptionBlocks.cpp 2022-03-15 08:53:38 +03:00
ihsinme
e99eaeb256 Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-03-15 08:53:00 +03:00
github-actions[bot]
b10adfc8da Add changed framework coverage reports 2022-03-15 00:13:15 +00:00
Arthur Baars
3311fedda7 Merge pull request #8365 from aibaars/qldoc-test
CI: add QLdoc test
2022-03-14 23:36:01 +01:00
Robert Marsh
143b79c0cc C++/WIP: Generate IR for global variables 2022-03-14 17:12:30 -04:00
jorgectf
f10dac31f9 Format some tests 2022-03-14 22:12:22 +01:00
Robert Marsh
bf21a471ed C++: add some global variables to IR tests 2022-03-14 17:11:36 -04:00
jorgectf
b62b8c8d28 Use SummaryModelCsv for the toString taint step 2022-03-14 21:47:06 +01:00
jorgectf
c683b48af7 Add MyBatisInjectionSink's QLDoc 2022-03-14 21:41:36 +01:00
jorgectf
8482c01959 Make MyBatisProviderStep an AdditionalValueStep 2022-03-14 21:35:26 +01:00
Erik Krogh Kristensen
195ce9c58a add some API-nodes to js/disabling-certificate-validation 2022-03-14 21:33:13 +01:00
jorgectf
32f494eba1 Use SummaryModelCsv in MyBatisAbstractSQLMethodsStep 2022-03-14 21:32:55 +01:00
jorgectf
d47fcedd21 Add tests 2022-03-14 21:31:51 +01:00
Jorge
158366ab46 Apply suggestions from code review
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-03-14 21:27:37 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3
Post-release preparation for codeql-cli-2.8.3
2022-03-14 21:05:09 +01:00
Arthur Baars
be412b1b5d Merge pull request #702 from github/post-release-prep/codeql-cli-2.8.3
Post-release preparation for codeql-cli-2.8.3
2022-03-14 21:04:37 +01:00
Geoffrey White
73710e9edb C++: Fix QLDoc. 2022-03-14 19:11:43 +00:00
Tom Hvitved
d3d20c69dd Merge pull request #8425 from hvitved/csharp/structural-comparision-fix
C#: Avoid combinatorial explosion in structural comparison library
2022-03-14 20:10:40 +01:00
Geoffrey White
7c93eb1eaf C++: Fix large newtype. 2022-03-14 19:06:41 +00:00
Geoffrey White
d1b04b4e07 C++: Use asDefiningArgument() where appropriate. 2022-03-14 17:53:47 +00:00
Henry Mercer
5102cadf8e Merge pull request #8404 from github/codeql-ci/js-atm-new-release
JS: Bump version numbers of ML-powered packs after 0.1.0 release
2022-03-14 17:32:37 +00:00
Dave Bartolomeo
20c3cfb1a0 Squash a few sign analysis diffs due to range analysis fixes 2022-03-14 13:07:45 -04:00
Tony Torralba
03f3535188 Added MissingSecuritySeverity query 2022-03-14 17:53:08 +01:00
Asger Feldthaus
fee32d3480 Elaborate on qldoc for API::EntryPoint 2022-03-14 17:52:07 +01:00
Asger Feldthaus
be65b9bebc Ruby: remove spurious Instance token from getExtraSuccessorFromInvoke 2022-03-14 17:39:43 +01:00
Asger Feldthaus
072ad8f4a7 Ruby: add (from model) to remote flow description 2022-03-14 17:39:17 +01:00
Asger Feldthaus
37bbd46e43 Ruby: fix broken comment 2022-03-14 17:33:57 +01:00
Asger Feldthaus
c9d7651c59 Be explicit about re-exporting 2022-03-14 17:26:30 +01:00
Nick Rolfe
488c8ef609 Ruby: accept test changes after adding more literals 2022-03-14 15:49:22 +00:00
Nick Rolfe
2a892c39ac Ruby: add change note for getConstantValue improvements 2022-03-14 15:45:58 +00:00
Nick Rolfe
a39aed52c6 Ruby: add more tests for edge cases in parsing of integers 2022-03-14 15:45:57 +00:00
Nick Rolfe
6c5868cfb5 Ruby: use NumberUtils in parseInteger
And make parse{Binary,Octal,Hex}Int hold only for values in the range
0 to 2^31-1 (incl.)
2022-03-14 15:45:57 +00:00
Nick Rolfe
6bd9616c6e Ruby: interpret string escape sequences in getConstantValue() 2022-03-14 15:45:57 +00:00
Michael Nebel
bcdbfefb2b Merge pull request #8329 from michaelnebel/csharp/model-generator
C#: Capture Summary models.
2022-03-14 16:10:05 +01:00
Erik Krogh Kristensen
c93f29b1a1 fix typo in change note
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-14 16:03:45 +01:00
Joe Farebrother
d4b5eed3e4 Merge pull request #8410 from joefarebrother/sensitive-logging
Java: Promote Sensitive Logging query
2022-03-14 14:50:26 +00:00
Henry Mercer
8b1b2af2d8 JS: Remove isEffectiveSinkWithOverridingScore
This was previously used in the ATM external API query, but is now dead
code.
2022-03-14 14:25:36 +00:00
Erik Krogh Kristensen
8c28b93427 QL: rename query to ql/name-casing 2022-03-14 15:03:58 +01:00
Erik Krogh Kristensen
87987872c6 QL: use an/a correctly in the alert message 2022-03-14 15:03:07 +01:00
Erik Krogh Kristensen
93fcfc3012 QL: use negative char classes to generalize query to detect e.g. underscores 2022-03-14 15:00:27 +01:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Chris Smowton
9f02ca0db2 Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink
Java: Add JDBC connection SSRF sinks
2022-03-14 13:27:34 +00:00
Michael Nebel
432ac7a824 C#: Deprecate the StructuralComparisonConfig class. 2022-03-14 14:17:56 +01:00
Michael Nebel
5a4a97569f C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Constants. 2022-03-14 14:17:56 +01:00
Michael Nebel
5b5ea140d2 C#: Delete the Internal StructuralComparisonConfiguration class as it is no longer needed. 2022-03-14 14:17:56 +01:00
Michael Nebel
bf4dc0034a C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Guards. 2022-03-14 14:17:56 +01:00
Michael Nebel
90b4eb9e13 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UnsafeLazyInitialization. 2022-03-14 14:17:56 +01:00
Michael Nebel
74b8e73133 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in MissedTernaryOpportunity. 2022-03-14 14:17:56 +01:00
Michael Nebel
94999d4df5 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UselessIsBeforeAs. 2022-03-14 14:17:56 +01:00
Michael Nebel
8e7c7d8259 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UselessNullCoalescingExpression. 2022-03-14 14:17:56 +01:00
Michael Nebel
4a1981edfd C#: Use Gvn comparison instead of StructuralComparisonConfiguration in NestedLoopsSameVariable. 2022-03-14 14:17:56 +01:00
Michael Nebel
b4f2fc60ec C#: Use Gvn comparison instead of StructuralComparisonConfiguration in SelfAssignment. 2022-03-14 14:17:56 +01:00
Michael Nebel
f241eef2ea C#: Use Gvn comparison instead of StructuralComparisonConfiguration in structuralComparison test. 2022-03-14 14:17:56 +01:00
Michael Nebel
6f5b2e8440 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UseTryGetValue. 2022-03-14 14:17:56 +01:00
Chris Smowton
ca8237b9de Make comment into qldoc 2022-03-14 13:14:31 +00:00
Mathias Vorreiter Pedersen
50b77761f1 C++: Port the 'predictable' barrier from 'DefaultTaintTracking' to 'cpp/unclear-array-index-validation' to prevent an explosion of new results. 2022-03-14 13:14:07 +00:00
Joe Farebrother
e4b762b5c5 Improve qldoc; make taint tracking 2022-03-14 13:10:34 +00:00
Michael Nebel
21bcaf6a0e C#/Java: After remaining code after rebase. 2022-03-14 14:08:49 +01:00
Michael Nebel
74352925e4 C#/Java: Remove inline from returnNodeEnclosingCallable. 2022-03-14 13:50:55 +01:00
Michael Nebel
48dc9d7057 C#/Java: Move containerContent to DataFlowPrivate. 2022-03-14 13:50:55 +01:00
Michael Nebel
b7803ef0b1 C#: Introduce SyntheticFieldContent in RelevantContent. 2022-03-14 13:50:55 +01:00
Michael Nebel
12ff2c6cd5 C#/Java: Improve comments in CaptureSummaryModels. 2022-03-14 13:50:55 +01:00
Michael Nebel
3ad9731e91 C#/Java: Add some more QL docs. 2022-03-14 13:50:50 +01:00
Michael Nebel
2476e716a2 C#: Move the isRelevantTaintStep and isRelevantContent into the shared utils. 2022-03-14 13:49:52 +01:00
Michael Nebel
665e3c9326 C#: Re-factor containerContent into standalone predicate in DataFlow library. 2022-03-14 13:49:51 +01:00
Michael Nebel
5d03e510d2 C#/Java: Include synthetic fields in isRelevantContent. 2022-03-14 13:49:51 +01:00
Michael Nebel
d881d31959 C#: Remove comma from QL Doc. 2022-03-14 13:49:51 +01:00
Michael Nebel
cd03af3be4 C#: Get rid of the isOwnInstanceAccess based on ReturnStmt. 2022-03-14 13:49:46 +01:00
Mathias Vorreiter Pedersen
0bf4ce7cf1 Merge pull request #8427 from MathiasVP/fix-bad-join-in-return-stack-allocated-memory
C++: Fix join in `cpp/return-stack-allocated-memory`
2022-03-14 12:49:30 +00:00
Michael Nebel
34a91f1aac C#: Rename CaptureSummaryModelsQuery to CaptureSummaryModels. 2022-03-14 13:48:56 +01:00
Michael Nebel
94a840e96b C#: Add some more testcases for flow summary generation. 2022-03-14 13:48:56 +01:00
Michael Nebel
36e0c683bd C#: Add QL Doc to the primary predicate used for capturing flow. 2022-03-14 13:48:56 +01:00
Michael Nebel
e8aacb710e C#: Add file level QL Doc to Capture Summary models specific implementations. 2022-03-14 13:48:56 +01:00
Michael Nebel
d114582b56 C#: Add QLDoc to the shared Capture summary models library. 2022-03-14 13:48:51 +01:00
Michael Nebel
8d2593ba0c C#: Add expected output from running the test. 2022-03-14 13:47:24 +01:00
Michael Nebel
4d46b581c3 C#: Add some initial examples. 2022-03-14 13:47:24 +01:00
Michael Nebel
75b4632815 C#: Add test query. 2022-03-14 13:47:24 +01:00
Michael Nebel
20cbd6b332 Java/C#: Include the share files in sync files. 2022-03-14 13:47:24 +01:00
Michael Nebel
b08e696d42 C#: Add query. 2022-03-14 13:47:24 +01:00
Michael Nebel
31a374afa3 C#: Add copy of the shared CaptureSummaryModels logic. 2022-03-14 13:47:24 +01:00
Michael Nebel
e5cce6cca3 C#: Add initial implementation of specific predicates needed to capture summary models. 2022-03-14 13:47:24 +01:00
Michael Nebel
82d93d0f9e Java: Refactor CaptureSummaryModels code to enable re-use in C#. 2022-03-14 13:47:20 +01:00
Michael Nebel
ba233ed7a1 Java: Rearrange and refactor language specific content into standalone predicates. 2022-03-14 13:46:24 +01:00
Chris Smowton
b351d5bc2f Autoformat 2022-03-14 12:44:40 +00:00
Michael Nebel
6259ecfc12 C#: Add copy of shared functionality. 2022-03-14 13:43:51 +01:00
Michael Nebel
dadc143b60 C#: Add printer predicates for parameter and return nodes. 2022-03-14 13:43:51 +01:00
Michael Nebel
2b90b5ff62 C#: Add isRelevant predicates. 2022-03-14 13:43:51 +01:00
Michael Nebel
81c8cac77e C#: Add partial model printer for TargetApi class. 2022-03-14 13:43:51 +01:00
Michael Nebel
9c6ed0ade3 C#: Add TargetAPI class. 2022-03-14 13:43:51 +01:00
Michael Nebel
9ca199c9ae Java: Move generic code out of language specific file for model generation. 2022-03-14 13:43:45 +01:00
Michael Nebel
a2d9f4f6f4 Java: Introduce language specific file for model generator code. 2022-03-14 13:40:40 +01:00
jorgectf
a0bf68f7cd Generally extend TaintTracking::AdditionalTaintStep 2022-03-14 13:39:20 +01:00
Michael Nebel
a1c642685a Java: Re-arrange code in ModelGeneratorUtils. 2022-03-14 13:35:56 +01:00
Erik Krogh Kristensen
689f3c0478 update some references to deprecated module names 2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen
7c4f9f92fb Merge pull request #8422 from erik-krogh/depMore
JS: Address some code that weren't affecting any query result
2022-03-14 13:24:08 +01:00
Chris Smowton
f83ea25ead Add change note 2022-03-14 12:14:37 +00:00
Erik Krogh Kristensen
548e50c676 QL: add quick-eval predicate to detect unqueryable code 2022-03-14 13:04:22 +01:00
Erik Krogh Kristensen
2250ebc5e2 remove leftover comments 2022-03-14 13:04:22 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Mathias Vorreiter Pedersen
7c411b4bad C++: Respond to review comments 2022-03-14 11:57:28 +00:00
Erik Krogh Kristensen
27d41cba7e QL: add ql/dead-code query 2022-03-14 12:57:02 +01:00
Chris Smowton
aada8d3af9 Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes
C#/Java: Range analysis: use ranked phi nodes
2022-03-14 11:55:55 +00:00
Erik Krogh Kristensen
a4525bbb29 add change-note 2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen
ad2ab5602e PY: rename remaining private python modules 2022-03-14 12:22:33 +01:00
Mathias Vorreiter Pedersen
0da5d91955 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-14 11:12:23 +00:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow
Extend taint tracking interface with flow states
2022-03-14 12:06:10 +01:00
Mathias Vorreiter Pedersen
31b1e4079f C++: Prevent join-on-enclosing-callable in 'cpp/return-stack-allocated-memory'. 2022-03-14 11:01:07 +00:00
Rasmus Wriedt Larsen
2f4a22c86c Merge pull request #6112 from jorgectf/jorgectf/python/deserialization
Python: Port and extend XXE modeling
2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen
8515a70fe6 JS: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
02127b40cd PY: fix all ql/no-upper-case-variables 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
4f0d4ecf6e QL: add no-uppercase-variables query 2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
7d6700a943 Merge branch 'main' into depMore 2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
c06336480c add change note 2022-03-14 11:41:53 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms
Enforcing consistent casing of acronyms
2022-03-14 11:38:25 +01:00
Jeroen Ketema
c832b21fbe Add change notes for changes to the taint tracking library 2022-03-14 10:38:48 +01:00
Erik Krogh Kristensen
6d66ea4253 also deprecate the definitionReaches predicate, it was only used in a test 2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
54760081dc add pointers to the qldoc of deprecated predicates 2022-03-14 10:10:38 +01:00
Alex Ford
6eca036b44 Ruby: Add qldoc for Cryptography module (from python version) 2022-03-14 08:57:13 +00:00
Tony Torralba
1f4f4207b5 Add missing security-severity scores 2022-03-14 09:50:14 +01:00
Tom Hvitved
06b8f74644 C#: Avoid combinatorial explosion in structural comparison library
In cases where the target of a call/access has multiple values (which is a DB
inconsistency), the GVN construction underlying the structural comparision library
may run into a combinatorial explosion. This change excludes such expressions from
the GVN construction.
2022-03-14 09:07:45 +01:00
ihsinme
62381d0762 Update test.cpp 2022-03-14 09:36:28 +03:00
ihsinme
de92356c88 Update InsecureTemporaryFile.expected 2022-03-14 09:35:03 +03:00
ihsinme
1db759cc4d Update InsecureTemporaryFile.ql 2022-03-14 09:33:08 +03:00
4B5F5F4B
597603a3a6 Create cve-2017-5123.ql
Add query to detect CVE-2017-5123
2022-03-14 09:44:30 +08:00
4B5F5F4B
4030561eb7 Delete CVE 2022-03-14 09:43:04 +08:00
4B5F5F4B
880c12bd34 Create CVE 2022-03-14 09:42:40 +08:00
Erik Krogh Kristensen
8f86b067e7 deprecate the unused localTaintStep and stringStep predicates 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c deprecate some unused predicate in DefUse.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1 deprecate unused document predicates in DOM.qll 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
5e52a71091 remove test .qll files that weren't imported 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4fc85a791d deprecate DefiningIdentifier, it was not used in any query 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d use some Sanitizer classes that were unused in the query code 2022-03-13 23:54:53 +01:00
Alex Ford
fc232ce55f Ruby: changenote for rb/weak-cryptographic-algorithm 2022-03-13 21:25:28 +00:00
Alex Ford
94d5f3bb1f Ruby: Add rb/weak-cryptographic-algorithm query 2022-03-13 21:25:28 +00:00
Alex Ford
40b87e6df7 Ruby: tests for rb/weak-cryptographic-algorithm 2022-03-13 21:25:24 +00:00
Alex Ford
446141ada3 Ruby: qhelp for rb/weak-cryptographic-algorithm 2022-03-13 21:25:12 +00:00
Alex Ford
4234cfeeec Ruby: model CipherOperations for OpenSSL 2022-03-13 21:21:52 +00:00
Alex Ford
489391eb4c Ruby: add CryptographicOperation concept 2022-03-13 21:21:52 +00:00
Dave Bartolomeo
afa3399e27 Zero diffs between Java AST and Semantic range analysis 2022-03-13 13:38:21 -04:00
jorgectf
ded9663f2b Finish taint steps 2022-03-13 13:59:03 +01:00
Dave Bartolomeo
8b4d6a26ef Performance improvements for semantic layer construction 2022-03-12 11:28:12 -05:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00
Arthur Baars
f59f36b863 Use RUNNER_TEMP instead of runner.temp 2022-03-11 21:13:41 +01:00
Joe Farebrother
b924de631f Add change note, minor docs improvement 2022-03-11 17:58:52 +00:00
Ahmed Farid
3c9de6f488 Update Zip.qll 2022-03-11 18:50:37 +01:00
Joe Farebrother
594d51e84d Exclude constants 2022-03-11 17:45:42 +00:00
Joe Farebrother
06f2c03828 Add tests 2022-03-11 17:44:52 +00:00
Arthur Baars
7da0889813 Update check-qldoc.yml 2022-03-11 17:45:23 +01:00
Arthur Baars
e1f9eca272 Update check-qldoc.yml 2022-03-11 17:44:55 +01:00
Jonathan Leitschuh
50ff2c2c68 Code cleanup from code review 2022-03-11 11:44:15 -05:00
Robert Marsh
5c04516179 Merge pull request #8390 from redsun82/remove-unique-from-uuid
C++: Remove uniqueness constraint from uuid
2022-03-11 11:08:34 -05:00
Alex Ford
808cc9cf35 Merge pull request #8396 from alexrford/ruby/charpred-only-field
Ruby: resolve `ql/field-only-used-in-charpred` alerts
2022-03-11 15:48:05 +00:00
Erik Krogh Kristensen
fa37ece593 Merge pull request #8408 from erik-krogh/pathProblem
QL: make a query checking for `edges` relation in a path-problem query
2022-03-11 16:27:46 +01:00
Erik Krogh Kristensen
14e0d387e7 add a ql/path-problem-query query 2022-03-11 16:06:27 +01:00
Alex Ford
757aa294aa Update ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-11 14:53:02 +00:00
Tony Torralba
c49d19eb0f Merge pull request #8407 from smowton/smowton/admin/revert-8325
Java: Revert #8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
2022-03-11 14:55:10 +01:00
Arthur Baars
cf4b834536 Address comments 2022-03-11 14:25:34 +01:00
Ahmed Farid
f092cd8d80 Update Zip.qll 2022-03-11 14:15:05 +01:00
Ahmed Farid
eb71cdf7a2 Update ZipSlip.ql 2022-03-11 14:13:28 +01:00
Ahmed Farid
0de1cef26e Update ZipSlip.qll 2022-03-11 14:03:17 +01:00
Chris Smowton
58d4513d84 Change note 2022-03-11 12:51:13 +00:00
Chris Smowton
496cae7742 Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.
2022-03-11 12:45:53 +00:00
Chris Smowton
579b57cf67 Range analysis: use ranked phi nodes
This borrows a technique (and the implementing code) off Modulus analysis.
2022-03-11 12:32:12 +00:00
Erik Krogh Kristensen
1e365611fc fix all other implicit-this warnings introduced by the acronym patch 2022-03-11 13:22:07 +01:00
github-actions[bot]
7ac7657ffc JS: Bump patch version of ML-powered library and query packs post-release 2022-03-11 12:17:13 +00:00
Erik Krogh Kristensen
2e2970128e fix typo in change-note 2022-03-11 13:16:34 +01:00
Erik Krogh Kristensen
a5a82a0b58 JS: remove accidential copy-pasted change-note 2022-03-11 13:16:34 +01:00
Erik Krogh Kristensen
b63b675169 RB: add explicit-this
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-03-11 13:16:10 +01:00
github-actions[bot]
2f6886642c JS: Bump minor version of ML-powered library and query packs 2022-03-11 12:13:03 +00:00
Jeroen Ketema
a8b2805aeb Merge pull request #8246 from ihsinme/ihsinme-patch-82
CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
2022-03-11 12:54:49 +01:00
Chris Smowton
b1a42816bd Merge pull request #8402 from smowton/smowton/admin/revert-8360
Java: Revert #8360, "Add CompileTimeConstantExpr.getStringified method"
2022-03-11 11:54:24 +00:00
Erik Krogh Kristensen
e625d17978 Merge pull request #8374 from erik-krogh/nonDocBlock
QL: add query detecting block comments in a position where a QLDoc should be
2022-03-11 12:24:44 +01:00
Jeroen Ketema
93a0da75b6 Fix taint tracking configurations that broke due to interface change 2022-03-11 12:18:04 +01:00
Chris Smowton
46cd85c70b Revert #8360, "Add CompileTimeConstantExpr.getStringified method" 2022-03-11 11:13:21 +00:00
Jeroen Ketema
cd28f09ae0 Extend taint tracking interface with flow states 2022-03-11 11:50:35 +01:00
Jeroen Ketema
80c6253a57 C++: Remove private imports unused after deprecated cleanup 2022-03-11 11:47:44 +01:00
Chris Smowton
f006cd0e37 Merge pull request #8360 from JLLeitschuh/feat/JLL/compile_time_constant_getStringified
[Java] Add CompileTimeConstantExpr.getStringified method
2022-03-11 10:34:52 +00:00
Erik Krogh Kristensen
4f8f7cd57d JS: update expected output of test 2022-03-11 11:18:14 +01:00
Erik Krogh Kristensen
1a275a32f7 add change-notes 2022-03-11 11:18:14 +01:00
Erik Krogh Kristensen
c2787ee18b RB: add missing QLDoc 2022-03-11 11:18:09 +01:00
Erik Krogh Kristensen
8f08b4ccc8 JS: add missing QLDoc 2022-03-11 11:18:01 +01:00
Erik Krogh Kristensen
25690759fd JS: update expected test output 2022-03-11 11:17:41 +01:00
Erik Krogh Kristensen
bb32c79f0c Java: add missing qldoc 2022-03-11 11:17:38 +01:00
Erik Krogh Kristensen
cc43a94385 Java: remove duplicated class 2022-03-11 11:10:38 +01:00
Erik Krogh Kristensen
b568bb91ef JS: remove duplicated predicate 2022-03-11 11:10:38 +01:00
Erik Krogh Kristensen
ed54d7b74b fixup getAPrimaryQlClass 2022-03-11 11:10:38 +01:00
Erik Krogh Kristensen
23191b1f2c C#: rename XmlComment to XmlCommentLine to avoid naming conflict 2022-03-11 11:10:38 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen
e3a15792fa QL: add query detecting upper-case acronyms 2022-03-11 11:05:45 +01:00
Erik Krogh Kristensen
122ab6e6d8 C#: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
ddf93b555e PY: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
8db51b49f3 QL: fix ql/non-doc-block in QL-for-QL 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
8483b9fd65 QL: add query detecting block comments in a position where a QLDoc should be 2022-03-11 11:02:56 +01:00
Tony Torralba
c99bad4047 Recover old change note 2022-03-11 10:35:04 +01:00
Mathias Vorreiter Pedersen
3c17d90e3b C++: Accept test changes. 2022-03-11 09:30:44 +00:00
Mathias Vorreiter Pedersen
272e096190 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-11 09:24:03 +00:00
github-actions[bot]
3a5ebbb861 Post-release preparation for codeql-cli-2.8.3 2022-03-11 09:23:34 +00:00
github-actions[bot]
4bd2553a7f Post-release preparation for codeql-cli-2.8.3 2022-03-11 09:23:25 +00:00
Erik Krogh Kristensen
df9533f46e Merge pull request #8347 from erik-krogh/depBeGone
remove all deprecations that are over a year old
2022-03-11 10:01:07 +01:00
Arthur Baars
42ca3f319b Merge pull request #8397 from github/release-prep/2.8.3
Release preparation for version 2.8.3
2022-03-11 08:08:01 +01:00
Arthur Baars
77b879f480 Merge pull request #701 from github/release-prep/2.8.3
Release preparation for version 2.8.3
2022-03-11 08:07:57 +01:00
Jonathan Leitschuh
1c9864286d Remove SystemProperty from FlowSources 2022-03-10 18:29:29 -05:00
Jeroen Ketema
007e33ad46 Fix C++ changelog heading and itemization 2022-03-10 23:11:07 +01:00
Robert Marsh
1e2cc4fca8 C++: change note for template implicit copy ops 2022-03-10 15:26:24 -05:00
Erik Krogh Kristensen
d316ad198e Merge pull request #8380 from erik-krogh/chainedCalls
JS: support that the base is not a method-call in getAChainedMethodCall
2022-03-10 21:13:42 +01:00
github-actions[bot]
6b194bc55f Release preparation for version 2.8.3 2022-03-10 19:43:58 +00:00
github-actions[bot]
e7cf172119 Release preparation for version 2.8.3 2022-03-10 19:43:52 +00:00
Alex Ford
305a51754c Run python config/sync-files.py 2022-03-10 18:34:16 +00:00
Alex Ford
506989ff91 Ruby: simplify some charpreds 2022-03-10 18:27:43 +00:00
Alex Ford
25416babe0 Ruby: resolve ql/field-only-used-in-charpred alerts 2022-03-10 18:27:43 +00:00
Alex Ford
0f0a51e2e0 Ruby: update test output 2022-03-10 18:27:06 +00:00
ihsinme
ac8adeabf5 Update ImproperCheckReturnValueScanf.expected 2022-03-10 21:12:23 +03:00
ihsinme
623f3fbe21 Update test.cpp 2022-03-10 21:10:41 +03:00
Erik Krogh Kristensen
9466043169 CPP: remove remaining ObjectiveC references 2022-03-10 19:00:49 +01:00
Alex Ford
2b25765156 Format QL 2022-03-10 17:55:42 +00:00
Alex Ford
43fb759dfa Ruby: add a few more rb/clear-text-storage-sensitive-data test cases 2022-03-10 17:52:50 +00:00
Alex Ford
37c0702cdd Ruby: update test output 2022-03-10 17:50:29 +00:00
Alex Ford
0b73088ed4 Ruby: link to sink in rb/clear-text-storage-sensitive-data message 2022-03-10 17:38:52 +00:00
Alex Ford
0f3cf47ca9 Ruby/JS/Py: Add "random" to the notSensitiveRegexp() heuristic 2022-03-10 17:38:52 +00:00
Alex Ford
532fc080a1 Ruby: Fix inconsistencies in checking for sensitive names in CleartextSources 2022-03-10 17:38:52 +00:00
Alex Ford
8be1be388e Ruby: update CleartextStorage test output for source locations 2022-03-10 17:38:52 +00:00
Alex Ford
fda2b56e20 Ruby: move rb/clear-text-storage-sensitive-data location from sink to source 2022-03-10 17:38:52 +00:00
Alex Ford
4618000567 Ruby: move an import into CleartextStorage.ql 2022-03-10 17:38:52 +00:00
Alex Ford
853fbe8911 Ruby: Fix CleartextStorageCustomizations to use PersistentWriteAccess 2022-03-10 17:38:52 +00:00
Alex Ford
a1a7c31661 Ruby: drop an outdated TODO 2022-03-10 17:38:52 +00:00
Alex Ford
9fe7d6e143 Ruby: fix typo
Co-authored-by: Harry Maclean <hmac@github.com>
2022-03-10 17:38:52 +00:00
Alex Ford
0e2709f809 Ruby: changenote for rb/clear-text-storage-sensitive-data 2022-03-10 17:38:52 +00:00
Alex Ford
ef29a372a4 Ruby: Cleartext storage tests 2022-03-10 17:38:52 +00:00
Alex Ford
0070e30377 Ruby: Add rb/clear-text-storage-sensitive-data query 2022-03-10 17:38:52 +00:00
Alex Ford
7084718b07 Ruby: factor out common parts of CleartextLoggingCustomizations into CleartextSources 2022-03-10 17:38:52 +00:00
Alex Ford
19c7f7be46 Merge pull request #8271 from github/alexrford/ruby/orm-write-access
Ruby: Add `OrmWriteAccess` concept to model writes to a DB using an ORM
2022-03-10 17:35:02 +00:00
Jonathan Leitschuh
ecb8911756 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-03-10 11:48:16 -05:00
ihsinme
a094e6f63b Update test.cpp 2022-03-10 17:56:34 +03:00
ihsinme
fa3ce61369 Update test.cpp 2022-03-10 17:54:03 +03:00
Tom Hvitved
d4808a7b4a Merge pull request #8389 from hvitved/ruby/regex-unique-get-value
Ruby: Avoid multiple `RegExpEscape::getValue` results
2022-03-10 15:53:28 +01:00
Joe Farebrother
4bf6c10896 Split configs into Query.qll library 2022-03-10 13:23:40 +00:00
Erik Krogh Kristensen
41778328c2 Update javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
2022-03-10 14:16:28 +01:00
Taus
4ee4bba4d1 Merge branch 'main' into ZipSlip 2022-03-10 13:30:51 +01:00
Mathias Vorreiter Pedersen
bff10e8ea1 C++: Add change note. 2022-03-10 10:59:04 +00:00
Mathias Vorreiter Pedersen
0d3e47bcae C++: Pick the offset expression as the sink in 'cpp/unclear-array-index-validation' (and not the array expression). 2022-03-10 10:57:51 +00:00
Mathias Vorreiter Pedersen
5de2e24e9a Merge pull request #8358 from geoffw0/cwe497c
C++: Upgrade cpp/system-data-exposure to high precision
2022-03-10 10:49:19 +00:00
Erik Krogh Kristensen
c2743177af JS: delete the TrackedNodes.qll, it had no public interface left 2022-03-10 11:34:17 +01:00
Mathias Vorreiter Pedersen
693eca2179 C++: Give 'cpp/unclear-array-index-validation' precision low. 2022-03-10 10:17:08 +00:00
Chris Smowton
3113b27606 Fix style 2022-03-10 10:03:14 +00:00
Tom Hvitved
208851cb91 Merge pull request #7084 from hvitved/ruby/self-flow
Ruby: Cleanup flow through `self`
2022-03-10 10:50:24 +01:00
Tom Hvitved
5b974582e3 Merge pull request #8322 from hvitved/csharp/remove-odasa-legacy
C#: Remove legacy `odasa` support
2022-03-10 10:34:33 +01:00
Paolo Tranquilli
34829e92b1 C++: Remove uniqueness constraint from uuid
Different class definitions can have the same uuid. This happens for
example when using `#import <msxml6.dll>` there will be several C++
classes generated in `msxml6.tlh` which will share uuids with
`extern "C"` struct declarations in the system header `msxml.h`.

Notice that as far as the standard cpp QL library and queries go, we
expose `getUuid()` on `UserType` and we never try to invert it, so we
only rely on uniqueness of the `id` column in the `usertype_uuid` table,
not the `uuid` column.

Closes github/codeql-c-team#893
2022-03-10 10:33:37 +01:00
Tom Hvitved
76663f80f0 Ruby: Avoid multiple RegExpEscape::getValue results 2022-03-10 10:32:24 +01:00
Tom Hvitved
0d71f0ab40 Ruby: Add regex unicode test 2022-03-10 10:30:17 +01:00
Erik Krogh Kristensen
fa766126e5 CPP: remove import of deleted deprecation 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
a96223c9c1 PY: remove leftover comments 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
e6b0552114 JS: delete leftover comment 2022-03-10 10:25:02 +01:00
Erik Krogh Kristensen
53d557c037 CPP: delete file that that had been deprecated for over a year 2022-03-10 10:24:57 +01:00
Tom Hvitved
37f5db5baa Ruby: Reduce captureFlow(In|Out)
When there is flow in/out of a block through a captured variable, we can restrict
the calls that give rise to the flow to the method calls to which the blocks
belong.
2022-03-10 10:21:51 +01:00
Geoffrey White
9e3156dd1c Merge branch 'main' into cwe497c 2022-03-10 09:05:58 +00:00
Erik Krogh Kristensen
b9b65005d6 C#: delete leftover comment 2022-03-10 10:02:36 +01:00
ihsinme
4b451cfee6 Update ImproperCheckReturnValueScanf.expected 2022-03-10 10:13:04 +03:00
ihsinme
5e23615be7 Update test.cpp 2022-03-10 10:12:29 +03:00
Alex Ford
edf8a3f810 Ruby: update test output 2022-03-10 00:17:29 +00:00
Alex Ford
ace60df619 Ruby: add missing qldoc 2022-03-10 00:00:02 +00:00
Dave Bartolomeo
00ae5de780 Make semantic modulus analysismatch Java results 2022-03-09 18:06:43 -05:00
Alex Ford
8abee165a5 Ruby: test cases for PersistentWriteAccess in rails model class 2022-03-09 22:35:40 +00:00
Alex Ford
a040b67434 Ruby: drop some redundant extends classes 2022-03-09 19:13:58 +00:00
Alex Ford
d85424d0e0 Ruby: Drop ActiveRecord::Persistence.ModifyAndSaveCall 2022-03-09 19:10:53 +00:00
Alex Ford
19c413d5fb Ruby: Drop setsKeyValuePair/2 predicate from ActiveRecord::Persistence.ModifyAndSaveCall 2022-03-09 19:09:18 +00:00
Alex Ford
ee433637f8 Ruby: replace OrmWriteAccess with PersistentWriteAccess concept 2022-03-09 18:59:16 +00:00
Erik Krogh Kristensen
34c7bcadde CPP: delete LocalScopeVariableReachability.qll 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
9c4fcf4c6d fix typo in change-note
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
b45d06df9a PY: remove leftover comment 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
755b0bbcb9 PY: update tests to not use deleted deprecations 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
61e282da84 PY: delete test that mostly used deleted deprecated features 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
6a28ddd9ec JS: un-deprecate deleted deprecated class that defined taint-steps 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
e140548547 C++: reintroduce deprecated predicates that affect an internal test 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
309e376c6d PY: convert test to not use deleted deprecations 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
59db0e7a0f JS: delete unused predicate 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
c48a5a1294 JS: update tests to not use deleted deprecations 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
9e46239928 CPP: remove 13 month old deprecation that override an even older deprecation 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
417def8c8b only mark deprecations as old after 14 months 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
d5a76e8c98 Python: delete test that only used deprecated classes 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
91af2f14b1 CPP: update expected output after deleting deprecated things 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
a1769f8036 Python: add default implementation of getName() and deprecate it 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
e721094182 Python: remove old deprecation that was recently updated by an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
b8d632810e Python: remove deprecation that were recently updated from an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
5312e4a8b5 add change note that all old deprecations were deleted 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
f924d69dbd Java: remove deprecations that were recently updated from an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
6dd3f7f113 CPP: remove old deprecated predicate that was recently updated by an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
1e445856e7 CPP: remove leftover line comment 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Erik Krogh Kristensen
ef07aaa998 add script for detecting deprecations that are over a year old 2022-03-09 18:25:07 +01:00
Mathias Vorreiter Pedersen
dfb20f7721 Merge pull request #8368 from MathiasVP/add-must-flow-lib
C++: Factor must-flow predicates out of two queries
2022-03-09 17:07:23 +00:00
Jonathan Leitschuh
2a6c4e9350 Add localFlowPlusInitializers 2022-03-09 11:06:26 -05:00
Jonathan Leitschuh
363fff2358 Cleanup from code review feedback 2022-03-09 10:48:06 -05:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings
Python: Fix a bunch of QL warnings
2022-03-09 16:31:28 +01:00
Jonathan Leitschuh
65457cc2e2 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-03-09 10:25:05 -05:00
Mathias Vorreiter Pedersen
17cec52af8 Merge pull request #8385 from erik-krogh/orderByConst
QL: add query detecting ordering by a constant
2022-03-09 14:18:35 +00:00
Mathias Vorreiter Pedersen
f2676968f0 C++: Actally convert 'cpp/overflow-destination' to a path-problem query. 2022-03-09 13:49:52 +00:00
Michael Nebel
fbe8f75903 Merge pull request #8038 from michaelnebel/csharp/gvn-cfecomparison
C#: Refactor Structural Comparison for Control Flow Elements.
2022-03-09 13:36:42 +01:00
Tom Hvitved
aa1284aa03 Ruby: Cache two more data flow predicates 2022-03-09 13:17:14 +01:00
Tom Hvitved
1e1b2e284d Ruby: Cleanup flow through self 2022-03-09 13:17:11 +01:00
Mathias Vorreiter Pedersen
8a8fb692a3 C++: Use a 'TaintTracking::Configuration' for 'cpp/uncontrolled-allocation-size'. 2022-03-09 12:09:32 +00:00
Mathias Vorreiter Pedersen
2328898b19 C++: Use a 'TaintTracking::Configuration' for 'cpp/unclear-array-index-validation'. 2022-03-09 12:09:27 +00:00
Mathias Vorreiter Pedersen
d7652f9742 C++: Use a 'TaintTracking::Configuration' for 'cpp/overflow-destination'. 2022-03-09 12:07:25 +00:00
Michael Nebel
d0cb984f9e Merge pull request #6 from hvitved/csharp/gvn-cfecomparison
C#: Code review suggestions
2022-03-09 12:11:23 +01:00
Arthur Baars
747c7f6b5e JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query 2022-03-09 12:11:14 +01:00
Erik Krogh Kristensen
cebd24156c support that the base is not a method-call in getAChainedMethodCall 2022-03-09 11:12:04 +01:00
Rasmus Wriedt Larsen
0e9da4aadb Python: Resolve name conflict over XML module
Not the prettiest solution... but it works ¯\_(ツ)_/¯
2022-03-09 11:02:28 +01:00
Tom Hvitved
c51ddd0d35 C#: Code review suggestions 2022-03-09 10:50:53 +01:00
Tom Hvitved
275902d558 Merge pull request #8373 from hvitved/ruby/regex-multiples-parse-fix
Ruby: Fix incorrect parsing of ranges
2022-03-09 10:30:01 +01:00
Tom Hvitved
7f0fa15fbc Address review comment 2022-03-09 09:19:37 +01:00
Tom Hvitved
e4247e4ef6 C#: Add change note 2022-03-09 09:19:37 +01:00
Tom Hvitved
c463dc9d1a C#: Remove legacy odasa support
The following environment variables are no longer supported:

```
ODASA_BUILD_ERROR_DIR
ODASA_CSHARP_LAYOUT
ODASA_SNAPSHOT
SEMMLE_DIST
SEMMLE_EXTRACTOR_OPTIONS
SEMMLE_PLATFORM_TOOLS
SEMMLE_PRESERVE_SYMLINKS
SOURCE_ARCHIVE
TRAP_FOLDER
```
2022-03-09 09:19:37 +01:00
Owen Mansel-Chan
807ef2e5ef Merge pull request #700 from smowton/smowton/fix/filepath-clean
Treat path.Clean and filepath.Clean alike re: tainted path sanitization
2022-03-09 06:18:26 +00:00
Dave Bartolomeo
ec3e643120 Remove direct dependencies on import java 2022-03-09 00:06:17 -05:00
jorgectf
447636bf1c Attempt to add MyBatis' sinks and taint steps to SQL and OGNL injection queries 2022-03-09 04:21:26 +01:00
jorgectf
e000163614 Properly model AbstractSQL sinks and taint steps 2022-03-09 04:20:34 +01:00
Ahmed Farid
475cca0d7e Update ZipSlip.qll 2022-03-09 00:00:52 +01:00
Ahmed Farid
27b9d6c752 Update ZipSlip.qll 2022-03-08 23:59:03 +01:00
Ahmed Farid
23bd53a325 Update zipslip_good.py 2022-03-08 23:55:17 +01:00
Dave Bartolomeo
09a5fded1c Clean up SemanticCFG 2022-03-08 17:36:13 -05:00
Dave Bartolomeo
04fae43734 Minimize language-specific code for sign analysis 2022-03-08 17:13:06 -05:00
Tom Hvitved
f5fbf50d7d Ruby: Fix incorrect parsing of ranges 2022-03-08 19:53:17 +01:00
Tom Hvitved
89c3d0535a Ruby: Add regex test that outputs all RegExpTerms 2022-03-08 19:53:17 +01:00
Tom Hvitved
073302f196 Ruby: Add another regex consistency test 2022-03-08 19:53:17 +01:00
Tom Hvitved
a70ed71c01 Merge pull request #8370 from hvitved/ruby/regex-group-name-off-by-one
Ruby: Fix off-by-one error in `getGroupName`
2022-03-08 19:52:32 +01:00
Chris Smowton
e8084233b8 Treat path.Clean and filepath.Clean alike re: tainted path sanitization 2022-03-08 16:42:59 +00:00
Geoffrey White
9ebdb2ac1d C++: QLDoc. 2022-03-08 16:12:58 +00:00
Tom Hvitved
5f48cc06bb Ruby: Fix off-by-one error in getGroupName 2022-03-08 15:59:47 +01:00
Tom Hvitved
6dd126b6e3 Ruby: Add regex group tests 2022-03-08 15:59:28 +01:00
Mathias Vorreiter Pedersen
d8bad778ed C++: Fix QLDoc 2022-03-08 14:38:39 +00:00
Tom Hvitved
86121164c5 Merge pull request #8364 from hvitved/ruby/fix-regex-parse
Ruby: Fix regex parsing of `/[|]/`
2022-03-08 15:26:29 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-03-08 15:20:35 +01:00
Michael Nebel
ec75bbc748 Merge pull request #8203 from michaelnebel/csharp/extractor-option-buildless
C#: Refactoring - Move some of the standalone extractor code to the Standalone project.
2022-03-08 14:32:59 +01:00
Mathias Vorreiter Pedersen
69417e150a C++: Address review comments. 2022-03-08 13:15:02 +00:00
Mathias Vorreiter Pedersen
1bf430529b Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-08 13:07:17 +00:00
Mathias Vorreiter Pedersen
edf629f5aa Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-08 13:07:09 +00:00
Mathias Vorreiter Pedersen
bfa0714577 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-08 13:06:53 +00:00
Mathias Vorreiter Pedersen
9e7b0925c6 Merge pull request #8366 from jketema/code-duplication-deprecated
C++: Mark everything in CodeDuplication.qll as deprecated
2022-03-08 12:47:50 +00:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Mathias Vorreiter Pedersen
7106fe35aa C++: Accept test changes. This is just a change in the names of the path nodes. These names are actually better as they don't refer to the name of IR instructions. 2022-03-08 11:40:56 +00:00
Mathias Vorreiter Pedersen
8c5b3368e1 C++: Make the two must-flow queries use the new must-flow library 2022-03-08 11:40:56 +00:00
Mathias Vorreiter Pedersen
ee9c0dcb83 C++: Add library for must-flow. 2022-03-08 11:40:56 +00:00
Jeroen Ketema
b039b91fd8 C++: Add change note 2022-03-08 12:36:11 +01:00
Jeroen Ketema
df1e810f13 C++: Remove duplicate code queries that were deprecated over a year ago 2022-03-08 12:28:41 +01:00
Jeroen Ketema
d2e2866276 C++: Also deprecate TDuplicationOrSimilarity 2022-03-08 12:26:07 +01:00
Arthur Baars
6aacc75a49 CI: add QLdoc test 2022-03-08 12:07:20 +01:00
Jeroen Ketema
55351ce835 Update cpp/ql/src/external/CodeDuplication.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-08 11:57:05 +01:00
Jeroen Ketema
2e73e35747 Update cpp/ql/src/external/CodeDuplication.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-08 11:56:55 +01:00
Jeroen Ketema
81783e828e C++: Mark everything in CodeDuplication.qll as deprecated
Although we earlier added a comment to the classes in noting that
they are deprecated, we did not properly mark the classes as actually
being deprecated.

All predicates - except for 3 - depend on the classes being functional,
which they no longer are, so mark those a deprecated as well. The three
remaining predicates (`FunctionDeclarationEntry`, `numberOfSourceMethods`,
and `whitelistedLineForDuplication`) seem to be helpers, and are likely
not used when the library is not used, so mark those as deprecated as
well.
2022-03-08 11:38:01 +01:00
Erik Krogh Kristensen
4734f1916e Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred
QL: field only used in charPred
2022-03-08 11:25:57 +01:00
Rasmus Wriedt Larsen
6b14c1d6b9 Merge branch 'main' into jorgectf/python/deserialization 2022-03-08 11:15:03 +01:00
Rasmus Wriedt Larsen
cbe3964a87 Merge pull request #8275 from haby0/py/add-ssrf-sinks
Python: Add Server-side Request Forgery sinks
2022-03-08 11:06:52 +01:00
Tom Hvitved
3bc8d0878f Ruby: Add regex consistency queries 2022-03-08 10:10:14 +01:00
Tom Hvitved
6d4eecff14 Ruby: Fix regex parsing of /[|]/ 2022-03-08 09:52:06 +01:00
Tom Hvitved
a7442b7a2b Ruby: Add regex test case for /[|]/ 2022-03-08 09:51:39 +01:00
ihsinme
8335778e20 Update ImproperCheckReturnValueScanf.qhelp 2022-03-08 07:45:07 +03:00
ihsinme
c0c7748c5e Apply suggestions from code review
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-08 07:42:35 +03:00
Jonathan Leitschuh
2e8b5f743b [Java] Add CompileTimeConstantExpr.getStringified method
Removes CharacterLiteral from CompileTimeConstantExpr.getStringValue

Resolves:
 - https://github.com/github/codeql/pull/8325#issuecomment-1060470279
 - https://github.com/github/codeql/pull/8325#issuecomment-1060587205
2022-03-07 20:11:38 -05:00
Jonathan Leitschuh
a21992ade9 Minor refactoring to improve tests and documentation 2022-03-07 18:40:53 -05:00
Jonathan Leitschuh
5b651f29d8 Fix insufficient tests and add documentation 2022-03-07 16:39:40 -05:00
Taus
5a8ba6a7af Python: Fix use of singleton set 2022-03-07 18:59:49 +00:00
Taus
d2603884ca Python: Fix a bunch of class QLDoc 2022-03-07 18:59:49 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Geoffrey White
c793699562 C++: Change note. 2022-03-07 17:41:00 +00:00
Geoffrey White
fc6f42296a C++: Upgrade cpp/system-data-exposure. 2022-03-07 17:39:04 +00:00
Arthur Baars
49b4fe77ad Add missing QLdoc 2022-03-07 17:59:06 +01:00
Jonathan Leitschuh
b282c7f1b9 Apply suggestions from code review
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
2022-03-07 11:31:32 -05:00
Tom Hvitved
6aad8d6897 Merge pull request #8302 from aibaars/type-tracking-smallstep
Ruby: TypeTracker: add smallstep for functions that return their arguments
2022-03-07 17:26:45 +01:00
Arthur Baars
a1873cc803 Ruby: IncompleteUrlSubstringSanitization.ql 2022-03-07 16:17:32 +01:00
Arthur Baars
c9fa1fb5bb Ruby: copy JS version of IncompleteUrlSubstringSanitization.ql 2022-03-07 16:17:08 +01:00
Arthur Baars
ce50f35dda Python: switch to shared implementation of IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
bb348116ab JavaScript: update expected output 2022-03-07 16:10:08 +01:00
Arthur Baars
98f56f4d60 Js/Ruby: Share IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
097c661362 Ruby: drop results that cannot be found yet from IncompleteHostnameRegExp.expected 2022-03-07 16:10:08 +01:00
Arthur Baars
9e8930c192 Ruby: IncompleteHostnameRegExp.ql 2022-03-07 16:10:08 +01:00
Arthur Baars
832c9c4b0b Ruby: copy IncompleteHostnameRegExp files from JavaScript 2022-03-07 16:10:07 +01:00
Arthur Baars
eeb9a1d270 JavaScript: fix typos in documentation 2022-03-07 16:09:13 +01:00
Arthur Baars
602538d1c1 Ruby: add RegExpPatterns module 2022-03-07 16:09:12 +01:00
Rasmus Lerchedahl Petersen
895ce755c1 python: correct file name 2022-03-07 13:03:04 +01:00
Geoffrey White
cb33ed4fc2 C++: Only look for sensitive strings in appropriate parameters. 2022-03-07 11:29:09 +00:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
2022-03-07 10:55:29 +00:00
Arthur Baars
200a965fda Update expected output 2022-03-07 11:51:54 +01:00
Arthur Baars
95027e746c Ruby: TypeTracker: add smallstep for functions that return their arguments 2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a Ruby: Update type tracker test 2022-03-07 11:51:54 +01:00
Tom Hvitved
64b458b166 Merge pull request #8319 from hvitved/csharp/recursive-qltest-extraction-change-note
C#: Add change note about recursive `codeql test run` extraction
2022-03-07 11:43:11 +01:00
Tom Hvitved
c1db0a9429 Merge pull request #8317 from hvitved/typetracker/jump-step
Ruby/Python: Clear call contexts after jump steps in type tracking
2022-03-07 11:38:51 +01:00
Tom Bolton
173f45f316 Merge pull request #8334 from github/tombolton/add-mapping-query
JS: Add query that maps queries to sink type
2022-03-07 10:35:37 +00:00
Geoffrey White
f1d6234483 C++: Add more information about registry query parameters. 2022-03-07 09:45:31 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats
C++: Update the DB scheme stats file
2022-03-07 09:11:53 +00:00
Ahmed Farid
3b8c7e8944 Update ZipSlip.expected 2022-03-07 10:11:34 +01:00
Ahmed Farid
8402d661df Update zipslip_bad.py 2022-03-07 10:11:00 +01:00
Ahmed Farid
6685c6b4b3 Update ZipSlip.qll 2022-03-07 10:09:53 +01:00
Tony Torralba
08ce128d64 Merge pull request #8325 from JLLeitschuh/feat/JLL/improve_compile_time_constant
[Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue
2022-03-07 09:32:59 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Ahmed Farid
35a1c80ceb Update zipslip_bad.py 2022-03-07 00:24:45 +01:00
Ahmed Farid
0d9436892a Update zipslip_bad.py 2022-03-07 00:24:25 +01:00
Ahmed Farid
6233309028 Update ZipSlip.expected 2022-03-07 00:23:48 +01:00
Ahmed Farid
ce7923c8b3 Update zipslip_bad.py 2022-03-07 00:23:19 +01:00
Ahmed Farid
e8449d8f40 Update zipslip_bad.py 2022-03-07 00:23:03 +01:00
Ahmed Farid
b7d4715c4e Create ZipSlip.expected 2022-03-07 00:06:24 +01:00
Ahmed Farid
b9b52d4c7c Update zipslip_bad.py 2022-03-07 00:02:50 +01:00
Ahmed Farid
d7dacfc6bd Update zipslip_good.py 2022-03-07 00:01:55 +01:00
Ahmed Farid
908db6a05f Update zipslip_bad.py 2022-03-07 00:01:09 +01:00
Ahmed Farid
7f2d242702 Update zipslip_good.py 2022-03-06 23:59:11 +01:00
Ahmed Farid
8649375be3 Update ZipSlip.qll 2022-03-06 23:56:02 +01:00
Ahmed Farid
91b5f2ad34 Update Zip.qll 2022-03-06 23:54:46 +01:00
Ahmed Farid
466f75bad8 Update Concepts.qll 2022-03-06 23:53:00 +01:00
Erik Krogh Kristensen
9c759a987e QL: add query detecting ordering by a constant 2022-03-06 17:02:19 +01:00
Alex Ford
98dbe3aaf3 Ruby: make ActiveRecord Persistence::ModifyAndSaveCall private 2022-03-05 18:22:32 +00:00
Jonathan Leitschuh
523ddb79f3 Cleanup after code review feedback 2022-03-04 15:35:01 -05:00
Jonathan Leitschuh
5243fe3dbf Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-03-04 15:30:52 -05:00
Tiferet Gazit
bbc712fdb3 Merge pull request #8297 from erik-krogh/atmPerf
JS: Fix ATM timeout on NodeJS
2022-03-04 10:41:35 -08:00
Geoffrey White
4316026720 C++: VariableAccess -> Expr. 2022-03-04 18:00:54 +00:00
Alex Ford
8fed9f9aa0 Ruby: ActiveRecord - match OrmWriteAccesses for assignements to the assignment node rather than the setter call 2022-03-04 17:24:24 +00:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength
C++: new query for insufficient key strength
2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
2022-03-04 11:39:10 -05:00
Jorge
5552834e0f Merge pull request #9 from RasmusWL/WIP
Rasmus' rewrite of https://github.com/github/codeql/pull/6112

See https://github.com/github/codeql/pull/6112#pullrequestreview-898959413
2022-03-04 17:18:54 +01:00
Taus
b35718e0d5 Python: Remove uses of getAQlClass 2022-03-04 15:39:27 +00:00
Erik Krogh Kristensen
7691807713 delete the getLastParameter predicate from ApiGraphs 2022-03-04 16:24:54 +01:00
Jonathan Leitschuh
38897f2ec1 Fixup tests from code review changes 2022-03-04 09:33:51 -05:00
Jonathan Leitschuh
17b6e66814 Apply suggestions from code review
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2022-03-04 09:29:57 -05:00
ihsinme
5c801392d1 Merge pull request #2 from geoffw0/fix_tests
Fix tests.
2022-03-04 15:41:41 +03:00
Arthur Baars
71e393c6e1 Merge pull request #8330 from aibaars/cache-regExpSource
Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp
2022-03-04 13:38:11 +01:00
Taus
095f27f294 Python: Remove deprecated annotations 2022-03-04 12:30:26 +00:00
Geoffrey White
17cd4d86f1 Fix tests. 2022-03-04 12:27:48 +00:00
Taus
20710616c5 Python: Fix "use set literal" warnings 2022-03-04 12:26:36 +00:00
Geoffrey White
1cb104418f Update ExposureSensitiveInformationUnauthorizedActor.expected
Fix test.
2022-03-04 12:25:22 +00:00
Geoffrey White
a34a61c16f Update ExposureSensitiveInformationUnauthorizedActor.expected
Fix test.
2022-03-04 12:25:05 +00:00
Taus
821de636af Python: Remove redundant inline casts
These are all implied by the return type of the other side of the
equality.
2022-03-04 12:21:31 +00:00
Taus
74f0bdfc79 Python: Fix "unused disjunct" warnings
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.

Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
2022-03-04 12:14:57 +00:00
Mathias Vorreiter Pedersen
9a91e66714 Merge pull request #8321 from MathiasVP/improve-using-expired-address-query
C++: More TPs from `cpp/using-expired-stack-address`
2022-03-04 12:07:55 +00:00
Rasmus Lerchedahl Petersen
93750fe17f python: minimal CSRF implementation
- currectly only looks for custom django middleware
2022-03-04 12:47:23 +01:00
tombolton
2ffa6771ff replace endpoint type name with encoding in mapping query 2022-03-04 11:00:31 +00:00
Rasmus Wriedt Larsen
3f48916e95 Merge pull request #7915 from yoff/python/promote-xpath-injection
Python: promote XPath injection query
2022-03-04 11:59:39 +01:00
Rasmus Wriedt Larsen
f620e2599d Merge branch 'main' into py/add-ssrf-sinks 2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
e47f726e74 Python: Add change-note 2022-03-04 11:48:17 +01:00
Rasmus Wriedt Larsen
d86284bf32 Python: Update frameworks.rst 2022-03-04 11:48:06 +01:00
Rasmus Wriedt Larsen
75bc532d10 Python: Avoid toString usage :O 2022-03-04 11:41:22 +01:00
Rasmus Wriedt Larsen
866e615689 Python: Add PyPI links in qldocs 2022-03-04 11:40:03 +01:00
Joe Farebrother
6c05f7a81a remove url from sensitive info regex 2022-03-04 10:37:05 +00:00
Rasmus Wriedt Larsen
02a97b08bb Python: Move urllib and urllib2 to be part of stdlib modeling 2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77 Python: improve urllib3 modeling 2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179 Python: Fix httpx modeling 2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
56901ea841 Python: Make new SSRF sink modules private 2022-03-04 11:04:18 +01:00
Rasmus Wriedt Larsen
40feb1fb8d Python: SPURIOUS results for httpx 2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1 Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-03-04 10:56:53 +01:00
yoff
c514282d4a Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase
Python: Prevent magic/inlining in `getCase`
2022-03-04 10:53:20 +01:00
Tom Hvitved
c49ed559d6 Update csharp/ql/lib/change-notes/2022-03-03-recursive-qltest-extraction.md
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-03-04 10:49:42 +01:00
Rasmus Wriedt Larsen
ef045a6789 Python: Fix typo in set_default_parser 2022-03-04 10:18:30 +01:00
Rasmus Wriedt Larsen
1a9620a87a Python: Add conditional assignment check for sax parser 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54 Python: Fix huge_tree modeling 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434 Python: huge_tree tests were wrong
Nice spotted @jorgectf!
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
3cd165d5b7 Python: Apply suggestions from code review
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
2022-03-04 10:15:50 +01:00
Arthur Baars
cd5c71e85e Ruby: cache regExpSource/1 instead of isInterpretedAsRegExp 2022-03-04 10:15:22 +01:00
Erik Krogh Kristensen
934e06ca3b fix mistake in argumentPassing. The type-tracking was not required to be in an end state 2022-03-04 09:49:42 +01:00
Jonathan Leitschuh
7ab193dde2 Add System.getProperties().getProperty support 2022-03-03 20:08:38 -05:00
Jorge
683c2fa825 Apply suggestions from code review 2022-03-04 01:02:56 +01:00
Ahmed Farid
be7c619ca8 Update zipslip_bad.py 2022-03-04 00:48:45 +01:00
Dave Bartolomeo
952e495ef5 New SemanticExpr implementation
Cleans up SignAnalysis to reduce need for language-specific enhancements
2022-03-03 18:18:58 -05:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
Jonathan Leitschuh
31527a67e5 Refactor OS Checks & SystemProperty logic from review feedback 2022-03-03 17:15:35 -05:00
Jonathan Leitschuh
103c770ce7 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-03-03 16:39:45 -05:00
Rasmus Wriedt Larsen
3f6c55e8ae Python: Rename vulnerable predicate => vulnerableTo 2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
0d69dc854c Python: Minor qldoc improvement 2022-03-03 22:06:26 +01:00
Rasmus Wriedt Larsen
837daaae3b Python: Remove XMLParser concept 2022-03-03 22:04:48 +01:00
Rasmus Wriedt Larsen
df8e0fce68 Python: Minor fixup of qldoc 2022-03-03 22:02:48 +01:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
Rasmus Wriedt Larsen
c0a6f9f3fd Python: Restructure lxml modeling
and handle parser being passed as positional argument
2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a Python: Restructure modeling of xml.etree parsers 2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
a033b71eaf Python: Align QLdocs of XML modeling 2022-03-03 21:34:46 +01:00
Rasmus Wriedt Larsen
de0e67f327 Python: Restructure overall XML modeling 2022-03-03 21:31:15 +01:00
Rasmus Wriedt Larsen
46238d5ea0 Python: Add test for XMLPullParser
But handling this in a nice way will require some restructuring
2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437 Python: Support feed method of lxml/xml.etree Parsers 2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected
I had forgotten about this, but better late than never... also added a
small representative test
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972 Python: Handle more functions and kw-args 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817 Python: Port xml.sax tests 2022-03-03 21:18:18 +01:00
Harry Maclean
1181779c10 Merge pull request #7920 from github/hmac/string-flow-summaries
Ruby: Add String flow summaries
2022-03-04 09:09:19 +13:00
Rasmus Wriedt Larsen
5fb4c4d152 Python: Port xml.etree tests 2022-03-03 20:51:02 +01:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
Rasmus Wriedt Larsen
a7134cac2e Python: Port xml.dom tests 2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141 Python: Use concept tests for XML Parsing
I was loosing my mind from looking through those .expected files

Just going to take it one file at time, to make reviewing easier
2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
2022-03-03 19:35:33 +01:00
ihsinme
5d1dee24d4 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:54 +03:00
ihsinme
7b3546ea30 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:17 +03:00
ihsinme
625f74e9be Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/test.cpp 2022-03-03 20:01:24 +03:00
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00
ihsinme
e1c1f80f28 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 19:58:16 +03:00
ihsinme
b32be69e0a Update DangerousUseOfTransformationAfterOperation.expected 2022-03-03 19:55:30 +03:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Arthur Baars
b79d08523c Merge pull request #8293 from aibaars/regex-pattern-source
Ruby: parse more string literals as regular expressions
2022-03-03 17:35:40 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Arthur Baars
22b0697371 Update ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
2022-03-03 17:13:19 +01:00
Ahmed Farid
5e14d89714 Update ZipSlip.qll 2022-03-03 17:12:06 +01:00
tombolton
bd9e845aea update column names and remove encoding value 2022-03-03 15:59:10 +00:00
tombolton
f1f1526237 add query-sink mapping query 2022-03-03 15:20:06 +00:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Mathias Vorreiter Pedersen
bf10456bf5 C++: Add a path explanation to the 'cpp/using-expired-stack-address' query. 2022-03-03 13:55:00 +00:00
Mathias Vorreiter Pedersen
9df923a7c8 C++: Catch more true positives by stepping into calls in the 'cpp/using-expired-stack-address' query. 2022-03-03 13:53:09 +00:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests
And add annotations, see PoC.py for reference

Some of these needs fixing though
2022-03-03 14:40:45 +01:00
Tom Hvitved
0c2551079a C#: Add change note about recursive codeql test run extraction 2022-03-03 14:32:55 +01:00
Tom Hvitved
9d6d479fba Add missing QL doc 2022-03-03 14:17:41 +01:00
Geoffrey White
6848b6095b C++: Autoformat. 2022-03-03 12:51:54 +00:00
Rasmus Wriedt Larsen
3c321dd98d Python: Model lxml.etree.get_default_parser in own class 2022-03-03 13:49:17 +01:00
Rasmus Wriedt Larsen
52891cb476 Python: Add PoC for XML vulns 2022-03-03 13:48:46 +01:00
Joe Farebrother
4ad402f33f Move from experimental to main 2022-03-03 12:13:14 +00:00
Tom Hvitved
ba6ff88d05 Sync files 2022-03-03 12:30:50 +01:00
Tom Hvitved
b23ab8089a Ruby: Clear call contexts after jump steps in type tracking 2022-03-03 12:29:47 +01:00
Geoffrey White
5c6923c099 C++: Improve and differentiate the qhelp. 2022-03-03 11:04:55 +00:00
Geoffrey White
88b7a085b0 C++: Make the bulk of test cases in tests.cpp more relevant. 2022-03-03 10:40:17 +00:00
Geoffrey White
07b4bf7023 C++: Use the same trick as in ExposedSystemData to catch a few more results. 2022-03-03 10:33:39 +00:00
Geoffrey White
6e5729c924 C++: Fix typo and adjust violation message wording. 2022-03-03 10:28:53 +00:00
Geoffrey White
9e193f624c C++: Change note. 2022-03-03 09:55:02 +00:00
Rasmus Wriedt Larsen
661d8bf553 Python: Better handling of resolve_entities arg in lxml 2022-03-03 10:05:57 +01:00
Rasmus Wriedt Larsen
515b824b3c Python: Add lxml positive test 2022-03-03 09:42:19 +01:00
Jeroen Ketema
f80372b837 C++: Update the DB scheme stats file 2022-03-03 09:02:37 +01:00
Jeroen Ketema
3fc2f2f3dc Merge pull request #8309 from jketema/taint-join-order
C++: Fix join order in the IR dataflow library
2022-03-03 09:00:42 +01:00
ihsinme
01f9114a80 Update test.cpp 2022-03-03 10:57:11 +03:00
ihsinme
bec4170bdf Update ImproperCheckReturnValueScanf.expected 2022-03-03 10:39:19 +03:00
ihsinme
8e0c0ad200 Update test.cpp 2022-03-03 10:37:31 +03:00
ihsinme
25b3aba823 Update test.cpp 2022-03-03 10:21:38 +03:00
ihsinme
2dc85e183c Update test.cpp 2022-03-03 10:20:41 +03:00
ihsinme
547342cd61 Update test.cpp 2022-03-03 10:16:00 +03:00
ihsinme
1a30b8d467 Apply suggestions from code review
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-03 10:14:22 +03:00
Jeroen Ketema
2fd950caad C++: Fix join order in the IR dataflow library
Not having this fixed caused problems when updating the database
scheme stats file.
2022-03-03 07:42:52 +01:00
Jonathan Leitschuh
fea50065f5 Fix duplicated comment 2022-03-02 19:54:04 -05:00
Jonathan Leitschuh
85de9f305e Fix naming of OSCheck method 2022-03-02 19:41:46 -05:00
Jonathan Leitschuh
a7adbb7291 Refactor more system property access logic 2022-03-02 19:33:05 -05:00
Harry Maclean
4a43731b83 Ruby: Use SimpleSummarizedCallable
This simplifies some String flow summaries.
2022-03-03 10:49:44 +13:00
Robert Marsh
9fb94d85b4 C++: performance tweaks for InsufficientKeySize 2022-03-02 15:59:42 -05:00
Arthur Baars
692fc4cb02 Update ruby/ql/lib/change-notes/2022-02-28-regex-string-literals.md
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-03-02 21:13:23 +01:00
Jonathan Leitschuh
3c53a05e16 Add OS Checks based upon separator or path separator 2022-03-02 14:15:56 -05:00
Geoffrey White
2a14a4f14e C++: Fill in metadata. 2022-03-02 18:52:52 +00:00
Geoffrey White
66b9356eb9 C++: There is no overlap between OutputWrite and RemoteFlowSinkFunction. 2022-03-02 18:16:39 +00:00
Geoffrey White
a1ace7122d C++: Move SystemData class into a library. 2022-03-02 18:01:06 +00:00
Geoffrey White
70e4a409fd C++: Add the new query to tests. 2022-03-02 17:56:53 +00:00
Geoffrey White
d95b56fca0 C++: Create prototype query. 2022-03-02 17:56:49 +00:00
Jonathan Leitschuh
82d3cd8924 Improve system property lookup 2022-03-02 12:51:15 -05:00
Jonathan Leitschuh
dad9a02fbd Update TempDirInfoDisclosure with new OS Guards 2022-03-02 12:51:15 -05:00
Jonathan Leitschuh
5913c9acad Refactor OS Guard Checks 2022-03-02 12:51:14 -05:00
Jonathan Leitschuh
fd63107edf Update OS Check from Review Feedback 2022-03-02 12:51:12 -05:00
Jonathan Leitschuh
9f5022ee95 Review fixup and add test for apache SystemUtils 2022-03-02 12:50:38 -05:00
Jonathan Leitschuh
49513443f2 Update java/ql/lib/semmle/code/java/os/OSCheck.qll
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
3cdfc00542 Cleanup from review feedback 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
39828fd596 Apply OS guard checks to TempDirLocalInformationDisclosure 2022-03-02 12:50:37 -05:00
Jonathan Leitschuh
cd073a2173 Java: Add Guard Classes for checking OS 2022-03-02 12:50:35 -05:00
Geoffrey White
67aa1449ce C++: Add some more test cases (moved from the private repo). 2022-03-02 17:23:07 +00:00
Ahmed Farid
c45b67c316 Create zipslip_good.py 2022-03-02 18:10:24 +01:00
Ahmed Farid
aef1df122b Create zipslip_bad.py 2022-03-02 18:09:45 +01:00
Ahmed Farid
c8f73ec845 Create ZipSlip.qlref 2022-03-02 18:08:32 +01:00
Rasmus Lerchedahl Petersen
6946ae931a python: missed a spot.. 2022-03-02 17:12:48 +01:00
Geoffrey White
19718fa280 C++: Add a couple of new test cases. 2022-03-02 15:18:04 +00:00
Geoffrey White
da740cfa05 C++: Test layout. 2022-03-02 15:18:04 +00:00
Michael Nebel
b39f383d45 Merge pull request #8230 from michaelnebel/csharp/autobuilder-buildless
C#: Buildless extractor option.
2022-03-02 15:53:02 +01:00
Rasmus Wriedt Larsen
7f7758b83d Python: rewrite xml sax modeling 2022-03-02 15:22:11 +01:00
Rasmus Wriedt Larsen
6dd776b2de Python: Only produce one alert per vulnerable XML sink
This made it much easier to debug the current alerts on tests at least.

Notice that it's important that we have `strictconcat` and not just
`concat`, since `concat` will also allow flow to sinks that are not
vulnerable to any kind of XML vulnerability :|
2022-03-02 15:22:11 +01:00
Michael Nebel
938902dc89 C#: Include example fragment in the release note on, how to invoke the extractor with the optional parameter. 2022-03-02 14:28:25 +01:00
Michael Nebel
fc89888c74 C#: Add pattern that only accepts 'true' and 'false' as the buildless option. 2022-03-02 14:28:21 +01:00
Michael Nebel
c5ddf6110f C#: Address review comments (change description to use true/false instead of yes/no). 2022-03-02 14:27:45 +01:00
Rasmus Wriedt Larsen
16e482bf6f Python: Improve QLDoc for XML parsing/parsers 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
aaf55b21c4 Python: Add XMLVulnerabilityKind
This gives some freedom in changing the name presented, and not worrying about whether you have made a typo that makes everything break :|
2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
ee23c05489 Python: XML: Expose vuln kind on sink 2022-03-02 14:25:12 +01:00
Michael Nebel
8d9999a8c4 C#: Change note describing the buildless extractor option. 2022-03-02 14:25:11 +01:00
Michael Nebel
3859b62554 C#: Autobuilder should use standalone in case buildless options is provided. 2022-03-02 14:25:11 +01:00
Michael Nebel
c973693bee C#: Introduce buildless extractor option. 2022-03-02 14:25:06 +01:00
Rasmus Wriedt Larsen
500e0aced6 Python: Rewrite sax XML tests
The tests for type-trackers were not that interesting, since they did
not have XML input in both cases, which is the problem we were trying
hard to solve.

I did keep the test-case of not-user-supplied url alive as well though
👍

I added OK/NOT OK annotations.

Notice that we report all 4 kinds of vulnerabilities on line 93
2022-03-02 14:24:46 +01:00
Michael Nebel
fff42501fc Merge pull request #8167 from michaelnebel/csharp/extractor-option-compress
C# Extractor Option for specifying compression.
2022-03-02 14:22:52 +01:00
Michael Nebel
23fbfbc3b7 C#: Performance optimization of the GVN implementation. 2022-03-02 13:48:33 +01:00
Michael Nebel
a0a2cde6fa C#: Update relase note to include example fragment on, how to invoke the extractor with the optional parameter. 2022-03-02 13:17:20 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts
to prepare for XXE and other XML related modelling
2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
80be767a7a python: implement stdlib xpath support 2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen
06e0f140c5 python: add tests for stdlib xpath 2022-03-02 12:58:37 +01:00
Erik Krogh Kristensen
62f2614f72 move hasDominatingWrite to the TypeTracking stage 2022-03-02 11:30:05 +01:00
Erik Krogh Kristensen
1db6a644a5 only block flow for dominated reads when the property name is known 2022-03-02 11:30:05 +01:00
Erik Krogh Kristensen
a9062cc047 merge hasDominatingWrite and hasDominatingAssignment 2022-03-02 11:30:05 +01:00
Mathias Vorreiter Pedersen
3681a1b736 Merge pull request #7933 from geoffw0/cwe497
C++: Improve cpp/system-data-exposure
2022-03-02 10:18:01 +00:00
Mathias Vorreiter Pedersen
71cd507f89 Merge pull request #8298 from MathiasVP/filter-bad-conversions-in-cpp-gvn
C++: Fix `GVN` performance on more invalid IR
2022-03-02 10:14:19 +00:00
Michael Nebel
53b2eac8c5 C#: Remove (symmetric) duplicates from the test output. 2022-03-02 09:44:51 +01:00
Michael Nebel
38f04e5585 C#: Flatten the the Gvn type. 2022-03-02 09:44:51 +01:00
Michael Nebel
6b4dea780f C#: Introduce caching of the Gvn related types and the toGvn predicate. 2022-03-02 09:44:51 +01:00
Michael Nebel
796a18043b C#: Add testcase for GVN printing. 2022-03-02 09:44:51 +01:00
Michael Nebel
7e25b141ca C#: Add test cases for finding structurally equivalent control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
52952e98bf C#: Example source code with structurally same expressions and statements. 2022-03-02 09:44:51 +01:00
Michael Nebel
4499551ca4 C#: Add a verbatim copy of the structural comparison for internal use only. 2022-03-02 09:44:51 +01:00
Michael Nebel
16270cf57f C#: Add configuration class to allow defining a candidate pairs of control flow predicates, where we want to look for structural equality. 2022-03-02 09:44:51 +01:00
Michael Nebel
87cb92a434 C#: Add predicates for restricting the Gvn type and the relation between control flow elements and global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
8bd12b23e2 C#: Add type(s) for representing global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
cc5d56547c C#: Add type Global value number kinds for control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
8179e247bf C#: Delete the existing structural comparison implementation. 2022-03-02 09:44:51 +01:00
ihsinme
9e76260f1d Update DangerousUseOfTransformationAfterOperation.ql 2022-03-02 10:38:57 +03:00
ihsinme
f5267ba8c6 Update DangerousUseOfTransformationAfterOperation.qhelp 2022-03-02 10:24:40 +03:00
Harry Maclean
37dac186a8 Ruby: String.try_convert isn't value-preserving
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
2022-03-02 13:31:59 +13:00
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private
Ruby: ApiGraphs: use private imports
2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp
check-qhelp: call super init in IncludeHandler
2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
2022-03-01 16:50:55 +01:00
Rasmus Wriedt Larsen
518e2aeebf Merge branch 'main' into jorgectf/python/deserialization 2022-03-01 16:47:13 +01:00
Rasmus Wriedt Larsen
2309f67e9b Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-03-01 15:50:21 +01:00
Rasmus Wriedt Larsen
27d5349a74 Python: ORM: Remove imports from test code
These are no longer needed, as data-flow now has this import by default
2022-03-01 15:39:52 +01:00
Rasmus Wriedt Larsen
a1c7ec8c6d Python: Accept .exepcted changes from importing frameworks from data-flow
Since `python.qll` has `private import
semmle.python.dataflow.new.DataFlow`, that means that all tests now
implicitly imports the frameworks modeling, and therefore any python
class is part of the DjangoViewClassHelper ql class.

de8ecb214f/python/ql/lib/python.qll (L44)
2022-03-01 15:37:16 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
ihsinme
a6654fce4a Update ImproperCheckReturnValueScanf.ql 2022-03-01 16:37:29 +03:00
ihsinme
e9fefab9b1 Update test.cpp 2022-03-01 16:36:24 +03:00
ihsinme
bfec3c5e6e Update ImproperCheckReturnValueScanf.expected 2022-03-01 16:35:31 +03:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll
Co-authored-by: Taus <tausbn@github.com>
2022-03-01 14:16:49 +01:00
Asger Feldthaus
df379809df Ruby: support CSV rows of form ;any;Method[foo] 2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b Ruby: add test for API::EntryPoint 2022-03-01 14:08:21 +01:00
Asger Feldthaus
bf83400bd2 Ruby: port API::EntryPoint from JS 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e10e3b9466 Ruby: convert ActiveStorage::Filename model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e6a3747656 Ruby: add test for ActiveStorage.Filename.new 2022-03-01 14:08:21 +01:00
Asger Feldthaus
70c083fa64 Ruby: convert Regexp.escape model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
cbd044a768 Ruby: add a code injection test for flwo through Regexp.escape 2022-03-01 14:08:21 +01:00
Asger Feldthaus
63e7c16d6b Ruby: add test with sinks and type-defs 2022-03-01 14:08:20 +01:00
Asger Feldthaus
388949f12e Ruby: support WithBlock and WithoutBlock 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d6bc9c259e Ruby: add simple test case 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d808bdc028 JS: Sync ApiGraphModels.qll 2022-03-01 14:08:20 +01:00
Asger Feldthaus
a33e89279d Ruby: instantiate ApiGraphModels library in Ruby 2022-03-01 14:08:20 +01:00
Arthur Baars
ea8187c771 Ruby: .github/workflows/ruby-qltest.yml: turn off fail-fast 2022-03-01 13:30:56 +01:00
Arthur Baars
b2745d44f2 Ruby: update ReDoS.expected 2022-03-01 13:30:56 +01:00
Arthur Baars
61fa3ba314 Add change note 2022-03-01 13:30:56 +01:00
Arthur Baars
a51f17e0ed Ruby: introduce RegExpPatternSource 2022-03-01 13:30:51 +01:00
Arthur Baars
1240c11c4b Ruby: parse some string literals as regex
In addition to regex literals, also parse normal string literals
as regular expressions if they somehow "flow" into a method call
that is known to interpret string values as regular expressions.
2022-03-01 13:26:51 +01:00
Geoffrey White
5402b02fd7 Merge branch 'main' into cwe497 2022-03-01 11:58:24 +00:00
Mathias Vorreiter Pedersen
52dbf2c787 C#/C++: Sync identical files. 2022-03-01 11:50:50 +00:00
Mathias Vorreiter Pedersen
b6faa207a4 C++: Remove redundant cast. 2022-03-01 11:50:44 +00:00
Mathias Vorreiter Pedersen
93bd380838 C#/C++: Sync identical files. 2022-03-01 11:37:19 +00:00
Mathias Vorreiter Pedersen
6b324fb781 C++: Filter out InheritanceConversionInstructions with multiple base or derived classes when doing global value numbering. 2022-03-01 11:34:41 +00:00
Rasmus Wriedt Larsen
cd58c12bbe Merge branch 'main' into orm 2022-03-01 12:01:54 +01:00
Michael Nebel
8312fc6895 C#: Use groups and rename to trap.compression instead. Various changes to description to align with Ruby. 2022-03-01 12:01:44 +01:00
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2
Post-release preparation for codeql-cli-2.8.2
2022-03-01 11:57:36 +01:00
Rasmus Wriedt Larsen
98c60a706e Python: Autoformat
Oops
2022-03-01 11:54:09 +01:00
Tamás Vajk
30c80622ed Merge pull request #699 from github/post-release-prep/codeql-cli-2.8.2
Post-release preparation for codeql-cli-2.8.2
2022-03-01 11:44:45 +01:00
Rasmus Wriedt Larsen
e32f8d98b0 Python: Always import ORM steps for data-flow
For C#, see
fdd787b89c/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll (L16)

that import EntityFramework, which is ORM library.
2022-03-01 11:32:36 +01:00
Rasmus Wriedt Larsen
eece2222ba Merge pull request #8252 from github/RasmusWL/debugging-dataflow-improvements
Docs: Mention `hasPartialFlowRev` and performance problem
2022-03-01 11:27:57 +01:00
Erik Krogh Kristensen
dfc74d728b fix duplicate words in qldoc 2022-03-01 11:22:58 +01:00
Erik Krogh Kristensen
1b5c7392f0 restrict the size of the getASubexpressionWithinQuery predicate, and remove double-recursion 2022-03-01 11:18:42 +01:00
Erik Krogh Kristensen
bdd07de7ed improve performance of getTestFile by finding possible test files first 2022-03-01 11:18:22 +01:00
Erik Krogh Kristensen
51482e4fcf Merge pull request #8295 from erik-krogh/ts46
JS: Add support for TypeScript 4.6
2022-03-01 11:09:02 +01:00
Michael Nebel
7522a2d248 Merge pull request #7832 from aschackmull/java/modelgen
Java: Simplify model generator query using flow state.
2022-03-01 10:57:07 +01:00
Rasmus Lerchedahl Petersen
ce3ee65f47 python: remove getTree for now 2022-03-01 10:49:21 +01:00
Rasmus Wriedt Larsen
f3f2c3183e Docs: Apply suggestions from code review
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
2022-03-01 10:45:24 +01:00
Mathias Vorreiter Pedersen
1f01d8014e Merge pull request #8225 from jketema/ir-structured-bindings-translation
C++: Update the IR translation for structured bindings
2022-03-01 09:43:35 +00:00
yoff
853857bd7e Apply suggestions from code review
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-03-01 10:26:29 +01:00
ihsinme
be11e4fc2d Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-03-01 12:25:57 +03:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Arthur Baars
7e6ef7ac74 Ruby: ApiGraphs: use private imports 2022-03-01 10:24:19 +01:00
github-actions[bot]
dd3fc2d477 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:17 +00:00
Erik Krogh Kristensen
4c58f9781b add support for TypeScript 4.6 2022-03-01 09:56:21 +01:00
Mathias Vorreiter Pedersen
3719353338 Merge pull request #8172 from github/redsun82/pre-commit
add pre-commit configuration
2022-03-01 08:54:54 +00:00
Erik Krogh Kristensen
2b7c819135 fix extension of change-note 2022-03-01 09:54:19 +01:00
Michael Nebel
7bde1cbfb3 Java: Add case for Synthetic Fields in isRelevantTaintStep. 2022-03-01 09:15:01 +01:00
ihsinme
d772ea0efe Apply suggestions from code review
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-03-01 10:49:36 +03:00
ihsinme
bc22b9b208 Update test.cpp 2022-03-01 09:43:15 +03:00
ihsinme
c6083a6f95 Apply suggestions from code review
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-03-01 09:37:57 +03:00
Ahmed Farid
70c0c7e461 Update zipslip_bad.py 2022-03-01 00:24:33 +01:00
Ahmed Farid
85bcaa96ce Update Concepts.qll 2022-03-01 00:23:06 +01:00
Ahmed Farid
c22b032bbe Update Zip.qll 2022-03-01 00:11:33 +01:00
Ahmed Farid
67d3498891 Update ZipSlip.ql 2022-03-01 00:07:37 +01:00
Ahmed Farid
b29936716d Update Frameworks.qll 2022-03-01 00:06:22 +01:00
Ahmed Farid
76bd3317eb Create Zip.qll 2022-03-01 00:05:30 +01:00
Ahmed Farid
abe25da3df Create ZipSlip.qll 2022-03-01 00:04:02 +01:00
Ahmed Farid
3eae13161f Delete ZipSlipCheckLib.ql 2022-03-01 00:01:34 +01:00
Ahmed Farid
21f6ad5190 Update and rename ZipSlipCheck.ql to ZipSlip.ql 2022-03-01 00:01:06 +01:00
Tamas Vajk
1538e89bd9 Use generate-report.py from base SHA 2022-02-28 20:36:23 +01:00
Tamas Vajk
bd30c63aa1 Fix expected file comparer to handle missing files better in MaD workflows 2022-02-28 20:16:20 +01:00
Tamas Vajk
714659c706 Change cp to mv in CSV coverage PR job 2022-02-28 20:07:23 +01:00
Jeroen Ketema
0c2cfa1307 C++: Add comment on the existence of reference types 2022-02-28 19:14:54 +01:00
Arthur Baars
5ce6b847d1 Merge pull request #8166 from aibaars/regex-char-sequence-1
Ruby/Python: regex parser: group sequences of 'normal' characters
2022-02-28 17:47:53 +01:00
Tamás Vajk
d3e36038a0 Merge pull request #8152 from tamasvajk/fix/useless-dynamic-cast
C# Exclude dynamic casts from useless casts check
2022-02-28 17:00:28 +01:00
Michael Nebel
24640c3670 Java: Make a testcase for wrappers of sources. 2022-02-28 16:57:36 +01:00
Michael Nebel
66fe0e74b5 Java: Don't require that the source is directly within the TargetApi itself (in that case wrappers get excluded). 2022-02-28 16:48:23 +01:00
Michael Nebel
4a0b2b64b3 Java: Explicitly tie ReturnNode to TargetApi before calling returnNodeAsOutput. 2022-02-28 16:48:23 +01:00
Tom Hvitved
44949b6353 Java: Add bindingset to returnNodeAsOutput 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
908cc40c9f Java: Fix bug in model flow sanitizer. 2022-02-28 16:48:23 +01:00
Anders Schack-Mulligen
16a5ccddea Java: Simplify model generator query using flow state. 2022-02-28 16:48:23 +01:00
Rasmus Wriedt Larsen
8afd560c64 Python: ORM: Handle load of PolymorphicModels 2022-02-28 16:38:41 +01:00
Rasmus Wriedt Larsen
48fba87273 Python: ORM: add flow to base-class 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
6b9dd49499 Python: ORM: Model polymorphic.models.PolymorphicModel as Django ORM class 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
e1191cf63c Python: ORM: Add tests for inheritance 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
092cfceb18 Python: Add dataflow consistency checks to ORM tests
Luckily they passed :phew:
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
d7ff00e615 Python: Add change-note 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ed36ff1570 Python: ORM: Handle <Model>.objects.[<QuerySet>].update() 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
fea46b642d Python: ORM: Handle <Model>.objects.create and friends 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
9b458b54aa Python: ORM: Add flow to collection/dict queries 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
9cff4cbd1c Python: ORM: Add a few more tests
There were a few methods I had overlooked
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ae057c74cc Python: ORM: Store step for constructor 2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
f8a51bb994 Python: ORM: Add data-flow steps for Django ORM
Added dummy-whitespace to `orm_security_tests.py` so it would be
possible to see what the reflected XSS results are in the diff
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
ef39968a56 Python: ORM: Add data-flow plumbing for ORM modeling
The idea is that we will do `save ==> synthetic`
and `synthetic ==> load`, so we don't need to do CP between save/load.

This setup with synthetic node in the middle, also allows for a limited
amount of the field-flow we can do with real flow-summary support.
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
d3f07cdc10 Python: ORM: Add qltests
Which shows that there is no flow yet, which is not really a surprise :D
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
c78fed6594 Python: ORM: Add raw python test files
no ql test files yet though, will come in next commit.
2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen
f89fb50eb5 Python: ORM: Add boilerplate django project
By doing

```
django-admin startproject testproj
django-admin startapp testapp
```
2022-02-28 16:38:40 +01:00
yoff
d953382df9 Merge pull request #7807 from RasmusWL/dataflow-improvements
Python: Dataflow improvements
2022-02-28 16:24:00 +01:00
Jeroen Ketema
497991b6b1 C++: Improve change note 2022-02-28 16:08:23 +01:00
Erik Krogh Kristensen
5130929358 remove comment suggesting that the receiver is parameter -1 2022-02-28 15:25:34 +01:00
Erik Krogh Kristensen
843ed8fca5 rename pw to aw
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-02-28 15:25:25 +01:00
Tom Hvitved
5cba505514 Merge pull request #8284 from hvitved/csharp/move-csharp9-standalone-tests
C#: Move C# 9 standalone tests
2022-02-28 15:15:47 +01:00
Tamas Vajk
efb876192f Add change note 2022-02-28 14:58:59 +01:00
Tamas Vajk
4748d2c6e2 C# Exclude dynamic casts from useless casts check 2022-02-28 14:58:59 +01:00
Ian Lynagh
1e62b485a5 Merge pull request #8241 from igfoo/igfoo/stats4
Java: Update stats and make some performance tweaks
2022-02-28 12:58:06 +00:00
Tom Hvitved
4ecd843c05 C#: Move C# 9 standalone tests 2022-02-28 13:43:20 +01:00
haby0
be40b54b9f add test 2022-02-28 20:34:58 +08:00
Geoffrey White
2b0d473072 C++: Remove this query from exclude-slow-queries.yml. 2022-02-28 12:18:11 +00:00
Rasmus Wriedt Larsen
0e0f159891 Python: Use Python 3 for investigation tests
Apparently there are minor differences with `test-6-max-import-depth-2`
where under Python 2 `isfile_no_problem.py` still works as before
2022-02-28 11:33:31 +01:00
Rasmus Wriedt Larsen
01d426dc58 Python: Replace rest of from testlib import *
I think we should write our tests in a way that puts points-to in the
best condition to resolve calls. Although this specific change did not
change much, it should help set us up for success in the future 👍
2022-02-28 10:58:44 +01:00
Rasmus Wriedt Larsen
ead0b658d2 Python: Fix fieldflow tests by increasing max-import-depth 2022-02-28 10:58:44 +01:00
Rasmus Wriedt Larsen
a0d1cea490 Python: Add investigation of field-flow problem
TL;DR; we used a too low value for `--max-import-depth` :(
2022-02-28 10:58:44 +01:00
haby0
b23e28a1e6 add Server-side Request Forgery sinks 2022-02-28 15:24:02 +08:00
Alex Ford
6ddacce27a Ruby: Add OrmWriteAccess concept changenote 2022-02-28 01:18:39 +00:00
Alex Ford
63ef9a75c9 Ruby: model OrmWriteAccesses for ActiveRecord 2022-02-28 01:18:39 +00:00
Alex Ford
b1fd321b65 Ruby: update Rails framework test output for existing tests 2022-02-28 01:13:26 +00:00
Alex Ford
283a48c76d Ruby: tests for OrmWriteAccess 2022-02-28 01:12:49 +00:00
Alex Ford
8c6c680a28 Ruby: Add OrmWriteAccess concept 2022-02-28 01:11:40 +00:00
Jeroen Ketema
e40c51cc83 C++: Add documentation for TranslatedStructuredBindingVariableAccess 2022-02-27 21:13:48 +01:00
Jeroen Ketema
0a4d8132e6 C++: Consistently use getUnspecifiedType in structured binding IR translation 2022-02-27 21:13:48 +01:00
Jeroen Ketema
4ffbc2d148 C++: Ensure we use lvalue reference types for structured bindings
This also adds a test for rvalue reference uses in the tuple
structured binding case.
2022-02-27 21:13:48 +01:00
Jeroen Ketema
074577b539 C++: Refactor IR structured binding tuple test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
edaabf8fdf C++: Add structured bindings IR change note 2022-02-27 21:13:48 +01:00
Jeroen Ketema
6515e77c0e C++: Generate additional loads for non-reference structured bindings 2022-02-27 21:13:48 +01:00
Jeroen Ketema
eebfbc12a0 C++: Add structured bindings struct as data member test case 2022-02-27 21:13:48 +01:00
Jeroen Ketema
5814349fd8 C++: Give names in structured binding declarations correct IR types 2022-02-27 21:13:48 +01:00
Jeroen Ketema
73f0366dc6 C++: Add typedef'ed reference structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
91659af4d4 C++: Add array data member structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
ec05942693 C++: Use unnamed_local_variable in array structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
437a85dec7 C++: Add pointer related structured binding tests 2022-02-27 21:13:48 +01:00
Ahmed Farid
c207294dfc Update zipslip_good.py 2022-02-26 18:31:22 +01:00
Ahmed Farid
d0d14be693 Update ZipSlip.qhelp 2022-02-26 18:25:13 +01:00
luchua-bc
88d9694628 Query to detect insecure WebResourceResponse implementation 2022-02-26 02:03:35 +00:00
Chris Smowton
958fd9b3ea Merge pull request #7867 from ahmed532009/timing-attacks
Java: Timing attacks while comparing the headers value
2022-02-25 21:55:13 +00:00
Chris Smowton
f981fee37d Adjust test expectation 2022-02-25 20:05:06 +00:00
Chris Smowton
ff5d680837 Add missing substitution description 2022-02-25 19:12:25 +00:00
Ian Lynagh
0bf1370cd5 Java: Autoformat QL 2022-02-25 19:08:08 +00:00
Alexander Eyers-Taylor
d38cd4a0d7 Merge pull request #8156 from alexet/alexet/expression-pragma-doc
QLSpeciifcation: Add documentation for expression pragmas
2022-02-25 18:59:49 +00:00
Arthur Baars
0c23f5815f Add change note 2022-02-25 18:43:43 +01:00
Arthur Baars
5044f89105 Ruby/Python re-introduce normalCharacterSequence 2022-02-25 18:43:43 +01:00
Chris Smowton
8fbd8c52dd Fix test expectations 2022-02-25 17:35:52 +00:00
Chris Smowton
ff303db034 Autoformat and fix qhelp 2022-02-25 17:33:08 +00:00
Chris Smowton
303927c9c9 Fix qhelp 2022-02-25 17:33:08 +00:00
Chris Smowton
e02a3d0ddd Rename qlref file 2022-02-25 17:33:08 +00:00
Ahmed Farid
3a2d514b18 Create ComparingValueOfSensetiveHeader.qlref 2022-02-25 17:33:08 +00:00
Ahmed Farid
0d278f6d61 Create Test.java 2022-02-25 17:33:08 +00:00
Ahmed Farid
1bc5fe13eb Update and rename java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader.expected to java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Ahmed Farid
63133f7e8b Update TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Ahmed Farid
f2457dafb5 Create TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Ahmed Farid
35abc3f9a3 Update and rename ComparingValueOfSensetiveHeader.java to Test.java 2022-02-25 17:33:08 +00:00
Chris Smowton
091227982c Delete unnecessary test files 2022-02-25 17:33:08 +00:00
Ahmed Farid
899b8d03b2 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
308f86f66f Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
2eee6b4f69 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
7859288040 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
d83444cb18 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
e79c0eaa71 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
36cf1010f8 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
8e6f76d47a Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
Ahmed Farid
fa8af6bf70 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:07 +00:00
Ahmed Farid
19d0e1f4a7 Create ComparingValueOfSensetiveHeader.qlref 2022-02-25 17:33:07 +00:00
Ahmed Farid
f96e47db09 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
Ahmed Farid
09e054ace6 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
Ahmed Farid
f758ed0d85 Update ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
4a9ee5826d Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
6da9bc593f Rename csrfComparison.java to ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
a0a1c587e5 Create ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
ahmed532009
aa488e532f Update csrfComparison.java 2022-02-25 17:33:07 +00:00
Chris Smowton
333130b2a4 Abbreviate isSink 2022-02-25 17:33:07 +00:00
Chris Smowton
80a2b388bf Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:07 +00:00
ahmed532009
fa81f43694 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
39e07cbc9c Update and rename UnsafecsrfComparison.java to csrfComparison.java 2022-02-25 17:33:06 +00:00
ahmed532009
c6c67b907b Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
98b06d35af Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
ahmed532009
bf95e59b24 Update TimingAttackAgainstHeader.qhelp 2022-02-25 17:33:06 +00:00
ahmed532009
ab6a7bb3d8 Update TimingAttackAgainstHeader.ql 2022-02-25 17:33:06 +00:00
root
49feeb1c36 Timing attacks while comparing the headers value 2022-02-25 17:33:06 +00:00
Erik Krogh Kristensen
4fba5e4dfb step through parentheses in barrier functions 2022-02-25 17:47:12 +01:00
Alexander Eyers-Taylor
6b9ccd6e91 QLSpec: Apply suggestions from code review
Co-authored-by: Jonas Jensen <jbj@github.com>
2022-02-25 15:34:43 +00:00
Rasmus Wriedt Larsen
f988e1f0d8 Python: Improve field-flow by removing import *
Since that apparently impacts call graph resolution with points-to :O

Also interesting that global flow was only not working for those cases
because of the tricky ifs... still need to 100% figure out how those ifs
are messing up the analysis :|
2022-02-25 16:01:08 +01:00
Rasmus Wriedt Larsen
999af15bd5 Python: Show unresolved calls for field-flow tests 2022-02-25 15:58:07 +01:00
Taus
622b32692b Python: Prevent magic/inlining in getCase
This is a simplified version of
https://github.com/github/codeql/pull/8028
consisting of just the `nomagic` fix.
2022-02-25 14:32:59 +00:00
yoff
8b926f6859 Merge pull request #7873 from RasmusWL/fix-attribute-taint
Python: Fix attribute taint
2022-02-25 15:02:24 +01:00
Rasmus Wriedt Larsen
2d0034c40d Python: Replicate global field-flow failures 2022-02-25 14:14:00 +01:00
Asger F
a8bfebaeb6 Merge pull request #8149 from asgerf/shared/use-shared-access-path-syntax
Shared: use shared access path syntax to parse arguments in CSV rows
2022-02-25 14:04:18 +01:00
CodeQL CI
0f125d1e8a Merge pull request #8234 from asgerf/ruby/meta-queries
Approved by nickrolfe
2022-02-25 12:46:15 +00:00
Rasmus Wriedt Larsen
faaa63a73c Python: Ensure no cross-talk in global tests
By giving all variables unique names

I also added a comment with the function name from the normal tests, so
its' easily visible what these tests are testing
2022-02-25 13:41:51 +01:00
Rasmus Wriedt Larsen
0642610ee9 Python: Global flow works when in own file???
This is very suspicious
2022-02-25 13:36:00 +01:00
Rasmus Wriedt Larsen
d83a9ef8d3 Python: Fix global field-flow for validTest.py 2022-02-25 13:35:43 +01:00
yoff
e1c2f46092 Merge pull request #8200 from RasmusWL/debug-partial-flow-snippet
Python: Add `debug partial flow` snippet
2022-02-25 12:41:12 +01:00
Arthur Baars
9d9abaf1f9 Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-02-25 12:27:20 +01:00
Pierre
f047707ef3 Merge pull request #8251 from github/turbo-java-17-python-310
Update supported Java and Python versions
2022-02-25 12:19:01 +01:00
Chris Smowton
011248e686 Merge pull request #7774 from smowton/smowton/admin/test-annotation-inheritence
Add test checking that inheritence is noticed even with annotations present
2022-02-25 11:15:21 +00:00
Rasmus Wriedt Larsen
49dbb8cae7 Docs: Mention hasPartialFlowRev and performance problem
The things that I mentioned in https://github.com/github/codeql/pull/6502#issuecomment-901087620 that never got into the document 😳
2022-02-25 11:22:20 +01:00
Pierre
9e27675554 Update supported Java and Python versions 2022-02-25 11:12:01 +01:00
Mathias Vorreiter Pedersen
dfd30e46b0 Merge pull request #8227 from geoffw0/319improve
C++: Promote cpp/non-https-url
2022-02-25 08:48:44 +00:00
ihsinme
ffdca61f9a Add files via upload 2022-02-25 11:20:23 +03:00
ihsinme
74f8145970 Add files via upload 2022-02-25 11:18:38 +03:00
ihsinme
0c8a07218c Add files via upload 2022-02-25 11:16:05 +03:00
ihsinme
bddb5fd9f9 Add files via upload 2022-02-25 11:14:20 +03:00
ihsinme
a9a2ca3850 Add files via upload 2022-02-25 11:09:25 +03:00
ihsinme
025701170e Add files via upload 2022-02-25 11:07:48 +03:00
ihsinme
3d1f4d5499 Merge pull request #1 from github/main
up to head
2022-02-25 11:04:55 +03:00
Robert Marsh
a60fe9f4b8 C++: exclude 0 earlier in InsufficientKeySize 2022-02-24 14:26:37 -05:00
Tamás Vajk
3125f49853 Merge pull request #698 from github/release-prep/2.8.2
Release preparation for version 2.8.2
2022-02-24 20:08:04 +01:00
Tamás Vajk
17fbbdba34 Merge pull request #8233 from github/release-prep/2.8.2
Release preparation for version 2.8.2
2022-02-24 20:07:55 +01:00
Chris Smowton
b1c98ae3c2 Add further test directly examining signature of method with problematic parameter types 2022-02-24 17:39:11 +00:00
Chris Smowton
379f2438a6 Add test checking that inheritence is noticed even with annotations present 2022-02-24 17:39:11 +00:00
Geoffrey White
899ae90ba4 C++: Add GVN. 2022-02-24 17:22:37 +00:00
Mathias Vorreiter Pedersen
ab3cad749c Merge pull request #8173 from MathiasVP/add-using-expired-stack-address-query
C++: Add another `CWE-825` query
2022-02-24 17:18:35 +00:00
Geoffrey White
0bb9a95563 C++: Extend tests. 2022-02-24 17:15:29 +00:00
Tom Bolton
8dfc0d25d1 Merge pull request #8232 from github/tombolton/use-updated-counting-query
Add new xss queries to result counting query
2022-02-24 16:38:53 +00:00
Jeroen Ketema
0c788d7352 C++: Remove redundant empty line 2022-02-24 17:31:10 +01:00
Jeroen Ketema
b933a58215 C++: Replace Deprecated Queries by Deprecated Classes
This is more accurate for the only change in the list.
2022-02-24 16:48:23 +01:00
Michael Nebel
3e898a1b09 C#: Use generic TryParse method instead. 2022-02-24 16:18:42 +01:00
Tamas Vajk
8d329c55ab Fix typo in change logs 2022-02-24 16:10:44 +01:00
Tamas Vajk
0d16a7e38d Fix formatting of C# change logs 2022-02-24 16:06:54 +01:00
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
github-actions[bot]
3840ce8444 Release preparation for version 2.8.2 2022-02-24 14:56:57 +00:00
Rasmus Wriedt Larsen
abe4d8da62 Python: Accept global field-flow inconsistencies
Yikes
2022-02-24 15:07:18 +01:00
Rasmus Wriedt Larsen
94d23f3817 Python: Also do all field-flow tests in global scope
Notice that these tests don't pass, to show how they differ in the next
commit!
2022-02-24 15:06:40 +01:00
Erik Krogh Kristensen
844815a032 Merge pull request #8231 from erik-krogh/fix-ql-for-ql-in-ql-for-ql
QL: fix ql-for-ql errors inside ql-for-ql
2022-02-24 15:01:45 +01:00
Erik Krogh Kristensen
ea1503ce2c fix ql-for-ql errors inside ql-for-ql 2022-02-24 14:41:27 +01:00
tombolton
d80ef6566d add new xss queries to result counting query 2022-02-24 13:31:40 +00:00
Paolo Tranquilli
d2ed5c47f9 fix typo 2022-02-24 14:28:21 +01:00
Tamás Vajk
83aaeca751 Merge pull request #8228 from tamasvajk/fix/change-notes-0.0.9
Fix 0.0.9 change note to match concatenated change log
2022-02-24 14:04:31 +01:00
Michael Nebel
62dc23f6a5 C#: Move the StandaloneAnalyser to the Standalone project. 2022-02-24 13:51:43 +01:00
Michael Nebel
efab3bfa89 C#: Make an extractor class in the standalone project with some of the specifics for the standalone extractor. 2022-02-24 13:51:43 +01:00
Michael Nebel
d2c872079b C#: Move ExitCode enum out of Extractor class. 2022-02-24 13:51:42 +01:00
Michael Nebel
b0c62c8a10 C#: Refactor functionality to run standalone extractor into own method. 2022-02-24 13:51:42 +01:00
Michael Nebel
d947861690 C#: Minor refactoring. 2022-02-24 13:51:42 +01:00
Chris Smowton
b1cdde6913 Merge pull request #697 from github/smowton/admin/move-change-note
Move new-query change note to src pack
2022-02-24 12:43:48 +00:00
Chris Smowton
4973224de7 Merge pull request #8216 from github/smowton/fix/creating-codeql-databases-docs-typo
Fix typo
2022-02-24 12:24:32 +00:00
Rasmus Wriedt Larsen
2da4b39844 Python: Add global field-flow tests
I thought it was interesting that it did not propagate flow to the uses
inside the functions :O
2022-02-24 13:15:48 +01:00
Geoffrey White
6c40cda68d C++: Pragmatic solution to include more sinks (plus autoformat changes). 2022-02-24 12:10:34 +00:00
Tamas Vajk
a8c2d87897 Fix 0.0.9 change note to match concatenated change log 2022-02-24 12:51:10 +01:00
Mathias Vorreiter Pedersen
e4af34253a C++: Actually fix incorrect annotation 2022-02-24 11:06:57 +00:00
Chris Smowton
60bd4648a1 Re-add change note to src pack 2022-02-24 11:06:00 +00:00
Chris Smowton
28c3c0090e Move new query change note to src pack 2022-02-24 11:00:11 +00:00
Paolo Tranquilli
01a37e5165 fix check-qhelp.py again 2022-02-24 11:56:47 +01:00
Geoffrey White
e3493e32e0 C++: Change note. 2022-02-24 10:54:09 +00:00
Geoffrey White
fc8ebdaeb2 C++: Increase the query to precision high. 2022-02-24 10:54:09 +00:00
Geoffrey White
c16302be13 C++: Fix the FP. 2022-02-24 10:54:08 +00:00
Paolo Tranquilli
11c1b6a8a3 fix typo in .pre-commit-config.yaml 2022-02-24 11:46:19 +01:00
Paolo Tranquilli
4020464c2d fix check-qhelp.py
It turns out checking changes on `.inc.qhelp` files is a bit trickier,
as we need to first find which `qhelp` files use them. The previous
iteration of this script was working under the assumption that
`.inc.qhelp` files were only included from the current or a parent
path, but this turns out to be wrong.

This time around, if we are asked to check one or more `.inc.qhelp`
files we build an include map from all `qhelp` files and run the help
generator on the `qhelp` files actually including them.
2022-02-24 11:40:46 +01:00
Paolo Tranquilli
9667315d49 pre-commit: add qhelp check
Also the instructions on customizing `pre-commit`'s behaviour have been
updated to use the `--config` option.
2022-02-24 10:55:53 +01:00
Mathias Vorreiter Pedersen
ef5f16ddd3 Merge branch 'main' into add-using-expired-stack-address-query 2022-02-24 08:41:27 +00:00
Harry Maclean
fc351fbd64 Ruby: Remove value-flow for name-matched summaries
String summaries that are identified by name only should not specify
value-preserving flow as this can cause spurious flow in cases where
they are applied to different but identically-named methods.
2022-02-24 16:15:15 +13:00
Harry Maclean
07369916b0 Ruby: Remove bad flow to/from block arguments
In these cases there is no block argument to the method call.
2022-02-24 14:44:59 +13:00
Erik Krogh Kristensen
ad3399733b recognize more module exports from the factory pattern 2022-02-23 21:29:45 +01:00
Erik Krogh Kristensen
e13b2df86f Merge pull request #8185 from erik-krogh/amdImp
JS: recognize modules imported by AMD imports as library inputs
2022-02-23 20:21:45 +01:00
Geoffrey White
326dfa5bc2 C++: Add test cases. 2022-02-23 18:37:58 +00:00
Chris Smowton
3167a67e65 Fix typo 2022-02-23 18:19:11 +00:00
Chris Smowton
01db73bfc7 Merge pull request #5935 from porcupineyhairs/javaSstiNew
Java : Add SSTI query
2022-02-23 17:30:02 +00:00
Dave Bartolomeo
02bf008610 Fix formatting 2022-02-23 12:18:27 -05:00
Mathias Vorreiter Pedersen
8900f6c043 C++: Add comment about ir re-evaluation. 2022-02-23 17:12:05 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Mathias Vorreiter Pedersen
fd83f3a999 Merge pull request #8209 from jketema/ir-structured-bindings-tests
C++: Add IR structured binding tests
2022-02-23 16:09:40 +00:00
Chris Smowton
7b425a80bc Note path query expectations 2022-02-23 16:02:54 +00:00
Rasmus Wriedt Larsen
aeba497832 Merge pull request #7735 from yoff/python/promote-log-injection
Python: promote log injection
2022-02-23 16:21:12 +01:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Taus
3ce7d47b5b Merge pull request #7452 from jorgectf/python_jwt
Python: Add Python_JWT to JWT security query
2022-02-23 15:23:20 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Chris Smowton
a8fe10f353 Java template injection query: import pathgraph 2022-02-23 13:47:24 +00:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
bb9348d77f Ruby: reject ArrayElement[-n] instead of interpreting it as ArrayElement[?] 2022-02-23 14:13:41 +01:00
Asger Feldthaus
a11c6f0f8e Ruby: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
efec348eb3 Java: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
9cff065dca C#: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Asger Feldthaus
abd4933d6c Shared: move numeric parsing into AccessPathSyntax.qll 2022-02-23 14:13:37 +01:00
Mathias Vorreiter Pedersen
4b03778938 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-02-23 13:10:29 +00:00
Rasmus Wriedt Larsen
b17c769257 Python: Remove accidental "foo" snippet 2022-02-23 13:30:56 +01:00
Rasmus Wriedt Larsen
5626427ea5 Python: Add "debug partial flow" snippet 2022-02-23 13:30:56 +01:00
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad
Approved by erik-krogh
2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a Merge pull request #8186 from asgerf/js/request-forgery-docs-followup
Approved by esbena, hubwriter
2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source
JS: Functionality from untrusted sources query (CWE-830)
2022-02-23 12:45:31 +01:00
Chris Smowton
50d9945625 Autoformat 2022-02-23 11:41:23 +00:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
c8f940124f C++: Respond to review comments. 2022-02-23 11:17:12 +00:00
Chris Smowton
476997a599 Replace more non-breaking spaces 2022-02-23 11:02:17 +00:00
Stephan Brandauer
1ed71e15f3 apply docreview feedback 2022-02-23 11:21:22 +01:00
Michael Nebel
20f71110ef C#: Add change note for compression extractor option. 2022-02-23 11:02:28 +01:00
Tony Torralba
f011bbc92c Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib
CWE-552: Switch to the shared PathSanitizer library
2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1 Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection
update ATM NosqlInjection and SqlInjection query docs
2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6 JS: Minor fixup in the client-side request forgery qhelp 2022-02-23 10:54:26 +01:00
Erik Krogh Kristensen
203212657e recognize modules imported by AMD imports as library inputs 2022-02-23 10:39:45 +01:00
Mathias Vorreiter Pedersen
8b7214621b Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-02-23 09:38:30 +00:00
Mathias Vorreiter Pedersen
8e0f354c2c Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-02-23 09:38:06 +00:00
Mathias Vorreiter Pedersen
862ebefbad Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-02-23 09:33:58 +00:00
Mathias Vorreiter Pedersen
dda85bf234 Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-02-23 09:33:52 +00:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery
JS: split request forgery query into server-side and client-side variants
2022-02-23 10:27:16 +01:00
Michael Nebel
837b91b31e C#: Make TrapCompression setter private. 2022-02-23 10:12:56 +01:00
Michael Nebel
68b85900b7 C#: Remove old way of providing compression parameter. 2022-02-23 09:39:13 +01:00
Michael Nebel
a04aa1f05d C#: Add unit test(s). 2022-02-23 09:39:13 +01:00
Michael Nebel
6176b64907 C#: Add support to the extractor for getting the compression extractor option. 2022-02-23 09:39:13 +01:00
Michael Nebel
bca479c2f3 C#: Add extractor option 'compression'. 2022-02-23 09:39:13 +01:00
Mathias Vorreiter Pedersen
31a204a5d9 Merge pull request #8174 from jketema/hinding-cleanup
C++: Simplify `cpp/declaration-hides-variable`
2022-02-23 08:27:59 +00:00
Esben Sparre Andreasen
58e0d54744 Merge pull request #8168 from github/esbena/hapi-reflected-xss
JS: model hapi handler returns as reflected-xss sinks
2022-02-23 08:53:15 +01:00
jorgectf
4aa1c0a11e Update .expected 2022-02-23 00:55:39 +01:00
Dave Bartolomeo
b11c55ff23 Fix mismatched results between semantic and AST range analysis 2022-02-22 18:19:38 -05:00
Jeroen Ketema
423d325204 C++: Simplify cpp/declaration-hides-variable
The check for `(unnamed local variable)` is no longer needed, because these
variables are now identified as being compiler generated.
2022-02-22 23:04:48 +01:00
Robert Marsh
a37f746dff C++: fix FP and add paths in InsufficientKeySize 2022-02-22 15:38:50 -05:00
Erik Krogh Kristensen
73f2e89f3e Merge pull request #8165 from erik-krogh/protoWrite
JS: support more property writes in js/prototype-pollution-utility
2022-02-22 21:30:22 +01:00
jorgectf
7c108c7892 Polish test 2022-02-22 20:57:20 +01:00
Jorge
0216798cb9 Apply suggestions from code review
Co-authored-by: Taus <tausbn@github.com>
2022-02-22 20:55:51 +01:00
Mathias Vorreiter Pedersen
ea35f56212 C++: Add a query for detecting uses of expired stack pointers that escaped through global variables. 2022-02-22 19:12:08 +00:00
Porcupiney Hairs
c81d85f321 Include suggestions from review 2022-02-22 23:07:34 +05:30
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone
JS: add lodash.{clone, cloneDeep} as a clone step
2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style
QL: add ql-for-ql query for detecting bad predicate qldoc
2022-02-22 17:49:12 +01:00
Paolo Tranquilli
e15c1f7c45 fix typo in docs/pre-commit-hook-setup.md 2022-02-22 17:47:35 +01:00
Paolo Tranquilli
33cce2b5ac add pre-commit configuration
This enables use of the `pre-commit` framework to run quick pre-commit
checks. In particular this allows to automatically fix:
* trailing white spaces
* absence or multiple newlines at the end of files
* QL code formatting
* file sync

More could be added in the future: anything that can be checked fast
can be added in the configuration (for example well-formedness of
`qldoc` files).

This is a purely opt-in feature. Instructions for enabling it and
possibly configuring its behaviour are in `pre-commit-hook-setup.md`.
2022-02-22 17:40:07 +01:00
Jeroen Ketema
aecc17c49b Merge pull request #7928 from jketema/structured-bindings-db-scheme
C++: Add table that identifies C++ structured bindings
2022-02-22 17:34:26 +01:00
Stephan Brandauer
6a9186cdef update ATM NosqlInjection and SqlInjection query docs 2022-02-22 16:56:18 +01:00
Chris Smowton
106ee5b8a2 Merge pull request #696 from asgerf/asgerf/dot-separated-access-paths
Go: Switch to dot-separated access paths in summary specs
2022-02-22 15:34:27 +00:00
Arthur Baars
69ed121ecb Ruby/Python: regex parser: group sequences of 'normal' characters 2022-02-22 16:15:33 +01:00
Geoffrey White
31d214d5ee Merge pull request #8170 from geoffw0/typos
C++: Fix Spelling Typos.
2022-02-22 15:09:50 +00:00
Mathias Vorreiter Pedersen
894992d403 Merge pull request #8169 from MathiasVP/fix-spelling-in-post-dominance-frontier
C++/C#: Fix spelling of 'postDominanceFrontier'
2022-02-22 14:54:39 +00:00
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Ian Lynagh
691473bd6e Java: Add a changenote 2022-02-22 14:07:31 +00:00
Mathias Vorreiter Pedersen
b6740ed4a1 C++/C#: Fix spelling of 'postDominanceFrontier'. 2022-02-22 13:48:13 +00:00
Asger Feldthaus
5390faeb8a Ruby: add query for measuring call graph 2022-02-22 14:42:05 +01:00
Asger Feldthaus
c7c97d5bbb Ruby: add queries for measuring taint sources and sinks 2022-02-22 14:29:47 +01:00
Esben Sparre Andreasen
2c527f7b35 model hapi handler returns as reflected-xss sinks 2022-02-22 14:12:01 +01:00
Owen Mansel-Chan
980c27423a Merge pull request #681 from owen-mc/new-query/wrapped-error-always-nil
Add query "Wrapped error always nil"
2022-02-22 12:42:16 +00:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Pierre
5ee96121fc Merge pull request #8162 from github/turbo-no-glibc-no
Docs: Add note about muslc incompatibility
2022-02-22 13:06:28 +01:00
Henry Mercer
4f7604f0dd Merge pull request #8151 from github/henrymercer/separate-atm-model-pack 2022-02-22 11:47:35 +00:00
Pierre
1d81f90260 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst
Co-authored-by: hubwriter <hubwriter@github.com>
2022-02-22 12:47:31 +01:00
Erik Krogh Kristensen
08c703f605 exclude private predicates 2022-02-22 12:34:16 +01:00
Owen Mansel-Chan
0cd5e520aa Update expected alert message 2022-02-22 11:14:19 +00:00
Stephan Brandauer
2278e7f6e6 CWE 830 polish error messages 2022-02-22 11:41:54 +01:00
Stephan Brandauer
82330391c3 CWE-830 add support for setting attributes via setAttribute method 2022-02-22 11:41:54 +01:00
Stephan Brandauer
d80cd1aeb5 CWE 830 test where both branches in a ternary are unsafe 2022-02-22 11:41:53 +01:00
Stephan Brandauer
2934aa1a3a rewrite docs, improve error messages, etc 2022-02-22 11:41:53 +01:00
Stephan Brandauer
d2335b65d5 stylistic improvements after review 2022-02-22 11:41:53 +01:00
Stephan Brandauer
9aec4437e2 polish qhelp for CWE-830 and add test file 2022-02-22 11:41:53 +01:00
Stephan Brandauer
44d86569ac remove illegal chars from comments 2022-02-22 11:41:53 +01:00
Stephan Brandauer
fd77e27ed9 replace taint tracking by type tracking and merge remaining queries for CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
8cafa6d562 improve error message in CWE-830 2022-02-22 11:41:53 +01:00
Stephan Brandauer
780fa97869 always require integrity checking for certain CDNs 2022-02-22 11:41:53 +01:00
Stephan Brandauer
83764df4f5 rename tests for CW-830 to clarify responsibilities 2022-02-22 11:41:52 +01:00
Stephan Brandauer
8d397fea09 JS: query to find dynamic creations of DOM elements that use untrusted sources 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b35c70994f permit http urls to 127.0.0.1 and others 2022-02-22 11:41:52 +01:00
Stephan Brandauer
dd2b779a3c add CWE 830 link to references 2022-02-22 11:41:52 +01:00
Stephan Brandauer
b170422c22 add changenotes for functionality from untrusted source query 2022-02-22 11:41:52 +01:00
Stephan Brandauer
6722c17bb0 JS: Functionality from untrusted sources query (CWE-830) 2022-02-22 11:41:52 +01:00
Erik Krogh Kristensen
8ff2992b56 have each case on a separate line 2022-02-22 11:40:26 +01:00
Erik Krogh Kristensen
addb27c80e deduplicate "%"
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
2022-02-22 11:34:59 +01:00
Pierre
8b7f899883 Update getting-started-with-the-codeql-cli.rst 2022-02-22 11:34:49 +01:00
Pierre
6f936942fa Add note about non-glibc systems 2022-02-22 11:29:51 +01:00
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
Asger Feldthaus
1be47db2e6 JS: Factor out more JS-specific code 2022-02-22 09:51:56 +01:00
Asger Feldthaus
2d509eb345 JS: Make Impl.qll determine the location of AccessPathSyntax.qll 2022-02-22 09:51:52 +01:00
Asger Feldthaus
42a3d8c689 JS: Treat Member[x] as a language-specific token
In Ruby it is ambiguous whether Member[foo] means x.foo or x::foo
2022-02-22 09:51:52 +01:00
Asger Feldthaus
acf95d6178 JS: Move summary resolution into JS-specific code 2022-02-22 09:51:52 +01:00
Asger Feldthaus
ab1642dd3f JS: Rename {Shared,Impl} -> ApiGraphModels{,Specific} 2022-02-22 09:51:48 +01:00
Harry Maclean
07c70adde5 Ruby: Update CleartextLogging fixture
The flow summary for `String#sub` leads to two new results in this test.
They are duplicates of existing results, because the query is quite
liberal in what it considers a source.

```ruby

password = "abc"
password_masked = password.sub(/./, "x")
Logger.new(STDOUT).info password_masked

```

In the example above, the query considers lines 1 and 2 to both be
sources, with a sink at line 3. Previously there was no flow from line 1
to line 3 because of the missing flow summary for `String#sub`, and
therefore there was just one result. Now we have the flow summary, there
are two results.

Line 2 is considered a source because it is an assignment to a variable
that contains the term "password". I'm not sure how to adjust the query
to avoid these duplicates, so I'm leaving them in for now.
2022-02-22 16:58:41 +13:00
Harry Maclean
340288e0d4 Ruby: Update summary access paths for dot syntax 2022-02-22 16:41:16 +13:00
Harry Maclean
d180a55b3a Ruby: Fix value/taint flow in String summaries 2022-02-22 16:41:16 +13:00
Harry Maclean
f07ae35b87 Ruby: Fix bug with String flow summaries
Split summaries for methods with optional block parmaters into separate
classes. Also model the `exclusive` argument to `String#upto`.
2022-02-22 16:41:16 +13:00
Harry Maclean
379de5581d Ruby: Disable summaries that clash with Array
Some String methods are named identically to Array methods, and this
leads to overlapping flow summaries. These adversely affect the original
Array flow summaries.
2022-02-22 16:41:15 +13:00
Harry Maclean
fef46e1ee4 Ruby: Add flow summaries for String methods 2022-02-22 16:41:15 +13:00
Erik Krogh Kristensen
e8df6a14ca add lodash.{clone, cloneDeep} as a clone step 2022-02-21 22:27:29 +01:00
alexet
7ea8577e23 QLSpec: Fix underline length 2022-02-21 19:25:44 +00:00
alexet
121b3f6fbf QLSpec:Allow setliterals withing inrange terms 2022-02-21 18:57:29 +00:00
alexet
5473162f23 QLSpec: Add documentation for expression pragmas 2022-02-21 18:55:56 +00:00
alexet
e2bc03c147 QLSpec: Consistency in primary expression order. 2022-02-21 18:53:53 +00:00
Henry Mercer
e42f759f6b Merge pull request #8153 from github/henrymercer/atm-add-cwe-tags
JS: Add CWE tags for ML-powered queries
2022-02-21 17:24:02 +00:00
Ian Lynagh
7ce9b160d0 Java: Performance tweaks 2022-02-21 17:05:00 +00:00
Henry Mercer
5a3daa9e3f JS: Add CWE tags for ML-powered queries
- Cross-site scripting: CWE-79
- Path injection: CWE-22, CWE-23, CWE-36, CWE-73, CWE-99
- NoSQL injection: CWE-943
- SQL injection: CWE-89
2022-02-21 16:18:33 +00:00
Henry Mercer
02cce623a6 JS: Install pack dependencies in ML CI jobs 2022-02-21 16:10:15 +00:00
Henry Mercer
a89882c14e JS: Update lockfiles for ML-powered queries packs 2022-02-21 16:03:05 +00:00
Asger Feldthaus
8194c041cc JS: Merge sources to one class 2022-02-21 16:26:02 +01:00
Asger F
00ed72ed83 Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-02-21 16:24:50 +01:00
Tamas Vajk
422c2d5ccb C#: Add dynamic casts to useless upcast test 2022-02-21 16:10:00 +01:00
Henry Mercer
25f6ac3ec4 JS: Remove ML model pack from default workspace
We only want to put the checked out version of the model pack to test a
custom model.
Given that the repo doesn't contain any models by default, most users
won't want the local checkout of the model pack to override the one
downloaded from the package registry.
2022-02-21 15:06:30 +00:00
Henry Mercer
6fb9895367 JS: Separate the ML-powered queries model into its own pack
This allows users to more easily get started with development. Running
`codeql pack install` from the `-queries` pack will now install the ML
model.
2022-02-21 15:05:57 +00:00
Tom Bolton
0108642464 Merge pull request #8148 from github/tombolton/modify-counting-query
Update counting query to match end-to-end results
2022-02-21 15:02:43 +00:00
tombolton
e02319be9f add end to end predicate to result counting query 2022-02-21 14:35:58 +00:00
Erik Krogh Kristensen
cd4685c4c5 cache RegExpCreationNode::getAReference 2022-02-21 15:04:00 +01:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Erik Krogh Kristensen
11bbd872f3 add ql-for-ql query for detecting bad predicate qldoc 2022-02-21 15:02:15 +01:00
Asger Feldthaus
cb38df5980 Go: rewrite access paths to dot-style 2022-02-21 14:56:54 +01:00
Asger Feldthaus
846a876c44 Go: update to use new API exposed by FlowSummaryImpl.qll 2022-02-21 14:53:05 +01:00
Rasmus Wriedt Larsen
d2cd77aefb Merge branch 'main' into dataflow-improvements 2022-02-21 14:49:40 +01:00
Asger Feldthaus
da52cb24f6 Go: sync FlowSummaryImpl and AccessPathSyntax.qll 2022-02-21 14:40:23 +01:00
Owen Mansel-Chan
e8c2ab745e Apply suggestions from code review from docs team
Co-authored-by: hubwriter <hubwriter@github.com>
2022-02-21 13:19:47 +00:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths
Shared: Switch to dot-separated access paths in summary specs
2022-02-21 13:29:09 +01:00
Alex Ford
9196b64d6e Merge pull request #8138 from github/ruby/file-write
Ruby: Implement `FileSystemWriteAccess` concept
2022-02-21 10:13:27 +00:00
Alex Ford
746290d903 Merge pull request #7713 from github/ruby/clear-text-logging
Ruby: Add `rb/clear-text-logging-sensitive-data` query
2022-02-21 10:12:33 +00:00
Jeroen Ketema
fc91c82777 Add change note 2022-02-21 10:48:46 +01:00
Jeroen Ketema
e05af1e1d1 Use underlyingElement in isStructuredBinding
Accodring to the documentation in `Element.qll`, `underlyingElement` is
supposed to be used here and not `unresolveElement`.
2022-02-21 10:46:29 +01:00
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials
JS: Sharpen hardcoded credentials
2022-02-21 10:02:58 +01:00
Rasmus Wriedt Larsen
b59ab7f5f3 Merge branch 'main' into python/promote-log-injection 2022-02-21 09:59:31 +01:00
Erik Krogh Kristensen
5f9bd7a4a1 Merge pull request #7984 from erik-krogh/fix-ql-for-ql-js
JS: fix most ql-for-ql warnings
2022-02-21 09:15:06 +01:00
Asger Feldthaus
7848fcec80 Shared: sync AccessPathSyntax.qll 2022-02-21 08:21:53 +01:00
Asger Feldthaus
d7f07167ac Shared: Remove getLastToken again 2022-02-21 08:21:53 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
55ac5cb012 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
4985fbb526 Shared: update getSummaryCsv and related test output 2022-02-21 08:21:53 +01:00
Asger Feldthaus
dcc523a2b7 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
d911e0abf8 Shared: use getToken instead of getLastToken 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c4304a980d Shared: add explicit this 2022-02-21 08:21:52 +01:00
Asger Feldthaus
dc6a13242b Shared: update comment in AccessPathSyntax.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
be63cf7049 Shared: fix qldoc and move getRawToken to top-level 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c189df2341 Revert "JS: Add support for " of " syntax to help during transition"
This reverts commit 9bf522b3048c3b11f7e6d734ed797a613614a095.
2022-02-21 08:21:51 +01:00
Asger Feldthaus
57bf0b1432 Ruby: remove support for legacy syntax 2022-02-21 08:21:51 +01:00
Asger Feldthaus
e3605eed44 Ruby: update CSV rows to dot-separated syntax 2022-02-21 08:21:50 +01:00
Asger Feldthaus
7005d53a67 Ruby: manually rewrite DigSummary access path 2022-02-21 08:16:55 +01:00
Asger Feldthaus
6dbeb81f36 Ruby: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
0af9e8aa58 C#: remove support for legacy syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
6bb15dcc27 C#: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
dffa1d1558 C#: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Asger Feldthaus
affdbe9955 Java: remove support for legacy syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec Java: update model generator 2022-02-21 08:16:54 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227 JS: Factor out AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16 JS: Fix accidental recursion 2022-02-21 08:16:53 +01:00
Harry Maclean
e4f801bea8 Merge pull request #7886 from github/hmac/split-ruby-std-library
Ruby: split standard library models into multiple files
2022-02-21 13:39:43 +13:00
Harry Maclean
9a60c7e4ac Ruby: Update filename in test fixture 2022-02-21 09:43:36 +13:00
Alex Ford
6b8537c4e0 Ruby: FileSystemWriteAccess changenote 2022-02-20 20:14:01 +00:00
Alex Ford
baabe66551 Ruby: update Files.ql tests for write accesses 2022-02-20 19:28:12 +00:00
Alex Ford
12ce3d4784 Ruby: Implement FileSystemWriteAccess for IO/File API 2022-02-20 19:27:11 +00:00
Alex Ford
4f0174e89a Ruby: add FileSystemWriteAccess concept 2022-02-20 19:26:54 +00:00
jorgectf
c5f30d99d5 Create an extendable AdditionalTaintStep class in customizations 2022-02-20 17:34:12 +01:00
Dave Bartolomeo
ac9e2d0c6d Parallel semantic modulus analysis 2022-02-18 17:43:27 -05:00
Dave Bartolomeo
e2e2c0e540 Fix a few bugs to make results of semantic sign analysis match the original AST analysis 2022-02-18 17:03:10 -05:00
Dave Bartolomeo
99f24e5a9e Fix up sign analysis and create diff query 2022-02-18 13:03:26 -05:00
Dave Bartolomeo
5bd5f39ad8 Try parallel versions of sign analysis, AST vs. semantic 2022-02-18 12:28:36 -05:00
Rasmus Wriedt Larsen
9d81fd3b95 Python: Improve sanitizer/guards tests
Based on review conversation
2022-02-18 14:12:41 +01:00
Rasmus Wriedt Larsen
7aa559f4aa Python: Restore dataflow consistency queries 2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen
c5b6fb37b7 Python: Clean up NormalDataflowTest.qll 2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen
67ca14876a Python: Apply suggestions from code review
Co-authored-by: yoff <lerchedahl@gmail.com>
2022-02-18 13:47:07 +01:00
Alex Ford
dd383f942f Merge remote-tracking branch 'origin/main' into ruby/clear-text-logging 2022-02-17 15:32:31 +00:00
Alex Ford
33f4fffe16 Ruby: Simplify sub!/gsub! sanitizers for cleartext logging query 2022-02-17 13:10:44 +00:00
Jeroen Ketema
d4832b48c6 C++: Update DB scheme stats 2022-02-17 11:48:42 +01:00
Jeroen Ketema
e2bc4c88e4 C++: Expose is_structured_binding as a member of Variable 2022-02-17 11:44:08 +01:00
Jeroen Ketema
f875d722b0 C++: Add DB upgrade and downgrade scripts 2022-02-17 11:44:08 +01:00
Jeroen Ketema
f358f8f265 C++: Add DB relation identifying structured bindings 2022-02-17 11:44:08 +01:00
Asger Feldthaus
69995d5750 Shared: rephrase request forgery name and description 2022-02-17 09:07:08 +01:00
Asger Feldthaus
51442ddf47 JS: Add change note 2022-02-17 09:07:08 +01:00
Asger Feldthaus
3496ae131b JS: Factor out <recommendation> part of qhelp 2022-02-17 09:07:08 +01:00
Harry Maclean
bfd2c14555 Ruby: Add shim StandardLibrary.qll
This file re-exports everything it used to define, marking each as
deprecated to warn users that they should import `Core` or `Stdlib`
instead.
2022-02-17 20:44:04 +13:00
Harry Maclean
459f949c24 Ruby: fix old import in ActiveSupport
codeql.ruby.frameworks.StandardLibrary is deprecated
2022-02-17 20:44:04 +13:00
Harry Maclean
9fff2cfcff Ruby: Add missing documentation 2022-02-17 20:44:04 +13:00
Harry Maclean
546bfcb8ea Ruby: split tests to match stdlib changes 2022-02-17 20:44:04 +13:00
Harry Maclean
eb4f333c25 Ruby: Move UnknownMethodCall to ast/Call.qll 2022-02-17 20:44:04 +13:00
Harry Maclean
a397c65d36 Ruby: Split standard library modeling
Split the classes modeling various standard library concepts into a
structured group of multiple files.

Things that are part of the core language live in framworks/core and
standard libraries (that aren't part of core) live in frameworks/stdlib.

This mirrors the structure followed by the Ruby docs
(https://docs.ruby-lang.org/en/3.1/).

Tests are split in a followup commit.
2022-02-17 20:44:04 +13:00
Robert Marsh
103796dfa8 C++: respond to PR comments on InsufficientKeySize 2022-02-16 14:58:29 -05:00
Robert Marsh
cfd9c9d137 C++: Update doc for `getMinimumKeySize
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-02-16 14:53:09 -05:00
Ian Lynagh
a448db11b5 Merge pull request #8052 from igfoo/igfoo/descendent
Spelling: Use "descendant" rather than "descendent" for consistency
2022-02-16 18:03:52 +00:00
Robert Marsh
3637078a26 C++: change note for insufficient key size 2022-02-16 12:43:39 -05:00
Asger Feldthaus
8ac0ec8dfc JS: Write help for ClientSideRequestForgery 2022-02-16 18:33:31 +01:00
Robert Marsh
d3665f935e C++: add sample code for InsufficientKeySize.qhelp 2022-02-16 12:30:41 -05:00
luchua-bc
f136ea0f6f Switch to the shared PathSanitizer library 2022-02-16 16:06:28 +00:00
Nick Rolfe
26e7f3273b Merge pull request #8044 from github/nickrolfe/db_upgrade_script
Language-agnostic document on db up-/downgrades
2022-02-16 15:02:04 +00:00
Nick Rolfe
6d02ea7870 doc: remove unneeded --search-path flag 2022-02-16 14:51:12 +00:00
Ian Lynagh
b16e4c0247 Spelling: Use "descendant" rather than "descendent" for consistency
$ git grep -i descendant | wc -l
170
2022-02-16 14:26:02 +00:00
Nick Rolfe
54b56c44e6 doc: avoid using Posix-specific search-path separator 2022-02-16 12:42:58 +00:00
Asger Feldthaus
91c64152d2 JS: Rephrase the qhelp for SSRF query 2022-02-16 13:35:01 +01:00
Asger Feldthaus
cf66d01e80 JS: Add consistency test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3103cfd925 JS: Rename to tests to clientSide.js and serverSide.js 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3fbc3a4d70 JS: Add ClientSideRequestForgery to RequestForgery test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
260638c68b JS: Add ClientSideRequestForgery and split request-forgery results between the two 2022-02-16 13:35:01 +01:00
Esben Sparre Andreasen
f08a140505 update tests for password patterns 2022-02-16 13:22:19 +01:00
Nick Rolfe
17450a5b27 Python/Ruby: rm old prepare-db-upgrade.sh files 2022-02-16 12:21:52 +00:00
Ian Lynagh
83bba47fdb Java: Update stats 2022-02-16 12:06:18 +00:00
Nick Rolfe
549436fc86 doc: typo 2022-02-16 12:00:35 +00:00
Nick Rolfe
26b2012024 Move Ruby doc on db upgrades to common docs dir
And explain downgrades
2022-02-16 11:35:52 +00:00
Nick Rolfe
ee5068d843 Python/Ruby: forward to generic prepare-db-upgrade.sh 2022-02-16 11:03:28 +00:00
Tony Torralba
111aabb707 Merge pull request #7712 from luchua-bc/java/file-path-injection
Java: CWE-073 File path injection with the JFinal framework
2022-02-16 12:01:34 +01:00
Jeroen Ketema
3170670f67 Merge pull request #8041 from jketema/prepare-db-upgrade-script
Add version of `prepare-db-upgrade.sh` supporting multiple languages
2022-02-16 11:45:34 +01:00
Jeroen Ketema
671528b483 Find qldir by using the location of prepare-db-upgrade.sh 2022-02-16 11:35:15 +01:00
Jeroen Ketema
8ad0d8ea69 Factor out creating upgrade.properties into a function 2022-02-16 10:54:12 +01:00
Jeroen Ketema
b27dd6ca72 Simplify check_hash_valid 2022-02-16 10:53:39 +01:00
Jeroen Ketema
f558ac5b07 Make --lang a required script argument 2022-02-16 10:18:55 +01:00
Esben Sparre Andreasen
816d79692b ignore deliberately hardcoded password strings 2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen
78744a0182 add additional tests 2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab change example passwords in test 2022-02-16 08:56:00 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1
Post-release preparation for codeql-cli-2.8.1
2022-02-15 20:17:35 +01:00
Arthur Baars
0f15d71cd8 Merge pull request #694 from github/post-release-prep/codeql-cli-2.8.1
Post-release preparation for codeql-cli-2.8.1
2022-02-15 20:16:09 +01:00
Geoffrey White
703f18b82f C++: Better deduplication. 2022-02-15 17:52:27 +00:00
Jeroen Ketema
1209bbd9b4 Add version of prepare-db-upgrade.sh supporting multiple languages 2022-02-15 18:39:21 +01:00
luchua-bc
40bf093d34 Move shared code to the lib folder and update qldoc 2022-02-15 17:28:13 +00:00
Tony Torralba
5f0ab522f3 Merge pull request #7988 from Marcono1234/marcono1234/sealed-types-predicates
Java: Add predicates for sealed classes
2022-02-15 15:11:56 +01:00
yo-h
cfcb06cad9 Merge pull request #8035 from tamasvajk/feature/hardcoded-cred-medium-prec
C#: Downgrade hardcoded credentials queries to medium precision
2022-02-15 08:09:27 -05:00
Chris Smowton
2f82a46528 Elaborate change note 2022-02-15 12:56:57 +00:00
luchua-bc
fd533f2ba8 Remove the same callable constraint 2022-02-15 12:44:23 +00:00
Mathias Vorreiter Pedersen
c48e49650a Merge pull request #8039 from jketema/downgrades
C++: Add initial DB scheme and qlpack file to downgrades directory
2022-02-15 11:30:33 +00:00
Jeroen Ketema
d59422be41 Add qlpack file to downgrades directory 2022-02-15 12:18:46 +01:00
Jeroen Ketema
0bcb5cb380 Add initial cpp DB scheme to downgrades directory 2022-02-15 11:59:46 +01:00
Mathias Vorreiter Pedersen
38e44924e7 Merge pull request #8036 from jketema/remove-legacy-relations-2
C++: Remove some unused legacy relations from the DB scheme - Take 2
2022-02-15 10:56:25 +00:00
Jeroen Ketema
3b2584a5d1 Add change note 2022-02-15 11:18:44 +01:00
Jeroen Ketema
9d7784e12d C++: Add DB downgrade script 2022-02-15 11:18:44 +01:00
Jeroen Ketema
f791c63780 C++: Add DB upgrade script 2022-02-15 11:18:44 +01:00
Jeroen Ketema
68fd953d9b C++: Mark classes depending on removed relations as deprecated
Also ensure they no longer depend on the removed relations.
2022-02-15 11:18:36 +01:00
Rasmus Wriedt Larsen
62d4bb50a5 Python: Autoformat
Trailing whitespace is a bit too easy with the ```suggestions through
the UI :|
2022-02-15 10:38:52 +01:00
Tony Torralba
bfa14fa066 Merge pull request #7823 from JLLeitschuh/improve/JLL/combined_http_headers
Java: Add HTTP Request Splitting to Netty Query
2022-02-15 10:24:36 +01:00
Rasmus Wriedt Larsen
5a90214ece Merge pull request #7783 from yoff/python/promote-ldap-injection
Python: promote LDAP injection query
2022-02-15 10:24:18 +01:00
Jeroen Ketema
bf6ca7a7be C++: Remove some unused legacy relations from the DB scheme 2022-02-15 10:16:35 +01:00
Tamas Vajk
0c667fa544 Move change note from lib to src folder 2022-02-15 09:58:12 +01:00
Tamas Vajk
c386ab5e51 Add change note 2022-02-15 09:55:18 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs
Approved by esbena
2022-02-15 09:34:21 +01:00
Tamas Vajk
e8bf94faf9 C#: Downgrade hardcoded credentials queries to medium precision 2022-02-15 09:34:20 +01:00
Marcono1234
a496b1d1a1 Java: Add predicates for sealed classes 2022-02-14 21:04:38 +01:00
Robert Marsh
0e50c4b186 C++: Add openssl low-level API 2022-02-14 14:47:55 -05:00
Chris Smowton
0bf6c83ef2 Merge pull request #4388 from JLLeitschuh/feat/JLL/java/CWE-200_temp_directory_local_information_disclosure
Java: CWE-200: Temp directory local information disclosure vulnerability
2022-02-14 18:58:44 +00:00
Chris Smowton
fd4dc95d84 Merge pull request #6443 from artem-smotrakov/ignored-hostname-verifier
Java: An experimental query for ignored hostname verification
2022-02-14 18:56:27 +00:00
yoff
de5b3a272d Merge pull request #7660 from RasmusWL/deprecate-old-modeling
Python: Deprecate old points-to based modeling
2022-02-14 19:48:03 +01:00
Chris Smowton
f2bc5849ce format 2022-02-14 17:00:14 +00:00
Nick Rolfe
9c79a171ae Merge pull request #8017 from github/nickrolfe/csharp_externalData
C#: add externalData back to dbscheme
2022-02-14 16:54:32 +00:00
Jonathan Leitschuh
2048aed0a9 Review feedback and improve temp dir vulnerable/safe code sugestion 2022-02-14 11:29:16 -05:00
Chris Smowton
a62eae5a1e Remove redundant conditions from HostnameVerificationCall.isIgnored 2022-02-14 16:26:41 +00:00
Jonathan Leitschuh
76964d58f2 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-02-14 11:04:31 -05:00
Jonathan Leitschuh
bb580ddbab Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-02-14 11:02:05 -05:00
Jonathan Leitschuh
7dee22a130 Fix implicit 'this' usage 2022-02-14 11:00:41 -05:00
luchua-bc
2b5982fd9d Remove specified value step from additional taint step 2022-02-14 15:42:54 +00:00
yoff
3a995ec1b1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-14 16:08:44 +01:00
yoff
62598c0fd1 Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-14 16:07:40 +01:00
yoff
86786d3368 Update docs/codeql/support/reusables/frameworks.rst
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-14 16:05:59 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
luchua-bc
35a924292b Model value passing between a setter and a getter call as a value step 2022-02-14 14:08:55 +00:00
Asger Feldthaus
f7108506f2 JS: Raise precision tag of js/request-forgery 2022-02-14 14:20:41 +01:00
Nick Rolfe
2633f9d02e C#: delete externalData.rel in downgrade script 2022-02-14 12:25:32 +00:00
Nick Rolfe
6e7f5f8c12 C#: add DB upgrade and downgrade scripts 2022-02-14 12:16:39 +00:00
Nick Rolfe
d43a62a09f C#: add externalData back to dbscheme
That table is still used, and is populated by the CSV extractor.
2022-02-14 12:09:00 +00:00
Rasmus Lerchedahl Petersen
d1200d0cd5 python: fix change-note formatting 2022-02-14 12:22:29 +01:00
Rasmus Lerchedahl Petersen
84447e4710 python: more detailed alert message 2022-02-14 11:55:07 +01:00
Rasmus Lerchedahl Petersen
bd14adefa0 python: add apologetic comment 2022-02-14 11:37:46 +01:00
Mathias Vorreiter Pedersen
9b8d85903c Merge pull request #8011 from MathiasVP/revert-remove-legacy-tables
Revert "Merge pull request #7982 from jketema/remove-legacy-relations"
2022-02-14 10:32:01 +00:00
Mathias Vorreiter Pedersen
bc24b03d31 Merge pull request #8012 from erik-krogh/db-in-upgrade
QL: allow raw db types in upgrade/downgrade scripts
2022-02-14 10:24:55 +00:00
Erik Krogh Kristensen
8c7bf69a87 allow raw db types in upgrade/downgrade scripts without adding a warning for it 2022-02-14 10:40:07 +01:00
Mathias Vorreiter Pedersen
ab7850c581 Revert "Merge pull request #7982 from jketema/remove-legacy-relations"
This reverts commit 2b6d57d85b, reversing
changes made to 9b4dbb9dd8.
2022-02-14 09:11:56 +00:00
Mathias Vorreiter Pedersen
2b6d57d85b Merge pull request #7982 from jketema/remove-legacy-relations 2022-02-14 07:59:19 +00:00
root
5ed5e0b105 Add query to detect ZipSlip 2022-02-13 16:44:27 -05:00
Artem Smotrakov
48604cd7b3 Better HostnameVerificationCall.isIgnored() 2022-02-12 15:52:16 +00:00
Artem Smotrakov
36e565d673 Use classes from semmle.code.java.security.Encryption 2022-02-12 15:31:35 +00:00
Artem Smotrakov
651e43dee6 Clarify what verifier is 2022-02-12 12:24:48 +00:00
luchua-bc
78630f25dd Match attribute name to reduce FP 2022-02-11 23:53:31 +00:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme
Upgrade scripts testing: set initial dbschemes
2022-02-11 11:06:12 -08:00
Andrew Eisenberg
0f3d780935 Merge pull request #7946 from github/aeisenberg/check-change-not
Workflows: Augment workflow to ensure failure with invalid change notes
2022-02-11 09:25:14 -08:00
Jeroen Ketema
7f4913d61f Add change notes 2022-02-11 18:15:33 +01:00
Jeroen Ketema
9d7aa176f3 C++: Mark classes depending on removed relations as deprecated
Also ensure they no longer depend on the removed relations.
2022-02-11 18:04:17 +01:00
Nick Rolfe
b3048eed21 Merge pull request #7979 from github/nickrolfe/charp
C#: fix misspellings of 'csharp'
2022-02-11 16:57:59 +00:00
Erik Krogh Kristensen
a1c5724be7 fix most ql-for-ql warnings in JS 2022-02-11 17:57:37 +01:00
Andrew Eisenberg
5092493160 Update .github/workflows/validate-change-notes.yml 2022-02-11 08:41:20 -08:00
Geoffrey White
c4d9c1d9e7 C++: Reduce result duplication. 2022-02-11 16:03:38 +00:00
Jeroen Ketema
5205db9e17 C++: Add DB downgrade script 2022-02-11 16:36:21 +01:00
Jeroen Ketema
3033f3f89c C++: Add DB upgrade script 2022-02-11 16:35:51 +01:00
Jeroen Ketema
94d3d63704 C++: Remove some unused legacy relations from the DB scheme 2022-02-11 16:35:08 +01:00
Erik Krogh Kristensen
360cf0ff17 Merge pull request #7981 from erik-krogh/erik-krogh/key-on-qlpacks
QL: add qlpack.yml to the cache key for QL-for-QL query build
2022-02-11 16:19:38 +01:00
Erik Krogh Kristensen
6639bdaf1e add qlpack.yml to the cache key for QL-for-QL query build 2022-02-11 16:04:39 +01:00
Nick Rolfe
dc2f653496 Merge remote-tracking branch 'origin/main' into nickrolfe/charp 2022-02-11 14:56:15 +00:00
Erik Krogh Kristensen
25f6880809 Merge pull request #7980 from erik-krogh/fix-ql-pack
QL: fix pack name for ql-for-ql
2022-02-11 15:53:02 +01:00
Erik Krogh Kristensen
1fa5265a2e fix pack name for ql-for-ql 2022-02-11 15:44:14 +01:00
Nick Rolfe
164cce7417 C#: fix misspellings of 'csharp' 2022-02-11 14:08:47 +00:00
Erik Krogh Kristensen
25d64a7901 Merge pull request #7930 from erik-krogh/rbApiIpa
RB: convert the ruby ApiGraphs to use IPA labels
2022-02-11 14:35:39 +01:00
Geoffrey White
00ba76b7e4 C++: Convert to IR taint tracking. 2022-02-11 13:00:42 +00:00
luchua-bc
e3d0e9f083 Update normalized path node 2022-02-11 12:38:05 +00:00
Arthur Baars
678645ba57 Merge pull request #7883 from github/aibaars/ruby-cross
Ruby: add configuration for 'cross'
2022-02-11 13:15:34 +01:00
Arthur Baars
525c685584 Ruby: add configuration for 'cross' 2022-02-11 12:50:33 +01:00
Taus
d7f30de5b0 Merge pull request #7874 from RasmusWL/set-store-step
Python: Fix setStoreStep to use `SetElementContent`
2022-02-11 12:50:02 +01:00
Arthur Baars
a85b2093d6 Merge pull request #7969 from github/doc-remove-filter-queries
Docs: remove mention of 'filter queries'
2022-02-11 12:48:34 +01:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
github-actions[bot]
a89ae0b65e Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:13 +00:00
Taus
327e0dad72 Merge pull request #7674 from erik-krogh/dbTypeInNonLib
QL: Use of db-type outside language core.
2022-02-11 12:00:14 +01:00
Owen Mansel-Chan
fbd73a3ed5 Merge pull request #690 from asgerf/asgerf/sync-flow-summary-impl
Go: sync FlowSummaryImpl.qll
2022-02-11 10:50:37 +00:00
Arthur Baars
47eb96d223 Docs: remove mention of 'filter queries' 2022-02-11 11:45:34 +01:00
Erik Krogh Kristensen
5a39708cf7 move TLabel to the Impl module and cache it 2022-02-11 10:54:45 +01:00
Erik Krogh Kristensen
36e02ae9ac Merge pull request #7912 from erik-krogh/moarApi
JS: convert more type-trackers to API-graphs
2022-02-11 10:32:45 +01:00
Erik Krogh Kristensen
daa96cc218 change some docstrings based on review, and make fields private 2022-02-11 10:25:54 +01:00
Tom Hvitved
0f60401919 Merge pull request #2513 from hvitved/csharp/null-maybe-capture
C#: Remove FPs from `cs/dereferenced-value-may-be-null`
2022-02-11 10:21:15 +01:00
Erik Krogh Kristensen
6ae4652ce9 make the Impl module private again 2022-02-11 10:17:24 +01:00
Arthur Baars
74ed89409c Merge pull request #7948 from github/release-prep/2.8.1
Release preparation for version 2.8.1
2022-02-11 10:13:34 +01:00
Erik Krogh Kristensen
3791b159fb Merge pull request #7892 from erik-krogh/nanSan
JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check
2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen
2ffd79d451 Merge pull request #7921 from erik-krogh/snapdragon
JS: add model for the snapdragon library
2022-02-11 10:10:55 +01:00
Arthur Baars
58a2597c3a C++: move change note lines to correct query pack 2022-02-11 09:52:36 +01:00
Asger Feldthaus
620bdf22c2 Go: add new sink to completetest.ql as well 2022-02-11 09:44:27 +01:00
Arthur Baars
6403a23af3 Merge pull request #693 from github/release-prep/2.8.1
Release preparation for version 2.8.1
2022-02-11 09:38:37 +01:00
Tom Hvitved
987b11c362 Merge pull request #7926 from hvitved/csharp/brotli
C#: Use Brotli instead of Gzip
2022-02-11 09:29:04 +01:00
Tamás Vajk
c5d917eb72 Improve formatting of 0.0.9 release notes 2022-02-11 09:19:43 +01:00
Asger Feldthaus
6bfc0a7a1c Go: use parseConstantOrRange in parseReturn 2022-02-11 08:38:15 +01:00
Asger Feldthaus
66545dbe41 Go: fix parsing of n1..n2 in parseConstantOrRange 2022-02-11 08:35:18 +01:00
Asger Feldthaus
a26bfb0926 Go: add test with Argument[0..2] spec 2022-02-11 08:34:31 +01:00
Esben Sparre Andreasen
a4447ce372 Update javascript/ql/lib/semmle/javascript/frameworks/Snapdragon.qll 2022-02-11 08:20:02 +01:00
luchua-bc
12c53baba4 Simplify the query 2022-02-11 01:05:06 +00:00
Harry Maclean
017183e7f3 Merge pull request #7919 from github/hmac/open-uri
Ruby: recognise additional form for OpenURI
2022-02-11 14:03:26 +13:00
Andrew Eisenberg
cba9e0b267 Fix paths in check-change-note
Library pack changes were being ignored.
2022-02-10 14:36:23 -08:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
github-actions[bot]
6f0e1a284f Release preparation for version 2.8.1 2022-02-10 22:08:16 +00:00
Andrew Eisenberg
9441ea940c Workflows: Augment workflow to ensure failure with invalid change notes 2022-02-10 13:52:54 -08:00
Erik Krogh Kristensen
f41bc64e30 add change-note 2022-02-10 22:41:35 +01:00
Arthur Baars
c9f898745c Merge pull request #7943 from github/aibaars/cpp-move-note
C++: move change note
2022-02-10 22:32:31 +01:00
Arthur Baars
6cba49abe3 C++: move change note 2022-02-10 22:13:54 +01:00
Arthur Baars
1fb3cbfeee Merge pull request #7940 from github/aibaars/js-move-note
Javascript: move change note
2022-02-10 21:20:06 +01:00
Arthur Baars
61ba896343 Javascript: move change note 2022-02-10 20:58:49 +01:00
Robert Marsh
dbe4770c7d C++: add initial insufficient key size query 2022-02-10 14:53:40 -05:00
Tom Hvitved
2b2196d638 Merge pull request #7927 from github/hvitved-patch-1
Add C# 10 and .NET 6 to `versions-compilers.rst`
2022-02-10 20:43:33 +01:00
Erik Krogh Kristensen
eb56a5aef3 support more patterns that recognize valid numbers 2022-02-10 19:50:35 +01:00
Artem Smotrakov
0ba229a64b Apply suggestions from code review (typos/formatting)
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-10 18:37:12 +00:00
Alex Ford
d55ba2542a Ruby: fix an alert 2022-02-10 18:35:22 +00:00
Geoffrey White
85d03fdbfd C++: Change note. 2022-02-10 18:05:41 +00:00
Erik Krogh Kristensen
02ed1ca392 add missing qldoc 2022-02-10 18:06:53 +01:00
yoff
a2532a86ea Merge pull request #7894 from tausbn/python-normalise-prefixes
Python: Normalise string prefixes
2022-02-10 17:57:11 +01:00
Erik Krogh Kristensen
9739929795 convert the ruby ApiGraphs to use IPA labels 2022-02-10 17:54:19 +01:00
Alex Ford
bc53570a25 Ruby: fewer mappings from dataflow nodes to ast nodes 2022-02-10 15:58:31 +00:00
Alex Ford
7c1bd9a533 Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow 2022-02-10 15:50:56 +00:00
Alex Ford
83a3808bbe Ruby: avoid marking mutator methods as being safe (i.e. not returning sensitive data) 2022-02-10 15:50:56 +00:00
Alex Ford
b46e4ccd71 Ruby: drop SanitizerIn from ClearTextLoggingQuery 2022-02-10 15:50:56 +00:00
Alex Ford
7b4af39315 Ruby: track masked variables potentially containing sensitive data more accurately 2022-02-10 15:50:56 +00:00
Alex Ford
59ab384825 Ruby: rb/clear-text-logging-sensitive-data - match on CFG nodes rather than AST nodes 2022-02-10 15:50:56 +00:00
Jonathan Leitschuh
eee521e6ce Fix test failure for TempDirLocalInformationDisclosure 2022-02-10 10:40:40 -05:00
Tom Hvitved
a3d631f2df Add C# 10 and .NET 6 to versions-compilers.rst 2022-02-10 15:45:00 +01:00
Tom Hvitved
1c66444a61 C#: Use Brotli instead of Gzip 2022-02-10 14:30:24 +01:00
Owen Mansel-Chan
317376583c Minor changes to qhelp 2022-02-10 13:25:20 +00:00
Owen Mansel-Chan
a008bd4f25 Add a change note 2022-02-10 13:25:20 +00:00
Robin Neatherway
4ba4b5a811 Add query help for WrappedErrorAlwaysNil 2022-02-10 13:25:20 +00:00
Owen Mansel-Chan
98c60f31a6 Simplify comparison of DataFlow::Node and IR::Instruction
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-10 13:25:19 +00:00
Owen Mansel-Chan
9b61ed9578 Add query "Wrapped error always nil" 2022-02-10 13:25:19 +00:00
Felicity Chapman
efed21b99a Merge pull request #7885 from Marcono1234/marcono1234/extractor-doc-improvements
Fix and improve Extractor options documentation formatting
2022-02-10 12:59:45 +00:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks
Approved by esbena
2022-02-10 12:50:36 +00:00
Felicity Chapman
5ec1fc11f9 Apply suggestions from code review 2022-02-10 12:41:37 +00:00
CodeQL CI
a57ee019c2 Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes
Approved by hvitved
2022-02-10 12:37:34 +00:00
Asger Feldthaus
6d4b4df717 Go: auto format 2022-02-10 13:27:46 +01:00
Asger Feldthaus
f66cad85be Go: sync FlowSummaryImpl.qll 2022-02-10 13:08:54 +01:00
Taus Brock-Nannestad
be323bafaf Merge remote-tracking branch 'upstream/main' into python-normalise-prefixes 2022-02-10 12:55:49 +01:00
CodeQL CI
1a91a79b5b Merge pull request #5841 from erik-krogh/libCode
Approved by esbena, ethanpalm
2022-02-10 11:36:45 +00:00
Mathias Vorreiter Pedersen
d05dbb285c Merge pull request #7841 from jketema/structured-bindings-fix
C++: Update C++ variable hiding test
2022-02-10 11:29:38 +00:00
Geoffrey White
b0c2a144cc C++: Remove no longer relevant tests. 2022-02-10 11:11:31 +00:00
Geoffrey White
20ad92a82e C++: Filter noisiest sources. 2022-02-10 11:11:30 +00:00
Geoffrey White
7b5b2fdcd1 C++: Modernize cpp/system-data-exposure as a path-problem using IR taint, RemoteFlowSinkFunction. 2022-02-10 11:11:26 +00:00
Geoffrey White
5490809bcf C++: Expand tests. 2022-02-10 10:43:21 +00:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Jeroen Ketema
46821fe136 Update C++ variable hiding test
Structured bindings are now handled better, so the false negative
related to structured bindings is now a true positive.
2022-02-10 10:58:32 +01:00
Tom Hvitved
58d90c7f8d Python: More points-to performance improvements 2022-02-10 10:29:30 +01:00
Tom Hvitved
7fd8d6dd30 Address review comments 2022-02-10 10:29:30 +01:00
Tom Hvitved
2de892bfd8 Python: Points-to performance improvements 2022-02-10 10:29:30 +01:00
Erik Krogh Kristensen
12d31d750a convert more type-trackers to API-graphs 2022-02-10 09:54:52 +01:00
Stephan Brandauer
a73cdf3527 Merge pull request #7911 from kaeluka/javascript/add-getFlowLabel-to-PathNode
JS: add a getFlowLabel method to the PathNode class
2022-02-10 09:10:08 +01:00
Jonathan Leitschuh
bafcce17d4 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-09 22:14:17 -05:00
Harry Maclean
d966ca8466 Ruby: recognise additional form for OpenURI 2022-02-10 15:42:15 +13:00
luchua-bc
ce03aeb4d9 Fixed an issue related to normalized path 2022-02-09 23:19:40 +00:00
Rasmus Wriedt Larsen
94f9656e8e Python: Solve deprecation warnings for old experimental queries 2022-02-10 00:09:43 +01:00
Harry Maclean
f30222256f Merge pull request #7061 from github/hmac/actiondispatch
Ruby: Rails route resolution
2022-02-10 09:46:36 +13:00
Chris Smowton
b51b6069fc Merge pull request #689 from github/codeql-cli-2.8.0-copy
Main merged into codeql-cli-2.8.0
2022-02-09 19:21:06 +00:00
Ethan Palm
2f7f9d9032 Move explanation of example above sample code 2022-02-09 10:45:24 -08:00
Jonathan Leitschuh
ded8d64301 Remove CAPC and add CWE-93 2022-02-09 12:31:53 -05:00
Jonathan Leitschuh
03fdee3767 Cleanup Netty Response Splitting Query 2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
8ffe878722 Apply suggestions from code review
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
2022-02-09 12:28:11 -05:00
Jonathan Leitschuh
c732cb7759 Add HTTP Request Splitting to Netty Query 2022-02-09 12:28:10 -05:00
Tamas Vajk
29391a173a Merge branch 'main' into codeql-cli-2.8.0-copy 2022-02-09 18:25:08 +01:00
Tamás Vajk
92862fa4b5 Merge pull request #684 from github/post-release-prep/codeql-cli-2.8.0
Post-release preparation for codeql-cli-2.8.0
2022-02-09 18:07:28 +01:00
Stephan Brandauer
3e88d46e0f add a getFlowLabel method to the PathNode class 2022-02-09 17:28:25 +01:00
Jonathan Leitschuh
49a73673b6 Fix FP from mkdirs call on exact temp directory 2022-02-09 11:04:23 -05:00
Tamás Vajk
6483a92587 Merge pull request #7865 from github/post-release-prep/codeql-cli-2.8.0
Post-release preparation for codeql-cli-2.8.0
2022-02-09 16:42:38 +01:00
github-actions[bot]
b3d63aca33 Post-release preparation for codeql-cli-2.8.0 2022-02-09 16:41:28 +01:00
github-actions[bot]
9c12f1a5fa Release preparation for version 2.8.0 2022-02-09 16:40:48 +01:00
Jonathan Leitschuh
787e3dac31 Update java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-09 10:07:56 -05:00
Tom Hvitved
c695388c29 Merge pull request #7891 from hvitved/ruby/dataflow/hide-ssa-nodes
Ruby: Hide more SSA nodes from data-flow path explanations
2022-02-09 15:56:15 +01:00
Tom Hvitved
0bd8411cb6 Ruby: Hide more SSA nodes from data-flow path explanations 2022-02-09 15:31:10 +01:00
Rasmus Lerchedahl Petersen
aa010e420b python: update qhelp 2022-02-09 15:27:39 +01:00
Rasmus Lerchedahl Petersen
75a2f92ce4 pthon: add change note 2022-02-09 15:23:36 +01:00
Mathias Vorreiter Pedersen
336c25d929 Merge pull request #7913 from RasmusWL/ql-qlpacks
QL: Streamline qlpacks
2022-02-09 13:37:19 +00:00
Rasmus Lerchedahl Petersen
313f9f056c python: switch to using concepts 2022-02-09 14:36:48 +01:00
Owen Mansel-Chan
85db49cd00 Merge pull request #685 from github/smowton/fix/windows-2019-ci
CI: Run on Windows 2019
2022-02-09 13:33:24 +00:00
Rasmus Lerchedahl Petersen
17aa2898f9 python: model (xpathEval from) libxml2 2022-02-09 14:25:43 +01:00
Rasmus Lerchedahl Petersen
e8649d8947 python: model (etree from) lxml 2022-02-09 14:15:17 +01:00
Rasmus Wriedt Larsen
1f50624cf4 QL: Streamline qlpacks
So they follow the same format as the other languages.

`git grep codeql-ql` in the ql/ subfolder does not yield any results
now.
2022-02-09 14:08:36 +01:00
Rasmus Wriedt Larsen
9d5e8d5bd8 Merge pull request #7842 from RasmusWL/consistency-queires
Misc: Streamline `consistency-queries/qlpack.yml`
2022-02-09 13:42:18 +01:00
jorgectf
85b5ef36ae XmlInjection -> XmlEntityInjection 2022-02-09 13:28:56 +01:00
Chris Smowton
c547f47ca2 CI: Run on Windows 2019
Tracer appears to not yet support win2022
2022-02-09 11:59:53 +00:00
Nick Rolfe
1eba8277ee Merge pull request #7614 from github/nickrolfe/array_flow_summaries
Ruby: add more Array/Enumerable flow summaries
2022-02-09 09:57:59 +00:00
Harry Maclean
f276904fa9 Ruby: Add nomagic pragma to helper 2022-02-09 22:38:35 +13:00
Michael Nebel
ff369f2a36 Merge pull request #7846 from michaelnebel/csharp/deconstruction
C# 10: Tuple deconstruction.
2022-02-09 10:08:16 +01:00
Mathias Vorreiter Pedersen
bbbb5268ce Merge pull request #7881 from geoffw0/clrtxtperf
CPP: Fix performance for cpp/cleartext-transmission
2022-02-09 09:03:44 +00:00
Erik Krogh Kristensen
5340530cb7 use the number guard in existing queries that contained typeof checks 2022-02-09 09:51:57 +01:00
Erik Krogh Kristensen
d6721ec574 implement a isNaN guard for unsafe-shell-command-construction 2022-02-09 09:51:57 +01:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
yoff
f21ac04285 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-09 09:22:31 +01:00
luchua-bc
4609227e76 Use data model for request/session attribute operations 2022-02-09 03:24:46 +00:00
jorgectf
3ccac4ed8a Update .expected 2022-02-08 23:59:36 +01:00
Jonathan Leitschuh
7f46640176 Consider calls to setReadable(false, false) then setReadable(true, true) to be safe 2022-02-08 17:57:10 -05:00
jorgectf
c6d8b97871 Make verifyCall() a private predicate 2022-02-08 23:37:17 +01:00
jorgectf
7b51b91d13 Improve test 2022-02-08 23:33:43 +01:00
jorgectf
ed60d16367 Refactor the way to check the verifying call 2022-02-08 23:33:30 +01:00
Jorge
f1fab98ea2 Merge branch 'github:main' into python_jwt 2022-02-08 23:12:58 +01:00
Taus Brock-Nannestad
54ae744b2c Python: Also update Python 2 file 2022-02-08 22:08:53 +01:00
Harry Maclean
3206384884 Merge pull request #7824 from github/hmac/constantize 2022-02-09 08:30:21 +13:00
Chuan-kai Lin
a7f1ee574c Upgrade scripts testing: set initial dbschemes
This commit sets initial dbschemes for cpp, csharp, java, javascript, and
python so that automated testing for upgrade scripts would also cover legacy
upgrades.
2022-02-08 11:11:41 -08:00
Tom Hvitved
b2419d60bd Merge pull request #7090 from hvitved/ruby/perf
Ruby: Cache more predicates
2022-02-08 20:02:33 +01:00
Chris Smowton
143d64c92c Merge pull request #7879 from github/smowton/admin/getting-started-mention-codeql-go-deps
Docs: Note codeql-go needs an install step before use
2022-02-08 18:07:26 +00:00
Alex Ford
81ed5d0ff7 Ruby: comment and node description fixes
Co-authored-by: Harry Maclean <hmac@github.com>
2022-02-08 18:03:29 +00:00
jorgectf
b00051e4ab Update .expected 2022-02-08 17:52:37 +01:00
jorgectf
01ad25f3f0 Apply .getALocalSource() and fix xmltodict's vulnerable predicate 2022-02-08 17:51:09 +01:00
jorgectf
7c4a6a12b0 Test polish 2022-02-08 17:50:39 +01:00
jorgectf
8f9cd16806 Update 2022-02-08 17:23:18 +01:00
Taus Brock-Nannestad
6ea8986daa Python: Normalise string prefixes 2022-02-08 16:48:17 +01:00
Erik Krogh Kristensen
4bbb7ad320 Merge pull request #7876 from erik-krogh/zipRelative
JS: recognize more startswith sanitizers for path-injection queries
2022-02-08 15:22:39 +01:00
Nick Rolfe
ade7921079 Merge pull request #7890 from github/nickrolfe/unique_node
Ruby/QL: add `unique` annotation on `node` column
2022-02-08 13:15:17 +00:00
Tom Hvitved
984e01ecf0 C#: Remove FPs from cs/dereferenced-value-may-be-null
Apply a conservative approach by filtering out results for accesses to
captured nullable values, when there is an (implicit) call to the capturing
callable which is `null`-guarded. For example:

```
bool M(int? i, IEnumerable<int> @is)
{
    if (i.HasValue)
        return @is.Any(j => j == i.Value); // GOOD
    return false;
}
```
2022-02-08 14:01:57 +01:00
Tom Hvitved
7948d965a0 C#: Add nullness tests for captured variables 2022-02-08 13:52:29 +01:00
Owen Mansel-Chan
034f3d5e76 Merge pull request #683 from lyoung-confluent/patch-2
Match gopkg.in import of squirrel for SQLi query
2022-02-08 12:19:15 +00:00
Tom Hvitved
3b5267eca5 Ruby: Cache DataFlow::Node::{toString,getLocation} 2022-02-08 13:03:42 +01:00
Tom Hvitved
f337459a4a Ruby: Cache capturedEntryWrite 2022-02-08 13:03:42 +01:00
Tom Hvitved
b041bc03d1 Ruby: Cache ConditionBlock::(immediately)Controls 2022-02-08 13:03:41 +01:00
Tom Hvitved
4037d1ff96 Ruby: Cache ErbDirective::getAChildStmt 2022-02-08 13:03:41 +01:00
Tom Hvitved
4c5f32ba4a Ruby: Cache exprNodeReturnedFrom 2022-02-08 13:03:31 +01:00
Tom Hvitved
45412fa17f Cache hasLocalSource 2022-02-08 13:03:27 +01:00
Chris Smowton
a6596ea7ce Fix test requirements, formatting 2022-02-08 12:01:32 +00:00
Rasmus Lerchedahl Petersen
3f36ccba92 python: add name to concept 2022-02-08 12:40:13 +01:00
Rasmus Lerchedahl Petersen
8665fe4817 python: add concept for XPath construction
also small fixup in `SqlConstruction`
2022-02-08 12:31:37 +01:00
Erik Krogh Kristensen
28ba78cb76 add explicit this 2022-02-08 12:20:21 +01:00
Rasmus Wriedt Larsen
3e01816f0c Python: Add change-note 2022-02-08 12:03:40 +01:00
Rasmus Lerchedahl Petersen
7d287f1698 python: add concept for xpath execution 2022-02-08 11:46:28 +01:00
Rasmus Lerchedahl Petersen
103b5761f3 python: remove superfluous configuration
this also removes duplicated nodes and edges
in the path results
2022-02-08 11:34:11 +01:00
Michael Nebel
c04e344192 Merge pull request #7749 from michaelnebel/csharp/lambda-improvements
C# 10 - Lambda improvements.
2022-02-08 11:28:55 +01:00
Benjamin Muskalla
b62df5a9ad Merge pull request #7872 from bmuskalla/fixCoverageCollection
Collect framework coverage on demand
2022-02-08 11:27:48 +01:00
Rasmus Lerchedahl Petersen
a9cfc60ea1 python: move supporting libraries
and update reference in query
2022-02-08 11:27:45 +01:00
Henry Mercer
eff0ca01b1 Merge pull request #7417 from github/henrymercer/java/update-telemetry-query-metadata
Java: Start running telemetry queries on Code Scanning
2022-02-08 10:26:30 +00:00
Rasmus Lerchedahl Petersen
88efcff818 python: move query
and update reference in query test
2022-02-08 11:24:09 +01:00
Chris Smowton
79654592d9 Apply suggestions from code review 2022-02-08 10:23:46 +00:00
Rasmus Lerchedahl Petersen
e51ba6f421 python: rename test directory 2022-02-08 11:20:10 +01:00
Rasmus Lerchedahl Petersen
e52dca0a35 python: move tests 2022-02-08 11:19:28 +01:00
Benjamin Muskalla
ff8a96b96d Rename framework coverage query
Move it to the other summary queries, update all references.
2022-02-08 11:14:03 +01:00
Rasmus Wriedt Larsen
a8edd44a3c Python: Update .expected 2022-02-08 11:12:34 +01:00
Benjamin Muskalla
85a8efab63 Update .github/workflows/csv-coverage-metrics.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:07:56 +01:00
Benjamin Muskalla
6e3d2a2046 Update misc/suite-helpers/security-and-quality-selectors.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:07:35 +01:00
Benjamin Muskalla
fb91821882 Update misc/suite-helpers/security-extended-selectors.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:06:51 +01:00
Benjamin Muskalla
94c517efd6 Update misc/suite-helpers/code-scanning-selectors.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:06:35 +01:00
Benjamin Muskalla
284c397883 Update misc/suite-helpers/lgtm-selectors.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:06:30 +01:00
Benjamin Muskalla
e7823a78ef Update .github/workflows/csv-coverage-metrics.yml
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-02-08 11:06:21 +01:00
Nick Rolfe
fa16ff9ffc QL for QL: make node column unique 2022-02-08 09:59:11 +00:00
Nick Rolfe
8881031d0a Ruby: add upgrade/downgrade scripts 2022-02-08 09:57:55 +00:00
Nick Rolfe
2037368f62 Ruby: make node column unique 2022-02-08 09:55:34 +00:00
Nick Rolfe
dbe2951aec Merge pull request #7880 from github/nickrolfe/locations_column_ql
QL for QL: sync changes from Ruby
2022-02-08 09:53:06 +00:00
CodeQL CI
db8ffb5ba9 Merge pull request #7870 from erik-krogh/nodeReExport
Approved by esbena
2022-02-08 09:44:25 +00:00
Erik Krogh Kristensen
d73b2effa0 rename maybeGetJoinArg maybeGetPathSuffix 2022-02-08 10:42:06 +01:00
Asger Feldthaus
862c3b9752 Ruby: autoformat 2022-02-08 10:22:15 +01:00
Asger Feldthaus
2b36703bfb Ruby: add def= tags to API graph test 2022-02-08 10:20:25 +01:00
Geoffrey White
6005f3d2d4 C++: Add pragma[noinline]. 2022-02-08 09:13:51 +00:00
Asger Feldthaus
66b1c86402 Ruby: update qldoc for def predicate 2022-02-08 10:00:14 +01:00
Asger Feldthaus
9ac526be89 Ruby: change binding for getParameter/getKeywordParameter 2022-02-08 09:36:05 +01:00
Asger Feldthaus
073493bb2e Ruby: fix qldoc for getMethod 2022-02-08 09:28:07 +01:00
luchua-bc
ff4826d203 Correct the data model and update qldoc 2022-02-08 04:02:27 +00:00
Erik Krogh Kristensen
cc3f9bf2a8 fix performance issue by inlining a simpler version of getASourceProp 2022-02-08 00:22:01 +01:00
Erik Krogh Kristensen
aa95dd4ec7 fix typo
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-02-08 00:19:40 +01:00
Harry Maclean
3031b39dc1 Ruby: prevent bad join in ActionController.qll 2022-02-08 12:10:23 +13:00
Marcono1234
d0547cdbfd Fix and improve Extractor options documentation formatting 2022-02-07 21:05:14 +01:00
Jonathan Leitschuh
c4112e6d4c Post refactor fixiup 2022-02-07 15:02:13 -05:00
Robert Marsh
56caa5dfd6 C++: fix hasImplicitCopyConstructor for templates
Fixes some cases in instantiations of templates with manually written
copy constructors or copy assignment operators where
hasImplicitCopyConstructor would incorrectly hold
2022-02-07 14:26:28 -05:00
Luke Young
324f8f7eba codeql query format 2022-02-07 11:24:02 -08:00
Chris Smowton
de38638db6 Combine CWE-200 queries 2022-02-07 14:22:36 -05:00
Rasmus Wriedt Larsen
eb109828c0 Merge pull request #7252 from museljh/feature/cwe-338
Python: CWE-338 insecureRandomness
2022-02-07 19:30:06 +01:00
Robert Marsh
61c315d74b C++: test for explicit template copy constructor 2022-02-07 12:56:59 -05:00
Nick Rolfe
073d325750 QL for QL: update dbscheme stats 2022-02-07 17:54:35 +00:00
Nick Rolfe
3ee109731a QL for QL: sync changes from Ruby
In particular, update the dbscheme to put location columns in a single
table.
2022-02-07 17:44:40 +00:00
Nick Rolfe
9217d0e1b9 Merge pull request #7875 from github/nickrolfe/locations_column
Ruby: put AST node locations in a single table
2022-02-07 17:43:33 +00:00
Geoffrey White
6727069893 C++: Autoformat. 2022-02-07 17:33:11 +00:00
Geoffrey White
d1b6871314 C++: Restrict type. 2022-02-07 17:32:52 +00:00
Geoffrey White
005dfdffdb C++: Speed up cpp/cleartext-transmission ('Encrypted' class). 2022-02-07 17:19:25 +00:00
Chris Smowton
27b9e1c01b Docs: Note codeql-go needs an install step before use 2022-02-07 16:11:42 +00:00
Erik Krogh Kristensen
b59c7911a3 update locations of expected output 2022-02-07 15:23:26 +01:00
Erik Krogh Kristensen
ca5f91e587 recognize more startswith sanitizers for path-injection queries 2022-02-07 14:19:13 +01:00
Michael Nebel
f21e084628 C#: Fix issue in naming of class in test file. 2022-02-07 14:15:59 +01:00
Michael Nebel
f5fc15e74d C#: Add some testcases to cover mixed assignment and declarations in tuples. 2022-02-07 14:11:31 +01:00
Michael Nebel
0cf4b3fbcc C#: Added dataflow testcases for tuple mixed initialization and assignment. 2022-02-07 14:11:31 +01:00
Michael Nebel
bcf732a7cb C#: Re-factor tuple tests to use the default value flow configuration. 2022-02-07 14:11:31 +01:00
Michael Nebel
f478bf5b9b Merge pull request #7809 from michaelnebel/csharp/test-pattern-match-flow
C#: Add flow test cases for undetected value flow, when making variable bindings in pattern matching.
2022-02-07 14:05:50 +01:00
Nick Rolfe
881776a2ac Ruby: delete commented-out code 2022-02-07 12:50:06 +00:00
Nick Rolfe
e049f08c24 Ruby: update dbscheme stats 2022-02-07 12:42:34 +00:00
Erik Krogh Kristensen
6f28cb9201 lower the precision of js/unsafe-code-construction 2022-02-07 13:35:29 +01:00
Erik Krogh Kristensen
06f9924194 add change note 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
896d2bad0e update expected output now that JSON.stringify() is seen as a sanitizer 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d1d4ebb3b5 add values written to the global scope as exports 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
91b03f56ad move .qll files from src to lib 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
eb133f59f6 update qhelp to focus on properly documenting potentially unsafe library functions 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
a9f7756788 reuse utility predicate 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
681179dcbb add comment about parameters named "code" 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
53315e6ab6 ignore sources named "code" 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
59cc099008 add missing qldoc 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d77c28f6a7 add qhelp for unsafe-code-construction 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d790f3ccbb add test for unsafe-code-construction query 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
198a464346 add js/unsafe-code-construction query 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
955ad8c458 add JSON.stringify as a code-injection sanitizer 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
68a5c1f5b5 add code-injection sink for calls to node 2022-02-07 13:34:18 +01:00
Rasmus Wriedt Larsen
62702d0ca9 Python: Fix setStoreStep to use SetElementContent 2022-02-07 13:18:36 +01:00
Nick Rolfe
b3b2bba618 Ruby: make some generated predicates final 2022-02-07 12:17:50 +00:00
Rasmus Wriedt Larsen
b276b2d48c Python: Clean up taint steps for attributes 2022-02-07 13:12:31 +01:00
Rasmus Wriedt Larsen
59160eeb24 Python: Add test showing taint for attr store
In `x.arg = TAINTED_STRING` there is a store step to the attribute `arg`
of `x`. In our taint modeling, we allow _any_ store step with the code
below. This means that we also say there is a taint-step directly from
`TAINTED_STRING` to `x` :|

```codeql
  // construction by literal
  // TODO: Not limiting the content argument here feels like a BIG hack, but we currently get nothing for free :|
  DataFlowPrivate::storeStep(nodeFrom, _, nodeTo)
```
2022-02-07 13:12:28 +01:00
Nick Rolfe
b43cc23277 Ruby: add db downgrade script 2022-02-07 12:10:36 +00:00
Nick Rolfe
e8855c3718 Ruby: add db upgrade script 2022-02-07 12:10:36 +00:00
Nick Rolfe
388d361ec3 Ruby: put AST node locations in a single table 2022-02-07 12:10:36 +00:00
Michael Nebel
99f89f1fe2 C#: Update db stats file. 2022-02-07 12:57:10 +01:00
Mathias Vorreiter Pedersen
55e69d421c Merge pull request #7849 from Yonah125/main
C/C++: Useless Test : verification of "Fully converted" Type
2022-02-07 11:46:51 +00:00
Benjamin Muskalla
2f94356899 Run daily 2022-02-07 12:12:29 +01:00
Benjamin Muskalla
bd417769ce Add workflow to upload metrics 2022-02-07 12:08:18 +01:00
Benjamin Muskalla
a1432c47dc Exclude framework coverage query from suites
We don't want to run this query on any database but rather
in a specific setup. Exclude from suites by default.
2022-02-07 12:08:18 +01:00
Benjamin Muskalla
9af50f5216 Turn framework coverage into metric query 2022-02-07 12:08:18 +01:00
Jeroen Ketema
1f2865c7cc Merge pull request #7798 from jketema/missing-open-arg
C++: Add query for missing mode argument in `open`/`openat` calls
2022-02-07 12:01:44 +01:00
BACK Yonah
61dc9ef12e C/C++: AutoFormat fix 2022-02-07 11:41:17 +01:00
Rasmus Wriedt Larsen
32cd7d6fa7 Add groups to all consistency-queries/qlpack.yml
as discussed in PR review
2022-02-07 11:15:48 +01:00
Tom Hvitved
dc09e87cb2 Ruby: Use SimpleSummarizedCallable in a few more places 2022-02-07 11:05:32 +01:00
Erik Krogh Kristensen
0584a6acaf recognize a nodejs re-exports in a loop 2022-02-07 10:12:38 +01:00
Erik Krogh Kristensen
4c317f5753 apply suggestions from doc review
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
2022-02-07 09:43:49 +01:00
Michael Nebel
b2e18ebae1 C#: Lambda improvements change note. 2022-02-07 09:22:46 +01:00
Michael Nebel
782d6da754 C#: Support for lambda expression explicit return types and lambda attributes. 2022-02-07 09:19:47 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Arthur Baars
ac03fab986 Merge pull request #7753 from aibaars/ruby-3.1
Ruby 3.1 features
2022-02-06 21:06:16 +01:00
Artem Smotrakov
f53b2fcc62 Updated IgnoredHostnameVerification.ql to cover more uses of HostnameVerifier.verify() 2022-02-06 11:23:20 +00:00
jorgectf
d2f07e4df2 Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization 2022-02-05 16:20:17 +01:00
Jorge
99e14d16bc Merge branch 'github:main' into jorgectf/python/deserialization 2022-02-05 16:20:09 +01:00
Jonathan Leitschuh
1f47ea5164 Update to new change note format 2022-02-04 17:16:12 -05:00
Jonathan Leitschuh
0268dd9f0a Add file creation sanitizer 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
9299c7996d Add information disclosure test fix suggestions 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
0a621c2801 Fix the formatting in TempDirLocalInformationDisclosureFromMethodCall 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
79db76dcf8 Fix test failures TempDirLocalInformationDisclosureFromSystemProperty 2022-02-04 17:10:27 -05:00
Jonathan Leitschuh
d5c9af31b2 Fixup documentation/code from PR feedback 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
f7a4aac525 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a4b5573f53 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
a8d25b63ac Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-02-04 17:10:26 -05:00
Chris Smowton
e795823d97 Autoformat TempDirUtils.qll 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
7e514e9ef9 Add QLdoc and fix Compiler Errors in Tests 2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
cb30385684 Update java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-02-04 17:10:26 -05:00
Jonathan Leitschuh
df716cbaa0 Revert changes to MethodAccessSystemGetProperty 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
66831989b7 Add QLdoc to TempDirUtils 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7e55c92eb4 Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
c19f52cd04 Add release notes for "Temporary Directory Local information disclosure" 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f6067d28f9 Fix file names and formatting from PR feedback 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
41b5011b81 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
7929faedc0 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
f910fd4719 Remove path flow tracking in 'TempDirLocalInformationDisclosureFromMethodCall' 2022-02-04 17:10:25 -05:00
Jonathan Leitschuh
e4c017e888 Apply suggestions from code review
Co-authored-by: Arthur Baars <aibaars@github.com>
2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
13fed0e9b6 Temp Dir Info Disclosure: Final pass and add documentation 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
bc12e994b0 Add java.nio.file.Files API checks 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
ecad7534ae Add mkdirs check 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
cf0ed81575 Add TempDir taint tracking for Files.write 2022-02-04 17:10:24 -05:00
Jonathan Leitschuh
3a15678b1e Java: CWE-200: Temp directory local information disclosure vulnerability 2022-02-04 17:10:23 -05:00
Erik Krogh Kristensen
ab2d3a7ca0 Merge pull request #7828 from Naman-ntc/main
JS: Adding model for `.get` function of `Map` in Unvalidated Dynamic Method Call
2022-02-04 20:19:02 +01:00
Erik Krogh Kristensen
f00d723c49 Merge pull request #7843 from erik-krogh/CVE-2021-23484
JS: add file sources from `jszip` to `js/zip-slip`
2022-02-04 20:17:43 +01:00
BACK Yonah
21fdc53d62 C/C++: Using UnspecifiedType instead of Type 2022-02-04 19:12:15 +01:00
Nick Rolfe
9744cf2457 Ruby: apply suggested simplification from review 2022-02-04 17:14:47 +00:00
Nick Rolfe
aaff3226c9 Ruby: prefer ...isInt(x) over x = ...getInt() 2022-02-04 17:10:22 +00:00
BACK Yonah
b2ca25abef Merge branch 'main' of https://github.com/github/codeql 2022-02-04 18:09:19 +01:00
BACK Yonah
f4a1d1d5e6 C/C++: Useless Test Fully converted verification 2022-02-04 18:05:03 +01:00
Nick Rolfe
45962f1cad Ruby: make this unique for each method
Even when summaries are shared in a single class.
2022-02-04 17:03:55 +00:00
BACK Yonah
34320cb57b C/C++: Useless Test Fully converted verification 2022-02-04 18:03:29 +01:00
Ian Wright
6c3daf49f9 Merge pull request #7785 from github/z80coder/impose-length-restriction
Restrict AST nodes according to string length
2022-02-04 16:35:04 +00:00
Nick Rolfe
7a9ddc28bf Ruby: address some more feedback on array flow summaries 2022-02-04 16:33:27 +00:00
Henry Mercer
bb1e89d261 Merge pull request #7848 from github/henrymercer/js-ml-powered-codeowners
JS: Add codeowners for ML-powered queries
2022-02-04 16:08:56 +00:00
Michael Nebel
6ee30843bb C#: Add lambda attributes test cases. 2022-02-04 16:54:49 +01:00
Henry Mercer
22ef35e13a JS: Add codeowners for ML-powered queries
Create a new reviewers team @github/codeql-ml-powered-queries-reviewers
for reviewing ML-powered queries and the associated CodeQL libraries.
2022-02-04 15:49:44 +00:00
Ian Wright
be5e8dae05 Update javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll
Co-authored-by: Henry Mercer <henrymercer@github.com>
2022-02-04 15:41:50 +00:00
Michael Nebel
7b3ba3cb96 C#: Modify database schema to allow lambda expression to be attributable and extract the lambda expression attributes. 2022-02-04 16:34:58 +01:00
Michael Nebel
f412d49ba4 C#: Add some examples lambdas with different kind of attributes and update existing testcases. 2022-02-04 16:34:58 +01:00
Michael Nebel
bb3f9cea3a C#: Update test cases(s) expected output. 2022-02-04 16:34:58 +01:00
Michael Nebel
7520948ec4 C#: Add test case for finding lambdas with explicit return types. 2022-02-04 16:34:58 +01:00
Michael Nebel
83a5ef4961 C#: Examples of lambda expressions with explicit return types. 2022-02-04 16:34:58 +01:00
Michael Nebel
25019dbaa0 C#: Add support QL library support for lambda explicit return types. 2022-02-04 16:34:58 +01:00
Michael Nebel
eb8c226749 C#: Add support for explicit return types in the extractor. 2022-02-04 16:34:58 +01:00
Michael Nebel
ae62704d3a C#: Add table for explicit return type in lambda expressions. 2022-02-04 16:34:57 +01:00
Michael Nebel
ccb727e3ca C#: Test cases that shows that lambdas can be naturally (implicitly) typed and that the type is indistinguishable from the equivalent explicitly typed declaration. 2022-02-04 16:34:57 +01:00
Michael Nebel
a67033034a C#: Example of naturally typed lambda. 2022-02-04 16:34:57 +01:00
jorgectf
43fde3561f Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization 2022-02-04 16:32:11 +01:00
Jorge
d96eb01b9c Merge branch 'github:main' into jorgectf/python/deserialization 2022-02-04 16:32:01 +01:00
Ian Wright
e57a0e0e2f Update javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll
Co-authored-by: Henry Mercer <henrymercer@github.com>
2022-02-04 15:21:56 +00:00
Ian Wright
b38335a6c2 add QL comment; inline a predicate; restore a comment 2022-02-04 15:21:09 +00:00
Nick Rolfe
ed00f2b0d2 Ruby: address some feedback on array flow summaries 2022-02-04 13:40:39 +00:00
Erik Krogh Kristensen
edcb3ba902 add file sources from jszip to js/zip-slip 2022-02-04 14:39:49 +01:00
Tom Hvitved
693aa69abd Update csharp/ql/consistency-queries/qlpack.yml 2022-02-04 14:38:25 +01:00
yoff
182c62f5c3 Merge pull request #7838 from tausbn/python-fix-charset-performance-problem
Python: Fix performance issue in `charSet`
2022-02-04 14:18:13 +01:00
Michael Nebel
567768134f Merge pull request #7792 from michaelnebel/csharp/attributes
C#: Attribute kind and return value attributes.
2022-02-04 14:10:51 +01:00
Taus
67be20f368 Python: Remove implied inequalities
Also gets rid of `inner_end`, since we're already doing `end - 1 = ...`
in the other fix (and so this is more consistent).
2022-02-04 12:46:06 +00:00
Benjamin Muskalla
eee03ebe3b Merge pull request #7767 from bmuskalla/regenerateModelScript
Java: Regenerate framework models automatically
2022-02-04 13:29:46 +01:00
Naman Jain
009c95774e update expected files 2022-02-04 12:28:17 +00:00
Michael Nebel
6487b546dc C#: Update TargetFramework testcases expected files as well, as these also uses the string representation of the attributes. 2022-02-04 13:05:08 +01:00
Nick Rolfe
161d766ba9 Ruby: address review comments on array_flow.rb 2022-02-04 11:59:59 +00:00
Michael Nebel
ade119f4a8 C#: Add flow test cases for undetected value flow, when making variable bindinds in pattern matching. 2022-02-04 12:57:58 +01:00
Jeroen Ketema
b967eaf25d Add documentation for parseHex 2022-02-04 12:35:13 +01:00
Rasmus Wriedt Larsen
c817ba5718 Python: Add consistency-queries/qlpack.yml
But no queries yet
2022-02-04 12:08:54 +01:00
Rasmus Wriedt Larsen
0bcfc4b657 Ruby: Update consistency-queries/qlpack.yml
I'm not sure whether this means the consistency queries were run using
the 0.0.1 release of the `codeql/ruby-all` qlpack, but using `"*"` at
least ensures that it is always using the version from the CodeQL repo.
2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
580d7d9df0 QL: Update consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
1db4bdc607 C#: Update consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
2220d3cc47 Misc: Allow */ql/consistency-queries/qlpack.yml 2022-02-04 12:06:50 +01:00
Rasmus Wriedt Larsen
2e788ea86e Python: Accept deprecation warnings for old tests 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
438a01e911 Python: Deprecate old bottle points-to extension 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
c9e36aaf72 Python: Fix deprecated deprecated 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
9ec531f040 Python: Add deprecation change-note 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
84fdd8a739 Python: Add non-deprecated httpVerb to Concepts 2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen
5a032d6f84 Python: deprecate old taint-tracking related predicates 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
dba6b60c80 Python: Deprecate old library modeling 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
a40fdf7a7c Python: Deprecate old web modeling 2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen
14a1aa0c11 Python: Add change-note
I went with `minorAnalysis` instead of `majorAnalysis`, since I don't
think the impact of this change will be major (but that's just my gut
feeling).
2022-02-04 12:00:49 +01:00
Rasmus Wriedt Larsen
b2ce0fcb72 Python: Add post-update nodes to args of unresolved calls
Besides solving the problem with `setattr`, it also solved some old
problems with json library modeling (yay).
2022-02-04 11:51:53 +01:00
Michael Nebel
f365477996 C#: Address review comments and update test output. 2022-02-04 11:48:12 +01:00
Benjamin Muskalla
bc5753cb20 Fix path expression 2022-02-04 11:43:18 +01:00
Naman Jain
5e1ca3154f Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood3.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-02-04 16:13:05 +05:30
Naman Jain
5121414a53 Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood4.js
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-02-04 16:12:58 +05:30
Rasmus Wriedt Larsen
e9b496ba73 Merge pull request #7831 from RasmusWL/printast-remove-regexp
Python: Remove `RegExpTerm` from PrintAST
2022-02-04 11:38:58 +01:00
Asger Feldthaus
0a0d9583b4 Ruby: rephase comment for MkDef 2022-02-04 11:37:54 +01:00
Mathias Vorreiter Pedersen
2e2913b921 Merge pull request #7839 from rdmarsh2/rdmarsh2/ir-initializer-inheritance-fix
C++: fix IR generation for constructor base inits when no constructor is present.
2022-02-04 10:32:57 +00:00
Asger Feldthaus
0189e8abb4 Ruby: autoformat 2022-02-04 11:32:31 +01:00
Benjamin Muskalla
fcaead4004 Enable debugging action 2022-02-04 11:29:36 +01:00
Benjamin Muskalla
b747391c74 Improve error handling and refactor base path 2022-02-04 11:26:19 +01:00
Asger Feldthaus
87c62db781 Ruby: disable test line not currently working 2022-02-04 11:20:42 +01:00
Asger Feldthaus
75b72361ce Ruby: add toString and locations to the new node types 2022-02-04 11:20:42 +01:00
Asger Feldthaus
7373a503f6 Ruby: Populate ArgumentPosition based on keyword arguments 2022-02-04 11:20:42 +01:00
Asger Feldthaus
5e350a0270 Ruby: Derive edge labels from {Argument,Parameter}Position 2022-02-04 11:20:42 +01:00
Asger Feldthaus
040e56623c Ruby: add getAValueReachingRhs 2022-02-04 11:20:42 +01:00
Asger Feldthaus
17dd5cd581 Ruby: remove a stray TODO 2022-02-04 11:20:42 +01:00
Asger Feldthaus
d2e381aa79 Ruby: more def-node tests 2022-02-04 11:20:41 +01:00
Asger Feldthaus
32e0f42969 Ruby: refactor Return(x) to Method(x).return 2022-02-04 11:20:39 +01:00
Asger Feldthaus
55b5f19b92 Ruby: Add def-nodes to API graphs 2022-02-04 11:06:35 +01:00
Asger Feldthaus
9c17a5ce99 Ruby: replace "instance" label with a call to new 2022-02-04 11:03:25 +01:00
Asger Feldthaus
5858732da1 Ruby: change useStep signature 2022-02-04 11:01:04 +01:00
Asger Feldthaus
e6fdd4d34a Ruby: Make hasLocalSource private/cached 2022-02-04 11:01:03 +01:00
Asger Feldthaus
9a496e647f Ruby: Drive-by fix type-tracking through params with default values 2022-02-04 11:01:03 +01:00
Esben Sparre Andreasen
d08c0f7852 Merge pull request #7817 from github/esbena-patch-7
Document and format event-stream-orig.js
2022-02-04 10:26:30 +01:00
Jeroen Ketema
9f4e261625 Set precision of cpp/open-call-with-mode-argument to high 2022-02-04 10:01:25 +01:00
Jeroen Ketema
ef2a70e00c Limit open/openat target to global/std scope 2022-02-04 09:51:10 +01:00
Mathias Vorreiter Pedersen
bc17df55ee Merge pull request #7830 from MathiasVP/fix-ir-reevaluation-in-return-stack-allocated-memory
C++: Fix re-evaluation in `cpp/return-stack-allocated-memory`
2022-02-04 08:32:40 +00:00
Esben Sparre Andreasen
72b5edc144 Document and format event-stream-orig.js
Some anti-virus products (rightfully) flag this event-stream-orig.js as a malicious file.
This change does two things:
- neutralises the file such that the code can not be run accidentally
- documents the purpose of the file
2022-02-04 09:27:47 +01:00
Luke Young
3b32425567 remove .v1 from gopkg.in 2022-02-03 23:36:11 -08:00
Erik Krogh Kristensen
5e23da813f rename named-parameters to keyword-parameters 2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen
e434f075fa introduce, and use, API::APICallNode 2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen
3801a158a8 remove module exporst nodes from API graphs 2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen
c3f4a851f0 remove some TODOs I won't do 2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen
3be3da2eb6 add recursive API-graph test 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
ef5818e243 support import * in ApiGraphs 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
16774ba285 add support for named parameters in API graphs 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
095c73f1fe redo the ApiGraph testing framework 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
66fd43fc3b add def edge for function returns 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
d8eea7ba4c property writes are def nodes 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
a908b219e9 more backtracking of def nodes, and lots of tests 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
038b032a43 get basic module exports to work in API-graphs 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
df9efbe778 get mimimal def nodes to work in python 2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen
52ca0d168b move API-graph tests out of the experimental test folder 2022-02-03 23:10:37 +01:00
Erik Krogh Kristensen
89786d9ce2 rename pr to ref in memberFromRef 2022-02-03 23:10:37 +01:00
Luke Young
dea1959e21 Match gopkg.in import of squirrel for SQLi query 2022-02-03 13:29:38 -08:00
Harry Maclean
ab7fd89653 Merge pull request #7663 from github/hmac/api-graph-subclass
Ruby: Add basic subclassing support to API Graphs
2022-02-04 10:19:07 +13:00
Harry Maclean
e328c6222a Merge pull request #7797 from github/hmac/pin-rust
Ruby: Pin Rust to 1.54
2022-02-04 10:18:46 +13:00
Taus
22aa4c9379 Python: Fix performance issue in charSet
Observed on `mozilla/bugbug` on the 2.8.0 CLI branch, we had the
following line in the timing report:
```
FullServerSideRequestForgery.ql-17:regex::RegexString::charSet_dispred#fff#antijoin_rhs ............... 1m13s
```

Inspecting the logs, we see the following join:

```
(644s) Tuple counts for regex::RegexString::charSet_dispred#fff#antijoin_rhs/5@f295d1bk after 1m13s:
1         ~0%         {1} r1 = CONSTANT(unique string)["]"]
2389      ~4%         {3} r2 = JOIN r1 WITH regex::RegexString::nonEscapedCharAt_dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Rhs.2 'arg1', (Rhs.2 'arg1' + 1)
668873    ~0%         {6} r3 = JOIN r2 WITH regex::RegexString::char_set_start_dispred#fff ON FIRST 1 OUTPUT Lhs.0 'arg0', "]", Lhs.1 'arg1', Lhs.2 'arg2', Rhs.1 'arg3', Rhs.2 'arg4'
537501371 ~4%         {7} r4 = JOIN r3 WITH regex::RegexString::nonEscapedCharAt_dispred#fff_021#join_rhs ON FIRST 2 OUTPUT Lhs.0 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3', Lhs.5 'arg4', "]", Rhs.2
269085087 ~0%         {7} r5 = SELECT r4 ON In.6 > In.4 'arg4'
89583155  ~3%         {7} r6 = SELECT r5 ON In.6 < In.1 'arg1'
89583155  ~26634%     {5} r7 = SCAN r6 OUTPUT In.0 'arg0', In.1 'arg1', In.2 'arg2', In.3 'arg3', In.4 'arg4'
                    return r7
```
Now, this is problematic not just because of the large intermediary join
but also because of the large number of tuples being materialised at the
end. The culprit in this case turns out to be this bit of `charSet`:
```
not exists(int mid | this.nonEscapedCharAt(mid) = "]" | mid > inner_start and mid < inner_end)
```

Rewriting this to instead look for the minimum index at which a `]`
appears resulted in a much nicer join.

I also fixed up a similar issue surrounding the `\N` unicode escape.
Not that I think this will necessarily be relevant, but the `min`-based
solution is more robust either way.
2022-02-03 20:42:04 +00:00
Robert Marsh
8544cff1c4 Merge pull request #7836 from geoffw0/clrtxt9
C++: Fix more FPs in cpp/cleartext-transmission
2022-02-03 15:18:55 -05:00
Chuan-kai Lin
c8bc5cfa75 Merge pull request #7825 from github/cklin/python-downgrade-scripts
Python: adjust downgrade script location and format
2022-02-03 11:40:07 -08:00
Michael Nebel
32756cd442 C#: Update stats after the change in the attributes relation. 2022-02-03 20:00:33 +01:00
Robert Marsh
55cbff7614 C++: fix for constructor init without constructor 2022-02-03 13:44:02 -05:00
Harry Maclean
912842623d Simplify cache key 2022-02-04 07:41:29 +13:00
Robert Marsh
836c47abb3 C++: test for constructor init without constructor 2022-02-03 13:34:05 -05:00
Geoffrey White
8031c3f699 Merge branch 'main' into clrtxt9 2022-02-03 17:01:59 +00:00
Geoffrey White
02b1774d7f C++: Switch from GVN to localFlow. 2022-02-03 16:00:26 +00:00
Tom Hvitved
ef227a4721 Merge pull request #7784 from hvitved/csharp/dotnet6
C#: Use .NET 6
2022-02-03 16:42:26 +01:00
Geoffrey White
3cfd1b5052 C++: More test cases. 2022-02-03 15:11:59 +00:00
Rasmus Wriedt Larsen
8386b36217 Python: Apply suggestions from code review
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-02-03 15:00:04 +01:00
Geoffrey White
3b844f701e C++:Change note. 2022-02-03 13:58:38 +00:00
Rasmus Wriedt Larsen
5cd08b8e8c Python: Ignore .isAbsent() from ClassCall
This means that DataFlowCall is only for resolvable calls, which might not seem
like a big thing in itself, but enables the next commit to actually work :P
2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
a5c2341204 Python: Add simple test of DataFlowCall
Notice the strange thing with treating `mypkg.foo(42)` as a ClassCall,
but completely ignoring `mypkg.subpkg.bar(43)` -- due to having the two
`ClassValue`s:

- `Missing module attribute mypkg.foo`
- `Missing module attribute mypkg.subpkg`

But not `Missing module attribute mypkg.subpkg` with the current import
structure.
2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
48aa07d67a Python: Handle SyntheticPreUpdateNode in PrintNode 2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
49b5d60229 Python: Use AttrRead/AttrWrite for attr read/store steps
Note that this doesn't actually add the desired flow from setattr, due
to missing post-update note. This will be fixed in later commit.
2022-02-03 14:58:30 +01:00
Rasmus Wriedt Larsen
5774459dfb Python: restrict AttrRead with AttrNode.isLoad() 2022-02-03 14:58:23 +01:00
Rasmus Wriedt Larsen
cf68148316 Python: Add change-note 2022-02-03 14:29:02 +01:00
Rasmus Wriedt Larsen
e2de0e61ca Python: Remove RegExpTerm from PrintAST
Since this caused bad performance (as we had to evaluate points-to).

Fixes https://github.com/github/codeql/issues/6964

This approach was motivated by the comment on the issue from @tausbn:

> We discussed this internally in the CodeQL Python team, and have
> agreed that the best approach for now is to disable the printing of
> regex ASTs.

I tried to keep our RegExpTerm logic, but doing the fix below did not
work, and still evaluated RegExpTerm :| I guess we will just have to
revert this PR if we want it back

```diff
   TRegExpTermNode(RegExpTerm term) {
+    none() and
     exists(StrConst str | term.getRootTerm() = getParsedRegExp(str) and shouldPrint(str, _))
   }
```
2022-02-03 14:22:14 +01:00
Arthur Baars
6525035f0a Address comments 2022-02-03 13:47:03 +01:00
Erik Krogh Kristensen
e93c46ad31 Merge pull request #7811 from erik-krogh/pyApiIpa
Python: refactor API-graph labels to an IPA type
2022-02-03 12:31:39 +01:00
Mathias Vorreiter Pedersen
58993e2dc6 C++: Fix re-evaluation by importing GVN. 2022-02-03 11:16:14 +00:00
Jeroen Ketema
0b9b6d7b98 Address review comments 2022-02-03 12:09:18 +01:00
Erik Krogh Kristensen
5284bbb6b3 Merge pull request #7821 from erik-krogh/upload-sarif
QL: upload sarif as part of the QL-for-QL workflow
2022-02-03 12:05:51 +01:00
Jeroen Ketema
4d03082f16 Ensure that O_CREAT and O_TMPFILE are unique 2022-02-03 11:24:20 +01:00
Henry Mercer
224d7a7ce0 Merge pull request #7801 from github/henrymercer/js-atm-migrate-tests
JS: Migrate CodeQL tests for ML-powered queries
2022-02-03 10:17:19 +00:00
Ian Wright
dca03d7b5d reinstate the AST node limit to minimize change to feature values 2022-02-03 09:45:35 +00:00
Ian Wright
d5ab119039 actually count the number of chars 2022-02-03 09:41:51 +00:00
Jeroen Ketema
e1ca5dd120 Simplify text in change note 2022-02-03 10:36:30 +01:00
Naman Jain
9809d30f00 file renaming and updated expected file 2022-02-03 09:35:17 +00:00
Naman Jain
adc8bf37fe fixed mistake in examples 2022-02-03 09:29:42 +00:00
Jeroen Ketema
5a2ce225f4 Check that all bits are set when checking for a flag
The `O_...` macro definitions somtimes set multiple bits, while
the bits individually represent the values of different `O_...`
macros. This lead to false postives on codebases built against
Musl libc, which defines `O_TMPFILE` as `020200000` and
`O_DIRECTORY` as `0200000`.
2022-02-03 10:29:13 +01:00
Tony Torralba
3c9b332ce0 Merge pull request #7826 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-02-03 09:38:53 +01:00
Tom Hvitved
6bb71f051b Merge pull request #7791 from hvitved/dataflow/inline-local-flow-star
Data flow: Inline `local(Expr|Instruction)?(Flow|Taint)`
2022-02-03 09:02:43 +01:00
Harry Maclean
c65ca8ff86 Model calls to constantize as code executions
`constantize` is an ActiveSupport extension to `String` that attempts to
look up a constant with a name matching the receiver.
2022-02-03 15:22:07 +13:00
github-actions[bot]
2a9f98cce0 Add changed framework coverage reports 2022-02-03 00:10:33 +00:00
Harry Maclean
704b58519f Ruby: Include subclasses in more API calls
Change the behaviour of `API::getInstance()` and `API::getReturn()` to
include results on subclasses of the current API node.
2022-02-03 11:35:59 +13:00
Chuan-kai Lin
df91ee6616 Python: adjust downgrade script location and format 2022-02-02 14:23:21 -08:00
Harry Maclean
61cd05cfc5 Ruby: Ensure TRoute and TRouteBlock are private 2022-02-03 10:55:28 +13:00
Harry Maclean
80835a5a19 Ruby: Don't expose abstract class
Make ActionDispatch::Route into a private class
ActionDispatch::RouteImpl, defining a new class Route which exposes the
necessary public API from RouteImpl.

Also rename getHTTPMethod to getHttpMethod.
2022-02-03 10:41:30 +13:00
Harry Maclean
a8a7c156d0 via - update tests 2022-02-03 10:40:23 +13:00
Erik Krogh Kristensen
7ef051456a upload sarif as part of the QL-for-QL workflow 2022-02-02 20:32:22 +01:00
Tom Hvitved
7b5699d058 C#: Update CIL attributes test 2022-02-02 19:25:30 +01:00
Tom Hvitved
2fe65128a0 C#: Update CIL type annotations test 2022-02-02 19:25:30 +01:00
Tom Hvitved
c4ad237a5c C#: Update expected test output 2022-02-02 19:25:30 +01:00
Tom Hvitved
516bd9f77f C#: Fix deprecation warnings 2022-02-02 19:25:30 +01:00
Tom Hvitved
09c5212ccc C#: Account for explicit interface implementations in OperatorSymbol 2022-02-02 19:25:30 +01:00
Tom Hvitved
d7eeb1fec8 C#: Use .NET 6 2022-02-02 19:25:30 +01:00
Henry Mercer
2c17437092 JS: Run ML-powered queries tests on all PRs modifying relevant files 2022-02-02 18:11:25 +00:00
Henry Mercer
a586be956e JS: Remove versions from packs we don't intend to publish 2022-02-02 18:10:57 +00:00
Geoffrey White
708da8cd62 C++: Increase the query precision to 'high'. 2022-02-02 18:03:25 +00:00
Arthur Baars
a22868ba27 Merge branch 'main' into ruby-3.1 2022-02-02 19:00:03 +01:00
Geoffrey White
4048ba0a1c C++: Fix false positives around terminal output. 2022-02-02 17:59:28 +00:00
Geoffrey White
39a2ffd438 C++: Fix false positives around 'stdin'. 2022-02-02 17:39:14 +00:00
Robin Neatherway
e3feece94e Merge pull request #680 from github/rneatherway/example-query
Add an example query for inexhaustive switches
2022-02-02 17:33:22 +00:00
Arthur Baars
6acf49d4da Merge pull request #7814 from aibaars/fix-ql-alerts
Ruby: fix all QL-QL alerts
2022-02-02 18:25:38 +01:00
Jeroen Ketema
aa4651312e Fix naming conflicts in cpp/world-writable-file-creation 2022-02-02 17:36:14 +01:00
Jeroen Ketema
f32500306a Address review comments 2022-02-02 17:24:55 +01:00
Geoffrey White
cc20969bdd C++: Add test cases based on some remaining real world FPs. 2022-02-02 16:15:59 +00:00
Tony Torralba
4f13bf8941 Merge pull request #6492 from atorralba/atorralba/android-cleartext-storage-database
Java: Create new query Cleartext storage of sensitive information in Android databases
2022-02-02 16:23:05 +01:00
Tony Torralba
54e8ea56e8 Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-02-02 15:44:26 +01:00
Jeroen Ketema
0773ab37a5 Use matches to check for 0x prefix 2022-02-02 15:26:46 +01:00
Jeroen Ketema
92d9e51d2a Extract the value of O_CREAT and O_TMPFILE from the defining macro
There are operating systems that define `O_CREAT` with a different
value than Linux, which uses `0x40`. For example, OpenBSD uses `0x0200`.
Hence, we cannot use a hardcoded value.

Also handle `O_TMPFILE` while here.
2022-02-02 15:16:26 +01:00
Erik Krogh Kristensen
35999a7f8f add support for fs-extra methods in insecure-temporary-file 2022-02-02 15:14:43 +01:00
Mathias Vorreiter Pedersen
1aa32b09be Merge pull request #7802 from geoffw0/clrtxt8
C++: Recognize password struct fields.
2022-02-02 14:10:40 +00:00
Naman Jain
aea7054938 modified query and added tests 2022-02-02 19:39:08 +05:30
Erik Krogh Kristensen
573f17dc63 fix typos in documentation
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
2022-02-02 15:00:38 +01:00
Henry Mercer
7018f6ad40 JS: Add missing @id for endpoint types query 2022-02-02 13:15:15 +00:00
Henry Mercer
e6745dc63a JS: Add Action to run tests for ML-powered queries 2022-02-02 13:15:12 +00:00
Henry Mercer
422919b9d0 JS: Add generated files to .gitattributes 2022-02-02 13:15:04 +00:00
Henry Mercer
fbcb8d6857 JS: Migrate CodeQL tests for ML-powered queries 2022-02-02 13:15:04 +00:00
Arthur Baars
3b05cb621c Address comment 2022-02-02 14:11:45 +01:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Arthur Baars
fdcef6225b Ruby: fix QL warnings 2022-02-02 13:29:09 +01:00
CodeQL CI
7bb11b837c Merge pull request #7788 from yoff/python/remove-library-annotation
Approved by tausbn
2022-02-02 03:51:00 -08:00
Robin Neatherway
4a4b9c30d7 Add an example query for inexhaustive switches 2022-02-02 11:38:15 +00:00
Rasmus Wriedt Larsen
fb6b8eb394 Python: Add simple test of AttrRead/AttrWrite 2022-02-02 11:19:35 +01:00
Rasmus Wriedt Larsen
51bc6dcf7e Python: Add attributeClearStep 2022-02-02 11:19:35 +01:00
Rasmus Wriedt Larsen
d2b72a7547 Python: Expand fieldflow tests 2022-02-02 11:19:31 +01:00
Tom Hvitved
712418e5f8 Merge pull request #7781 from hvitved/dataflow/summary-stack-bottom-less-nonlinear
Data flow: Reduce non-linear recursion in `SummaryComponentStack::bottom`
2022-02-02 10:35:53 +01:00
Benjamin Muskalla
d4c4e75bac Merge pull request #7268 from bmuskalla/modelDiffAction
Java: Produce diffs for model generator changes
2022-02-02 10:30:45 +01:00
Jeroen Ketema
bd859d99bf Address review comments 2022-02-02 10:09:47 +01:00
Jeroen Ketema
5b8f56dcc6 Add change notes 2022-02-02 10:07:38 +01:00
Michael Nebel
860ded2806 C#: Added change note for return value attributes. 2022-02-02 09:59:09 +01:00
Michael Nebel
62d987f31f C#: Add upgrade and downgrade scripts. 2022-02-02 09:53:29 +01:00
Rasmus Lerchedahl Petersen
4ad99d9299 python: add missing QlDoc 2022-02-02 09:14:21 +01:00
Rasmus Lerchedahl Petersen
448e0785c2 python: logging.root is not a call 2022-02-02 09:04:16 +01:00
Harry Maclean
5adcdf1cf8 Ruby: Minor refactor 2022-02-02 17:32:11 +13:00
Harry Maclean
8f5380122a Ruby: Cache ActionDispatch IPA types 2022-02-02 17:31:47 +13:00
Harry Maclean
749dc092ae Ruby: Attempt to mitigate potential bad join
By joining simultaneously on controller class and name.
2022-02-02 17:03:46 +13:00
Harry Maclean
a38bc9fe89 Ruby Fix handling of via: in ActionDispatch 2022-02-02 17:03:27 +13:00
Harry Maclean
856c3d332c Minor cleanup to ActionDispatch modelling
`x.isStringOrSymbol(result)` is slightly terser than
`result = x.getStringOrSymbol()`.
2022-02-02 16:26:20 +13:00
Harry Maclean
47823b5a9a Handle via: :all in Rails routes
ActionDispatch modelling now understands that

    match "/foo", to: "foo#bar", via: :all

is equivalent to

    match "/foo",
      to: "foo#bar",
      via: [:get, :post, :put, :patch, :delete]
2022-02-02 16:26:20 +13:00
Harry Maclean
8bdc05ddaf getValueText -> getConstantValue 2022-02-02 16:26:20 +13:00
Harry Maclean
417287153b Ruby: QL style fixes 2022-02-02 16:26:20 +13:00
Harry Maclean
e975f92091 Ruby: remove unused predicate 2022-02-02 16:26:20 +13:00
Harry Maclean
3786fbfc7d Ruby: Rewrite ActionDispatch::underscore
This version is much shorter and hopefully performs a bit better.
2022-02-02 16:26:20 +13:00
Harry Maclean
eff2136f52 Ruby: remove unused predicate 2022-02-02 16:26:20 +13:00
Harry Maclean
dead7a8059 Ruby: Make most of ActionDispatch private
Any classes/predicates not used externally or in tests are now private.
Also fix some typos.
2022-02-02 16:26:20 +13:00
Harry Maclean
fa28e55645 Add a test for ActionDispatch::underscore
This shows how the predicate behaves, as well as a case where it goes
wrong.
2022-02-02 16:26:20 +13:00
Harry Maclean
9c67869875 Remove ActionDispatch::capitalize
This predicate isn't used.
2022-02-02 16:26:20 +13:00
Harry Maclean
ad71fdbb24 Add missing documentation to ActionDispatch::Route 2022-02-02 16:26:20 +13:00
Harry Maclean
1766916fc5 Ruby: Document ActionDispatch modelling 2022-02-02 16:26:20 +13:00
Harry Maclean
314683d5fb Ruby: Improve UrlRedirect query using Rails routes
Handlers for non-GET requests aren't vulnerable to URL redirect attacks,
because browsers won't initiate non-GET requests when you click a link.

We can use Rails routing information, if present, to filter out any
handlers for non-GET requests.
2022-02-02 16:26:20 +13:00
Harry Maclean
751d8a7f59 Ruby: Document getACapture 2022-02-02 16:26:20 +13:00
Harry Maclean
870c6d7412 Ruby: Rails route resolution
Add `Route` classes which model Rails routing information, typically
defined in a `routes.rb` file. We extract only the most basic
information: HTTP method, path, controller and action. This is enough to
determine whether a given controller method is a route handler, and what
HTTP method it handles, which is useful for, among other things, the URL
redirect query.
2022-02-02 16:26:19 +13:00
Henry Mercer
e622e517d9 Merge pull request #7800 from github/henrymercer/js-atm-add-model-building-pack
JS: Add model building pack for ML-powered queries
2022-02-01 20:51:19 +00:00
Harry Maclean
ce0354acb3 Include rust-toolchain.toml in Ruby cache keys
This ensures that if we change our Rust version, the caches will be
invalidated.
2022-02-02 08:08:11 +13:00
Harry Maclean
9c32ab7122 rust-toolchain -> rust-toolchain.toml 2022-02-02 08:05:46 +13:00
Harry Maclean
613ecbb418 Ruby: Pin Rust to 1.54
Add a rust-toolchain file to the Ruby directory, which instructs Rustup
to install a specific version of Rust (1.54). This will be used in CI,
so any use of language features or dependencies that don't support 1.54
will result in a CI failure.

This should ensure we have a documented minimum supported rust version
and an easy to way to update it in the future (update the rust-toolchain
file).
2022-02-02 08:05:46 +13:00
Geoffrey White
d864af3622 C++: Change note. 2022-02-01 19:00:40 +00:00
Harry Maclean
fb00a6c61b Merge pull request #7666 from github/hmac/file-open-access
Ruby: Add File.open as a FileSystemAccess
2022-02-02 07:32:16 +13:00
liangjinhuang
1dd15fa235 style:auto format 2022-02-02 01:30:54 +08:00
liangjinhuang
976e484c57 style:move all source files under src/experimental & feat:modify source regular matching rules 2022-02-02 01:14:51 +08:00
Henry Mercer
14601316a5 JS: Autoformat 2022-02-01 17:08:21 +00:00
Rasmus Wriedt Larsen
f6215f2300 Python: Refactor field-flow test 2022-02-01 17:59:03 +01:00
Rasmus Wriedt Larsen
cc4fe38fbd Python: Delete dedicated argumentRouting<N> tests
I feel like they don't bring any value anymore, since we have the nice
inline expectation tests. If I'm wrong, happy to revert this commit
though.
2022-02-01 17:51:33 +01:00
Rasmus Wriedt Larsen
54f53c828e Python: Refactor argumentRoutingTest.ql to be more generic
I checked to see that the tests still works. If I deleted the `arg5`
annotation, it got failures:

```diff
diff --git a/python/ql/test/experimental/dataflow/coverage/argumentPassing.py b/python/ql/test/experimental/dataflow/coverage/argumentPassing.py
index e218bdde9b..71816c1e01 100644
--- a/python/ql/test/experimental/dataflow/coverage/argumentPassing.py
+++ b/python/ql/test/experimental/dataflow/coverage/argumentPassing.py
@@ -46,7 +46,7 @@ def argument_passing(
     c,
     d=arg4,  #$ arg4 func=argument_passing
     *,
-    e=arg5,  #$ arg5 func=argument_passing
+    e=arg5,
     f,
     **g,
 ):
diff --git a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.expected b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.expected
index e69de29bb2..22037a40c3 100644
--- a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.expected
+++ b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.expected
@@ -0,0 +1,2 @@
+| argumentPassing.py:49:7:49:10 | ControlFlowNode for arg5 | Unexpected result: arg5= |
+| argumentPassing.py:49:7:49:10 | ControlFlowNode for arg5 | Unexpected result: func=argument_passing |
```
2022-02-01 17:50:06 +01:00
Rasmus Wriedt Larsen
76f3d74fed Python: Remove extra whitespace from argumentPassing.py 2022-02-01 17:48:16 +01:00
Rasmus Wriedt Larsen
5ee755db09 Python: Require MISSING: flow annotations for normal data-flow tests
I had to rewrite the SINK1-SINK7 definitions, since this new requirement
complained that we had to add this `MISSING: flow` annotation :D

Doing this implementation also revealed that there was a bug, since I
did not compare files when checking for these `MISSING:` annotations. So
fixed that up in the implementation for inline taint tests as well.

(extra whitespace in argumentPassing.py to avoid changing line numbers
for other tests)
2022-02-01 17:46:53 +01:00
Erik Krogh Kristensen
e06f6529f1 refactor API-graph labels to an IPA type 2022-02-01 17:32:08 +01:00
Rasmus Wriedt Larsen
2bc4a60496 Python: Unify normal dataflow test setup
I went with NormalDataflowTest to signify that if you don't know what
you're looking for, this is probably the one. I did not want to just
call it DataflowTest, since that becomes a big vague when there are also
`FlowTest.qll` and `MaximalFlowTest.qll` -- I'm open to renaming this
though 👍
2022-02-01 17:31:31 +01:00
Rasmus Wriedt Larsen
41319607a9 Python: Use InlineExpectationsTest for field-flow tests
I deleted the old tests, so it's very clear what tests to look for
2022-02-01 17:31:31 +01:00
Rasmus Wriedt Larsen
d6f415bae2 Python: Run match tests if Python 3.10 or newer
Also fixes a bug in the tests
2022-02-01 17:31:31 +01:00
liangjinhuang
1885b683f7 style:formatDocument 2022-02-02 00:21:26 +08:00
liangjinhuang
af2e8ff8c6 feat:modify source regular matching rules 2022-02-02 00:10:15 +08:00
Henry Mercer
368839edfc JS: Fix QLDoc style in ExtractMisclassifiedEndpointFeatures.ql 2022-02-01 15:39:15 +00:00
Arthur Baars
ea901adb3c Merge pull request #7799 from github/aibaars/fix-ruby-workflows
Ruby: use ruby specific cache key
2022-02-01 16:28:14 +01:00
Henry Mercer
db0b4fc463 JS: Add model building pack for ML-powered queries
Tests are currently still internal. They will be migrated to
`github/codeql` in a subsequent PR.
2022-02-01 15:03:26 +00:00
Arthur Baars
73d60550ce QL-QL: fix cache keys 2022-02-01 15:57:59 +01:00
Erik Krogh Kristensen
0f85a52f09 Merge pull request #7773 from erik-krogh/CWE-367
JS: add a js/file-system-race query
2022-02-01 15:36:13 +01:00
Rasmus Wriedt Larsen
a4bb0cc5d8 Python: Run tests for fieldflow/test.py 2022-02-01 15:32:07 +01:00
Rasmus Wriedt Larsen
1390f034f3 Python: Delete duplicated tests
All the same tests are present in `fieldflow/test.py`
2022-02-01 15:31:30 +01:00
Arthur Baars
6451a71a78 Ruby: use ruby specific cache key 2022-02-01 15:18:09 +01:00
Rasmus Wriedt Larsen
1394b38032 Python: Improve customSanitizer tests
Before we didn't show how we treated the value _after_ the check. But we
do actually handle this nicely 💪
2022-02-01 15:09:29 +01:00
Mathias Vorreiter Pedersen
3597d80340 Merge pull request #7787 from Yonah125/main
C/C++ : Useless test
2022-02-01 14:01:27 +00:00
Jeroen Ketema
ff1c971100 Add query for missing mode argument in open/openat calls 2022-02-01 14:52:22 +01:00
Rasmus Lerchedahl Petersen
1e2428cb6b python: create LDAP module in Concepts 2022-02-01 14:39:58 +01:00
Nick Rolfe
5828a61fec Merge pull request #7795 from github/nickrolfe/graph_test_edge_ordering
Ruby/C#: add semmle.order attribute to edges in CFG tests
2022-02-01 13:36:15 +00:00
Rasmus Lerchedahl Petersen
c2cd58edc4 python: rewrite to separate configurations
source nodes get duplicated, so perhaps flow states
are actually better for performance?
2022-02-01 14:36:11 +01:00
Erik Krogh Kristensen
a51f892a99 move dot in qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-02-01 14:34:30 +01:00
Owen Mansel-Chan
f351924fcc Merge pull request #679 from owen-mc/add-error-expr-to-dbscheme
Add ErrorExpr to dbscheme
2022-02-01 13:32:57 +00:00
Michael Nebel
2c6e35f55e C#: Add more attribute testcases. 2022-02-01 14:06:45 +01:00
Rasmus Lerchedahl Petersen
7df5c70c6f python: update frameworks.rst 2022-02-01 13:54:34 +01:00
Rasmus Lerchedahl Petersen
bec8c0daea python: update change note 2022-02-01 13:39:03 +01:00
Rasmus Lerchedahl Petersen
c587084758 python: use standard InstanceSource construction 2022-02-01 13:31:16 +01:00
Michael Nebel
31a70a17a4 C#: Add attribute tests for delegate types. 2022-02-01 13:29:26 +01:00
Michael Nebel
8ee27be908 C#: Small change in the attribute elements test. We now require that the attribute should be in source code and not the attributable. 2022-02-01 13:29:26 +01:00
Michael Nebel
7d1d2e792c C#: Add specialized ql classes for each attribute kind and update AST printing. 2022-02-01 13:29:26 +01:00
Michael Nebel
5a6667efc5 C#: Update attribute test cases. 2022-02-01 13:29:26 +01:00
Michael Nebel
c94cdfa79a C#: Update the extractor to include the kind of the extracted attributes. Furthermore, include method return attributes. 2022-02-01 13:29:26 +01:00
Michael Nebel
e86ac73628 C#: Add attribute kind to the dbscheme for the attribute relation. 2022-02-01 13:29:26 +01:00
Erik Krogh Kristensen
e6c90670e6 Merge pull request #7740 from erik-krogh/CWE-347
JS: promote the js/jwt-missing-verification query out of experimental
2022-02-01 13:10:35 +01:00
Chris Smowton
ee85d6c368 Undo whitespace change 2022-02-01 12:04:38 +00:00
Owen Mansel-Chan
613a85bcfb Add ErrorExpr to dbscheme 2022-02-01 11:52:51 +00:00
museljh
012434b152 Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-01 19:00:06 +08:00
museljh
a6002186bd Update python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-01 18:59:12 +08:00
Jeroen Ketema
dbac927721 Take into account that the 4th argument of openat may be omitted
This matches what is done for `open`.
2022-02-01 11:41:07 +01:00
Rasmus Wriedt Larsen
f7a0b17ed6 Merge pull request #7687 from yoff/python/PathInjection-FlowState
python: Rewrite path injection query to use flow state
2022-02-01 11:33:37 +01:00
yoff
b120721942 Update python/ql/src/Security/CWE-090/LdapInjection.ql
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-01 11:02:47 +01:00
Rasmus Lerchedahl Petersen
119a7e4f34 python: provide links for Flask 2022-02-01 10:55:45 +01:00
Rasmus Lerchedahl Petersen
ecea392a08 python: rewrite qhelp overview
(combining the Java version and the JS version)
2022-02-01 10:47:18 +01:00
Rasmus Lerchedahl Petersen
26befebfc2 python: drop precision and add severity score
Given both the original FP score and our concerns
regarding sanitizers, `@precision medium`, which
is aligned with other languages, feels appropriate.
2022-02-01 10:34:36 +01:00
Rasmus Lerchedahl Petersen
7511b33512 python: "command" -> "log" 2022-02-01 10:23:16 +01:00
yoff
45f0bfd8f0 Apply suggestions from code review
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-01 10:06:37 +01:00
yoff
c03f89d712 Apply suggestions from code review
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2022-02-01 10:04:26 +01:00
Mathias Vorreiter Pedersen
a59a9ba82b C++: Autoformat. 2022-02-01 08:28:53 +00:00
yoff
8df04c58e9 Merge pull request #7793 from tausbn/python-fix-bad-TPythonTuple-join-order
Python: Fix bad join order in `TPythonTuple`
2022-01-31 22:39:58 +01:00
Harry Maclean
e5b7478028 Merge pull request #7780 from github/hmac/split-tests
Ruby: Split up CI jobs
2022-02-01 09:10:01 +13:00
Nick Rolfe
990e07b986 Ruby/C#: add semmle.order attribute to edges in CFG tests 2022-01-31 20:08:24 +00:00
BACK Yonah
46c1744204 C/C++: getFullyConverted replaced by getConversion* 2022-01-31 18:51:18 +01:00
Taus
4a29095e3b Python: Fix bad join order in TPythonTuple
TL;DR: Something introduced the following bad join order:
```
(227s) Tuple counts for dom#TObject::TPythonTuple#ff/2@i2#8f58670w after 3m46s:
25000      ~0%     {2} r1 = SCAN PointsToContext::PointsToContext::appliesToScope_dispred#ff#prev_delta OUTPUT In.1, In.0 'context'
24000      ~1%     {2} r2 = JOIN r1 WITH @py_scope#f ON FIRST 1 OUTPUT Lhs.1 'context', Lhs.0
1076876712 ~6%     {3} r3 = JOIN r2 WITH Flow::TupleNode#class#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'context', Lhs.1
870129666  ~0%     {3} r4 = JOIN r3 WITH Flow::ControlFlowNode::isLoad_dispred#f ON FIRST 1 OUTPUT Lhs.1 'context', Lhs.2, Lhs.0 'origin'
870129000  ~0%     {3} r5 = r4 AND NOT dom#TObject::TPythonTuple#ff#prev(Lhs.2 'origin', Lhs.0 'context')
870129000  ~1%     {3} r6 = SCAN r5 OUTPUT In.2 'origin', In.1, In.0 'context'
9000       ~0%     {2} r7 = JOIN r6 WITH Flow::ControlFlowNode::getScope_dispred#ff ON FIRST 2 OUTPUT Lhs.0 'origin', Lhs.2 'context'
                    return r7
```
(...the above being the tuple counts _at the point when I cancelled the
query_!)

Rewriting the code to force a join between `TupleNode#class` and
`getScope` results in the following join orders:

```
(0s) Tuple counts for TObject::scope_loads_tuplenode#ff/2@b3cf0bo5 after 13ms:
37369 ~3%     {1} r1 = JOIN Flow::TupleNode#class#f WITH Flow::ControlFlowNode::isLoad_dispred#f ON FIRST 1 OUTPUT Lhs.0 'origin'
37369 ~3%     {2} r2 = JOIN r1 WITH Flow::ControlFlowNode::getScope_dispred#ff ON FIRST 1 OUTPUT Rhs.1 's', Lhs.0 'origin'
            return r2
```
and
```
(78s) Tuple counts for dom#TObject::TPythonTuple#ff/2@i53#121c440w after 6ms:
34736 ~3%     {2} r1 = SCAN PointsToContext::PointsToContext::appliesToScope_dispred#ff#prev_delta OUTPUT In.1, In.0 'context'
7370  ~5%     {2} r2 = JOIN r1 WITH TObject::scope_loads_tuplenode#ff ON FIRST 1 OUTPUT Lhs.1 'context', Rhs.1 'origin'
7370  ~5%     {2} r3 = r2 AND NOT dom#TObject::TPythonTuple#ff#prev(Lhs.1 'origin', Lhs.0 'context')
7370  ~1%     {2} r4 = SCAN r3 OUTPUT In.1 'origin', In.0 'context'
            return r4
```
the latter being the largest iteration of `dom#TPythonTuple` throughout
the log.

No other major performance issues were observed.
2022-01-31 16:59:50 +00:00
jorgectf
080775c873 Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization 2022-01-31 17:48:47 +01:00
Jorge
a1f8acc9bb Merge branch 'github:main' into jorgectf/python/deserialization 2022-01-31 17:48:35 +01:00
BACK Yonah
56941dba6b C/C++ : Fixed select issue in Useless Test 2022-01-31 16:56:12 +01:00
BACK Yonah
ca2ff6f9fb C/C++: Fixing minor issues in Useless Test query 2022-01-31 16:04:56 +01:00
Tom Hvitved
5503abc73d Merge pull request #7772 from hvitved/csharp/event-accessor-event-null
C#: Guard against `AssociatedSymbol` not being an `IEventSymbol`
2022-01-31 14:52:02 +01:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint)
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
2022-01-31 14:33:41 +01:00
Ian Wright
83ecc065ab restrict size of strings 2022-01-31 12:28:46 +00:00
Michael Nebel
56ac99039f Merge pull request #7720 from michaelnebel/csharp/extended-prop-patterns
C#: Desugar property patterns that uses member access syntax.
2022-01-31 13:24:24 +01:00
Erik Krogh Kristensen
8dcec2e037 apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-31 13:17:26 +01:00
Erik Krogh Kristensen
ec1a8cc826 apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-31 12:32:12 +01:00
Chris Smowton
d064b17d7b Merge pull request #678 from smowton/smowton/feature/note-filepath-clean-sanitizer
Note that `filepath.Clean("/" + e)` is a sanitizer against path traversal attacks
2022-01-31 10:55:48 +00:00
Tom Hvitved
2354281721 C#: Add DB down/upgrade scripts 2022-01-31 11:46:10 +01:00
Tom Hvitved
32e58add7b C#: Extend compiler_generated to include event accessors 2022-01-31 11:45:23 +01:00
Rasmus Lerchedahl Petersen
9d416664a1 python: modern change note
I set the category to newQuery since that is what users will see.
When we have tags, it would be nice to tag it as a query promotion.
2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
bf1145ece0 python: Add change note
should we have the `lgtm,codescanning` handshake or not?
2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
8b5114d10e python: Add standard customization setup
- modernize the sanitizer, but do not make it less specific
2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
20d54543fd python: move log injection out of experimental
- move from custom concept `LogOutput` to standard concept `Logging`
- remove `Log.qll` from experimental frameworks
  - fold models into standard models (naively for now)
    - stdlib:
      - make Logger module public
      - broaden definition of instance
      - add `extra` keyword as possible source
   - flak: add app.logger as logger instance
   - django: `add django.utils.log.request_logger` as logger instance
     (should we add the rest?)
- remove LogOutput from experimental concepts
2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
211345c010 python: remove more annotations 2022-01-31 11:20:59 +01:00
Michael Nebel
7cbeffc8a7 C#: Refactor and use new language features. 2022-01-31 09:24:31 +01:00
Rasmus Lerchedahl Petersen
cac3862659 python: remove library annotation
to clean up QL warnings.
Should put these in a private module instead?
2022-01-31 08:50:37 +01:00
Rasmus Lerchedahl Petersen
0c3bce1415 python: deprecation
I am slightly concerned that the test now generates many more
intermediate results. I suppose that maes the analysis heavy.
Should the new library get a new name instead, so the old code
does not get evaluated?
2022-01-31 08:32:24 +01:00
BACK Yonah
d7313f3a82 C/C++ : Useless test 2022-01-30 14:33:32 +01:00
Mathias Vorreiter Pedersen
bb2feda8fb Merge pull request #7703 from geoffw0/getslocal 2022-01-28 19:35:15 +00:00
Chris Smowton
de2ed83b55 Note that filepath.Clean("/" + e) is a sanitizer against path traversal attacks. 2022-01-28 19:32:58 +00:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Arthur Baars
abf3ce6223 Ruby: expressions in pin operator ^ 2022-01-28 19:47:31 +01:00
Arthur Baars
00fb4d3776 Ruby: Values in Hash literals and keyword arguments can be omitted 2022-01-28 19:47:31 +01:00
Arthur Baars
3e2ca61c01 Ruby: support anonymous block parameters/arguments 2022-01-28 19:47:31 +01:00
Arthur Baars
b9258e78ca Ruby: non-local variables in variable reference pattern 2022-01-28 19:47:31 +01:00
Arthur Baars
966b8be5f9 Ruby: add downgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
e5eb01ca45 Ruby: add upgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
c85012460a Ruby: update dbscheme stats 2022-01-28 19:47:31 +01:00
Arthur Baars
c6a36a50c2 Ruby: regenerate dbscheme and library 2022-01-28 19:47:31 +01:00
Arthur Baars
bfbc9fe144 Ruby: update tree-sitter-ruby 2022-01-28 19:47:25 +01:00
Alex Ford
57e958c372 Ruby: missing QLDoc 2022-01-28 17:38:55 +00:00
Alex Ford
269722fa86 Ruby: rb/clear-text-logging-sensitive-data changenote 2022-01-28 17:27:05 +00:00
Alex Ford
7fec2d270b Ruby: QL format 2022-01-28 17:24:56 +00:00
Alex Ford
186623f878 Ruby: Add CleartextLogging.qhelp 2022-01-28 17:24:56 +00:00
Alex Ford
7ed447842f Ruby: cleartext logging test output 2022-01-28 17:24:56 +00:00
Alex Ford
4fc9128350 Ruby: cleartext logging - remove an unnecessary abstract class 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Mathias Vorreiter Pedersen
0f239e315c Merge pull request #7782 from geoffw0/clrtxt7
C++: Fix FPs for cpp/cleartext-storage-file
2022-01-28 17:24:05 +00:00
Geoffrey White
0396a84c3c C++: Remove empty predicate / extends. 2022-01-28 17:11:38 +00:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Ian Wright
aceeb7324c restrict AST nodes according to string length 2022-01-28 15:06:10 +00:00
Rasmus Lerchedahl Petersen
68d18ead34 python: add change note 2022-01-28 14:00:07 +01:00
Geoffrey White
a695f02af4 C++: Add change note. 2022-01-28 12:38:27 +00:00
Tom Hvitved
82cceb0a29 C#: Mark event accessors without bodies as compiler generated 2022-01-28 13:11:34 +01:00
Tom Hvitved
682163962a Data flow: Sync files 2022-01-28 13:01:24 +01:00
Tom Hvitved
4bf07825a1 Data flow: Reduce non-linear recursion in SummaryComponentStack::bottom
Before:
```
[2022-01-28 09:45:34] (449s) Tuple counts for FlowSummaryImpl::Public::SummaryComponentStack::bottom_dispred#ff/2@i23#25a5eew4 after 432ms:
                      0       ~0%     {2} r1 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev_delta OUTPUT In.0 'this', (In.1 - 1)
                      0       ~0%     {2} r2 = JOIN r1 WITH FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev ON FIRST 2 OUTPUT Rhs.2, Lhs.0 'this'
                      0       ~0%     {2} r3 = JOIN r2 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.1 'result'

                      4171589 ~5%     {2} r4 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev OUTPUT In.0 'this', (In.1 - 1)
                      4171589 ~0%     {2} r5 = JOIN r4 WITH FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev ON FIRST 2 OUTPUT Rhs.2, Lhs.0 'this'
                      0       ~0%     {2} r6 = JOIN r5 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev_delta ON FIRST 1 OUTPUT Lhs.1 'this', Rhs.1 'result'

                      62238   ~0%     {3} r7 = SCAN FlowSummaryImpl::Public::SummaryComponentStack::drop#fff#prev_delta OUTPUT In.2, In.0 'this', In.1
                      62238   ~8%     {3} r8 = JOIN r7 WITH FlowSummaryImpl::Public::SummaryComponentStack::head_dispred#ff#prev ON FIRST 1 OUTPUT Lhs.1 'this', Lhs.2, Rhs.1 'result'
                      62238   ~5%     {5} r9 = JOIN r8 WITH FlowSummaryImpl::Public::SummaryComponentStack::length#ff#prev ON FIRST 1 OUTPUT Lhs.0 'this', Lhs.1, Lhs.2 'result', Rhs.1, (Rhs.1 - 1)
                      10373   ~6%     {5} r10 = SELECT r9 ON In.4 = In.1
                      10373   ~0%     {2} r11 = SCAN r10 OUTPUT In.0 'this', In.2 'result'

                      10373   ~0%     {2} r12 = r6 UNION r11
                      10373   ~0%     {2} r13 = r3 UNION r12
                      10373   ~0%     {2} r14 = r13 AND NOT FlowSummaryImpl::Public::SummaryComponentStack::bottom_dispred#ff#prev(Lhs.0 'this', Lhs.1 'result')
                                      return r14
```

After:
```
[2022-01-28 09:52:48] (6s) Tuple counts for FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff/2@i21#6243afwv after 5ms:
                      0     ~0%     {2} r1 = JOIN FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev_delta WITH FlowSummaryImpl::Private::TConsSummaryComponentStack#fff#reorder_1_0_2#prev ON FIRST 1 OUTPUT Lhs.1 'result', Rhs.2 'this'

                      10373 ~3%     {2} r2 = SCAN FlowSummaryImpl::Private::TConsSummaryComponentStack#fff#prev_delta OUTPUT In.1, In.2 'this'
                      10373 ~2%     {2} r3 = JOIN r2 WITH FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev ON FIRST 1 OUTPUT Rhs.1 'result', Lhs.1 'this'

                      10373 ~2%     {2} r4 = r1 UNION r3
                      10373 ~2%     {2} r5 = r4 AND NOT FlowSummaryImpl::Public::SummaryComponentStack::bottom#ff#prev(Lhs.1 'this', Lhs.0 'result')
                      10373 ~0%     {2} r6 = SCAN r5 OUTPUT In.1 'this', In.0 'result'
                                    return r6
```
2022-01-28 13:00:04 +01:00
Geoffrey White
b73dc98191 C++: Exclude write to stdout etc. 2022-01-28 11:57:31 +00:00
Tom Hvitved
864b61a804 Merge pull request #7766 from hvitved/csharp/extractor/type-param-constraints
C#: Make `TypeParameterConstraints` a `CachedEntity`
2022-01-28 12:39:31 +01:00
Tom Hvitved
28702dff82 Merge pull request #7779 from hvitved/csharp/initial-downgrade-scheme
C#: Add initial downgrade DB scheme for use in tests
2022-01-28 12:38:07 +01:00
Nick Rolfe
8248a942ce Ruby: enable taint checking for array-flow test 2022-01-28 11:33:59 +00:00
Nick Rolfe
c0e1384f4a Ruby: move Array/Enumerable flow summaries to their own file 2022-01-28 11:33:59 +00:00
Nick Rolfe
6c0eb8beee Ruby: update array flow summaries to use getConstantValue() 2022-01-28 11:33:59 +00:00
Nick Rolfe
693ff6a904 Ruby: add flow summaries for remaining Array methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
030cfa36da Ruby: add flow summaries for all remaining Enumerable methods 2022-01-28 11:33:59 +00:00
Erik Krogh Kristensen
7b925604df update expected output 2022-01-28 12:21:33 +01:00
Rasmus Wriedt Larsen
3e71d7f9bb Python: Add note about / for Django upload_to
I did a test locally, something like

    import requests

    req = requests.Request(
        "POST",
        "http://127.0.0.1:8000/app/upload-test/",
        data={"name": "foo"},
        files={"upload" : ("wat/haha|!#$%^&", open("foo.txt", "rb"))},
    )

    # print(req.prepare().body.decode('ascii'))

    requests.session().send(req.prepare())

and the `wat/` part was stripped from the filename
2022-01-28 12:17:46 +01:00
Nick Rolfe
588e60e230 Merge pull request #7775 from github/nickrolfe/graph_test_ordering
Ruby/C#: more stable graph test ordering
2022-01-28 11:16:02 +00:00
Erik Krogh Kristensen
7aa59ca233 Merge pull request #7633 from erik-krogh/CWE-300
JS: add js/http-dependency query
2022-01-28 12:10:14 +01:00
Taus
47a57e0c0a Merge pull request #7635 from github/python/support-match
Python/support match
2022-01-28 11:55:46 +01:00
yoff
74d57bbb1a Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
Co-authored-by: Taus <tausbn@github.com>
2022-01-28 11:38:29 +01:00
Rasmus Wriedt Larsen
f962d8e72c Python: Move test to correct location 2022-01-28 11:33:21 +01:00
Arthur Baars
cada7ef1a4 Ruby: add downgrade scripts to prepare-db-upgrade.sh 2022-01-28 11:07:56 +01:00
Rasmus Lerchedahl Petersen
ab43f041c3 python: rename files 2022-01-28 11:00:17 +01:00
Erik Krogh Kristensen
b5198bdaca apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-28 10:46:27 +01:00
Erik Krogh Kristensen
bf9bcc9600 add a js/file-system-race query 2022-01-28 09:41:12 +01:00
Erik Krogh Kristensen
179c26da9a apply suggestions from review 2022-01-28 09:37:46 +01:00
Tony Torralba
f3e034b2be Merge pull request #7764 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-28 09:35:54 +01:00
Harry Maclean
0428b8ee20 Split Ruby CI into multiple parallel jobs
Run format, compile and db upgrade checks in parallel, along with the
main tests, which run in two parallel halves.
2022-01-28 21:23:34 +13:00
Rasmus Lerchedahl Petersen
4c3c4deb34 python: Move over query and tests 2022-01-28 09:19:11 +01:00
Esben Sparre Andreasen
ee52774e90 Merge pull request #7760 from erik-krogh/CWE-184
JS: add CWE-184 to incomplete-scheme-check and bad-tag-filter
2022-01-28 09:18:41 +01:00
Tom Hvitved
ee5495ce65 C#: Add initial downgrade DB scheme for use in tests 2022-01-28 09:05:42 +01:00
Rasmus Lerchedahl Petersen
a026120c52 Python: Move configuration over and refine it
The original configuration did not match sinks with sanitizers.
Here it is resolved using flow state,
it could also be done by using two configurations.
2022-01-28 09:00:40 +01:00
Rasmus Lerchedahl Petersen
d539920661 Python: Update list of frameworks 2022-01-28 08:58:30 +01:00
Harry Maclean
b01f81aab3 Use modified getAPath predicate for test 2022-01-28 19:45:52 +13:00
Harry Maclean
a1b0f02e6e Ruby: Introduce API::getAnImmediateSubclass()
class A; end
    class B < A; end
    class C < B; end

In the example above, `getMember("A").getAnImmediateSubclass()` will
select only uses of B, whereas `getMember("A").getASubclass()` will
select uses of A, B and C. This is usually the behaviour you want.
2022-01-28 16:44:03 +13:00
github-actions[bot]
c6130ea2d4 Add changed framework coverage reports 2022-01-28 00:11:49 +00:00
Andrew Eisenberg
28461f57ef Merge pull request #675 from github/aeisenberg/examples-groups
Add new groups for examples packs
2022-01-27 09:26:15 -08:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups
Add new groups for examples packs
2022-01-27 12:11:26 -05:00
Rasmus Wriedt Larsen
4338c06b0d Python: Support Django FileField.upload_to 2022-01-27 17:20:16 +01:00
Rasmus Lerchedahl Petersen
c60df7d69c Merge branch 'main' of github.com:github/codeql into python/support-match 2022-01-27 16:45:17 +01:00
yoff
4632c14280 Merge pull request #7654 from RasmusWL/remove-old-pointsto-queries
Python: Cleanup: Remove old points-to versions of queries
2022-01-27 16:39:01 +01:00
Nick Rolfe
cd5010fe11 C#: sync changes from Ruby to improve ordering of graph test output 2022-01-27 15:34:01 +00:00
Tom Hvitved
b7fb9e8b95 Merge pull request #7768 from hvitved/csharp/extractor-diagnostics-query
C#: Add internal extractor diagnostics query
2022-01-27 16:33:32 +01:00
Chris Smowton
17656fc12b Merge pull request #7771 from Dig2/main
Fix typo in CodeQL-query-help-for-JavaScript
2022-01-27 15:03:35 +00:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6
C++: Upgrade cpp/cleartext-storage-buffer
2022-01-27 14:40:40 +00:00
Rasmus Lerchedahl Petersen
b93c04bb79 python: Add reverse flow in some patterns
Particularly in value and literal patterns.
This is getting a little bit into the guards aspect of matching.
We could similarly add reverse flow in terms of
sub-patterns storing to a sequence pattern,
a flow step from alternatives to an-or-pattern, etc..
It does not seem too likely that sources are embedded in patterns
to begin with, but for secrets perhaps?

It is illustrated by the literal test. The value test still fails.
I believe we miss flow in general from the static attribute.
2022-01-27 15:20:23 +01:00
Tom Hvitved
cdfe239016 C#: Guard against AssociatedSymbol not being an IEventSymbol
Apply same logic as for property/indexer accessors to account for cases where
the associated event cannot be determined. I have not been able to reproduce
such cases locally, though we have seen reports of it happening.
2022-01-27 15:14:03 +01:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Dig2
516bed391a Fix CodeQL-query-help-for-JavaScript typo 2022-01-27 21:33:20 +08:00
Benjamin Muskalla
5c9c83d331 Revert "Enable on my repo"
This reverts commit b9c3e6a052.
2022-01-27 14:24:41 +01:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
47528dd8c0 C++: Autoformat. 2022-01-27 12:56:16 +00:00
Tamás Vajk
50f546043a Merge pull request #7769 from github/release-prep/2.8.0
Release preparation for version 2.8.0
2022-01-27 13:36:59 +01:00
Tamás Vajk
14d227a232 Merge pull request #677 from github/release-prep/2.8.0
Release preparation for version 2.8.0
2022-01-27 13:36:19 +01:00
Tom Hvitved
d9a1046e0e Merge pull request #7683 from hvitved/ruby/qltest-4-threads
Ruby: Use multiple threads in QL test CI job
2022-01-27 13:11:39 +01:00
Benjamin Muskalla
39a853b5e4 Remove unused models 2022-01-27 12:27:37 +01:00
Benjamin Muskalla
1cfb088634 rely on defaults 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
e5acc6b54b use default sha for pr 2022-01-27 12:26:59 +01:00
Benjamin Muskalla
3646ae0995 Skip diff install if not needed 2022-01-27 12:26:58 +01:00
Geoffrey White
1bf9c19638 C++: Autoformat. 2022-01-27 11:26:18 +00:00
Geoffrey White
f090a3b440 C++: Add to and clarify some taint library QLDoc. 2022-01-27 11:26:00 +00:00
Benjamin Muskalla
10aa7a7982 Better name 2022-01-27 12:02:42 +01:00
Benjamin Muskalla
b9c3e6a052 Enable on my repo 2022-01-27 12:01:47 +01:00
Tom Hvitved
1e39259e26 Merge pull request #7750 from hvitved/ruby/desugar-hash-literals
Ruby: Desugar hash literals
2022-01-27 12:01:06 +01:00
Benjamin Muskalla
66b9974dd4 Simplify naming pattern 2022-01-27 12:00:29 +01:00
Geoffrey White
d9a2347178 C++: Switch back to IR taint. 2022-01-27 10:50:22 +00:00
Tamás Vajk
3d2cc8890a Update CHANGELOG.md 2022-01-27 11:50:13 +01:00
Tamás Vajk
cc4bb9b02f Update 0.0.8.md 2022-01-27 11:49:29 +01:00
Benjamin Muskalla
4aa0002e97 Rename workflow 2022-01-27 11:43:25 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
github-actions[bot]
d545716571 Release preparation for version 2.8.0 2022-01-27 10:40:14 +00:00
Tom Hvitved
e2ae327a74 C#: Add internal extractor diagnostics query 2022-01-27 11:19:31 +01:00
Rasmus Lerchedahl Petersen
cb52ab669e python: address review comments
The comment about `py_scopes` was simply removed
2022-01-27 11:17:00 +01:00
Benjamin Muskalla
c1b5565e4d Automation to regenerate framework models 2022-01-27 11:15:10 +01:00
yoff
e28669e487 Apply suggestions from code review
Co-authored-by: Taus <tausbn@github.com>
2022-01-27 10:31:43 +01:00
Tom Hvitved
f4195219f4 C#: Make TypeParameterConstraints a CachedEntity 2022-01-27 10:19:16 +01:00
Tom Hvitved
280023c45a Address review comments 2022-01-27 09:44:41 +01:00
Tom Hvitved
ece952ae2d Merge pull request #7759 from hvitved/csharp/more-debug-context
C#: Add more debug context to various error messages
2022-01-27 09:40:21 +01:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
2022-01-26 14:49:18 -08:00
Andrew Eisenberg
9e0580da32 Add new groups for examples packs
Will make it easier to avoid publishing them.
2022-01-26 14:47:46 -08:00
Dave Bartolomeo
d069d91bf5 Merge pull request #6601 from dbartol/dbartol/side-effect-reorder/work
Fix order of IR call side effects
2022-01-26 17:02:02 -05:00
Tom Hvitved
32d1263810 Merge pull request #7755 from hvitved/csharp/qltest-stubs
C#: Restrict stub logic to QL test DBs
2022-01-26 20:08:33 +01:00
Rasmus Lerchedahl Petersen
163c888781 python: port concepts and implementations 2022-01-26 19:05:37 +01:00
Rasmus Lerchedahl Petersen
e6b5833bd6 python: fix typo in qhelp 2022-01-26 19:05:36 +01:00
Mathias Vorreiter Pedersen
647d4d028e Merge pull request #7758 from jketema/unnamed-variable-fix
C++: Do not report "Declaration hides variable" for unnamed variables
2022-01-26 15:36:04 +00:00
Erik Krogh Kristensen
e75dc2116f add CWE-184 to incomplete-scheme-check and bad-tag-filter 2022-01-26 16:13:13 +01:00
Jeroen Ketema
ee78cc731d Add change note 2022-01-26 15:59:17 +01:00
Tom Hvitved
ef580aa8bc C#: Add more debug context to various error messages 2022-01-26 15:50:26 +01:00
Tom Hvitved
baefd623c4 Merge pull request #7757 from hvitved/csharp/remove-stats
C#: Remove stats for removed relations
2022-01-26 15:22:59 +01:00
Jeroen Ketema
9194af9b15 Do not report "Declaration hides variable" for unnamed variables 2022-01-26 15:10:37 +01:00
Jeroen Ketema
10a94cfa45 Add test for structured binding declaration hiding variable 2022-01-26 15:08:50 +01:00
Jeroen Ketema
b380ba0d8f Add semmle-extractor-options: -std=c++17 to test 2022-01-26 15:05:21 +01:00
Tom Hvitved
f38ee39cda C#: Remove stats for removed relations 2022-01-26 14:20:41 +01:00
Tom Hvitved
6975ade0ff C#: Restrict stub logic to QL test DBs 2022-01-26 13:59:24 +01:00
Tom Hvitved
dd27ed8392 Ruby: Desugar hash literals
```rb
{ a: 1, **splat, b: 2 }
```

becomes

```rb
::Hash.[](a: 1, **splat, b: 2)
```
2022-01-26 13:53:18 +01:00
Tom Hvitved
39436828de Ruby: Add internal/Literal.qll for internal implementation details 2022-01-26 13:48:26 +01:00
Tom Hvitved
6565242b67 Merge pull request #7751 from hvitved/csharp/qltest-file-extraction-mode
C#: Update expected test output after passing in `--qltest` in `codeql test run`
2022-01-26 13:32:34 +01:00
Chris Smowton
df87297c59 Merge pull request #7733 from pwntester/java_util_regex_qll
Java: Add models for java.util.regex.Pattern and Matcher
2022-01-26 12:04:56 +00:00
Rasmus Lerchedahl Petersen
47af3a69a5 Merge branch 'main' of github.com:github/codeql into python/support-match 2022-01-26 11:39:46 +01:00
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Erik Krogh Kristensen
abd87615ff update qhelp with suggestions
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-01-26 11:03:05 +01:00
Tom Hvitved
477f83cf9e Merge pull request #7746 from hvitved/csharp/remove-legacy-relations
C#: Remove some unused legacy relations from the DB scheme
2022-01-26 10:40:55 +01:00
Tom Hvitved
99b9d4513b C#: Update expected test output after passing in --qltest in codeql test run 2022-01-26 10:33:00 +01:00
Arthur Baars
948ebe4b4c Merge pull request #7568 from aibaars/ruby-pattern-matching-taint
Ruby: taint steps for pattern matches
2022-01-26 10:27:47 +01:00
Stephan Brandauer
b7690e5e6b Merge pull request #7734 from kaeluka/js-add-node-prefix-to-module-import
js: add support for the 'node:' prefix for importing internal modules
2022-01-26 10:15:08 +01:00
Tom Hvitved
28e03a8aae Merge pull request #7738 from hvitved/ruby/action-controller-perf
Ruby: Fix bad join in `ActionControllerHelperMethod`
2022-01-26 09:48:21 +01:00
Tom Hvitved
2c27a07ead Merge pull request #7726 from hvitved/ruby/any-array-element-content
Ruby: Introduce `TAnyArrayElementContent`
2022-01-26 09:48:01 +01:00
Erik Krogh Kristensen
de633940fe promote the js/jwt-missing-verification query out of exeprimental 2022-01-26 09:35:54 +01:00
Tom Hvitved
51205d6ce5 C#: Add DB downgrade script 2022-01-26 08:44:37 +01:00
Tom Hvitved
83fb822115 C#: Add DB upgrade script 2022-01-26 08:43:24 +01:00
Tom Hvitved
4c16320e28 C#: Remove some unused legacy relations from the DB scheme 2022-01-26 08:35:08 +01:00
Arthur Baars
941f230c94 Merge pull request #7729 from github/hmac/bump-clap
Ruby extractor: bump clap
2022-01-26 08:12:47 +01:00
Dave Bartolomeo
4c42013836 Update test expectations 2022-01-25 15:22:13 -05:00
Henry Mercer
15aa09fb7a Merge pull request #7744 from github/henrymercer/js-atm-tweak-query-help
JS: Move experimental notice to the bottom of the ML-powered query help
2022-01-25 17:44:27 +00:00
Edoardo Pirovano
662675ebf0 Merge pull request #7739 from github/edoardo/3.4-mergeback
Merge `rc/3.4` into `main`
2022-01-25 17:44:13 +00:00
Edoardo Pirovano
4a3e945346 Merge pull request #676 from github/edoardo/3.4-mergeback
Merge `rc/3.4` into `main`
2022-01-25 17:43:55 +00:00
Shati Patel
1c711e05be Merge pull request #7661 from shati-patel/vscode-pack-commands
Docs: Mention packaging commands in CodeQL extension
2022-01-25 16:55:37 +00:00
Andrew Eisenberg
e722121be8 Merge pull request #7618 from github/aeisenberg/getting-started-docs
Docs: Simplify getting started docs
2022-01-25 08:30:06 -08:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Edoardo Pirovano
cc7b72af41 Merge branch rc/3.4 into main 2022-01-25 16:16:44 +00:00
Mathias Vorreiter Pedersen
5d0f7efe84 Merge pull request #7743 from jketema/doc-fixes
CodeQL documentation fixes
2022-01-25 16:11:08 +00:00
Henry Mercer
70f7535988 JS: Move experimental notice to the bottom of the ML-powered query help
The Code Scanning UI shows just the first paragraph of the query help
as a summary, until a user chooses to expand the help.
We decided it was more useful to display the standard query help in this
summary compared to the experimental query notice, since there is
already a notice about experimental queries on the alert show page.
2022-01-25 15:52:09 +00:00
Tom Hvitved
afd6f58fe8 Merge pull request #7741 from hvitved/csharp/compilation-args-exclude-extractor-args
C#: Exclude extractor arguments from `compilation_args` relation
2022-01-25 16:31:46 +01:00
Geoffrey White
63ff17b3c1 Merge pull request #7737 from geoffw0/clrtxt5
C++: Upgrade cpp/cleartext-storage-file
2022-01-25 15:09:13 +00:00
Jeroen Ketema
082c712843 Replace Block by BlockStmt in basic C/C++ query documentation
`Block` has be deprecated in favor of `BlockStmt`.
2022-01-25 15:21:34 +01:00
Jeroen Ketema
1cfd222770 Remove redundant can 2022-01-25 15:21:06 +01:00
Michael Nebel
f1d5d3af9d C#: Add change note for extended property patterns. 2022-01-25 15:13:11 +01:00
Michael Nebel
44cc044a3d C#: Add testcase for extended property patterns (to indicate that they are de-sugared correctly). 2022-01-25 15:13:11 +01:00
Michael Nebel
833e8e4f1d C#: Add some examples with the extended property pattern syntax. 2022-01-25 15:13:11 +01:00
Michael Nebel
83e7fae578 C#: Desugar property patterns that uses member access syntax. 2022-01-25 15:13:11 +01:00
Tom Hvitved
d7a91fdbe6 C#: Exclude extractor arguments from compilation_args relation 2022-01-25 15:09:29 +01:00
Geoffrey White
e4a3e9ee23 C++: Change note. 2022-01-25 13:55:01 +00:00
Geoffrey White
340b40e8f3 C++: Modernize cpp/cleartext-storage-buffer. 2022-01-25 13:54:42 +00:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Stephan Brandauer
20ea825e4a test for 'node:' prefix for importing node modules 2022-01-25 13:43:16 +01:00
shati-patel
1462565810 Clarify "download packs" usage 2022-01-25 12:37:17 +00:00
Erik Krogh Kristensen
cc527bdecd Merge pull request #7721 from erik-krogh/CWE-1275
JS: add a js/samesite-none-cookie cookie
2022-01-25 13:28:08 +01:00
Shati Patel
9e1e2ba442 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-01-25 12:27:00 +00:00
Tom Hvitved
49488fa0a0 Ruby: Fix bad join in ActionControllerHelperMethod
```
[2022-01-25 12:35:14] (234s) Tuple counts for ActionController::ActionControllerHelperMethod#class#ff/2@ef816fil after 1.5s:
                      7685     ~0%     {3} r1 = JOIN ActionController::ActionControllerContextCall#ff#shared WITH Method::Method::getName_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'controllerClass', Lhs.0 'this'
                      13198    ~0%     {3} r2 = JOIN r1 WITH Constant::ConstantValue::getStringOrSymbol_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'controllerClass', Lhs.2 'this', Rhs.1
                      15835365 ~4%     {5} r3 = JOIN r2 WITH AST::AstNode::getEnclosingModule_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, "helper_method", Lhs.0 'controllerClass', Lhs.1 'this', Lhs.2
                      12943    ~1%     {4} r4 = JOIN r3 WITH Call::MethodCall::getMethodName_dispred#ff ON FIRST 2 OUTPUT Lhs.4, Lhs.2 'controllerClass', Lhs.3 'this', Lhs.0
                      1146184  ~0%     {4} r5 = JOIN r4 WITH Expr::Expr::getConstantValue_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'controllerClass', Lhs.2 'this'
                      212      ~0%     {2} r6 = JOIN r5 WITH project#Call::Call::getArgument_dispred#fff ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'controllerClass'
                                       return r6
```

Joining on enclosing module and name simultaneously yields a much better join.
2022-01-25 13:00:13 +01:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Erik Krogh Kristensen
caaee5e4e5 make a utility predicate for extracting sameSite values 2022-01-25 12:32:04 +01:00
Erik Krogh Kristensen
9f9dee5d18 apply documentation suggestions
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-25 12:14:16 +01:00
Tom Hvitved
67962cb93d Ruby: Fix bad join in access predicate
Joining on variable name alone is a bad thing:

```
[2022-01-25 11:13:20] (228s) Tuple counts for Variable::Cached::access#ff#shared/3@868b54tu after 3m37s:
                      112554    ~0%     {3} r1 = JOIN Variable::VariableReal::getNameImpl_dispred#ff WITH Variable::VariableReal::getDeclaringScopeImpl_dispred#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'arg2', Rhs.1 'arg1'
                      561015756 ~1%     {3} r2 = JOIN r1 WITH Variable::variableName#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.2 'arg1', Lhs.1 'arg2'
                                        return r2
```

This change ensures that we join on name and scope simultaneously.
2022-01-25 11:37:38 +01:00
Michael Nebel
26d9848fca Merge pull request #7730 from michaelnebel/csharp/csharp10-release-notes
C#: Add change notes for the already implemented C# 10 features.
2022-01-25 11:31:02 +01:00
Geoffrey White
d70b813949 Merge pull request #7732 from MathiasVP/security-severity-for-return-stack-allocated-memory
C++: Add security-severity to `cpp/return-stack-allocated-memory`
2022-01-25 10:13:49 +00:00
Stephan Brandauer
9825136e58 add support for the 'node:' prefix for importing internal modules 2022-01-25 10:55:34 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Tom Hvitved
0299b4603f Merge pull request #7677 from hvitved/ruby/constant-value
Ruby: Replace `getValueText` with `getConstantValue`
2022-01-25 10:31:02 +01:00
Harry Maclean
962d0213b5 Ruby extractor: stop using deprecated function 2022-01-25 22:04:24 +13:00
Tony Torralba
82ad79f55f Merge pull request #7728 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-25 09:53:12 +01:00
Mathias Vorreiter Pedersen
72241886bf C++: Add security-severity to 'cpp/return-stack-allocated-memory'. 2022-01-25 08:49:00 +00:00
Michael Nebel
f6a8d50593 C#: Add change notes for the already implemented C# 10 features. 2022-01-25 09:46:57 +01:00
Stephan Brandauer
35cc5ff0e2 Merge pull request #7715 from kaeluka/recognize-fs-extra-path-args
JS: add a predicate to recognize path arguments in calls to the fs-extra lib
2022-01-25 09:36:59 +01:00
Tom Hvitved
06776d19ee Merge pull request #4949 from luchua-bc/cs/hash-without-salt
C#: Query to detect hash without salt
2022-01-25 09:04:23 +01:00
Tom Hvitved
fdd787b89c Merge pull request #7658 from hvitved/csharp/dataflow/no-negative-positions
C#: Get rid of negative parameter/argument data-flow positions
2022-01-25 09:01:44 +01:00
dependabot[bot]
6543b1a3a9 Update clap requirement from 2.33 to 3.0
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.

Apply this update in both the generator and extractor.
2022-01-25 16:53:39 +13:00
Harry Maclean
c5904b7410 Add inline tests for API Graph subclassing 2022-01-25 16:41:49 +13:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
2022-01-25 16:41:49 +13:00
Harry Maclean
d0a274c1e8 Use API graph subclassing in GraphQL modelling
This simplifies some of the code.
2022-01-25 16:41:24 +13:00
Harry Maclean
5e7a29a979 Ruby: Use API graph subclassing in Rails modelling
Now that API graphs have basic subclassing support, we can simplify some
of the ActiveRecord and ActionController code.
2022-01-25 16:40:14 +13:00
github-actions[bot]
1c2f4e79ff Add changed framework coverage reports 2022-01-25 00:10:23 +00:00
Dave Bartolomeo
9183a4d7e7 Merge remote-tracking branch 'upstream/main' into dbartol/side-effect-reorder/work 2022-01-24 15:56:38 -05:00
CodeQL CI
8d1e22bc38 Merge pull request #7632 from erik-krogh/CWE-862
Approved by esbena, felicitymay
2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen
d4bac887cf add a js/samesite-none-cookie cookie 2022-01-24 21:39:41 +01:00
yo-h
364f07e3c5 Merge pull request #7725 from github/turbo-go-117-update
Update supported Go version
2022-01-24 15:23:00 -05:00
Robert Marsh
6d3381cb89 Merge pull request #7718 from MathiasVP/move-return-stack-allocated-memory-into-code-scanning
C++: Add `security` tag to `cpp/return-stack-allocated-memory`
2022-01-24 14:52:23 -05:00
Tom Hvitved
66a24c5c49 Ruby: Introduce TAnyArrayElementContent 2022-01-24 20:25:05 +01:00
Pierre
af0fc37f39 Update supported Go version 2022-01-24 20:20:04 +01:00
Andrew Eisenberg
f71217706a Merge branch 'main' into aeisenberg/getting-started-docs 2022-01-24 11:16:13 -08:00
Rasmus Wriedt Larsen
301318020f Merge pull request #7455 from haby0/py/add-shutil-module-path-injection-sinks
Python: Add shutil module sinks for path injection query
2022-01-24 20:06:36 +01:00
Tom Hvitved
e3afcb1b06 C#: Add missing severity and update expected test output 2022-01-24 20:00:25 +01:00
Tom Hvitved
65e1c0ebc1 Merge remote-tracking branch 'upstream/main' into cs/hash-without-salt 2022-01-24 19:57:07 +01:00
Geoffrey White
e42d3e540a C++: Change note. 2022-01-24 18:32:17 +00:00
Geoffrey White
764f27f08e C++: Upgrade to path-problem. 2022-01-24 18:32:05 +00:00
Geoffrey White
bbaac556e2 C++: Reveal the FP to be an issue with dataflow / model of strcpy. 2022-01-24 17:53:37 +00:00
Geoffrey White
11929378c7 C++: Upgrade cpp/cleartext-storage-file to full taint flow. 2022-01-24 17:48:45 +00:00
Andrew Eisenberg
497c87851c Merge pull request #7571 from github/aeisenberg/remove-upgrades
Update docs on the output of `resolve qlpacks`
2022-01-24 09:02:02 -08:00
Erik Krogh Kristensen
75f389749a Merge pull request #7719 from erik-krogh/cwe-219
JS: add CWE-219 to js/exposure-of-private-files
2022-01-24 17:06:09 +01:00
Tom Hvitved
cc712c20cb Ruby: Use bitShiftLeft instead of pow in parseInteger 2022-01-24 16:06:35 +01:00
Erik Krogh Kristensen
bb786bc557 fix good/bad mixup in ClientExposedCookie qhelp 2022-01-24 15:34:30 +01:00
Tony Torralba
4f4f531dfc Add missing QLDoc 2022-01-24 15:13:09 +01:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack
Data flow: Restructure `RequiredSummaryComponentStack`
2022-01-24 15:10:08 +01:00
Tom Hvitved
2a972dc045 Address review comments 2022-01-24 14:27:42 +01:00
Tony Torralba
b59fd4070f Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager
Java: Promote Insecure TrustManager from experimental
2022-01-24 14:05:14 +01:00
Erik Krogh Kristensen
148b0c33a9 update the empty-password-in-config-file qhelp 2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen
ab0d67a573 update query name and description
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen
b2dc02b831 Merge pull request #7717 from erik-krogh/cwe-80
JS: add CWE-80 to queries that detect bad HTML sanitizers
2022-01-24 13:34:57 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Erik Krogh Kristensen
823cadecd5 add CWE-219 to js/exposure-of-private-files 2022-01-24 13:22:06 +01:00
Tom Hvitved
6a2f4719e8 Merge pull request #672 from github/post-release-prep/codeql-cli-2.7.6
Post-release preparation for codeql-cli-2.7.6
2022-01-24 13:01:01 +01:00
Edoardo Pirovano
413c0a8f4f Merge pull request #7673 from github/post-release-prep/codeql-cli-2.7.6
Post-release preparation for codeql-cli-2.7.6
2022-01-24 11:59:51 +00:00
Mathias Vorreiter Pedersen
7db66055e5 C++: Add change note. 2022-01-24 11:57:25 +00:00
Mathias Vorreiter Pedersen
08379df613 C++: Add 'security' tag to 'cpp/return-stack-allocated-memory'. 2022-01-24 11:43:38 +00:00
Geoffrey White
4c99d39acf Merge pull request #7701 from MathiasVP/remove-intentional-get-stack-pointer
C++: Remove FPs from `cpp/return-stack-allocated-memory`
2022-01-24 11:39:10 +00:00
Geoffrey White
588447d596 C++: Fix up isParameterDeref. 2022-01-24 11:06:24 +00:00
Owen Mansel-Chan
daabd3a045 Merge pull request #673 from owen-mc/refactor-returnvalue-n
Refactor `ReturnValue[n]` in data flow libraries
2022-01-24 10:47:22 +00:00
Arthur Baars
78b4d7cbb5 Ruby: remove redundant cast 2022-01-24 11:27:31 +01:00
Arthur Baars
0cef887683 Ruby: address comments 2022-01-24 11:27:26 +01:00
Geoffrey White
683f909f7a Merge pull request #7704 from geoffw0/clrtxt4
C++: Another improvement to cpp/cleartext-transmission
2022-01-24 10:11:11 +00:00
Erik Krogh Kristensen
ab1bc685bb add CWE-80 to queries that detect bad HTML sanitizers 2022-01-24 11:01:17 +01:00
Stephan Brandauer
02db472209 consistent notation 2022-01-24 10:58:06 +01:00
Anders Schack-Mulligen
7af6dc7164 Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks
Java: Remove some JNDI Injection sinks
2022-01-24 10:53:58 +01:00
Stephan Brandauer
8be58fe01e Fix comment to avoid summarizing implementation
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-01-24 10:47:28 +01:00
Arthur Baars
5df1f7a0c3 Ruby: use CfgNodes classes to implement case value to pattern variable taint steps 2022-01-24 10:31:08 +01:00
Arthur Baars
7d7e9ba9e1 Ruby: add CasePattern classes to CfgNodes 2022-01-24 10:31:08 +01:00
Arthur Baars
e9a01f9e8f Ruby: fix test case 2022-01-24 10:31:08 +01:00
Arthur Baars
634c8cd060 Ruby: Generalize CfgNodes::ChildMapping 2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388 Address comments 2022-01-24 10:31:08 +01:00
Arthur Baars
ab4935fe68 Ruby: fix some alerts 2022-01-24 10:31:08 +01:00
Arthur Baars
7630b277b8 Ruby: update AST and CFG test data 2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d Ruby: add taint step test for hash patterns 2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e Ruby: add taint steps from case value to variables in patterns 2022-01-24 10:10:22 +01:00
Arthur Baars
77a3e4bd61 Ruby: CFG: fix completion of AsPattern variable 2022-01-24 10:10:22 +01:00
Stephan Brandauer
b277731312 add a predicate to recognize path arguments in calls to the fs-extra lib 2022-01-24 09:40:22 +01:00
Tony Torralba
908b7c43f2 Fix stubs 2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea Merge pull request #7705 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561 Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards
Java: Add support for bitwise compound assignments in Guards.
2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c Add changed framework coverage reports 2022-01-24 00:09:45 +00:00
Harry Maclean
8419daad03 Ruby: Add subclassing support to API Graphs
Given the code

    class A; end
    class B < A; end
    class C < A; end

You can find uses of B and C with the expression

    API::getTopLevelMember("A").getASubclass()
2022-01-24 12:21:39 +13:00
luchua-bc
27043a09b3 File path injection with the JFinal framework 2022-01-23 18:07:48 +00:00
Andrew Eisenberg
aee9eb5203 Apply docs fixes
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
2022-01-21 11:35:15 -08:00
Aditya Sharad
67e3f5edbc Merge pull request #7685 from adityasharad/merge/3.3-3.4
Merge rc/3.3 into rc/3.4
2022-01-21 10:49:19 -08:00
Tom Hvitved
85e1cda81b Ruby: Distinguish symbols from strings in ConstantValue 2022-01-21 19:16:12 +01:00
Harry Maclean
8e40899dfd Merge pull request #7419 from github/hmac/const-get 2022-01-22 07:01:09 +13:00
Harry Maclean
2fa18801aa Merge pull request #7665 from github/hmac/barrier-guard-array-const 2022-01-22 06:59:51 +13:00
Geoffrey White
4326e6f706 C++: Split 'gets' model and make it a local source. 2022-01-21 17:29:49 +00:00
Geoffrey White
79735f5ac5 C++: Add test case. 2022-01-21 17:29:48 +00:00
Tony Torralba
78d7e538a5 Remove some JNDI Injection sinks
Add tests and stubs
2022-01-21 17:47:15 +01:00
Henry Mercer
c41de33156 Merge pull request #7700 from github/henrymercer/js-atm-fix-xss-results-pattern
JS: Fix copy/paste error in XSS ML-powered queries results patterns
2022-01-21 16:18:33 +00:00
Geoffrey White
0b98397e9b C++: Catch another encryption clue. 2022-01-21 16:16:16 +00:00
Geoffrey White
97447d0b3a C++: Expand tests. 2022-01-21 16:16:15 +00:00
Tony Torralba
4df0f399cd Move ContentProvider models to the appropriate file 2022-01-21 16:55:43 +01:00
Tony Torralba
c6dd7ddf7a Fix stub 2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1 Fix method name in LocalDatabaseOpenMethodAccess 2022-01-21 16:55:43 +01:00
Tony Torralba
652a1d2dc2 Fix wrongly resolved rebase conflicts 2022-01-21 16:55:43 +01:00
Tony Torralba
5cf664411b Remove unneeded nonSuspicious values 2022-01-21 16:55:43 +01:00
Tony Torralba
baa1f71a53 Add QLDoc 2022-01-21 16:55:43 +01:00
Tony Torralba
4e4f619ae4 Update java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-21 16:55:43 +01:00
Tony Torralba
c5ed5fcaac Apply suggestions from code review
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2022-01-21 16:55:42 +01:00
Tony Torralba
ee84dae164 Fix predicate name 2022-01-21 16:55:42 +01:00
Tony Torralba
16b61f78e6 Fix QLDocs and the qhelp example 2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84 Added query for Cleartext Storage in Android Database 2022-01-21 16:55:42 +01:00
Henry Mercer
84907f91f1 JS: Fix copy/paste error in XSS ML-powered queries results patterns
We didn’t catch this because our unit tests test only library code due
to the previous difficulty of running queries with an ML model (the ML
models in packs work should fix that), and because the end-to-end
evaluation runs separate queries that have different result patterns.

Going forward we should create unit tests for the queries themselves,
which will require using the ML model in tests. We should also be able
to catch this type of error using DCA.
2022-01-21 15:17:52 +00:00
Mathias Vorreiter Pedersen
48064c1c8f C++: Fix false positive. 2022-01-21 15:16:02 +00:00
Mathias Vorreiter Pedersen
7c8c2090f7 C++: Add real-world false positive from the 'cpp/return-stack-allocated-memory' query. 2022-01-21 15:14:18 +00:00
Mathias Vorreiter Pedersen
117795c409 Merge pull request #7682 from MathiasVP/rewrite-return-stack-allocated-memory-to-use-ir
C++: Use the IR for `cpp/return-stack-allocated-memory`.
2022-01-21 14:57:30 +00:00
yoff
a77a6ec864 Merge pull request #7684 from erik-krogh/patches
small refactorizations across CodeQL
2022-01-21 15:04:14 +01:00
Tom Hvitved
9d89cace95 Merge pull request #7643 from michaelnebel/csharp/struct-improvements
C#: Struct (and to a minor extent anonymous types) improvements
2022-01-21 14:51:26 +01:00
Anders Schack-Mulligen
5f7ee337cd Java: Use more set literal syntax. 2022-01-21 13:58:27 +01:00
Anders Schack-Mulligen
41d294229d Java: Add support for bitwise compound assignments in Guards. 2022-01-21 13:56:07 +01:00
Rasmus Lerchedahl Petersen
9aa4c4a6a7 python: Add missing input
also update test expectation
2022-01-21 13:55:33 +01:00
Rasmus Lerchedahl Petersen
41908cbf9f python: add missing qldoc 2022-01-21 13:55:08 +01:00
Tony Torralba
1eaa379bb7 Merge pull request #7681 from atorralba/atorralba/improve-android-implicit-intents-query
Java: Improvements to the Android query Use of implicit PendingIntents
2022-01-21 13:46:17 +01:00
Rasmus Lerchedahl Petersen
49d4b1480d python: Do not remove ChainedConfigs12.qll
since it was clearly already used.
Add deprecation message instead.
2022-01-21 12:27:29 +01:00
Rasmus Lerchedahl Petersen
35c9307baa python: rewrite NoSQLInjection to use flow state
This allows a bit more precision. Specifically, we could
 require the sanitizer to only affect `ConvertedToDict`.
 In practice, most sanitizers woudl probably fail on raw
 input also, though.
2022-01-21 12:12:58 +01:00
Chris Smowton
d6d1c943f1 Merge pull request #674 from erik-krogh/patches
use more set literals
2022-01-21 10:59:48 +00:00
Tony Torralba
c7e1df5689 Update java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-01-21 11:57:11 +01:00
Erik Krogh Kristensen
a235f8f023 remove redundant inline type casts 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
b75c316c27 fix non-us spelling 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
Tom Hvitved
55f427ca0e Ruby: Use multiple threads in QL test CI job 2022-01-21 11:46:08 +01:00
Benjamin Muskalla
830c2dc90a Merge pull request #7603 from bmuskalla/commonsIoModel
Java: Replace Commons IO model
2022-01-21 11:42:27 +01:00
yoff
5b9ae9cede Merge pull request #7659 from RasmusWL/move-regex-injection-files
Python: Move regex injection configuration files
2022-01-21 11:42:06 +01:00
Tony Torralba
0846d1f7b6 Merge pull request #7691 from atorralba/atorralba/fix-recursion-entrypointfieldstep
Java: Fix recursion in `entrypointFieldStep`
2022-01-21 11:37:58 +01:00
Tony Torralba
3f6e035016 Docs improvements 2022-01-21 11:37:02 +01:00
yoff
4fd0ada9a8 Merge pull request #7652 from RasmusWL/cleartext-remove-fps
Python: Remove usernames as sensitive source for cleartext queries
2022-01-21 11:30:40 +01:00
Erik Krogh Kristensen
f9d5cbf017 update qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2022-01-21 11:26:58 +01:00
Tony Torralba
d22632ef78 Fix recursion in entrypointFieldStep
When using local taint tracking to define a RemoteFlowSource, a recursion was created because entrypointFieldStep adds new RemoteFlowSources and was a local taint step. This is fixed by converting entrypointFieldStep into a defaultAdditionalTaintStep instead of a localAdditionalTaintStep, i.e. it will only affect global taint tracking from now on.
2022-01-21 10:48:13 +01:00
Erik Krogh Kristensen
debebb2b8c rewrite the qhelp for js/insecure-dependency 2022-01-21 10:41:08 +01:00
Tom Hvitved
f9b906d1e2 C#: Update uses of RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tom Hvitved
f1a2b21e44 Data flow: Restructure RequiredSummaryComponentStack 2022-01-21 09:42:16 +01:00
Rasmus Lerchedahl Petersen
a5bc5373d0 python: Rewrite path injection to use flow state
This removes the FP cause by chaining
This PR also removes `ChainedConfigs12.qll`,
as we hope to solve future problems via flow states.
2022-01-21 09:26:48 +01:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style
Approved by esbena
2022-01-20 23:43:44 -08:00
CodeQL CI
2287b6e549 Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations
Approved by esbena
2022-01-20 23:43:15 -08:00
Aditya Sharad
ccc6291844 Merge rc/3.3 into rc/3.4
Conflicts in *-support.rst resolved in favour of rc/3.3, which has a new paragraph.
Enterprise version numbers updated to LGTM Enterprise 1.30 and CodeQL 2.7.6.
2022-01-20 15:49:10 -08:00
Erik Krogh Kristensen
504e7a161d simplify an redundant any() expression 2022-01-20 22:34:26 +01:00
Erik Krogh Kristensen
99994eeeb1 use set literals instead of big disjunctions 2022-01-20 22:33:40 +01:00
Erik Krogh Kristensen
15c1ce722a Merge pull request #7678 from erik-krogh/use-set
JS: use more set literals
2022-01-20 21:03:48 +01:00
shati-patel
8fc429caf4 Emphasize use case for installing pack deps 2022-01-20 19:03:30 +00:00
Mathias Vorreiter Pedersen
bd1720f797 C++: Add change note. 2022-01-20 18:27:09 +00:00
Mathias Vorreiter Pedersen
e689f6bad2 C++: Use the IR for 'cpp/return-stack-allocated-memory'. 2022-01-20 18:22:49 +00:00
Tom Hvitved
cbea5eaeaa C#: Simplify argument/parameter positions for captured variables 2022-01-20 17:08:12 +01:00
Tony Torralba
6fe0b78978 Remove PendingIntentAsField step and add SliceProviderLifecycle step 2022-01-20 16:52:07 +01:00
Andrew Eisenberg
534f8999b6 Update docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-01-20 07:09:34 -08:00
Erik Krogh Kristensen
2bffe56580 update expected output 2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen
3155114e36 use more set literals 2022-01-20 16:06:34 +01:00
Anders Schack-Mulligen
fede7dd238 Merge pull request #7676 from aschackmull/java/instanceaccessnode
Java: Add data flow node encapsulating instance accesses.
2022-01-20 15:40:21 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts
simplify expressions that could be type-casts
2022-01-20 15:20:18 +01:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Chris Smowton
38048399d3 Merge pull request #671 from owen-mc/misc-clean-ups
Correct module name in file comment
2022-01-20 14:00:46 +00:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception
Ruby: flag up `protect_from_forgery` calls without an exception strategy
2022-01-20 13:45:30 +00:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source
Android: Add the Intent parameter of the `onActivityResult` method as a source
2022-01-20 14:27:30 +01:00
Tony Torralba
29e87b3abd Merge pull request #6975 from atorralba/atorralba/android-intent-uri-permission-manipulation
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
2022-01-20 14:27:02 +01:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3
C++: Improve cpp/cleartext-transmission
2022-01-20 13:21:54 +00:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review
Co-authored-by: Taus <tausbn@github.com>
2022-01-20 14:20:15 +01:00
Anders Schack-Mulligen
43da5aabbe Java: Add dataflow node encapsulating instance accesses. 2022-01-20 14:12:33 +01:00
Erik Krogh Kristensen
7167e856fe move electron sink to the customizations file 2022-01-20 14:07:23 +01:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
Erik Krogh Kristensen
548fb47603 JS: move ExternalArtifact.qll into lib/ folder to fix ql/db-type-outside-core 2022-01-20 14:00:57 +01:00
Erik Krogh Kristensen
9b69de8588 QL: add query detecting use of db-types outside the lib folder 2022-01-20 14:00:55 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Tony Torralba
62f847a82e Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-01-20 13:44:10 +01:00
Tony Torralba
3957ebe880 Fix bitwiseLocalTaintStep 2022-01-20 13:34:32 +01:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
Chris Smowton
de07035c27 Merge pull request #670 from github/smowton/admin/remove-committed-binary
Delete accidentally committed binary file
2022-01-20 12:28:01 +00:00
Tony Torralba
265f8a3b19 Make bitwise taintsteps specific for this query 2022-01-20 13:23:56 +01:00
Tony Torralba
4e9849e19d Refactor IntentFlagsOrDataCheckedGuard to avoid footgun 2022-01-20 13:23:55 +01:00
Tony Torralba
62c21918b2 Add QLDoc to guard and sanitizer 2022-01-20 13:23:54 +01:00
Tony Torralba
58a0bcd70f Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-20 13:23:53 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-20 13:23:52 +01:00
Tony Torralba
596cfd399e Improve description 2022-01-20 13:23:52 +01:00
Tony Torralba
ab560234e3 Update java/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-20 13:23:51 +01:00
Tony Torralba
3405db31b8 Add qhelp 2022-01-20 13:23:51 +01:00
Tony Torralba
6152c8a989 Add change note 2022-01-20 13:23:48 +01:00
Tony Torralba
e1d30ebc09 Added severity
Removed duplicated code
2022-01-20 13:23:15 +01:00
Tony Torralba
ec8ffeed07 Add Intent URI Permission Manipulation query 2022-01-20 13:23:14 +01:00
Michael Nebel
e804922a2c C#: Add flow test case for with expressions on anonymous types. 2022-01-20 13:14:06 +01:00
Michael Nebel
97d9985e0b C#: Add support for flow via object initializer for anonymous types. 2022-01-20 13:12:19 +01:00
Tony Torralba
c09b6691e1 Merge pull request #6171 from atorralba/atorralba/promote-unsafe-certificate-trust
Java: Promote Unsafe certificate trust query from experimental
2022-01-20 12:07:03 +01:00
Chris Smowton
8111fbb69b Delete m 2022-01-20 10:57:11 +00:00
Felicity Chapman
e178626226 Merge pull request #7653 from github/felicitymay-patch-1
Port changes from main to rc/3.3 to avoid regression
2022-01-20 10:45:13 +00:00
Erik Krogh Kristensen
6b7d84add7 QL: exclude fields that are uniquely used in call to an IPA constructor 2022-01-20 11:37:08 +01:00
Anders Schack-Mulligen
f154530141 Merge pull request #7662 from JLLeitschuh/patch-2
Fix typo in FileWritable
2022-01-20 11:13:59 +01:00
Benjamin Muskalla
8217873bae Align files with new naming pattern 2022-01-20 11:02:53 +01:00
Anders Schack-Mulligen
4aa2661dc1 Merge pull request #7634 from bmuskalla/refactorLangModel
Refactor Apache Commons Lang model
2022-01-20 11:01:25 +01:00
Benjamin Muskalla
4cac35adad Regnerate model to capture char[] APIs 2022-01-20 10:59:28 +01:00
Benjamin Muskalla
857c2778a6 Added missing model for ReadableByteChannel
This reveals more models for commons io
2022-01-20 10:59:28 +01:00
Benjamin Muskalla
b20b3ab480 Regenrate model to replace manual models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
93f6fde63c Keep not-yet-covered models 2022-01-20 10:59:27 +01:00
Benjamin Muskalla
d07997699f Introduce generated model for Commons IO 2022-01-20 10:59:24 +01:00
Geoffrey White
8bdbaf4b57 C++: Autoformat. 2022-01-20 09:52:24 +00:00
CodeQL CI
cfa670c123 Merge pull request #7651 from erik-krogh/CWE-471
Approved by asgerf, esbena
2022-01-20 01:47:39 -08:00
Tom Hvitved
8c00d3e643 Merge pull request #669 from github/release-prep/2.7.6
Release preparation for version 2.7.6
2022-01-20 10:45:00 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Benjamin Muskalla
2748bbffa3 Merge pull request #7656 from bmuskalla/excludeMainLoggingGenerator
Java: Exclude irrelevant rows from models
2022-01-20 10:40:51 +01:00
Tony Torralba
967308fbfd Change InsecureTrustManagerConfiguration to DataFlow 2022-01-20 10:24:47 +01:00
mc
c105d71952 Update InsecureTrustManager.qhelp
Fixed typos and carried out and editorial review
2022-01-20 10:24:46 +01:00
Tony Torralba
7a1a45f5f9 QLDoc 2022-01-20 10:24:46 +01:00
Tony Torralba
77c2b43560 Add change note and severity score 2022-01-20 10:24:43 +01:00
Michael Nebel
76a0853f5b C#: Add struct declaration and update line numbers for the existing test cases. 2022-01-20 10:23:57 +01:00
Tony Torralba
d58bb4753e Refactor tests 2022-01-20 10:23:19 +01:00
Tony Torralba
ab4dc30f54 Refactor into libraries 2022-01-20 10:23:18 +01:00
Tony Torralba
7cd05fb685 Move from experimental 2022-01-20 10:23:18 +01:00
Erik Krogh Kristensen
6e9771fbf6 QL: make FieldAccess::getDeclaration return a FieldDecl 2022-01-20 09:59:45 +01:00
Michael Nebel
7d7ab58108 C#: Add flow test for record struct fields. 2022-01-20 09:58:02 +01:00
Michael Nebel
210bad6c29 C#: Add test case for with expressions for record structs, structs and anonymous types. 2022-01-20 09:58:02 +01:00
Michael Nebel
fc7f642734 C#: With expression examples for record structs, structs and anonymous types. 2022-01-20 09:58:02 +01:00
Michael Nebel
858aec3839 C#: Add test for source of the struct parameterless constructor(s). 2022-01-20 09:58:02 +01:00
Michael Nebel
073d2f2c75 C#: Add some example struct types, including one with a default constructor declarations. 2022-01-20 09:58:01 +01:00
Michael Nebel
547f492be0 Merge pull request #7577 from michaelnebel/csharp/line-pragma
C#: Make support for Line span pragma
2022-01-20 09:51:57 +01:00
Erik Krogh Kristensen
708c18d4c2 QL: update the name of the consistency query to make code-scanning alerts more clear 2022-01-20 09:41:13 +01:00
Erik Krogh Kristensen
b8f1fb3954 JS: fix ql/field-only-used-in-charpred within JavaScript 2022-01-20 09:41:13 +01:00
Erik Krogh Kristensen
3d3c6875a6 QL: add query detecting fields that are only used within the charpred 2022-01-20 09:41:10 +01:00
github-actions[bot]
1e5721b9b9 Release preparation for version 2.7.6 2022-01-20 08:21:09 +00:00
Harry Maclean
5dcee6ba27 Ruby: Add File.open as a FileSystemAccess 2022-01-20 21:09:41 +13:00
Rasmus Lerchedahl Petersen
32cbeae05f python: missing start tag for relation 2022-01-20 08:56:12 +01:00
Rasmus Lerchedahl Petersen
d10ad3bdd4 python: update stats for tables 2022-01-20 08:42:32 +01:00
Harry Maclean
6bae03a7cc Ruby: Update string const barrier guard
This change recognises guards like `FOO.include?`, where `FOO` is an array
constant.
2022-01-20 17:34:12 +13:00
Harry Maclean
13a0ece25c Ruby: Add test case: array constant barrier guard
This guard isn't yet recognised as a `StringConstArrayInclusionCall`.
2022-01-20 17:07:01 +13:00
Owen Mansel-Chan
bfae3fdf97 Merge pull request #665 from owen-mc/update-function-get-a-call
Update `Function.getACall()`
2022-01-19 23:36:20 +00:00
Andrew Eisenberg
95355b5854 Docs: Add back removed section on getting started
Adds a second getting started, specifically for checking out the
codeql repo as a way to get the core queries.

This ensures that people wanting to work in the traditional way still
have the old docs available.
2022-01-19 13:36:57 -08:00
Jonathan Leitschuh
23548c50e1 Fix typo in FileWritable 2022-01-19 16:14:38 -05:00
Chris Smowton
5a2a15c9da Merge pull request #668 from github/smowton/fix/no-pack-install-verify
Don't use codeql pack install --verify
2022-01-19 20:01:42 +00:00
Tom Hvitved
70f4efb834 Merge pull request #7646 from hvitved/csharp/roslyn-tuple-elements-workaround
C#: Workaround Roslyn bug in `INamedTypeSymbol.TupleElements`
2022-01-19 19:54:29 +01:00
Chris Smowton
7f39b1e12c Don't use codeql pack install --verify
This shouldn't fail, but currently does due to a bug and is unnecessary in any case.
2022-01-19 18:40:05 +00:00
Tom Hvitved
128682b59e C#: Replace Argument[-1] with Argument[Qualifier] in all flow summaries 2022-01-19 18:54:24 +01:00
Rasmus Lerchedahl Petersen
7e9a9e3d9a python: remove compiler warnings 2022-01-19 18:01:58 +01:00
shati-patel
dc71ecef83 Docs: Mention packaging commands in CodeQL extension 2022-01-19 16:36:01 +00:00
Rasmus Wriedt Larsen
b9ee2960e2 Python: Add change-note 2022-01-19 17:24:53 +01:00
Rasmus Wriedt Larsen
aa10ad6a8a Python: Fix RegexInjection query, add old deprecated versions 2022-01-19 17:22:44 +01:00
Rasmus Wriedt Larsen
e82ea7ad17 Python: move regex injection configuration files
I did not notice that these went to the wrong location in
https://github.com/github/codeql/pull/6693. They should be in the
dataflow folder with the rest of the data-flow configurations files, the
injection folder is for old points-to based modeling.
2022-01-19 17:21:46 +01:00
Owen Mansel-Chan
4d1dcb3260 Remove first disjunct as it is a subset of second disjunct 2022-01-19 16:21:06 +00:00
Tom Hvitved
0990a1b404 C#: Get rid of negative parameter/argument data-flow positions 2022-01-19 17:14:37 +01:00
Tony Torralba
695e77a219 Simplify isSslSocket predicate 2022-01-19 17:01:28 +01:00
Mathias Vorreiter Pedersen
40c8881575 Merge pull request #7472 from erik-krogh/redundant-aggregate
QL-for-QL: Add a could-be-cast query
2022-01-19 15:48:00 +00:00
Henry Mercer
58b1a6fd40 Merge pull request #7655 from github/henrymercer/bump-atm-query-pack-v0.0.6
JS: Bump ML-powered query packs to v0.0.6
2022-01-19 15:44:55 +00:00
Tony Torralba
e442e50e6b Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-01-19 16:43:48 +01:00
Tony Torralba
101ad777e3 Move things around after rebase 2022-01-19 16:43:48 +01:00
Tony Torralba
03020582af Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-01-19 16:43:47 +01:00
Tony Torralba
9ffc5ab183 Update java/ql/src/semmle/code/java/security/UnsafeCertTrustQuery.qll
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2022-01-19 16:43:47 +01:00
Tony Torralba
c16181dd2f QLDocs 2022-01-19 16:43:46 +01:00
Tony Torralba
000a544729 Decouple UnsafeCertTrust.qll to reuse the taint tracking configuration 2022-01-19 16:43:43 +01:00
Tony Torralba
1e2a956a30 Remove unused stub 2022-01-19 16:43:02 +01:00
Tony Torralba
d9e98ceacc Consider setSslContextFactory and fix tests 2022-01-19 16:43:01 +01:00
Tony Torralba
4d207101e2 Fix QLDoc 2022-01-19 16:43:00 +01:00
Tony Torralba
999acb0021 Improve qhelp references 2022-01-19 16:43:00 +01:00
Tony Torralba
e9712f04a4 Add missing QLDoc 2022-01-19 16:42:59 +01:00
Tony Torralba
698fd64f7f Adjust test after rebase 2022-01-19 16:42:59 +01:00
Tony Torralba
68fe3dd9f4 Fix conflicts in experimental query 2022-01-19 16:42:58 +01:00
Tony Torralba
c24520cb75 Adjust qhelp after rebase 2022-01-19 16:42:58 +01:00
Tony Torralba
5997b874de Add change note 2022-01-19 16:42:53 +01:00
Tony Torralba
9e93aecf75 Add spurious test case 2022-01-19 16:42:06 +01:00
Tony Torralba
19d1a780ca Generalize sanitizer using local flow 2022-01-19 16:42:05 +01:00
Tony Torralba
64518bf91a Handle a specific pass-by-reference flow issue 2022-01-19 16:42:04 +01:00
Tony Torralba
4508945f85 Fix assumption regarding when an SSLSocket does the TLS handhsake 2022-01-19 16:42:03 +01:00
Tony Torralba
e842acf9e0 Improve qhelp 2022-01-19 16:42:03 +01:00
Tony Torralba
5d4cd70f8c Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config 2022-01-19 16:42:02 +01:00
Tony Torralba
e43fff2d30 Use InlineExpectationsTest 2022-01-19 16:42:02 +01:00
Tony Torralba
02d0fa9188 Minor changes in QLDocs and a sanitizer's type 2022-01-19 16:42:01 +01:00
Tony Torralba
4313baf622 Big refactor:
- Move classes and predicates to appropriate libraries
- Overhaul the endpoint identification algorithm logic to use taint tracking
- Adapt tests
2022-01-19 16:42:00 +01:00
Tony Torralba
e0f4c73aed Move from experimental 2022-01-19 16:42:00 +01:00
Rasmus Lerchedahl Petersen
a0e79c1d7a update stats for types
- should still update stats for tables
2022-01-19 16:38:19 +01:00
Tony Torralba
6096080156 Use all possible packages for Fragment classes
Also fix stub
2022-01-19 16:23:11 +01:00
Benjamin Muskalla
52406dc8df Exclude logging sinks
Those sinks are too coarse grained to be exposed as sinks on any model.
2022-01-19 16:11:59 +01:00
Benjamin Muskalla
25d251c24f Exclude main methods from models 2022-01-19 16:11:59 +01:00
Tony Torralba
3c9fac0c6e Sync DataFlowImplForOnActivityResult.qll 2022-01-19 16:11:51 +01:00
Tony Torralba
6a4d2ee850 Apply code review suggestions 2022-01-19 16:08:31 +01:00
Tony Torralba
57ff13dd19 Sync DataFlowImplForOnActivityResult to latest changes 2022-01-19 16:08:31 +01:00
Tony Torralba
ea4ff80cc6 Add DataFlowImplForOnActivityResult to identical-files.json 2022-01-19 16:08:31 +01:00
Tony Torralba
37916a8368 Fix previous merge 2022-01-19 16:08:31 +01:00
Tony Torralba
d9d9ad7d63 Use dedicated instance of DataFlow 2022-01-19 16:08:31 +01:00
Tony Torralba
aef63f69b0 Formatting 2022-01-19 16:08:30 +01:00
Tony Torralba
4b3029564c Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-19 16:08:29 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
9ae1f1cf85 QLDoc 2022-01-19 16:08:27 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
520d8f5ec5 Add stubs 2022-01-19 16:06:23 +01:00
Tom Hvitved
7e3f3c6e2a Merge pull request #7515 from hvitved/csharp/extraction-mode
C#: Introduce extractor mode to identify DBs created with `codeql test run`
2022-01-19 16:04:57 +01:00
Chris Smowton
162b3822dd Merge pull request #7613 from github/smowton/admin/tag-random-used-once
Remove security-severity tag to java/random-used-once
2022-01-19 14:43:08 +00:00
Henry Mercer
c134e6c9ef JS: Bump ML-powered query packs to v0.0.6 2022-01-19 14:40:42 +00:00
Rasmus Wriedt Larsen
93b3cd669a Python: Cleanup: Remove old points-to versions of queries
Since we've internally agreed that we've reached the same or better set
of results.
2022-01-19 15:30:12 +01:00
Felicity Chapman
51e8b4c7ed Port changes from main to rc/3.3 to avoid regression 2022-01-19 14:26:52 +00:00
Rasmus Wriedt Larsen
e82e648ca1 Python: Remove usernames as sensitive source for cleartext queries
Closes #6363, #6927, #6726, #7497, #7116
2022-01-19 15:25:21 +01:00
Rasmus Lerchedahl Petersen
db253e8939 python: upgrade and downgrade scripts 2022-01-19 15:22:57 +01:00
Chris Smowton
c63fcb2c69 Add change note 2022-01-19 14:13:45 +00:00
Rasmus Wriedt Larsen
f3daff4e5a Python: Add FP tests for cleartext logging 2022-01-19 15:13:06 +01:00
Chris Smowton
f0645a34b9 Remove security-severity tag instead
This leaves the Java query in the same state as its C# cousin.
2022-01-19 14:06:40 +00:00
Erik Krogh Kristensen
cb9e14f544 add cwe-471 to js/prototype-pollution 2022-01-19 14:54:57 +01:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations
Ruby: Resolve simple string interpolations
2022-01-19 14:43:58 +01:00
Alex Ford
45ed5a806c Ruby: changenote for rb/csrf-protection-disabled enhancement 2022-01-19 13:41:00 +00:00
Alex Ford
b27d315ff4 Ruby: add an example of protect_from_forgery with: :exception 2022-01-19 13:30:27 +00:00
Mathias Vorreiter Pedersen
dfbde23821 Merge pull request #7627 from geoffw0/nullterm5
C++: Fix branch related FPs in cpp/improper-null-termination.
2022-01-19 13:30:05 +00:00
Rasmus Lerchedahl Petersen
ef9fb0873f python: tools for writing upgrades and downgrade
adapted from [the ruby instructions](https://github.com/github/codeql/blob/main/ruby/doc/prepare-db-upgrade.md)
2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
36e18d5d80 python: dataflow for match
- also update `validTest.py`, but commented out for now
  otherwise CI will fail until we force it to run with Python 3.10
- added debug utility for dataflow (`dataflowTestPaths.ql`)
2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
bb210f4172 pythos: SSA for match
- new SSA definition `PatternCaptureDefinition`
- new SSA definition `PatternAliasDefinition`
- implement `hasDefiningNode`
2022-01-19 14:29:58 +01:00
Rasmus Lerchedahl Petersen
de8ecb214f python: Wrappers for database classes
- new syntactic category `Pattern` (in `Patterns.qll`)
- subpatterns available on statments
- new statements `MatchStmt` and `Case`
  (`Match` would conflict with the shared ReDoS library)
- new expression `Guard`
- support for pattern lists
2022-01-19 14:29:58 +01:00
Erik Krogh Kristensen
e4203a4109 add CWE-471 to the prototype-pollution queries 2022-01-19 14:26:34 +01:00
Tom Hvitved
dacb33d1dd C#: Adjust Roslyn workaround 2022-01-19 14:12:21 +01:00
Geoffrey White
0230494799 C++: Expand QLDoc comment. 2022-01-19 13:07:55 +00:00
Owen Mansel-Chan
7fd2fff1ba Merge pull request #666 from owen-mc/tainted-path-add-more-tests
Add tests for tainted path query checking the sanitizers and sanitizer guards work
2022-01-19 13:00:57 +00:00
Henry Mercer
061b9badfe Merge pull request #7649 from github/henrymercer/bump-atm-query-pack-v0.0.5
JS: Bump ML-powered query packs to v0.0.5
2022-01-19 13:00:41 +00:00
Geoffrey White
acfd593eb4 C++: Change note. 2022-01-19 13:00:36 +00:00
Geoffrey White
330b4c3704 C++: Generalize hasSocketInput a little to include fgets and friends. 2022-01-19 13:00:35 +00:00
Geoffrey White
9c2d961ae5 C++: Fix another expression of stdin / stdout we see in practice. 2022-01-19 13:00:34 +00:00
Michael Nebel
d7cd1cf0b9 C#: Address review comments. 2022-01-19 13:50:02 +01:00
Tom Hvitved
4f90b45dd7 C#: Address review comments 2022-01-19 13:46:22 +01:00
Tom Hvitved
c8509cc382 C#: Introduce extractor mode to identify DBs created with codeql test run 2022-01-19 13:46:22 +01:00
Geoffrey White
d77ba020f9 C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission. 2022-01-19 12:40:32 +00:00
Rasmus Lerchedahl Petersen
b17f844f35 python: New generated files 2022-01-19 13:36:32 +01:00
Geoffrey White
974a8b1a9a C++: Add a test case. 2022-01-19 12:33:21 +00:00
Henry Mercer
d467725ccd JS: Bump ML-powered query packs to v0.0.5 2022-01-19 12:08:33 +00:00
Michael Nebel
3df30545d3 Merge pull request #7628 from michaelnebel/csharp/issue-7609
C#: Fix false positive alert for shadowing on record types.
2022-01-19 12:24:57 +01:00
Tom Hvitved
71ddd00a6c C#: Workaround Roslyn bug in INamedTypeSymbol.TupleElements 2022-01-19 11:33:03 +01:00
Michael Nebel
edafdc8fde C#: Added change note. 2022-01-19 11:04:53 +01:00
Michael Nebel
194da454b1 C#: Add record deconstruct method as an exception from the bad practice rule. 2022-01-19 11:04:53 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Mathias Vorreiter Pedersen
bdfde88e99 Merge pull request #7630 from JarLob/patch-2
C++: Reduce FPs in IncorrectPrivilegeAssignment.ql
2022-01-19 09:49:43 +00:00
Owen Mansel-Chan
85319b2dbf Add tests for tainted path sanitizers and sanitizer guards 2022-01-19 09:49:15 +00:00
Erik Krogh Kristensen
ef2eacebce add a js/empty-password-in-configuration-file query 2022-01-19 10:48:45 +01:00
Michael Nebel
55f787bcae Merge pull request #7605 from michaelnebel/csharp/record-struct
C#: Support for record structs
2022-01-19 10:39:52 +01:00
Harry Maclean
994fcf54b5 Merge pull request #7126 from jeffgran/jg/graphql-ruby
Ruby: Add support for GraphQL
2022-01-19 22:19:30 +13:00
Erik Krogh Kristensen
b7a0b8765e add js/http-dependency query 2022-01-19 10:05:39 +01:00
Harry Maclean
08d48b9375 Add top-level doc comment to GraphQL.qll 2022-01-19 21:42:46 +13:00
Tony Torralba
b2c7175ac5 Merge pull request #7641 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-19 09:34:01 +01:00
Tom Hvitved
f02aeafef1 Ruby: Move regex/non-regex split into TAstNode to convey disjointness 2022-01-19 09:22:01 +01:00
github-actions[bot]
f7240be136 Add changed framework coverage reports 2022-01-19 00:09:52 +00:00
Jaroslav Lobačevski
a1b0315d90 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-19 00:52:10 +01:00
Andrew Eisenberg
01b5881de6 Docs: Remove reference to checking out main branch
We are no longer including information about how to check out
github/codeql, so this paragraph doesn't fit any more.
2022-01-18 15:48:33 -08:00
Owen Mansel-Chan
84f9b74f50 t Improve documentation of Function.getACall 2022-01-18 23:44:34 +00:00
Owen Mansel-Chan
3c02403701 Do not use getACall() when we only want direct calls
In both of these locations we do not want calls through interface methods.
2022-01-18 23:36:14 +00:00
Andrew Eisenberg
0cd6556964 Docs: Update analyzing databases docs
Add more information about running packs. Include the `--download` flag.
2022-01-18 15:03:08 -08:00
Andrew Eisenberg
7fcf567eda Docs: Simplify getting started docs
It is no longer necessary to check out a version of `github/codeql` as
a sibling directory to the distribution. Instead, users can download
the required packs as needed. using the `pack download` command or
the `--download` option for `codeql database analyze`.
2022-01-18 15:03:08 -08:00
Harry Maclean
4f7f92490a Distinguish regex components from strings
Create a set of classes for components of regex literals,
separate from those of string literals. This allows us to special-case
components of free-spacing regexes (ones with the /x flag) to not have a
`getValueText()`.

This in turn is useful because our regex parser can't handle free-spacing
regexes, so excluding them ensures that we don't generate erroneous
ReDoS alerts.
2022-01-19 11:23:40 +13:00
Jaroslav Lobačevski
3fa2516898 Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql 2022-01-18 21:47:55 +01:00
Jaroslav Lobačevski
d1c89562b8 Apply suggestions from code review 2022-01-18 21:45:13 +01:00
Chris Smowton
84097468cc Merge pull request #7286 from luchua-bc/java/unsafe-url-forward-dispatch
Java: CWE-552 Query to detect unsafe request dispatcher usage
2022-01-18 18:19:20 +00:00
Owen Mansel-Chan
1aebf4ccac Merge pull request #664 from owen-mc/add-change-note-function-getacall
Add change note for change to `Function.getACall`
2022-01-18 18:12:29 +00:00
Henry Mercer
63672ca394 Merge pull request #7616 from github/henrymercer/js-atm-add-query-help
JS: Add query help for ML-powered queries
2022-01-18 18:11:53 +00:00
Chris Smowton
1e32514600 Avoid using this for a non-extending supertype, and remove needless casts 2022-01-18 17:20:40 +00:00
Benjamin Muskalla
9e91b805d6 Sort Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
e6800c877c Merge Lang3 rows 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
736e68820c Split out Lang3 models 2022-01-18 18:10:37 +01:00
Benjamin Muskalla
67b60dcf78 Sort Lang2 rows 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
82bda6d573 Merge Lang2 summary models 2022-01-18 18:10:36 +01:00
Benjamin Muskalla
8eb6743586 Split out Lang2 rows 2022-01-18 18:10:33 +01:00
Chris Smowton
d744cf9053 Clean up guard logic:
* Always sanitize after the second guard, not the first
* Only check basic-block dominance in one place
* One BarrierGuard extension per final guard
2022-01-18 17:10:06 +00:00
Chris Smowton
748008ad51 Remove dangling reference to UnsafeRequestPath.java 2022-01-18 17:08:38 +00:00
luchua-bc
a3d65a8ed0 Update recommendation in qldoc and make examples more comprehendible 2022-01-18 17:01:26 +00:00
Owen Mansel-Chan
84116e1681 Update ql/lib/change-notes/2022-01-18-function-get-a-call.md
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-18 16:51:07 +00:00
Owen Mansel-Chan
fd1136a777 Add change note for change to Function.getACall 2022-01-18 16:42:57 +00:00
Geoffrey White
982fb8f73a C++: Add change note. 2022-01-18 16:38:44 +00:00
Robert Marsh
024bd27485 Merge pull request #7578 from MathiasVP/store-dest-should-not-be-use
C++: Store destinations should not be uses for dataflow SSA
2022-01-18 11:36:15 -05:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
CodeQL CI
1912c56f82 Merge pull request #7631 from RasmusWL/sqlalchemy-scoped-session
Approved by tausbn
2022-01-18 14:31:49 +00:00
Erik Krogh Kristensen
2433eafef2 add query for detecting insecure temprary files 2022-01-18 14:54:56 +01:00
Rasmus Wriedt Larsen
95e935e9c1 Python: Support SQLAlchemy scoped_session 2022-01-18 14:34:31 +01:00
Erik Krogh Kristensen
30d896bdbb QL: make the alert-message more precise when the type-cast is also redundant 2022-01-18 14:25:43 +01:00
Jaroslav Lobačevski
92f5a5f893 Reduce FPs in IncorrectPrivilegeAssignment.ql
Implements suggestions from https://github.com/github/codeql/pull/6949#issuecomment-976482965
2022-01-18 13:43:17 +01:00
Erik Krogh Kristensen
14d2f5fe02 QL: add a new ql/could-be-cast query 2022-01-18 13:37:32 +01:00
Erik Krogh Kristensen
a1f4c85dea QL: update expected output for the printAst test 2022-01-18 13:37:04 +01:00
Erik Krogh Kristensen
1ec868eeae QL: various improvements to Ast.qll 2022-01-18 13:23:33 +01:00
Erik Krogh Kristensen
95ae113994 QL: downgrade redundant-inline-cast to a warning query 2022-01-18 13:22:01 +01:00
Erik Krogh Kristensen
ea7945bac1 QL: show recommendation queries by default, and remove the MissingQLDoc query 2022-01-18 13:21:07 +01:00
Henry Mercer
be0c26f83d Merge pull request #7617 from github/henrymercer/js-atm-update-alert-messages
JS: Update alert messages for ML-powered queries
2022-01-18 11:37:02 +00:00
Mathias Vorreiter Pedersen
cb0cc8d859 Merge pull request #7625 from geoffw0/nullterm4
C++: Fix some code duplication.
2022-01-18 11:18:06 +00:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents
Java: CWE-927 - Query to detect the use of implicit PendingIntents
2022-01-18 12:14:47 +01:00
Geoffrey White
548a62d1ab C++: Fix branch related FPs in cpp/improper-null-termination. 2022-01-18 11:13:08 +00:00
Felicity Chapman
c3ed74d63c Merge pull request #7604 from github/lgtm-1.29-docs
Update version numbers in CodeQL support notes for LGTM 1.29
2022-01-18 11:09:38 +00:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
2022-01-18 11:05:47 +00:00
Benjamin Muskalla
7e215a5193 Merge pull request #7599 from bmuskalla/modelWriter
Java: Model Appenable and Writer
2022-01-18 11:55:27 +01:00
Henry Mercer
1893b9f7a9 Merge pull request #7376 from github/henrymercer/js-atm-absent-features-optimization
JS: Update featurization for absent features optimization
2022-01-18 10:15:53 +00:00
Tony Torralba
f103d45340 Merge branch 'main' into atorralba/android-implicit-pending-intents 2022-01-18 10:50:49 +01:00
Mathias Vorreiter Pedersen
e1598aba5e C++: Fix spelling. 2022-01-18 09:44:36 +00:00
Tony Torralba
3ff7710a18 Improve ExplicitIntent's QLDoc 2022-01-18 10:43:52 +01:00
Tony Torralba
fe2755c4a0 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-18 10:41:19 +01:00
Benjamin Muskalla
365a8d9bbd Fix flow for fluent appendable api 2022-01-18 10:41:00 +01:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
fff3b5c5b4 Dataflow: Add qldoc. 2022-01-18 10:39:55 +01:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
7b98ca9b0a C#: Adjust qltest expected output. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
71e39353ca Dataflow: Sync. 2022-01-18 10:36:52 +01:00
Anders Schack-Mulligen
b22c4e3c56 Dataflow: Bugfix: include subpaths ending at a sink. 2022-01-18 10:34:14 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
dfa79f6119 Dataflow: Sync. 2022-01-18 10:30:09 +01:00
Anders Schack-Mulligen
46736a137c Dataflow: Don't include subpaths that can't reach a sink. 2022-01-18 10:30:09 +01:00
Chris Smowton
2c37885f6e Sync dataflow 2022-01-18 10:30:09 +01:00
Chris Smowton
7c9b44b4cb Don't include arg -> param edges in PathGraph::edges whose arg is not reachable
This avoids lots of missing-node warnings from `codeql bqrs interpret` as it discards the nodes that occur in the `edges` relation but not `nodes`. The problem arises because subpaths introduced two variants of `reach`, one of which is more restrictive than simply `reach(succ) and succ = pred.getASuccessor()`, so it no longer suffices to just check that the successor is reachable.
2022-01-18 10:30:09 +01:00
Michael Nebel
de3d62b3f4 C#: Update stats file for the new relations (they are unfortunately empty). 2022-01-18 09:33:40 +01:00
Michael Nebel
bf21026771 C#: Add downgrade scripts for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
8fd116fbd7 C#: Add upgrade scripts for the new tables requires for the line span pragma. 2022-01-18 09:32:14 +01:00
Michael Nebel
ac47c96f48 C#: Add Line span pragma test case. 2022-01-18 09:32:14 +01:00
Michael Nebel
8b048ca17e C#: Add line span pragma example. 2022-01-18 09:32:14 +01:00
Michael Nebel
93255dfe13 C#: Add QL library support for the Line span directive. 2022-01-18 09:32:14 +01:00
Michael Nebel
7e264668d8 C#: Refator directive visitor to use expression body. 2022-01-18 09:32:14 +01:00
Michael Nebel
af380f846e C#: Add support in the extractor for the LineSpanDirective. 2022-01-18 09:32:14 +01:00
Michael Nebel
195d40c04e C#: Add new class needed for LineSpanDirective and modify existing implementation to use the new types. 2022-01-18 09:32:14 +01:00
Michael Nebel
a197befb5f C#: Add shared base class for line and line span pragmas. 2022-01-18 09:32:14 +01:00
Michael Nebel
c9467d7e94 C#: Add new tables to the dbscheme line span pragma. 2022-01-18 09:32:14 +01:00
Anders Schack-Mulligen
c41ec1f8ec Merge pull request #7619 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-18 09:17:40 +01:00
github-actions[bot]
b8959f7bdb Add changed framework coverage reports 2022-01-18 00:10:52 +00:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Erik Krogh Kristensen
d63f4bfd94 Merge pull request #7615 from erik-krogh/super-charpred
QL: support this.method() calls in the charpred that references non-extending supertypes
2022-01-17 18:32:10 +01:00
Felicity Chapman
e0110bd25e FIx typo in new note 2022-01-17 17:20:00 +00:00
Henry Mercer
ffa4135cbe JS: Update alert messages for ML-powered queries 2022-01-17 17:19:49 +00:00
Erik Krogh Kristensen
a4cfb80b81 QL: update comment 2022-01-17 17:19:15 +00:00
Felicity Chapman
e7dde79d50 Add note and link to main CodeQL CLI docs 2022-01-17 17:14:58 +00:00
Erik Krogh Kristensen
85c273a413 QL: support this.method() calls in the charpred that references non-extending supertypes 2022-01-17 17:42:35 +01:00
Henry Mercer
e9128466d4 JS: Add query help for ML-powered queries
Query help is identical to the original query, except for a new
paragraph prepended to the overview explaining that the queries are
experimental.

We add Markdown query help since only Markdown query help is embedded in
SARIF via `--sarif-add-query-help`.
2022-01-17 16:34:50 +00:00
Henry Mercer
568d37e9b9 JS: Update definition of ATM query suite
It's simpler to just run all the queries in the pack instead of
specifying the IDs.
2022-01-17 16:34:50 +00:00
Geoffrey White
d475101286 C++: Fix some code duplication. 2022-01-17 16:26:22 +00:00
Owen Mansel-Chan
065043b311 Merge pull request #7588 from owen-mc/add-specific-needs-reference-predicates
Dataflow: Add language-specific NeedsReference predicates
2022-01-17 15:51:34 +00:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Michael Nebel
b927aad6ed C#: Address review comments related to record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
6c1bb4a3a9 C#: Add test case for record class and record structs. 2022-01-17 16:16:18 +01:00
Michael Nebel
746fd603d8 C#: Add flow summary test for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
9770f09839 C#: Deprecate Record and introduce RecordClass instead. Also make flow summary support for record struct constructors. 2022-01-17 16:16:18 +01:00
Michael Nebel
55cb2aa160 C#: Use modifier to decide, if a type is a record like type and implement support for record struct types. 2022-01-17 16:16:18 +01:00
Michael Nebel
dc76775d07 C#: Consider 'record' a type modifier in the extractor (it can be applied to both class and struct). 2022-01-17 16:16:18 +01:00
Michael Nebel
c17bd29640 C#: Rename C# code file and update test. 2022-01-17 16:16:18 +01:00
Tony Torralba
e967b8a9be Merge pull request #6576 from atorralba/atorralba/android-cleartext-storage-filesystem
Java: Create new query Cleartext storage of sensitive information in Android filesystem
2022-01-17 14:02:38 +01:00
Tony Torralba
227929508f Merge pull request #6923 from atorralba/atorralba/android-fragment-injection
Java: CWE-470  - Queries to detect Fragment Injection in Android applications
2022-01-17 14:02:15 +01:00
Tom Hvitved
3c837c322b Merge pull request #7514 from github/post-release-prep/codeql-cli-2.7.5
Post-release preparation for codeql-cli-2.7.5
2022-01-17 12:40:33 +01:00
Tom Hvitved
429a9658e1 Merge pull request #657 from github/post-release-prep/codeql-cli-2.7.5
Post-release preparation for codeql-cli-2.7.5
2022-01-17 12:40:24 +01:00
Tony Torralba
7beab7cb59 Apply code review suggestions 2022-01-17 12:02:27 +01:00
Mathias Vorreiter Pedersen
78642aaae2 Merge pull request #7593 from MathiasVP/fix-join-order-in-get-conversion-type
C++: Fix join order in 'getConversionType4'
2022-01-17 11:01:08 +00:00
Chris Smowton
16aa53a928 Add security tag to java/random-used-once
Raised in https://github.com/github/codeql/issues/7601, this is one of the only .ql files that has a security-severity score but not the tag "security", including many other queries that live outside the `Security/` subdirectory.

Besides this the only other files with this security-severity-but-no-security-tag combination are:

```
java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
```

Given their location I'm assuming these queries are disabled by default and likely shouldn't changed?
2022-01-17 10:35:34 +00:00
Tony Torralba
a23b8a4a43 Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-17 11:20:39 +01:00
Tony Torralba
ba3a4fb717 Rename filesystemStore predicate after d9e6e5aa04 2022-01-17 11:13:41 +01:00
Tony Torralba
500deac12d Change query description 2022-01-17 11:11:05 +01:00
Tony Torralba
d9e6e5aa04 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-17 11:11:05 +01:00
Tony Torralba
22aad17d0e Apply review suggestions
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2022-01-17 11:11:04 +01:00
Tony Torralba
9bbba3c96f Adjust UnsupportedExternalAPIs test 2022-01-17 11:11:04 +01:00
Tony Torralba
1e4840e071 Fix predicate name 2022-01-17 11:11:03 +01:00
Tony Torralba
79ddbd6fe4 Fix QLDoc and the qhelp example 2022-01-17 11:11:03 +01:00
Tony Torralba
c1ac09a063 Added query for Cleartext Storage in Android Filesystem 2022-01-17 11:11:00 +01:00
Paolo Tranquilli
6a53b7b233 Merge pull request #7543 from github/rdmarsh2/cpp/hex-format-range-analysis
C++: Use range analysis for maximum lengths of `%x` formats
2022-01-17 08:32:34 +01:00
Alex Ford
d09f48ecb4 Ruby: flag up protect_from_forgery calls without an exception strategy 2022-01-16 20:56:13 +00:00
Artem Smotrakov
825fe1797a Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:55:49 +00:00
Artem Smotrakov
6dad0e21d9 Ignore wrapped HostnameVerifier.vefify() calls 2022-01-16 18:29:30 +00:00
Artem Smotrakov
dcf251bb93 Fixed typos in IgnoredHostnameVerification.qhelp 2022-01-16 18:27:49 +00:00
Fosstars
2b33265d0f Added a query for ignored hostname verification
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
2022-01-16 18:27:49 +00:00
Artem Smotrakov
f78002bc02 Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql 2022-01-16 18:25:18 +00:00
Fosstars
e11cb943a6 Added a query for ignored hostname verification
- Added IgnoredHostnameVerification.ql
- Added a qhelp file with examples
- Added tests
2022-01-16 18:25:18 +00:00
luchua-bc
4797fce48a Update use cases and qldoc 2022-01-16 01:15:29 +00:00
luchua-bc
978ef1570a Update method names 2022-01-16 01:11:25 +00:00
jorgectf
9ab6d21757 Add forward type tracking test 2022-01-14 22:56:51 +01:00
Andrew Eisenberg
a83af5e14c Merge pull request #661 from github/aeisenberg/changenote-upgrades-removal
Changenotes: Add changenotes for upgrades refactoring
2022-01-14 12:12:57 -08:00
Tom Hvitved
2ecf0d3264 Merge pull request #7550 from michaelnebel/csharp/global-using
C#: Support for identifying whether a using directive is "global".
2022-01-14 20:03:18 +01:00
Andrew Eisenberg
156588a6a7 Update change note
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
2022-01-14 10:32:47 -08:00
Robert Marsh
5df6bcf952 C++: change note for hex format range analysis 2022-01-14 13:18:58 -05:00
Dave Bartolomeo
bce2a810a3 Merge pull request #7400 from github/dbartol/change-note-instructions
Add instructions for creating change notes.
2022-01-14 13:10:44 -05:00
Robert Marsh
9de63b2812 Merge branch 'main' into rdmarsh2/cpp/hex-format-range-analysis
Accept test changes from query split
2022-01-14 12:53:52 -05:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
Andrew Eisenberg
c86e96bcc2 Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:19:47 -08:00
Tony Torralba
a2c98baf29 Reordering 2022-01-14 17:17:57 +01:00
Tony Torralba
eb1806c0a9 Split PathMatchGuard into three guards 2022-01-14 17:14:18 +01:00
Ian Lynagh
bba8e45e74 Merge pull request #7602 from igfoo/igfoo/typos
Fix a couple of typos: clases / clasess
2022-01-14 15:56:04 +00:00
Henry Mercer
ed28b7f174 Merge pull request #7575 from github/henrymercer/atm-remove-code-to-features
JS: Remove ATM `CodeToFeatures` library
2022-01-14 15:31:34 +00:00
Michael Nebel
e09009cd8e Merge pull request #7118 from michaelnebel/csharp-primary-ql-class
C#: PrimaryQlClass
2022-01-14 16:14:28 +01:00
Felicity Chapman
fdf77ad2b9 Update version numbers for LGTM 1.29 2022-01-14 15:07:29 +00:00
Ian Lynagh
22dc24629f Fix a couple of typos: clases / clasess 2022-01-14 14:28:29 +00:00
Tony Torralba
fb1287d577 Use dominance instead of getParent
Add clarification comments to PathMatchGuard
2022-01-14 15:28:02 +01:00
Mathias Vorreiter Pedersen
25253c7b8d C++: Don't count write operations as uses for IR dataflow. Accept test changes. 2022-01-14 13:39:57 +00:00
Mathias Vorreiter Pedersen
e8afec413a C++: Add testcase that demonstrates a FP caused by spurious flow through phi nodes in IR dataflow. 2022-01-14 13:34:27 +00:00
Tony Torralba
136fefbab5 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-14 13:38:17 +01:00
luchua-bc
877c52981f Remove the deprecated library keyword 2022-01-14 12:13:41 +00:00
Tony Torralba
cde7a35c1f QLDoc 2022-01-14 13:12:30 +01:00
Michael Nebel
8c6c8b0adb C#: Remove un-needed ql doc comment. 2022-01-14 12:55:54 +01:00
Tony Torralba
6aac848015 Fix imports 2022-01-14 12:43:08 +01:00
Tony Torralba
9f616e7cbe Refactor to use FlowState
Remove the auxiliary DataFlow configuration
2022-01-14 12:24:35 +01:00
Mathias Vorreiter Pedersen
b51c85597b Merge pull request #7529 from erik-krogh/fixup-library-deps
QL: recognize dependecies of the form: libraryPathDependencies: library-name
2022-01-14 11:13:56 +00:00
Erik Krogh Kristensen
b02fecf125 Merge pull request #7600 from erik-krogh/ql-for-ql-team
QL: change reviewers of QL-for-QL to a newly created team
2022-01-14 11:45:40 +01:00
Erik Krogh Kristensen
47e56365c4 QL: change reviewers of QL-for-QL to a newly created team 2022-01-14 11:32:09 +01:00
Henry Mercer
d55e6d1ca7 Merge pull request #7594 from github/henrymercer/js-atm-rename-queries
JS: Update names, IDs, and tags for ML-powered queries
2022-01-14 10:28:24 +00:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Benjamin Muskalla
37ca6a5e41 Model Appenable and Writer
This allows us to track taint carried through all kind of writers.
2022-01-14 11:12:35 +01:00
Mathias Vorreiter Pedersen
6d95d47467 Merge branch 'main' into fix-join-order-in-get-conversion-type 2022-01-14 09:53:17 +00:00
Michael Nebel
6009d71e9a C#: Add getAPrimaryQlClass override to UnknownExpr. 2022-01-14 10:41:44 +01:00
Tony Torralba
df95317a58 Fix tests after stub change 2022-01-14 10:33:21 +01:00
Tony Torralba
6f06be9419 Update change note 2022-01-14 10:33:19 +01:00
Tony Torralba
bd4abf4fd0 Additional Notification models 2022-01-14 10:32:38 +01:00
Tony Torralba
a9757fbc83 Setting null Components is not a sanitizer 2022-01-14 10:32:37 +01:00
Tony Torralba
a59a4024a5 Update stubs 2022-01-14 10:32:36 +01:00
Tony Torralba
66794665f3 Remove unneeded implicit read step 2022-01-14 10:32:36 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Tony Torralba
9c12c5f8b8 Remove duplicated models 2022-01-14 10:32:01 +01:00
Tony Torralba
f963887c58 Change test to avoid collision with SensitiveCommunication.ql 2022-01-14 10:32:01 +01:00
Tony Torralba
48acff9262 Remove unneeded code 2022-01-14 10:32:00 +01:00
Tony Torralba
9e3594fcf1 Added more sinks 2022-01-14 10:32:00 +01:00
Tony Torralba
1e3e48132c Rewording 2022-01-14 10:31:59 +01:00
Tony Torralba
47c851efaf Consider more startService methods 2022-01-14 10:31:59 +01:00
Tony Torralba
12059a8a50 Update models to use synthetic fields 2022-01-14 10:31:58 +01:00
Tony Torralba
d49e52fb73 Add support for PendingIntents in Notifications 2022-01-14 10:31:58 +01:00
Tony Torralba
c73e4ebc48 Remove models after rebase 2022-01-14 10:31:58 +01:00
Tony Torralba
7f85dae63b Add support for implicit field read flows 2022-01-14 10:31:57 +01:00
Tony Torralba
e58a8587db Add support for Slices 2022-01-14 10:31:56 +01:00
Tony Torralba
d43242d09e Added tests 2022-01-14 10:31:56 +01:00
Tony Torralba
d0077b8c12 Added query ImplicitPendingIntents 2022-01-14 10:31:53 +01:00
Mathias Vorreiter Pedersen
68385dfab5 Merge pull request #7386 from github/redsun82/cpp-overrunning-write-precision-split
C++: split `cpp/overrunning-write` into two
2022-01-14 09:11:39 +00:00
Tom Hvitved
6c20585fc7 C#: Eliminate bad magic optimization
```
[2022-01-14 08:57:14] (253s) Tuple counts for Stmt::getAChild#bbf/3@8dfbc66f after 1m53s:
                      4922010396 ~5%     {3} r1 = JOIN ControlFlowElement::ControlFlowElement::getEnclosingCallable_dispred#ff_10#join_rhs WITH ControlFlowElement::ControlFlowElement::getEnclosingCallable_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'cfe', Rhs.1 'cfe', Lhs.0 'c'
                      1597068    ~2%     {3} r2 = JOIN r1 WITH Element::Element::getAChild_dispred#ff ON FIRST 2 OUTPUT Lhs.0 'cfe', Lhs.2 'c', Lhs.1 'result'
                                         return r2
```
2022-01-14 10:10:23 +01:00
Tom Hvitved
411d2b2876 C#: Update stats 2022-01-14 10:10:23 +01:00
Michael Nebel
f025db0371 C#: Add downgrade script for deleting using_global relation. 2022-01-14 10:10:23 +01:00
Michael Nebel
dcd6a6be40 C#: Add database upgrade script for adding the using_global relation. 2022-01-14 10:10:22 +01:00
Michael Nebel
a1eff1603a C#: Add test for global using directive. 2022-01-14 10:10:22 +01:00
Michael Nebel
c118d9bf6f C#: Add support for the global modifier for using directives. 2022-01-14 10:10:22 +01:00
Michael Nebel
e305a8a6c5 C#: Refactor Tuples to use expression body syntax. 2022-01-14 10:10:22 +01:00
Michael Nebel
6e72f6e2c4 C#: Refactor to re-use code to extract modifier tokens. 2022-01-14 10:10:13 +01:00
Edoardo Pirovano
f2818ebb5e Merge pull request #7489 from edoardopirovano/fix-example
Fix example in JavaScript query
2022-01-14 08:58:28 +00:00
Tony Torralba
8f73772955 Merge pull request #7595 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-14 09:32:13 +01:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state
Dataflow: Add support for flow state
2022-01-14 09:12:38 +01:00
github-actions[bot]
685336fa23 Add changed framework coverage reports 2022-01-14 00:10:33 +00:00
Henry Mercer
e9bb9f5294 JS: Update names, IDs, and tags for ML-powered queries 2022-01-13 17:45:40 +00:00
Henry Mercer
8e9d8c112d JS: Improve comments in FunctionBodyFeatures.qll 2022-01-13 17:20:42 +00:00
Henry Mercer
2aea3257cb JS: Improve documentation for getTokenizedAstNode 2022-01-13 17:20:41 +00:00
Andrew Eisenberg
4ffd8c62ac Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal
Changenotes: Add changenotes for upgrades refactoring
2022-01-13 09:09:06 -08:00
Andrew Eisenberg
c6deccf863 Minor fixes to the getting started docs
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-01-13 09:02:10 -08:00
Henry Mercer
92d6fecc73 Optimize performance of body tokens
The refactoring to remove the `CodeToFeatures` AST reintroduced a
performance problem. This commit resolves it by pushing size
restrictions into intermediate predicates.
2022-01-13 16:29:04 +00:00
Michael Nebel
71baf32596 Update csharp/ql/consistency-queries/PrimaryQlClass.ql
Co-authored-by: Tom Hvitved <hvitved@github.com>
2022-01-13 16:36:31 +01:00
Owen Mansel-Chan
d41c55c69c Add needed predicates for Ruby and C#
This was done manually.
2022-01-13 15:10:19 +00:00
Owen Mansel-Chan
2de6340ff5 Sync FlowSummaryImpl.qll
Done using sync-files.py
2022-01-13 15:09:25 +00:00
Owen Mansel-Chan
83a25698bb Allow adding inputs and outputs needing reference 2022-01-13 15:09:17 +00:00
Tony Torralba
b6886b8e43 Move code to qll file 2022-01-13 15:28:57 +01:00
Tony Torralba
81feaaec02 Refactor PathMatchGuard 2022-01-13 15:24:41 +01:00
Anders Schack-Mulligen
c44cf29992 Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard
Dataflow: Add default taint sanitizer guard
2022-01-13 14:44:55 +01:00
Tony Torralba
cd9a485c47 Refactor NullOrEmptyCheckGuard 2022-01-13 14:44:08 +01:00
Anders Schack-Mulligen
61490e74d8 Merge pull request #7561 from aschackmull/java/misc-perf
Java: A few perf fixes for getASupertype*().
2022-01-13 14:43:28 +01:00
Mathias Vorreiter Pedersen
6148af4621 C++: Fix join order in 'getConversionType4'. 2022-01-13 13:28:36 +00:00
Anders Schack-Mulligen
f7cf327e71 Dataflow: Sync 2022-01-13 13:28:43 +01:00
Anders Schack-Mulligen
a34c981209 Dataflow: Address comments. 2022-01-13 13:28:24 +01:00
Asger Feldthaus
708408a458 JS: Recognize "sql" option as a query string 2022-01-13 13:04:41 +01:00
Anders Schack-Mulligen
69973dadb3 Merge pull request #7548 from zbazztian/spring-taint-summaries
Java: Add Spring and Apache Common Langs taint flow steps
2022-01-13 13:00:41 +01:00
Paolo Tranquilli
e6763c858d C++: add bindingset to private Printf predicate
That predicate turned out to create a lot of tuples, of which only a
minimal part was then used in the query.
2022-01-13 11:59:48 +00:00
Paolo Tranquilli
64d15d6226 C++: fix inc.qhelp files and change notes 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
7b4300e4cf C++: Apply suggestions in documentation
Co-authored-by: Sarah Edwards <skedwards88@github.com>
2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9d49ad9f20 C++: use includes in OverrunWrite qhelp files
Also added the relevant CERT C _and_ C++ standard references where they
were missing, and did some minor stylistic tweaks to
`OverrunWriteFloat.qhelp`.
2022-01-13 11:59:48 +00:00
Paolo Tranquilli
c117a1e21f C++: demote VeryLikelyOverrunWrite cast results
There were some false positives where something like

    int x;
    // ...
    sprintf(buff, "%ld", (long)x);

was considered as if the parameter had a non-trivial range analysis only
because the range of `int` is smaller than the range for `long`, without
any non-trivial range analysis actually done on `x`.

These will now be reported by `OverrunWrite` instead.
2022-01-13 11:59:48 +00:00
Paolo Tranquilli
630982cc31 C++: auto format Printf.qll 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9f811b2439 C++: remove unused variables and fix tests 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
013216d5e6 C++: exclude widening from VeryLikelyOverrunWrite
This also restrict what we consider "non-trivial" range analysis, as we
now require both ends to be non-trivially bounded for signed integers.
This avoids false positives stemming from a non trivial upper bound but
no meaningful lower bound, for example.
2022-01-13 11:59:47 +00:00
Paolo Tranquilli
aac029841a C++: doc fixes to VeryLikelyOverrunWrite 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
c8741f6475 C++: update 2021-12-14-overruning-write-split.md
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-01-13 11:59:47 +00:00
Paolo Tranquilli
1e4861a944 C++: shorten VeryLikelyOverrunWrite @name 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
106400238a C++: tweak overrunning write qhelp files 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
8ac34f3db5 C++: NoSpecifiedEstimateReasonUnspecified... 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
4a85b9b0cc C++: add VeryLikelyOverrunWrite.ql to cwe-120 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
97f1a5bac0 C++: add VeryLikelyOverrunWrite.qhelp 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
10b62154a1 C++: add cpp/very-likely-overruning-write help
Also update the help of `cpp/overruning-write`, as the case shown there
will actually not be flagged by that query any more.
2022-01-13 11:59:47 +00:00
Paolo Tranquilli
b979f02e5d C++: fix OverrunWrite for backward compatibility
Rather than testing for `TypeBoundsAnalysis`, we test that the reason is
not `ValueFlowAnalysis` (which is reported by the new
`cpp/very-likely-overruning-write` query), so that if a client has
overridden `BufferWrite::getMaxData` the `NoSpecifiedEstimateReason` is
taken into account.
2022-01-13 11:59:47 +00:00
Paolo Tranquilli
db6214fdff C++: add change note for new overrun write query 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
a0059202db C++: split cpp/overrunning-write into two
This splits the `cpp/overruning-write` into two separate queries based
off on the reason for the estimation. If the overrun is detected based
on non-trivial range analysis, the results are now marked by the new
`cpp/very-likely-overruning-write` high precision query. If it is based
on less precise, usually type based bounds, then it will still be marked
by `cpp/overruning-write` which remains at medium precision.
2022-01-13 11:59:47 +00:00
Michael Nebel
85fc127c0a C#: Fix BDD limit issue (thank you @jbj). 2022-01-13 12:46:56 +01:00
Owen Mansel-Chan
7e42ccfbf1 Don't cache defaultTaintSanitizerGuard for java 2022-01-13 11:36:20 +00:00
Michael Nebel
7c11e2d7e9 C#: Add a consistency test for getAPrimaryQlClass 2022-01-13 12:20:42 +01:00
Michael Nebel
6b937a939b C#: Add getAPrimaryQlClass overrides 2022-01-13 12:20:41 +01:00
Stephan Brandauer
40ad88ba53 Merge pull request #7474 from kaeluka/db-reads-as-taint-sources
JS: DB reads as taint sources
2022-01-13 12:06:48 +01:00
Michael Nebel
8583a4ffea Merge pull request #7583 from michaelnebel/csharp/fix-broken-test
C#: Narrow string interpolation expressions to a specific single file in testcase.
2022-01-13 11:37:52 +01:00
Erik Krogh Kristensen
89bab6ae12 Merge pull request #7097 from erik-krogh/railsReDoS
JS/PY/RB: support a limited number of ranges for ReDoS analysis
2022-01-13 11:04:36 +01:00
Stephan Brandauer
93507a2d71 combine two implementations for database-accesses as remote flow sources 2022-01-13 10:53:58 +01:00
Michael Nebel
aacb03a74b C#: Narrow string interpolation expressions to a specific single file in testcase. 2022-01-13 10:25:33 +01:00
Stephan Brandauer
63aaf24063 base implementation of Sequelize model on models-as-data 2022-01-13 09:41:25 +01:00
Anders Schack-Mulligen
da69886777 Merge pull request #7580 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-13 09:26:00 +01:00
Sebastian Bauersfeld
a6e4f29560 Java: Use the interface instead of the abstract class 2022-01-13 14:13:36 +07:00
Sebastian Bauersfeld
69f329ffec Java: Add test cases for AbstractMessageSource.getMessage() methods 2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld
39b6678b7d Java: Add test case for StringEscapeUtils.escapeJson() taint step. 2022-01-13 11:18:37 +07:00
github-actions[bot]
625836a3be Add changed framework coverage reports 2022-01-13 00:11:30 +00:00
Andrew Eisenberg
8a4120a08d Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:38:43 -08:00
Andrew Eisenberg
e435a3e9c3 Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:36:31 -08:00
Henry Mercer
1c3c9216f5 Merge pull request #7576 from github/henrymercer/js-bump-atm-versions
JS: Bump ATM pack versions to 0.0.4
2022-01-12 16:53:10 +00:00
Stephan Brandauer
09a28c428c base implementation of Spanner model on models-as-data 2022-01-12 17:07:16 +01:00
Henry Mercer
9abc3411a4 JS: Bump ATM pack versions to 0.0.4 2022-01-12 15:19:13 +00:00
Robert Marsh
5031d6c4a3 Merge pull request #7566 from MathiasVP/smaller-join-in-reachesRefParameter
C++: Smaller join in `reachesRefParameter`
2022-01-12 10:04:35 -05:00
Owen Mansel-Chan
8e8278764b Add predicate defaultTaintSanitizerGuard for each language
This was done manually, as these files are not synced by sync-files.py.
2022-01-12 14:44:56 +00:00
Owen Mansel-Chan
c112980b81 Sync TaintTrackingImpl.qll
Done automatically using sync-files.py
2022-01-12 14:44:55 +00:00
Owen Mansel-Chan
9ec3d7787c Add option for default taint sanitizer guard
This allows languages to specify A sanitizer guard in all
global taint flow configurations but not in local taint.
2022-01-12 14:44:55 +00:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
github-actions[bot]
970e8e1f91 Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:33 +00:00
Henry Mercer
7f61738a23 Use US English spelling 2022-01-12 13:07:09 +00:00
Henry Mercer
6e37a65e84 Remove CodeToFeatures AST library 2022-01-12 12:47:28 +00:00
Henry Mercer
957e34d8a7 Make function body features library independent of CodeToFeatures AST 2022-01-12 12:47:28 +00:00
Henry Mercer
9e50ce873d Move function body features into their own file 2022-01-12 12:47:28 +00:00
Henry Mercer
865fb5d0ef Migrate representative entity -> representative function 2022-01-12 12:47:27 +00:00
Henry Mercer
0e5b493d0e Remove CodeToFeatures AST consistency checks
We no longer use the `CodeToFeatures` AST, therefore these checks are
defunct.
2022-01-12 12:47:27 +00:00
Henry Mercer
387829bbb4 Extract body tokens from the JS AST, not the CodeToFeatures AST 2022-01-12 12:47:25 +00:00
Henry Mercer
3ef69763a7 Merge pull request #7567 from github/henrymercer/atm-body-tokens-perf-opt
ATM: Optimize body tokens by pushing in size restriction
2022-01-12 12:45:27 +00:00
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr
Java: Fix toString on field declarations with single field
2022-01-12 13:03:16 +01:00
Tony Torralba
8a80e02861 Merge pull request #7574 from pwntester/improve_strings_qll
Add models for AbstractStringBuilder.substring,subsequence,getChars
2022-01-12 12:01:28 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Alvaro Muñoz Sanchez
715d372572 Add models for AbstractStringBuilder.substring,subsequence,getChars 2022-01-12 10:54:27 +01:00
Anders Schack-Mulligen
c6a9b2b6ff Merge pull request #7572 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-12 09:39:14 +01:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
Michael Nebel
f17c110f51 Merge pull request #7562 from michaelnebel/csharp/record-seal-tostring
C#: Record types are allowed to seal ToString (test only).
2022-01-12 08:08:32 +01:00
luchua-bc
263dbd33f6 Optimize the query 2022-01-12 02:33:17 +00:00
github-actions[bot]
c79e8ab440 Add changed framework coverage reports 2022-01-12 00:10:48 +00:00
Andrew Eisenberg
e4eb2c2a59 Update docs on the output of resolve qlpacks
The output has changed and there are no more upgrades
packs. There are also other changes included here.
2022-01-11 15:54:53 -08:00
Andrew Eisenberg
da4f1d86aa Merge pull request #7355 from github/aeisenberg/remove-upgrades
Move upgrades into standard library packs
2022-01-11 14:09:10 -08:00
Andrew Eisenberg
2b8e4b2ffa Merge pull request #628 from github/aeisenberg/upgrades/work
Push upgrades pack into lib pack
2022-01-11 14:09:06 -08:00
Andrew Eisenberg
6ceebc7d1e Merge branch 'main' into aeisenberg/upgrades/work 2022-01-11 11:27:35 -08:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Mathias Vorreiter Pedersen
c45127fdd6 Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
2022-01-11 16:52:13 +00:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection
Java: Promote Log Injection from experimental
2022-01-11 17:26:18 +01:00
Henry Mercer
3f70476c87 ATM: Optimize body tokens by pushing in size limit
Pushing the restriction to 256 tokens into the `bodyTokens` predicate
means we avoid this predicate blowing up due to very large functions.

This results in a runtime improvement from 1800s+ to 294s as measured
on a problematic repo on my machine (I didn't wait for the query to
finish running).
2022-01-11 16:16:54 +00:00
Tony Torralba
1030ff7063 Update java/ql/src/Security/CWE/CWE-117/LogInjection.ql 2022-01-11 16:25:32 +01:00
Tony Torralba
4aacba8594 Merge pull request #6468 from atorralba/atorralba/promote-cleartext-sharedprefs
Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental
2022-01-11 16:23:53 +01:00
Benjamin Muskalla
426f3117d6 Clarify model names and escape variables 2022-01-11 15:58:21 +01:00
Chris Smowton
6afd570c4c Merge pull request #658 from smowton/smowton/feature/q-format-directive-is-safe
Note that the %q format directive escapes newlines, and therefore prevents log injection
2022-01-11 14:45:40 +00:00
Tony Torralba
394c4a9ee0 Remove unused code 2022-01-11 14:50:48 +01:00
Mathias Vorreiter Pedersen
b3a7090068 C++: Fix join in reachesRefParameter by joining with 'getEnd' instead
of 'getANode'.

Before:

Tuple counts for FlowVar::FlowVar::reachesRefParameter_dispred#ff/2@956ac39i after 229ms:
  24806   ~1%     {2} r1 = JOIN FlowVar::FlowVar_internal::parameterIsNonConstReference#f WITH Parameter::Parameter::getFunction_dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Rhs.1
  56985   ~3%     {3} r2 = JOIN r1 WITH num#FlowVar::FlowVar_internal::TBlockVar#fff_12#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.0 'p', Lhs.1
  2384489 ~4%     {4} r3 = JOIN r2 WITH FlowVar::FlowVar_internal::getAReachedBlockVarSBB#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1 'p', Lhs.0 'this'
  49457   ~0%     {2} r4 = JOIN r3 WITH SubBasicBlocks::SubBasicBlock::getANode_dispred#fb ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'p'
                  return r4

After:

Tuple counts for FlowVar::FlowVar::reachesRefParameter_dispred#ff/2@46f8bfn7 after 32ms:
  24806 ~1%     {2} r1 = JOIN FlowVar::FlowVar_internal::parameterIsNonConstReference#f WITH Parameter::Parameter::getFunction_dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Rhs.1
  56985 ~1%     {3} r2 = JOIN r1 WITH num#FlowVar::FlowVar_internal::TBlockVar#fff_12#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'p', Rhs.1 'this'
  56985 ~1%     {3} r3 = JOIN r2 WITH SubBasicBlocks::SubBasicBlock::getEnd_dispred#fb_10#join_rhs ON FIRST 1 OUTPUT Lhs.2 'this', Rhs.1, Lhs.1 'p'
  49457 ~0%     {2} r4 = JOIN r3 WITH FlowVar::FlowVar_internal::getAReachedBlockVarSBB#ff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.2 'p'
                return r4
2022-01-11 13:48:20 +00:00
Michael Nebel
77763d7ee5 Merge pull request #7559 from michaelnebel/csharp/const-interpolatedstring
C#: Constant string interpolation (test only).
2022-01-11 14:01:55 +01:00
Michael Nebel
56bc3db46a C#: Add test case for sealed ToString modifier on a record type. 2022-01-11 13:58:43 +01:00
Michael Nebel
ae5d3a1ccb C#: Add example of sealing ToString on a record type. 2022-01-11 13:57:29 +01:00
Anders Schack-Mulligen
fdb4851521 Java: A few perf fixes for getASupertype*(). 2022-01-11 13:33:54 +01:00
Tony Torralba
50caf7d8dc Move change note to new location and remove import
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-01-11 12:24:44 +01:00
Tony Torralba
b9e32208ee Move change note to new location 2022-01-11 12:23:16 +01:00
Michael Nebel
1d8f8f79bb C#: Add const interpolated string test case. 2022-01-11 12:02:07 +01:00
Michael Nebel
5b89f0e0b8 C#: Add example of const interpolated string. 2022-01-11 12:01:40 +01:00
Benjamin Muskalla
49d2fbfb5f Fixed slug references and PR skips 2022-01-11 11:47:28 +01:00
Stephan Brandauer
132e0bf4b7 add database accesses as additional (heuristic) remote flow sources 2022-01-11 11:38:41 +01:00
Sebastian Bauersfeld
e2a9ced691 Java: Pass taint through Apache's StringEscapeUtils.escapeJson() method. 2022-01-11 15:49:44 +07:00
Sebastian Bauersfeld
f36ee95128 Java: Pass taint through Spring's AbstractMessageSource.getMessage() methods. 2022-01-11 15:48:29 +07:00
Anders Schack-Mulligen
2a36744deb Merge pull request #7552 from smowton/smowton/fix/local-parameterized-classes
Note that parameterizations of local classes are themselves local
2022-01-11 09:36:15 +01:00
Alex Ford
b9ed8ed416 Merge pull request #7553 from github/revert-7498-dependabot/cargo/ruby/generator/clap-3.0
Ruby: Revert "Update clap requirement from 2.33 to 3.0 in /ruby/generator"
2022-01-10 19:36:40 +00:00
Alex Ford
17e5b9cffa Revert "Update clap requirement from 2.33 to 3.0 in /ruby/generator" 2022-01-10 18:21:04 +00:00
Chris Smowton
e352a4b994 Note that parameterizations of local classes are themselves local
Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.
2022-01-10 18:19:31 +00:00
Robert Marsh
fe355a0bc9 C++: update test comments 2022-01-10 12:38:08 -05:00
Tony Torralba
fbebf5e953 Move change note to new location 2022-01-10 17:27:02 +01:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Tony Torralba
cc92ce2754 Fix QLDoc 2022-01-10 17:13:13 +01:00
Tony Torralba
e1e5e78464 Apply suggestions from code review
- Update CleartextStorage library to latest refactor
- Move change note to new location
2022-01-10 17:10:55 +01:00
Tony Torralba
d17e973b6b Apply suggestions from code review
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2022-01-10 17:09:41 +01:00
Tony Torralba
ec8c234872 Fix predicate name 2022-01-10 17:09:41 +01:00
Tony Torralba
55dc783f28 Move from experimental and refactor 2022-01-10 17:09:37 +01:00
CodeQL CI
d912a98b02 Merge pull request #7171 from asgerf/js/mad
Approved by erik-krogh
2022-01-10 13:17:09 +00:00
Chris Smowton
6f598a6972 Fix formatting regex comment 2022-01-10 10:49:12 +00:00
Anders Schack-Mulligen
f590d2566e DataFlow: Fix test. 2022-01-10 11:25:52 +01:00
Chris Smowton
ae5eadef28 Update ql/lib/semmle/go/frameworks/stdlib/Log.qll
Rename class

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2022-01-10 10:24:30 +00:00
Anders Schack-Mulligen
c8a6798c05 Ruby: Workaround for optimiser problem.
A size 1 DataFlowType causes misoptimisations.
2022-01-10 11:21:18 +01:00
Tom Hvitved
d2ebbe0819 Merge pull request #7469 from hvitved/csharp/promote-adhoc-consistency-checks
C#: Promote existing ad-hoc consistency checks to consistency queries
2022-01-10 11:10:25 +01:00
Michael Nebel
533fc7a912 Merge pull request #7532 from michaelnebel/csharp/file-scoped-namespace
C#: Make support for file scoped namespace declarations.
2022-01-10 09:02:18 +01:00
Mathias Vorreiter Pedersen
a5ccd6a23b Merge pull request #7521 from rdmarsh2/rdmarsh2/cpp/use-guards-in-overflow 2022-01-09 14:09:04 +00:00
Robert Marsh
67fb48fcc1 C++: use range analysis for hex format lengths
The "new" result on line 189 is a tighter bound than was previously
established, not a newly introduced location.
2022-01-07 16:16:22 -05:00
Robert Marsh
fa9242befe C++: Add tests for bounded hex format values 2022-01-07 16:08:53 -05:00
Robert Marsh
673399719e C++: autoformat DataFlowPrivate 2022-01-07 15:23:24 -05:00
Felicity Chapman
3b0d55e2f9 Merge pull request #5893 from niroshan/patch-1
Update README.md
2022-01-07 19:33:41 +00:00
Robert Marsh
78b8d113bb C++: PR comments on DataFlow Position 2022-01-07 14:21:56 -05:00
Robert Marsh
4322a39807 C++: fix typo in Overflow.qll abs handling 2022-01-07 14:09:47 -05:00
Erik Krogh Kristensen
cc5e9fea77 add test 2022-01-07 18:44:04 +01:00
Erik Krogh Kristensen
f7a63d5ea0 remove duplicated line 2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen
c8d29a9cf1 sync files 2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen
1a8b6d7414 recognize ranges without upper bounds 2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen
acaf294bee support a limited number of regexp ranges 2022-01-07 18:36:30 +01:00
Robert Marsh
a126154dfb C++: use -1 for this in dataflow Position 2022-01-07 11:39:26 -05:00
Robert Marsh
1890a14026 C++: IPA for pointer arg instead of negative index
This takes advantage of the new ArgumentPosition and ParameterPosition
types in the shared DataFlow library interface to represent indirections
with an IPA type rather than the negative-index system in use previously
2022-01-07 11:39:26 -05:00
Robert Marsh
4f23cce63b C++: Accept more test output 2022-01-07 11:27:45 -05:00
Michael Nebel
23b8444348 C#: Cleanup C# source code file and add a test case for namespace delcarations. 2022-01-07 16:04:43 +01:00
Michael Nebel
b8f6d17bc1 C#: Add test for file scoped namespace. 2022-01-07 16:04:43 +01:00
Michael Nebel
a6d847b532 C#: Make support for FileScoped namespace declaration in the extrator. 2022-01-07 16:04:43 +01:00
Erik Krogh Kristensen
bb94c42a35 explicit this
Co-authored-by: Taus <tausbn@github.com>
2022-01-07 15:22:21 +01:00
Mathias Vorreiter Pedersen
4ee653378e Merge pull request #7517 from MathiasVP/avoid-self-joins-in-toctou-query
C++: Remove bad self joins in `cpp/toctou-race-condition`.
2022-01-07 13:08:30 +00:00
Michael Nebel
94c1a489e0 Merge pull request #7507 from michaelnebel/csharp-libdataflow-cleanup
C#: Refactor and cleanup LibraryTypeDataFlow
2022-01-07 13:16:08 +01:00
Michael Nebel
17219eff61 Merge pull request #7530 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-07 13:15:49 +01:00
Michael Nebel
929f6ca578 C#: Address review comments. 2022-01-07 10:26:33 +01:00
Michael Nebel
d3368dcc23 C#: Remove the LibraryTypeDataFlow file as the remaining code is dead. 2022-01-07 10:26:32 +01:00
Michael Nebel
9b47249f6a C#: Migrate the legacy clearContent flow summaries to the new framework. 2022-01-07 10:26:32 +01:00
Michael Nebel
fd317c2e7b C#: Move RecordConstructorFlow. 2022-01-07 10:26:32 +01:00
Michael Nebel
fb950848c7 C#: Remove unused case, when converting SummaryComponent stacks. 2022-01-07 10:26:32 +01:00
Michael Nebel
5a0e6ed8e6 C#: Remove unsued predicates in CallableFlowSource and subclasses. 2022-01-07 10:26:32 +01:00
Michael Nebel
19914aba89 C#: Remove CallableFlowSink. 2022-01-07 10:26:32 +01:00
Michael Nebel
ed4d09bc8b C#: Remove unneeded imports. 2022-01-07 10:26:32 +01:00
Michael Nebel
d042c4b3e4 C#: Remove unsused type,class and module AccessPath. 2022-01-07 10:26:32 +01:00
Michael Nebel
d5768bf4ed C#: Remove more empty predicates. 2022-01-07 10:26:31 +01:00
Michael Nebel
a6b79926b2 C#: Remove unused predicate toCallableFlowSink. 2022-01-07 10:26:31 +01:00
Michael Nebel
ecc9593f00 C#: Remove the unused predicate callable flow. 2022-01-07 10:26:31 +01:00
Michael Nebel
c52787c741 C#: Move the declaration of synthetic fields to where they are needed. 2022-01-07 10:26:31 +01:00
Michael Nebel
608aba7cff C#: Delete empty predicate requiresAccessPath. 2022-01-07 10:26:31 +01:00
Felicity Chapman
ad82523b91 Apply suggestions from code review 2022-01-07 08:49:37 +00:00
Felicity Chapman
95c9f89b04 Merge branch 'main' into patch-1 2022-01-07 08:49:13 +00:00
github-actions[bot]
efb1cd4f3b Add changed framework coverage reports 2022-01-07 00:10:30 +00:00
Erik Krogh Kristensen
9afd360731 QL: recognize dependecies of the form: libraryPathDependencies: library-name 2022-01-06 23:35:28 +01:00
Chris Smowton
6b4a50567a Merge pull request #659 from smowton/smowton/fix/path-transformer-use-realpath
Path transformer: use fully resolved path
2022-01-06 19:11:16 +00:00
Robert Marsh
c6da1f2be0 C++: re-add comment 2022-01-06 12:43:22 -05:00
Robert Marsh
355fc0ae63 C++: Use Guards library in Overflow.qll
Replaces the ad-hoc guard handling with the Guards library. Fixes an
observed false positive pattern, and (hopefully) means some pragmas are
no longer necessary for performance.
2022-01-06 12:15:37 -05:00
Robert Marsh
617bdbc5ba C++: test for guard-by-return in Overflow.qll 2022-01-06 12:15:37 -05:00
Robert Marsh
d5682f157a Merge pull request #7525 from MathiasVP/remove-rank-in-ssa-internals
C++: Remove `rank` aggregate in `SsaInternals`
2022-01-06 12:09:57 -05:00
Andrew Eisenberg
6d62227576 Merge pull request #7431 from aeisenberg/aeisenberg/solorigate-publish
Solorigate: Extract to separate qlpack
2022-01-06 08:53:32 -08:00
Mathias Vorreiter Pedersen
173cefd7e4 C++: Respond to PR reviews. 2022-01-06 15:39:40 +00:00
haby0
759ec31508 Delete shutil_path_injection.py file 2022-01-06 21:38:35 +08:00
Michael Nebel
b3cb250ece Merge pull request #7516 from michaelnebel/csharp/improve-csv-validation
C#: Introduce Csv validation on kind.
2022-01-06 14:31:26 +01:00
Michael Nebel
9cafab1b4c Merge pull request #7465 from michaelnebel/csharp-stringvalues-csv
C#: Introduce flow summaries for StringValues.
2022-01-06 14:30:29 +01:00
Rasmus Wriedt Larsen
3e1dcc3d11 Merge pull request #7518 from tausbn/python-extend-unreachable-statement-test
Python: Extend unreachable statement test
2022-01-06 14:07:29 +01:00
Mathias Vorreiter Pedersen
671954025d C++: Fix qldoc. 2022-01-06 11:02:15 +00:00
Asger F
c9fcdb8261 Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2022-01-06 11:51:27 +01:00
Mathias Vorreiter Pedersen
2f42054f8f C++: Rename 'hasRankInBlock' to 'hasIndexInBlock' since it's not really a rank computation anymore. 2022-01-06 10:31:05 +00:00
Mathias Vorreiter Pedersen
fdb9fb588c C++: Remove the rank aggregate from 'SsaInternals.qll'. 2022-01-06 10:30:31 +00:00
haby0
05b0daa0b7 Add the test of shutil module in FileSystemAccess.py 2022-01-06 14:14:42 +08:00
Harry Maclean
43ddc54f2b Ruby: Add Module#const_get as a code execution
Module#const_get takes a single string argument and interprets it as the
name of a constant. It then looks up the constant and returns its value.

    Object.const_get("Math::PI")
    # => 3.141592653589793

By itself, this method is not as dangerous as e.g. eval, but if the
value returned is a class that is then instantiated, this can allow an
attacker to instantiate arbitrary Ruby classes.

As a result, I think it's safe to say that any remote input flowing into
this call is a potential vulnerability. A real-world example of this is
https://github.com/advisories/GHSA-52p9-v744-mwjj.
2022-01-06 13:03:41 +13:00
Tom Hvitved
ac9cac78bc Ruby: Fix typo 2022-01-06 12:27:03 +13:00
Tom Hvitved
c3fd272f9b Ruby: Simplify getValueText logic for StringlikeLiterals 2022-01-06 12:27:03 +13:00
Tom Hvitved
799ec23b0d Ruby: Generalize ExprChildMapping logic to AstNodes 2022-01-06 12:27:03 +13:00
Tom Hvitved
322f8356dd Ruby: Include StringComponents in the CFG 2022-01-06 12:27:03 +13:00
Tom Hvitved
301d0bbdf8 Ruby: Restructure test to avoid dead code 2022-01-06 12:27:03 +13:00
Harry Maclean
23f1352953 Add ReDoS test that uses string interpolation
This exercises the support for resolving string interpolations, and is
based on a real vulnerability:

https://github.com/advisories/GHSA-jxhc-q857-3j6g)
2022-01-06 12:27:03 +13:00
Harry Maclean
32c93e70e2 Include simple interpolations in getValueText
When calculating `StringlikeLiteral.getValueText`, include results from
interpolations where we can determine their string value. For example:

    b = "b" # local variable
    D = "d" # constant

    "a#{b}c"     # getValueText() = "abc"
    "a#{b}c{D}"  # getValueText() = "abcd"
    /#a#{b}c{D}/ # getValueText() = "abcd"
2022-01-06 12:27:03 +13:00
Harry Maclean
3df3fb092b Make room for new test code
This change is split over several commits so it is easier to see.
This change adds some extra lines, which will be populated in the next
commit.
2022-01-06 12:26:51 +13:00
Harry Maclean
b4b91e84a3 Ruby: Fix ConstantAccessCfgNode.getValueText
The superclass definition uses SSA, which doesn't track constants.
2022-01-06 12:25:19 +13:00
Andrew Eisenberg
0a2f23f6f9 Update pack references in solorigate tests 2022-01-05 10:37:15 -08:00
Taus
ea538a1ee8 Merge pull request #7416 from github/not-that-kind-of-experimental
Remove experimental tag from non-ATM queries
2022-01-05 18:08:15 +01:00
Taus
5d4db3af15 Python: Extend unreachable statement test
Adds a test demostrating the false positive observed by andersfugmann.

Note that this does not change the `.expected` file, and so the tests
will fail. This is expected.
2022-01-05 16:45:38 +00:00
Chris Smowton
e0a3ec85f3 Path transformer: use fully resolved path
This makes source locations consistent between databases that do and don't use the `SEMMLE_PATH_TRANSFORMER` option in the case where the original source location isn't its own realpath (i.e, some parent directory is a symbolic link).
2022-01-05 16:31:31 +00:00
Chris Smowton
749698759a Note that the %q format directive escapes newlines, and therefore prevents log injection 2022-01-05 16:04:20 +00:00
Michael Nebel
53000cf9f0 C#: Update the XSS expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
7e6d88d959 C#: Only use stubs for XSS test. 2022-01-05 16:44:03 +01:00
Michael Nebel
24543a2245 C#: Update the UrlRedirect expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
47ab2061d8 C#: Replace StringValues stub from stubs.cs with the stub in Microsoft.Extensions.Primitives. 2022-01-05 16:44:03 +01:00
Michael Nebel
b3f3c2de24 C#: Convert and cleanup flow summaries for Microsoft.Extensions.Primitives.StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
48651a6113 C#: Update flow summaries for StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
c36bf3cebc C#: Reduce the amount of trash flow summaries produced for StringValues. 2022-01-05 16:41:30 +01:00
Michael Nebel
9a355c1050 C#: Add stubs for Microsoft.Extensions.Primitives. 2022-01-05 16:41:30 +01:00
Michael Nebel
586fddb0ce Merge pull request #7509 from hvitved/csharp/stubs-from-source
C#: Treat QL test stubs as not from source
2022-01-05 16:40:19 +01:00
Mathias Vorreiter Pedersen
f5062c7d80 C++: Remove a bunch of bad self joins from 'cpp/toctou-race-condition'. 2022-01-05 15:28:53 +00:00
Alex Ford
f935df9865 Merge pull request #7313 from github/ruby/rails-cookie-config
Ruby: Add `rb/weak-cookie-configuration` query
2022-01-05 15:20:40 +00:00
Michael Nebel
83c05f72d9 C#: Update the expected output from MinimalStubsFromSource as the stubs are now considered library code and thus produced as a part of the minimal stub. 2022-01-05 15:35:42 +01:00
Alex Ford
da8c745bd8 Ruby: Restrict Rails Setting nodes to SetterMethodCalls 2022-01-05 14:11:07 +00:00
Chris Smowton
5760841812 Merge pull request #647 from smowton/smowton/admin/not-all-you-fmt-is-log
Declassify fmt.Fprintf as a log sink
2022-01-05 14:09:55 +00:00
Asger Feldthaus
a7698b8727 JS: Fix double space 2022-01-05 14:35:02 +01:00
Asger Feldthaus
486beda2fa JS: Factor out common regexp in AccessPathToken 2022-01-05 14:35:02 +01:00
Asger Feldthaus
d33200ea83 JS: Add test for WithArity 2022-01-05 14:35:02 +01:00
Asger Feldthaus
21928bee6c JS: Rename padded -> inversePad 2022-01-05 14:35:01 +01:00
Asger Feldthaus
1989d51942 JS: Update documentation in Impl.qll 2022-01-05 14:35:01 +01:00
Asger Feldthaus
3ced5c9269 JS: Resolve first N tokens instead of constructing each prefix 2022-01-05 14:35:01 +01:00
Asger Feldthaus
772681d249 JS: Initial support for models as data 2022-01-05 14:34:52 +01:00
Anders Schack-Mulligen
ef714f7328 Dataflow: Sync 2022-01-05 14:25:35 +01:00
Anders Schack-Mulligen
6b6a9df0eb Dataflow: Remove abstract class 2022-01-05 14:13:26 +01:00
Tom Hvitved
433e373e41 C#: Remove restriction in CFG implementation to work with stubs 2022-01-05 14:12:17 +01:00
Michael Nebel
6fb112f8ec C#: Update tests to comply with Csv validation rules for kind. 2022-01-05 13:44:47 +01:00
Michael Nebel
45469a4fe6 C#: Fix error message. 2022-01-05 13:44:47 +01:00
Michael Nebel
c88355ea13 C#: Introduce Csv validation for kind. 2022-01-05 12:48:24 +01:00
Arthur Baars
e96fcf8568 Merge pull request #7498 from github/dependabot/cargo/ruby/generator/clap-3.0
Update clap requirement from 2.33 to 3.0 in /ruby/generator
2022-01-05 12:24:42 +01:00
Mathias Vorreiter Pedersen
a48d5dcf48 Merge pull request #7459 from MathiasVP/promote-arithmetic-uncontrolled
C++: Increase precision of `cpp/arithmetic-uncontrolled` to `high`
2022-01-05 11:24:09 +00:00
Henry Mercer
19933262c4 Java: Fix copy/paste error in existing queries
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
2022-01-05 10:50:22 +00:00
Mathias Vorreiter Pedersen
23b8b776ab C++: Add change-note. 2022-01-05 10:12:20 +00:00
Michael Nebel
9983c1cbfb C#: Remove generated comment checks in stub files as these are not present in handwritten stubs. 2022-01-05 10:37:37 +01:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00
Anders Schack-Mulligen
fdb3cd03ef Merge pull request #7513 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-01-05 08:54:46 +01:00
github-actions[bot]
0aa1152899 Add changed framework coverage reports 2022-01-05 00:10:19 +00:00
Erik Krogh Kristensen
c7da8df03c Merge pull request #7511 from erik-krogh/dedup-spaces
Python: remove duplicated spaces in qldoc
2022-01-04 21:39:15 +01:00
Erik Krogh Kristensen
fe1107ccac remove duplicated spaces in qldoc 2022-01-04 21:03:06 +01:00
Andrew Eisenberg
49d239f4bf Push upgrades pack into lib pack
PR Related to https://github.com/github/semmle-code/pull/40918
Removes the upgrades pack and uses ql/lib/upgrades instead.

Also, fix malformed parameter in instruction.

Co-authored-by: Chris Smowton <smowton@github.com>
2022-01-04 11:32:52 -08:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
2022-01-04 11:30:25 -08:00
Tom Hvitved
a0766e08a1 Merge pull request #656 from github/release-prep/2.7.5
Release preparation for version 2.7.5
2022-01-04 18:57:50 +01:00
Alex Ford
712972cb82 Ruby: formatting 2022-01-04 16:41:23 +00:00
Alex Ford
36ea360b25 Ruby: behaviour -> behavior 2022-01-04 15:43:38 +00:00
Mathias Vorreiter Pedersen
8f843209a8 Merge pull request #7493 from MrAnno/relax-ambiguously-signed-bit-field
C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
2022-01-04 16:18:46 +01:00
github-actions[bot]
980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Mathias Vorreiter Pedersen
e31185fea4 C++: add change-note for cpp/ambiguously-signed-bit-field. 2022-01-04 14:31:19 +00:00
László Várady
6496bf8c1d C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean
The gboolean type of GLib (a widely used C library) is a typedef to int.
It is meant to represent a simple true/false value.

Resolves #7491
2022-01-04 14:22:48 +00:00
Tom Hvitved
964915ee2e C#: Treat QL test stubs as not from source 2022-01-04 14:53:28 +01:00
Tom Hvitved
a1bbe58516 C#: More uses of PopulateArguments 2022-01-04 13:47:55 +01:00
Alex Ford
dadaf25262 Merge branch 'main' into ruby/rails-cookie-config 2022-01-04 12:04:44 +00:00
Owen Mansel-Chan
daa55eaae2 Merge pull request #651 from erik-krogh/patches
various automatic patches applied to codeql-go
2022-01-04 11:46:20 +00:00
Edoardo Pirovano
081765cbe8 Apply suggestions from code review
Co-authored-by: Asger F <asgerf@github.com>
2022-01-04 10:07:34 +00:00
Tom Hvitved
50457d1579 Merge pull request #653 from dbartol/dbartol/move-change-notes
Move change notes to proper location
2022-01-04 09:35:29 +01:00
Dave Bartolomeo
171aa8bd62 Move change notes to proper location 2022-01-03 17:38:09 -05:00
Dave Bartolomeo
091906d380 Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4
Post-release preparation for codeql-cli-2.7.4
2022-01-03 17:09:54 -05:00
github-actions[bot]
00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
dependabot[bot]
b74af00b2b Update clap requirement from 2.33 to 3.0 in /ruby/generator
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_generate-v3.0.0-rc.0...clap_complete-v3.0.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-03 16:12:45 +00:00
Edoardo Pirovano
a616059761 Fix example in JavaScript query 2021-12-29 12:01:09 +00:00
Alex Ford
7d3932dc8d Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config 2021-12-22 17:54:03 +00:00
Alex Ford
7f01be7067 Ruby: use new changenote format for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
d977e8a473 Ruby: remove unnecessary custom transitive version of getReceiver 2021-12-22 17:47:44 +00:00
Alex Ford
9821c4a06c Ruby: behaviour -> behavior
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2021-12-22 17:47:44 +00:00
Alex Ford
2cd02157c9 Ruby: fix import 2021-12-22 17:47:44 +00:00
Alex Ford
db967bde89 Ruby: add a change note for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
71c5711eb3 Ruby: add some rb/weak-cookie-configuration tests 2021-12-22 17:47:44 +00:00
Alex Ford
8976469d9b Ruby: Model some Rails cookie configuration settings 2021-12-22 17:47:44 +00:00
Alex Ford
5ce6e63590 Ruby: Tidy Rails.qll to make adding new settings modeling easier 2021-12-22 17:47:44 +00:00
Alex Ford
737f7332bc Ruby: add rb/weak-cookie-configuration query 2021-12-22 17:47:44 +00:00
Alex Ford
8a3d1fe174 Ruby: add CookieSecurityConfigurationSetting concept 2021-12-22 17:47:43 +00:00
Tom Hvitved
8a62778e92 C#: Extract out/ref information in this(...) constructor calls 2021-12-22 13:05:58 +01:00
Tom Hvitved
a3b1fb603a C#: Add missing tuple declarations to PatternExpr
`x` and `y` in `pair is var (x, y) ? x : null` are now correctly part of `PatternExpr`.
2021-12-22 13:05:58 +01:00
Tom Hvitved
915c0fdf9b Shared SSA: Sync files 2021-12-22 13:05:58 +01:00
Tom Hvitved
05e37a7465 C#: Promote existing ad-hoc consistency checks to consistency queries 2021-12-22 13:05:58 +01:00
Mathias Vorreiter Pedersen
5a38f81e23 C++: Accept test changes. 2021-12-21 08:08:59 +01:00
Erik Krogh Kristensen
afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen
d339f13629 run the non-us-language patch 2021-12-20 17:54:18 +01:00
Erik Krogh Kristensen
4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
Mathias Vorreiter Pedersen
bbb936154a C++: Increase the precision of 'cpp/uncontrolled-arithmetic' to high. 2021-12-20 14:03:13 +01:00
Mathias Vorreiter Pedersen
95fa93b274 C++: Only recognize signed integers as sinks in 'cpp/uncontrolled-arithmetic' in the case of overflow. 2021-12-20 14:02:44 +01:00
haby0
fed1d88268 Add shutil module path injection sinks 2021-12-20 16:09:06 +08:00
jorgectf
1f1b7a54f8 Update .expected 2021-12-19 18:58:43 +01:00
jorgectf
b6bdcd0eb8 Delete redundant exists() 2021-12-19 18:57:22 +01:00
jorgectf
98c8503ebd Fix test mismatch 2021-12-19 18:35:53 +01:00
jorgectf
f82ed8573e Model python_jwt.process_jwt 2021-12-19 18:32:14 +01:00
Andrew Eisenberg
7a38618e24 Solorigate: Post-release version bump 2021-12-17 12:30:09 -08:00
Henry Mercer
144ec8c629 JS: Update featurization for absent features optimization
Absent features are now represented implicitly by the absence of a row
in the `tokenFeatures` relation, rather than explicitly by an empty
string. This leads to improved runtime performance. To enable this
implicit representation, we pass the set of supported token features to
the `scoreEndpoints` HOP. Requires CodeQL CLI v2.7.4.
2021-12-17 18:04:42 +00:00
Chris Smowton
92d3da5e56 Declassify fmt.Fprintf as a log sink
In future we could try harder to find out whether you're Fprintf'ing to stdout, a file named xyz.log etc, but for now this causes Fprintf'ing to an HTTP writer to be mistaken for log-injection rather than just XSS.
2021-12-17 17:07:58 +00:00
Andrew Eisenberg
50ee4ab330 Solorigate: Extract to separate qlpack
Extracts solorigate to separate qlpacks in preparation for
publishing them to the registry.
2021-12-16 16:09:20 -08:00
Owen Mansel-Chan
da8f8e2eef Refactor to use SummarizedCallable, sourceElement and sinkElement 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan
ec3dd1e1c0 Revert "Update tests for no flow through receivers when no function body"
This reverts commit 06f889fce6.
2021-12-16 19:35:54 +00:00
Owen Mansel-Chan
9b2f29bbcd Allow data flow through receiver for modelled methods 2021-12-16 19:35:54 +00:00
Chris Smowton
ede57b6527 Merge pull request #637 from smowton/smowton/fix/log-injection-sanitizers
Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection
2021-12-16 12:28:40 +00:00
Dave Bartolomeo
d5ef1cf28d Update docs/change-notes.md
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2021-12-15 15:58:14 -05:00
Chris Smowton
f5108449a5 Update change-notes/2021-12-14-strings-replace-sanitizers.md
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2021-12-15 20:07:34 +00:00
Henry Mercer
5696146179 Java: Convert telemetry queries to summary metrics
Use the support for summary metrics with messages that'll be in the next
version of the CodeQL CLI.
2021-12-15 17:59:01 +00:00
luchua-bc
29ce0e9ef1 Add sanitizer for virtual method calls 2021-12-15 16:19:50 +00:00
Sam Partington
db7b3bc136 Remove experimental tag from non-ATM queries 2021-12-15 16:17:14 +00:00
Tony Torralba
6dfe0ce7c5 Adapt chage note to new format 2021-12-15 16:57:20 +01:00
Tony Torralba
f0e9b768f2 Apply suggestions from code review
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2021-12-15 16:53:47 +01:00
Tony Torralba
65b6c16254 Fix stub after merge 2021-12-15 16:53:47 +01:00
Tony Torralba
6363ff3c08 QLDoc 2021-12-15 16:53:46 +01:00
Tony Torralba
7a1b854678 Add change note 2021-12-15 16:53:46 +01:00
Tony Torralba
85526d71da Add Fragment injection in PreferenceActivity query 2021-12-15 16:53:46 +01:00
Tony Torralba
701d12fb5b Add Fragment injection query 2021-12-15 16:53:45 +01:00
Tony Torralba
efb471687c Add stubs 2021-12-15 16:53:42 +01:00
Chris Smowton
9de1532735 Add log-injection test using strings.ReplaceAll 2021-12-15 15:35:14 +00:00
Dave Bartolomeo
e1417f18bf Merge pull request #640 from github/release-prep/2.7.4
Release preparation for version 2.7.4
2021-12-14 16:42:40 -05:00
github-actions[bot]
ee6ea0f8cb Release preparation for version 2.7.4 2021-12-14 21:34:55 +00:00
Dave Bartolomeo
d14ea51954 Merge pull request #639 from github/dbartol/fix-change-notes
Fix change notes
2021-12-14 14:32:56 -05:00
Dave Bartolomeo
8b0c79d16f Add link to change-notes.md from CONTRIBUTING.md. 2021-12-14 14:30:45 -05:00
Dave Bartolomeo
744d139daf Add more examples 2021-12-14 14:24:39 -05:00
Dave Bartolomeo
97193f72b3 Update Adding change notes.md
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
2021-12-14 14:15:34 -05:00
Dave Bartolomeo
1a2899168f Remove stray text 2021-12-14 14:15:00 -05:00
Dave Bartolomeo
e1c9bf2b30 Fix PR feedback 2021-12-14 14:13:07 -05:00
Dave Bartolomeo
a23fe04ccb Add instructions for creating change notes. 2021-12-14 13:42:52 -05:00
Dave Bartolomeo
a3e5b4c99c Move pre-packaging change notes to old-change-notes directory 2021-12-14 12:46:56 -05:00
Dave Bartolomeo
42ecc9b1c7 Move new change notes to appropriate pack 2021-12-14 12:46:19 -05:00
Chris Smowton
bd806a8ff7 Merge pull request #638 from owen-mc/test-database-sql-models
Add missing tests for DatabaseSql function models
2021-12-14 17:22:40 +00:00
Chris Smowton
f86510ee20 Update comment 2021-12-14 12:39:31 +00:00
Chris Smowton
c2b42ce091 Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection 2021-12-14 12:37:18 +00:00
Owen Mansel-Chan
6a2a8298dd Add missing tests for DatabaseSql function models 2021-12-13 14:18:46 -05:00
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update
Update dataflow libraries and add support for CSV summary flow
2021-12-13 11:28:28 +00:00
Chris Smowton
89b2a2f9b0 Merge pull request #633 from owen-mc/database-sql-model-incorrect
Fix incorrect type name in database/sql model
2021-12-13 11:01:38 +00:00
Chris Smowton
559aec1d64 Merge pull request #632 from owen-mc/refactor-variadic-helper-functions-for-builtin-functions
Refactor isVariadic helper functions
2021-12-13 10:59:42 +00:00
Chris Smowton
08c10bf97b Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
2021-12-13 10:36:02 +00:00
Owen Mansel-Chan
ce27b0da52 Fix incorrect type name in database/sql model
This error seems to have been introduced in
36bbf1eeb9
2021-12-12 17:47:52 -05:00
Owen Mansel-Chan
353aa8d603 Refactor isVariadic helper functions
Store information more naturally for built-in functions.
2021-12-12 16:56:26 -05:00
liangjinhuang
77b5f422ba change PasswordFnSink to RandomFnSink 2021-12-11 12:31:20 +08:00
Dave Bartolomeo
b57d3296f1 Merge pull request #620 from github/aeisenberg/version-policies
Add version policies
2021-12-10 17:39:15 -05:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3
Post release/v2.7.3
2021-12-10 10:00:11 -08:00
Chris Smowton
e9e4f5a687 Improve performance: join-order AllocationSizeOverflow's source and use matches not regexpFind
The join order fix takes 10 seconds off that predicate; the get-a-flag changes take about 25% off compared to using regexes.
2021-12-10 12:23:50 +00:00
Anders Schack-Mulligen
464b9c3991 Dataflow: Sync. 2021-12-10 11:20:01 +01:00
Anders Schack-Mulligen
32cb8f362b Dataflow: Add test for FlowState. 2021-12-10 11:20:01 +01:00
Anders Schack-Mulligen
219bf51ec2 Dataflow: Add support for flow state. 2021-12-10 11:20:01 +01:00
Chris Smowton
facda77852 Dataflow relations: narrow all dataflow nodes before taking product with Configurations
This is particularly important for ConversionWithoutBoundsCheckConfig which has 20 configs. By paring DataFlow::Node down to only those that have a local-flow successor, or only those with an isAdditionalFlowStep for some related configuration, the result size can be significantly reduced prior to taking the product against Configuration and finally paring down using config.fullBarrier etc.

Saves about 1m20s per analysis on cockroachdb.
2021-12-09 16:56:38 +00:00
Andrew Eisenberg
cedf55c46e Update pack dependency 2021-12-09 07:58:14 -08:00
Owen Mansel-Chan
b234ba7f26 Fix bad join order in getAFalsifiedGuard
viableParamArg should be evaluated first.
2021-12-08 17:33:59 -05:00
Owen Mansel-Chan
06f889fce6 Update tests for no flow through receivers when no function body
This branch originally included a commit to enable flow through receivers
when there is no function body. This was dropped, to be pursued later.
2021-12-08 16:03:18 -05:00
Owen Mansel-Chan
88e7c44a6d Update expected test results with extra nodes 2021-12-08 15:28:28 -05:00
Owen Mansel-Chan
a01f90b903 Give DataFlowCallable a user-facing name (Callable), move to Scopes.qll
I removed asFunctionNode() because it would need an import, but it
doesn't seem to be used anywhere.
2021-12-08 11:30:39 -05:00
Owen Mansel-Chan
a6532b988f Allow implicit taint reads through more content types 2021-12-08 11:20:38 -05:00
Owen Mansel-Chan
754c838cc0 Fix accidental cartesian product
PointerContent needs to have the PointerType specified as well
2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
d70307243c Fix bad join order in BarrierGuard.guards/2 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan
1a9ea38c0b Update non-shared dataflow files to match sync 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
095fe6e4a7 Do not allow "Argument" on its own
# Conflicts:
#	ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
2021-12-08 11:20:36 -05:00
Sauyon Lee
b2f62b185d Allow for Return[i] specifications 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan
578a31ecd8 Keep call to defaultTaintSanitizerGuard 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
01bfbde9ae Sync dataflow libraries again 2021-12-08 11:20:35 -05:00
Owen Mansel-Chan
1a299d2e09 Update sync-dataflow-libraries target in Makefile
The location of the dataflow libraries in codeql-go has changed
and there is a new file to be synced.
2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
16fdb9aa11 Do not test ReturnValue as input for sink
The documentation in ExternalFlow.qll does not specify
that "ReturnValue" can be used as the input column.
2021-12-08 11:20:34 -05:00
Owen Mansel-Chan
63b944a1b4 Another instance of getEnclosingFunction -> getRoot 2021-12-08 11:20:34 -05:00
Chris Smowton
3cf1459c4f Revert getACallee type change 2021-12-08 11:20:33 -05:00
Chris Smowton
6110506e02 Revert "Make getACallee return DataFlowCallable"
This reverts commit b4742ccdf81bec3f872923da79953c61dea103f6.
2021-12-08 11:20:33 -05:00
Owen Mansel-Chan
5ec0b09160 Diasble clearing content and add test for it 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
e940a53cc6 Test models of flow through fields 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
2d8fd71189 Comment on why summaryDataFlowCall is none() 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
adf3dc0c61 Move type assertion into declared type 2021-12-08 11:20:31 -05:00
Owen Mansel-Chan
9f763dd044 Move built-in models to ExternalFlow 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d717734820 Do not allow "Argument" on its own 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
d2ca1fb2eb Address review comments #2 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
12058a2621 Fix containerStoreStep and containerReadStep 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
ab8096b717 Add tests for more content types (Element, MapKey, MapValue) 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
b7aa85b054 Address some review comments 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
f375553933 Add variadic functions test for function models 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
b75def62fe Add variadic functions test for external flow 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
d9848fe515 Add more tests for variadic functions 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
8044fb2519 Add more flow tests for external flow 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
63d997f820 (Unimportant) Fix module name for vendored stubs
This doesn't affect the test, but does mean that you can run
`go build` to check the test would build.
2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
1929a1f7a7 Fix unrelated test in experimental 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
5e38f48b74 Autoformat 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
a3df3614a5 Convert completetest to an inline flow test 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
8f7a34f9cb Fix external flow tests 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
71bf834765 Fix incorrect assumption
node2 doesn't have to be a PostUpdateNode
2021-12-08 11:20:23 -05:00
Sauyon Lee
3379790686 add flow test involving CSV 2021-12-08 11:20:22 -05:00
Sauyon Lee
a632a58221 add CSV models of append 2021-12-08 11:20:22 -05:00
Sauyon Lee
070e383516 allow empty namespaces for Go 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
70c9ca5611 Update documentation in ExternalFlow.qll 2021-12-08 11:20:21 -05:00
Owen Mansel-Chan
038f951e9f Fix containerStoreStep
Update some comments as well, and change a variable name
2021-12-08 11:20:20 -05:00
Owen Mansel-Chan
be6501d8e4 Add tests for data and taint flow through arrays and var args 2021-12-08 11:20:20 -05:00
Sauyon Lee
2060731077 Add tests for external flow 2021-12-08 11:20:20 -05:00
Rasmus Wriedt Larsen
a650c56c0c Tag queries with CWE-328
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html
2021-12-07 20:54:31 +00:00
Sauyon Lee
873f496038 Use basicLocalFlowStep instead of .getASuccessor
This prevents non-monotonic recursion through summary post-update nodes
2021-12-07 07:39:28 -05:00
Sauyon Lee
afe7edc093 Fix test output
Includes a bunch of new edges, but no new results
2021-12-07 07:39:28 -05:00
Sauyon Lee
0572c4785c Model net http sources as csv 2021-12-07 07:39:27 -05:00
Sauyon Lee
bebdb0ba53 Add RangeIndexNode 2021-12-07 07:39:27 -05:00
Sauyon Lee
3750af41d3 Add standard container steps 2021-12-07 07:39:27 -05:00
Sauyon Lee
8c4a1d2559 Consider CSV remote sources as untrusted flow sources 2021-12-07 07:39:26 -05:00
Sauyon Lee
d62f417130 Remove uses of getEnclosingCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Chris Smowton
b10d5cf0b0 Broaden ReturnNode to include return nodes of summaries 2021-12-07 07:39:25 -05:00
Chris Smowton
94d9d08489 Fix DataFlow::Node::getEnclosingCallable 2021-12-07 07:39:25 -05:00
Sauyon Lee
c8a2a6356a Add summary parameter nodes 2021-12-07 07:39:25 -05:00
Sauyon Lee
4af4a11729 Make getACallee return DataFlowCallable 2021-12-07 07:39:24 -05:00
Sauyon Lee
8cba368ef5 Model archive/tar.FileInfoHeader in CSV 2021-12-07 07:39:24 -05:00
Sauyon Lee
86d3410041 Add asFunctionNode to new dataflowcallable 2021-12-07 07:39:23 -05:00
Sauyon Lee
d9383d9412 Don't use internal predicates in revel 2021-12-07 07:39:23 -05:00
Sauyon Lee
73684f483c Allow for Return[i] specifications 2021-12-07 07:39:22 -05:00
Sauyon Lee
aa747ea5ff Fix validation regexes for go 2021-12-07 07:39:22 -05:00
Sauyon Lee
0151cd4f2e Document SourceOrSinkElement 2021-12-07 07:39:22 -05:00
Sauyon Lee
0b50b7b2b1 Make DataFlowCallable either a Function or a FuncLit 2021-12-07 07:39:21 -05:00
Sauyon Lee
3ac2a50497 Update test output 2021-12-07 07:39:21 -05:00
Owen Mansel-Chan
763861bef9 Keep call to defaultTaintSanitizerGuard 2021-12-07 07:39:21 -05:00
Sauyon Lee
e41d609921 Use newtype for SourceOrSinkElement 2021-12-07 07:39:20 -05:00
Sauyon Lee
9bfe1c94b3 autoformat 2021-12-07 07:39:20 -05:00
Sauyon Lee
16371ac488 Add support for summary elements 2021-12-07 07:39:19 -05:00
Sauyon Lee
96c58b58dd Add EmptyInterfaceType 2021-12-07 07:39:19 -05:00
Sauyon Lee
26d00f1d5b Move basicLocalFlowsStep to DataFlowPrivate 2021-12-07 07:39:19 -05:00
Sauyon Lee
3098a4ef16 Qualify uses and add imports in DataFlowNodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
93f2569f1d Refactor data-flow nodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
9ceda08d13 Sync dataflow libraries 2021-12-07 07:39:12 -05:00
Benjamin Muskalla
557cb0a09e Add job name 2021-12-06 11:42:03 +01:00
Benjamin Muskalla
657c576186 Skip diffs if same branch 2021-12-06 11:30:14 +01:00
Benjamin Muskalla
38debc0b64 Remove push trigger 2021-12-06 11:21:15 +01:00
liangjinhuang
1102f60f3e add tests 2021-12-04 00:52:15 +08:00
Sauyon Lee
4c67ef2b0b Add FlowSummaryImpl to sync-dataflow-nodes target 2021-12-02 10:31:01 -05:00
Sauyon Lee
459f4d18a8 Fix sync-dataflow-libraries 2021-12-02 10:31:01 -05:00
luchua-bc
8bcffc2886 Query to detect unsafe request dispatcher usage 2021-12-02 04:00:29 +00:00
Andrew Eisenberg
b714988d7c Post release 2.7.3 2021-12-01 14:34:07 -08:00
Andrew Eisenberg
e9864c5506 Add version policies
This controls how the qlpacks' versions will change
after a release.
2021-12-01 09:37:11 -08:00
Dave Bartolomeo
b2ca04ce1b Temporarily vendor codeql/suite-helpers 2021-12-01 11:40:10 -05:00
Chris Smowton
894102defd Merge pull request #621 from owen-mc/extractor-add-variadic-to-type-label
Update extractor to distinguish variadic and non-variadic signature types
2021-12-01 15:44:09 +00:00
Owen Mansel-Chan
d0c9aacd54 Distinguish variadic and non-variadic signature types in extractor 2021-12-01 09:33:44 -05:00
Owen Mansel-Chan
628835d3b3 Add failing tests for isVariadic
`nonvariadicDeclaredFunction` has the same signature as
`variadicDeclaredFunction`, so it is being erroneously reported as
variadic.
2021-12-01 09:32:12 -05:00
Chris Smowton
e07958d64c Merge pull request #619 from owen-mc/update-is-variadic
Update `isVariadic`
2021-12-01 08:48:16 +00:00
Dave Bartolomeo
02495e16d1 Merge pull request #618 from github/release-prep/2.7.3
Release preparation for version 2.7.3
2021-11-30 17:29:49 -05:00
github-actions[bot]
e4b5dceb14 Release preparation for version 2.7.3 2021-11-30 20:39:28 +00:00
Owen Mansel-Chan
e08007b287 Add missing qldocs for two isVariadic() predicates 2021-11-30 15:13:42 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
2021-11-30 15:11:34 -05:00
Owen Mansel-Chan
a6d8deae3e Add Fmt.Fprint to isVariadic tests
We didn't have any tests involving a function in an imported package.
2021-11-30 15:07:57 -05:00
Dave Bartolomeo
9373bdc206 Fix suite-helpers dependency 2021-11-30 11:35:26 -05:00
Benjamin Muskalla
d181ee1701 Shorten workflow name
This will show up including the job name anyway
```
Models as Data / model-diff (apache/commons-codec)
```
2021-11-30 12:19:10 +01:00
Benjamin Muskalla
5e69eb491f Generate diff and archive results 2021-11-30 12:19:10 +01:00
Benjamin Muskalla
734422f384 Generate the models for each variant 2021-11-30 12:19:10 +01:00
Benjamin Muskalla
9672128699 Download database 2021-11-30 12:19:10 +01:00
Benjamin Muskalla
c0a3cd07a5 Add default projects 2021-11-30 12:19:09 +01:00
Benjamin Muskalla
881539c735 Add scaffolding for model diff job 2021-11-30 12:19:09 +01:00
Dave Bartolomeo
8367fdbec4 Change notes 2021-11-29 16:47:56 -05:00
Dave Bartolomeo
52b68963d2 Prepare for automatic release prep 2021-11-29 16:47:30 -05:00
Erik Krogh Kristensen
adbe19878f Merge pull request #615 from erik-krogh/explicit-this
apply the implicit-this patch to the remaining go code
2021-11-29 17:16:43 +01:00
Chris Smowton
b37fa9c447 Merge pull request #614 from owen-mc/always-extract-empty-interface-type
Always extract empty interface type
2021-11-29 12:15:52 +00:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
liangjinhuang
d0ac11817e add insecureRandomness 2021-11-28 20:47:06 +08:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Owen Mansel-Chan
d35a46e2f3 Always extract an empty interface type 2021-11-26 15:04:05 -05:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query
Go: Add Log Injection query (CWE-117)
2021-11-24 15:41:43 +01:00
Tony Torralba
cc8d9bdc7f Update ql/src/Security/CWE-117/LogInjection.qhelp
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
2021-11-24 13:57:34 +01:00
Chris Smowton
5ed4e3651b Merge pull request #611 from tunnelshade/main
Add `Where` method of squirrel sql builders to query range
2021-11-23 11:13:19 +00:00
Chris Smowton
ab9ab106e5 Merge pull request #612 from smowton/smowton/fix/zipslip-sanitizer-guard-efficiency
Improve ZipSlip sanitizer guard efficiency
2021-11-23 09:35:54 +00:00
tunnelshade
aeaa861fc6 Add Where method of squirrel sql builders to query range 2021-11-23 10:11:31 +05:30
Chris Smowton
271e239dee Introduce manual magic to TaintedPathSanitizerGuardAsBacktrackingSanitizerGuard
This avoids computing the full `localTaint` relation when actually there are few `TaintedPath::SanitizerGuard` instances to start from.
2021-11-22 17:41:56 +00:00
Chris Smowton
8bf78b07e5 Avoid recursively defining DataFlow::BarrierGuard
In fact there never was true recursion, but the compiler thought there could be because it supposed that ZipSlip::SanitizerGuard growing may introduce instances that happen to also satisfy TaintedPath::SanitizerGuard. In fact this never happens, but here we make it clear by defining the shared sanitizer guards outside the DataFlow::BarrierGuard hierarchy and then introducing the sanitizers in each query that uses them.
2021-11-22 17:36:06 +00:00
Tony Torralba
f2017b626e Fix stubs 2021-11-22 09:15:12 +01:00
Tony Torralba
c9332cdccb Fix *Depth log levels in glog and klog 2021-11-22 09:15:01 +01:00
Tony Torralba
d4a20f1222 Autoformat 2021-11-19 18:04:51 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
4cae4b23fc Merge pull request #606 from github/criemen/update-tracing-config
Update tracing-config.lua to newest API.
2021-11-17 10:49:20 +00:00
Chris Smowton
b190c4ed4a Merge pull request #608 from smowton/smowton/fix/missing-id
Add missing @id tag
2021-11-16 20:06:06 +00:00
Chris Smowton
33fd1aaf2a Add missing @id tag 2021-11-16 18:52:41 +00:00
jorgectf
840cded9b0 Avoid using Str_ in CookieHeader 2021-11-16 19:18:00 +01:00
jorgectf
a4204cc04f Avoid using Str_ internal class 2021-11-16 19:00:04 +01:00
jorgectf
6ecb6d1a1b Adapt Django and Flask to their main modelings 2021-11-16 14:59:41 +01:00
jorgectf
e7d649f36d Make Cookie concept extend HTTP::Server::CookieWrite 2021-11-16 13:54:25 +01:00
jorgectf
cb8e54e38e Delete redundant LXMLParser dangerous check 2021-11-16 13:27:24 +01:00
jorgectf
637901d980 Make concepts instances of their ranges 2021-11-16 13:25:29 +01:00
ihsinme
c916bed853 Update test1.cpp 2021-11-15 16:29:51 +03:00
Cornelius Riemenschneider
b3e2a83298 Update tracing-config.lua to newest API. 2021-11-15 12:35:53 +01:00
ihsinme
99740876cb Add files via upload 2021-11-14 11:28:27 +03:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090
CWE-090: Ldap Injection
2021-11-10 11:31:36 +00:00
Chris Smowton
f3ba40e29d Update test expectations 2021-11-10 09:42:19 +00:00
Chris Smowton
1ebb47feb3 Fix filename spelling error 2021-11-10 09:29:50 +00:00
Chris Smowton
2953a44b36 Revert changes to go.sum 2021-11-10 09:25:40 +00:00
pupiles
4d9ce49816 use stubs libs && add heuristic sanitizers 2021-11-10 14:12:45 +08:00
pupiles
70a268dc6d remove redundant reference lib 2021-11-09 21:35:46 +08:00
pupiles
97d4359881 add test code 2021-11-09 21:31:35 +08:00
Chris Smowton
f7e6b0ad5d Merge pull request #603 from github/criemen/lua-tracing-config
Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure.
2021-11-09 11:36:03 +00:00
Chris Smowton
2c5fe1dedc File names should be camel-case 2021-11-09 10:45:09 +00:00
Chris Smowton
bc9300ebf5 Copyedit examples
Fragments suffice for illustration, and the two bad and good examples can be easily combined
2021-11-09 10:42:58 +00:00
Chris Smowton
c18b11a470 Copy-edit query:
* Regular comments to qldoc
* Improve naming
* Update out-of-date documentation from earlier versions of the query
2021-11-09 10:31:30 +00:00
Chris Smowton
dda425ca8d Improve query style
No need to highlight the sink again in the message when the sink is the alert location to begin with
2021-11-09 10:08:02 +00:00
Chris Smowton
f7c19dea71 Copyedit qhelp 2021-11-09 10:05:18 +00:00
pupiles
7f68f85002 fomat .ql inline comment 2021-11-09 14:42:32 +08:00
ihsinme
8ddfea1dee Update cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.qhelp
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2021-11-09 09:20:39 +03:00
Chris Smowton
f96733f270 Merge pull request #602 from github/criemen/update-tracing-config
Remove macos compatibility stanzas from tracing config.
2021-11-08 11:46:44 +00:00
Cornelius Riemenschneider
17a9dbfb62 Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure. 2021-11-08 12:29:06 +01:00
Cornelius Riemenschneider
a49265fb63 Remove macos compatibility stanzas from tracing config. 2021-11-08 11:27:27 +01:00
jorgectf
83e3de1fed Polish documentation. 2021-11-05 21:05:33 +01:00
jorgectf
ed74bd6800 Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie 2021-11-05 20:14:06 +01:00
jorgectf
86aac7c215 Add/Update .expected files. 2021-11-05 20:13:12 +01:00
jorgectf
a420e6e18d Add CookieInjection.qlref 2021-11-05 20:12:56 +01:00
jorgectf
cf47e8eb9c Fix endpoints' naming 2021-11-05 20:12:35 +01:00
jorgectf
b3258ce20f Add CookieInjection sample and .qhelp 2021-11-05 20:12:05 +01:00
jorgectf
d7a79469e6 Improve tests 2021-11-05 20:08:52 +01:00
jorgectf
4cb78ac654 Fix typo 2021-11-05 20:08:37 +01:00
pupiles
c97d0c6ce5 Remove redundant code 2021-11-05 13:14:28 +08:00
Chris Smowton
d1a2fbe96b Merge pull request #573 from npesaresi/feature/SSRF
Yet another SSRF query for Golang
2021-11-04 17:36:21 +00:00
Chris Smowton
233269869c Tidy sanitizers, using instanceof not extends or a charpred where possible 2021-11-04 16:26:14 +00:00
Chris Smowton
23855979d5 Include UntrustedFlowSource into ServerSideRequestForgery::Source but not vice versa 2021-11-04 16:19:22 +00:00
Chris Smowton
9e218a70bb Make imports private 2021-11-04 15:32:37 +00:00
Chris Smowton
18028dca2d Share repeated regex 2021-11-04 15:30:34 +00:00
Chris Smowton
648a70945d Copyedit docs and improve naming 2021-11-04 15:30:29 +00:00
Chris Smowton
a9c853257d Fix qhelp good example 2021-11-04 14:42:54 +00:00
Chris Smowton
5256725359 Copyedit qhelp 2021-11-04 14:41:38 +00:00
valeria-meli
b84f31e918 format 2021-11-04 10:01:38 -03:00
Valeria
9f52a6654e Merge branch 'main' into feature/SSRF 2021-11-04 09:56:10 -03:00
Tony Torralba
6613a98e02 Fix references to logging library 2021-11-04 09:15:57 +01:00
Tony Torralba
ea7e259cfc Add change note 2021-11-04 08:51:13 +01:00
Tony Torralba
474bf576a7 Minor corrections in QLDoc, qhelp and example code 2021-11-04 08:46:23 +01:00
pupiles
4f1052b3a7 feature add common sanitizer 2021-11-04 13:16:24 +08:00
Tony Torralba
f1df542345 Add stubs & tests
Fix mistakes detected by the tests
2021-11-03 17:26:13 +01:00
Chris Smowton
6d90b81655 Merge pull request #597 from owen-mc/var-args
Update dbscheme to add table for variadic signature types
2021-11-03 11:29:45 +00:00
Chris Smowton
b023b405b1 Merge pull request #599 from smowton/smowton/fix/comparison-barrier-join-order
Improve join order in InsufficientKeySize.ql
2021-11-03 10:08:25 +00:00
Tony Torralba
7d88f80fb9 Add tests for summaries 2021-11-03 10:35:38 +01:00
Chris Smowton
a10407823a Merge pull request #600 from owen-mc/incorrect-integer-conversion
Improve "Incorrect integer conversion" query
2021-11-02 17:00:29 +00:00
Owen Mansel-Chan
8ea1f87d2b Add change note 2021-11-02 15:09:43 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint
Treat them as if we were on a 32-bit architecture.
2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
a104a50940 Move max int value call into UpperBoundCheckGuard 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
5027d3fa44 Avoid using getIntValue()
Because it does not have a result if the value is
too large to fit in a 32-bit signed integer type
2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
2cc0c80188 Add extra tests 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
be22373f3e Move Incorrect Integer Conversion tests to InlineFlowTest 2021-11-02 15:09:00 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files
This is in preparation for changing the tests to use inline
expectations
2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
7d333d7dbe Add InlineFlowTest as simple inline expectation test 2021-11-02 12:43:54 +00:00
Chris Smowton
a92f144469 Improve join order in InsufficientKeySize.ql 2021-11-02 10:54:51 +00:00
Tony Torralba
ebd6529469 WIP: add tests 2021-11-02 10:37:41 +01:00
Owen Mansel-Chan
644c89b751 Update expected values for tests in the same folders 2021-11-01 21:38:41 +00:00
Owen Mansel-Chan
f2757135f2 Add tests for isVariadic() on FuncDef and Function 2021-11-01 16:00:50 +00:00
Owen Mansel-Chan
e6a57b22a2 Add isVariadic() on FuncDecl and Function 2021-11-01 16:00:49 +00:00
Owen Mansel-Chan
245d85ae97 Update dbscheme to add table for variadic signature types 2021-11-01 16:00:49 +00:00
Chris Smowton
c6c25eeff6 Merge pull request #598 from GleasonK/main
Fixed broken/moved/redirected links.
2021-11-01 12:08:59 +00:00
Chris Smowton
b365ac5c31 QL -> CodeQL 2021-11-01 10:43:24 +00:00
Chris Smowton
9cb783dffa Better link for CONTRIBUTING.md section 4 2021-11-01 10:42:13 +00:00
Kevin Gleason
49f4e3742f Fixed broken/moved/redirected links. 2021-10-29 17:17:17 -04:00
Tony Torralba
3ea1af3819 Refactor into separate libraries 2021-10-29 17:36:02 +02:00
pupiles
adea73da23 Merge branch 'main' into feature/cwe-090 2021-10-29 20:46:50 +08:00
pupiles
cd230bf9d7 feat:add ldap sink &&change code style 2021-10-29 20:44:03 +08:00
Chris Smowton
5cdeb40d6b Merge pull request #594 from owen-mc/insufficient-key-size-barrier-guard
Add barrier guard for comparison in Insufficient Key Size query
2021-10-29 12:32:29 +01:00
Chris Smowton
004beab750 Add a good variant of test case foo10 2021-10-29 11:07:30 +01:00
Tony Torralba
7f15177498 Move from experimental 2021-10-29 10:19:05 +02:00
zhouxufeng
89a03d46ea add ldap inject source 2021-10-29 11:27:48 +08:00
jorgectf
066b40098c Add lxml.etree.XMLParser missing resolve_entities dangerous case 2021-10-28 19:34:15 +02:00
zhouxufeng
bcdf17d16f feat ldap inject 2021-10-28 20:42:06 +08:00
valeria-meli
434571067f Merge branch 'main' into feature/SSRF 2021-10-28 09:06:58 -03:00
valeria-meli
9615544092 Merge commit 'e784c356916468d4f40b8f47899970c4e75dada9' into main 2021-10-28 09:06:17 -03:00
Rasmus Wriedt Larsen
58bc1102e5 Merge branch 'main' into jorgectf/python/deserialization 2021-10-28 12:31:34 +02:00
Owen Mansel-Chan
599c276fd8 Add change note 2021-10-28 10:10:39 +01:00
Owen Mansel-Chan
e0e1a4671a Address review comments 2021-10-28 10:10:39 +01:00
Owen Mansel-Chan
cdee44bbd1 Add barrier guard for comparison 2021-10-28 10:10:38 +01:00
jorgectf
cf9e9f9dd4 Add cookie injection query missing proper tests 2021-10-28 10:28:45 +02:00
jorgectf
129edd605e Update .expected 2021-10-28 09:25:56 +02:00
jorgectf
5dc1ad6f8a Polish .ql 2021-10-28 09:25:47 +02:00
jorgectf
0f2b81e0d2 Polish tests 2021-10-28 09:24:47 +02:00
ihsinme
1c80f26178 Update ExposureSensitiveInformationUnauthorizedActor.ql 2021-10-28 09:50:41 +03:00
ihsinme
04ee78aecf Apply suggestions from code review
thanks

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2021-10-28 09:46:26 +03:00
jorgectf
48c3c3d8a8 Broaden scope 2021-10-27 21:00:50 +02:00
Chris Smowton
e784c35691 Merge pull request #595 from sauyon/patch-1
Add comment to `HasEllpsisTable`
2021-10-27 19:10:12 +01:00
jorgectf
28ec8c9dee Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie 2021-10-27 19:00:55 +02:00
Sauyon Lee
74da4820ee Add comment to HasEllpsisTable 2021-10-27 08:51:58 -07:00
Andrew Eisenberg
09e70a9b8a Merge pull request #592 from github/aeisenberg/suite-helpers
Update references to suite-helpers
2021-10-25 14:26:06 -07:00
Andrew Eisenberg
4b8909fe10 Update references to suite-helpers
Use the new pack names instead of the old names.
2021-10-25 12:11:22 -07:00
ihsinme
8a1d271328 Add files via upload 2021-10-25 14:48:19 +03:00
ihsinme
1dacd2ea76 Add files via upload 2021-10-25 14:47:25 +03:00
Chris Smowton
efecc9ab80 Merge pull request #591 from owen-mc/update-inline-expectations-test
Update inline expectations test
2021-10-21 12:41:57 +01:00
Owen Mansel-Chan
f4d9f2f2fa Remove unused test comments
These were introduced in 68dca955. Currently they aren't doing anything
as there isn't an inline expectation test for the tag "source" in this
folder. It seems they were originally intended to indicate untrusted flow
sources, but they aren't needed as we are using "noflow" to only mark the
places where there isn't a flow.
2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
e01291f880 Put space after MISSING: and SPURIOUS:
This is the preferred style now
2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
f38fd5722f Only one dollar sign in each comment 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
09ef621b2f Put space after first dollar sign 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
b8bd40463e Reorder MISSING labels
The behaviour has changed: previously, "f+:" and "f-:" only affected the
following entry, but "MISSING:" and "SPURIOUS:" affect all following
2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
f28539928a Quote expected values that have spaces 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
5f0f04de1c Update labels for missing and spurious results 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
7961ba6b93 Add hasActualResult predicate not using Location 2021-10-21 11:07:50 +01:00
Owen Mansel-Chan
a9165ce4a6 Sync InlineExpectationsTest.qll 2021-10-21 05:21:18 +01:00
Chris Smowton
32d71e8247 Merge pull request #585 from github/jbj/getAPrimaryQlClass-file
Fix getAPrimaryQlClass for File classes
2021-10-19 11:17:07 +01:00
Chris Smowton
392c084da4 Merge pull request #589 from github/aeisenberg/suites-fix
Suites: Switch to the `queries` directive
2021-10-18 19:19:58 +01:00
Andrew Eisenberg
198acac383 Suites: Switch to the queries directive
The addition of the `defaultSuite` directive means that using
the `qlpack` directive in a query suite will only return the
queries in the default suite, not _all_ the queries in the
pack as was the prior behaviour. This change ensures that
all query suites resolve to the same queries as before.
2021-10-18 10:00:59 -07:00
jorgectf
f1a73e3009 Merge branch 'jorgectf/python/deserialization' of https://github.com/jorgectf/codeql into jorgectf/python/deserialization 2021-10-16 10:07:13 +02:00
jorgectf
c2046f1777 Improve readability for xmlDom() 2021-10-16 10:07:11 +02:00
Jorge
be424704a6 Apply suggestions from code review
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2021-10-16 10:04:50 +02:00
jorgectf
320a00be31 Delete simple API::Nodes 2021-10-16 10:02:43 +02:00
jorgectf
5b66a15de3 Extend mayBeDangerous() QLDoc 2021-10-16 09:57:28 +02:00
jorgectf
15dfc6d1da Fix xml_sax_parser.py good/bad naming 2021-10-16 09:50:58 +02:00
Jonas Jensen
61a0c44ef6 Accept test changes: File -> GoFile 2021-10-15 08:04:58 +02:00
Andrew Eisenberg
25dc4f316b Merge pull request #587 from github/aeisenberg/query-suite
Fix recursive reference in query suite
2021-10-14 09:53:56 -07:00
Andrew Eisenberg
de79eac0bb Fix recursive reference in query suite
The line `- qlpack: codeql-go` references the pack's
default suite, which is this suite. Therefore this
reference is recursive and not allowed.

The change here aligns the query pack with other
languages.
2021-10-14 08:24:49 -07:00
Chris Smowton
a0a5462f50 Merge pull request #586 from github/erik-krogh/explicit-this
add explicit this qualifiers
2021-10-14 15:39:14 +01:00
Erik Krogh Kristensen
d27f42d287 add explicit this qualifiers 2021-10-14 12:45:14 +02:00
Jonas Jensen
1c245ba636 Fix getAPrimaryQlClass for File classes 2021-10-14 11:37:05 +02:00
Andrew Eisenberg
abe3f2148b Merge pull request #584 from github/aeisenberg/tutorial
Move tutorial directly into each qlpack
2021-10-13 09:32:44 -07:00
Andrew Eisenberg
0786af19fb Move tutorial directly into each qlpack
See also https://github.com/github/codeql/pull/6862
2021-10-12 14:39:15 -07:00
Andrew Eisenberg
fb5186d887 Merge pull request #583 from github/aeisenberg/defaultSuite
Add a defaultSuiteFile property
2021-10-12 14:27:40 -07:00
Andrew Eisenberg
705093d709 Fix property name 2021-10-12 13:04:28 -07:00
Andrew Eisenberg
da708c9743 Add a defaultSuite property 2021-10-12 12:48:01 -07:00
Chris Smowton
c6b9db37be Merge pull request #581 from github/RasmusWL/normalize-qlpack
Packaging: Normalize src/qlpack.yml
2021-10-12 11:02:18 +01:00
Rasmus Wriedt Larsen
c7196916aa Packaging: Normalize src/qlpack.yml
Port of 4) from https://github.com/github/codeql/pull/6605

> Dependencies from query packs to other packs are always "*" since
these dependencies are always from source and we should get the
latest.

Compare with [C++ change](https://github.com/github/codeql/pull/6605/files#diff-0236560ca1b9c19eb7c74d8bfecd1c78005e762122f8bcdaee9eb9b20460bf9c).
2021-10-11 14:36:12 +02:00
Andrew Eisenberg
88ac6d7a40 Merge pull request #566 from dbartol/dbartol/refactor
Refactor Go pack into separate library and query packs
2021-10-07 09:41:47 -07:00
Dave Bartolomeo
3ea2152a86 Use a for loop 2021-10-07 11:35:42 -04:00
Dave Bartolomeo
590b4aac2a Fix PR feedback 2021-10-07 11:00:15 -04:00
Dave Bartolomeo
eed0eab02c Merge remote-tracking branch 'upstream/main' into dbartol/refactor 2021-10-07 10:49:45 -04:00
Chris Smowton
1c2b46e10d Merge pull request #578 from github/rasmuswl/fix-hasLocationInfo-url
Fix `hasLocationInfo` URL reference
2021-09-29 14:06:01 +01:00
Rasmus Wriedt Larsen
8deaeb4ea1 Fix hasLocationInfo URL reference
Port of https://github.com/github/codeql/pull/6775
2021-09-29 13:53:55 +02:00
Rasmus Wriedt Larsen
8df3dab121 Python: Adjust .expected with subpaths 2021-09-28 17:04:20 +02:00
Rasmus Wriedt Larsen
e472814ddd Python: Fix XXE qhelp 2021-09-28 17:02:39 +02:00
Rasmus Wriedt Larsen
9c286a1b50 Python: fix name of .qhelp file 2021-09-28 16:57:46 +02:00
Rasmus Wriedt Larsen
67fddda6d2 Merge branch 'main' into jorgectf/python/deserialization 2021-09-28 16:49:33 +02:00
Chris Smowton
8b3682205b Merge pull request #577 from intrigus-lgtm/patch-3
Update query description
2021-09-27 13:50:08 +01:00
intrigus-lgtm
d26841da57 Update query description
A wildcard origin does not allow Access-Control-Allow-Credentials: true.
This change had been made in 824b5a4b52
but I has been forgotten to update the query description.
2021-09-27 13:34:30 +02:00
Natalia Pesaresi
83613ea042 Merge branch 'main' into feature/SSRF 2021-09-24 17:52:51 -03:00
Nati Pesaresi
636000ce01 fix qlref 2021-09-24 17:50:26 -03:00
Nati Pesaresi
1de0b0401a inheritance fix 2021-09-24 17:14:45 -03:00
Nati Pesaresi
ba552251e9 rm region tags 2021-09-24 17:08:52 -03:00
Erik Krogh Kristensen
a082ed917c track flow through string replace calls that just replace single chars 2021-09-22 19:43:48 +02:00
Chris Smowton
cc1d1d8d1b Merge pull request #575 from hvitved/remove-reduced-env-var
Remove `CODEQL_REDUCE_FILES_FOLDERS_RELATIONS`
2021-09-22 16:51:06 +01:00
Tom Hvitved
9142079902 Remove CODEQL_REDUCE_FILES_FOLDERS_RELATIONS 2021-09-22 09:40:39 +02:00
Nati Pesaresi
a9a36ace3b validator uuid 2021-09-17 18:01:43 -03:00
Nati Pesaresi
f913b1504a codeql query format --in-place 2021-09-17 17:54:19 -03:00
Nati Pesaresi
746ce630f4 codeql query format --in-place 2021-09-17 17:53:01 -03:00
Natalia Pesaresi
63bb7ef56c Merge branch 'main' into feature/SSRF 2021-09-17 17:46:32 -03:00
Nati Pesaresi
9ec35a0f99 merge main 2021-09-17 17:43:35 -03:00
Nati Pesaresi
2a20fe4b0e beautify names 2021-09-17 17:40:56 -03:00
Natalia Pesaresi
a2bc1b57c1 Merge pull request #1 from npesaresi/feature/SSRF
CWE-918
2021-09-17 17:27:04 -03:00
Sauyon Lee
769456ee10 Merge pull request #572 from smowton/smowton/admin/revert-go-list
Revert "Merge pull request #554 from xhd2015/accelerate_go_list"
2021-09-16 10:48:18 -07:00
Chris Smowton
c13229d581 Revert "Merge pull request #554 from xhd2015/accelerate_go_list"
This reverts commit e5a2b6081d, reversing
changes made to ee893b252c.
2021-09-16 17:16:59 +01:00
Chris Smowton
0214c97589 Merge pull request #569 from smowton/smowton/fix/optimize-guarding-function
Use unique aggregate to optimize guardingFunction
2021-09-09 22:02:56 +01:00
jorgectf
61a81b60e8 Extend .qlref 2021-09-09 19:06:58 +02:00
Chris Smowton
f6a629ee30 Merge pull request #570 from github/smowton/admin/fix-upgrade-script
Fix broken upgrade script
2021-09-09 15:02:38 +01:00
Chris Smowton
848d6c56bb Fix broken upgrade script 2021-09-09 13:48:14 +01:00
Dave Bartolomeo
6837233128 Treat CallSideEffect and InitializeDynamicAllocation the same as other side effects during IR generation
This commit moves the IR generation for the `CallSideEffect` and `InitializeDynamicAllocation` side effect instruction into their own subclasses of `TranslatedSideEffect`. Previously, they were embeddded in `TranslatedCall` and `TranslatedAllocationSideEffects`. There are no diffs in the generated IR. This just makes the implementation of all side effect generation be consistent.
2021-09-07 14:22:23 -04:00
jorgectf
21da603d81 Update .qlref 2021-09-07 20:13:39 +02:00
Dave Bartolomeo
d1e6813812 Make side effects for constructor calls use same mechanism as other arguments
This commit is yet another step to fixing the order of IR side effect instructions. Instead of having a special `StructorCallSideEffects` class for the call itself, I've introduced a `TranslatedStructorCallQualifierSideEffect` class that shares a bunch of common code with `TranslatedArgumentExprSideEffect`, but handles the case where there's no `Expr` for the qualifier of the constructor call. Because this class uses the same ordering as regular argument side effects, these side effects now appear in the correct order, reads before writes.

The test expectations have changed to reflect the new, correct order.
2021-09-03 16:58:32 -04:00
Dave Bartolomeo
ba72a1cde7 Make TranslatedSideEffect abstract
This is step two of fixing the ordering of call side effects. This commit refactors the existing `TranslatedSideEffect` class into an abstract `TranslatedSideEffect` class, which contains functionality common to all kinds of side effect, and a concrete `TranslatedArgumentSideEffect` class, which is the implementation of argument side effects. A future commit will add additional concrete classes for conservative call side effects and allocation side effects.

This change has zero diffs to the generated IR.
2021-09-03 11:31:14 -04:00
Dave Bartolomeo
47e16b0480 Move logic for determining CallSideEffect opcode out of TranslatedCall.
This is the first step to fixing the order of side effects on call instructions. The goal is to move all side effects (argument side effects, allocation side effects, and conservative call side effects) to be treated as elements in a single sequence of side effects, which will then be handled in a single place similar to how we already handle argument side effects.
2021-09-03 09:58:31 -04:00
Sauyon Lee
e5a2b6081d Merge pull request #554 from xhd2015/accelerate_go_list
Accelerating go-extractor by using 'go list -deps' instead of just 'go list'
2021-09-02 12:32:02 -07:00
Sauyon Lee
f9ce06b4c0 Check for nil when getting package info 2021-09-02 11:25:58 -07:00
Sauyon Lee
7d3c504c3c Fix godoc 2021-09-02 11:25:57 -07:00
Sauyon Lee
89c9c7060c Remove unnecessary environment set 2021-09-02 11:25:57 -07:00
Sauyon Lee
6ed6193973 Remove redundant map assignments and fix some typos 2021-09-02 11:25:57 -07:00
xhd2015
8532605be7 Accelerating go-extractor by using 'go list -deps' instead of just 'go list'
Change-Id: Icc77214809a0bb8536d751f21194690d58663dc5
2021-09-02 11:25:57 -07:00
Chris Smowton
88645cf0f1 Use unique aggregate to optimize guardingFunction 2021-08-31 18:38:44 +01:00
Tom Hvitved
ee893b252c Merge pull request #560 from hvitved/drop-files-folders-columns
Drop redundant columns from `files` and `folders` relations
2021-08-26 19:30:35 +02:00
Tom Hvitved
c70a413b71 DB upgrade script 2021-08-26 13:41:44 +02:00
Tom Hvitved
a9a0cffb01 Drop redundant columns from files and folders relations 2021-08-26 13:41:44 +02:00
Sauyon Lee
1ab2c44310 Merge pull request #564 from sauyon/add-cfg
Uncomment CFG tests
2021-08-25 18:28:33 -07:00
Sauyon Lee
ec6ac9db7c Remove useless nodes predicate 2021-08-25 17:16:46 -07:00
Sauyon Lee
630e46e1fd Exclude files with build constraints from the cfg test 2021-08-25 17:16:46 -07:00
Sauyon Lee
5fbed2b219 Uncomment CFG tests 2021-08-25 17:16:46 -07:00
jorgectf
48bca5beb8 Fix references' link anchor 2021-08-25 17:09:47 +02:00
Dave Bartolomeo
d82580647e Add reference to codeql/go-examples pack from test pack 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
bcaf218cd4 Update readme with workflow changes 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
bc9764fcde Invoke bash explicitly for Windows 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
a069fa6fda Make install script executable 2021-08-24 10:31:03 -04:00
Dave Bartolomeo
7c70745e52 Build target to run codeql pack install 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
3165b8dec1 Script to run codeql pack install 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
12bb6728d1 Fix dependencies for Go test pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
26fd45746c Move Go QL library files into separate pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
1726a8b65f Initial makefile changes for pack refactoring 2021-08-24 10:31:01 -04:00
Dave Bartolomeo
6d829cfdf3 Modernize Go pack definitions 2021-08-24 10:31:01 -04:00
Dave Bartolomeo
b6c250cbff Ignore .codeql directories 2021-08-24 10:31:01 -04:00
Chris Smowton
a6f3d464ae Merge pull request #568 from igfoo/igfoo/getPrimaryQlClasses
Add getPrimaryQlClasses()
2021-08-24 14:13:50 +01:00
Ian Lynagh
6a86f1a91b Add getPrimaryQlClasses()
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
2021-08-24 13:03:24 +01:00
Sauyon Lee
4df8fac91c Merge pull request #559 from sauyon/xorm
Add Xorm support
2021-08-23 09:21:19 -07:00
Sauyon Lee
dc00a17fd2 Add Xorm license 2021-08-23 08:15:57 -07:00
sn00py
474287dc9f Update SQL.qll
remove package
2021-08-23 08:15:57 -07:00
sn00py
7fc045e749 Add inline test for xorm 2021-08-23 08:15:57 -07:00
snoopywu
4975dccd34 Format SQL.qll 2021-08-23 08:15:57 -07:00
snoopywu
0174270a03 Add change note 2021-08-23 08:15:56 -07:00
snoopywu
8c608bad21 Add Xorm support 2021-08-23 08:15:56 -07:00
Chris Smowton
647bc51483 Merge pull request #563 from sauyon/go117
Add support for Go 1.17
2021-08-23 10:45:24 +01:00
Sauyon Lee
4a1daf173c fixup model changes 2021-08-19 14:04:38 -07:00
Sauyon Lee
d4aa572109 Add tests for Go 1.17 library changes 2021-08-19 14:02:30 -07:00
Sauyon Lee
c41502de1e Fix tests for go 1.17 2021-08-19 14:02:29 -07:00
Sauyon Lee
f20922dcc7 Handle - positions in errors 2021-08-19 14:02:29 -07:00
Sauyon Lee
5c7590db53 Exclude beta versions of the CodeQL CLI 2021-08-19 14:02:29 -07:00
Sauyon Lee
ab80f35451 Add change note for 1.17 2021-08-19 14:02:29 -07:00
Sauyon Lee
ef1238cdd3 Add test for conversion panic 2021-08-19 14:02:29 -07:00
Sauyon Lee
cb40498b41 Update actions to use go 1.17 2021-08-19 14:02:29 -07:00
Sauyon Lee
b1e91e578b Add models for library changes 2021-08-19 14:02:26 -07:00
Sauyon Lee
040b166eb2 Add new style build constraints and add test for the old style 2021-08-19 14:00:04 -07:00
Sauyon Lee
189070cf2c Add support for go:build style constraints
This doesn't account for the new syntax, but there was no syntax
parsing in the old version anyway, and the only user doesn't currently
care about semantics
2021-08-19 14:00:03 -07:00
Sauyon Lee
f39e43e5d0 Allow conversions to an array to panic 2021-08-19 14:00:03 -07:00
Sauyon Lee
2a5e7e24cd Update dependencies for go1.17 2021-08-19 14:00:03 -07:00
Sauyon Lee
b9871add53 Merge pull request #565 from sauyon/remove-dots
Remove non-goific dot in method signatures
2021-08-19 13:41:25 -07:00
Sauyon Lee
ff1eb8ef43 Remove non-goific dot in method signatures 2021-08-19 12:36:59 -07:00
Owen Mansel-Chan
51b3f7f62d Merge pull request #555 from owen-mc/upstream-weak-crypto-key
Promote weak crypto key from experimental
2021-08-18 12:57:27 +01:00
Owen Mansel-Chan
b96efc655e Improve grammar and punctuation 2021-08-18 11:54:06 +01:00
Owen Mansel-Chan
6f2040da51 Add security severity score 2021-08-18 11:54:06 +01:00
Owen Mansel-Chan
8c97395884 Add change note 2021-08-18 11:54:05 +01:00
Owen Mansel-Chan
3bf2cf0ed8 Add precision metadata 2021-08-18 11:54:05 +01:00
Owen Mansel-Chan
9634e8d7b0 Update path in qlref file 2021-08-18 11:54:04 +01:00
Owen Mansel-Chan
ca01d55297 Promote insufficient key size query
Files were just moved - changes made in next commit
2021-08-18 11:54:04 +01:00
Chris Smowton
10e362a0f2 Merge pull request #562 from sauyon/remove-binary
Remove accidentally added binary
2021-08-17 19:55:26 +01:00
Chris Smowton
2b6dde8e6c Merge pull request #561 from github/developer-happiness-query-suite
Add a query suite for new experimental "developer happiness" queries
2021-08-17 19:45:44 +01:00
Sauyon Lee
dc50d73008 Remove accidentally added binary 2021-08-17 10:11:04 -07:00
Sam Partington
78a4823bde Ensure all 3 IDs are considered
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
2021-08-17 09:53:11 +01:00
Sam Partington
4e36d1f52f Add a query suite for new experimental "developer happiness" queries
These are the queries added in https://github.com/github/codeql-go/pull/558.
2021-08-16 18:05:31 +01:00
Chris Smowton
fbc65b3f87 Merge pull request #558 from sauyon/add-sample-queries
Add sample DB-related queries
2021-08-12 21:55:14 +01:00
Sauyon Lee
4c5d3ff344 Move defer in loop query to experimental 2021-08-12 10:13:30 -07:00
Sauyon Lee
02396dbd04 Add database query in loop query
co-authored-by: Robert <robertbrignull@github.com>
co-authored-by: Sam Partington <sampart@github.com>
2021-08-11 18:15:23 -07:00
Sauyon Lee
1ffeb26a61 Add query for a GORM error not checked
co-authored-by: Sam Partington <sampart@github.com>
co-authored-by: Robin Neatherway <rneatherway@github.com>
2021-08-11 18:15:23 -07:00
Nati Pesaresi
210d0f3d6a cwe-918 2021-08-03 17:48:08 -03:00
Shati Patel
65e9262b41 Merge pull request #556 from github/shati-patel-patch-1
Update CODEOWNERS
2021-07-28 12:56:48 +01:00
Shati Patel
0c4674cf86 Update CODEOWNERS
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2021-07-28 11:54:25 +01:00
Shati Patel
e83af8e4ea Update CODEOWNERS 2021-07-28 11:42:33 +01:00
jorgectf
54ed25a925 Change False and None scopes 2021-07-25 18:21:16 +02:00
jorgectf
c8a7f48d6e Add .expected 2021-07-25 18:18:38 +02:00
jorgectf
983465963a Polish CookieWrite 2021-07-25 18:18:29 +02:00
jorgectf
65044293dd Add CookieWrite concept 2021-07-25 17:53:58 +02:00
jorgectf
66fdd530e3 Merge branch 'jorgectf/python/headerInjection' into jorgectf/python/insecure-cookie 2021-07-25 04:35:51 +02:00
jorgectf
4f68a1777c Write documentation and example 2021-07-25 04:07:05 +02:00
jorgectf
c8983be947 Add query 2021-07-25 04:06:44 +02:00
jorgectf
8a3e4f14d1 Add tests and .qlref 2021-07-25 04:06:02 +02:00
jorgectf
0aaa9c13bd Merge remote-tracking branch 'origin/jorgectf/python/headerInjection' into jorgectf/python/insecure-cookie 2021-07-25 03:22:16 +02:00
jorgectf
93c8529fc9 Add .expected 2021-07-25 01:53:21 +02:00
jorgectf
1dd77f167a Fix undetected tests 2021-07-25 01:51:52 +02:00
jorgectf
b83b31cc7a Write qldocs 2021-07-24 02:33:57 +02:00
jorgectf
61e873d725 Polish tests 2021-07-24 02:09:23 +02:00
jorgectf
0d2646fd3d Polish documentation 2021-07-24 01:23:51 +02:00
jorgectf
068150b1ab Finish modeling 2021-07-22 19:34:23 +02:00
jorgectf
b5e10b6c42 Write (String|Bytes)IO additional taint step 2021-07-22 19:15:30 +02:00
jorgectf
11f4c1cc8e Format tests 2021-07-22 19:04:35 +02:00
Chris Smowton
e39753c72a Merge pull request #552 from github/deferinloop-kind
Add @kind to deferinloop.ql
2021-07-19 11:17:26 +01:00
Chris Smowton
b03513bcd2 Merge pull request #542 from gagliardetto/cors-misconfig
Add query to detect CORS misconfiguration
2021-07-16 16:12:15 +01:00
Chris Smowton
87afdae1c7 use hasFlowTo where possible 2021-07-16 14:38:05 +01:00
Sam Partington
e227a4315f Add @kind to deferinloop.ql
Required to use this query with the CodeQL CLI
2021-07-16 14:25:58 +01:00
Slavomir
52b650a1be Add AllowOriginHeaderWrite and AllowCredentialsHeaderWrite classes 2021-07-16 00:01:55 +02:00
Slavomir
e92738a93f Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2021-07-16 00:42:36 +03:00
Chris Smowton
73227f12df Merge pull request #539 from gagliardetto/fiber
Add web framework: github.com/gofiber/fiber
2021-07-15 17:53:45 +01:00
Slavomir
d252d6003f Remove Protocol as UntrustedFlowSource 2021-07-15 16:20:33 +02:00
Slavomir
498332c186 Mention Fiber.json in Fiber.qll 2021-07-15 15:15:10 +02:00
Slavomir
7d1a632b61 Move fiber spec in the same folder as source 2021-07-15 15:12:02 +02:00
Slavomir
92e0f02d2a Remove special cases inside if 2021-07-15 15:06:28 +02:00
Slavomir
66bd56f444 Don't use any() as sink 2021-07-05 13:14:56 +02:00
jorgectf
d475d52c76 Add partial modeling 2021-06-30 00:59:40 +02:00
jorgectf
c3b3bde35d Add XMLParser concept 2021-06-30 00:59:17 +02:00
jorgectf
b9fa57f518 Move tests to test/ 2021-06-30 00:58:58 +02:00
Chris Smowton
cd1e14ed09 Merge pull request #549 from edoardopirovano/change-pragma
Performance: Remove `pragma[noopt]`
2021-06-22 19:14:52 +01:00
jorgectf
78deec84fc Upload main structure and initial tests 2021-06-22 16:41:08 +02:00
Edoardo Pirovano
65a34b4aa6 Performance: Remove pragma[noopt] 2021-06-22 10:05:53 +01:00
Chris Smowton
52028cf363 Merge pull request #547 from edoardopirovano/fix-join-order
Performance: Fix bad join ordering
2021-06-21 20:11:22 +01:00
Edoardo Pirovano
a7c656db8b Performance: Fix bad join ordering 2021-06-21 18:58:35 +01:00
Slavomir
c0f195ba16 Reduce false positives 2021-06-19 22:25:51 +02:00
jorgectf
0e61558644 Empty commit 2021-06-19 18:39:58 +02:00
edvraa
ac777d237d autoformat 2021-06-17 09:23:26 +01:00
edvraa
0456d4793a Fix path tracking 2021-06-17 09:23:26 +01:00
edvraa
4576b16f30 Use dataflow gettype 2021-06-17 09:23:26 +01:00
edvraa
062acedd49 Unify and make getValueForFieldWrite private 2021-06-17 09:23:26 +01:00
edvraa
236b623f60 Get rid of NetHttpCookieTrackingConfiguration 2021-06-17 09:23:26 +01:00
edvraa
031a79b8f5 Gorilla Store Save sink 2021-06-17 09:23:26 +01:00
edvraa
8110c3d059 Use HasFlow 2021-06-17 09:23:26 +01:00
edvraa
d60d18a8d0 Stay on dataflow level 2021-06-17 09:23:26 +01:00
edvraa
ed8d025bdf Dedicated types 2021-06-17 09:23:26 +01:00
edvraa
cba4f0448e Use package 2021-06-17 09:23:26 +01:00
edvraa
167496edff Use MethodCallNode and hasQualifiedName 2021-06-17 09:23:26 +01:00
edvraa
5929f66efb No need for Function f 2021-06-17 09:23:26 +01:00
edvraa
06c328c5aa Fix comment 2021-06-17 09:23:26 +01:00
edvraa
3ac1b4ba0b Use CallNode 2021-06-17 09:23:26 +01:00
edvraa
d06f4ca21e Fix argumnt nr 2021-06-17 09:23:26 +01:00
edvraa
9224a315f1 inline isGinContextCookieFlow 2021-06-17 09:23:26 +01:00
edvraa
4d397d9974 Fix tests 2021-06-17 09:23:26 +01:00
edvraa
5349c98ae1 Comments 2021-06-17 09:23:26 +01:00
edvraa
0b9959e4ef Default stub 2021-06-17 09:23:26 +01:00
edvraa
d32fa19c12 reformat 2021-06-17 09:23:26 +01:00
edvraa
4eb4787692 simplify expressions 2021-06-17 09:23:26 +01:00
edvraa
f537c479c9 path tracking 2021-06-17 09:23:26 +01:00
edvraa
253abc55d9 get rid of AuthCookieNameConfiguration 2021-06-17 09:23:26 +01:00
edvraa
9c0b83fd34 Use getAPredecessor 2021-06-17 09:23:26 +01:00
edvraa
ff06815db1 Code review 2021-06-17 09:23:26 +01:00
edvraa
cbaad2efb9 Sensitive cookie without HttpOnly 2021-06-17 09:23:26 +01:00
Chris Smowton
191a4c1101 Merge pull request #546 from github/calumgrant/security-severities
Add security-severity scores
2021-06-16 14:22:27 +01:00
Calum Grant
975e4d7284 Add security-severity scores 2021-06-15 15:56:57 +01:00
luchua-bc
6a2c7d54cd Enhance the query to check more scenarios 2021-06-14 03:24:16 +00:00
Slavomir
824b5a4b52 Wildcard origin does not allow Access-Control-Allow-Credentials: true 2021-06-05 10:40:28 +02:00
Chris Smowton
db0566c325 Merge pull request #543 from gagliardetto/clevergo-spec
Add codemill spec for clevergo
2021-06-03 13:59:59 +01:00
Slavomir
4662358b8d Add flag checks 2021-06-03 12:53:52 +02:00
Slavomir
56e99b6efb Convert header values to lowercase before comparing 2021-06-03 10:50:50 +02:00
Sauyon Lee
225a69aa27 Merge pull request #544 from github/erik-krogh/fix-primaryqlclass-typo
fix typo in the `getAPrimaryQlClass` implementation for `LabeledStmt`
2021-05-29 18:59:36 +00:00
Erik Krogh Kristensen
47d6412e1c update expected output 2021-05-29 17:56:03 +00:00
Erik Krogh Kristensen
5b357e936b fix typo in the getAPrimaryQlClass implementation for LabeledStmt 2021-05-29 19:01:16 +02:00
Slavomir
cb3cbc5e3f Move spec to the same location of qll 2021-05-27 17:00:19 +02:00
Slavomir
4212eb7ac2 Add codemill spec for clevergo 2021-05-24 15:35:57 +02:00
Slavomir
521039d6a2 Add codemill spec 2021-05-24 15:34:16 +02:00
Slavomir
8525c58e1a Improve qhelp doc 2021-05-24 15:19:50 +02:00
Slavomir
74f8f1dcdb Cleanup 2021-05-24 15:19:35 +02:00
Sauyon Lee
1a67f8d867 Merge pull request #530 from edvraa/key
CWE-326: Insufficient key size
2021-05-24 01:11:16 +00:00
Slavomir
9d1f13fe9b Add allowOriginIsWildcardOrNull predicate 2021-05-22 18:32:48 +02:00
Slavomir
924e445ce9 Add missing newline 2021-05-22 18:19:44 +02:00
Slavomir
f261f34f57 Add query to detect CORS misconfiguration 2021-05-22 18:14:13 +02:00
edvraa
c95295aa81 Simplify get int 2021-05-21 12:38:01 +01:00
edvraa
c9c22fd871 Change the message 2021-05-21 12:38:01 +01:00
edvraa
8414759f7d Code review 2021-05-21 12:38:01 +01:00
edvraa
7e1c57689b Insufficient key size 2021-05-21 12:38:01 +01:00
Sauyon Lee
d47d0303b0 Merge pull request #541 from smowton/smowton/admin/tag-lines-of-code 2021-05-14 19:11:40 +00:00
Chris Smowton
bc80772075 Tag lines of code query 2021-05-14 18:27:55 +01:00
Niroshan Rajadurai
d9826c571a Update README.md
Updates to point to GHAS Capabilities, and tighter wording on License terms
2021-05-13 13:17:16 +01:00
Chris Smowton
6dcfbe8135 Merge pull request #540 from owen-mc/test-dataflow-pr-5773
Sync data-flow libraries
2021-05-12 10:49:33 +01:00
Owen Mansel-Chan
f0fd501a23 No need to cache isUnreachableInCall any more 2021-05-12 08:54:58 +01:00
Owen Mansel-Chan
a86390d850 Sync data-flow libraries
As of 2021-05-12
2021-05-12 08:54:11 +01:00
Slavomir
f644194354 Add package predicates 2021-05-10 15:18:47 +02:00
Slavomir
06fac54da3 Add web framework: github.com/gofiber/fiber 2021-05-10 15:12:32 +02:00
Chris Smowton
879666682d Merge pull request #537 from gagliardetto/fix-clevergo
CleverGo: Update generated naming
2021-05-10 12:32:08 +01:00
Chris Smowton
1f9097430e Merge pull request #535 from owen-mc/update-dataflow-libraries-2021-05-05
Update dataflow libraries 2021-05-05
2021-05-10 09:53:32 +01:00
Slavomir
7810461651 Update generated naming 2021-05-09 22:52:07 +02:00
Owen Mansel-Chan
fcbedee4c5 Keep call to defaultTaintSanitizerGuard 2021-05-06 15:06:29 +01:00
Owen Mansel-Chan
349df54905 Ignore lambda data flow for now 2021-05-06 13:57:49 +01:00
Owen Mansel-Chan
daf73553f6 Sync shared dataflow libraries 2021-05-05 16:58:30 +01:00
Chris Smowton
774717d2b8 Merge pull request #522 from gagliardetto/fix-clevergo
Improve CleverGo models
2021-04-30 17:11:56 +01:00
Slavomir
ea2909a362 HTTP::HeaderWrite: Don't override string getHeaderValue() with none() 2021-04-30 15:39:09 +01:00
Slavomir
110a3983c1 Regenerate codeql: Refactor HTTP::HeaderWrite 2021-04-30 15:39:09 +01:00
Slavomir
5578afa189 Regenerate using latest codemill generator. 2021-04-30 15:39:09 +01:00
Chris Smowton
0beaa7fdc9 Model content-type setters as HeaderWrites. 2021-04-30 15:39:09 +01:00
Chris Smowton
9ea8b34e47 HTTP ResponseBody: support HeaderWrites with hard-coded header values. 2021-04-30 15:39:09 +01:00
Chris Smowton
3fd2c7d4bb Note response writers for existing HeaderWrite and HttpRedirect instances 2021-04-30 15:39:09 +01:00
Slavomir
36396df271 HttpResponseBody: Move .getAPredecessor*() to the test query. 2021-04-30 15:39:09 +01:00
Slavomir
989bfa2b1d Improve naming and comments. 2021-04-30 15:39:09 +01:00
Slavomir
78b403f42e Stub alternative HTTP::ResponseBody model implementation 2021-04-30 15:39:09 +01:00
Slavomir
ff848a502a ResponseBody: Use .getAPredecessor*().getStringValue() instead of just .getStringValue() 2021-04-30 15:39:09 +01:00
Chris Smowton
3a0b36cdb8 Merge pull request #531 from sauyon/non-alert-queries
Non-alert queries
2021-04-27 17:49:49 +01:00
Sauyon Lee
bfe6e7510d Evaluate symlinks for the dummy file 2021-04-27 08:32:21 -07:00
Sauyon Lee
d09cb7f228 Remove badpkg.go to make tests location-independent 2021-04-27 01:18:22 -07:00
Sauyon Lee
03c3b15caa Improve autoformatting check 2021-04-27 01:18:21 -07:00
Sauyon Lee
27b72b53e5 Add diagnostic queries 2021-04-27 01:18:21 -07:00
Sauyon Lee
9f85846980 Add lines of code summary query 2021-04-27 01:18:20 -07:00
Sauyon Lee
fa5cb652d8 Fix lines of code counting 2021-04-27 01:18:20 -07:00
Sauyon Lee
ed978e439f Add GoFile and move HtmlFile to Files.qll 2021-04-27 01:18:19 -07:00
Sauyon Lee
2a80a60468 Add GeneratedFile concept 2021-04-27 01:18:19 -07:00
Sauyon Lee
3393588353 Move concepts imports to Concepts.qll 2021-04-27 01:18:18 -07:00
Sauyon Lee
7a790340ed Merge pull request #526 from sauyon/fix-bad-error-locs
Extract dummy files for errors without locations
2021-04-27 01:07:22 -07:00
Sauyon Lee
b808c187cf Add test with curly braces in filename 2021-04-21 21:14:41 -07:00
Sauyon Lee
f15b65d07e Extract dummy files for errors with no location 2021-04-21 21:14:40 -07:00
Sauyon Lee
488f7f5b9b Use pre-transformed path for extractor fileinfo 2021-04-21 21:14:40 -07:00
Chris Smowton
90c4b5d63f Switch to using HTML entities for escaping 2021-04-21 21:14:39 -07:00
Chris Smowton
06c958e61f Extractor: tolerate curly braces in struct field tags, directory names
These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.
2021-04-21 21:14:39 -07:00
Sauyon Lee
466d87684d Merge pull request #528 from sauyon/tuple-map-read 2021-04-21 08:50:40 -07:00
Chris Smowton
9ab1a8d144 Reword change note
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2021-04-21 15:28:28 +01:00
Chris Smowton
e50ad90856 Elaborate comment and change-note a little 2021-04-21 12:36:43 +01:00
Chris Smowton
a152eec9f2 Add test for ExtractTupleElementInstruction.getResultType() 2021-04-21 12:33:51 +01:00
Chris Smowton
4fb714f445 Simplify implementation of ExtractTupleElementInstruction.getResultType 2021-04-21 12:33:00 +01:00
Sauyon Lee
7efbcec50d Add change note 2021-04-20 23:27:03 -07:00
Sauyon Lee
50bb6187b8 Revert ReflectedXss.go to example 2021-04-20 23:27:03 -07:00
Sauyon Lee
d1daca541e Add types for more tuple extractions
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
2021-04-20 14:23:31 -07:00
Sauyon Lee
ba2da6d9a9 Add test exercising channel data flow 2021-04-20 14:23:31 -07:00
Chris Smowton
0cef5fb5d0 Add test case for map extraction 2021-04-20 14:23:29 -07:00
Chris Smowton
f40211bd20 Merge pull request #527 from smowton/smowton/fix/http-request-taint-tracking
Improve net/http taint-tracking fidelity
2021-04-20 12:40:19 +01:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read
Read already gets a model as an implementation of the `Reader` interface.
2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00
Chris Smowton
027a540c67 Update test expectations now that tuple-extracts not method calls are sources 2021-04-19 17:05:50 +01:00
Chris Smowton
a367950014 Restore OpenRedirect's exclusion of POST-only request components 2021-04-19 17:05:23 +01:00
Chris Smowton
685f4fa2a6 Add change note 2021-04-19 16:13:16 +01:00
Chris Smowton
7d258ae722 Improve net/http taint-tracking fidelity
* Don't taint error returns from http.Request methods
* Track taint across mime/multipart.Part methods
2021-04-19 16:05:23 +01:00
Chris Smowton
dbcf1e1cfa Merge pull request #520 from sauyon/add-diagnosticfile
Add a new diagnostics file class and use it for errors
2021-04-09 15:48:57 +01:00
Sauyon Lee
80fe7384cd Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2021-04-09 14:30:23 +01:00
Sauyon Lee
4462948cfc Add a new diagnostics file class and use it for errors 2021-04-09 14:30:23 +01:00
Chris Smowton
46b5f11457 Merge pull request #438 from gagliardetto/clevergo
Pilot #0: Add web framework `clevergo`
2021-04-09 09:48:58 +01:00
Slavomir
8e839f376e Put all tests file in to the CleverGo folder instead of having dedicated folders for each test. 2021-04-09 08:38:37 +01:00
Slavomir
4ae5bdbbec Improve naming of files and elements. 2021-04-09 08:38:37 +01:00
Slavomir
7ea0434514 Move clevergo framework to experimental 2021-04-09 08:38:37 +01:00
Slavomir
3915305361 Refactor and improve HTTP:ResponseBody models and tests 2021-04-09 08:38:37 +01:00
Slavomir
8c18aa6cbd Simplify HTTP::HeaderWrite 2021-04-09 08:38:37 +01:00
Slavomir
7edf739602 Model HTTP::HeaderWrite; regenerate stubs 2021-04-09 08:38:37 +01:00
Slavomir
93ff2459d1 Use docs instead of comments for classes. 2021-04-09 08:38:36 +01:00
Slavomir
0fe7050e7e Add models for HTTP::ResponseBody 2021-04-09 08:38:36 +01:00
Slavomir
98b3cc2dc4 Fix autoformatting 2021-04-09 08:38:36 +01:00
Slavomir
c53d8d3e56 Add http redirect model 2021-04-09 08:38:36 +01:00
Slavomir
55c8d9b22c Make naming more consistent 2021-04-09 08:38:36 +01:00
Slavomir
1de7196060 Regenerate dep stubs 2021-04-09 08:38:36 +01:00
Slavomir
0c1ae62ce9 Use //go:generate depstubber --vendor --auto 2021-04-09 08:38:36 +01:00
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
54abdf1a95 Regenerate tests 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00
Slavomir
34dcf83e11 Fix module doc 2021-04-09 08:38:36 +01:00
Slavomir
11326eb34c Update ql/src/semmle/go/frameworks/CleverGo.qll
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2021-04-09 08:38:36 +01:00
Slavomir
c4ee6175b8 Add back bindingset to packagePath 2021-04-09 08:38:36 +01:00
Slavomir
7c62c63584 codeql: add packagePath predicate 2021-04-09 08:38:36 +01:00
Slavomir
dfbad0edb9 Regenerate code implementing the code review feedback 2021-04-09 08:38:36 +01:00
Slavomir
1bfe395662 Remove import DataFlow::PathGraph 2021-04-09 08:38:36 +01:00
Slavomir
6d9b7d3240 Add web framework: clevergo 2021-04-09 08:38:35 +01:00
Chris Smowton
7bf5abf6b0 Merge pull request #493 from gagliardetto/html-template-escaping-passthrough
Add CWE-79: HTML template escaping passthrough
2021-04-08 20:36:54 +01:00
Slavomir
68c0073c0b Use PassthroughTypeName instead of string 2021-04-08 14:24:35 +01:00
Slavomir
7c35902724 Use DataFlow::Node as parameters 2021-04-08 14:24:35 +01:00
Slavomir
dc95902e56 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2021-04-08 14:24:35 +01:00
Slavomir
1a9b09e8bd Add NumericType sanitizer 2021-04-08 14:24:35 +01:00
Slavomir
541c411086 Add isSanitizer predicate to FlowConfFromUntrustedToTemplateExecutionCall, and a test for it 2021-04-08 14:24:35 +01:00
Slavomir
8f124f8395 Add missing docs 2021-04-08 14:24:35 +01:00
Slavomir
e2b7c035ad Use only one instance of TaintTracking. 2021-04-08 14:24:35 +01:00
Slavomir
280ffdf060 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
5351a8eeb7 Use TaintTracking an TaintTracking2 2021-04-08 14:24:35 +01:00
Slavomir
b42d21f740 Improve comments and naming. 2021-04-08 14:24:35 +01:00
Slavomir
d5355eb6b4 Cleanup 2021-04-08 14:24:35 +01:00
Slavomir
cc31cd2fe2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
0bb5ef6af2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
7b4a748793 Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
7e9f23ab8e Refactor flow logic to ensure untrusted flows to conversion, and conversion flows to template-exec. 2021-04-08 14:24:35 +01:00
Slavomir
963631dedf Improve naming. 2021-04-08 14:24:35 +01:00
Slavomir
687e556df6 Fixes from code review 2021-04-08 14:24:35 +01:00
Slavomir
ad91e4abcb Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
63d51205c9 Apply suggestions from code review
Co-authored-by: Sauyon Lee <sauyon@github.com>
2021-04-08 14:24:35 +01:00
Slavomir
49894341a8 Add CWE-79: HTML template escaping passthrough 2021-04-08 14:24:35 +01:00
Sauyon Lee
29bf388b83 Merge pull request #519 from sauyon/fix-consistency
Extract files for error locations
2021-04-02 01:37:11 -07:00
Chris Smowton
c742a131de Remove filename containing hiragana
Good test, but unfortunately it turns out our ODASA build under Windows can't cope -- we get `make: *** No rule to make target 'language-packs/go/ql/test/library-tests/semmle/go/Files/�.go', needed by 'target/general/go-tools/output/tools/tokenizer.jar'.  Stop.`

Evidently our windows Actions build *does* work, so this is possible in principle, but let's not delay this PR finding out the exact reasons why right now.
2021-04-01 08:57:15 +01:00
Sauyon Lee
4451920ada fixup windows 2021-03-31 08:56:34 -07:00
Sauyon Lee
9b60aff45e Sort extractor smoke test output 2021-03-31 08:12:19 -07:00
Sauyon Lee
44cb8f4f0f Check database consistency in smoke tests 2021-03-31 03:37:55 -07:00
Sauyon Lee
cd6fb7d699 Extract files for error locations
Co-authored-by: Chris Smowton <smowton@github.com>
2021-03-31 03:37:55 -07:00
Sauyon Lee
7e3e2f9adf Add file tests 2021-03-31 02:01:26 -07:00
Owen Mansel-Chan
2ef85291fd Merge pull request #492 from owen-mc/promoted-field-data-flow-non-pointer-type
Add control flow nodes for implicit fields reads when reading a promoted field
2021-03-30 11:15:55 +01:00
Owen Mansel-Chan
2fce333a0b Fix bad join order in getBaseInstruction
It was joining on the index first, rather than the selector expression
2021-03-30 10:13:31 +01:00
Owen Mansel-Chan
3e57ea0e75 Fix Revel template test
We want the controller, which is the type which embeds *Revel.Controller.
We have to skip the implicit field reads to get to the base of the selector
expression.
2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
b507c0d584 Add implicit field reads for promoted method calls 2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
a89a42df6f Expand PromotedField to PromotedValueEntity
This includes promoted methods as well
2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
770c770a8f Add tests for promoted methods
We need implicit field reads for calls to promoted methods.
False negative flags have been added to make this pass on main.
2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
42300819a5 Remove incorrect assumption
Now that we have implicit field reads, it is no longer the case
that the base of a field read instruction will be an eval
instruction.
2021-03-30 10:13:28 +01:00
Owen Mansel-Chan
44b4e211c1 Make ImplicitFieldReadInstruction extend ImplicitFieldReadInstruction
This avoids some code duplication.
2021-03-30 10:13:28 +01:00
Owen Mansel-Chan
00aac808d2 Address review comments 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
a5293fa835 Use index to determine selector base 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
015c0537c2 Add index to FieldReadInstruction 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
0d071b2119 Use depth for implicit field selection 2021-03-30 10:13:26 +01:00
Chris Smowton
204e313c3b Improve documentation 2021-03-30 10:13:26 +01:00
Chris Smowton
6645613eb8 Deduplicate and document helper types 2021-03-30 10:13:25 +01:00
Chris Smowton
9a427931b7 Explicitly walk pointer types
In a previous draft these could use getBaseType*
2021-03-30 10:13:25 +01:00
Chris Smowton
660ba4e31c Optimise selectorBase, similar to existing work on implicitFieldRead 2021-03-30 10:13:25 +01:00
Chris Smowton
8cde56dfc2 Neaten and fix documentation of selectorBase 2021-03-30 10:13:24 +01:00
Chris Smowton
9444774895 Add further hints that the range of possible addressed fields, and therefore the interesting selector expressions, are small 2021-03-30 10:13:24 +01:00
Chris Smowton
22a3fccf79 Use type to hint that constraining to embedded fields is a good first step
This improves the join order for `implicitFieldSelection`
2021-03-30 10:13:23 +01:00
Sauyon Lee
e1b4867a19 Refactor embedded field calculation to expose access chain
This allows us to reuse the embedded field calculation in the
logic for generating implicit field selection nodes.
2021-03-30 10:13:23 +01:00
Owen Mansel-Chan
c192a255c5 Add change note 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
f1b6139ace Update expected results for ZipSlip to include implicit field reads 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
13cd19ee40 Make ImplicitFieldReadInstruction include implicit deref when needed
When an ImplicitFieldReadInstruction reads an embedded field which has
a pointer type, it now includes the implicit dereference.

It might be better to extend MkImplicitDeref to cover this case, so we have
an explicit instruction for this. Then it would be easier to see when
dereferences are happening, and hence when they might cause a nil pointer
dereference.
2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
2d3caf48c1 Add implicit field reads for promoted fields
This may not work when the embedded fields are pointer types, as
we don't have anything corresponding to MkImplicitDeref
2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
7ded91e81d Make depth of promoted fields accessible 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
b6dddd36e1 Update FieldTarget.getBaseType()
It wasn't defined when `getBase()` was an EvalImplicitDerefInstruction.
Rewriting it like this means it should work no matter what type of
instruction `getBase()` is.
2021-03-30 10:13:20 +01:00
Owen Mansel-Chan
b32b3157d4 (Minor) Add missing this. to method call 2021-03-30 10:13:19 +01:00
Sauyon Lee
3045eec63d Merge pull request #518 from smowton/smowton/fix/restore-extraction-under-codeql
Tolerate empty-string CODEQL_PLATFORM, and add smoke tests
2021-03-29 13:55:27 -07:00
Chris Smowton
87d8bc8d6f Add basic extractor smoke test
This exercises the extractor via 'codeql', with and without tracing.
2021-03-29 14:53:44 +01:00
Chris Smowton
23b8af3a56 Tolerate empty-string CODEQL_PLATFORM
This is normal when invoked with tracing disabled, so we also don't log when this happens.
2021-03-29 11:34:50 +01:00
Chris Smowton
a8422ffe26 Merge pull request #517 from smowton/smowton/fix/restore-extraction-under-odasa
Unify two implementations of GetExtractorPath
2021-03-25 19:35:24 +00:00
Chris Smowton
aef0a07a50 Prefer CODEQL_* environment variables when set 2021-03-25 16:20:16 +00:00
Chris Smowton
244f66c358 Make diagnostics test platform-neutral 2021-03-25 14:44:18 +00:00
Chris Smowton
c2c88b0835 Unify two implementations of GetExtractorPath
This retains both their features:
* The new util.go one cached its result.
* The old go-autobuilder.go one worked under ODASA, where CODEQL_GO_EXTRACTOR_ROOT is unset but os.Executable is a useful substitute.
2021-03-25 11:24:39 +00:00
Aditya Sharad
a9235d4c76 Merge pull request #516 from github/adityasharad/actions/remove-docs-review-workflow
Actions: Remove docs-review workflow
2021-03-24 12:31:29 -07:00
Aditya Sharad
1937664c66 Actions: Remove docs-review workflow
Being replaced by internal automation that polls the repo for open labelled PRs, since this workflow currently cannot tag the docs team in a comment.
2021-03-24 11:25:08 -07:00
Tom Hvitved
ef50020cce Merge pull request #514 from github/merge-rc/3.1
Merge branch 'rc/3.1' into 'main'
2021-03-23 10:28:50 +01:00
Tom Hvitved
e119e15f84 Merge branch 'rc/3.1' into 'main' 2021-03-23 09:10:20 +01:00
Sauyon Lee
5de362edd8 Merge pull request #510 from simon-engledew/patch-1
Add an example query for catching cases where defer is used in a loop.
2021-03-22 11:08:34 -07:00
Chris Smowton
af9c7c0dd9 Merge pull request #512 from smowton/smowton/admin/pick-performance-fix-onto-rc-31
Apply package perf fix to rc/3.1
2021-03-21 11:59:32 +00:00
Sauyon Lee
bcee55c402 Remove now-unnecessary bindingset annotations 2021-03-20 18:54:26 +00:00
Sauyon Lee
426a65b981 Restrict 'package' to real package paths 2021-03-20 18:54:26 +00:00
Simon Engledew
43b4cd69f8 Add review feedback 2021-03-19 14:21:45 +00:00
Simon Engledew
c6ae48f090 Create deferinloop.ql
Add example query for highlighting defers inside loops.
2021-03-19 13:16:21 +00:00
Sauyon Lee
d73d0f3b79 Merge pull request #499 from sauyon/extractor-profiling
Extract diagnostic information
2021-03-19 05:36:30 -07:00
Sauyon Lee
92c5999c4d Update stats 2021-03-19 04:34:16 -07:00
Sauyon Lee
394feb03f1 Add tests for extractor diagnostics 2021-03-19 04:34:16 -07:00
Sauyon Lee
104b9cffbd Extract extractor diagnostic information 2021-03-19 04:34:15 -07:00
Sauyon Lee
1ca2164058 Add GetExtractorPath util function 2021-03-19 04:34:14 -07:00
Sauyon Lee
95f93b8641 Add FileFor utility function for trap files 2021-03-19 04:34:14 -07:00
Sauyon Lee
d8885c580a Add extractor diagnostic tables to the database 2021-03-19 04:34:13 -07:00
Sauyon Lee
25cc1b451d Add support for float dbscheme columns 2021-03-19 04:30:01 -07:00
Sauyon Lee
104f58151c Merge pull request #473 from sauyon/revel
Add models for Revel and HTML templates
2021-03-18 18:21:53 -07:00
Sauyon Lee
f2b390af5f Force git not to modify line endings for HTML test files as well 2021-03-18 10:54:34 -07:00
Sauyon Lee
870fcb4531 Explicity pass working directory to index-files 2021-03-18 10:54:33 -07:00
Sauyon Lee
012825323d Add change note 2021-03-18 10:54:33 -07:00
Sauyon Lee
68dca955a8 Rework tests and fix output 2021-03-18 10:54:32 -07:00
Sauyon Lee
c2321bd365 Add support for XSS sink kinds 2021-03-18 10:51:16 -07:00
Sauyon Lee
9f5a9cf7b8 Add HTTP template response body concept 2021-03-18 10:51:15 -07:00
Sauyon Lee
844f0e49a6 Add getEnclosingTextNode to template statements 2021-03-18 10:51:15 -07:00
Sauyon Lee
96d2777431 Add models for Revel raw templates 2021-03-18 10:51:14 -07:00
Sauyon Lee
4932574083 Add HTML template variable model 2021-03-18 10:51:14 -07:00
Sauyon Lee
e3f68771fc Add VariableWithFields 2021-03-18 10:51:13 -07:00
Sauyon Lee
8438b893ec Add HTML tracing capability 2021-03-18 10:51:12 -07:00
Sauyon Lee
ff2034d122 Merge pull request #506 from sn00pyd0g3/add-transport-roundtrip
Add Transport.RoundTrip()
2021-03-18 09:40:24 -07:00
sn00py
22c3110602 Update change-notes/2021-03-16-nethttp-updated.md
Co-authored-by: Sauyon Lee <sauyon@github.com>
2021-03-18 23:32:23 +08:00
snoopywu
4abf6bbbff Merge branch 'add-transport-roundtrip' of https://github.com/sn00pyd0g3/codeql-go into add-transport-roundtrip 2021-03-16 23:55:16 +08:00
sn00py
263d813b58 Merge branch 'main' into add-transport-roundtrip 2021-03-16 23:54:53 +08:00
snoopywu
af60a448ad Merge branch 'add-transport-roundtrip' of https://github.com/sn00pyd0g3/codeql-go into add-transport-roundtrip 2021-03-16 23:53:52 +08:00
snoopywu
161ce91159 Add changenote for #506 2021-03-16 23:51:26 +08:00
Chris Smowton
772b9b8178 Merge pull request #507 from owen-mc/cache-tcontrolflownode
Cache TControlFlowNode
2021-03-16 14:45:35 +00:00
Owen Mansel-Chan
f9c4e12c95 Make this. explicit 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
ea7ecbaa55 Add hint so optimizer doesn't choose bad join order 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
c940eb61e7 Cache TControlFlowNode 2021-03-16 13:40:58 +00:00
Chris Smowton
ea2b3906b9 Merge pull request #508 from sauyon/change-note-fix
Fix change note checker
2021-03-16 13:37:19 +00:00
Sauyon Lee
645e9867a4 Fix change note checker 2021-03-16 06:23:54 -07:00
sn00py
4318ffee3e Merge branch 'main' into add-transport-roundtrip 2021-03-16 16:52:37 +08:00
Owen Mansel-Chan
8318dcf971 Merge pull request #502 from owen-mc/find-latest-codeql-cli-automatically
Find latest release of the CLI automatically
2021-03-16 06:22:50 +00:00
snoopywu
cee30cfde4 fix: autoformat 2021-03-16 01:43:33 +08:00
sn00py
00f12f9210 Update ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
Co-authored-by: Sauyon Lee <sauyon@github.com>
2021-03-16 00:41:52 +08:00
Owen Mansel-Chan
52a535463d Find latest release of the CLI automatically
Also download OS-specific zip files while we're at it.

There are two files in `codeql-win64.zip` called `codeql/codeql` and
`codeql/codeql.exe`. Because of the order they were put into the zip,
they come out in the order `codeql/codeql.exe` followed by
`codeql/codeql`, and something on Windows thinks that the second file
has the same name as the first. It's because it's trying to emulate
linux and running `codeql/codeql` could run either one of them. We need
to make sure we definitely have the `.exe` file, so we explicitly
extract it again afterwards. This workaround is already used in some
other places. The order that the zip file is made in has now been fixed
so this shouldn't be a problem for future releases, so this workaround
can be removed in future.
2021-03-15 09:25:51 +00:00
snoopywu
e1219480d8 Add Transport.RoundTrip() 2021-03-13 03:17:58 +08:00
Owen Mansel-Chan
4b004b8f25 Merge pull request #501 from owen-mc/add-problem-matchers-to-ci
Highlight error messages in CI
2021-03-12 15:22:33 +00:00
Cornelius Riemenschneider
1f4b91dcb0 Merge branch 'main' into add-problem-matchers-to-ci 2021-03-12 14:53:20 +01:00
Chris Smowton
c58ae845e0 Merge pull request #497 from sauyon/package-restrict
Fix performance issue with 'package'
2021-03-12 11:17:38 +00:00
Owen Mansel-Chan
ea7af2e4a2 Highlight error messages in CI
Copied problem-matchers from github/semmle-code, which is used for
running CI for github/codeql.
2021-03-11 17:14:38 +00:00
Owen Mansel-Chan
dcc1de4797 Merge pull request #500 from owen-mc/add-missing-qldoc
Add missing QLDoc for public declarations
2021-03-11 15:52:39 +00:00
Owen Mansel-Chan
5b09d35668 Add missing QLDoc for public declarations 2021-03-11 15:36:31 +00:00
Sauyon Lee
db20119267 Remove now-unnecessary bindingset annotations 2021-03-10 08:58:45 -08:00
Sauyon Lee
8ad1010860 Restrict 'package' to real package paths 2021-03-10 08:58:41 -08:00
Aditya Sharad
fecf265641 Merge pull request #496 from github/adityasharad/actions/docs-review-fix
Actions: Fix comment that tags the Docs team
2021-03-08 10:53:28 -08:00
Aditya Sharad
86052520a5 Actions: Fix comment that tags the Docs team 2021-03-08 09:18:59 -08:00
Chris Smowton
2752505e84 Merge pull request #495 from owen-mc/fix-evanphxjsonpatch-test
Model Apply methods correctly
2021-03-05 18:03:28 +00:00
Owen Mansel-Chan
0a48fef0e7 Model Apply methods correctly
They were accidentally modeled as functions
2021-03-05 15:55:44 +00:00
Aditya Sharad
769fddeb38 Merge pull request #491 from adityasharad/actions/docs-review
Actions: Add workflow to request docs review
2021-03-03 07:40:26 -08:00
Aditya Sharad
348f8c16d1 Actions: Add workflow to request docs review
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.
2021-03-02 18:05:02 -08:00
Chris Smowton
530b791529 Merge pull request #490 from sauyon/gomoduleauto
Explicitly set GO111MODULE to auto
2021-03-01 12:45:39 +00:00
Sauyon Lee
0684143291 Merge pull request #483 from owen-mc/sync-dataflow-libraries
Sync dataflow libraries
2021-02-25 11:40:50 -08:00
Sauyon Lee
be14df042d Explicitly set GO111MODULE to auto 2021-02-25 08:22:06 -08:00
Owen Mansel-Chan
f6ff3c009e Merge branch 'main' into sync-dataflow-libraries 2021-02-24 14:14:44 +00:00
Owen Mansel-Chan
e1402b3881 Merge pull request #486 from owen-mc/add-missing-licences-for-stubbed-libraries
Add license files for stubbed dependencies
2021-02-23 18:32:42 +00:00
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
b7323bf9b6 Merge pull request #487 from sauyon/add-shati
Add shati-patel to CODEOWNERS
2021-02-23 17:11:28 +00:00
Sauyon Lee
f3969372a4 Add shati-patel to CODEOWNERS 2021-02-23 09:00:10 -08:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116
Add preliminary support for go 1.16
2021-02-23 08:16:12 -08:00
Owen Mansel-Chan
7e37c2b63a Merge pull request #485 from owen-mc/add-new-location-for-beego
Add new module path for beego and xmlpath
2021-02-23 11:06:47 +00:00
Owen Mansel-Chan
ff317e63de Remove http:// in package path 2021-02-22 15:11:59 +00:00
Owen Mansel-Chan
f32b4883bf Make use of URLs in comments more consistent 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
370afe3383 Fix incorrect calls to package() 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
083512acef Add extra module path for xmlpath package 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
2bcf73c9fb Add new module path for beego
Beego moved from astaxie/beego to beego/beego on 13 Dec 2020. The
old location still works but is not being updated.
2021-02-22 11:38:13 +00:00
Sauyon Lee
9e45b08178 Merge pull request #484 from sauyon/change-note-action
Actions: Add change note checker
2021-02-19 20:12:59 -08:00
Sauyon Lee
17cd04c6b2 Avoid attempting to build i386 darwin binaries 2021-02-19 10:20:29 -08:00
Sauyon Lee
65e6da9b0e Actions: Add change note checker
Co-authored-by: Taus <tausbn@github.com>
2021-02-19 09:40:50 -08:00
Sauyon Lee
23103fd8e0 Add support for 'path/filepath.WalkDir' 2021-02-19 07:59:13 -08:00
Sauyon Lee
82849fe91a Explicitly set GO111MODULE=off 2021-02-19 07:59:13 -08:00
Sauyon Lee
41cacd579f Model moved io/ioutil functions 2021-02-19 07:59:12 -08:00
Sauyon Lee
4056ac4ab5 os.FileInfo -> io/fs.FileInfo 2021-02-19 06:25:52 -08:00
Sauyon Lee
adc2f08b76 Add tests for go 1.16 libraries 2021-02-19 06:25:51 -08:00
Sauyon Lee
a327fb7e97 Add support for go 1.16 frameworks 2021-02-19 06:25:51 -08:00
Owen Mansel-Chan
fbbe4692d8 Re-add call to defaultTaintSanitizerGuard() 2021-02-19 14:16:19 +00:00
Owen Mansel-Chan
1c1ebf817f Rename default taint sanitizer predicate
`defaultTaintSanitizer()` is referenced in one of the files that
gets synced, so it is better for us to not change its name. We should
also keep `defaultTaintSanitizerGuard()` consistent.
2021-02-19 14:14:12 +00:00
Sauyon Lee
62ae3ec7c5 Add extractor test for go 1.16 2021-02-18 14:52:54 -08:00
Sauyon Lee
fc9bc68829 Add change note for go 1.16 2021-02-18 11:49:00 -08:00
Sauyon Lee
42939a70b8 Update go.mod to 1.16 2021-02-18 11:48:48 -08:00
Sauyon Lee
fee0355ea0 Update actions to use go 1.16 2021-02-18 11:48:36 -08:00
Owen Mansel-Chan
24d35c35a1 Add Unit class to DataFlowPrivate 2021-02-17 16:42:17 +00:00
Owen Mansel-Chan
4f55ecc995 Sync dataflow libraries 2021-02-17 16:32:16 +00:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml
Add models for gopkg.in/yaml
2021-02-16 15:11:47 +00:00
Chris Smowton
2be66d1d74 Merge pull request #479 from smowton/smowton/admin/add-missing-change-notes
Add missing change notes
2021-02-16 09:58:29 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model
Simplify Logrus model
2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Chris Smowton
95008d1ccb Update change-notes/2021-02-09-html-templates.md
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2021-02-15 14:39:24 +00:00
Chris Smowton
6f5f1c4829 Add missing change notes 2021-02-15 14:07:10 +00:00
Owen Mansel-Chan
46cc9e9fa4 Add change note 2021-02-15 13:51:01 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers
List of constants sanitizer guards (switch statement in function only)
2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall
Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-15 11:20:19 +00:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
4a2a1871f7 Merge pull request #476 from owen-mc/model-zap
Model zap
2021-02-13 13:15:06 +00:00
luchua-bc
6bfe2f2ba6 Add more sinks 2021-02-11 17:53:42 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
b9a1d9a17e Merge pull request #474 from sauyon/update-codeql
Update actions codeql to 2.4.3
2021-02-11 12:34:51 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main
[CWE-369] Query for divide by zero detection
2021-02-11 12:11:45 +00:00
Chris Smowton
b84aef6b83 Prevent getACalleeSource() from sharing magic with other users of getASuccessor*
This avoids recursion through the magic side-condition as each discovery of a ListOfConstantsComparisonSanitizerGuard expands the set of things whose getASuccessor* is wanted, which in turn enlarges the set of transitive successors and causes getACalleeSource() to be pointlessly recomputed (pointlessly because all exprNode(getCalleeExpr())s were already computed)
2021-02-11 10:29:30 +00:00
luchua-bc
f1788ed04e Revamp the query to handle more cases 2021-02-11 04:33:42 +00:00
Sauyon Lee
9452df1a5c Update actions codeql to 2.4.3 2021-02-10 22:43:02 +00:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges
Remove panicking edges leading from an equality test where possible
2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Your Name
a77f36fba8 formatting fix
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-10 00:26:33 +03:00
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00
Chris Smowton
1b9abc5310 Merge pull request #470 from sauyon/go116flagadd
Add -overlay to recognized go build flags
2021-02-09 18:31:41 +00:00
Sauyon Lee
8c60c614db Add -overlay to recognized go build flags 2021-02-09 17:09:48 +00:00
Owen Mansel-Chan
abf59ec98f Merge pull request #469 from github/owen-mc-code-owners-file
Create CODEOWNERS
2021-02-09 17:04:29 +00:00
Owen Mansel-Chan
5cab5b2912 Create CODEOWNERS
This is so that `@codeql-go` is automatically suggested as a reviewer for PRs
2021-02-09 17:02:29 +00:00
Chris Smowton
9a919cc6c8 Merge pull request #466 from smowton/smowton/fix/remove-html-template-models
Remove models for html/template execution
2021-02-09 11:55:13 +00:00
Chris Smowton
02d21cfce8 Remove models for html/template execution
These escape HTML and JavaScript anyhow; because they don't write to their return value they don't quite fit the form of EscapeFunction, so to be expedient I've simply removed their models entirely. Presumably the case where someone HTML-templates something and then uses it for a purpose where HTML sanitisation is insufficient is very rare anyhow.
2021-02-08 19:55:04 +00:00
Sauyon Lee
a325161819 Merge pull request #455 from sauyon/insecure-rng
Promote Insecure RNG Query
2021-02-06 08:42:26 -08:00
Sauyon Lee
00e5b7cdfc InsecureRNG: Select first result in fn only 2021-02-05 22:51:09 -08:00
Chris Smowton
42ff256c42 Remove panicking edges leading from an equality test where possible
These exist because an equality comparison of explicitly-incomparable interface values can panic, as can comparisons of arrays or structs containing them. Other type comparisons cannot panic.
2021-02-04 15:58:54 +00:00
Owen Mansel-Chan
d75cc40483 Make test with multiple switch statements pass
Made various changes to make it work when there are multiple
switch statements.

Also addressed performance problems.
2021-02-04 14:30:06 +00:00
Owen Mansel-Chan
36fafadda5 Add fallthrough statements to switch statement tests 2021-02-03 15:26:07 +00:00
Owen Mansel-Chan
a7545cd11b Add test with multiple switch statements 2021-02-03 14:38:53 +00:00
Owen Mansel-Chan
760d89b0d3 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2021-02-03 14:34:28 +00:00
Owen Mansel-Chan
5ec25de1fc Add change note 2021-02-02 16:27:44 +00:00
Owen Mansel-Chan
08c59f0f48 Add a default sanitizer guard for list of constants comparison
Currently it only deals with the case of a switch statement in
a function.
2021-02-02 16:25:25 +00:00
Owen Mansel-Chan
4c30ed9054 Add predicate to get return statement from return instruction 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
c4eaf791e6 Add predicate for cast test passing edge in switch statement 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
dd079d4e51 (clean-up) Make use of this explicit 2021-02-02 11:04:16 +00:00
Owen Mansel-Chan
f279fa17af (clean-up) Move comment 2021-02-02 11:03:52 +00:00
Sauyon Lee
73dc135480 Move insecure randomness query to cwe-338
Also give it a precision
2021-02-02 08:04:12 +00:00
Sauyon Lee
82bd293e5c Polish insecure randomness query 2021-02-02 08:04:11 +00:00
Sauyon Lee
cfb9593af8 Move InsecureRandomness out of experimental 2021-02-01 15:54:51 +00:00
Sauyon Lee
48a52cfd2f Merge pull request #437 from sauyon/goproxy
Model elazarl/goproxy
2021-01-28 06:05:52 +00:00
Chris Smowton
93aaa74c8c Merge pull request #451 from sauyon/gokit
Add gokit models
2021-01-27 17:47:22 +00:00
Sauyon Lee
fb84df241a Add change note for goproxy modeling 2021-01-27 17:38:23 +00:00
Sauyon Lee
53b468174f Make InsecureHostnameRegex check for rejecting handlers 2021-01-27 17:38:22 +00:00
Sauyon Lee
4712afae83 Add models for github.com/elazarl/goproxy 2021-01-27 17:38:02 +00:00
Sauyon Lee
b0ddf4b68b Add model for net/http.Error 2021-01-27 17:38:02 +00:00
Sauyon Lee
bf9bba79c2 Add getHeaderValue predicate to HTTP::HeaderWrite 2021-01-27 17:38:01 +00:00
Sauyon Lee
39c33c5db1 Add HTTP handler concept 2021-01-27 17:38:01 +00:00
luchua-bc
8ed2bc59ad Add the c# program to src and address the issue with algorithm type 2021-01-26 17:29:52 +00:00
Owen Mansel-Chan
b76ff0d233 Merge pull request #461 from owen-mc/avoid-unused-barrier-guards-in-scope
Move reused barrier guards into separate files
2021-01-26 06:08:29 +00:00
Owen Mansel-Chan
bf0f0aff5e Move reused barrier guards into separate files
This way only the barrier guards that are used will be imported.
This is important because of the comment above BarrierGuard, which
warns about the potential danger of having classes that extend
BarrierGuard in scope which are not used.
2021-01-25 17:07:18 +00:00
Owen Mansel-Chan
e55db63184 Merge pull request #462 from owen-mc/make-path-containment-check-more-specific
Make PathContainmentCheck more specific
2021-01-25 16:46:33 +00:00
Sauyon Lee
3ed9e66c7a Add gokit models 2021-01-25 08:15:14 -08:00
Owen Mansel-Chan
71d52500f7 Make PathContainmentCheck more specific
Recent changes to Property.checkOn mean that in the code
  err == nil && <unrelated-condition>
PathContainmentCheck matches the first condition and the whole &&
expression. Originally it would have only matched the first condition,
and this commit restores that behaviour. This pattern appears 3 times in
the tests, which all still pass.
2021-01-25 15:05:57 +00:00
Max Schaefer
bc74bcec21 Merge pull request #459 from owen-mc/update-barrier-guard-comment
Make comment on BarrierGuard more specific
2021-01-25 14:34:20 +00:00
Owen Mansel-Chan
f8c3fbf845 Merge pull request #454 from owen-mc/default-taint-sanitizer-guard-equality-test-guard
Make EqualityTestGuard a default taint sanitizer guard
2021-01-25 14:24:08 +00:00
Owen Mansel-Chan
06c6ceda50 Make comment on BarrierGuard more specific
The problem that this comment is trying to warn about is the following:
say you have two subclasses of BarrierGuard BG1 and BG2, both of which
contain some node g. Also assume that you have a configuration C which
specifies BG1 as a barrier guard, but not BG2. Because g is contained in
both classes, you will then still get the barrier guard definition from
BG2 due to the way dynamic dispatch works in QL.
2021-01-25 13:16:23 +00:00
Owen Mansel-Chan
8acf572283 Add change note 2021-01-22 17:38:26 +00:00
Owen Mansel-Chan
71f2ed36f2 Make EqualityTestGuard a default taint sanitizer guard
It will apply to all configurations, not just those involving Xss.
2021-01-22 17:38:26 +00:00
Owen Mansel-Chan
7dfe5d9f07 Merge pull request #457 from owen-mc/cleanup-avoid-code-duplication
Reuse existing class instead of repeating it
2021-01-21 10:56:14 +00:00
Owen Mansel-Chan
7f00ab1f08 Merge pull request #456 from owen-mc/add-guarding-function-test
Add tests for guarding functions proxied by a variable
2021-01-21 10:55:54 +00:00
Your Name
ad22445d16 refactor 2021-01-21 01:52:00 +03:00
monkey-junkie
c8da633d7b Update ql/src/experimental/CWE-369/DivideByZero.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2021-01-21 00:54:00 +03:00
Owen Mansel-Chan
7339f3e095 Reuse existing class instead of repeating it
This is already done elsewhere.
2021-01-20 16:11:33 +00:00
Owen Mansel-Chan
b623a4c8ec Add tests for guarding functions proxied by a variable
Negation doesn't appear to be handled correctly, so one
of the lines is marked as a false positive.
2021-01-20 14:36:53 +00:00
luchua-bc
46fd5bd92e Move test files to the test folder 2021-01-20 03:51:46 +00:00
Owen Mansel-Chan
e2a79f400e Make use of this explicit
It makes it easier to understand the code.
2021-01-19 15:55:02 +00:00
Owen Mansel-Chan
903ff33b0d Add class for default taint sanitizer guards
This allows us to specify taint sanitizer guards that apply in
all configurations.
2021-01-18 10:51:59 +00:00
Owen Mansel-Chan
83c26a3594 Improve predicate name
Renamed `defaultTaintSanitizer` to `isDefaultTaintSanitizer`.
2021-01-18 10:50:26 +00:00
Your Name
3251fb5c07 updated 2021-01-18 02:37:53 +03:00
Owen Mansel-Chan
fbe0474d0c Merge pull request #453 from owen-mc/update-architectures
Update Architectures.qll
2021-01-15 16:01:52 +00:00
Owen Mansel-Chan
6219a28b13 Update Architectures.qll 2021-01-15 14:01:01 +00:00
Owen Mansel-Chan
2f9c1a6049 Merge pull request #452 from owen-mc/package-path
Use `package()` for package paths not in the standard library
2021-01-15 07:25:06 +00:00
Owen Mansel-Chan
5e2c066e8b Use package() for package paths not in the standard library
This has the advantage that it deals with versioning. For example,
`package("a.io", "b")` matches "a.io/v2/b"
as well as "a.io/b".

At the same time I have created `packagePath()` predicates where they
seemed useful and tried to standardise them a bit.
2021-01-14 17:11:23 +00:00
Owen Mansel-Chan
62052a8772 Merge pull request #449 from owen-mc/model-couchbase-gocb
Model Couchbase Go library
2021-01-14 17:00:05 +00:00
Owen Mansel-Chan
a6b5e8b1db Remove distinct between package paths for v1 and v2 2021-01-14 15:48:21 +00:00
Owen Mansel-Chan
5cd984f3ca Merge pull request #450 from owen-mc/misc
Miscellaneous clean-ups
2021-01-13 12:33:21 +00:00
Owen Mansel-Chan
b5dfef894b Add change note 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
d8105a5be0 Add tests for Couchbase v2 NoSQL queries 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
b02fc16dfc Add tests for Couchbase v1 NoSQL queries 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
2ee20b3026 Add tests for Couchbase v1 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
d2164e16d1 Switch NoSQL tests to use inline expectations 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
a5ac947d16 Model Couchbase v2 NoSQL queries 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
7fc88ad85b Model Couchbase v1 NoSQL query sinks 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
a973ce4539 Model Couchbase gocb v1 2021-01-13 09:18:54 +00:00
luchua-bc
07f45a51f8 Query to detect hash without salt 2021-01-13 02:49:00 +00:00
Owen Mansel-Chan
9a51de56de Add comment explaining \Q and \E in regex 2021-01-12 16:56:04 +00:00
Owen Mansel-Chan
9236ad752b Improve formatting and style in Gin.qll 2021-01-12 16:56:04 +00:00
Owen Mansel-Chan
71774ed2d4 Remove redundant code
RawMessage implements Marshaler and Unmarshaler, so these methods are
covered by the two sections below
2021-01-12 16:56:04 +00:00
Owen Mansel-Chan
57ee3a8a64 Use set literal 2021-01-12 16:56:04 +00:00
Owen Mansel-Chan
fe1f08fb12 Use existing predicate
There already exists the predicate
implements(string pkg, string tp, string name)
which does exactly what this code does
2021-01-12 16:55:51 +00:00
Sauyon Lee
3f1197d605 Merge pull request #448 from sauyon/autoformat
Autoformatter update
2021-01-12 14:29:45 +00:00
Sauyon Lee
c11028229a Bump codeql version 2021-01-12 13:15:31 +00:00
Sauyon Lee
7a4dbc6fa7 Autoformatter update 2021-01-12 13:13:15 +00:00
Chris Smowton
c79e4f7836 Merge pull request #447 from smowton/smowton/admin/git-change-note
Add change-note for addition of `git` to the list of known interpreters for the go/command-injection query
2021-01-12 11:33:49 +00:00
Chris Smowton
a9cff82161 Add change-note for addition of git to the list of known interpreters for the go/command-injection query. 2021-01-11 18:48:54 +00:00
Chris Smowton
45635b67c6 Merge pull request #445 from smowton/smowton/feature/git-as-shell
Add 'git' as a possible command-interpreter, unless arguments are sanitized using "--"
2021-01-07 15:01:25 +00:00
Chris Smowton
83cee4a334 Add 'git' as a possible command-interpreter, unless arguments are sanitized using "--"
This is because some git flags can specify arbitrary commands to execute, but its positional arguments cannot, and "--" like in many commands instructs git to consume no further flags.
2021-01-07 11:54:41 +00:00
Chris Smowton
2dffd3e261 Merge pull request #443 from smowton/smowton/admin/missing-change-notes-2021-01
Add change-notes for recent PRs that were missing them
2021-01-05 11:41:35 +00:00
Chris Smowton
e6327f502c Merge pull request #444 from smowton/smowton/admin/merge-rc-126
Merge rc/1.26 back into `main`
2021-01-05 11:40:34 +00:00
Chris Smowton
19921ed115 Add change-notes for recent PRs that were missing them 2021-01-05 11:39:26 +00:00
Chris Smowton
2b608e5822 Merge remote-tracking branch 'origin/rc/1.26' into HEAD 2021-01-04 15:32:15 +00:00
monkey-junkie
de566da91c Update DivideByZero.ql 2021-01-03 00:55:10 +03:00
monkey-junkie
d81ec15990 Update DivideByZeroBad.go 2021-01-03 00:54:42 +03:00
Your Name
4b36a62834 divide by zero rule 2021-01-03 00:51:34 +03:00
Sauyon Lee
ace9271cc4 Merge pull request #441 from twpayne/contributing-building-and-testing
Docs: Add building and testing to contributing guide
2020-12-29 11:13:37 -08:00
Tom Payne
06721ce189 Docs: Add building and testing to contributing guide 2020-12-29 00:28:17 +01:00
Sauyon Lee
2ba26f69c0 Merge pull request #440 from twpayne/regexp-anchors
Support more regexp anchors
2020-12-23 11:42:06 -08:00
Tom Payne
9bbdf86487 Support more regexp anchors 2020-12-23 14:04:33 +01:00
Chris Smowton
5647a47bd4 Merge pull request #436 from sauyon/InVisionApp/main
Refactor HTTP tests
2020-12-18 12:08:46 +00:00
Jason Rogers
baa169cc77 Refactored HTTP tests
This will align test location with the library.
2020-12-17 08:10:06 -08:00
Owen Mansel-Chan
e3d0ccabae Merge pull request #435 from owen-mc/use-implements-where-possible
Use `implements` for interface methods
2020-12-17 16:02:14 +00:00
Owen Mansel-Chan
d184f245ed Use implements for interface methods
This means we will find more things.
2020-12-17 12:42:18 +00:00
Owen Mansel-Chan
dcb6cc3a7c Merge pull request #434 from owen-mc/model-kubernetes-secret
Model Secret and SecretList from k8s.io/api/core/v1
2020-12-16 17:17:21 +00:00
Chris Smowton
8060993b3b Merge pull request #430 from smowton/smowton/feature/model-beego-orm
Model the Beego ORM subpackage
2020-12-16 16:08:18 +00:00
Owen Mansel-Chan
0cb0879381 Model Secret and SecretList from k8s.io/api/core/v1 2020-12-16 16:03:48 +00:00
Chris Smowton
44a63b2f94 Model the Beego ORM subpackage 2020-12-16 14:39:58 +00:00
Owen Mansel-Chan
87f2cad475 Merge pull request #427 from owen-mc/model-kubernetes-secret
Model kubernetes SecretInterface
2020-12-15 17:12:45 +00:00
Chris Smowton
de93b59245 Merge pull request #419 from smowton/smowton/feature/model-beego
Model Beego web framework
2020-12-15 16:15:59 +00:00
Owen Mansel-Chan
0980a50627 Remove erroneous import from stub 2020-12-15 16:00:58 +00:00
Owen Mansel-Chan
676ca529b5 Add tests 2020-12-15 16:00:58 +00:00
Owen Mansel-Chan
6ca2e0e38e Add SecretInterface as source for cleartext logging query 2020-12-15 16:00:58 +00:00
Owen Mansel-Chan
8fd055bc60 Model SecretInterface from k8s.io/client-go/kubernetes/typed/core/v1 2020-12-15 16:00:51 +00:00
Chris Smowton
8e7abbac0a Model Beego web framework
This excludes the ORM, email and validation components, which I will follow up with seperately.
2020-12-15 14:04:36 +00:00
Chris Smowton
8b6f229bd3 SafeUrlFlow: allow libraries to add sources 2020-12-15 14:01:59 +00:00
Sauyon Lee
3617a801db Merge pull request #429 from sauyon/smowton/admin/refactor-http-module
Refactor HTTP module
2020-12-14 09:25:43 -08:00
Jason Rogers
3a83fbd765 Refactor HTTP module
This makes it easier to identify related classes and support future expansion.
2020-12-14 07:16:24 -08:00
Owen Mansel-Chan
e4316768ef Merge pull request #426 from owen-mc/model-k8s-io-apimachinery-pkg-runtime
Model k8s.io/apimachinery/pkg/runtime
2020-12-09 09:16:47 +00:00
Owen Mansel-Chan
c17f1618e0 Add change note 2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
4d3eb47784 Fix stubbing
Depstubber can only stub one package at a time. We have to do some
manual editing to make a stubbed package use another stubbed package.
2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
e5fb401d50 Model runtime 2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
290a4dcdf4 Merge pull request #414 from owen-mc/model-evanphx-json-patch
Model evanphx/json-patch
2020-12-08 17:36:10 +00:00
Owen Mansel-Chan
0b50ee7755 Change to Inline Expectations Test 2020-12-08 16:38:13 +00:00
Owen Mansel-Chan
e786fa07ee Add change note 2020-12-08 16:15:01 +00:00
Owen Mansel-Chan
5ebd637ca7 Model evanphx/json-patch 2020-12-08 16:15:01 +00:00
Chris Smowton
6b8003b0f2 Merge pull request #420 from smowton/smowton/admin/upgrade-codeql-240-and-autoformat
Upgrade CI toolchain to CodeQL 2.4.0
2020-12-07 14:16:19 +00:00
Chris Smowton
563f74bd45 Upgrade CI toolchain to CodeQL 2.4.0
Also reformat code (the autoformatter has changed slightly)
2020-12-07 12:35:07 +00:00
Chris Smowton
a794e05c74 Merge pull request #417 from smowton/smowton/fix/reduce-symlink-loop-finding-cost
Unsafe-unzip-symlinks: reduce cost of `getAnEnclosingLoop`
2020-12-03 12:21:38 +00:00
Chris Smowton
c1669d732b Unsafe-unzip-symlinks: reduce cost of getAnEnclosingLoop
This used to get the closest enclosing loops of all expressions; now it is restricted to those surrounding interesting expressions.
2020-12-02 14:33:38 +00:00
Chris Smowton
f9fc01bd73 Merge pull request #415 from smowton/smowton/feature/errorf-returns-non-nil
Note that `fmt.Errorf` returns non-nil
2020-12-01 12:04:23 +00:00
Chris Smowton
63079b3e9d Merge pull request #416 from smowton/smowton/admin/cherrypick-suspicious-char-fix
Cherry-pick #395 (suspicious-char-in-regex FP fix) onto rc/1.26
2020-12-01 11:45:14 +00:00
Owen Mansel-Chan
8c33979425 Merge pull request #388 from owen-mc/untrusted-data-flow-to-external-api
Untrusted data flow to external API
2020-12-01 11:25:58 +00:00
Sauyon Lee
b2ae6550ec Add additional tests for suspicious character in regexp regexp 2020-11-30 19:15:17 +00:00
Sauyon Lee
09d41952dc SuspiciousCharacterInRegexp: Add fix for raw string literals 2020-11-30 19:15:17 +00:00
Sauyon Lee
568b365575 Add isRaw to StringLit 2020-11-30 19:15:17 +00:00
Chris Smowton
5d17b27770 Note that fmt.Errorf returns non-nil
This enables recognising more guarding functions that return nil/non-nil conditional on a barrier guard.
2020-11-30 19:10:58 +00:00
Chris Smowton
3338a0b10d Merge pull request #402 from smowton/smowton/feature/zipslip-more-generous-sanitisers
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous
2020-11-27 18:25:07 +00:00
Owen Mansel-Chan
bfbf102408 Remove restriction on void and boolean-returning methods
When the taint was in the receiver, we were excluding methods which
return nothing or a boolean.
2020-11-27 16:51:24 +00:00
Owen Mansel-Chan
7730d66d76 Apply suggestions from code review
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
2020-11-27 16:17:54 +00:00
Chris Smowton
70015b2c32 Add tests for zipslip using a utility function to check that the archive header is safe
Note this currently contains some cases that are safe but are still flagged, because of weaknesses in the guardingFunction predicate.
2020-11-27 15:11:57 +00:00
Sauyon Lee
627241aaa5 Merge pull request #401 from sauyon/stored-command
Add stored command query
2020-11-27 06:37:02 -08:00
Chris Smowton
1eb8fff7e1 ZipSlip: redefine sources closer to their origin, and make sanitizers more generous.
Previously we considered certain fields of `tar` or `zip` file headers to be sources, but this meant subsequent references to the same field were not considered sanitized. For example, at least some real-world projects used a pattern like `if isIllegalPathTraversal(hdr.Name) { return nil; } ... /* other code using hdr.Name */`. By associating a source with the field-read `.Name` rather than the header itself, we were unable to see that the subsequent read was guarded by the sanitizer function.

Relatedly, it is common to use some intermediary taint-propagating function, as in `clean(s string) { if strings.HasPrefix("..", filepath.Clean(filepath.Join(target, s))) ...`, in the implementation of a sanitizer. We now follow the taint propagation (locally) backwards towards the function parameter, marking the predecessor functions and ultimately the parameter `s` as sanitized in addition to the direct argument to `strings.HasPrefix`. Existing sanitizing-function logic can then sometimes lift this out into the caller too.
2020-11-27 13:57:25 +00:00
Chris Smowton
f775adf306 Merge pull request #404 from smowton/smowton/feature/improved-guarding-function
Recognise many more guarding functions
2020-11-27 13:56:31 +00:00
Chris Smowton
c6f14de065 Merge pull request #413 from smowton/smowton/admin/document-cond-root-etc
Clarify naming and add documentation around `hasSemantics` and cousins
2020-11-26 16:59:07 +00:00
Owen Mansel-Chan
0ee00d8647 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2020-11-26 16:49:02 +00:00
Owen Mansel-Chan
bf78189e21 Make two separate queries 2020-11-26 14:59:13 +00:00
Owen Mansel-Chan
dec7967c7a Update qhelp files 2020-11-26 14:57:56 +00:00
Owen Mansel-Chan
e7697963d3 Exclude local function pointers 2020-11-26 14:57:56 +00:00
Owen Mansel-Chan
05fe388ba3 Mark hashing functions as safe
See https://github.com/github/codeql-go-team/issues/219 for issue to
model this better
2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
d3bef7fc4f Model safe external APIs 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
4184a6ecd8 Add testing frameworks
Add "github.com/golang/mock/gomock", several packages under
"github.com/stretchr/testify", £gotest.tools/assert",
"k8s.io/client-go/testing" and "testing"
2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
410cf49af8 Shorten function using set literal 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
18c66e84f7 Make more package paths accessible 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
171e433593 Exclude test files 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
fe5822ae3a Exclude functions in packages which have some modeled functions 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
ff542508aa Exclude sinks from common queries 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
b698276e3a Update function name to give better text output 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
50a32f47d5 First draft 2020-11-26 14:57:50 +00:00
Chris Smowton
fb814e949d Clarify naming and add documentation around hasSemantics and cousins 2020-11-26 13:34:58 +00:00
Chris Smowton
2377337564 Treat functions that directly return a BarrierGuard like BarrierGuards themselves 2020-11-26 13:27:53 +00:00
Chris Smowton
387a13f22a Add support for barrier guards in functions that indicate success by returning nil
Typically these are returning a nil error when sanitization succeeds.
2020-11-24 12:39:05 +00:00
Chris Smowton
7bbf9ed860 Merge pull request #410 from github/lgtm.com
Merge lgtm.com into main
2020-11-23 17:17:42 +00:00
Chris Smowton
ed6804859a Merge pull request #409 from smowton/smowton/admin/missing-change-notes-rc126
Add change notes for PRs that omitted them
2020-11-23 11:11:56 +00:00
Sauyon Lee
0bf09307cf Add StoredCommand query 2020-11-23 02:11:44 -08:00
Chris Smowton
62c51f9125 Merge pull request #408 from smowton/smowton/admin/add-missing-doc-strings
Add docstrings to all public elements
2020-11-20 17:37:47 +00:00
Chris Smowton
e241f8469b Add change notes for PRs that omitted them 2020-11-20 16:15:12 +00:00
Chris Smowton
af432c71ff Add docstrings to all public elements. 2020-11-20 15:35:42 +00:00
Sauyon Lee
793d6f6053 Merge pull request #399 from sauyon/stored-xss
Add stored XSS query
2020-11-19 23:23:21 -08:00
Chris Smowton
93a7cc944a Merge pull request #403 from smowton/smowton/fix/type-assertion-dataflow
Add data-flow edge `from -> to` in the context `to, ok := from.(*Type)`
2020-11-19 16:13:55 +00:00
Chris Smowton
c93b2b709d Merge pull request #407 from smowton/smowton/fix/isunreachableincall-slowness
Improve join order in `isUnreachableInCall`
2020-11-19 11:22:48 +00:00
Chris Smowton
38e383858e Merge pull request #394 from smowton/smowton/feature/unsafe-unzip-symlink
Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones.
2020-11-18 19:10:18 +00:00
Chris Smowton
d1f607ccd8 Improve join order in isUnreachableInCall 2020-11-18 19:06:52 +00:00
Owen Mansel-Chan
7433d448d9 Merge pull request #406 from owen-mc/update-dataflow-libs-2
Update dataflow libs 2
2020-11-17 21:17:52 +00:00
Chris Smowton
3d8470e1e2 Add and use TypeCastNode::getResultType
This can differ from `getType` when a `TypeAssertExpr` returns a (result, ok) pair.
2020-11-17 16:03:33 +00:00
Owen Mansel-Chan
ce67418cdc Update tests
These changes match those in https://github.com/github/codeql/pull/4440
2020-11-17 15:48:50 +00:00
Owen Mansel-Chan
d3154d0aa7 Sync dataflow libraries
`make sync-dataflow-libraries`
2020-11-17 15:48:50 +00:00
Owen Mansel-Chan
4bfe088c0f Update dataflow branch from master to main 2020-11-17 15:48:50 +00:00
Chris Smowton
1d850873f3 Add data-flow edge from -> to in the context to, ok := from.(*Type) 2020-11-17 10:59:59 +00:00
Chris Smowton
79c010a601 Move unsafe-unzip-symlink query into qll file and give it customization points. 2020-11-16 09:57:26 +00:00
Chris Smowton
500d78dafa Include os.Readlink as a probable sanitiser.
A couple of projects seem to walk links one unit at a time, rather than just throwing `EvalSymlinks` at the whole potentially suspect path.
2020-11-16 09:57:26 +00:00
Chris Smowton
2193642c6e Expand query to notice Symlink and archive iterator calls that do not directly share a loop
We look across function-call boundaries to check there is some common enclosing loop, but false-positives are more likely if in practice there is no control-flow path from the archive iterator to the Symlink call and back.
2020-11-16 09:57:26 +00:00
Chris Smowton
1a2c209259 Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones.
This is usually dangerous because (if the archive is untrusted) the intent is usually to permit within-archive symlinks, e.g. dest/a/parent -> .. -> dest/a is an acceptable link to unpack. However if EvalSymlinks is not used to take already-unpacked symlinks into account, it becomes possible to sneak tricks like dest/escapes -> dest/a/parent/.. through, which create links leading out of the archive for later abuse.
2020-11-16 09:57:26 +00:00
Chris Smowton
43f9351094 Merge pull request #405 from igfoo/igfoo/portability
Use more portable syntax in codeql-tools/autobuild.sh
2020-11-13 14:59:54 +00:00
Ian Lynagh
f5223bae4c Use more portable syntax in codeql-tools/autobuild.sh 2020-11-13 14:30:04 +00:00
Sauyon Lee
7279d4090d Apply suggestions from code review
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
2020-11-12 21:26:53 -08:00
Sauyon Lee
f129949a38 Apply review comments
Co-authored-by: Chris Smowton <smowton@github.com>
2020-11-11 23:49:23 -08:00
Sauyon Lee
efddef7fa2 Add tests for stored XSS query 2020-11-11 23:13:12 -08:00
Sauyon Lee
d517125507 Add tests for SQL framework 2020-11-11 23:13:12 -08:00
Sauyon Lee
30b17d9762 Add StoredXSS query 2020-11-11 23:13:11 -08:00
Sauyon Lee
36bbf1eeb9 Improve models for database/sql 2020-11-11 22:10:16 -08:00
Chris Smowton
82a5b5f264 Merge pull request #369 from sauyon/checkdeps
Check dependencies before skipping dependency installation
2020-11-11 09:54:33 +00:00
Chris Smowton
04cec8b542 Merge pull request #400 from sauyon/autoformat
Autoformat tests
2020-11-11 09:51:50 +00:00
Nick Rolfe
c7e03cbd98 Merge pull request #398 from github/nickrolfe/getFileBySourceArchiveName
Replace getEncodedFile with getFileBySourceArchiveName predicate
2020-11-10 18:19:00 +00:00
Sauyon Lee
5a9b8a5465 Autoformat 2020-11-10 09:35:29 -08:00
Sauyon Lee
80c2fcdbb8 Autoformat tests 2020-11-10 09:35:16 -08:00
Nick Rolfe
17b6401c22 Replace getEncodedFile with getFileBySourceArchiveName predicate
While also making it work with paths for databases created on Windows.
2020-11-10 16:43:21 +00:00
Chris Smowton
235b7c0bc5 Merge pull request #395 from sauyon/regexp
SuspiciousCharacterInRegexp: Add fix for raw string literals
2020-11-10 12:18:38 +00:00
Sauyon Lee
0950baf4b7 Add additional tests for suspicious character in regexp regexp 2020-11-09 10:36:27 -08:00
Sauyon Lee
eb26b0abd1 SuspiciousCharacterInRegexp: Add fix for raw string literals 2020-11-09 10:10:47 -08:00
Sauyon Lee
52d253a95b Add isRaw to StringLit 2020-11-09 10:08:51 -08:00
Chris Smowton
33f43626b3 Merge pull request #396 from sauyon/remove-code-scanning
Remove code scanning temporarily
2020-11-09 10:58:55 +00:00
Sauyon Lee
920f7153c8 autobuilder: Add dependency check
Sometimes build scripts succeed without installing dependencies, for
example if they are unrelated to Go or if they simply always exit
successfully. Therefore, added a check that dependencies at least
resolve before skipping dependency installation.
2020-11-09 02:13:48 -08:00
Sauyon Lee
4a53bfdebf autobuilder: Only set mod mode when go.mod exists 2020-11-09 02:13:47 -08:00
Sauyon Lee
cc0a40e712 Remove code scanning until build tracing is implemented. 2020-11-09 02:11:05 -08:00
Chris Smowton
0938437d13 Merge pull request #373 from smowton/smowton/feature/golang-x-net-html
Add models for the read side of golang.org/x/net/html
2020-11-06 16:20:45 +00:00
Calum Grant
b54e76bdc7 Merge commit '3c84f11d5bf344cf5a667a04ccabcfb30f677c9c' into lgtm.com
# Conflicts:
#	extractor/cli/go-autobuilder/go-autobuilder.go
2020-11-06 15:55:16 +00:00
Sauyon Lee
a78c35b95e Simplify net/http ResponseBody logic 2020-11-06 11:18:46 +00:00
Sauyon Lee
8a306af77b Make HTTP::ResponseWriter handle PostUpdateNodes in getANode 2020-11-06 11:18:46 +00:00
Chris Smowton
3817ae80e5 Add support for html.Render method.
This entails generalising Http::ResponseBody to account for any modelled function writing to a ResponseWriter.
2020-11-06 11:04:53 +00:00
Chris Smowton
02f353eabd Add models for the read side of golang.org/x/net/html
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
2020-11-06 11:04:53 +00:00
Chris Smowton
03bbef7286 Add models for the read side of golang.org/x/net/html
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
2020-11-06 11:04:53 +00:00
Chris Smowton
e4aa252d6b Merge pull request #381 from sauyon/gomodfix
Update dependencies and clean go.mod
2020-11-06 10:14:22 +00:00
Chris Smowton
582f8e444b Merge pull request #393 from smowton/smowton/fix/cfg-assignment-underscores
CFG: fix lastNode relating to assignments with underscores on the LHS
2020-11-03 14:32:57 +00:00
Chris Smowton
3b927f3b6b CFG: fix lastNode relating to assignments with underscores on the LHS
For example, "x, _ := a, b" would produce an incorrect CSV that branched to the next statement after evaluating "b", skipping the assignment to 'x'. We already had test coverage for function returns, so I'm reasonably confident this only affects parallel assigns, not destructuring ones like "x, y := f()".
2020-11-03 12:00:54 +00:00
Sauyon Lee
3c84f11d5b Merge pull request #385 from github/sauyon-patch-1
Enable code scanning
2020-10-29 11:00:08 -07:00
Chris Smowton
cbc2443236 Merge pull request #390 from smowton/smowton/admin/links-master-to-main
Docs: replace master with main and QL4E with VSCode
2020-10-29 11:06:33 +00:00
Chris Smowton
1c75c9d1e9 Docs: Master -> main and Semmle/ql -> github/codeql everywhere
Also fix a reference to QL for Eclipse, and remove some incidental trailing whitespace
2020-10-29 11:04:49 +00:00
Chris Smowton
0f637c5887 Merge pull request #379 from smowton/model-revel
Model Revel
2020-10-28 09:56:25 +00:00
Chris Smowton
7ddb289910 Merge pull request #389 from github/aibaars/fix-broken-links
Update links in ql/docs/experimental.md
2020-10-28 09:55:21 +00:00
Arthur Baars
31cd26fded Update links in ql/docs/experimental.md 2020-10-28 10:12:52 +01:00
Chris Smowton
0bf80641e8 Revel: mark header reads as user-controlled data 2020-10-26 12:26:37 +00:00
Chris Smowton
f0c0a890a5 Move OpenUrlRedirect customisation into the query's qll file 2020-10-26 12:25:56 +00:00
Chris Smowton
4a2c4bf1b8 Merge pull request #387 from sauyon/testing-framework
Add a testing framework
2020-10-26 10:32:22 +00:00
Sauyon Lee
64ac49a618 Merge pull request #380 from sauyon/funtionmodel-shortcuts
Add utility predicates to FunctionModel
2020-10-23 02:26:51 -07:00
Chris Smowton
e9278b5477 Merge pull request #386 from smowton/smowton/admin/improve-error-messages
Improve error messages
2020-10-23 08:27:03 +01:00
Chris Smowton
26b7deccf5 Autobuilder: fall back when os.Executable fails
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
2020-10-22 20:04:47 +02:00
Sauyon Lee
47f40d5f3e Add tests for log frameworks 2020-10-22 09:18:53 -07:00
Sauyon Lee
671b427e1e Add shared testing framework
It has been modified to use `hasLocation` instead of `Location`
2020-10-22 09:18:52 -07:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Chris Smowton
82de513764 Merge pull request #384 from sauyon/gobuild
extractor: Extract the working directory if no packages are passed
2020-10-22 15:43:48 +01:00
Chris Smowton
3716f6d7e9 Improve error messages 2020-10-22 14:42:23 +01:00
Chris Smowton
6122223b37 Merge pull request #383 from smowton/smowton/feature/work-around-broken-os-executable
Autobuilder: fall back when os.Executable fails
2020-10-22 14:41:37 +01:00
Sauyon Lee
ec52bdd536 Enable code scanning 2020-10-22 06:07:15 -07:00
Sauyon Lee
e22bf96ba3 extractor: Extract the working directory if no packages are passed 2020-10-22 05:22:33 -07:00
Chris Smowton
5cc695f1d5 Autobuilder: fall back when os.Executable fails
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
2020-10-22 13:19:55 +01:00
Sauyon Lee
4356f38b8f Update dependencies and clean go.mod 2020-10-22 04:57:21 -07:00
Chris Smowton
62c6b0dc37 Add support for more Revel untrusted sources 2020-10-21 17:28:28 +01:00
Chris Smowton
2818da4df9 Advance to latest codeql-cli release 2020-10-21 17:27:18 +01:00
Sauyon Lee
e823712adf Add utility predicates to FunctionModel
Co-authored-by: Chris Smowton <smowton@github.com>
2020-10-21 09:16:04 -07:00
Chris Smowton
9aceae8bd6 Revel: add support and tests for Render and Redirect sinks. 2020-10-20 10:00:05 +01:00
Owen Mansel-Chan
b2b8f10418 Fix stub for Revel
Embedded fields aren't stubbed correctly
2020-10-19 15:47:08 +01:00
Owen Mansel-Chan
4dfa9d58c0 Model Revel 2020-10-19 15:47:07 +01:00
Owen Mansel-Chan
f4f29be8ac Add ability to specify default taint sanitizers
This allows library models to specify taint sanitizers.
2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
01ad7acb6f Remove unnecessary import 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
f49ff279b8 Merge pull request #375 from owen-mc/spew
Model Spew logging framework
2020-10-16 13:20:13 +01:00
Owen Mansel-Chan
b89775ac65 Update change-notes/2020-10-14-spew.md
Co-authored-by: Chris Smowton <smowton@github.com>
2020-10-16 10:56:27 +01:00
Chris Smowton
2b07e6a0f4 Merge pull request #324 from sauyon/tracing
Build tracing
2020-10-15 11:27:34 +01:00
Chris Smowton
4746789fe8 Merge pull request #224 from sauyon/no-vendor
Skip vendor directories for go.mod extraction
2020-10-15 11:03:26 +01:00
Sauyon Lee
e5afd1dcb6 go-extractor: clarify --mimic error message
Co-authored-by: Chris Smowton <smowton@github.com>
2020-10-14 09:43:10 -07:00
Sauyon Lee
25eebe95e4 autobuilder: Clarify error message 2020-10-14 09:42:12 -07:00
Sauyon Lee
3c6626c604 Don't trace through problem binaries on OS X
See https://github.com/github/semmle-code/pull/37764
2020-10-14 09:42:12 -07:00
Sauyon Lee
3addb962a9 Add change note for build tracing 2020-10-14 09:42:12 -07:00
Sauyon Lee
2e73f3efd1 Add change note for go.mod extraction change
Co-authored-by: Chris Smowton <smowton@github.com>
2020-10-14 09:25:39 -07:00
Sauyon Lee
1ba1029a13 Use comment-based tests for GoModExpr 2020-10-14 09:25:38 -07:00
Sauyon Lee
34837c10ce Fix tests for go.mod files 2020-10-14 09:25:38 -07:00
Sauyon Lee
3242df4177 Use package root directory to find go.mod files 2020-10-14 09:13:57 -07:00
Owen Mansel-Chan
8811758e44 Add change note 2020-10-14 14:49:50 +01:00
Owen Mansel-Chan
4b76966a49 Model Spew logging framework 2020-10-14 14:47:22 +01:00
Chris Smowton
b2fef01d28 Merge pull request #378 from smowton/smowton/admin/change-note-typo
Fix changenote typo
2020-10-14 13:33:21 +01:00
Chris Smowton
72ee460a64 Fix changenote typo 2020-10-14 13:32:26 +01:00
Chris Smowton
0afa0e75c4 Merge pull request #374 from smowton/smowton/feature/more-accurate-allocation-overflow
Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand
2020-10-14 13:25:45 +01:00
Chris Smowton
83a7411a05 Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand
This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
2020-10-14 10:16:08 +01:00
Chris Smowton
59f8717ca2 Merge pull request #372 from smowton/smowton/feature/golang-x-net-context
Extend `context` models to cover its old `golang.org/x/net/context` home.
2020-10-13 10:33:36 +01:00
Chris Smowton
40869480e1 Extend context models to cover its old golang.org/x/net/context home. 2020-10-12 12:27:19 +01:00
Chris Smowton
b370a865f1 Merge pull request #370 from max-schaefer/fix-formatting-targets
Fix escaping in Makefile targets.
2020-10-09 10:56:07 +01:00
Max Schaefer
9db478aa03 Fix escaping in Makefile targets.
Previously, invoking `make autoformat` would run a command of this form:

```sh
... | grep \\.go$ | ...
```

Note that the `$` is not escaped. This probably wasn't intended, even though it happens to work anyway, since the shell doesn't try to expand lone `$`s.

More problematically, invoking `make check-formatting` would run a command of this form:

```sh
... | grep \\.go| ...
```

Note that the `$` is gone, so it matches `.go` anywhere in the file name. In particular, it matches `ql/test/library-tests/semmle/go/frameworks/Protobuf/vendor/google.golang.org/protobuf/LICENSE`, which I think is responsible for the somewhat mysterious "expected 'package', found Copyright" errors we've been seeing from CI.

This PR fixes both targets to run

```sh
... | grep '\.go$' | ...
```

Because of the single quotes we only need a single backslash, and the `$` gets left alone.
2020-10-09 09:07:24 +01:00
Sauyon Lee
85c92251d6 Add a new binary for tracing 2020-10-08 23:31:06 -07:00
Sauyon Lee
de0582a67f autobuilder: extract out attempted build commands 2020-10-08 23:31:05 -07:00
Sauyon Lee
cd63ea84aa extractor: revamp argument parsing 2020-10-08 23:31:05 -07:00
Sauyon Lee
2da89c6527 extractor: factor out run from autobuilder 2020-10-08 23:31:05 -07:00
Sauyon Lee
eaf5342b7d Enable Go modules while determining module directory 2020-10-08 23:31:05 -07:00
Sauyon Lee
16796529fc Add package directory as a wanted root 2020-10-08 23:31:05 -07:00
Chris Smowton
024e8ef715 Merge pull request #368 from sauyon/xpath-fix
Update XPathExpressionString to match the Range pattern
2020-10-08 09:24:04 +01:00
Sauyon Lee
43de6ea836 Update XPathExpressionString to match the Range pattern
Fixes #367
2020-10-07 14:29:05 -07:00
Chris Smowton
c8a2d30e39 Merge pull request #360 from smowton/smowton/feature/stack-trace-exposure
Add stack-trace exposure query
2020-10-07 11:08:37 +01:00
Chris Smowton
d7dcf27f57 Merge pull request #362 from smowton/smowton/admin/refactor-function-node
Refactor DataFlow::FunctionNode as a concrete class
2020-10-06 15:08:54 +01:00
Chris Smowton
0eb7ac94cc Add stack-trace exposure query
This is a port of `java/stack-trace-exposure`, and does the same job: warn that a stack dump is written to an HTTP response.
2020-10-06 14:42:59 +01:00
Chris Smowton
68bb7b02fe Refactor DataFlow::FunctionNode as a concrete class
This makes it easier to refine FunctionNode without having to define abstract members.
2020-10-06 14:02:57 +01:00
Chris Smowton
5bdff0f9d3 Merge pull request #363 from smowton/smowton/fix/use-realpath-for-gopath
Autobuilder: Use fully resolved path for GOPATH
2020-10-05 10:53:17 +01:00
Chris Smowton
6b6c862274 Autobuilder: Use fully resolved path for GOPATH
Otherwise on systems where /tmp is a symlink (e.g. default OSX setup), GOPATH does not match the current working directory after os.Chdir'ing to that directory (os.Chdir resolves symlinks, unlike a shell's 'cd' command), which causes `dep` to fail complaining that it is being run from outside GOPATH.
2020-10-02 17:05:47 +01:00
Chris Smowton
e8710612d8 Merge pull request #361 from smowton/smowton/admin/fix-broken-qhelp-links
Fix OWASP broken links
2020-10-01 14:28:30 +01:00
Chris Smowton
4af5765275 Fix OWASP broken links 2020-10-01 13:06:03 +01:00
Chris Smowton
1be34c0c90 Merge pull request #359 from smowton/smowton/fix/suspicious-regex-qhelp
Improve variable names in example code
2020-09-30 11:03:10 +01:00
Max Schaefer
3490d35926 Merge pull request #358 from smowton/smowton/admin/qhelp-action
Add Action to build and upload qhelp
2020-09-29 17:31:07 +01:00
Chris Smowton
1cfad846c8 Improve variable names in example code
These were inherited from the JS version of the example, which concerns HTML.
2020-09-29 16:37:06 +01:00
Chris Smowton
6b28c0705a Add Action to build and upload qhelp 2020-09-29 16:16:25 +01:00
Max Schaefer
3dde501b54 Merge pull request #356 from max-schaefer/api-cleanup
Add and move around a few convenience predicates
2020-09-29 08:32:53 +01:00
Max Schaefer
97fb967d5c Add a few tests. 2020-09-28 10:58:28 +01:00
Max Schaefer
56f295f741 Add a few useful shortcuts. 2020-09-25 16:58:28 +01:00
Sauyon Lee
2ba9bbfd8b Merge pull request #355 from sauyon/moddir-fix
Improve extractor logging and a minor readability fix
2020-09-25 05:44:35 -07:00
Sauyon Lee
7ea3b34e4b extractor: Reorganize code to be in a slightly more sensible order 2020-09-25 04:23:35 -07:00
Sauyon Lee
e158b39287 Improve extractor logging
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-09-25 04:23:31 -07:00
Max Schaefer
8667b64a1c Make result variables aware of their index. 2020-09-25 10:51:32 +01:00
Chris Smowton
88c740bbbc Merge pull request #353 from gagliardetto/remove-duplicate-models
Remove duplicate models (the end)
2020-09-24 13:31:18 +01:00
Slavomir
4f7edb85da Fix package count 2020-09-24 12:41:14 +02:00
Slavomir
1f5da54ac9 Update change-notes/2020-09-23-stdlib.md
Co-authored-by: Chris Smowton <smowton@github.com>
2020-09-24 12:40:39 +02:00
Arthur Baars
575c56c426 Merge pull request #354 from github/aibaars/lgtm-go-lines-of-comment
LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls
2020-09-24 12:22:07 +02:00
Arthur Baars
240f3ed7dc LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls 2020-09-24 11:04:15 +02:00
Max Schaefer
907ae20a16 Merge pull request #350 from smowton/smowton/feature/bad-regex-escape-query
Add query spotting probably-bad escapes in regular expressions.
2020-09-24 09:49:16 +01:00
Slavomir
8e007623ca Improve change note 2020-09-23 18:03:11 +02:00
Slavomir
ef20f75cbe Add change note 2020-09-23 17:52:52 +02:00
Slavomir
8b397c1eff Remove this. from the generated method and interface models 2020-09-23 17:28:44 +02:00
Slavomir
539127b1d1 Remove models for methods for which there already is a models for the interface they implement. 2020-09-23 17:16:01 +02:00
Chris Smowton
59138048bb Add query spotting probably-bad escapes in regular expressions.
Inspired by js/useless-regexp-character-escape, but much much simpler because the Go source code parser forbids unrecognised escapes and its regex engine refuses to compile \\x where x is not a character class or other special token (e.g. start-of-word).
2020-09-23 15:07:22 +01:00
Chris Smowton
a094ddb988 Merge pull request #349 from gagliardetto/stdlib-339-340-342-346-347
Merge #339 #340 #342 #346 #347
2020-09-23 14:38:04 +01:00
Chris Smowton
1a3589ac06 Merge pull request #352 from smowton/smowton/feature/http-newrequest
Add model for net/http.NewRequest
2020-09-23 09:56:17 +01:00
Max Schaefer
6130720e00 Merge pull request #348 from max-schaefer/functioninput_entrynode
Ensure `FunctionInput`s corresponding to results have an entry node
2020-09-23 09:15:18 +01:00
Chris Smowton
c1fbbfb05a Add model for net/http.NewRequest noting that if the URL is tainted then the response should be considered tainted also. 2020-09-23 08:46:36 +01:00
Slavomir
364b6810ce Sort stdlib imports 2020-09-22 18:50:12 +02:00
Slavomir
a7148638aa Merge branch 'standard-lib-pt-6' into stdlib-339-340-342-346-347 2020-09-22 18:44:14 +02:00
Slavomir
61a0cfa06a Merge branch 'standard-lib-pt-4' into stdlib-339-340-342-346-347 2020-09-22 18:43:30 +02:00
Slavomir
315514085f Merge branch 'standard-lib-pt-9' into stdlib-339-340-342-346-347 2020-09-22 18:43:14 +02:00
Slavomir
0510404112 Merge branch 'standard-lib-pt-12' into stdlib-339-340-342-346-347 2020-09-22 18:42:46 +02:00
Slavomir
1a5d582750 Remove Regexp 2020-09-22 13:37:39 +02:00
Slavomir
e742525be5 Fix (*Logger).Writer() model 2020-09-22 13:35:55 +02:00
Slavomir
bff19d5a37 Move and extend Log module for package log with taint-tracking 2020-09-22 13:35:55 +02:00
Slavomir
3a7406b14c Remove redundant Read and Write method models 2020-09-22 13:33:37 +02:00
Slavomir
3abf0e8d29 Add taint-tracking for crypto/x509 package 2020-09-22 13:33:37 +02:00
Slavomir
3acb7a5311 Add taint-tracking for crypto/tls package 2020-09-22 13:33:37 +02:00
Slavomir
5e0e3cc2cc Add taint-tracking for crypto/rsa package 2020-09-22 13:33:37 +02:00
Slavomir
742319c071 Move to stdlib and expand crypto/cypher package taint-tracking 2020-09-22 13:33:37 +02:00
Slavomir
434c4bca9c Add taint-tracking for crypto package 2020-09-22 13:33:37 +02:00
Max Schaefer
c61881acb3 Merge pull request #344 from smowton/smowton/feature/echo-models
Add models for the Echo framework
2020-09-22 10:45:02 +01:00
Max Schaefer
2d4f17c91c Ensure result inputs always have an entry node. 2020-09-22 09:08:17 +01:00
Max Schaefer
4b56581122 Fix input nodes for results that are not assigned to an SSA variable. 2020-09-22 09:06:16 +01:00
Max Schaefer
9c640fff4f Add a new test for FunctionInputsAndOutputs. 2020-09-22 09:04:49 +01:00
Max Schaefer
c905149579 Merge pull request #341 from gagliardetto/standard-lib-pt-10
Move to stdlib and extend the models for `fmt` package
2020-09-21 22:10:56 +01:00
Chris Smowton
7b917f9dd7 Add utility functions for getting FunctionInputs and FunctionOutputs. 2020-09-21 17:35:40 +01:00
Chris Smowton
397282f41a Add models for the Echo framework 2020-09-21 17:35:40 +01:00
Chris Smowton
bdb3e54299 Add tests for stdlib-http fields that aren't supposed to cause open-redirect alerts 2020-09-21 16:26:46 +01:00
Chris Smowton
b6b7bd2717 Generalise model of HTTP libraries
* Allow for HTTP response methods that define a content-type without a corresponding header write
* Factor out stdlib-http-specific classification of fields that aren't vulnerable to an open-redirect exploit
2020-09-21 16:26:39 +01:00
Slavomir
0005775e2b Apply suggestions from code review
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-09-21 16:23:21 +02:00
Slavomir
dedeb7bbf1 Add taint-tracking for container/ring package 2020-09-21 12:34:00 +02:00
Slavomir
75e3ee6e77 Add taint-tracking for container/list package 2020-09-21 12:32:39 +02:00
Slavomir
4ecf9b0f6b Add taint-tracking for container/heap package 2020-09-21 12:30:47 +02:00
Chris Smowton
6770c74b7f Merge pull request #345 from gagliardetto/from-331-to-337
Merge #331, #332, #333, #334, #335, #336, #337
2020-09-21 09:34:41 +01:00
Slavomir
a7dba54001 Merge branch 'standard-lib-pt-15' into from-331-to-337 2020-09-20 18:25:29 +02:00
Slavomir
ad53583b5e Remove methods on IP 2020-09-20 18:23:56 +02:00
Slavomir
17868dd6b1 Merge branch 'standard-lib-pt-16' into from-331-to-337 2020-09-20 15:47:35 +02:00
Slavomir
ed965c7101 Merge branch 'standard-lib-pt-19' into from-331-to-337 2020-09-20 15:47:14 +02:00
Slavomir
53e0e3ffbf Merge branch 'standard-lib-pt-20' into from-331-to-337 2020-09-20 15:46:47 +02:00
Slavomir
9d1381349f Merge branch 'standard-lib-pt-23' into from-331-to-337 2020-09-20 15:46:26 +02:00
Slavomir
1d13ca58ff Merge branch 'standard-lib-pt-22' into from-331-to-337 2020-09-20 15:46:02 +02:00
Slavomir
cd151fcdd1 Merge branch 'standard-lib-pt-5' into from-331-to-337 2020-09-20 15:45:46 +02:00
Slavomir
5e7b279569 Remove model for a method that satisfies an interface that already has its own model. 2020-09-20 15:38:37 +02:00
Slavomir
3fd6f9c400 Extend QueryString::Range with database/sql/driver interfaces' methods 2020-09-20 15:38:37 +02:00
Slavomir
24e8a18d22 Add database/sql/driver taint-tracking 2020-09-20 15:38:37 +02:00
Slavomir
5e4d75561c Add database/sql/driver taint-tracking 2020-09-20 15:38:37 +02:00
Slavomir
6f0bfbfa96 Add taint-tracking to database/sql package in the SQL module 2020-09-20 15:38:37 +02:00
Slavomir
55a8e24055 Taint-track package expvar 2020-09-20 15:38:37 +02:00
Slavomir
29382744fe Taint-track package errors 2020-09-20 15:38:37 +02:00
Slavomir
4127cb5cc4 Remove rune/byte read/write from TaintStep/io.go 2020-09-20 15:35:02 +02:00
Slavomir
07fdd3d17a Fix TaintStep.expected: fix io.Pipe logic, remove rune/byte read/write 2020-09-20 15:33:11 +02:00
Slavomir
c4a493f003 Remove models for methods where there are already interface models 2020-09-20 15:13:48 +02:00
Slavomir
dc159eeee1 Remove io.Writer model from io/ioutil 2020-09-20 15:13:48 +02:00
Slavomir
f1cdfff331 Import IoIoutil module 2020-09-20 15:13:48 +02:00
Slavomir
073fae9ff8 Move to stdlib and extend the module for io/ioutil package 2020-09-20 15:13:48 +02:00
Slavomir
45dfc2bcf2 Move to stdlib, extend and refactor the Io module 2020-09-20 15:13:48 +02:00
Slavomir
a784a25a61 Remove (net.IP).UnmarshalText 2020-09-20 15:01:42 +02:00
Slavomir
1578a66731 Remove models for net.Parse* 2020-09-20 15:01:42 +02:00
Slavomir
e14f857761 Add taint-tracking for package net/textproto 2020-09-20 15:01:42 +02:00
Slavomir
75751d732b Add taint-tracking for package net/mail 2020-09-20 15:01:42 +02:00
Slavomir
e6cb8fe5ce Add taint-tracking for package net/http/httputil 2020-09-20 15:01:42 +02:00
Slavomir
85f9760662 Move existing net/http classes from private module StdlibHttp to stdlib.NetHttp 2020-09-20 15:01:41 +02:00
Slavomir
e66fcef396 Add taint-tracking for net/http package 2020-09-20 15:01:41 +02:00
Slavomir
fa04d5a74d Add taint-tracking for package net 2020-09-20 15:01:41 +02:00
Slavomir
c89cfc8867 Use go 1.14.3 2020-09-20 14:52:40 +02:00
Slavomir
8eeb019b5c Move existing OS (all caps name) module classes to stdlib.Os module (notice the camelcase name) 2020-09-20 14:52:40 +02:00
Slavomir
f811dff527 Add taint-tracking for package os 2020-09-20 14:52:40 +02:00
Chris Smowton
fee596ac83 Merge pull request #343 from smowton/smowton/feature/chi-models
Add models for the Chi web framework
2020-09-16 11:38:08 +01:00
Chris Smowton
1bf366c1e3 Add models for the Chi web framework
This is mostly simple as the framework uses ordinary net/http methods and ordinary Go contexts for most purposes.
2020-09-16 09:14:23 +01:00
Slavomir
b529cf4c86 Import Fmt module 2020-09-15 19:19:30 +02:00
Max Schaefer
88e03c3ee5 Merge pull request #322 from gagliardetto/standard-lib-pt-11
Add taint-tracking for packages in `html/*`
2020-09-15 17:54:35 +01:00
Slavomir
375ac63499 Move to stdlib and extend the models for fmt package 2020-09-15 17:27:56 +02:00
Slavomir
a340270dc1 Move html TemplateEscape out of Texttemplate module 2020-09-14 15:47:52 +02:00
Slavomir
9a560e994c Remove redundant field 2020-09-14 15:47:51 +02:00
Slavomir
ce67720542 Add taint-tracking for html/template package. 2020-09-14 15:47:51 +02:00
Slavomir
35136bbb2c Add escape function. 2020-09-14 15:47:51 +02:00
Slavomir
52d4c71ec2 Add taint-tracking for html package. 2020-09-14 15:47:51 +02:00
Chris Smowton
8d7cbe3aa5 Merge pull request #323 from gagliardetto/standard-lib-pt-8
Add taint-tracking for packages in `encoding/*`
2020-09-14 14:41:19 +01:00
Chris Smowton
3ba85576ea Merge pull request #338 from smowton/smowton/admin/update-dataflow-libs-2020-09-14
Port codeql#4238 (Dataflow: small fixes for naming in taint tracking)…
2020-09-14 14:19:06 +01:00
Slavomir
6bbe0182ca Rename Syscall_non_windows.go to Syscall_non_win.go 2020-09-14 13:34:24 +02:00
Slavomir
4c2537017f Fix TaintStep.expected: add params to json.MarshalIndent 2020-09-14 13:10:25 +02:00
Slavomir
64a61bd648 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingXml module. 2020-09-14 13:10:25 +02:00
Slavomir
947bbabf62 Extend MarshalingFunction and UnmarshalingFunction with encoding/pem 2020-09-14 13:10:25 +02:00
Slavomir
d472d5abe5 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingJson module. 2020-09-14 13:10:25 +02:00
Slavomir
ed2e5b0f92 Extend MarshalingFunction and UnmarshalingFunction with encoding/asn1 2020-09-14 13:10:25 +02:00
Slavomir
afede9bde5 Remove encoder taint-tracking for encoding/hex 2020-09-14 13:10:25 +02:00
Slavomir
96a700becb Remove encoder taint-tracking for encoding/base64 2020-09-14 13:10:25 +02:00
Slavomir
0baca5fa6c Remove encoder taint-tracking for encoding/base32 2020-09-14 13:10:25 +02:00
Slavomir
828d3863a0 Remove encoder taint-tracking for encoding/ascii85 2020-09-14 13:10:25 +02:00
Slavomir
f3a61ed65c Add MarshalFunction and UnmarshalFunction classes to EncodingXml module. 2020-09-14 13:10:25 +02:00
Slavomir
b4ff653071 Add taint-tracking for encoding/xml 2020-09-14 13:10:25 +02:00
Slavomir
e7fc3c5039 Add taint-tracking for encoding/pem 2020-09-14 13:10:25 +02:00
Slavomir
669ed91b0b Move EncodingJson to stdlib; add Escape class. 2020-09-14 13:10:25 +02:00
Slavomir
24c23ba333 Add taint-tracking for encoding/json 2020-09-14 13:10:25 +02:00
Slavomir
f5fc9494fc Remove old EncodingHex module 2020-09-14 13:10:25 +02:00
Slavomir
74fdfba85c Add taint-tracking for encoding/hex 2020-09-14 13:10:25 +02:00
Slavomir
7a42992850 Add taint-tracking for encoding/gob 2020-09-14 13:10:25 +02:00
Slavomir
57518c7e3d Add taint-tracking for encoding/csv 2020-09-14 13:10:25 +02:00
Slavomir
df55bb459f Add taint-tracking for encoding/binary 2020-09-14 13:10:25 +02:00
Slavomir
20b4826e8e Add taint-tracking for encoding/base64 2020-09-14 13:10:25 +02:00
Slavomir
7060367de5 Add taint-tracking for encoding/base32 2020-09-14 13:10:24 +02:00
Slavomir
ba78eda277 Add taint-tracking for encoding/asn1 2020-09-14 13:10:24 +02:00
Slavomir
412ba1263b Add taint-tracking for encoding/ascii85 2020-09-14 13:10:24 +02:00
Slavomir
a47842d1c3 Add taint-tracking for package encoding 2020-09-14 13:10:24 +02:00
Slavomir
27ba893ba2 Add taint-tracking for context package 2020-09-14 13:09:45 +02:00
Slavomir
eb3a18f172 Add taint-tracking for package sort 2020-09-14 13:08:54 +02:00
Slavomir
71dbb244f9 Move existing Regexp module to stdlib 2020-09-14 13:08:16 +02:00
Slavomir
7f3a911f86 Add taint-tracking for package regexp 2020-09-14 13:08:16 +02:00
Slavomir
c2fc26a96a Remove Range method on sync.Map 2020-09-14 13:04:52 +02:00
Slavomir
d51518f411 Add taint-tracking for sync/atomic package 2020-09-14 13:04:52 +02:00
Slavomir
e47715b2a9 Add taint-tracking for sync package 2020-09-14 13:04:52 +02:00
Chris Smowton
86ed037fd3 Port codeql#4238 (Dataflow: small fixes for naming in taint tracking) to Go's local copy of the dataflow libs 2020-09-14 12:01:30 +01:00
Slavomir
d929e8313a Build syscall.StringSlicePtr only on non-windows OS 2020-09-14 12:49:41 +02:00
Slavomir
702a984dc0 Comment out test for syscall.StringSlicePtr because it's not present on windows. 2020-09-14 12:49:41 +02:00
Slavomir
72ef65f257 Add taint-tracking for syscall 2020-09-14 12:49:41 +02:00
Chris Smowton
362d210bc5 Merge pull request #330 from smowton/smowton/admin/standard-lib-pt-21-with-sanitiser
Move `strconv` and `strings` packages' taint-tracking to stdlib, and expand them + sanitise substrings of the HTTP Authorization header
2020-09-14 11:25:57 +01:00
Chris Smowton
b9b306aade CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar
These can represent a username, method name or other non-sensitive component of an Authorization header. For greater precision we could split the query into one investigating Authorization headers and one investigating other sources of sensitive data that can't be sanitized by splitting this way.
2020-09-14 09:46:14 +01:00
Slavomir
cf29f9dede Remove taint-tracking on single bytes and runes 2020-09-14 09:46:14 +01:00
Slavomir
6d3e6ded26 Fix: the Append* functions do not modify the dst slice argument. 2020-09-14 09:46:14 +01:00
Slavomir
9293bcde1d Fix ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected: calls to strings.NewReader are a step now. 2020-09-14 09:46:14 +01:00
Slavomir
3075294cd8 Move strings module to stdlib, and add more taint-tracking classes to it. 2020-09-14 09:46:13 +01:00
Slavomir
42c7f8cc0d Add taint-tracking for strconv package; rename module StrConv to Strconv and move into stdlib 2020-09-14 09:44:25 +01:00
Max Schaefer
b8d36b936e Merge pull request #321 from gagliardetto/standard-lib-pt-14
Add taint-tracking for packages inside `mime/*`
2020-09-14 09:26:29 +01:00
Max Schaefer
c10942d044 Merge pull request #320 from gagliardetto/standard-lib-pt-24
Add taint-tracking for packages inside `text/*`
2020-09-11 15:57:14 +01:00
Max Schaefer
c889bc3dae Merge branch 'main' into standard-lib-pt-24 2020-09-11 14:09:50 +01:00
Chris Smowton
84def5f6c2 Merge pull request #327 from smowton/smowton/feature/more-post-update-nodes
Add PostUpdateNodes for nested structs and arrays
2020-09-11 12:47:20 +01:00
Max Schaefer
903cffe7ed Merge pull request #317 from gagliardetto/standard-lib-pt-18
Add taint-tracking for `reflect` package
2020-09-11 11:26:48 +01:00
Chris Smowton
650bc1d38f Add PostUpdateNodes for derferenced expressions on an access path to a field- or element-write 2020-09-11 10:46:58 +01:00
Max Schaefer
e9bf3317b5 Merge pull request #328 from owen-mc/gorm-exec
Update GORM model
2020-09-11 08:41:09 +01:00
Max Schaefer
3758c6b7d8 Merge pull request #329 from smowton/smowton/feature/xss-detect-more-json-encoding
Reflected XSS query: exclude more uses of encoding/json.Marshal
2020-09-11 08:38:30 +01:00
Owen Mansel-Chan
13e82de53d Add change note 2020-09-10 17:29:06 +01:00
Chris Smowton
405babf5af Reflected XSS query: exclude more uses of encoding/json.Marshal
Previously we only detected these if the marshalling directly fed the request body within the same function; now it's a general sanitiser for the purposes of XSS.
2020-09-10 16:52:06 +01:00
Owen Mansel-Chan
3af90c9fc8 Update GORM tests 2020-09-10 13:48:12 +01:00
Owen Mansel-Chan
d807e8de75 Add more methods from GORM as sinks
Cf. https://gorm.io/docs/security.html
2020-09-09 16:18:41 +01:00
Owen Mansel-Chan
95c1f754c6 Add alternative package locations 2020-09-09 14:52:26 +01:00
Max Schaefer
baf048f293 Merge pull request #326 from owen-mc/change-note-for-allocation-size-overflow-sanitizers
Add change note for #296
2020-09-08 16:53:05 +01:00
Owen Mansel-Chan
cd6020810a Add change note for #296 2020-09-08 16:32:12 +01:00
Chris Smowton
5068b8b195 Add PostUpdateNodes for nested structs and arrays
This creates a PostUpdateNode for x in the contexts `x.field[element]`, `x.field.otherfield`, `x[element].field` and so on.

Most uses of PostUpdateNode implicitly assume its old definition, but our protobuf model benefits.
2020-09-08 16:28:02 +01:00
Max Schaefer
65c449cff0 Merge pull request #325 from max-schaefer/revert-237
Revert "Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable""
2020-09-08 08:04:58 +01:00
Max Schaefer
52a659183d Merge pull request #314 from smowton/smowton/admin/bump-golang-tools
Bump to latest version of golang.org/x/tools
2020-09-07 16:02:55 +01:00
Max Schaefer
655e229d1e Revert "Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable""
This reverts commit ccfccb4828.
2020-09-07 15:14:52 +01:00
Max Schaefer
1821cca5d2 Merge pull request #285 from smowton/protobufs
Protobuf modelling
2020-09-07 11:42:37 +01:00
Slavomir
25e3f75ddc Add taint-tracking for mime/quotedprintable package. 2020-09-06 17:45:09 +02:00
Slavomir
99b251d4f0 Add taint-tracking for mime/multipart 2020-09-06 17:42:57 +02:00
Slavomir
c44d426794 Add taint-tracking for mime package. 2020-09-06 17:39:41 +02:00
Slavomir
3b2e16e292 Move text/template classes to TextTemplate module inside stdlib. 2020-09-06 17:32:34 +02:00
Slavomir
0d5c7e3132 Add taint-tracking for text/template template. 2020-09-06 17:32:34 +02:00
Slavomir
db0b09beb4 Add taint-tracking for text/tabwriter package. 2020-09-06 17:32:34 +02:00
Slavomir
4df363d2ce Add taint-tracking for text/scanner package. 2020-09-06 17:32:34 +02:00
Chris Smowton
cfba0896f0 Improve code style
No behavioural changes
2020-09-04 17:05:32 +01:00
Chris Smowton
fb85ccb2a5 Look through implicit deref operations when propagating taint down a chain of field- and element-access instructions.
This enables us to use PostUpdateNode properly. Also introduce a test showing a case where this doesn't work, because the underlying variable doesn't have a post-update node.
2020-09-04 17:03:52 +01:00
Chris Smowton
3635d7d007 Introduce and use writeComponent 2020-09-04 17:03:52 +01:00
Chris Smowton
2a863fbbe7 Abbreviate protobuf package names 2020-09-04 17:03:52 +01:00
Chris Smowton
18ed6bd1ee Add missing qldoc 2020-09-04 17:03:52 +01:00
Chris Smowton
90915284ba Move getUnderlyingNode into Protobuf.qll
This is its only user for now.
2020-09-04 17:03:52 +01:00
Chris Smowton
59f9c6073d Introduce instruction type for component access
This is the union of a field-access and an element-access instruction
2020-09-04 17:03:52 +01:00
Chris Smowton
455cf0c502 Add support and tests for protobuf messages with map fields 2020-09-04 17:03:52 +01:00
Chris Smowton
b2d4e2692f Taint underlying aggregates of protobuf messages when an element is written
For example, writing to a[b].c[d] taints 'a'.
2020-09-04 17:03:52 +01:00
Chris Smowton
3d82308e07 Introduce common base class for ElementReadNode and FieldReadNode 2020-09-04 17:03:52 +01:00
Chris Smowton
56f6e67671 Protobufs: improve comment and code style
No functional changes
2020-09-04 15:14:49 +01:00
Chris Smowton
65dc6272d1 Remove prototype tests
I don't think we need these when we have the end-to-end taintFlows test.
2020-09-04 15:14:49 +01:00
Chris Smowton
b639b6ec6a Remove redundant copies of the generated protoc output 2020-09-04 15:14:49 +01:00
Chris Smowton
8058d096d2 Model and test UnmarshalOptions.Unmarshal
Support for UnmarshalOptions.UnmarshalState is dropped for now as too hard to model.
2020-09-04 15:14:49 +01:00
Chris Smowton
c2ff2df403 Add test showing false-negative for MarshalState 2020-09-04 15:14:49 +01:00
Chris Smowton
42d6250b8d Add modern-API variants of tests 2020-09-04 15:14:49 +01:00
Chris Smowton
8682eb9dec Add tests showing imprecision of our current implementation 2020-09-04 15:14:49 +01:00
Chris Smowton
a832342ecb Add test for unmarshalling submessages 2020-09-04 15:14:49 +01:00
Chris Smowton
596204f79d Add (currently-failing) expectations for submessage tainting 2020-09-04 15:14:49 +01:00
Chris Smowton
c9296abe25 Restrict tainting from field-writes to Message types 2020-09-04 15:14:49 +01:00
Chris Smowton
95798590ce Implement MarshalState method
Currently relies on blanket field-write propagation.
2020-09-04 15:14:49 +01:00
Chris Smowton
c34fc3c9ad Add tests for MarshalAppend and MarshalState
The MarshalState test doesn't work yet, because we don't know to read taint from the Message field of the input or write it to the Buf field of the output
2020-09-04 15:14:49 +01:00
Chris Smowton
2ca6157836 Protobuf: support both legacy and modern APIs 2020-09-04 15:14:49 +01:00
Chris Smowton
df0238a352 Fix proto.Clone method
This is top-level, not a member.
2020-09-04 15:14:49 +01:00
Chris Smowton
e76c07d77b Temporarily taint all structs from field writes
This should be either refined to just Message types, or else a macro taint step should be added conducting taint from field-write-of-argument to Marshal's result.

On the read-side we're currently fine: the bytes are tainted, so the object is tainted, so the field reads are tainted.
2020-09-04 15:14:49 +01:00
Chris Smowton
19e1dacced WIP: add more (manual) protobuf models, and a test that checks various taint-flow cases
Only some of the cases are currently working.
2020-09-04 15:14:49 +01:00
Sauyon Lee
4ff325aa13 --wip-- [skip ci] 2020-09-04 15:14:49 +01:00
Slavomir
095baeb8b6 Remove taint-tracking of booleans and numbers (but keep uintptr) 2020-09-04 12:06:34 +02:00
Max Schaefer
25e4245568 Merge pull request #291 from smowton/smowton/admin/oauth2-query-polish
Promote OAuth2-misuse query to mainline
2020-09-04 10:50:31 +01:00
Chris Smowton
47958e6de8 Go.mod comments: trim newlines
These weren't previously reported as part of the comment text, but are as of the latest version of golang.org/x/tools
2020-09-03 15:54:56 +01:00
Slavomir
5e62b002ff Fix: Append* does not modify the dst slice argument. 2020-09-03 15:43:16 +02:00
Slavomir
e7f2fb27eb Add taint-tracking for reflect package 2020-09-03 15:43:16 +02:00
Chris Smowton
380410e687 Go autoformat: exclude vendor/ directory 2020-09-03 14:37:26 +01:00
Chris Smowton
e386346a25 Extractor: tolerate ast.File structures without a package declaration
In earlier versions of golang/x/tools these would be omitted entirely; now they can result in ast.File structures whose ast.Package field is zero (NoPos), and in my experience these contain no information in their other fields either.
2020-09-03 14:32:23 +01:00
Max Schaefer
c7b4db8d16 Merge pull request #319 from aeisenberg/patch-1
Update devcontainer memory settings
2020-09-03 14:31:11 +01:00
Andrew Eisenberg
2e8e970978 Update devcontainer memory settings
CodeQL CLI needs a minimum of 2G of memory. By default, the memory used is slightly less than that, leading to poor performance.

This change also removes two old, unused settings.
2020-09-02 12:07:05 -07:00
Chris Smowton
b487799f69 Oauth2 state query: avoid duplicate paths by excluding variable references as sources 2020-09-02 17:40:53 +01:00
Chris Smowton
6fea8abd82 Oauth2 state query: improve code style
No behavioural changes intended.
2020-09-02 15:06:23 +01:00
Chris Smowton
2f175e365e Oauth2 state query: remove unnecessary isSource overload 2020-09-02 15:05:22 +01:00
Chris Smowton
8f99972833 OAuth2 CSRF query: improve documentation 2020-09-02 15:05:22 +01:00
Chris Smowton
0ba42f7f87 OAuth2 state query: set precision 2020-09-02 15:05:22 +01:00
Chris Smowton
406ea741f4 Improve comment style 2020-09-02 15:05:22 +01:00
Chris Smowton
faf43efb60 Promote OAuth2 constant-state query to mainline 2020-09-02 15:05:22 +01:00
Chris Smowton
0ee7bbbaa7 Extend oauth2 tests 2020-09-02 15:05:21 +01:00
Chris Smowton
f61c62d2d8 Generalise isReturnedWithError
It now recognises any function returning an Error alongside other return values
2020-09-02 15:05:21 +01:00
Chris Smowton
9e4ee0accf OAuth2 constant state query: trace local URLs across reference operations and Sprintf calls 2020-09-02 15:05:21 +01:00
Chris Smowton
050a823397 OAuth2 exclusion: hide cases that clearly target an out-of-band process or private HTTP server 2020-09-02 15:05:21 +01:00
Chris Smowton
bcb65157e6 Oauth2-state query: treat log calls the same as stdout printers
These presumably get to the user somehow, and in conjunction with stdin use are enough to identify use of oauth at the terminal.
2020-09-02 15:05:21 +01:00
Chris Smowton
3d877fc67d Oauth2 state: note bufio.NewScanner is also a sign of probable terminal-interactive use 2020-09-02 15:05:21 +01:00
Chris Smowton
6fee4f382f Constant-oauth2-state: exclude strings returned alongside an error value
For example, getState() { ... return "", someError } is commonly seen in the wild.
2020-09-02 15:05:21 +01:00
Chris Smowton
aac303c0a2 Merge pull request #287 from smowton/smowton/feature/restore-repo-after-build
Restore repo layout post-autobuild
2020-09-02 13:38:36 +01:00
Chris Smowton
246e8b1b27 Make failure to restore a file to its original location non-fatal 2020-09-02 11:44:43 +01:00
Chris Smowton
8de188a6ca Restore repo layout post-autobuild 2020-09-02 11:44:43 +01:00
Max Schaefer
be64f3ed22 Merge pull request #316 from gagliardetto/standard-lib-pt-17
Move `path` and `path/filepath` packages to stdlib
2020-09-02 08:26:11 +01:00
Slavomir
386005d361 Add path and path/filepath packages to stdlib 2020-09-01 13:09:41 +02:00
Sauyon Lee
976151c08f Merge pull request #315 from max-schaefer/fix-frontend-errors
Fix frontend errors in test.
2020-08-28 12:40:11 -07:00
Max Schaefer
2fe8fb9d83 Fix frontend errors in test. 2020-08-28 12:01:33 +01:00
Max Schaefer
031a48ecd3 Merge pull request #296 from owen-mc/allocation-size-overflow-improve-sanitizers-easy
Add new sanitizer guard to Allocation size overflow query
2020-08-28 07:44:45 +01:00
Max Schaefer
b4550f244b Merge pull request #313 from github/rc/1.25
Merge rc/1.25 into main
2020-08-27 14:27:26 +01:00
Sauyon Lee
1743dae7b0 Merge pull request #312 from smowton/smowton/autobuilder-fixes-fixed-further
Autobuilder: always check the vendor directory works and if go.mod exists
2020-08-27 04:16:04 -07:00
Chris Smowton
af1be2f465 Bump to latest version of golang.org/x/tools 2020-08-27 11:57:21 +01:00
Chris Smowton
4d084372b5 Fix autobuilder Go version comparison
The semver package requires versions of the form v1.2.3, and unhelpfully evaluates any malformed versions as equal.
2020-08-27 11:02:23 +01:00
Chris Smowton
c6dbb9fcb2 Tidy up -mod argument stringification 2020-08-27 10:46:36 +01:00
Chris Smowton
b13b54f7d7 Don't try to use -mod=... when go.mod doesn't exist
Also don't pass a blank argument to `go` when using an old version.
2020-08-26 13:56:36 +01:00
Chris Smowton
9ad2d6c119 Factor default and custom install paths
These now follow the same route:

* Run a default or custom build script
* If needed, check if vendor/ is usable
* If it isn't, or if their build failed, install dependencies using go get etc

This commit shouldn't cause any behavioural change.
2020-08-26 12:02:54 +01:00
Chris Smowton
859b427881 Check if the vendor/ directory is usable, even after a successful build 2020-08-26 11:53:50 +01:00
Sauyon Lee
8f6b25e0ac autobuilder: Use -mod=mod for vendor directories wihtout modules.txt 2020-08-26 11:25:30 +01:00
Sauyon Lee
70d425d317 autobuilder: move vendor check before dependency installation check
This means dependency installation is still attempted when a vendor
directory is inconsistent.
2020-08-26 11:25:30 +01:00
Sauyon Lee
852ae9397b autobuilder: Test for vendor inconsistency 2020-08-26 11:25:30 +01:00
Sauyon Lee
28c69743a4 Add workaround for go 1.14 explicit vendoring requirement
This only applies for module files for which no Go version has
been specified; Go will assume these should be parsed with the
latest Go version, which will cause them to fail if the vendor
directory has been generated with an old version of Go, as
the vendor/modules.txt will not meet the new requirements for
consistency.
2020-08-26 11:25:30 +01:00
Max Schaefer
34d5e970ff Merge pull request #311 from owen-mc/add-missing-change-notes
Add missing change notes
2020-08-26 11:21:00 +01:00
Owen Mansel-Chan
7fd5e7e978 Add change note for https://github.com/github/codeql-go/pull/277 2020-08-26 10:54:18 +01:00
Owen Mansel-Chan
ad6c94e8f9 Add change note for https://github.com/github/codeql-go/pull/251 2020-08-26 07:58:19 +01:00
Owen Mansel-Chan
210208b003 Add change note for https://github.com/github/codeql-go/pull/226 2020-08-26 07:46:56 +01:00
Owen Mansel-Chan
d4a377b7cc Add change note for https://github.com/github/codeql-go/pull/107
The model for websocket was included in another change note
2020-08-26 07:21:05 +01:00
Owen Mansel-Chan
944b69066e Add change note for github/codeql-go#125 2020-08-26 07:20:24 +01:00
Max Schaefer
3376e45508 Merge pull request #309 from owen-mc/restore-gin-change-note
Add change note for Gin framework
2020-08-25 10:42:57 +01:00
Owen Mansel-Chan
dc99a62dca Add change note for Gin framework
This was originally put in too early because the Gin framework was
accidentally not added to the default includes.

This reverts commit 41e98d6afc.
2020-08-25 10:29:42 +01:00
Sauyon Lee
0de8ac3b87 Merge pull request #305 from max-schaefer/consistency-queries
Enable consistency queries in tests
2020-08-25 01:01:11 -07:00
Max Schaefer
76f3bd63ac Merge pull request #306 from max-schaefer/fix-stringops-magic
Prevent misoptimisation in `StringOps`.
2020-08-25 08:45:54 +01:00
Max Schaefer
b72c4f958c Fix tests for ExprHasNoEffect on non-Linux systems. 2020-08-25 08:05:19 +01:00
Max Schaefer
4c82ad6064 Apply suggestions from code review
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2020-08-25 07:37:11 +01:00
Max Schaefer
bdcb1f233c Prevent misoptimisation in StringOps. 2020-08-24 20:11:23 +01:00
Max Schaefer
ab19d40f4b Merge pull request #304 from max-schaefer/fix-frontend-errors
Fix frontend errors in tests
2020-08-24 18:44:32 +01:00
Max Schaefer
57180c24c7 Simplify consistency query.
Unlike the old ODASA consistency queries, new consistency queries can have expected results, so there is no need to have special handling of files with expected errors.
2020-08-24 17:39:28 +01:00
Max Schaefer
d7cfcf46a5 Run tests with consistency queries. 2020-08-24 17:39:28 +01:00
Max Schaefer
181438b827 Bump CodeQL version for CI to 2.2.5. 2020-08-24 17:39:28 +01:00
Max Schaefer
42c1116ac7 Merge pull request #303 from github/rc/1.25
Merge rc/1.25 into main
2020-08-24 17:22:56 +01:00
Max Schaefer
c06531d9c0 Fix tests for InsecureHostKeyCallback. 2020-08-24 17:18:28 +01:00
Max Schaefer
4d4129313a Fix tests for Gorestful. 2020-08-24 17:18:06 +01:00
Max Schaefer
aad9ce0c97 Fix tests for OpenUrlRedirect. 2020-08-24 17:06:26 +01:00
Max Schaefer
4e202666dc Fix tests for InsecureHostKeyCallback. 2020-08-24 17:06:01 +01:00
Max Schaefer
368227fff5 Fix tests for NegativeLengthCheck. 2020-08-24 17:04:55 +01:00
Max Schaefer
149ceda636 Fix tests for Gorestful. 2020-08-24 17:04:31 +01:00
Max Schaefer
a0a8a584a4 Fix error in ellipsis.go. 2020-08-24 17:01:16 +01:00
Sauyon Lee
402b239520 Merge pull request #300 from srt32/patch-1
Update bad / good message for CWE 079
2020-08-24 08:57:26 -07:00
Owen Mansel-Chan
a669fa4aa1 Do not flow taint through remainder expressions
If the tainted operand is the first operand then it is being bounded above
by the remainder expression. If it is the second operand then
2020-08-24 16:18:08 +01:00
Owen Mansel-Chan
aed3ef4cde Improve performance of new barrier guard
Some projects on lgtm were taking >1 hour, and with this commit they take
<10 minutes
2020-08-24 16:18:08 +01:00
Simon Taranto
bd9100eb4e Update other file too 2020-08-24 09:00:26 -06:00
Max Schaefer
5dc822886b Merge pull request #302 from max-schaefer/fix-qhelp
Fix qhelp for incorrect integer-conversion query.
2020-08-24 11:20:32 +01:00
Max Schaefer
111d2a745b Fix qhelp for incorrect integer-conversion query.
It seems qhelp doesn't like `<code>` inside `<a>`.
2020-08-24 09:55:43 +01:00
Simon Taranto
7adf477e2d Update bad / good message for CWE 079
Previously, the "good" example still had the "BAD: " comment in it which was confusing.

This change updates the good example to have a "GOOD: " comment instead.
2020-08-21 15:31:47 -06:00
Owen Mansel-Chan
caf77e2a44 Merge pull request #298 from smowton/smowton/admin/changenote-blank-lines
Remove blank lines from changenote
2020-08-20 16:05:29 +01:00
Chris Smowton
b983778cd1 Merge pull request #297 from ginsbach/noinferred
remove reliance on InferredBinding
2020-08-20 11:52:14 +01:00
Chris Smowton
cc2a153c57 Remove blank lines from changenote 2020-08-20 11:45:29 +01:00
Owen Mansel-Chan
dbf1d24e19 Add new barrier guard for second half of path 2020-08-20 11:37:07 +01:00
Chris Smowton
ce93a449fa Merge pull request #295 from owen-mc/remove-gin-change-note
Remove gin change note
2020-08-20 10:39:13 +01:00
Owen Mansel-Chan
41e98d6afc Remove change note so it isn't accidentally put into this release 2020-08-20 10:27:51 +01:00
Owen Mansel-Chan
53cc3621ad Change date on Gin change note
The Gin model wasn't added to the default imports
till 2020-08-19
2020-08-20 10:27:41 +01:00
Philip Ginsbach
1149d43488 remove reliance on InferredBinding from InsecureFeatureFlag::getAFlagName 2020-08-20 10:26:46 +01:00
Chris Smowton
89e420d49f Merge pull request #294 from smowton/smowton/admin/reenable-checkout-v2
Revert "Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237"
2020-08-20 07:48:12 +01:00
Chris Smowton
9b9b0b217e Revert "Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237"
This reverts commit 8aaa7c8925.

The bug it was working around (if it ever did) has been fixed.
2020-08-19 17:53:25 +01:00
Owen Mansel-Chan
0260438ff3 Merge pull request #293 from owen-mc/import-gin-framework-by-default
Import Gin framework by default
2020-08-19 17:24:29 +01:00
Chris Smowton
33d35112e1 Merge pull request #292 from smowton/smowton/admin/document-public-predicates
Document undocumented public symbols
2020-08-19 15:52:06 +01:00
Owen Mansel-Chan
35e336fe96 Add tests for sanitizers and sanitizer guards 2020-08-19 15:36:48 +01:00
Owen Mansel-Chan
17b3d56195 Remove unnecessary string concat 2020-08-19 15:36:48 +01:00
Owen Mansel-Chan
103e655395 Import Gin framework by default 2020-08-19 15:26:12 +01:00
Chris Smowton
60d3de1911 Document undocumented public symbols 2020-08-19 14:29:12 +01:00
Chris Smowton
1e7bbcc23a Merge pull request #290 from sauyon/openredirect-uri
Open URL Redirect: make isValidURI and the like sanitizers
2020-08-18 10:07:43 +01:00
Sauyon Lee
5b9fb2a28b openurlredirect: make isValidURI and the like sanitizers 2020-08-17 10:45:46 -07:00
Chris Smowton
c07db2a373 Merge pull request #289 from smowton/gorand
(admin) Slightly cleaned up version of Insufficient Randomness
2020-08-17 12:00:26 +01:00
dilanbhalla
986f3c3084 Add experimental query detecting use of an insecure PRNG in a cryptographic context 2020-08-17 10:52:36 +01:00
Max Schaefer
d675daa1d1 Merge pull request #284 from dilanbhalla/gocrypto
Adding Crypto Query/Library
2020-08-14 12:00:18 +01:00
dilanbhalla
a58070f920 fixed build test error 2020-08-14 01:56:30 -07:00
dilanbhalla
7f980a4901 pr fixes 2020-08-14 00:45:08 -07:00
Max Schaefer
fe6cf8c625 Merge pull request #275 from owen-mc/incorrect-integer-conversion
Incorrect integer conversion
2020-08-13 20:19:47 +01:00
Owen Mansel-Chan
951d59752a Address review comments 7 2020-08-13 18:22:58 +01:00
dilanbhalla
40d3f22193 fixing commit error 2020-08-12 10:49:11 -07:00
Owen Mansel-Chan
2e60d40ccd Address review comments 6 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
69212b9ad9 Deal with build constraints
Note that build constraints can be explicit (comments at the top of the
file) or implicit (part of the file name)
2020-08-12 17:07:29 +01:00
dilanbhalla
37eca95d44 restructured library 2020-08-11 23:53:50 -07:00
dilanbhalla
79002b0c38 pr fixes 2020-08-11 10:34:45 -07:00
Owen Mansel-Chan
08d9af1bd7 Merge pull request #280 from owen-mc/negative-length-check-unsigned
Extend negativeLengthCheck query to unsigned integers
2020-08-11 11:59:24 +01:00
Owen Mansel-Chan
1e0b9cc6a3 Address review comments 5 2020-08-11 10:57:02 +01:00
Owen Mansel-Chan
97bbdca8a3 Extend negativeLengthCheck query to unsigned integers
Like return values from len and cap, unsigned integers are never negative
2020-08-11 10:48:03 +01:00
dilanbhalla
2ee654d643 attempting to fix autoformat build error 2020-08-11 01:07:53 -07:00
Max Schaefer
117fd686c4 Merge pull request #276 from gagliardetto/standard-lib-pt-3
Add taint tracking for the compress/* packages
2020-08-11 07:56:45 +01:00
Max Schaefer
cb5c596ab6 Merge pull request #283 from github/rc/1.25
Merge rc/1.25 into main
2020-08-11 07:51:17 +01:00
Owen Mansel-Chan
c7a8730c40 Improve tests of paths with more than one sink 2020-08-11 07:24:58 +01:00
Owen Mansel-Chan
4907f6529e Address review comments 4 2020-08-11 07:24:58 +01:00
dilanbhalla
4433f193f9 pr fixes for typo and qldoc 2020-08-10 16:06:02 -07:00
dilanbhalla
7ce9e976c2 removing precision tag 2020-08-10 12:06:10 -07:00
dilanbhalla
95342cdea7 adding go crypto library 2020-08-10 11:56:41 -07:00
Owen Mansel-Chan
ed469a355e Fix mistake in test 2020-08-10 17:32:49 +01:00
Max Schaefer
097775bf64 Merge pull request #282 from sauyon/tomain
Fix one use of master in README
2020-08-10 17:03:22 +01:00
Max Schaefer
61f4d8ddfc Merge pull request #278 from max-schaefer/fix-upgrade-performance
Improve performance of upgrade script
2020-08-10 17:01:49 +01:00
Max Schaefer
d31b4d262f Merge pull request #281 from max-schaefer/has_ellipsis
Teach extractor to distinguish calls with an ellipsis from calls without
2020-08-10 16:51:38 +01:00
Owen Mansel-Chan
30f176246a Address review comments 3 2020-08-10 15:21:20 +01:00
Max Schaefer
6d35c60acb Add pragma to prevent accidental inlining. 2020-08-10 14:51:28 +01:00
Max Schaefer
2ef421255a Add a clarifying comment. 2020-08-10 14:49:19 +01:00
Max Schaefer
9385857c39 Add a regression test. 2020-08-10 14:48:13 +01:00
Owen Mansel-Chan
89eae10d96 Address review comments 2 2020-08-10 11:07:44 +01:00
Owen Mansel-Chan
4bfb2b4138 Address review comments 1 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
681ca9065a Add change note 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
06d1eb9bdb Add tests for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
329888e62c Add query for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
34fa07267b Add modeling to Stdlib.qll
Adds classes for some integer-parsing functions and a constant from
strconv, plus a class for calls to integer-parsing functions.
2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
ac49aa2527 Delete experimental query and tests for it 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
3a6aa58e48 Fix typo in QLDoc 2020-08-10 11:04:25 +01:00
Max Schaefer
c2a26f8ec9 Don't allow varargs as function outputs.
In a call of the form `f(xs...)`, when we say that `f` taints its 0th argument its ambiguous whether that means that it taints the slice `xs` or its 0th element `xs[0]`.

In practice, it's usually the latter, but we have no way of expressing that using our current `FunctionOutput` implementation.
2020-08-10 07:30:23 +01:00
Max Schaefer
bdfd1d131f Teach extractor to record the presence of an ellipsis in a call expression. 2020-08-10 07:30:23 +01:00
Sauyon Lee
0b97e486a2 Fix one use of master in README 2020-08-07 08:49:57 -07:00
Max Schaefer
97291e4c41 Merge pull request #279 from github/rc/1.25
Merge rc/1.25 into master
2020-08-06 11:18:11 +01:00
Max Schaefer
75795d80c4 Improve performance of upgrade script. 2020-08-06 09:51:36 +01:00
Max Schaefer
90bab34e88 Merge pull request #277 from sauyon/file-url-fix
autobuilder: Don't try to determine import paths for file URLs
2020-08-06 09:46:10 +01:00
Sauyon Lee
8e6c1835dd autobuilder: Don't try to determine import paths for file URLs
Also improve logging
2020-08-05 23:21:34 -07:00
Slavomir
b0259632e1 Remove Read method 2020-08-05 18:37:35 +02:00
Slavomir
6fda46b565 Add compress/zlib taint tracking 2020-08-05 18:35:47 +02:00
Slavomir
441d29b2b7 Add compress/lzw taint tracking 2020-08-05 18:34:05 +02:00
Slavomir
053496dbcc Add compress/gzip taint tracking 2020-08-05 18:32:51 +02:00
Slavomir
7e5077c174 Add compress/flate taint tracking 2020-08-05 18:31:13 +02:00
Slavomir
6e2af3ead1 Add compress/bzip2 taint tracking 2020-08-05 18:29:12 +02:00
Max Schaefer
4e409aa9fa Merge pull request #274 from gagliardetto/standard-lib-pt-2
Add taint tracking for bufio and bytes packages
2020-08-05 17:10:08 +01:00
Slavomir
df71f0bf8b Remove ReadByte, WriteByte, ReadRune, WriteRune 2020-08-04 17:53:50 +03:00
Slavomir
ff81ad622f Fix back ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected 2020-08-04 17:22:40 +03:00
Slavomir
c1f2e77488 Fix generated codeql 2020-08-04 17:11:55 +03:00
Slavomir
6b1bbf16aa Remove taint-tracking for objects that implement io.Reader 2020-08-04 16:01:30 +03:00
Slavomir
72254b7682 Fix ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected 2020-08-04 15:36:34 +03:00
Slavomir
3fd6062b3d Add taint-tracking for package "bytes" 2020-08-04 14:15:26 +03:00
Slavomir
dd8e1243a2 Add bufio taint-tracking 2020-08-04 14:11:00 +03:00
Max Schaefer
b057cbee7b Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup
Polish CWE-327 (weak TLS config) query
2020-08-03 10:28:53 +01:00
Sauyon Lee
5de55d02d7 Merge pull request #273 from max-schaefer/unresolved-reference
Speed up `unresolvedReference`.
2020-08-02 22:31:13 -07:00
Max Schaefer
f6da34b546 Speed up unresolvedReference. 2020-07-31 14:13:05 +01:00
Chris Smowton
7e65575e95 Merge pull request #272 from smowton/smowton/admin/fix-makefile-escaping
Escape go-fmt file filter
2020-07-30 20:05:04 +01:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Chris Smowton
3c1daf08f8 Escape go-fmt file filter
This should have been looking for \.go$, but I forgot to escape the dollar sign in a Makefile
2020-07-30 17:06:01 +01:00
Max Schaefer
2134757ebf Merge pull request #261 from smowton/smowton/admin/cleanup-cwe-322
Polish CWE-322: detect and exclude cases where host-checking is optional
2020-07-30 10:38:57 +01:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d7c0671ea1 Add test using SSH host-key checker factory knownhosts.New
This produces a secure host-key checker; we assume by default that an opaque function not otherwise specified returns an acceptable checker, but we need to particularly cope with its multiple return values to handle this factory function.
2020-07-29 16:30:51 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
2020-07-29 16:06:38 +01:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
2020-07-29 15:15:50 +01:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
99f08750f3 Polish CWE-322: detect and exclude cases where host-checking is optional 2020-07-29 14:43:47 +01:00
Max Schaefer
2831ffdad0 Merge pull request #270 from smowton/smowton/cleanup/ricterz-libraries
Add support for Gorm, Gorestful, Sqlx and Json-iterator
2020-07-29 14:21:41 +01:00
Max Schaefer
f8b8af5ac5 Merge pull request #269 from aibaars/lgtm-suites
CodeQL: complete LGTM suites
2020-07-29 07:19:41 +01:00
Arthur Baars
0db8ba881b CodeQL: complete LGTM suites 2020-07-28 20:36:53 +02:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Chris Smowton
026dc5c97f Add changelog notes regarding added library support 2020-07-28 14:57:14 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
2020-07-28 14:52:10 +01:00
Chris Smowton
e19f476341 Add test for Sqlx 2020-07-28 14:52:10 +01:00
Chris Smowton
f5caf7e9e2 Add test for Gorm 2020-07-28 14:52:10 +01:00
Chris Smowton
a813607a76 go-restful model: Add support for ReadEntity method 2020-07-28 14:52:10 +01:00
Chris Smowton
3c4a1b90fe Add test for Go-restful 2020-07-28 14:52:10 +01:00
Chris Smowton
b96546b0f8 Improve style of library models 2020-07-28 14:40:48 +01:00
Max Schaefer
e9ae697d0d Merge pull request #251 from gagliardetto/standard-lib-pt-1
Add taint-tracking for archive/tar and archive/zip
2020-07-28 14:27:02 +01:00
Chris Smowton
88cb435843 Split security flags into more distinct categories
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
2020-07-28 13:54:37 +01:00
Chris Smowton
3c244e2235 Insecure-TLS: remove obsolete TODO
The case noted works fine.
2020-07-28 13:04:16 +01:00
Chris Smowton
9b4e189374 Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction 2020-07-28 11:55:58 +01:00
Chris Smowton
2751552cbe Insecure-TLS: Reintroduce tests for InsecureCipherSuites()
These stopped producing an alert because they used a variable name that acknowledges an insecure setup
2020-07-28 11:55:58 +01:00
Chris Smowton
db9760082d Insecure-TLS: simplify warning message 2020-07-28 11:55:58 +01:00
Chris Smowton
2a0642b67b Insecure-TLS: remove is-test-file filter 2020-07-28 11:55:58 +01:00
Chris Smowton
5c8534f56e EXCUSED -> OK 2020-07-28 11:55:58 +01:00
Chris Smowton
d0c76187da Fix comment 2020-07-28 11:55:58 +01:00
Chris Smowton
a10db25b7d Remove redundant constraint 2020-07-28 11:55:58 +01:00
Chris Smowton
779901cdbd Reference Mozilla's TLS advice in qhelp 2020-07-28 11:55:58 +01:00
Chris Smowton
718c4e8531 Add change note for insecure-TLS query 2020-07-28 11:55:58 +01:00
Chris Smowton
db27f8477a Update CWE-327 test
This now checks various carve-outs for probable feature / compatibility flags
2020-07-28 11:55:58 +01:00
Chris Smowton
21d107e0e9 Check for suspected feature-flags more uniformly
These are now checked of all source *and* sink nodes, and the checks are factored with similar paths for is-insecure and is-old flags.
2020-07-28 11:55:58 +01:00
Chris Smowton
7d294c5d81 Factor and generalise InsecureFeatureFlag
The same path is now used to classify flags relating to old/legacy versions.
2020-07-28 11:21:51 +01:00
Chris Smowton
34c8cc5019 Improve documentation and function naming 2020-07-28 11:21:51 +01:00
Chris Smowton
17200a8569 Use SsaWithFields to find similar good-tls-version flows
Note: if accepted, merge this into a previous commit before submitting the PR
2020-07-28 10:31:45 +01:00
Chris Smowton
a7e549e771 Exclude TLS version sources accompanied by a non-nil error
It is common to return 0 has a dummy value with an error; these are very likely not going to be used as a real TLS version.
2020-07-28 10:31:44 +01:00
Chris Smowton
af960ed2cd Exclude more hits whose context suggests an intentionally old TLS configuration 2020-07-28 10:31:44 +01:00
Chris Smowton
8afa0c51d9 Filter out bad TLS versions where there is a converging flow supplying a good version
I'm supposing these usually indicate something configurable, rather than a hard-coded insecure choice. The *default* being insecure is still a problem, but probably not amenable to automated analyses.
2020-07-28 10:31:44 +01:00
Chris Smowton
b66a91bd5f Exclude InsecureTLS problems guarded by feature flags 2020-07-28 10:31:44 +01:00
Chris Smowton
6058c90485 Factor predicates for identifying security-related feature flags from DisabledCertificateCheck 2020-07-28 10:31:44 +01:00
Chris Smowton
a6ab92bbca Supress paths that extend beyond the first sink
For this particular query it's hardly ever interesting to complain about a bad cipher suite being configured, then read from the list and re-added elsewhere. In such a case the longer path will be detected when the shorter one is fixed in any case.
2020-07-28 10:31:44 +01:00
Chris Smowton
08ec017e4c Cleanup: disjunction -> set literal 2020-07-28 10:31:44 +01:00
Chris Smowton
75d69efb15 Merge pull request #267 from smowton/smowton/feature/print-ast-label-package-node
PrintAst: Label File nodes' package-name children, and ensure that child comes before all declarations
2020-07-24 13:30:12 +01:00
Chris Smowton
b4e15fb17a Merge pull request #268 from smowton/smowton/admin/downgrade-checkout-action
Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237
2020-07-24 13:28:06 +01:00
Chris Smowton
8aaa7c8925 Downgrade to checkout@v1 to work around https://github.com/actions/checkout/issues/237 2020-07-24 11:24:51 +01:00
Chris Smowton
454993fe64 PrintAst: Label File nodes' package-name children, and ensure that child comes before all declarations 2020-07-24 11:08:57 +01:00
Ricter Z
bb2d5ea6b5 add some sinks in commonly-used SQL libraries 2020-07-23 16:19:42 +01:00
Chris Smowton
b9e61115f3 Merge pull request #266 from sauyon/query-tags
Add correctness tag to MistypedExponentiation
2020-07-22 15:27:46 +01:00
Chris Smowton
6c4a1d0a34 Merge pull request #264 from smowton/smowton/feature/printast-restrict-files
PrintAst: improve support for restricting subsets of the AST to print
2020-07-22 15:20:14 +01:00
Chris Smowton
f8d141f7ff PrintAst: Sort root File nodes by relative path.
This should make graphtext output deterministic, rather than depending on the order the results interpretation step happens to see the nodes.
2020-07-22 13:43:34 +01:00
Sauyon Lee
c9df4d81b4 Add correctness tag to MistypedExponentiation 2020-07-22 04:26:56 -07:00
Chris Smowton
c30d198f3d Switch to using top-level function declarations to filter PrintAst
This means it's no longer possible to ask for the AST of a function literal, but this is hopefully a niche use-case that we can add if and when there is demand.
2020-07-22 10:40:41 +01:00
Owen Mansel-Chan
3018874f69 Merge pull request #259 from gagliardetto/oauth2-fixed-state
CWE-352: Use of constant `state` in Oauth2 flow
2020-07-21 17:11:46 +01:00
Chris Smowton
09990f9764 Configure plugin AST printer to ignore comments and only print one file 2020-07-21 17:01:07 +01:00
Chris Smowton
b8c4004c59 PrintAst: support excluding comments 2020-07-21 17:01:07 +01:00
Chris Smowton
e0aa59ced1 PrintAst: improve support for restricting subsets of the AST to print
* Exclude function definitions, not just their children, when excluded by configuration
* Allow excluding files
* Test both features
2020-07-21 17:00:28 +01:00
Chris Smowton
a625a4c7d5 Merge pull request #263 from smowton/smowton/feature/order-functypeexpr-children
PrintAst: order parameter and result declarations
2020-07-21 15:47:26 +01:00
Andrew Eisenberg
f35343e618 Merge pull request #262 from aeisenberg/aeisenberg/print-ast
Add the printAst contextual query
2020-07-20 11:11:42 -07:00
Slavomir
02b5fce67e Add go.mod to CWE-352 test folder 2020-07-20 17:46:12 +03:00
Chris Smowton
ce0cc31b03 PrintAst: order parameter and result declarations
This adds support for generally overriding the default AstNode child ordering, and uses it to sort parameter and result declarations in the context of a FuncTypeExpr in left-to-right textual order.
2020-07-20 14:32:42 +01:00
Andrew Eisenberg
0ae1330c02 Add the printAst contextual query
This is similar to the cpp query for printing the AST in the
context of VS Code.

This PR also includes a small refactoring to extract the
`getEncodedFile` predicate to a new `qll` file.
2020-07-17 10:12:48 -07:00
Slavomir
27f62b0b3a Fix examples 2020-07-17 13:12:18 +03:00
Slavomir
ee2804dfb1 Improve comments 2020-07-17 11:01:25 +03:00
Slavomir
ee4356501a Apply suggestions from code review
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2020-07-16 18:36:40 +03:00
Slavomir
fb78818db7 Fix .expected 2020-07-16 18:33:35 +03:00
Slavomir
ef7198c0cb Improve query scenarios 2020-07-16 18:29:15 +03:00
Slavomir
282f7af6d9 Improve comments, naming, docs 2020-07-16 12:52:41 +03:00
Slavomir
8cc8b8ef47 Add CWE-352: CSRF because of constant oauth2 state value 2020-07-16 12:38:08 +03:00
Slavomir
437f4b7eab Fix go autoformat 2020-07-15 19:12:33 +03:00
Slavomir
9cd86f9be8 Generated Go files: add what they were generated with 2020-07-15 19:05:12 +03:00
Slavomir
f7a03c0862 Update main.go 2020-07-15 19:05:12 +03:00
Slavomir
19348d2773 Simplify tests 2020-07-15 19:05:12 +03:00
Slavomir
1591ed3440 Implement code review feedback 2020-07-15 19:05:12 +03:00
Slavomir
5b63228690 Add StdlibTaintFlow.expected 2020-07-15 19:05:12 +03:00
Slavomir
19287fb5ff Add taint-tracking for archive/tar and archive/zip 2020-07-15 19:05:12 +03:00
Chris Smowton
830f83f21a Merge pull request #257 from smowton/smowton/fix/go-mod-comment-group-indices
Extractor: assign unique indices to comment-groups in go.mod files
2020-07-13 15:40:14 +01:00
Chris Smowton
3ab948f81c Extractor: assign unique indices to comment-groups in go.mod files
The schema requires that (parent, index) is a key.
2020-07-13 11:28:28 +01:00
Sauyon Lee
32510eb2d0 Merge pull request #255 from max-schaefer/alias-types
Improve modelling of alias declarations
2020-07-10 21:07:48 -07:00
Max Schaefer
4eac5a1d4e Add test to demonstrate that aliases have entities.
There are, however, no corresponding types.
2020-07-10 14:41:15 +01:00
Max Schaefer
1a8688a8f4 Extract enough information to distinguish type definitions from alias declarations. 2020-07-10 14:12:51 +01:00
Max Schaefer
4257a68c27 Include newlines in messages printed by go-gen-dbscheme. 2020-07-10 14:08:37 +01:00
Max Schaefer
9347413e77 Merge pull request #254 from smowton/smowton/admin/fix-go-autoformat
Make the gofmt CI test actually fatal
2020-07-10 14:01:44 +01:00
Chris Smowton
d05657ddff Make the gofmt CI test actaully fatal
Turns out gofmt doesn't actually return 1 when it finds problems, only when it finds source files which don't compile (all of which are now excluded).

This also fixes existing overlooked inconsistencies as a result of this mistake.
2020-07-10 11:02:50 +01:00
Max Schaefer
302eb55d23 Merge pull request #245 from smowton/smowton/feature/missing-error-check-query-conservative
Add query searching for missing error checks on functions that return a (pointer, error) pair
2020-07-09 15:37:32 +01:00
Chris Smowton
429a385a20 Add query searching for missing error checks on functions that return a (pointer, error) pair 2020-07-09 13:06:31 +01:00
Max Schaefer
02920abc62 Merge pull request #249 from smowton/smowton/feature/comment-group-ast-node-parents
Make CommentGroups AST-children of Files
2020-07-08 19:58:13 +01:00
Chris Smowton
6bf3802b3f Make CommentGroups AST-children of Files
Previously they were roots, with children hanging off them. Now they are children of Files, and both CommentGroups and Comments can be discovered using AstNode.getAChild.

The PrintAst pass is also adapted to account for their new position.
2020-07-08 17:49:47 +01:00
Max Schaefer
650cb5e626 Merge pull request #253 from smowton/smowton/admin/gofmt-in-ci
Add Go autoformatting to the 'autoformat' make target and to CI
2020-07-08 17:37:17 +01:00
Chris Smowton
ce94c68e0a Add Go autoformatting to the 'autoformat' make target and to CI
Existing gofmt complaints are fixed, and files that specifically test queries that relate to badly formatting code are tagged as such.
2020-07-08 14:20:19 +01:00
Max Schaefer
26eeb3c658 Merge pull request #252 from gagliardetto/patch-3
taint-tracking: String() must return a string type
2020-07-08 12:01:20 +01:00
Slavomir
59071732a8 taint-tracking: String() must return a string type
Make sure that the taint-tracking class for the `String()` method checks that the result type is a string.
2020-07-08 12:34:13 +03:00
Max Schaefer
bc778b5899 Merge pull request #243 from max-schaefer/cve-2019-11250
Improvements to clear-text logging query
2020-07-07 16:03:40 +01:00
Max Schaefer
3a897a9dd0 Merge pull request #247 from shati-patel/docs
Docs: Editorial changes to library modeling topic
2020-07-07 13:37:51 +01:00
Max Schaefer
b4c56928c4 Merge pull request #248 from max-schaefer/location-doc
Port Location qldoc update.
2020-07-07 13:37:36 +01:00
Max Schaefer
47a858610d Merge pull request #239 from smowton/smowton/feature/find-noreturn-user-functions
Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG
2020-07-07 13:37:18 +01:00
Chris Smowton
6e5ee47ade Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG
We also use this to note that user-defined functions can only return normally if their CFG normal exit node is reachable, and annotate some well-known functions as noreturn.

For example, this will by fiat declare os.Exit noreturn (never returns normally), and will also notice that a user function `func myExit() { os.Exit(1) }` is also noreturn, because it doesn't have any control-flow edges that reach the normal return node.
2020-07-07 11:40:06 +01:00
Max Schaefer
842860d7ca Port Location qldoc update.
cf https://github.com/github/codeql/pull/3907
2020-07-07 10:58:00 +01:00
Shati Patel
5ddcf92859 Editorial changes to library modeling topic 2020-07-07 10:02:33 +01:00
Max Schaefer
d8ff2d1641 Merge pull request #246 from smowton/smowton/feature/nuisance-dead-code-warnings
UnreachableStatement: tolerate more harmless unreachable return statements
2020-07-07 09:26:48 +01:00
Chris Smowton
5b34c05916 UnreachableStatement: tolerate more harmless unreachable return statements
The Golang compiler isn't particularly good at spotting paths that don't need a return statement due to a dominating noreturn statement (e.g. os.Exit(1)), so dead return statements are common. We already tried to tolerate some instances of this pattern; this additionally allows 'true' and 'false' literals, and anything of type 'error'.

The carte-blanche for error values aims to accommodate the pattern "abort(); return whateverErrorWouldOtherwiseBeAppropriate();", which is probably preferable to "return nil", a misleading no-error indication.
2020-07-06 17:02:26 +01:00
Max Schaefer
61bc51c133 Merge pull request #242 from max-schaefer/remove-experimental-precision
Remove `@precision` from experimental query.
2020-07-03 10:53:18 +01:00
Max Schaefer
5343315ad0 Remove @precision from experimental query.
We'll add it back when we take it out of experimental status.
2020-07-03 09:51:24 +01:00
Max Schaefer
570b232836 Merge pull request #235 from gagliardetto/bad-unsafe
Query to find wrong uses of package "unsafe"
2020-07-03 09:36:10 +01:00
Slavomir
94c0bc361d Improve comments and alerts 2020-07-02 22:10:17 +03:00
Max Schaefer
534ab94067 Merge pull request #241 from max-schaefer/update-data-flow
Update shared data-flow libraries
2020-07-02 14:07:32 +01:00
Max Schaefer
b83076853f Add change note. 2020-07-02 12:03:43 +01:00
Max Schaefer
89e9c6c2da Teach clear-text logging query to ignore dummy passwords. 2020-07-02 12:02:56 +01:00
Max Schaefer
63187a0889 Make clear-text logging sources more precise. 2020-07-02 12:02:56 +01:00
Max Schaefer
7b903dd062 Teach CleartextLogging not to track through error.Error() and fmt.Stringer.String().
These two are very heavily overloaded and cause all sorts of false positives.
2020-07-02 12:02:56 +01:00
Max Schaefer
f807aa8b5e Merge pull request #233 from owen-mc/library-modeling
Create guide for modeling go libraries
2020-07-02 12:01:45 +01:00
Max Schaefer
dc5813b159 Data flow: Remove big-step relation in flow-through code
cf https://github.com/github/codeql/pull/3857
2020-07-02 11:55:41 +01:00
Max Schaefer
09d2fe391e Data flow: Replace getErasedRepr() and Node::getTypeBound() with getNodeType().
cf https://github.com/github/codeql/pull/3854
2020-07-02 11:55:41 +01:00
Max Schaefer
7925db7911 Merge pull request #240 from max-schaefer/fix-frontend-errors
Fix frontend errors
2020-07-02 10:14:39 +01:00
Max Schaefer
25c969d14c Model message components for Fprintf and friends more precisely. 2020-07-02 09:41:03 +01:00
Max Schaefer
c80314a3fb Treat non-sensitive header retrieval as a barrier. 2020-07-02 09:41:03 +01:00
Max Schaefer
29cbac429f Fix stub for crypto/ssh. 2020-07-02 07:51:29 +01:00
Max Schaefer
5ac8ba9cef Fix an error in Types test. 2020-07-02 07:51:16 +01:00
Max Schaefer
eeae713c2f Dataflow: Refactor dispatch with call context.
cf https://github.com/github/codeql/pull/3804
2020-07-01 20:02:40 +01:00
Slavomir
b919ee03bf Merge branch 'bad-unsafe' of https://github.com/gagliardetto/codeql-go into bad-unsafe 2020-07-01 17:36:50 +03:00
Slavomir
267057b4b2 Use Nodes instead of Expressions 2020-07-01 17:33:40 +03:00
Owen Mansel-Chan
4a002c3044 Address review comments and delete md file 2020-07-01 15:08:00 +01:00
Max Schaefer
f74a94e382 Merge pull request #170 from sauyon/tracing
Extract more dependency ASTs
2020-07-01 14:25:52 +01:00
Owen Mansel-Chan
3a2a33b956 Convert to reStructuredText
Annoyingly rst won't easily let you make some text monospace inside the
text for a link. The only other things I've changed from pandoc's output
are changing "code::" to "code-block::" and adding whitespace to get the
lists to format correctly.
2020-07-01 10:43:08 +01:00
Slavomir
62ccceb543 Apply suggestions from code review
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-07-01 12:16:40 +03:00
Slavomir
87c2ac3caf Remove deprecated; plus aesthetic fix 2020-07-01 12:11:41 +03:00
Owen Mansel-Chan
126d214a2d Address review comments 2020-07-01 10:04:55 +01:00
Slavomir
37af579f27 Implement code review feedback 2020-07-01 12:02:12 +03:00
Max Schaefer
05da78d0f2 Merge pull request #238 from owen-mc/tfunctionoutput-receiver-separate-case
Make receiver a separate case in TFunctionOutput
2020-07-01 09:53:13 +01:00
Slavomir
7475170ced Fix getBaseType 2020-07-01 11:21:15 +03:00
Slavomir
7f65424556 Fix comments and tests 2020-07-01 10:40:34 +03:00
Slavomir
9421476bea Add IndexExpr logic and example 2020-07-01 10:21:16 +03:00
Slavomir
036a1faffa Remove redundancy 2020-06-30 23:00:19 +03:00
Slavomir
c5354a88f0 Update tests 2020-06-30 22:11:05 +03:00
Slavomir
22e9c75d68 If pointer is to an IndexExpr, the use base type of that index expression 2020-06-30 22:07:40 +03:00
Sauyon Lee
6e5e9ce5de Improve comments for extractor utility functions 2020-06-30 11:44:10 -07:00
Sauyon Lee
c6dfcf7365 Merge pull request #237 from github/revert-165-support-actions
Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable"
2020-06-30 11:40:34 -07:00
Owen Mansel-Chan
83fffa6350 Address review comments 2020-06-30 18:37:00 +01:00
Owen Mansel-Chan
826603a396 Make receiver a separate case in TFunctionOutput
This is for consistency with TFunctionInput, which already does this
2020-06-30 17:15:52 +01:00
Owen Mansel-Chan
88e2ae1b2e Address review comments 2020-06-30 17:00:05 +01:00
Remco Vermeulen
a89b87f643 CWE-322 InsecureHostKeyCallback (#234) 2020-06-30 15:38:21 +01:00
Max Schaefer
ccfccb4828 Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable" 2020-06-30 15:13:26 +01:00
Chris Smowton
595866a6d8 Extractor: give the go.mod comment groups a source location (#232)
The comment group is now omitted entirely if empty, and otherwise delimits the range of the comments ascribed to this group.
2020-06-30 14:59:13 +01:00
Max Schaefer
e374f92555 Merge pull request #236 from max-schaefer/update-data-flow
Update data-flow libraries
2020-06-30 14:32:56 +01:00
Slavomir
8238d111b5 Fix tests 2020-06-30 13:37:44 +03:00
Slavomir
c28e83a793 Add references 2020-06-30 12:53:51 +03:00
Slavomir
3181ac6ec8 Add qhelp file and examples 2020-06-30 12:43:42 +03:00
Slavomir
27ac4c3236 Fix comment 2020-06-30 12:12:03 +03:00
Max Schaefer
df4265e31b Add more tests for clear-text logging. 2020-06-30 10:05:01 +01:00
Max Schaefer
ef340954e4 Add mask* as a heuristic name for an obfuscating function. 2020-06-30 10:05:01 +01:00
Max Schaefer
e6a44d4578 Add HTTP-request headers as a source for clear-text logging. 2020-06-30 10:05:01 +01:00
Max Schaefer
e692af21ac Extend model of glog to also cover two API-compatible forks. 2020-06-30 10:05:01 +01:00
Slavomir
6f396b9ad8 Add comments to codeql query 2020-06-30 11:47:14 +03:00
Slavomir
8473ed0d81 Add tests 2020-06-30 11:31:24 +03:00
Slavomir
c71ecd678e Initial commit for: wrong use of package unsafe 2020-06-30 10:45:03 +03:00
Owen Mansel-Chan
63b2afb4ce Create guide for modeling go libraries 2020-06-29 11:46:09 +01:00
Max Schaefer
2b3e3bda8f Data flow: Model field clearing.
cf https://github.com/github/codeql/pull/3762
2020-06-29 11:06:35 +01:00
Max Schaefer
f7ed65692f Data flow: Use accessPathLimit() in partial flow as well.
cf. https://github.com/github/codeql/pull/3494
2020-06-29 11:02:35 +01:00
Max Schaefer
5275168253 Make target branch configurable for sync-dataflow-libraries.
You can now do `make DATAFLOW_BRANCH=<committish> sync-dataflow-libraries`; default is still `master`.
2020-06-29 10:02:59 +01:00
Max Schaefer
76f482682c Merge pull request #182 from owen-mc/gin-framework
Move model for Gin framework out of experimental
2020-06-26 20:26:48 +01:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range
Propagate taint through `range` statements
2020-06-26 19:58:53 +01:00
Sauyon Lee
468d9812c4 Merge pull request #227 from max-schaefer/cve-2018-15798
Teach `OpenUrlRedirect` to propagate out of `URL.Path` and a few other fields.
2020-06-26 06:21:59 -07:00
Max Schaefer
57f8b08568 Update expected test output.
The tests for `UnsafeTLS` now work as expected.
2020-06-26 11:30:26 +01:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
258a276242 Propagate taint through range loops. 2020-06-26 11:20:45 +01:00
Max Schaefer
ce3007395f Rename arrayStep to elementStep, which is more accurate. 2020-06-26 11:20:45 +01:00
Max Schaefer
ba82a76948 Merge pull request #229 from max-schaefer/getAPrimaryQlClass
Rename `describeQlClass` to `getAPrimaryQlClass`.
2020-06-26 07:51:04 +01:00
Max Schaefer
9904b9e926 Allow flow through more URL fields. 2020-06-26 07:50:08 +01:00
Max Schaefer
3bf934d64b Add change note. 2020-06-25 22:23:49 +01:00
Owen Mansel-Chan
82361ce060 Fix modelling of Params part 2 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
cf47159a30 Change how Param and Params are modeled
Previously any read of type Param or Params was a source. Now reading
Context.Params is a source. This should reduce the number of duplicate
paths.
2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
9fd892ab94 Fix context bind sources
Using FunctionOutput was recommended in the first PR but not implemented.
2020-06-25 21:55:00 +01:00
Owen Mansel-Chan
93399c6348 Add tests for bind methods with pointer-typed variables 2020-06-25 16:17:57 +01:00
Max Schaefer
d290bea39a Rename describeQlClass to getAPrimaryQlClass. 2020-06-25 15:08:01 +01:00
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls
Add CWE-327 (unsafe TLS)
2020-06-25 09:18:42 +01:00
Sauyon Lee
380060c7e4 extractor: Refactor regexp compilation for the relative directory check 2020-06-24 23:29:55 -07:00
Sauyon Lee
9e8d386f3c Clarify change note 2020-06-24 23:29:55 -07:00
Sauyon Lee
fa391b1516 extractor: Factor out common bits for running go list 2020-06-24 23:29:54 -07:00
Sauyon Lee
ebdd724b75 Simplify logic for deciding whether to extract a package 2020-06-24 23:29:53 -07:00
Sauyon Lee
e25b882e42 Clarify some comments
As suggested in code review

Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-06-24 23:29:52 -07:00
Sauyon Lee
9bd1f87d66 Address review comments 2020-06-24 23:29:51 -07:00
Sauyon Lee
de2f407c69 Add change note for more dependency AST extraction 2020-06-24 23:29:50 -07:00
Sauyon Lee
7863bb656e Use the -mod argument from the build when calling go list 2020-06-24 23:29:49 -07:00
Sauyon Lee
296d2d5fd3 extractor: modify FileExists to check that the path isn't a directory 2020-06-24 23:29:48 -07:00
Sauyon Lee
3513c352e6 extractor: Factor out FileExists utility function 2020-06-24 23:29:48 -07:00
Sauyon Lee
f197975c6e Extract packages more intelligently
We now extract packages that have the same module root as the specified packages, as determined by
the `go list` command.
2020-06-24 23:29:47 -07:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Slavomir
4dc1399385 Update comments on the lines that have incorrect flagging 2020-06-24 15:11:33 +03:00
Sauyon Lee
6883a97628 Merge pull request #223 from max-schaefer/update-data-flow
Data flow: Track precise types during field flow
2020-06-24 00:10:54 -07:00
Max Schaefer
8c27e16190 Merge pull request #226 from smowton/smowton/fix/remove-spurious-cfg-edge-from-expressionless-switch
Remove spurious control-flow edge around switch block without a test
2020-06-24 07:47:37 +01:00
Slavomir
3aa9b25673 Fix comment 2020-06-23 22:40:25 +03:00
Chris Smowton
4882f277f5 Remove spurious control-flow edge around switch block without a test-expression
Previously we thought it possible to get from top to bottom of a block like "switch { case f(): ... }", when in fact this is only possible if there are no case blocks to execute.

I also add tests for two possible corner cases of a switch without a test-expression: a completely empty switch (the 'true' is indeed the last node) and switch with an empty default block (a single 'skip' is generated for the default block and the 'true' is not the last node)
2020-06-23 17:46:08 +01:00
Chris Smowton
1dc427a2c5 Cleanup: use TypeSwitchStmt.getAssign, not a raw child accessor 2020-06-23 17:46:08 +01:00
Max Schaefer
4e6d9b3811 Teach OpenUrlRedirect to propagate out of URL.Path and a few other fields. 2020-06-23 15:29:18 +01:00
Slavomir
561c5b91d2 Implement code review feedback 2020-06-23 16:07:05 +03:00
Max Schaefer
95011cebc2 Merge pull request #225 from sauyon/unqualify-functioninput
Unqualify uses of FunctionInput and FunctionOutput
2020-06-23 11:24:46 +01:00
Slavomir
56727b220b Try different ways of passing taint through a field 2020-06-23 12:14:49 +03:00
Sauyon Lee
ecff1e6a16 Unqualify uses of FunctionInput and FunctionOutput 2020-06-22 22:25:33 -07:00
Max Schaefer
d3e6e5c0b3 Data flow: Track precise types during field flow
cf https://github.com/github/codeql/pull/3456
2020-06-22 20:53:05 +01:00
Slavomir
4ab929a656 Simplify 2020-06-22 17:54:07 +03:00
Slavomir
29eba441d7 Determine TLS version from int value 2020-06-22 17:50:20 +03:00
Slavomir
70bc4c81a0 Fix typo 2020-06-22 17:15:56 +03:00
Slavomir
783f710188 Fix comments 2020-06-22 17:12:15 +03:00
Slavomir
e38d4ecd9c Fix typos 2020-06-22 17:00:31 +03:00
Slavomir
bbf8d7306b Add CWE-327 2020-06-22 16:54:14 +03:00
Max Schaefer
d8374adbde Merge pull request #219 from max-schaefer/refine-virtual-dispatch
Refine potential targets for method call through interface
2020-06-22 13:47:48 +01:00
Max Schaefer
b2ea23685c Merge pull request #220 from max-schaefer/master
Temporarily disable CodeQL analysis
2020-06-22 13:46:51 +01:00
Max Schaefer
b64d3467aa Temporarily disable CodeQL analysis
https://github.com/github/codeql-go/pull/184 added a regression test for the non-termination it was fixing. The fix hasn't made it into Code Scanning yet, so for the time being it will fail with precisely that non-termination when analysing the regression tests.
2020-06-22 12:18:29 +01:00
Max Schaefer
1f68a32cdc Add change note. 2020-06-22 09:22:47 +01:00
Max Schaefer
759e3d5632 Further refine potential call targets for interface calls.
The call target must belong to the method set of a type that implements the interface type of the method call receiver, if any.

For example, assume `h` has type `hash.Hash`, then `h.Write(...)` should only be resolved to implementations of `Write` in types implementing `hash.Hash`, not arbitrary other `Writer`s.
2020-06-22 09:22:47 +01:00
Max Schaefer
1c58028ae3 Expose receiver type in isInterfaceCallReceiver. 2020-06-22 09:22:47 +01:00
Max Schaefer
0e5e116217 Add a few more utility predicates to DataFlow::Node. 2020-06-22 09:22:47 +01:00
Max Schaefer
18db1fe79f Merge pull request #184 from max-schaefer/lookup-fields-in-cyclic-struct
Fix field lookup in cyclic structs
2020-06-21 09:23:57 +01:00
Max Schaefer
47c4c55923 Merge pull request #185 from github/max-schaefer-patch-2
Set up Code Scanning
2020-06-20 10:41:25 +01:00
Sauyon Lee
8742f09343 Merge pull request #186 from max-schaefer/fix-test-compile-errors
Fix compiler errors in tests.
2020-06-19 08:28:34 -07:00
Chris Smowton
6c230980a3 Merge pull request #187 from max-schaefer/fill-in-qldoc
Add qldoc for three public predicates in `PrintAst.qll`.
2020-06-19 15:30:24 +01:00
Max Schaefer
0f4297ff5c Add qldoc for three public predicates in PrintAst.qll.
It's bland, but we try to maintain a 100% documentation coverage for our public library elements.
2020-06-19 14:25:57 +01:00
Max Schaefer
314bda2a7f Fix compiler errors in tests. 2020-06-19 14:21:10 +01:00
Max Schaefer
df02ad404e Set up Code Scanning 2020-06-19 14:02:31 +01:00
Max Schaefer
79b0ea8d77 Merge pull request #183 from smowton/smowton/cleanup/field-parent
Clean up @field and @fieldparent usage
2020-06-19 11:30:52 +01:00
Chris Smowton
3c8153ca1e Clean up @field and @fieldparent usage
* Centralise use of raw types and database predicates in FieldParent and FieldBase classes
* Deduplicate type predicates common to all fields
* Deduplicate predicates common to function parameters and results
2020-06-19 11:00:42 +01:00
Max Schaefer
c31a7fc228 Add a few more tests. 2020-06-19 09:28:12 +01:00
Max Schaefer
2df8c275e0 Fix field lookup in cyclic structs. 2020-06-19 08:16:09 +01:00
Max Schaefer
7c2358c1d0 Merge pull request #181 from sauyon/reflectedxss-fps
ReflectedXSS refinement
2020-06-18 11:14:13 +01:00
Max Schaefer
7af168fc3b Merge pull request #179 from smowton/smowton/feature/printast
Add barebones PrintAST for Go
2020-06-17 17:02:53 +01:00
Owen Mansel-Chan
c5cb55afc6 Add a change note 2020-06-17 15:14:16 +01:00
Owen Mansel-Chan
2282def1e2 Merge pull request #180 from owen-mc/email-injection
Move email injection query out of experimental folder
2020-06-17 15:11:31 +01:00
Chris Smowton
1a823b21f1 PrintAst: Emit relative paths for file nodes
This is a workaround for codeql run test not itself truncating absolute paths
when comparing against actual output.
2020-06-17 15:03:29 +01:00
Owen Mansel-Chan
49abd0b9b1 Add test using hashing 2020-06-17 14:33:53 +01:00
Chris Smowton
80b9be1004 Add simple PrintAst test
This both checks that many common control-flow structures print as expected, and checks our unique child node numbering, which would otherwise give the same label to a file's package (its 0th child expression) and its 0th declaration.
2020-06-17 14:25:45 +01:00
Owen Mansel-Chan
83697f62ac Address review comments on qhelp 2020-06-17 14:21:37 +01:00
Chris Smowton
bd7b7c06b5 Add AstNode.getCanonicalQlClass and use it in PrintAst
This gives those classes satisfied by an AstNode that are considered useful for developer understanding, cf. getAQlClass which returns all satisfied classes and hides overridden ones, even if they are interesting.
2020-06-17 13:47:23 +01:00
Owen Mansel-Chan
3a3fbfff45 Update moved files 2020-06-17 11:36:11 +01:00
Owen Mansel-Chan
d7c6391b41 Move Gin files out of experimental
No changes have been made to the files in this commit
2020-06-17 11:34:09 +01:00
Owen Mansel-Chan
f926808c8a Address review comments 2020-06-17 10:11:41 +01:00
Sauyon Lee
ed87c346cf Add tests for the ReflectedXSS HTML content type sniffing regexp 2020-06-17 00:28:03 -07:00
Sauyon Lee
95235c8415 Add change note for reflected xss regexp fixes 2020-06-17 00:28:03 -07:00
Sauyon Lee
4f3854c052 ReflectedXSS: Ignore whitespace for HTML content type detection 2020-06-17 00:28:02 -07:00
Chris Smowton
464773d99a Add initial implementation of PrintAST for Go
Known shortcomings:

* Uses getAQlClass rather than tagging AST nodes with a canonical class, as the C++ version of the same query does
* Types and go.mod lines are not printed informatively (typically we just get a short description of the node kind, e.g. 'function type')
* Children are always named for their child indices; we should give informative names to the edges where an accessor is declared (e.g. IfStmt names its children 'init', 'cond', 'if', 'else')
2020-06-16 17:21:56 +01:00
Owen Mansel-Chan
a3bc094731 Add change note 2020-06-16 15:48:39 +01:00
Owen Mansel-Chan
1b49bcc3b3 Put code snippets from qhelp in test folder 2020-06-16 15:44:51 +01:00
Owen Mansel-Chan
336eba1be4 Add Hash.Write and similar as sanitizers 2020-06-16 12:48:43 +01:00
Sauyon Lee
1853e990a3 ReflectedXss: Allow regexp to match newlines 2020-06-16 00:43:12 -07:00
Owen Mansel-Chan
f27ecdabb8 Set precision to high 2020-06-15 17:42:19 +01:00
Owen Mansel-Chan
4f6ce61de2 Move EmailInjection query out of experimental 2020-06-15 17:42:19 +01:00
Max Schaefer
a88bf4c9fa Merge pull request #177 from sauyon/whitelist
Use allow or allowlist instead of whitelist
2020-06-13 19:44:51 +01:00
Sauyon Lee
66f733d798 Use allow or allowlist instead of whitelist 2020-06-12 09:16:41 -07:00
Owen Mansel-Chan
282b8cb9e4 Merge pull request #175 from owen-mc/array-slice-literal
Add classes for array and slice literals
2020-06-12 12:12:02 +01:00
Owen Mansel-Chan
e6217d90d7 Provide better strings for map and struct literals 2020-06-12 11:23:58 +01:00
Owen Mansel-Chan
dc113ab19f Update tests for new strings 2020-06-12 10:40:13 +01:00
Owen Mansel-Chan
e9c2958095 Add classes for array and slice literals 2020-06-12 10:40:13 +01:00
Max Schaefer
47804d68c7 Merge pull request #176 from max-schaefer/update-data-flow
Data flow: Allow nodes to be hidden from path explanations
2020-06-12 07:23:15 +01:00
Owen Mansel-Chan
f11b956583 Add a superclass for literals (#172) 2020-06-11 19:53:40 +01:00
Max Schaefer
40ffa221bc Merge pull request #171 from owen-mc/typeexprs-extend-typeexpr
Make `ArrayTypeExpr` and so on extend `TypeExpr`
2020-06-11 17:20:29 +01:00
Max Schaefer
b164cf33c7 Merge pull request #174 from github/rc/1.24
Merge rc/1.24 into master
2020-06-11 17:19:23 +01:00
Max Schaefer
9e3681cda4 Merge pull request #173 from owen-mc/update-ast-class-reference
Update AST class reference
2020-06-11 16:47:43 +01:00
Owen Mansel-Chan
71005f19c6 Update AST class reference
To match https://github.com/github/codeql/pull/3685
2020-06-11 16:08:36 +01:00
Owen Mansel-Chan
c891d22f74 Make ArrayTypeExpr and so on extend TypeExpr
To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).
2020-06-11 11:06:15 +01:00
Max Schaefer
c6537f6d3b Data flow: Allow nodes to be hidden from path explanations
cf https://github.com/github/codeql/pull/3657
2020-06-11 09:59:40 +01:00
Max Schaefer
24e2a294ed Merge pull request #169 from max-schaefer/rc/1.24
Merge rc/1.24 into master
2020-06-11 09:15:28 +01:00
Max Schaefer
d8f1873635 Merge branch 'master' into rc/1.24 2020-06-11 08:10:22 +01:00
Owen Mansel-Chan
c30893aba7 Add AST class reference (#164) 2020-06-10 15:59:48 +01:00
Max Schaefer
8787f0b4f0 Merge pull request #165 from sauyon/support-actions
autobuilder: Add support for GITHUB_REPOSITORY environment variable
2020-06-10 09:45:18 +01:00
Sauyon Lee
4cd3f89128 Merge pull request #168 from max-schaefer/make-autoformat
Add Make target to autoformat all QL.
2020-06-09 12:55:57 -07:00
Sauyon Lee
ba0f922a28 autobuilder: Add support for GITHUB_REPOSITORY environment variable
This is for use within GitHub actions
2020-06-09 11:52:23 -07:00
Max Schaefer
1342d8688e Autoformat. 2020-06-09 17:38:18 +01:00
Max Schaefer
b4b78ff923 Use newer version of CodeQL. 2020-06-09 17:36:38 +01:00
Max Schaefer
6b5657b5fb Add PR check to ensure everything is autoformatted. 2020-06-09 17:31:29 +01:00
Max Schaefer
04af08ca0d Add Make target to autoformat all QL.
Use

```sh
make autoformat
```

to format all `.ql` and `.qll` files under `ql/src`.

Use

```sh
make AUTOFORMAT=--check-only autoformat
```

to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
2020-06-09 17:27:53 +01:00
Max Schaefer
524b11b81a Merge pull request #163 from robertbrignull/more-suites
Add more code-scanning suites
2020-06-04 09:53:14 +01:00
Robert Brignull
9ee57374cb add more code-scanning suites 2020-06-01 10:58:49 +01:00
Max Schaefer
b37bdec66c Merge pull request #157 from owen-mc/isresult-consistency
Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results
2020-05-29 17:13:21 +01:00
Max Schaefer
2f7ff6b56c Merge pull request #162 from max-schaefer/open-url-redirect-formvalue
Consider `Request.FormValue(...)` as a source for URL redirects.
2020-05-29 15:56:50 +01:00
Max Schaefer
8f0592a079 Consider Request.FormValue(...) as a source for URL redirects.
Despite its name, this method doesn't just handle form values but also query parameters.
2020-05-29 15:03:05 +01:00
Sauyon Lee
b1db53e733 Merge pull request #161 from max-schaefer/more-mutable-types
Broaden definition of mutable types for taint tracking
2020-05-29 06:55:16 -07:00
Max Schaefer
64c60f6153 Merge pull request #160 from sauyon/readme
Add links to the CodeQL CLI and LGTM.com
2020-05-29 07:13:20 +01:00
Sauyon Lee
51026a7142 Add links to the CodeQL CLI and LGTM.com 2020-05-28 22:38:23 -07:00
Owen Mansel-Chan
36fa2c29fa Simplify more code 2020-05-28 17:40:23 +01:00
Owen Mansel-Chan
65608a2912 Address review comments 2020-05-28 17:24:37 +01:00
Max Schaefer
e3501ddb44 Introduce more post-update nodes.
To model (taint) flow through functions, we introduce post-update nodes for arguments (including receivers), but only if that argument is mutable.

However, previously our criterion for determining whether an argument is mutable was a little too restrictive. In particular, we would not consider a struct-typed argument as mutable, since structs are passed by value. While this is reasonable for data flow, it is unnecessarily restrictive for taint, since it makes perfect sense to track deep taint through structs.

So instead we now turn things round and instead consider _all_ types to be mutable except for primitive types (booleans, numbers, and strings).
2020-05-28 15:33:09 +01:00
Max Schaefer
0dd7676bd8 Add another function-model test. 2020-05-28 15:31:00 +01:00
Max Schaefer
1c5dd51992 Add codespaces configuration 2020-05-28 13:09:21 +00:00
Owen Mansel-Chan
bbce7d1f05 Simplify existing code 2020-05-28 13:07:08 +01:00
Owen Mansel-Chan
1c5a4605d6 Add CallNode.getAResult() 2020-05-28 12:49:05 +01:00
Owen Mansel-Chan
1580591b73 Address review comments 2020-05-28 12:49:05 +01:00
Max Schaefer
e7095baa39 Fix nonHtmlContentType. 2020-05-27 16:52:11 +01:00
Owen Mansel-Chan
f0e1147551 Make CallNode.getResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
4be805966f Make FunctionOutput.isResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
ae2ed877ee Add tests for CallNode.getResult 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
53cfbcc255 Add tests for FunctionOutput.isResult 2020-05-27 10:24:03 +01:00
Max Schaefer
8596a99f9d Merge pull request #156 from max-schaefer/update-data-flow
Data flow: Remove deprecated predicates.
2020-05-26 16:16:44 +01:00
Max Schaefer
a59e754403 Data flow: Remove deprecated predicates.
cf https://github.com/github/codeql/pull/3515
2020-05-26 11:09:35 +01:00
Max Schaefer
1f54edfe99 Add make target for synchronising data-flow libraries. 2020-05-26 11:09:07 +01:00
Max Schaefer
63fddfc705 Merge pull request #155 from sauyon/dbscheme-binary
Create a new entry point for generating dbschemes
2020-05-26 10:17:39 +01:00
Sauyon Lee
aef7524f35 Add a go-gen-dbscheme for generating dbschemes 2020-05-22 08:04:40 -07:00
Max Schaefer
4206408826 Merge pull request #153 from max-schaefer/cleanup-107
More cleanup
2020-05-22 13:18:46 +01:00
Max Schaefer
223d0dbf0b Fix missing </p> in qhelp. 2020-05-22 11:18:27 +01:00
Max Schaefer
bccf750e2e Sort go.qll alphabetically. 2020-05-22 11:12:31 +01:00
Max Schaefer
1d479d9a73 Add change note. 2020-05-22 11:11:58 +01:00
Max Schaefer
3c8fa02356 Regularise a few comments. 2020-05-22 11:11:58 +01:00
Max Schaefer
adc3ce8274 Extend documentation for package and use it in two more places.
The predicate now works with an empty package path.

The way this is implemented is perhaps slightly non-obvious: the `($|/)\\Q" + path + "\\E"` part of the regular expression either matches the end of the string (and `path` must then be empty), or a slash followed by `path` (which may or may not be empty).

We do allow non-canonical import paths ending in `/`, which the compiler rejects. We could disallow that by putting a `(?!$)` assertion after the `/`, but that seems overkill.
2020-05-22 11:11:58 +01:00
Max Schaefer
31c636fa55 Standardise on capitalisation WebSocket. 2020-05-22 11:11:58 +01:00
Max Schaefer
1d910a9622 Merge pull request #148 from owen-mc/syntax-examples-for-ast-classes
Add syntax examples to  qldoc comments for AST classes
2020-05-22 10:48:18 +01:00
Owen Mansel-Chan
df8bfab6d6 Address review comments 2020-05-22 10:06:23 +01:00
Max Schaefer
e7ad4f9308 Merge pull request #152 from github/jf205-patch-1
Link README.md to the CodeQL repo
2020-05-22 09:44:03 +01:00
Owen Mansel-Chan
2c8e4a2b34 Add syntax examples to qldoc comments for AST classes 2020-05-22 09:28:50 +01:00
James Fletcher
e596c988f1 Update README.md 2020-05-21 16:43:04 +01:00
Max Schaefer
27cab43448 Merge pull request #151 from sauyon/remove-binary
Remove accidentally committed binary
2020-05-20 22:24:42 +01:00
Max Schaefer
f1b5a18aa2 Merge pull request #109 from porcupineyhairs/WebsocketXss
Model websocket read and write functions.
2020-05-20 19:45:25 +01:00
Sauyon Lee
8b9abf1abb Add main to .gitignore 2020-05-20 09:19:51 -07:00
Sauyon Lee
0b7eea7852 Remove accidentally added binary 2020-05-20 09:19:42 -07:00
Sauyon Lee
581a81ca1a Add missing licenses for websocket libraries 2020-05-20 09:16:38 -07:00
Sauyon Lee
92aad7ea1e Fix dependency stubs for websocket framework 2020-05-20 09:01:46 -07:00
Sauyon Lee
a2e2e260b2 Merge branch 'master' into WebsocketXss 2020-05-20 08:57:36 -07:00
Porcupiney Hairs
d1d4c2e492 Golang : Add WebSocket Read and Write Functions. 2020-05-20 20:48:43 +05:30
Sauyon Lee
f599a502fc Merge pull request #150 from max-schaefer/cleanup-108
Various cleanups
2020-05-20 08:13:48 -07:00
Max Schaefer
4a5b29e78f Add a missing qldoc comment. 2020-05-20 14:37:38 +01:00
Max Schaefer
ed3a06ea5d Autoformat QL. 2020-05-20 14:35:01 +01:00
Max Schaefer
b871f54e4d Fix frontend error in ql/test/query-tests/Security/CWE-079. 2020-05-20 14:34:36 +01:00
Max Schaefer
7773828347 Fix frontend errors in ql/test/library-tests/semmle/go/frameworks/Websocket. 2020-05-20 14:34:22 +01:00
Max Schaefer
7e314f037a Fix frontend errors in ql/test/library-tests/semmle/go/Packages. 2020-05-20 14:27:00 +01:00
Max Schaefer
806cfc7c5e Merge pull request #149 from max-schaefer/cleanup-130
Clean up NoSQL library
2020-05-20 13:55:54 +01:00
Max Schaefer
f5a8e07cf0 Merge pull request #107 from porcupineyhairs/ssrf
Add SSRF query to codeql-go
2020-05-20 13:55:07 +01:00
Max Schaefer
9a4bee9448 Add change note. 2020-05-20 10:10:28 +01:00
Max Schaefer
267416f61f Rename a predicate to clarify that it is MongoDB specific. 2020-05-20 10:08:49 +01:00
Max Schaefer
cc24a8879f Rewrite a taint step to make more idiomatic use of the data-flow library. 2020-05-20 10:05:43 +01:00
Max Schaefer
8cc76edee4 Rephrase a comment and split up some very long lines. 2020-05-20 10:05:26 +01:00
Max Schaefer
d7b82b2355 Rename a few modules and classes to reflect the fact that NoSQL queries are not usually strings. 2020-05-20 10:04:59 +01:00
Sauyon Lee
f2bbbe30e2 Stub WebSocket dependencies 2020-05-19 19:53:03 +05:30
Porcupiney Hairs
2b5989cff2 Add improvements for codeql-go SSRF query 2020-05-19 19:53:03 +05:30
Max Schaefer
6d93f48933 Merge pull request #147 from owen-mc/redundant-recover
Go: Add query for redundant calls to recover
2020-05-19 07:14:27 +01:00
Owen Mansel-Chan
275be36e4a Update change-notes/2020-05-18-redundant-recover.md
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
2020-05-19 06:31:47 +01:00
Owen Mansel-Chan
23a7db5d4d Minor textual corrections 2020-05-18 17:05:49 +01:00
Owen Mansel-Chan
fbee7fe983 Add new query for redundant calls to recover 2020-05-18 16:13:46 +01:00
Sauyon Lee
e57edccdab Merge pull request #145 from max-schaefer/allocation-size-overflow-is-big
Simplify logic in AllocationSizeOverflow query.
2020-05-15 11:20:01 -07:00
Max Schaefer
8a8082f6ad Merge pull request #144 from max-schaefer/interface-method-implements
Refine `Method.implements` so that interface methods only implement themselves.
2020-05-15 17:01:28 +01:00
Max Schaefer
27cb92fb86 Use .pp() in a few tests selecting types. 2020-05-15 15:54:23 +01:00
Max Schaefer
9c7e46386f Simplify logic in AllocationSizeOverflow query. 2020-05-15 11:20:11 +01:00
Max Schaefer
d300ec6324 Refine Method.implements so that interface methods only implement themselves.
Without this restriction, the two `m`s in the following example are considered to implement each other, even though they aren't logically related:

```go
type I interface {
  m()
}

type J interface {
  m()
}

type K struct {
  I
  J
}
```

Previously, interface methods would sometimes implement themselves and sometimes not (see changes to test output for examples).
2020-05-15 11:09:17 +01:00
Max Schaefer
87c1bcad0a Merge pull request #143 from github/max-schaefer-patch-1
Clarify which types have a qualified name.
2020-05-15 08:40:13 +01:00
Max Schaefer
24d8c7ea17 Clarify which types have a qualified name. 2020-05-15 07:31:51 +01:00
Max Schaefer
d41e41812b Merge pull request #141 from sauyon/reflectedxss-fps
ReflectedXss improvements
2020-05-15 07:23:39 +01:00
Sauyon Lee
5e633b2c74 Add EqualityTestNode.getPolarity 2020-05-14 14:38:59 -07:00
Sauyon Lee
5e2b973ac4 Update comment in ReflectedXss test
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-05-14 14:35:08 -07:00
Sauyon Lee
ee0f3c9fba Address review comments 2020-05-14 02:30:14 -07:00
Sauyon Lee
804165c9ef Fix comment in ReflectedXss nonhtmlcontenttype
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-05-14 02:28:15 -07:00
Max Schaefer
1fbf552ef5 Merge pull request #140 from sauyon/depstubber-update
Update dependency stubs
2020-05-14 09:29:17 +01:00
Sauyon Lee
97b3ec5cfc Update dependency stubs 2020-05-13 10:07:14 -07:00
Sauyon Lee
ac55287210 Merge pull request #138 from max-schaefer/fix-tests
Fix frontend errors in two tests and a code example
2020-05-13 08:50:35 -07:00
Sauyon Lee
b8b9ff13f3 Merge pull request #139 from max-schaefer/cleanup-131
Cleanup of `io` model
2020-05-13 08:29:45 -07:00
Max Schaefer
d5fcf28e03 Add change note.
While we didn't see any new results in the evaluation, this is a fairly substantial amount of changes, so adding a change note is probably justified.
2020-05-13 15:55:52 +01:00
Max Schaefer
e852caea07 Cleanup of Io module.
- Undid rename from `Io` to `IO`
  - Ensured function signatures in comments have leading `func`
  - Removed superfluous `extends Function` clauses
  - Renamed a few classes to be more consistent.
2020-05-13 15:55:52 +01:00
Max Schaefer
41b5fc17ab Inline two single-use predicates.
This fixes a TODO.
2020-05-13 15:40:36 +01:00
Max Schaefer
6e58524b78 Fix a typo. 2020-05-13 15:40:31 +01:00
Max Schaefer
ec2314310e Fix code example in query. 2020-05-13 15:38:48 +01:00
Max Schaefer
ac9e39120b Fix unused variable in test. 2020-05-13 15:28:49 +01:00
Max Schaefer
e034458574 Fix MongoDB tests. 2020-05-13 15:25:54 +01:00
Sauyon Lee
83a3b6336f Add change note 2020-05-13 04:31:23 -07:00
Sauyon Lee
748dd6801e Handle HTTP response writers that are fields 2020-05-13 04:31:07 -07:00
Sauyon Lee
9e5645fa9d Add similar predicate to SsaWithFields 2020-05-13 03:56:55 -07:00
Sauyon Lee
2089cb4543 Merge pull request #133 from max-schaefer/cleanup-conditional-bypass
Cleanup conditional-bypass query
2020-05-13 02:31:13 -07:00
Max Schaefer
005e49fe94 Merge pull request #130 from porcupineyhairs/MongoInjection
Golang : Add MongoDB injection support
2020-05-13 09:43:49 +01:00
Sauyon Lee
24e939730a Merge pull request #134 from max-schaefer/fix-test-errors
Fix frontend errors in tests
2020-05-13 01:38:30 -07:00
Max Schaefer
89d633ac3f Merge pull request #120 from porcupineyhairs/SensitiveActionBypass
User-controlled bypass of sensitive action
2020-05-12 19:48:24 +01:00
Max Schaefer
d438b5ec03 Merge pull request #131 from porcupineyhairs/IO
Model stdlib's IO package.
2020-05-12 19:41:40 +01:00
Slavomir
84e2a5ddd2 Add experimental library: gin web framework (#117) 2020-05-12 14:27:11 +01:00
Max Schaefer
6f21b4030e Merge pull request #135 from sauyon/tempfile-test
Add support for ioutil TempFile and TempDir
2020-05-12 14:25:38 +01:00
Sauyon Lee
21bfaec0d3 TaintedPath: Add change note for tempfiles 2020-05-12 05:44:19 -07:00
Porcupiney Hairs
e51bc42bfb fix metadata 2020-05-12 17:31:24 +05:30
Sauyon Lee
33e4961c95 ReflectedXss: Add an equality test guard 2020-05-12 04:53:18 -07:00
Sauyon Lee
1ef06e9e40 Add getType to SsaWithFields 2020-05-12 04:52:44 -07:00
Max Schaefer
5dac94d24c Merge pull request #116 from gagliardetto/CWE-681
CWE 681
2020-05-12 11:59:08 +01:00
Slavomir
556f527193 Exclude results in test files 2020-05-12 13:12:47 +03:00
Slavomir
e5e74f34d7 Add note on why the zero is commented out in Lt32BitFlowConfig 2020-05-12 13:06:11 +03:00
Slavomir
623d5b3a97 Add comments 2020-05-12 13:00:50 +03:00
Slavomir
ea7c38c99c Remove references section from qhelp file 2020-05-12 13:00:27 +03:00
Slavomir
67a7294d10 Simplify and remove deprecated; add severity 2020-05-12 12:51:13 +03:00
Sauyon Lee
58e41e9302 ReflectedXss: More broadly exclude values with a constant prefix 2020-05-11 15:49:37 -07:00
Max Schaefer
a55c828fe4 Update ql/src/experimental/CWE-840/ConditionalBypass.ql
Co-authored-by: porcupineyhairs <61983466+porcupineyhairs@users.noreply.github.com>
2020-05-11 15:26:30 +01:00
Porcupiney Hairs
d0061bfd4b Golang : Add MongoDB injection support
This PR adds support for MongoDB injection to the existing SQL injection query.
This models the official Golang MongoDB driver.

A  brief summary of changes made in this query are :

1. A `NoSQL.qll` files has been created to model a `NoSQLQueryString`.

2. An entry is added in `go.qll` by default as I find these changes may be generally useful.

3. Library tests along with there expected outputs are added.

4. Query tests are added. However, I am unable to add the expected output as qltest
can't find depstubber. However, these can be easily added. I have created a separate
codeql-go database with the same files and ran the query against the same. I can see
there should be 14 correct results added from this PR.
2020-05-11 19:55:48 +05:30
Porcupiney Hairs
9b53ad3b3c model IO package 2020-05-11 19:39:01 +05:30
Porcupiney Hairs
c1856ba260 fix tests 2020-05-11 19:32:28 +05:30
Max Schaefer
4a7171d91e Fix frontend errors in BadRedirectCheck tests. 2020-05-11 11:45:21 +01:00
Max Schaefer
17dd99d326 Fix frontend errors in Mux tests. 2020-05-11 11:45:08 +01:00
Max Schaefer
df9902512f More cleanup in help and tests.
In particular, I have copied over the examples referenced in the qhelp into the test folder and made sure they compile.
2020-05-11 11:07:38 +01:00
Max Schaefer
287dda0ab5 Minor cleanup in query and tests. 2020-05-11 11:05:40 +01:00
Max Schaefer
78201a2c5f Rename ConditionBypass* to ConditionalBypass* for consistency with other languages. 2020-05-11 10:47:00 +01:00
Max Schaefer
3e830b69b5 Merge pull request #121 from porcupineyhairs/conditionBypass
User-controlled bypass of a comparision
2020-05-11 10:41:33 +01:00
Slavomir
5df81d3210 Apply suggestions from code review
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-05-11 12:37:14 +03:00
Sauyon Lee
181c03ebf3 Add support for ioutil TempFile and TempDir 2020-05-10 18:25:55 -07:00
Porcupiney Hairs
b32ac2a47f fix tests 2020-05-11 04:51:17 +05:30
Porcupiney Hairs
4aba80b0bd include changes from review 2020-05-11 04:05:41 +05:30
Porcupiney Hairs
3d10ec7e51 remove some obvious false positives and include changes from review 2020-05-11 03:13:01 +05:30
Max Schaefer
0e779d0b64 Merge pull request #62 from max-schaefer/update-data-flow
Port recent data-flow improvements
2020-05-07 16:07:33 +01:00
Max Schaefer
994536e93b Add change note. 2020-05-07 11:46:31 +01:00
Max Schaefer
70f87b59d2 Data flow: Support stores into nodes that are not PostUpdateNodes.
cf https://github.com/github/codeql/pull/3312
2020-05-06 19:43:27 +01:00
Max Schaefer
fd2e618be2 Data flow: No more summaries
cf https://github.com/github/codeql/pull/3110
2020-05-06 19:43:27 +01:00
Max Schaefer
968d4d9cdd Revert the join order fix from https://github.com/github/codeql/pull/2872.
cf https://github.com/github/codeql/pull/3202
2020-05-06 19:43:27 +01:00
Max Schaefer
f2b43f65f9 Data flow: Exclude param-param flow through identical params.
cf https://github.com/Semmle/ql/pull/3060
2020-05-06 19:43:27 +01:00
Max Schaefer
aabe2f2f82 Data flow: No magic in returnFlowCallableCand.
cf https://github.com/Semmle/ql/pull/3142
2020-05-06 19:43:27 +01:00
Max Schaefer
c9ba6dd672 Fix up hasLocationInfo predicate. 2020-05-06 19:43:27 +01:00
Max Schaefer
5cd9168e4d Data flow: Refactoring + performance improvements
cf https://github.com/Semmle/ql/pull/2903
2020-05-06 19:43:27 +01:00
Max Schaefer
96120e1e35 Update expected output. 2020-05-06 19:43:27 +01:00
Max Schaefer
8d10a8dd5b Fix bug in type pruning.
cf https://github.com/Semmle/ql/pull/3020
2020-05-06 19:43:27 +01:00
Max Schaefer
d008d2a6a8 Fix performance issue in partial paths exploration.
cf https://github.com/Semmle/ql/pull/3021
2020-05-06 19:43:27 +01:00
Max Schaefer
1d4a993d87 Merge pull request #132 from max-schaefer/extends-this-class
Fix copy-pasted typo.
2020-05-06 19:42:55 +01:00
Max Schaefer
d6a5a72c01 Fix copy-pasted typo. 2020-05-06 13:54:28 +01:00
Sauyon Lee
164149b29a Merge pull request #129 from max-schaefer/fix-argument-post-update-nodes
Fix and improve taint-tracking through function arguments
2020-05-06 02:57:01 -07:00
Max Schaefer
08f5451fce Address review comments. 2020-05-06 07:32:15 +01:00
Max Schaefer
9f59777cc9 Merge pull request #119 from jcreedcmu/jcreed/jump-to-def-ide
Add queries for ide search.
2020-05-05 15:10:58 +01:00
Jason Reed
5653889a39 Exclude IDE queries from query suites. 2020-05-05 09:22:44 -04:00
Max Schaefer
2fb3d39f61 Merge pull request #128 from sauyon/mux
Add support for Mux library
2020-05-05 13:57:37 +01:00
Max Schaefer
a79f2b4f44 Add change note for CleartextLogging. 2020-05-05 12:05:09 +01:00
Max Schaefer
b177d58c88 Tweak test.
The query under test isn't a `@problem` query, so we should refer to "alerts".
2020-05-05 12:05:09 +01:00
Max Schaefer
60a6c96863 Simplify modeling of NewContent. 2020-05-05 12:05:09 +01:00
Max Schaefer
5a96b0e8ac Add two function models for handling MIME APIs. 2020-05-05 12:05:09 +01:00
Max Schaefer
be94f2b9e6 Improve and extend various standard-library function models. 2020-05-05 12:05:09 +01:00
Max Schaefer
ca0d9cc66e Merge pull request #127 from max-schaefer/clean-up-email-injection
Clean up `EmailInjection.qll` and related libraries.
2020-05-05 11:56:43 +01:00
Sauyon Lee
a841077cbe Add support for Mux library 2020-05-05 03:25:08 -07:00
Max Schaefer
54f10157b0 Update ql/src/semmle/go/frameworks/Email.qll
Co-authored-by: Sauyon Lee <sauyon@github.com>
2020-05-05 11:24:19 +01:00
Max Schaefer
e632c75de3 Add support for taint models involving "backwards" taint propagation from results to arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
5e8e51993e Simplify SmtpData. 2020-05-04 16:36:38 +01:00
Max Schaefer
5b0c48e332 Add taint models for fmt.Fprintf and io.WriteString. 2020-05-04 16:36:38 +01:00
Max Schaefer
d0e8d6efda Fix post-update nodes for function arguments. 2020-05-04 16:36:38 +01:00
Max Schaefer
b1899374b9 Merge pull request #126 from max-schaefer/new-style-change-notes
Switch to new-style change notes.
2020-05-04 15:42:24 +01:00
Max Schaefer
04a19b7150 Clean up EmailInjection.qll and related libraries. 2020-05-04 09:13:23 +01:00
porcupineyhairs
657108d598 Add Email Content Injection Query (#108)
This adds a query for Email content injection issues.
It models the Golang's net/smtp library as well as
the Sendgrid email library (581 stars).
2020-05-04 07:54:30 +01:00
Max Schaefer
980241603b Switch to new-style change notes. 2020-05-01 07:57:13 +01:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
2020-05-01 07:13:16 +01:00
Slavomir
836b8965e2 Beautify .qhelp file 2020-04-30 16:59:30 +03:00
Slavomir
127cd3d003 Refactor query 2020-04-30 16:46:19 +03:00
Slavomir
b9fae2e5d0 Add newline 2020-04-30 16:46:19 +03:00
Slavomir
6f1f60896a autoformat 2020-04-30 16:46:19 +03:00
Slavomir
c9c7e6c0a9 Add more test cases: add negative cases 2020-04-30 16:46:19 +03:00
Slavomir
d713087364 Mention in qhelp file: CWE-190: Integer Overflow or Wraparound 2020-04-30 16:46:19 +03:00
Slavomir
4517d4513f Update qhelp file and go examples 2020-04-30 16:46:19 +03:00
Slavomir
f093226dab Move query to experimental 2020-04-30 16:46:19 +03:00
Slavomir
57ac636d60 Change alert message 2020-04-30 16:46:19 +03:00
Slavomir
fe661b227c Improve alert message inside select statement 2020-04-30 16:46:19 +03:00
Slavomir
05314a19ee Add comments, improve naming 2020-04-30 16:46:19 +03:00
Slavomir
b176c4ad19 Add ParseFloat, ParseInt, ParseUint 2020-04-30 16:46:19 +03:00
Slavomir
8ecc2b9523 add comments, improve naming, refactor 2020-04-30 16:46:19 +03:00
Slavomir
fd9e3a005e fix comments 2020-04-30 16:46:19 +03:00
Slavomir
6d2c5be196 rename OverflowingConversionExpr to NumericConversionExpr 2020-04-30 16:46:19 +03:00
Slavomir
74481c4bad CWE-681: initial commit 2020-04-30 16:46:19 +03:00
Max Schaefer
dd4f1ca70b Merge pull request #125 from gagliardetto/exec-syscall
Add syscall functions to SystemCommandExecutors
2020-04-30 07:21:28 +01:00
Sauyon Lee
417102c120 Merge pull request #124 from github/rc/1.24
Merge rc/1.24 into master
2020-04-29 12:27:56 -07:00
Slavomir
a357121e89 Fix test by removing a unix-only func; add windows-only funcs 2020-04-29 19:17:24 +03:00
Slavomir
a93477c301 Add syscall functions to SystemCommandExecutors 2020-04-29 18:31:07 +03:00
Max Schaefer
d3fea0f171 Merge pull request #123 from sauyon/dependency-licenses
Add license files for dependency stubs
2020-04-29 14:45:25 +01:00
Sauyon Lee
157139bb46 Add license files for dependencies 2020-04-29 04:04:38 -07:00
Sauyon Lee
6953d3b2ba Merge pull request #122 from max-schaefer/receiver-output
Fix `getExitNode` for receiver outputs.
2020-04-29 01:25:43 -07:00
Max Schaefer
a1222344eb Add tests. 2020-04-29 07:55:24 +01:00
Max Schaefer
0546c527af Fix getExitNode for receiver outputs. 2020-04-28 21:41:29 +01:00
Porcupiney Hairs
9948596e2c User-controlled bypass of a comparision 2020-04-28 23:24:28 +05:30
Porcupiney Hairs
92576e9c11 User-controlled bypass of sensitive action 2020-04-28 23:18:58 +05:30
Jason Reed
6489538623 Add queries for ide search.
This enables jump-to-definition and find-references in the VS Code
extension, for golang source archives.
2020-04-28 12:00:24 -04:00
Max Schaefer
3a39085e62 Merge pull request #114 from sauyon/action-update
Use CodeQL version 2.1.1 for tests
2020-04-27 09:12:37 +01:00
Sauyon Lee
b3c363d1c2 Try setting destination for expand-archive 2020-04-23 22:39:19 -07:00
Sauyon Lee
38f744ddd6 Action: Use expand-archive on Windows 2020-04-23 20:04:19 -07:00
Sauyon Lee
78bffa96b3 Use CodeQL version 2.1.1 2020-04-23 18:41:42 -07:00
Sauyon Lee
b3beca0a1c Merge pull request #111 from github/rc/1.24
Merge rc/1.24 into master
2020-04-23 17:46:12 -07:00
Sauyon Lee
ae21ac23c1 Merge pull request #105 from max-schaefer/fail-tests-with-errors
Add consistency query flagging tests with unexpected frontend errors
2020-04-20 01:31:43 -07:00
Max Schaefer
97b1d3a57c Fix extraction of error positions for paths containing colon. 2020-04-20 08:04:16 +01:00
Max Schaefer
c19c16c655 Merge pull request #106 from github/1.24/SD-61-Go-finalize-notes
1.24 release: finalize change notes for Go
2020-04-17 15:03:47 +01:00
Felicity Chapman
70525d0e64 Minor editorial changes 2020-04-17 13:19:11 +01:00
Max Schaefer
c15094ab9e Mark frontend errors as expected in ImposibleInterfaceNilCheck. 2020-04-17 09:51:06 +01:00
Max Schaefer
ef497afc20 Mark a frontend error in DeadStoreOfLocal tests as expected. 2020-04-17 09:51:06 +01:00
Max Schaefer
13762bd76c Mark frontend errors in Types/unknownFunction.go as expected. 2020-04-17 09:51:06 +01:00
Max Schaefer
c6a37fdf1d Add consistency query flagging unexpected frontend errors. 2020-04-17 09:51:06 +01:00
Max Schaefer
bf42271d14 Add convenience predicate to class Error. 2020-04-17 09:39:26 +01:00
Max Schaefer
05a6f21aea Merge pull request #104 from github/rc/1.24
Merge rc/1.24 into master.
2020-04-16 10:53:50 +01:00
Max Schaefer
00546804e3 Merge pull request #103 from max-schaefer/fix-disabled-certificate-check-qldoc
Fix misformatted header comment for `DisabledCertificateCheck`.
2020-04-16 09:59:55 +01:00
Max Schaefer
245b99dd42 Fix misformatted header comment for DisabledCertificateCheck. 2020-04-16 08:43:33 +01:00
Max Schaefer
699208adae Merge pull request #102 from marcogario/integeroverflow_qhelp
Integeroverflow.qhelp: use paragraphs within sections
2020-04-15 14:09:55 +01:00
Marco Gario
14e4e2d40f Integeroverflow.qhelp: use paragraphs within sections 2020-04-15 12:15:25 +01:00
Sauyon Lee
882805207a Merge pull request #98 from max-schaefer/extract-frontend-errors
Add support for extracting frontend errors
2020-04-15 01:40:31 -07:00
Sauyon Lee
777818e019 Merge pull request #99 from github/rc/1.24
Merge rc/1.24 into master
2020-04-15 01:33:46 -07:00
Max Schaefer
d452fc04ad Merge pull request #101 from sauyon/bufio-change-note
Add change note for buffered i/o
2020-04-15 08:48:58 +01:00
Sauyon Lee
8ca310e6b6 Add change note for buffered i/o 2020-04-15 00:37:50 -07:00
Sauyon Lee
d3e62b0480 Merge pull request #100 from max-schaefer/add-missing-change-notes
Add two missing change notes.
2020-04-15 00:33:54 -07:00
Max Schaefer
95c2cb19cf Add two missing change notes. 2020-04-15 07:57:47 +01:00
Max Schaefer
8341ce0d46 Merge pull request #97 from max-schaefer/fix-frontend-errors
Fix a few compiler errors in tests
2020-04-14 17:17:03 +01:00
Max Schaefer
dd9738f9a6 Better fix for frontend errors in DeadStoreOfLocal tests. 2020-04-14 16:07:23 +01:00
Max Schaefer
bc9c47ad5e Merge pull request #96 from sauyon/stub-deps
Use the depstubber for test stubbing
2020-04-14 15:24:22 +01:00
Max Schaefer
013d88e511 Fix frontend errors in DisabledCertificateCheck tests. 2020-04-14 10:51:29 +01:00
Max Schaefer
cb2f15f770 Fix frontend errors in AllocationSizeOverflow test. 2020-04-14 10:51:29 +01:00
Max Schaefer
590f146477 Fix frontend errors in DeadStoreOfLocal tests. 2020-04-14 10:51:29 +01:00
Max Schaefer
1bedd9df5d Fix frontend errors in MistypedExponentiation test. 2020-04-14 10:51:29 +01:00
Max Schaefer
127f232c3d Fix frontend errors in FlowSteps test. 2020-04-14 10:51:29 +01:00
Max Schaefer
d565a26d5b Add QL library for working with Go frontend errors. 2020-04-14 10:29:36 +01:00
Max Schaefer
f2d11538ce Add upgrade script. 2020-04-14 10:29:36 +01:00
Sauyon Lee
a3ad54e8b9 Add tests for ginkgo test files 2020-04-13 22:59:23 -07:00
Sauyon Lee
385603a7a1 Use stubber for SQL tests 2020-04-13 22:59:22 -07:00
Sauyon Lee
06559e0ebf Use stubber for SystemCommandExecution tests
Also remove redundant tests
2020-04-13 22:59:21 -07:00
Sauyon Lee
42d16ca80b Use stubber for CWE-643 tests, and test example 2020-04-13 22:59:20 -07:00
Sauyon Lee
adc8730f1f Use stubber for CWE-312 tests 2020-04-13 22:59:18 -07:00
Sauyon Lee
5e765a9ca1 Use stubber for CWE-089 tests 2020-04-13 20:15:24 -07:00
Max Schaefer
c38edf77ce Update stats. 2020-04-09 16:39:47 +01:00
Max Schaefer
a837d5f4ce Add support for extracting Go frontend errors. 2020-04-09 16:39:47 +01:00
Max Schaefer
cf8eff543c Merge pull request #94 from max-schaefer/more-testing-frameworks
Recognise more testing frameworks
2020-04-09 11:57:46 +01:00
Max Schaefer
d344687f52 Add change note. 2020-04-09 09:41:09 +01:00
Max Schaefer
1bf835f156 Add tests. 2020-04-09 09:41:02 +01:00
Max Schaefer
d5c8570bfc Recognise imports of well-known testing frameworks. 2020-04-09 09:40:53 +01:00
Max Schaefer
e30e5685b2 Fix recognition of Test, Benchmark, and Example as test cases. 2020-04-09 09:40:25 +01:00
Max Schaefer
be9e9720d5 Introduce class TestFile and use it. 2020-04-09 09:16:45 +01:00
Max Schaefer
43309b98fd Merge pull request #93 from max-schaefer/autoformat
Autoformat QL and Go
2020-04-08 08:06:46 +01:00
Max Schaefer
96ee5f1c4e Merge pull request #92 from max-schaefer/baselib-extractor
Add extractor field to QL packs.
2020-04-08 07:48:25 +01:00
Max Schaefer
1fe5e7f901 Autoformat Go files. 2020-04-08 07:32:43 +01:00
Max Schaefer
ddf2bdb44b Autoformat all QL. 2020-04-08 07:32:43 +01:00
Max Schaefer
c9ef6f77a2 Merge pull request #91 from max-schaefer/disabled-certificate-check
Add new query DisabledCertificateCheck.
2020-04-08 07:11:15 +01:00
Max Schaefer
90dfebb4bd Add extractor field to QL packs. 2020-04-07 14:41:54 +01:00
Max Schaefer
f074d89b54 Merge pull request #88 from max-schaefer/readsField
Improve handling of field reads through pointer
2020-04-07 09:02:10 +01:00
Max Schaefer
8fba9a98d4 Add new query DisabledCertificateCheck. 2020-04-07 09:01:41 +01:00
Max Schaefer
2ec335fb1a Autoformat. 2020-04-07 07:16:50 +01:00
Max Schaefer
fb661aadcc Merge pull request #90 from github/p0-patch-1
Delete outdated COPYRIGHT file
2020-04-06 15:32:50 +01:00
Max Schaefer
42bc5353e3 Refine our modelling of test functions and split it out into a separate library. 2020-04-06 14:46:13 +01:00
Pavel Avgustinov
c45a5cf1f2 Update copyright date 2020-04-06 14:37:09 +01:00
Pavel Avgustinov
291150a755 Delete outdated COPYRIGHT file
This seems to be copied from Semmle/ql, and it claims the wrong license.
2020-04-06 14:35:44 +01:00
Sauyon Lee
a663eaae23 Merge pull request #89 from max-schaefer/extractor-profiling
Add environment variables for dumping CPU and memory profiles.
2020-04-06 03:33:08 -07:00
Max Schaefer
1f7441e027 Make readsField and friends work modulo implicit dereferences, like writesField. 2020-04-06 11:06:46 +01:00
Max Schaefer
76f2748cbc Teach SsaWithFields to properly handle implicit dereferences. 2020-04-06 09:23:07 +01:00
Max Schaefer
4a1071cac6 Merge pull request #77 from robertbrignull/code_scanning_suites
Add code-scanning suites
2020-04-06 09:14:58 +01:00
Max Schaefer
5721d1fb3e Merge pull request #86 from sauyon/dependency-fix
Allow dependencies to match imports of subpackages
2020-04-03 20:35:07 +01:00
Max Schaefer
c240fdbd45 Merge pull request #87 from max-schaefer/more-qldoc
Add missing QlDoc.
2020-04-03 19:43:38 +01:00
Sauyon Lee
e1a7269a45 Allow dependencies to match imports of subpackages 2020-04-03 10:42:19 -07:00
Max Schaefer
d13d2f27e6 Add missing QlDoc. 2020-04-03 17:08:56 +01:00
Max Schaefer
407493094d Merge pull request #75 from sauyon/ssrf-refinement
SSRF query refinements
2020-04-03 09:31:24 +01:00
Sauyon Lee
dcd6aaf69a Alphabetize change notes 2020-04-03 00:01:19 -07:00
Sauyon Lee
ea3a7e8038 Apply suggestions from code review
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-04-02 23:58:39 -07:00
Sauyon Lee
e27947e280 Add comment for new url concatenation sanitizer 2020-04-02 23:58:39 -07:00
Sauyon Lee
3c02b3ab74 Add SafeUrlFlowCustomizations doc comment 2020-04-02 23:58:38 -07:00
Sauyon Lee
c68e509508 OpenUrlRedirect: Fix some comments 2020-04-02 23:58:37 -07:00
Sauyon Lee
4e5b17e18d Sanitize hostname if there is a slash and a previous component 2020-04-02 23:58:36 -07:00
Sauyon Lee
4b3982154a Add a SafeUrlFlow configuration 2020-04-02 23:58:35 -07:00
Sauyon Lee
4bcffe2d47 RequestForgery: Add a safe URL sanitizer 2020-04-02 23:58:34 -07:00
Sauyon Lee
1c859a8991 Address review comments 2020-04-02 23:58:33 -07:00
Sauyon Lee
3577d75607 RequestForgery: Add change note 2020-04-02 23:58:17 -07:00
Sauyon Lee
89a03c8b67 RequestForgery: Add high precision 2020-04-02 23:49:58 -07:00
Sauyon Lee
830c3fce2a RequestForgery: Add tests 2020-04-02 23:49:57 -07:00
Sauyon Lee
314787956b Allow write base to be inside an implicit dereference 2020-04-02 23:49:56 -07:00
Sauyon Lee
e9b0f88946 RequestForgery: Add taint step for URL Host assignment 2020-04-02 23:49:55 -07:00
Sauyon Lee
12928d9f17 HTTP: Add model for Client.Do 2020-04-02 23:49:55 -07:00
Sauyon Lee
6876eabf54 RequestForgery: Add query help 2020-04-02 23:49:54 -07:00
Sauyon Lee
b23c75afb6 RequestForgery: move query from experimental 2020-04-02 23:49:53 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors
Expand system executors (continuation of #70)
2020-04-03 07:24:05 +01:00
Sauyon Lee
f9610f22e7 Merge pull request #85 from max-schaefer/codeql-stats
Use CodeQL for creating stats
2020-04-02 10:57:20 -07:00
Max Schaefer
b28cd112fe Merge pull request #83 from max-schaefer/max-goroutines
Introduce official environment variable for goroutine limiting.
2020-04-02 13:49:21 +01:00
Max Schaefer
325bb7ca23 Merge pull request #84 from shati-patel/move-documentation
Docs: Move "CodeQL for Go" out of this repo
2020-04-02 13:48:51 +01:00
Shati Patel
3af3548c30 Remove "learn-ql" folder 2020-04-02 11:56:15 +01:00
Shati Patel
6126d32d82 Remove .rst files from this repo 2020-04-02 11:35:19 +01:00
Shati Patel
3a12c1c2d4 Docs: Add README with links to new docs location 2020-04-02 11:35:14 +01:00
Slavomir
b5f14d1296 Add awk and similar 2020-04-02 13:07:43 +03:00
Slavomir
81bc3c03a9 Add more commands 2020-04-02 13:03:22 +03:00
Max Schaefer
510b6070c9 Introduce official environment variable for goroutine limiting.
We've had to tell people how to do this, so we should have a name for it that doesn't refer to a defunct company.
2020-04-02 10:45:52 +01:00
Max Schaefer
ddb6f2ca6a Update stats. 2020-04-02 10:15:20 +01:00
Max Schaefer
17a8c722cd Use CodeQL for creating stats. 2020-04-02 10:15:10 +01:00
Slavomir
32beebd059 Apply suggestions from code review
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
2020-04-02 12:09:06 +03:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported
Make cwe 643 supported
2020-04-01 17:45:45 -07:00
Sauyon Lee
eba8dd0a36 Merge pull request #82 from github/max-schaefer-patch-1
Improve autobuilder logging
2020-04-01 09:07:55 -07:00
Sauyon Lee
c2eb3f5d6b Merge pull request #80 from max-schaefer/build-command-env-var
Introduce `CODEQL_GO_EXTRACTOR_BUILD_COMMAND` as an alias for `LGTM_INDEX_BUILD_COMMAND`.
2020-04-01 09:07:31 -07:00
Max Schaefer
611751a9c3 Improve autobuilder logging 2020-04-01 15:31:50 +01:00
intrigus
be21d49cf2 Add precision to query 2020-04-01 16:15:24 +02:00
intrigus
3a381b2fbf Add change note 2020-04-01 16:15:09 +02:00
intrigus
a524cc4716 Properly match methods defined in classes 2020-04-01 16:04:24 +02:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
Slavomir
a25a21eb11 Add change-note 2020-04-01 15:14:22 +03:00
Slavomir
33c18b0d11 expand system executors 2020-04-01 15:12:48 +03:00
Max Schaefer
efc9ecefc8 Introduce CODEQL_GO_EXTRACTOR_BUILD_COMMAND as an alias for LGTM_INDEX_BUILD_COMMAND.
We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.
2020-04-01 09:35:57 +01:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
Max Schaefer
590f01d0c2 Add environment variables for dumping CPU and memory profiles.
These are intentionally undocumented for now.
2020-03-31 07:50:06 +01:00
Max Schaefer
1c40d6c1ce Merge pull request #78 from sauyon/1.14-change-note
Add change notes for Go 1.14 support
2020-03-31 07:34:26 +01:00
intrigus
66451a776d Add test cases for all libraries
Note: This is currently missing appropriate vendoring
so will probably fail for now.
2020-03-30 23:44:25 +02:00
intrigus
e18d15070a Switch to jbowtie/gokogiri 2020-03-30 23:42:44 +02:00
intrigus
b097826dd8 Add missing class qualifiers 2020-03-30 23:42:13 +02:00
intrigus
051f17ce67 Fix class name 2020-03-30 23:37:37 +02:00
Sauyon Lee
3d3f35cc48 Add change notes for Go 1.14 support 2020-03-30 13:45:37 -07:00
Max Schaefer
487b1e3f80 Merge pull request #76 from max-schaefer/even-more-qldoc
Add Qldoc for the last few remaining predicates.
2020-03-30 11:58:28 +01:00
Max Schaefer
28ed803fae Data flow: Add module doc comment for TaintTrackingImpl.qll
cf https://github.com/Semmle/ql/pull/3155
2020-03-30 11:21:53 +01:00
Max Schaefer
bb34c91b38 Add Qldoc for the last few remaining predicates.
Apart from a missing module doc comment for `TaintTrackingImpl.qll` which we'll need to synchronize with the other languages (https://github.com/Semmle/ql/pull/3155), this gets us to 100% Qldoc coverage.
2020-03-30 10:38:25 +01:00
intrigus
26cfa93947 Ignore type incompatible sinks 2020-03-27 21:32:53 +01:00
Robert Brignull
df4c686921 add code scanning suites 2020-03-27 17:14:28 +00:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
Max Schaefer
cf6e255a6d Merge pull request #74 from sauyon/http-formvalue
HTTP Library Improvements
2020-03-27 14:07:30 +00:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review
Co-Authored-By: Sauyon Lee <sauyon@github.com>
2020-03-27 13:42:30 +01:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
Sauyon Lee
4747524fee Address review comments
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
intrigus
be50db1cc7 Move XPath injection query to supported query
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Sauyon Lee
1f4d67b77b OpenUrlRedirect: Whitelist some more fields and methods 2020-03-26 07:20:51 -07:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods
Also, fix up broken tests.
2020-03-26 07:20:14 -07:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution
Refine virtual call targets by local reasoning where possible
2020-03-26 06:00:59 -07:00
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll
Co-Authored-By: Sauyon Lee <sauyon@github.com>
2020-03-25 15:04:48 +00:00
Max Schaefer
13b61383e2 Merge pull request #65 from sauyon/openredirect-fps
OpenUrlRedirect: Expand safe URL flow configuration
2020-03-25 15:04:21 +00:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00
Sauyon Lee
932840b0a3 Address review comments. 2020-03-25 04:01:10 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00
Sauyon Lee
cc13a5d618 OpenUrlRedirect: Expand safe URL flow configuration
Also add some more tests
2020-03-25 04:01:08 -07:00
Max Schaefer
6edbe74c09 Revert "Add queries to inspect and measure dispatch differences."
This reverts commit 752ee3909a.
2020-03-25 10:43:05 +00:00
Max Schaefer
4ca87b84db Merge pull request #68 from adityasharad/go/request-forgery
Add experimental query for request forgery.
2020-03-25 09:09:34 +00:00
Aditya Sharad
c44e5379df Experimental: Remove query precision for now.
Address review comment.
2020-03-24 10:57:51 -07:00
Aditya Sharad
4f32d6651c Experimental: Add sanitiser edge for request forgery.
Consider a URL string sanitised if the hostname cannot be controlled.
This approach is used by URL redirection queries.
2020-03-24 10:57:51 -07:00
Aditya Sharad
f984532236 Experimental: Add query for request forgery.
Tracks the flow of tainted data from untrusted input to the URL of an HTTP request.
Ported from the corresponding query for JavaScript, though currently limited in scope.
Includes companion libraries for customisation.
2020-03-24 10:57:51 -07:00
Aditya Sharad
d41e6a9d85 Model HTTP request functions in net/http package. 2020-03-24 10:57:51 -07:00
Aditya Sharad
b057ce8d46 Concepts: Add HTTP::ClientRequest class and module.
Extensible model of client requests to a URL.
Ported from the CodeQL JavaScript library.
2020-03-24 10:57:51 -07:00
Max Schaefer
330f11c2a3 Merge pull request #71 from intrigus-lgtm/patch-1
Fix error in Qldoc
2020-03-24 16:55:22 +00:00
intrigus-lgtm
24b3133e0c Fix error in Qldoc 2020-03-24 17:53:51 +01:00
Max Schaefer
8dda4bd97f Merge pull request #66 from intrigus-lgtm/CWE-643
CWE-643 XPathInjection on Go
2020-03-24 10:53:57 +00:00
Sauyon Lee
81e13473db Merge pull request #69 from max-schaefer/issue-72
Track taint through element writes.
2020-03-24 03:41:05 -07:00
Max Schaefer
752ee3909a Add queries to inspect and measure dispatch differences. 2020-03-24 09:34:42 +00:00
Max Schaefer
084fa80a57 Refine virtual call targets by local reasoning where possible. 2020-03-24 09:34:42 +00:00
intrigus
1f635806b3 Fix copy-paste errors, remove debugging code 2020-03-23 16:49:45 +01:00
intrigus-lgtm
9187bacd3c Apply suggestion from code review
Use getUnderlyingType() to account for named aliases.

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-23 16:45:56 +01:00
Sauyon Lee
4ff3177fae Merge pull request #67 from max-schaefer/more-qldoc
Add missing Qldoc for modules.
2020-03-23 05:29:40 -07:00
Max Schaefer
62b79721ea Track taint through element writes.
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
2020-03-23 09:15:01 +00:00
intrigus
d81c9b145e Update query help to use goxpath 2020-03-20 21:38:46 +01:00
intrigus
948b79df87 Update xpath example, use goxpath package 2020-03-20 21:38:46 +01:00
intrigus
c7ead88b91 Restructure query, add default sanitizer 2020-03-20 21:38:46 +01:00
intrigus-lgtm
ec40cf0379 Apply suggestions from review
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-20 21:38:02 +01:00
Max Schaefer
60fe6f4390 Add missing Qldoc for modules. 2020-03-20 17:36:08 +00:00
intrigus
d6ff6b74c5 CWE-643 XPathInjection on Go 2020-03-19 22:26:37 +01:00
Max Schaefer
37aaba10b7 Merge pull request #64 from sauyon/examples-in-json
Add examples qlpack.yml to CodeQL manifest
2020-03-19 07:54:39 +00:00
Sauyon Lee
f60f6ea7d0 Add examples qlpack.yml to CodeQL manifest 2020-03-18 09:30:45 -07:00
Max Schaefer
f53732ec5a Merge pull request #39 from sauyon/go1.14
Go 1.14 support
2020-03-18 10:08:50 +00:00
Max Schaefer
0a59470640 Fix tests. (#3) 2020-03-18 02:10:24 -07:00
Max Schaefer
60ce9c5acd Merge pull request #59 from max-schaefer/go-pg
Add model of `go-pg/pg`.
2020-03-18 07:35:23 +00:00
Max Schaefer
ad1324d2dd Add test. 2020-03-17 12:08:42 +00:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Sauyon Lee
e9b47298ed Merge pull request #61 from max-schaefer/better-method-sets
Reformulate `Method.hasQualifiedName` in terms of method sets
2020-03-17 07:46:19 -04:00
Max Schaefer
8cadc94f49 Clarify behaviour of getMethod on struct types. 2020-03-17 10:58:58 +00:00
Max Schaefer
74bcfdd01c Remove an unused and potentially confusing predicate. 2020-03-16 13:24:57 +00:00
Max Schaefer
0fc7febd1d Add another test. 2020-03-13 15:54:39 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps
MistypedExponentiation: Add a heuristic to reduce FPs
2020-03-13 15:46:03 +00:00
Max Schaefer
8898858fff Add tests. 2020-03-13 14:19:27 +00:00
Max Schaefer
5175f1dcbe Take promoted methods into account when computing method sets. 2020-03-13 14:19:27 +00:00
Max Schaefer
d0c6206a6a Reformulate hasQualifiedName in terms of method sets. 2020-03-13 14:19:27 +00:00
Sauyon Lee
78ad006e68 Merge pull request #55 from max-schaefer/tainted-arithmetic
Add new query `AllocationSizeOverflow`.
2020-03-13 07:16:54 -07:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
864c85e886 Fix typo. 2020-03-13 10:27:58 +00:00
Max Schaefer
b2f1da8942 Simplify a condition. 2020-03-13 10:27:58 +00:00
Max Schaefer
d66888e651 Make query more extensible. 2020-03-13 10:27:58 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
ea5e6a324d Add change note 2020-03-13 03:10:55 -07:00
Sauyon Lee
630d0cef89 Address review comments 2020-03-12 09:13:52 -07:00
Sauyon Lee
6e681f829b MistypedExponentiation: Add a heuristic to reduce FPs 2020-03-12 09:13:52 -07:00
Max Schaefer
2c751f2945 Merge pull request #58 from max-schaefer/desemmlify
Docs: Remove some Semmle references.
2020-03-12 16:05:48 +00:00
Sauyon Lee
b64a43f578 Merge pull request #57 from max-schaefer/trap.gz
Gzip TRAP files
2020-03-12 06:24:32 -07:00
Max Schaefer
270ae0926a Docs: Remove some Semmle references. 2020-03-12 10:57:06 +00:00
Max Schaefer
6b0ba750e6 Put gzip writer on top of bufio writer. 2020-03-12 08:40:22 +00:00
Max Schaefer
d7d5447689 Merge pull request #46 from sauyon/force-extract-methods
Extract methods when they don't exist
2020-03-12 08:16:44 +00:00
Sauyon Lee
2e8958583b Merge pull request #56 from max-schaefer/issue-66
Standardize experimental contribution
2020-03-11 14:18:35 -07:00
Max Schaefer
8901ba62e0 Gzip TRAP files. 2020-03-11 15:14:37 +00:00
Max Schaefer
8136ebbb91 Merge pull request #54 from sauyon/vendor-support
extractor: Use -mod=vendor when a vendor directory exists
2020-03-11 11:36:49 +00:00
Max Schaefer
b3022c9fc8 Standardise RangeAnalysis.qll.
This brings the library in line with our usual syntactic conventions regarding QLDoc and names. I've also made a few superficial simplifications here and there.

Overall, the code would benefit from being rewritten to make use of the data-flow graph, but that is a larger undertaking.
2020-03-11 11:20:59 +00:00
Max Schaefer
a95b9c8e02 Rename a few files and clean up wording. 2020-03-11 11:04:42 +00:00
Max Schaefer
2fd925fe90 Autoformat. 2020-03-11 10:47:23 +00:00
Sauyon Lee
5056b5f161 Apply review comments.
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-11 03:26:18 -07:00
Sauyon Lee
1f83aa4586 Add a -mod=vendor change note 2020-03-11 03:10:35 -07:00
Max Schaefer
f1d489f6f9 Merge pull request #51 from singleghost/master
Add integer overflow detection support for codeql-go.
2020-03-11 10:00:39 +00:00
Sauyon Lee
57b874e047 extractor: Only skip dependency installation when vendor folder is detected 2020-03-11 02:59:33 -07:00
Max Schaefer
a8c1731f9d Merge pull request #50 from sauyon/uintptr
Make uintptrtype a subclass of unsignedintegertype
2020-03-11 09:57:00 +00:00
Sauyon Lee
ecd4c42428 extractor: Factor out method extraction
This fixes a subtle bug where the underlying interface type was used
as the receiver when constructing method labels, causing some database
inconsistencies.
2020-03-10 22:01:16 -07:00
Sauyon Lee
0daf8c1fa3 extractor: Extract methods when their labels don't exist 2020-03-10 20:36:49 -07:00
Sauyon Lee
ccae530508 extractor: minor refactoring to use variables 2020-03-10 20:36:13 -07:00
Sauyon Lee
0aa46becf9 extractor: Use -mod=vendor when a vendor directory exists 2020-03-10 16:44:03 -07:00
singleghost
2aa2f608a3 Move files related to integer overflow detection under the src/experimental folder 2020-03-10 19:02:05 +08:00
Max Schaefer
7ec7b17ce7 Merge pull request #53 from sauyon/close-files
extractor: Close files even when writes fail
2020-03-10 09:38:02 +00:00
Sauyon Lee
79ab831776 extractor: Close files even when writes fail 2020-03-10 00:52:33 -07:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48
Improve taint-tracking through pointers and other fixes
2020-03-09 06:36:43 -07:00
Sauyon Lee
2428efcb6d Make @uintptrtype a @unsignedintegertype 2020-03-09 04:40:02 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs
Go.mod extraction libraries and tests
2020-03-09 09:40:41 +00:00
singleghost
77ec4c913f Add integer overflow detection support for codeql-go.
I wrote a ql library which can perform range analysis on expression and
can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.
2020-03-07 21:34:38 +08:00
Sauyon Lee
2d879458ba Merge pull request #49 from max-schaefer/more-function-outputs
Make `FunctionOutput` more useful
2020-03-06 09:41:40 -08:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
bf6865b96a Add model of ioutil.ReadAll 2020-03-06 17:35:50 +00:00
Max Schaefer
f599243a34 Conflate references and referents more thoroughly in taint tracking. 2020-03-06 17:35:50 +00:00
Max Schaefer
aa8bc972d9 Address review comments. 2020-03-06 15:03:45 +00:00
Sauyon Lee
3d88032f81 Address review comments.
Co-authored-by: Max Schaefer <max-schaefer@github.com>
2020-03-06 06:51:30 -08:00
Sauyon Lee
43fbf47da3 Add a change note about go.mod extraction 2020-03-06 06:51:28 -08:00
Sauyon Lee
555b0a9527 Add a GoModFile class 2020-03-06 06:51:27 -08:00
Sauyon Lee
38596dddc0 Address review comments.
Co-authored-by: Max Schaefer <max-schaefer@github.com>
2020-03-06 06:51:26 -08:00
Sauyon Lee
34f34e2241 GoModExpr.qll: Rename getOffsetToken to GoModLine.getToken
Also add getRawToken to do what getToken did before, and fix up
documentation.
2020-03-06 06:51:25 -08:00
Sauyon Lee
4b9cc87c2e Add test for replace line with versions 2020-03-06 06:51:24 -08:00
Sauyon Lee
25577a8108 Remove DependencyCustomizations 2020-03-06 06:51:24 -08:00
Sauyon Lee
78239accd5 Dependencies: Make getAnImport() more precise
In particular, ensure that the go file importing the dependency is under
the directory of the file where the dependency is declared.

Co-authored-by: Max Schaefer <max-schaefer@github.com>
2020-03-06 06:51:23 -08:00
Sauyon Lee
b27e63ba83 Address review comments
Co-authored-by: Max Schaefer <max-schaefer@github.com>
2020-03-06 06:51:22 -08:00
Sauyon Lee
dd3f98c549 extractor: Don't log directory being walked for go.mod files 2020-03-06 06:51:21 -08:00
Sauyon Lee
5911b7005a Add tests for dependencies library 2020-03-06 06:51:20 -08:00
Sauyon Lee
dddc8cecd4 Add go.mod expression tests 2020-03-06 06:51:19 -08:00
Sauyon Lee
6c78490bbe Add libraries modeling dependencies 2020-03-06 06:51:18 -08:00
Sauyon Lee
d92e49fb17 Add libraries for go.mod expressions 2020-03-06 06:51:17 -08:00
Max Schaefer
f875afca53 Merge pull request #47 from sauyon/use-bufio
Use bufio and don't sync FS
2020-03-06 10:59:30 +00:00
Max Schaefer
3a7910da5a Introduce (un-)marshaling functions as a concept and instantiate it with the functions in encoding/json. 2020-03-06 10:07:54 +00:00
Max Schaefer
9bcbfb2911 Fix flow step from global functions to their use.
How does anything work.
2020-03-06 09:41:35 +00:00
Max Schaefer
a7ecb50a34 Add taint-tracking model for append. 2020-03-06 09:41:35 +00:00
Max Schaefer
4f061005cb Add a taint-tracking model for copy. 2020-03-06 09:41:35 +00:00
Max Schaefer
3f8d2117d8 Introduce post-update nodes for arguments with a mutable type. 2020-03-06 09:41:35 +00:00
Max Schaefer
b99c63d180 Factor out an auxiliary predicate. 2020-03-06 09:41:35 +00:00
Max Schaefer
af2c7aae5d Don't rely on flow through function models in definition of PostUpdateNode. 2020-03-06 09:41:35 +00:00
Max Schaefer
185d0910c3 Sharpen stringConcatStep to exclude addition. 2020-03-06 09:41:35 +00:00
Sauyon Lee
c027bbaadf Use buffered writers 2020-03-05 21:12:15 -08:00
Sauyon Lee
14e758a6ea HTTP: Add model for Header.Values() 2020-03-05 13:44:16 -08:00
Sauyon Lee
c243bb4243 Add tests for go1.14 overlapping embedded methods 2020-03-05 13:44:15 -08:00
Sauyon Lee
85c8893f57 Action: Use go 1.14 2020-03-05 13:44:14 -08:00
Sauyon Lee
a758ececd9 go.mod: Use go 1.14 and update dependencies 2020-03-05 13:44:11 -08:00
Max Schaefer
b8338896be Merge pull request #33 from sauyon/extract-go-mod
Add extraction for go.mod files
2020-03-05 09:38:21 +00:00
Sauyon Lee
f2358a0a86 Find all go.mod files before extraction 2020-03-04 16:08:55 -08:00
Sauyon Lee
cca762dbc0 gomodextractor.go: Emit pseudo comment groups to table 2020-03-04 06:26:44 -08:00
Sauyon Lee
e75497ed3b update stats sha and stats 2020-03-04 06:26:43 -08:00
Sauyon Lee
db4efd6124 Add support for extracting go.mod files 2020-03-04 06:26:42 -08:00
Sauyon Lee
89caafb0e1 labels.go: Make label generation slightly more uniform 2020-03-04 06:21:20 -08:00
Sauyon Lee
70e916376c labels.go: Make LocalID more generic 2020-03-04 06:21:19 -08:00
Sauyon Lee
a403d60acc Add go mod dependency
Also update tools dependency to latest master
2020-03-04 06:21:18 -08:00
Sauyon Lee
66a3d40348 Fix typos in tables.go 2020-03-04 06:21:17 -08:00
Sauyon Lee
d694d59757 Merge pull request #44 from max-schaefer/remove-uniqueness
Remove a mistaken uniqueness annotation.
2020-03-04 06:20:58 -08:00
Max Schaefer
1ae0dd46ec Clarify method identity. 2020-03-04 12:53:37 +00:00
Max Schaefer
6a3730ead2 Merge pull request #43 from sauyon/phony-testdb
Makefile: make testdb target phony
2020-03-04 12:08:09 +00:00
Sauyon Lee
c3b57e4e74 Makefile: make testdb target phony 2020-03-04 03:27:11 -08:00
Max Schaefer
264478f4b8 Remove a mistaken uniqueness annotation. 2020-03-04 10:34:55 +00:00
Sauyon Lee
5e71a04fdf Merge pull request #42 from max-schaefer/experimental-guidelines
Add guidelines for experimental CodeQL queries and libraries.
2020-03-02 10:22:41 -08:00
Sauyon Lee
2dc42b8814 Merge pull request #41 from max-schaefer/interface-embedding
Fix `NamedType.getMethod` to take interface embedding into account.
2020-03-02 10:21:24 -08:00
Max Schaefer
56e07356fc Update ql/test/experimental/README.md
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
2020-03-02 10:20:07 +00:00
Max Schaefer
cef017071f Move guidelines into ql folder. 2020-03-02 09:23:06 +00:00
Max Schaefer
2629f55d95 Add guidelines for experimental CodeQL queries and libraries. 2020-02-28 14:43:00 +00:00
Max Schaefer
90f1a7da75 Fix NamedType.getMethod to take interface embedding into account. 2020-02-28 10:37:14 +00:00
Max Schaefer
2eba7dee6f Add new table methodhosts associating interface methods with named types.
In particular, methods from embedded interfaces will be associated with the same named type as those from the outer interface, even though their receiver types may be different.
2020-02-28 10:24:04 +00:00
Max Schaefer
6dfd5fd934 Extend Types tests to cover interfaces. 2020-02-28 10:22:59 +00:00
Sauyon Lee
545379c050 Merge pull request #40 from max-schaefer/phonify-extractor
Make extractor targets phony.
2020-02-27 09:53:27 -08:00
Max Schaefer
7148b66d31 Make extractor targets phony. 2020-02-27 12:32:05 +00:00
Max Schaefer
a52e33ecc0 Merge pull request #38 from sauyon/use-text
.gitattributes: Use -text instead of binary
2020-02-27 08:27:31 +00:00
Sauyon Lee
8e909a49e9 .gitattributes: Use -text instead of binary
Also only add attributes to go files under the ql directory
2020-02-27 00:23:56 -08:00
Sauyon Lee
fe4003fc69 Merge pull request #37 from max-schaefer/clarify-field-identity
Clarify field identity
2020-02-26 11:49:29 -08:00
Max Schaefer
9bf5a31351 Clarify field identity.
Like-named fields declared in identical types are identical. This can be a little confusing, since such fields will have multiple declarations and multiple locations, so it's worth calling out explicitly in the documentation.
2020-02-26 10:10:47 +00:00
Sauyon Lee
b931539f68 Merge pull request #36 from max-schaefer/remove-unused-predicate
Remove an unused predicate.
2020-02-25 09:40:42 -08:00
Max Schaefer
34c66c4245 Remove an unused predicate. 2020-02-25 10:46:09 +00:00
Sauyon Lee
7a918efbf8 Merge pull request #34 from max-schaefer/receiver-flow
Propagate data flow through receivers
2020-02-24 23:58:28 -08:00
Sauyon Lee
836146a3bf Merge pull request #35 from max-schaefer/field-package
Make `Field.getPackage()` behave sensibly.
2020-02-24 23:52:02 -08:00
Max Schaefer
0f99842f34 Make Field.getPackage() behave sensibly.
Previously it was never defined, now it gives you the package of the type the field is declared in. This means we have to override `Field.hasQualifiedName/2` to avoid a field `f` in a package `pkg` being considered to have qualified name `pkg.f`.
2020-02-24 12:14:51 +00:00
Max Schaefer
5fbae15d0e Don't track receivers into virtual calls. 2020-02-24 09:56:09 +00:00
Max Schaefer
d1e020f74d Treat receiver variables as parameters.
The inter-procedural data-flow libraries expects this to be the case, but I actually never got round to implementing it.
2020-02-24 09:56:09 +00:00
Max Schaefer
77613a38c5 Add test, which does not work yet. 2020-02-24 09:55:42 +00:00
Sauyon Lee
4d58ebbae6 Merge pull request #32 from max-schaefer/update-data-flow
Port recent data-flow improvements
2020-02-21 09:45:14 -08:00
Sauyon Lee
bfbd08c51d Merge pull request #31 from max-schaefer/string-break-source
Sharpen the sources for `StringBreak`.
2020-02-21 09:35:58 -08:00
Max Schaefer
6251f1141c Simplify getACallee(). 2020-02-21 11:14:35 +00:00
Max Schaefer
285f392a12 Sharpen the sources for StringBreak.
`json.Marshal` returns two results, we only want to consider the first one as a source.
2020-02-21 10:19:09 +00:00
Max Schaefer
7230912e56 Track simple call contexts in nodeCand[Fwd]1.
See https://github.com/Semmle/ql/pull/2822.
2020-02-21 09:30:53 +00:00
Max Schaefer
90cdf4857f Improve join-order in pathStep predicate.
See https://github.com/Semmle/ql/pull/2872.
2020-02-21 09:29:13 +00:00
Max Schaefer
e9447a0e16 Merge pull request #29 from max-schaefer/fix-missing-qldoc
Add missing QLDoc for public elements.
2020-02-21 08:11:27 +00:00
Max Schaefer
6375be7089 Address review comment. 2020-02-20 20:36:58 +00:00
Max Schaefer
044def4e1f Merge pull request #243 from sauyon/incomplete-hostname-fix
IncompleteHostnameRegexp: Use a reluctant regexp
2020-02-20 20:33:56 +00:00
Sauyon Lee
b851fe0c05 Merge pull request #30 from max-schaefer/build_command-override
Ensure `LGTM_INDEX_BUILD_COMMAND` takes precedence over build-command guessing.
2020-02-20 12:25:03 -08:00
Max Schaefer
dc6a8917a4 Add missing QLDoc for public elements. 2020-02-20 13:59:12 +00:00
Max Schaefer
d7e6c59fab Merge pull request #28 from sauyon/test-fixes
Add Action for testing using the CodeQL CLI
2020-02-20 09:50:30 +00:00
Max Schaefer
bdf757b8ac Ensure LGTM_INDEX_BUILD_COMMAND takes precedence over build-command guessing. 2020-02-20 08:59:56 +00:00
Sauyon Lee
3e6a96d21b IncompleteHostnameRegexp: Use a reluctant regexp
This should help make results more comprehensible by including the
maximal string after an unescaped dot.
2020-02-19 13:04:16 -08:00
Sauyon Lee
6b51fefb1e Add Action for testing using the CodeQL CLI 2020-02-19 12:23:03 -08:00
Sauyon Lee
1e56ffbf90 Remove test actions 2020-02-19 11:29:33 -08:00
Sauyon Lee
1b7186347d Merge pull request #25 from max-schaefer/library-overview
Add library overview
2020-02-19 01:39:14 -08:00
Max Schaefer
4b371ac85a Remove rogue full stop. 2020-02-19 08:14:15 +00:00
Max Schaefer
2764b70364 Data flow: generalize flow-through summaries. 2020-02-18 14:30:25 +00:00
Max Schaefer
31557e8c19 Rename ArrowExpr to RecvExpr and address further review comments. 2020-02-18 08:39:31 +00:00
Max Schaefer
c47f9da0f9 Merge pull request #241 from shati/cookbook-changenotes
Mention Go cookbook queries in 1.24 change notes
2020-02-17 15:39:16 +00:00
Shati Patel
6b0f8a4088 Mention cookbook queries in 1.24 changenotes 2020-02-17 14:38:46 +00:00
Max Schaefer
d3288f19f9 Improve data-flow performance. 2020-02-17 09:49:13 +00:00
Max Schaefer
ec9ba8aa7f Address review comments. 2020-02-17 09:23:08 +00:00
Max Schaefer
f60b5daf94 Apply suggestions from code review
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
2020-02-17 08:48:16 +00:00
Max Schaefer
65c116538c Write library overview. 2020-02-14 12:50:04 +00:00
Max Schaefer
9379f74308 Merge pull request #24 from sauyon/runelit
Add a RuneLit alias for CharLit
2020-02-13 09:07:38 +00:00
Max Schaefer
c7d29311e6 Merge pull request #232 from sauyon/makefile-improvements
Makefile improvements
2020-02-13 08:51:51 +00:00
Max Schaefer
69eae987d1 Merge pull request #240 from sauyon/rune-literal-string-value
Make rune literal string value its value
2020-02-13 08:47:56 +00:00
Sauyon Lee
ed3971af47 Makefile: make tools-ARCH no longer build the tokenizer 2020-02-12 15:52:43 -08:00
Sauyon Lee
bf2b655586 Makefile: make all target build extractor instead of tools 2020-02-12 15:52:42 -08:00
Sauyon Lee
dc9d790bd3 Makefile: Make better use of built-in variables 2020-02-12 15:52:42 -08:00
Sauyon Lee
1262935085 Update stats 2020-02-12 15:52:41 -08:00
Sauyon Lee
01f4bfe4b8 Makefile: Use codeql to create stats database 2020-02-12 15:52:40 -08:00
Sauyon Lee
92025ad9bd Add a RuneLit alias for CharLit
Also change the doc comment on CharLit to RuneLit
2020-02-12 15:17:14 -08:00
Sauyon Lee
eb990c9de7 BadRedirectCheck: Use new rune literal string values 2020-02-12 15:14:59 -08:00
Sauyon Lee
74bb4f707d Make rune literal string value its value 2020-02-12 15:14:58 -08:00
Max Schaefer
cb1d2935d4 Merge pull request #23 from github/sauyon-actions-1
Implement Actions CI
2020-02-12 20:41:59 +00:00
Sauyon Lee
1365da2224 examples/variable: Select declaration as well as the variable
This makes the test platform-independent
2020-02-12 10:41:58 -08:00
Sauyon Lee
fdb7852cf6 Force git not to mangle line endings for files relevant to tests 2020-02-10 16:11:56 -08:00
Sauyon Lee
22029410f0 Create an action workflow for CodeQL tests 2020-02-10 16:11:55 -08:00
Sauyon Lee
ae96bd88bc Merge pull request #239 from max/virtual-dispatch
Call-graph API cleanup
2020-02-10 15:05:13 -08:00
Max Schaefer
acd27cdee6 Merge pull request #238 from sauyon/semmle-to-github
Rename the go module to github.com/github/codeql-go
2020-02-10 21:02:05 +00:00
Max Schaefer
6aa0d631dd Address review comments. 2020-02-10 20:59:13 +00:00
Sauyon Lee
677ed6ebf4 Fix tests to use codeql-go repository name 2020-02-10 11:00:01 -08:00
Sauyon Lee
5417102c37 Rename the go module to github.com/github/codeql-go 2020-02-10 11:00:00 -08:00
Max Schaefer
d6f3005e0e Merge branch '235-head' 2020-02-07 20:12:47 +00:00
Max Schaefer
5571f1eac7 Rename Comparison to ComparisonExpr. 2020-02-07 16:24:42 +00:00
Max Schaefer
ad7dfa258c Rename ParenExpr.getExpression() to getExpr() for consistency with similar predicates in other classes. 2020-02-07 16:24:42 +00:00
Sauyon Lee
1a21c14f2f Remove build ignore from HardcodedCredentials example 2020-02-07 03:13:14 -08:00
Sauyon Lee
e4d228fa0f Fix CleartextStorage tests 2020-02-07 03:13:13 -08:00
Sauyon Lee
6300fdf85e Remove accidentally added CleartextStorage tests 2020-02-07 03:13:12 -08:00
Sauyon Lee
559ac8f0d2 Fix squirrel test build 2020-02-07 03:12:19 -08:00
Max Schaefer
72de4728a2 Suppress unhelpful magic. 2020-02-07 11:09:33 +00:00
Max Schaefer
69edfe08df Make regular expression for format strings more precise. 2020-02-07 11:05:44 +00:00
Max Schaefer
8b0d271717 Locally resolve calls to function expressions. 2020-02-07 11:05:44 +00:00
Max Schaefer
f6305f019d Minor refactoring. 2020-02-07 11:05:44 +00:00
Max Schaefer
46a8f8c8ed Remove Function.getACallExpr. 2020-02-07 11:05:44 +00:00
Max Schaefer
39b7272241 Teach Function.getACall to take virtual dispatch into account. 2020-02-07 11:05:44 +00:00
Max Schaefer
84002f585e Remove CallExpr.getACallee(). 2020-02-07 11:05:44 +00:00
Max Schaefer
cf0e38b22c Move virtual dispatch resolution from CallExpr to CallNode and generalise it very slightly. 2020-02-07 11:05:44 +00:00
Max Schaefer
253a394ae0 Make CallNode.getCalleeName() more robust to missing type information. 2020-02-07 11:05:44 +00:00
Max Schaefer
93a84684a5 Remove predicate CallExpr.calls.
This sort of reasoning should be done at the data-flow level.
2020-02-07 11:05:44 +00:00
Max Schaefer
9400442bea Add call graph test.
This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.
2020-02-07 11:05:41 +00:00
Sauyon Lee
5dbebe44f5 Package tests: also select raw database path 2020-02-07 02:25:26 -08:00
Sauyon Lee
2cb61911c3 Package tests: Limit to specific packages 2020-02-07 02:23:28 -08:00
Sauyon Lee
9a9561bb12 Remove vendored path prefix of vendored packages 2020-02-07 02:17:54 -08:00
Sauyon Lee
c94f5dafb3 Merge pull request #237 from Semmle/go-build-env-windows
Fix extractor build on Windows.
2020-02-06 09:06:33 -08:00
Max Schaefer
d18eb9717a Fix environment setup on Windows. 2020-02-06 14:28:16 +00:00
Max Schaefer
61ee9a45ca Merge pull request #234 from sauyon/reflectedxss-fixes
ReflectedXss: Remove FPs from constant prefix Fprintfs
2020-02-06 09:22:44 +00:00
Sauyon Lee
39f5376eed ReflectedXss: Add change note for Fprintf FPs 2020-02-05 19:07:42 -08:00
Sauyon Lee
0dca13a5d9 Address review comments 2020-02-04 11:13:41 -08:00
Sauyon Lee
87865afa42 ReflectedXss: Remove FPs from constant prefix Fprintfs 2020-02-03 16:00:33 -08:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break
Add query to find unsafe quoting
2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
63ca382a0c Reorganise modelling of string concatenation. 2020-02-03 09:01:40 +00:00
Sauyon Lee
da2924251b Merge pull request #230 from max/remove-deprecated-flow-predicates
Remove deprecated flow predicates.
2020-01-30 11:29:05 -08:00
Max Schaefer
3afce956ab Remove deprecated flow predicates. 2020-01-30 11:45:19 +00:00
Max Schaefer
69a91b537f Add change note for autobuilder changes
https://git.semmle.com/Semmle/go/pull/210 did not include a change note.
2020-01-30 11:36:23 +00:00
Max Schaefer
ef60f1cbf7 Merge pull request #210 from sauyon/autobuilder-run-make
autobuilder: run build if relevant files exist
2020-01-29 16:32:43 +00:00
Max Schaefer
8bb769b4f9 Merge pull request #228 from sauyon/codeql-test
Makefile: Make extractor-common extractor target
2020-01-29 09:23:53 +00:00
Max Schaefer
be183596c8 Merge pull request #211 from sauyon/open-redirect-fps
OpenUrlRedirect: resolve some FPs
2020-01-29 09:18:07 +00:00
Sauyon Lee
7676a56af6 Makefile: Make extractor-common extractor target 2020-01-28 14:38:15 -08:00
Sauyon Lee
41d04f3d96 Revert "Add DataFlow2"
This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.
2020-01-28 13:01:37 -08:00
Sauyon Lee
478f906d7a HTTP: Use Field.getQualifiedName in UserControlledRequestField
Also autoformat.
2020-01-28 13:01:36 -08:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement
Co-Authored-By: Max Schaefer <max@semmle.com>
2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
e17f548780 Add DataFlow2 2020-01-28 12:59:47 -08:00
Sauyon Lee
30d2fb0b7f TaintTracking: Make functionModelStep take a FunctionModel
This makes using only some function models easier.
2020-01-28 12:59:46 -08:00
Sauyon Lee
260b33be7e OpenUrlRedirect: Add untrusted methods
Also use more up-to-date data-flow APIs
2020-01-28 12:59:45 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser
Bad redirect sanitiser
2020-01-28 20:11:46 +00:00
Sauyon Lee
aa33595b0f Address review comments 2020-01-28 08:26:37 -08:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
f897f68ead SsaWithFilds: Add a getQualifiedName predicate 2020-01-27 17:33:53 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
abc9438cd3 Apply suggestions from code review
Co-Authored-By: Max Schaefer <max@semmle.com>
2020-01-27 17:33:52 -08:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp
Address doc review comments
2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Sauyon Lee
c889cb3501 Add getAnOperand to OperatorExpr 2020-01-27 17:33:48 -08:00
Sauyon Lee
edecb4e128 Merge pull request #227 from max/redundant-expr-bug
Fix hash-consing of literals
2020-01-27 11:35:40 -08:00
Max Schaefer
3c1a68ee8f Fix hash-consing of literals.
We shouldn't rely on the literal value given in the `literals` table, but use the exact value (where available) instead.
2020-01-27 12:05:48 +00:00
Sauyon Lee
496ad5d051 Merge pull request #226 from max/fix-classify-files-regex
Fix regex in ClassifyFiles.
2020-01-24 21:01:01 -08:00
Sauyon Lee
6e4880bc53 Merge pull request #220 from max/example-queries
Add example queries
2020-01-24 09:42:31 -08:00
Max Schaefer
d293388172 Add failing test case for RedundantExpr. 2020-01-24 16:20:08 +00:00
Max Schaefer
77b86150d6 Fix regex in ClassifyFiles.
`Comment.getText()` does not include the delimiter.
2020-01-24 14:05:13 +00:00
Max Schaefer
c30b1d98ea Address review comments. 2020-01-24 10:26:59 +00:00
Max Schaefer
ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Max Schaefer
9507a22f48 Merge pull request #213 from sauyon/codeql-test
Use codeql for testing and add binary cross compilation support
2020-01-24 09:40:47 +00:00
Sauyon Lee
2bd88d5b61 Merge pull request #225 from max/impossible-interface-nil-check-robustness
Make ImpossibleInterfaceNilCheck more robust.
2020-01-23 16:06:03 -08:00
Sauyon Lee
3a53269a52 Merge pull request #223 from max/update-dataflow
Add support for taint-getter/setter summaries in data flow.
2020-01-23 16:03:05 -08:00
Sauyon Lee
a6a8375ae5 Merge pull request #224 from max/make-implicit-deref-explicit
Make implicit dereferences explicit
2020-01-23 00:50:18 -08:00
Max Schaefer
47104a3db8 Add explanatory comment. 2020-01-23 08:14:57 +00:00
Max Schaefer
5895c6ac69 Fix typo.
Co-Authored-By: Sauyon Lee <sauyon@github.com>
2020-01-23 08:10:20 +00:00
Sauyon Lee
fe23f88468 Merge pull request #221 from max/cleanup
Minor fixes
2020-01-22 00:52:58 -08:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust.
It no longer flags alerts that may be simply caused by missing type information.
2020-01-21 10:04:57 +00:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
f42a2b060c Take implicit dereferences in index and slice expressions into account as well. 2020-01-21 09:56:59 +00:00
Max Schaefer
a4f5ad7412 Refactor implementation of SliceNode. 2020-01-21 09:56:59 +00:00
Max Schaefer
44b9bcf7a1 Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
64049d8f3d Make taint tracking less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
9f897132f2 Update HTTP library. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
efc5f10f07 Streamline definition of UserControlledRequestField. 2020-01-21 09:56:59 +00:00
Max Schaefer
39b28a4969 Make CallNode.getReceiver() less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
ef964632be Remove CallExpr.getQualifier() and its single, pointless, use. 2020-01-21 09:56:59 +00:00
Max Schaefer
8fc414b93f Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Max Schaefer
5eb95c7895 Add support for taint-getter/setter summaries in data flow. 2020-01-20 11:29:12 +00:00
Sauyon Lee
32fa033a55 Makefile: Add exe suffix back to tools/bin targets 2020-01-17 14:05:29 -08:00
Sauyon Lee
52fe0afa48 Makefile: Delete entire test db in clean 2020-01-17 14:05:27 -08:00
Sauyon Lee
1eb9466de2 Use codeql for testing and add binary cross compilation support
Also add support for building the extractor inside this repository
so that users can build and use the extractor, and an up-to-date
version can be used for testing.
2020-01-17 14:05:26 -08:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes
Switch guard nodes
2020-01-17 21:44:59 +00:00
Sauyon Lee
4e5fd46bc6 autobuilder: Close stdin of subprocesses
This fixes issues where build programs were prompting for input,
causing the build to hang indefinitely.
2020-01-17 12:43:07 -08:00
Sauyon Lee
53e5ebba20 autobuilder: Run build tools if relevant files exist 2020-01-17 12:43:06 -08:00
Sauyon Lee
c76684851f autobuilder: run make if Makefile exists 2020-01-17 12:43:05 -08:00
Sauyon Lee
2d97b396b7 Merge pull request #20 from github/sort-change-notes
Sort lines in change notes.
2020-01-17 09:01:46 -08:00
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Max Schaefer
d8b97afcab Implement Field.hasQualifiedName. 2020-01-17 13:16:35 +00:00
Max Schaefer
e5e6f73081 Make Field extend Variable. 2020-01-17 13:15:43 +00:00
Max Schaefer
4ee8f08bf5 Adjust Location.toString() to match what other parts of the toolchain print. 2020-01-17 13:08:43 +00:00
Max Schaefer
2558e67c2b Give entities a location. 2020-01-17 13:08:43 +00:00
Max Schaefer
24f9fce7a1 Rename MkCaseNode as suggested. 2020-01-17 10:32:39 +00:00
Max Schaefer
e86201829e Add an explanatory comment. 2020-01-17 10:27:36 +00:00
Max Schaefer
98c7c4a255 Autoformat. 2020-01-17 10:25:10 +00:00
Sauyon Lee
aa9489ea28 Merge pull request #218 from max/field-refs
Fix handling of references to fields and methods
2020-01-16 14:26:55 -08:00
Sauyon Lee
7040b76cf6 Merge pull request #219 from max/new-env-vars
Teach extractor about CodeQL environment variables.
2020-01-15 11:37:26 -08:00
Max Schaefer
1ad90b6739 Teach extractor about CodeQL environment variables. 2020-01-15 14:01:30 +00:00
Max Schaefer
ad432965db Remove DeclaredEntity.getDecl().
It's not particularly useful except for functions, and the name is easy to confuse with `Entity.getDeclaration()`. Instead we now have `getFuncDecl()` just for functions, and a bit more API on `Function` to avoid its use where possible.
2020-01-15 13:14:06 +00:00
Max Schaefer
b7a830593d Correctly create extract nodes for returns where we cannot infer the type of the returned expression, but know from context that it must be a tuple type. 2020-01-15 10:22:29 +00:00
Max Schaefer
86708f7867 Merge pull request #212 from sauyon/dependency-update
Dependency update
2020-01-15 09:18:14 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24
Switch RedundantExpr query back to using AST instead of global value numbering.
2020-01-14 13:05:44 -08:00
Max Schaefer
3d508d44e7 Fix global value numbering. 2020-01-14 20:44:13 +00:00
Max Schaefer
2fdd45255c Add two new tests. 2020-01-14 17:06:42 +00:00
Max Schaefer
61976d8dea Fix code that does not account for the fact that Field is a subtype of ValueEntity. 2020-01-14 15:52:48 +00:00
Max Schaefer
0c254f8cd1 Fix a typo. 2020-01-14 15:35:18 +00:00
Max Schaefer
c96cebb022 Make reads(ValueEntity) and writes(ValueEntity) work for fields. 2020-01-14 15:35:18 +00:00
Sauyon Lee
1125c1ac41 Merge pull request #216 from Semmle/add-sql-tx-support
Add tests for https://github.com/github/codeql-go/pull/15
2020-01-14 01:55:29 -08:00
Max Schaefer
efc72fa01a Remove Entity.getAUse() and replace uses with getAReference().
The former had result type `Ident`, so it wouldn't pick up references to methods and fields. Apart from that, it is subsumed by the latter anyway.
2020-01-14 07:15:43 +00:00
Max Schaefer
d339d55faa Merge pull request #15 from RicterZ/add-sql-tx-support
Add sql.Tx.Exec/Query... support
2020-01-13 08:38:32 +00:00
Max Schaefer
d55ebd731d Autoformat. 2020-01-13 08:37:32 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Ricter Zheng
a6e0dcaefc Add sql.Tx.Exec/Query... support
Ref: https://golang.org/pkg/database/sql/#Tx.ExecContext
2020-01-13 15:17:55 +08:00
Sauyon Lee
00dd464697 Update stats 2020-01-10 19:27:47 -08:00
Sauyon Lee
f01ef40af3 Update golang.org/x/tools dependency 2020-01-10 19:27:46 -08:00
Sauyon Lee
5985559161 Merge pull request #214 from max/issue-26
Model `Header.Get` as a source of untrusted input.
2020-01-10 19:26:43 -08:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers.
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
1cafec56ad Add condition guard nodes for some switch statements.
We now create condition guard nodes for `cond1` and `cond2` in

```
switch {
case cond1:
  s1
case cond2:
  s2
default:
  s3
}
```

to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.
2020-01-10 10:37:51 +00:00
Max Schaefer
e7514bf133 Add new test cases for CFG construction. 2020-01-09 17:20:39 +00:00
Sauyon Lee
3ab68cb624 Merge pull request #208 from max/incomplete-url-scheme-check
Add `IncompleteUrlSchemeCheck` query
2020-01-08 00:50:58 -08:00
Max Schaefer
3d7046e38c Apply suggestions from code review
Co-Authored-By: Shati Patel <shati@semmle.com>
2020-01-07 20:07:44 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
9cff56b975 Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class. 2020-01-07 14:46:49 +00:00
Max Schaefer
aeb9840144 Add SliceNode class. 2020-01-06 15:36:54 +00:00
Sauyon Lee
db40535b70 Merge pull request #207 from max/uber-fixes
Various library improvements
2020-01-03 17:18:49 -08:00
Max Schaefer
638fe07da0 Move getReceiver from MethodCallNode to CallNode. 2020-01-03 14:14:18 +00:00
Max Schaefer
bb4052a574 Generalise result type of getACallee. 2020-01-03 14:14:18 +00:00
Max Schaefer
59498f53f0 Move FuncDec.getACall into FuncDecl.
Also changes the result from a `CallExpr` to a `CallNode` for consistency with `Function.getACall`.
2020-01-03 14:13:38 +00:00
Sauyon Lee
0a39124223 Merge pull request #206 from max/generalise-alert-suppression
Alert suppression through single-line /* */ style comments.
2020-01-02 11:47:44 -08:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Sauyon Lee
9fd7db7e43 Merge pull request #205 from max/trap-writer-long-strings
Teach TRAP writer to truncate strings longer than 1MiB.
2019-12-27 11:35:34 -08:00
Max Schaefer
121c940ace Teach TRAP writer to truncate strings longer than 1MiB.
The evaluator cannot in general handle strings that are longer than 1MiB when UTF8-encoded. Similar to other extractors, we now truncate such strings to fit within the size limit.
2019-12-18 14:18:56 +00:00
Max Schaefer
1df3585c92 Merge pull request #204 from Semmle/rc/1.23
Merge rc/1.23 into master
2019-12-11 10:28:00 +00:00
Sauyon Lee
d3bf87d0f5 Merge pull request #203 from max/quieten-hard-coded-cred
Make HardcodedCredentials query less noisy.
2019-12-10 16:43:15 -08:00
Max Schaefer
75d78b3f62 Reduce precision of HardcodedCredentials to "medium". 2019-12-10 16:12:48 +00:00
Max Schaefer
46c4670796 Make HardcodedCredentials query less noisy.
Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.
2019-12-10 14:14:36 +00:00
Max Schaefer
7894eb3a60 Merge pull request #202 from sauyon/incomplete-hostname-fix
IncompleteHostname: disallow unescaped dot before TLD
2019-12-10 08:17:32 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Max Schaefer
7876c37998 Merge pull request #14 from henrymercer/fix-contributing-link
Fix Code of Conduct link in CONTRIBUTING.md
2019-12-09 12:55:33 +00:00
Henry Mercer
3c08314782 Fix Code of Conduct link in CONTRIBUTING.md 2019-12-09 12:42:46 +00:00
Sauyon Lee
bc8974d32d Merge pull request #201 from max/update-data-flow
Update data flow and taint-tracking libraries
2019-12-06 18:26:27 -08:00
Sauyon Lee
34d619038b Merge pull request #200 from Semmle/codeql-test
Adapt Go tests to `codeql test`
2019-12-06 10:34:59 -08:00
Henning Makholm
7bc68c4302 Adapt Go tests to codeql test
These changes make the tests work with the coming `codeql test` support.

The `queries.xml` file defines which extractor the `codeql test`
runner will use to extract databases for the tests. In the future one
will be able to write this information in `qlpack.yml`, but we can't
do that immediately because the _existing_ CodeQL tooling would refuse
to parse a `qlpack.yml` that has the new field in it.
2019-12-06 18:27:47 +01:00
Max Schaefer
62a50bac2a Update taint-tracking libraries.
This brings `TaintTrackingImpl.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.
2019-12-06 14:07:35 +00:00
Max Schaefer
53f5e13af1 Update data-flow libraries.
This brings `DataFlowImpl.qll` and `DataFlowImplCommon.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.
2019-12-06 12:14:53 +00:00
Sauyon Lee
2fc9e37655 Merge pull request #199 from max/notype-test
Add test for handling of expressions without extracted type.
2019-12-06 01:59:32 -08:00
Max Schaefer
594824f19c Add test for handling of expressions without extracted type. 2019-12-06 09:21:55 +00:00
Max Schaefer
47f449cc0c Merge remote-tracking branch 'external/master' 2019-12-06 09:04:16 +00:00
Max Schaefer
80e7376189 Merge pull request #198 from sauyon/hardcoded-cred-fix
HardcodedCredentials: Exclude passwords that include '0123456789'
2019-12-06 09:02:17 +00:00
Max Schaefer
6bda80a47b Merge pull request #197 from Semmle/rc/1.23
Merge rc/1.23 into master
2019-12-06 09:01:18 +00:00
Sauyon Lee
2de7c6f5fc HardcodedCredentials: Exclude passwords that include '0123456789' 2019-12-05 15:37:50 -08:00
Sauyon Lee
eb639c6cf7 Merge pull request #196 from max/no-type
Make `Expr.getType()` robust against incomplete `type_of` table.
2019-12-05 14:31:48 -08:00
Max Schaefer
8364ba3d38 Make Expr.getType() robust against incomplete type_of table. 2019-12-05 17:05:02 +00:00
Sauyon Lee
94ed3ef979 Merge pull request #13 from github/fix-dead-store
Fix a dead assignment.
2019-12-02 10:48:55 -08:00
Max Schaefer
ce6d031ce9 Update .lgtm.yml to classify examples. 2019-12-02 12:04:28 +00:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check
Add new query ImpossibleInterfaceNilCheck
2019-11-27 11:15:05 +00:00
Max Schaefer
ba54cde86e Add two references. 2019-11-27 10:47:42 +00:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00
Max Schaefer
f4a24b0353 Improve type information for tuple elements.
We would previously rely on the type information of the target variable into which the element is stored, but that could be a more general type.

For example, in the assignment

```go
x, y := f()
```

the type of `x` might be an interface while the type of `f()[0]` is a concrete type implementing that interface.
2019-11-26 16:19:17 +00:00
Sauyon Lee
1d21347578 Merge pull request #194 from max/field-write-through-embedded-pointer
Fix DeadStoreOfField false positive.
2019-11-25 13:14:24 -08:00
Max Schaefer
ee723d8a4f Fix DeadStoreOfField false positive.
We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.
2019-11-25 20:21:16 +00:00
Sauyon Lee
2c921d9418 Merge pull request #193 from max/header-xss
Don't flag header injection as XSS.
2019-11-25 11:56:54 -08:00
Sauyon Lee
61c2478541 Merge pull request #12 from github/rc/1.23
Merge rc/1.23 into master
2019-11-25 09:20:17 -08:00
Max Schaefer
8bd45593e0 Merge pull request #11 from github/1.23/SD-4095-finalize-change-notes-go
1.23: SD-4095 Minor text changes to analysis change notes
2019-11-25 15:56:17 +00:00
Felicity Chapman
de2c7d8884 Minor text changes 2019-11-25 15:48:58 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS.
All results I have seen from this are uninteresting.
2019-11-25 15:06:53 +00:00
Shati Patel
b21e4404b5 Merge pull request #192 from max/constant-length-comparison
Add new query ConstantLengthComparison.
2019-11-25 11:07:58 +00:00
Max Schaefer
db4e6789bb Address doc review comment.
Co-Authored-By: Shati Patel <shati@semmle.com>
2019-11-25 10:44:41 +00:00
Max Schaefer
e16a81cba9 Apply review suggestions. 2019-11-25 09:15:57 +00:00
Max Schaefer
cdb843516a Introduce DataFlow::Node.getBasicBlock() and use it. 2019-11-25 09:14:15 +00:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Max Schaefer
26a656b838 Merge pull request #189 from sauyon/use-taint-split
Use split taint predicates to emulate taint
2019-11-22 17:51:09 +00:00
Sauyon Lee
50b48e1c9e Merge pull request #191 from max/isEmptyInterfaceNoInline
Mark `isEmptyInterface` as `noinline`.
2019-11-22 09:45:06 -08:00
Max Schaefer
e367a48f6e Mark isEmptyInterface as noinline. 2019-11-22 09:19:34 +00:00
Sauyon Lee
4ea45dbf34 Use data-flow API in stringConcatStep 2019-11-21 23:48:23 -08:00
Sauyon Lee
9651a0bfc4 Use the split taint predicate to emulate taint where required
In particular, the OpenUrlRedirect and CleartextLogging queries, which both have taint flow into
an object when one of its fields is written.
2019-11-21 22:58:36 -08:00
Sauyon Lee
c0730fe4cc Make taintStep public 2019-11-21 22:58:25 -08:00
Sauyon Lee
73922e98d7 Merge pull request #188 from Semmle/rc/1.23
Merge rc/1.23 into master
2019-11-21 22:52:12 -08:00
Max Schaefer
228e95a646 Merge pull request #185 from sauyon/open-redirect-fp1
OpenRedirect: treat assignments to Url.Path as a barrier
2019-11-21 16:51:16 +00:00
Sauyon Lee
81ba71e47b Address review comments 2019-11-21 08:29:01 -08:00
Shati Patel
d8c6361312 Merge pull request #187 from max/rc/1.23
Add change notes for 1.23.
2019-11-21 16:07:21 +00:00
Max Schaefer
7136713a5f Add change notes for 1.23. 2019-11-21 15:50:40 +00:00
Max Schaefer
a54d30c053 Merge pull request #186 from sauyon/taint-split
Split taintStep into many predicates
2019-11-20 20:39:27 +00:00
Sauyon Lee
3f437612e1 Add qldoc to all taint step predicates. 2019-11-20 11:27:24 -08:00
Sauyon Lee
1092fe5870 Move SsaWithFields to the Ssa file and rework it for public use
Also use it in OpenRedirect
2019-11-20 11:20:55 -08:00
Sauyon Lee
4c9bf2265e OpenRedirect: treat assignments to Url.Path as a barrier 2019-11-20 11:20:54 -08:00
Max Schaefer
215fe26a73 Fix a dead assignment. 2019-11-20 10:28:12 +00:00
Max Schaefer
f94ce88ea4 Add .lgtm.yml to classify tests. 2019-11-20 10:24:54 +00:00
Sauyon Lee
09865a5f5c Add a field read taint step 2019-11-18 23:58:01 -08:00
Sauyon Lee
e0c589060a Split taintStep into many predicates 2019-11-18 23:58:00 -08:00
Max Schaefer
8cc60ba543 Add more codeql metadata files. 2019-11-14 10:35:21 +00:00
Sauyon Lee
eda858eafb Merge pull request #184 from max/cleartext-logging-constant
Teach `CleartextLogging` not to flag constant sources.
2019-11-14 01:21:04 -05:00
Max Schaefer
616d78e2a5 Teach CleartextLogging not to flag constant sources. 2019-11-13 14:25:32 +00:00
Max Schaefer
50cde34878 Merge pull request #181 from sauyon/hardcoded-sensitive
HardcodedCredentials: Use SensitiveActions
2019-11-13 09:21:45 +00:00
Max Schaefer
ed95cdea56 Merge pull request #183 from sauyon/regexp-improvements
OpenUrlRedirect: Use the regexp library for RegexpCheck
2019-11-13 09:20:19 +00:00
Max Schaefer
899ae102b0 Merge pull request #182 from sauyon/fix-newline
autobuilder: Add a missing newline to the usage blurb
2019-11-13 09:19:22 +00:00
Sauyon Lee
3b39f5c2e1 OpenUrlRedirect: Use the regexp library for RegexpCheck 2019-11-12 15:14:05 -08:00
Sauyon Lee
2ba680ef4c autobuilder: Add a missing newline to the usage blurb 2019-11-12 15:11:03 -08:00
Sauyon Lee
4e4d94da7b Merge pull request #180 from max/receiver-deref-update
Conservatively handle indirect updates through pointer-type receiver.
2019-11-12 17:56:13 -05:00
Sauyon Lee
50a008900c HardcodedCredentials: Use SensitiveActions 2019-11-12 14:08:44 -08:00
Max Schaefer
5726ec179c Merge pull request #9 from github/autobuilder-add-print
autobuilder: Add line printing the environment and build versions of Go
2019-11-12 16:24:19 +00:00
Max Schaefer
06fe00006a Conservatively handle indirect updates through pointer-type receiver.
Method references `x.m` where the receiver of `m` is a pointer implicitly take the address of `x`, so they should be treated much the same as `&x` in terms of data flow. (Ideally we'd make this explicit in the data-flow graph itself, but that's for another PR.)
2019-11-12 08:54:47 +00:00
Sauyon Lee
7c45316aa7 autobuilder: Add line printing the environment and build versions of Go 2019-11-08 19:59:52 -08:00
Max Schaefer
d14eb855fc Go analysis support for CodeQL. 2019-11-08 12:16:26 +00:00
9213 changed files with 931922 additions and 222489 deletions

3
.bazelrc Normal file
View File

@@ -0,0 +1,3 @@
build --repo_env=CC=clang --repo_env=CXX=clang++ --copt="-std=c++17"
try-import %workspace%/local.bazelrc

1
.bazelversion Normal file
View File

@@ -0,0 +1 @@
5.0.0

View File

@@ -4,15 +4,20 @@
"*/ql/lib/qlpack.yml",
"*/ql/test/qlpack.yml",
"*/ql/examples/qlpack.yml",
"*/upgrades/qlpack.yml",
"*/ql/consistency-queries/qlpack.yml",
"cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
"go/ql/config/legacy-support/qlpack.yml",
"go/build/codeql-extractor-go/codeql-extractor.yml",
"javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
"javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml",
"javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
"csharp/ql/campaigns/Solorigate/lib/qlpack.yml",
"csharp/ql/campaigns/Solorigate/src/qlpack.yml",
"csharp/ql/campaigns/Solorigate/test/qlpack.yml",
"misc/legacy-support/*/qlpack.yml",
"misc/suite-helpers/qlpack.yml",
"ruby/extractor-pack/codeql-extractor.yml",
"ruby/ql/consistency-queries/qlpack.yml",
"ql/ql/consistency-queries/qlpack.yml",
"swift/extractor-pack/codeql-extractor.yml",
"ql/extractor-pack/codeql-extractor.yml"
],
"versionPolicies": {

View File

@@ -3,6 +3,8 @@
"rust-lang.rust",
"bungcip.better-toml",
"github.vscode-codeql",
"hbenl.vscode-test-explorer",
"ms-vscode.test-adapter-converter",
"slevesque.vscode-zipexplorer"
],
"settings": {

22
.gitattributes vendored
View File

@@ -39,6 +39,7 @@
*.py text
*.lua text
*.expected text
*.go text
# Explicitly set a bunch of known extensions to binary, because Git < 2.10 will treat
# `* text=auto eol=lf` as `* text eol=lf`
@@ -50,4 +51,23 @@
*.pdb -text
java/ql/test/stubs/**/*.java linguist-generated=true
java/ql/test/experimental/stubs/**/*.java linguist-generated=true
java/ql/test/experimental/stubs/**/*.java linguist-generated=true
# Force git not to modify line endings for go or html files under the go/ql directory
go/ql/**/*.go -text
go/ql/**/*.html -text
# Force git not to modify line endings for go dbschemes
go/*.dbscheme -text
# Preserve unusual line ending from codeql-go merge
go/extractor/opencsv/CSVReader.java -text
# For some languages, upgrade script testing references really old dbscheme
# files from legacy upgrades that have CRLF line endings. Since upgrade
# resolution relies on object hashes, we must suppress line ending conversion
# for those testing dbscheme files.
*/ql/lib/upgrades/initial/*.dbscheme -text
# Generated test files - these are synced from the standard JavaScript libraries using
# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge

View File

@@ -3,12 +3,22 @@ description: Fetches the latest version of CodeQL
runs:
using: composite
steps:
- name: Select platform - Linux
if: runner.os == 'Linux'
shell: bash
run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
- name: Select platform - MacOS
if: runner.os == 'MacOS'
shell: bash
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
- name: Fetch CodeQL
shell: bash
run: |
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
env:
GITHUB_TOKEN: ${{ github.token }}

View File

@@ -16,3 +16,11 @@ updates:
directory: "ruby/autobuilder"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
ignore:
- dependency-name: '*'
update-types: ['version-update:semver-patch', 'version-update:semver-minor']

8
.github/labeler.yml vendored
View File

@@ -11,7 +11,7 @@ Java:
- change-notes/**/*java.*
JS:
- javascript/**/*
- any: [ 'javascript/**/*', '!javascript/ql/experimental/adaptivethreatmodeling/**/*' ]
- change-notes/**/*javascript*
Python:
@@ -21,6 +21,10 @@ Python:
Ruby:
- ruby/**/*
- change-notes/**/*ruby*
Swift:
- swift/**/*
- change-notes/**/*swift*
documentation:
- "**/*.qhelp"
@@ -28,4 +32,4 @@ documentation:
- docs/**/*
"QL-for-QL":
- ql/**/*
- ql/**/*

View File

@@ -0,0 +1,14 @@
{
"problemMatcher": [
{
"owner": "codeql-query-format",
"pattern": [
{
"regexp": "^((.*) would change by autoformatting\\.)$",
"file": 2,
"message": 1
}
]
}
]
}

View File

@@ -0,0 +1,17 @@
{
"problemMatcher": [
{
"owner": "codeql-syntax-check",
"pattern": [
{
"regexp": "^((ERROR|WARNING): .* \\((.*):(\\d+),(\\d+)-\\d+\\))$",
"message": 1,
"file": 3,
"line": 4,
"col": 5,
"severity": 2
}
]
}
]
}

View File

@@ -0,0 +1,14 @@
{
"problemMatcher": [
{
"owner": "codeql-test-run",
"pattern": [
{
"regexp": "(\\[.*\\] FAILED\\((RESULT|COMPILATION)\\) (.*))$",
"file": 3,
"message": 1
}
]
}
]
}

13
.github/problem-matchers/make.json vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"problemMatcher": [
{
"owner": "make",
"pattern": [
{
"regexp": "^(make: \\*\\*\\* .*)$",
"message": 1
}
]
}
]
}

View File

@@ -6,8 +6,11 @@ on:
paths:
- "*/ql/src/**/*.ql"
- "*/ql/src/**/*.qll"
- "*/ql/lib/**/*.ql"
- "*/ql/lib/**/*.qll"
- "!**/experimental/**"
- "!ql/**"
- ".github/workflows/check-change-note.yml"
jobs:
check-change-note:

54
.github/workflows/check-qldoc.yml vendored Normal file
View File

@@ -0,0 +1,54 @@
name: "Check QLdoc coverage"
on:
pull_request:
paths:
- "*/ql/lib/**"
- .github/workflows/check-qldoc.yml
branches:
- main
- "rc/*"
jobs:
qldoc:
runs-on: ubuntu-latest
steps:
- name: Install CodeQL
run: |
gh extension install github/gh-codeql
gh codeql set-channel nightly
gh codeql version
env:
GITHUB_TOKEN: ${{ github.token }}
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Check QLdoc coverage
shell: bash
run: |
EXIT_CODE=0
# TODO: remove the swift exception from the regex when we fix generated QLdoc
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!swift)[a-z]*/ql/lib' || true; } | sort -u)"
for pack_dir in ${changed_lib_packs}; do
lang="${pack_dir%/ql/lib}"
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
done
git checkout HEAD^
for pack_dir in ${changed_lib_packs}; do
# When we add a new language, pack_dir would not exist in HEAD^.
# In this case the right thing to do is to skip the check.
[[ ! -d "${pack_dir}" ]] && continue
lang="${pack_dir%/ql/lib}"
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-current.txt" | sort -u > "${RUNNER_TEMP}/current-undocumented.txt"
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-baseline.txt" | sort -u > "${RUNNER_TEMP}/baseline-undocumented.txt"
UNDOCUMENTED="$(grep -f <(comm -13 "${RUNNER_TEMP}/baseline-undocumented.txt" "${RUNNER_TEMP}/current-undocumented.txt") "${RUNNER_TEMP}/${lang}-current.txt" || true)"
if [ -n "$UNDOCUMENTED" ]; then
echo "$UNDOCUMENTED" | awk -F, '{gsub(/"/,""); print "::warning file='"${pack_dir}"'/"$1",line="$2"::Missing QLdoc for "$5, $3 }'
EXIT_CODE=1
fi
done
exit "${EXIT_CODE}"

View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
- uses: actions/stale@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

View File

@@ -27,8 +27,13 @@ jobs:
pull-requests: read
steps:
- name: Setup dotnet
uses: actions/setup-dotnet@v2
with:
dotnet-version: 6.0.202
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
@@ -44,14 +49,14 @@ jobs:
# uses: github/codeql-action/autobuild@main
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
- run: |
dotnet build csharp
dotnet build csharp /p:UseSharedCompilation=false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@main

View File

@@ -0,0 +1,70 @@
name: "Publish framework coverage as metrics"
on:
schedule:
- cron: '5 0 * * *'
push:
branches:
- main
workflow_dispatch:
pull_request:
branches:
- main
paths:
- ".github/workflows/csv-coverage-metrics.yml"
jobs:
publish-java:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
- name: Create empty database
run: |
DATABASE="${{ runner.temp }}/java-database"
PROJECT="${{ runner.temp }}/java-project"
mkdir -p "$PROJECT/src/tmp/empty"
echo "class Empty {}" >> "$PROJECT/src/tmp/empty/Empty.java"
codeql database create "$DATABASE" --language=java --source-root="$PROJECT" --command 'javac src/tmp/empty/Empty.java'
- name: Capture coverage information
run: |
DATABASE="${{ runner.temp }}/java-database"
codeql database analyze --format=sarif-latest --output=metrics-java.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
- uses: actions/upload-artifact@v3
with:
name: metrics-java.sarif
path: metrics-java.sarif
retention-days: 20
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: metrics-java.sarif
publish-csharp:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
- name: Create empty database
run: |
DATABASE="${{ runner.temp }}/csharp-database"
PROJECT="${{ runner.temp }}/csharp-project"
dotnet new classlib --language=C# --output="$PROJECT"
codeql database create "$DATABASE" --language=csharp --source-root="$PROJECT" --command 'dotnet build /t:rebuild csharp-project.csproj /p:UseSharedCompilation=false'
- name: Capture coverage information
run: |
DATABASE="${{ runner.temp }}/csharp-database"
codeql database analyze --format=sarif-latest --output=metrics-csharp.sarif -- "$DATABASE" ./csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
- uses: actions/upload-artifact@v3
with:
name: metrics-csharp.sarif
path: metrics-csharp.sarif
retention-days: 20
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: metrics-csharp.sarif

View File

@@ -28,11 +28,11 @@ jobs:
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
run: echo "$GITHUB_CONTEXT"
- name: Clone self (github/codeql) - MERGE
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: merge
- name: Clone self (github/codeql) - BASE
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 2
path: base
@@ -41,7 +41,7 @@ jobs:
git log -1 --format='%H'
working-directory: base
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Download CodeQL CLI
@@ -69,21 +69,21 @@ jobs:
run: |
python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
- name: Upload CSV package list
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: csv-framework-coverage-merge
path: |
out_merge/framework-coverage-*.csv
out_merge/framework-coverage-*.rst
- name: Upload CSV package list
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: csv-framework-coverage-base
path: |
out_base/framework-coverage-*.csv
out_base/framework-coverage-*.rst
- name: Upload comparison results
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: comparison
path: |
@@ -93,7 +93,7 @@ jobs:
mkdir -p pr
echo ${{ github.event.pull_request.number }} > pr/NR
- name: Upload PR number
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: pr
path: pr/

View File

@@ -20,9 +20,9 @@ jobs:
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
run: echo "$GITHUB_CONTEXT"
- name: Clone self (github/codeql)
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8

View File

@@ -10,16 +10,16 @@ jobs:
steps:
- name: Clone self (github/codeql)
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: script
- name: Clone self (github/codeql) for analysis
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: codeqlModels
fetch-depth: 0
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Download CodeQL CLI
@@ -35,7 +35,7 @@ jobs:
echo $CLI
PATH="$PATH:$CLI" python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
- name: Upload timeseries CSV
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: framework-coverage-timeseries
path: framework-coverage-timeseries-*.csv

View File

@@ -17,12 +17,12 @@ jobs:
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
run: echo "$GITHUB_CONTEXT"
- name: Clone self (github/codeql)
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: ql
fetch-depth: 0
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Download CodeQL CLI

View File

@@ -14,16 +14,16 @@ jobs:
steps:
- name: Clone self (github/codeql)
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: script
- name: Clone self (github/codeql) for analysis
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: codeqlModels
ref: ${{ github.event.inputs.qlModelShaOverride || github.ref }}
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Download CodeQL CLI
@@ -37,12 +37,12 @@ jobs:
run: |
PATH="$PATH:codeql-cli/codeql" python script/misc/scripts/library-coverage/generate-report.py ci codeqlModels script
- name: Upload CSV package list
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: framework-coverage-csv
path: framework-coverage-*.csv
- name: Upload RST package list
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: framework-coverage-rst
path: framework-coverage-*.rst

161
.github/workflows/go-tests.yml vendored Normal file
View File

@@ -0,0 +1,161 @@
name: "Go: Run Tests"
on:
pull_request:
paths:
- "go/**"
- .github/workflows/go-tests.yml
jobs:
test-linux:
name: Test Linux (Ubuntu)
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.18.1
uses: actions/setup-go@v3
with:
go-version: 1.18.1
id: go
- name: Set up CodeQL CLI
run: |
echo "Removing old CodeQL Directory..."
rm -rf $HOME/codeql
echo "Done"
cd $HOME
echo "Downloading CodeQL CLI..."
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
echo "Done"
echo "Unpacking CodeQL CLI..."
unzip -q codeql-linux64.zip
rm -f codeql-linux64.zip
echo "Done"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Check out code
uses: actions/checkout@v2
- name: Enable problem matchers in repository
shell: bash
run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
- name: Build
run: |
cd go
env PATH=$PATH:$HOME/codeql make
- name: Check that all QL and Go code is autoformatted
run: |
cd go
env PATH=$PATH:$HOME/codeql make check-formatting
- name: Compile qhelp files to markdown
run: |
cd go
env PATH=$PATH:$HOME/codeql QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
- name: Upload qhelp markdown
uses: actions/upload-artifact@v2
with:
name: qhelp-markdown
path: go/qhelp-out/**/*.md
- name: Test
run: |
cd go
env PATH=$PATH:$HOME/codeql make test
test-mac:
name: Test MacOS
runs-on: macOS-latest
steps:
- name: Set up Go 1.18.1
uses: actions/setup-go@v3
with:
go-version: 1.18.1
id: go
- name: Set up CodeQL CLI
run: |
echo "Removing old CodeQL Directory..."
rm -rf $HOME/codeql
echo "Done"
cd $HOME
echo "Downloading CodeQL CLI..."
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-osx64.zip "$LATEST"
echo "Done"
echo "Unpacking CodeQL CLI..."
unzip -q codeql-osx64.zip
rm -f codeql-osx64.zip
echo "Done"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Check out code
uses: actions/checkout@v2
- name: Enable problem matchers in repository
shell: bash
run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
- name: Build
run: |
cd go
env PATH=$PATH:$HOME/codeql make
- name: Test
run: |
cd go
env PATH=$PATH:$HOME/codeql make test
test-win:
name: Test Windows
runs-on: windows-2019
steps:
- name: Set up Go 1.18.1
uses: actions/setup-go@v3
with:
go-version: 1.18.1
id: go
- name: Set up CodeQL CLI
run: |
echo "Removing old CodeQL Directory..."
rm -rf $HOME/codeql
echo "Done"
cd "$HOME"
echo "Downloading CodeQL CLI..."
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-win64.zip "$LATEST"
echo "Done"
echo "Unpacking CodeQL CLI..."
unzip -q -o codeql-win64.zip
unzip -q -o codeql-win64.zip codeql/codeql.exe
rm -f codeql-win64.zip
echo "Done"
env:
GITHUB_TOKEN: ${{ github.token }}
shell:
bash
- name: Check out code
uses: actions/checkout@v2
- name: Enable problem matchers in repository
shell: bash
run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
- name: Build
run: |
$Env:Path += ";$HOME\codeql"
cd go
make
- name: Test
run: |
$Env:Path += ";$HOME\codeql"
cd go
make test

76
.github/workflows/js-ml-tests.yml vendored Normal file
View File

@@ -0,0 +1,76 @@
name: JS ML-powered queries tests
on:
push:
paths:
- "javascript/ql/experimental/adaptivethreatmodeling/**"
- .github/workflows/js-ml-tests.yml
branches:
- main
- "rc/*"
pull_request:
paths:
- "javascript/ql/experimental/adaptivethreatmodeling/**"
- .github/workflows/js-ml-tests.yml
defaults:
run:
working-directory: javascript/ql/experimental/adaptivethreatmodeling
jobs:
qlformat:
name: Check QL formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Check QL formatting
run: |
find . "(" -name "*.ql" -or -name "*.qll" ")" -print0 | \
xargs -0 codeql query format --check-only
qlcompile:
name: Check QL compilation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Install pack dependencies
run: |
for pack in modelbuilding src; do
codeql pack install --mode verify -- "${pack}"
done
- name: Check QL compilation
run: |
codeql query compile \
--check-only \
--ram 5120 \
--additional-packs "${{ github.workspace }}" \
--threads=0 \
-- \
lib modelbuilding src
qltest:
name: Run QL tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Install pack dependencies
run: codeql pack install -- test
- name: Run QL tests
run: |
codeql test run \
--threads=0 \
--ram 5120 \
--additional-packs "${{ github.workspace }}" \
-- \
test

View File

@@ -6,6 +6,6 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v2
- uses: actions/labeler@v4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"

103
.github/workflows/mad_modelDiff.yml vendored Normal file
View File

@@ -0,0 +1,103 @@
name: Models as Data - Diff
on:
workflow_dispatch:
inputs:
projects:
description: "The projects to generate models for"
required: true
default: '["netty/netty"]'
pull_request:
branches:
- main
paths:
- "java/ql/src/utils/model-generator/**/*.*"
- ".github/workflows/mad_modelDiff.yml"
permissions:
contents: read
jobs:
model-diff:
name: Model Difference
runs-on: ubuntu-latest
if: github.repository == 'github/codeql'
strategy:
matrix:
slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}
steps:
- name: Clone github/codeql from PR
uses: actions/checkout@v3
if: github.event.pull_request
with:
path: codeql-pr
- name: Clone github/codeql from main
uses: actions/checkout@v3
with:
path: codeql-main
ref: main
- uses: ./codeql-main/.github/actions/fetch-codeql
- name: Download database
env:
SLUG: ${{ matrix.slug }}
run: |
set -x
mkdir lib-dbs
SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG} | jq .id`
curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o "$SHORTNAME.zip"
unzip -q -d "${SHORTNAME}-db" "${SHORTNAME}.zip"
mkdir "lib-dbs/$SHORTNAME/"
mv "${SHORTNAME}-db/"$(ls -1 "${SHORTNAME}"-db)/* "lib-dbs/${SHORTNAME}/"
- name: Generate Models (PR and main)
run: |
set -x
mkdir tmp-models
MODELS=`pwd`/tmp-models
DATABASES=`pwd`/lib-dbs
analyzeDatabaseWithCheckout() {
QL_VARIANT=$1
DATABASE=$2
cd codeql-$QL_VARIANT
SHORTNAME=`basename $DATABASE`
python java/ql/src/utils/model-generator/GenerateFlowModel.py $DATABASE $MODELS/${SHORTNAME}.qll
mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.qll
cd ..
}
for d in $DATABASES/*/ ; do
ls -1 "$d"
analyzeDatabaseWithCheckout "main" $d
if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]
then
analyzeDatabaseWithCheckout "pr" $d
fi
done
- name: Install diff2html
if: github.event.pull_request
run: |
npm install -g diff2html-cli
- name: Generate Model Diff
if: github.event.pull_request
run: |
set -x
MODELS=`pwd`/tmp-models
ls -1 tmp-models/
for m in $MODELS/*_main.qll ; do
t="${m/main/"pr"}"
basename=`basename $m`
name="diff_${basename/_main.qll/""}"
(diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
done
- uses: actions/upload-artifact@v3
with:
name: models
path: tmp-models/*.qll
retention-days: 20
- uses: actions/upload-artifact@v3
with:
name: diffs
path: tmp-models/*.html
retention-days: 20

View File

@@ -0,0 +1,62 @@
name: Regenerate framework models
on:
workflow_dispatch:
schedule:
- cron: "30 2 * * *"
pull_request:
branches:
- main
paths:
- ".github/workflows/mad_regenerate-models.yml"
jobs:
regenerate-models:
runs-on: ubuntu-latest
strategy:
matrix:
# placeholder required for each axis, excluded below, replaced by the actual combinations (see include)
slug: ["placeholder"]
ref: ["placeholder"]
include:
- slug: "apache/commons-io"
ref: "8985de8fe74f6622a419b37a6eed0dbc484dc128"
exclude:
- slug: "placeholder"
ref: "placeholder"
steps:
- name: Clone self (github/codeql)
uses: actions/checkout@v3
- name: Setup CodeQL binaries
uses: ./.github/actions/fetch-codeql
- name: Clone repositories
uses: actions/checkout@v3
with:
path: repos/${{ matrix.ref }}
ref: ${{ matrix.ref }}
repository: ${{ matrix.slug }}
- name: Build database
env:
SLUG: ${{ matrix.slug }}
REF: ${{ matrix.ref }}
run: |
mkdir dbs
cd repos/${REF}
SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
codeql database create --language=java ../../dbs/${SHORTNAME}
- name: Regenerate models in-place
env:
SLUG: ${{ matrix.slug }}
run: |
SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
java/ql/src/utils/model-generator/RegenerateModels.py "${SLUG}" dbs/${SHORTNAME}
- name: Stage changes
run: |
find java -name "*.qll" -print0 | xargs -0 git add
git status
git diff --cached > models.patch
- uses: actions/upload-artifact@v3
with:
name: patch
path: models.patch
retention-days: 7

View File

@@ -1,12 +1,17 @@
name: Post pull-request comment
# This workflow is the second part of the process described in
# .github/workflows/qhelp-pr-preview.yml
# See that file for more info.
name: Post PR comment
on:
workflow_run:
workflows: ["Query help preview"]
workflows: [Render QHelp changes]
types:
- completed
permissions:
pull-requests: write
actions: read
jobs:
post_comment:
@@ -17,15 +22,53 @@ jobs:
env:
GITHUB_TOKEN: ${{ github.token }}
WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
- run: |
PR="$(grep -o '^[0-9]\+$' pr.txt)"
- name: Check that PR SHA matches workflow SHA
run: |
PR="$(grep -o '^[0-9]\+$' pr_number.txt)"
PR_HEAD_SHA="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR}" --jq .head.sha)"
# Check that the pull-request head SHA matches the head SHA of the workflow run
if [ "${WORKFLOW_RUN_HEAD_SHA}" != "${PR_HEAD_SHA}" ]; then
echo "PR head SHA ${PR_HEAD_SHA} does not match workflow_run event SHA ${WORKFLOW_RUN_HEAD_SHA}. Stopping." 1>&2
exit 1
fi
gh pr comment "${PR}" --repo "${GITHUB_REPOSITORY}" -F comment.txt
env:
GITHUB_TOKEN: ${{ github.token }}
WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_commit.id }}
- name: Create or update comment
run: |
COMMENT_PREFIX="QHelp previews"
COMMENT_AUTHOR="github-actions[bot]"
PR_NUMBER="$(grep -o '^[0-9]\+$' pr_number.txt)"
# If there is no existing comment, comment_id.txt will contain just a
# newline (due to jq & gh behaviour). This will cause grep to fail, so
# we catch that.
RAW_COMMENT_ID=$(grep -o '^[0-9]\+$' comment_id.txt || true)
if [ $RAW_COMMENT_ID ]
then
# Fetch existing comment, and validate:
# - comment belongs to the PR with number $PR_NUMBER
# - comment starts with the expected prefix ("QHelp previews")
# - comment author is github-actions[bot]
FILTER='select(.issue_url | endswith($repo+"/issues/"+$pr))
| select(.body | startswith($prefix))
| select(.user.login == $author)
| .id'
COMMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${RAW_COMMENT_ID}" | jq --arg repo "${GITHUB_REPOSITORY}" --arg pr "${PR_NUMBER}" --arg prefix "${COMMENT_PREFIX}" --arg author "${COMMENT_AUTHOR}" "${FILTER}")
if [ $COMMENT_ID ]
then
# Update existing comment
jq --rawfile body comment_body.txt '{"body":$body}' -n | gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}" -X PATCH --input -
else
echo "Comment ${RAW_COMMENT_ID} did not pass validations: not editing." >&2
exit 1
fi
else
# Create new comment
jq --rawfile body comment_body.txt '{"body":$body}' -n | gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -X POST --input -
fi
env:
GITHUB_TOKEN: ${{ github.token }}

View File

@@ -1,7 +1,25 @@
name: Query help preview
# This workflow checks for any changes in .qhelp files in pull requests.
# For any changed files, it renders them to markdown in a file called `comment_body.txt`.
# It then checks if there's an existing comment on the pull request generated by
# this workflow, and writes the comment ID to `comment_id.txt`.
# It also writes the PR number to `pr_number.txt`.
# These three files are uploaded as an artifact.
# When this workflow completes, the workflow "Post PR comment" runs.
# It downloads the artifact and adds a comment to the PR with the rendered
# QHelp.
# The task is split like this because creating PR comments requires extra
# permissions that we don't want to expose to PRs from external forks.
# For more info see:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
name: Render QHelp changes
permissions:
contents: read
pull-requests: read
on:
pull_request:
@@ -15,13 +33,17 @@ jobs:
qhelp:
runs-on: ubuntu-latest
steps:
- run: echo "${{ github.event.number }}" > pr.txt
- uses: actions/upload-artifact@v2
- run: echo "${PR_NUMBER}" > pr_number.txt
env:
PR_NUMBER: ${{ github.event.number }}
- uses: actions/upload-artifact@v3
with:
name: comment
path: pr.txt
path: pr_number.txt
if-no-files-found: error
retention-days: 1
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
fetch-depth: 2
persist-credentials: false
@@ -36,7 +58,7 @@ jobs:
- name: QHelp preview
run: |
EXIT_CODE=0
echo "QHelp previews:" > comment.txt
echo "QHelp previews:" > comment_body.txt
while read -r -d $'\0' path; do
if [ ! -f "${path}" ]; then
exit 1
@@ -52,12 +74,29 @@ jobs:
echo '```'
fi
echo "</details>"
done < "${RUNNER_TEMP}/paths.txt" >> comment.txt
done < "${RUNNER_TEMP}/paths.txt" >> comment_body.txt
exit "${EXIT_CODE}"
- if: always()
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: comment
path: comment.txt
path: comment_body.txt
if-no-files-found: error
retention-days: 1
- name: Save ID of existing QHelp comment (if it exists)
run: |
# Find the latest comment starting with "QHelp previews"
COMMENT_PREFIX="QHelp previews"
gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --paginate | jq --arg prefix "${COMMENT_PREFIX}" '[.[] | select(.body|startswith($prefix)) | .id] | max' > comment_id.txt
env:
GITHUB_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.number }}
- uses: actions/upload-artifact@v3
with:
name: comment
path: comment_id.txt
if-no-files-found: error
retention-days: 1

View File

@@ -13,12 +13,13 @@ jobs:
queries:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Find codeql
id: find-codeql
uses: github/codeql-action/init@erik-krogh/ql
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with:
languages: javascript # does not matter
tools: latest
- name: Get CodeQL version
id: get-codeql-version
run: |
@@ -28,22 +29,22 @@ jobs:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- name: Cache queries
id: cache-queries
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: ${{ runner.temp }}/query-pack.zip
key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/**/qlpack.yml') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
- name: Build query pack
if: steps.cache-queries.outputs.cache-hit != 'true'
run: |
cd ql/ql/src
"${CODEQL}" pack create
cd .codeql/pack/codeql/ql-all/0.0.0
cd .codeql/pack/codeql/ql/0.0.0
zip "${PACKZIP}" -r .
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
PACKZIP: ${{ runner.temp }}/query-pack.zip
- name: Upload query pack
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: query-pack-zip
path: ${{ runner.temp }}/query-pack.zip
@@ -55,10 +56,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Cache entire extractor
id: cache-extractor
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
ql/target/release/ql-autobuilder
@@ -68,7 +69,7 @@ jobs:
key: ${{ runner.os }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
- name: Cache cargo
if: steps.cache-extractor.outputs.cache-hit != 'true'
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
~/.cargo/registry
@@ -90,7 +91,7 @@ jobs:
- name: Generate dbscheme
if: steps.cache-extractor.outputs.cache-hit != 'true'
run: ql/target/release/ql-generator --dbscheme ql/ql/src/ql.dbscheme --library ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: extractor-ubuntu-latest
path: |
@@ -107,12 +108,12 @@ jobs:
- queries
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: query-pack-zip
path: query-pack-zip
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: extractor-ubuntu-latest
path: linux64
@@ -130,7 +131,7 @@ jobs:
fi
cd pack
zip -rq ../codeql-ql.zip .
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: codeql-ql-pack
path: codeql-ql.zip
@@ -139,14 +140,14 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
folder: [cpp, csharp, java, javascript, python, ql, ruby]
folder: [cpp, csharp, java, javascript, python, ql, ruby, swift, go]
needs:
- package
steps:
- name: Download pack
uses: actions/download-artifact@v2
uses: actions/download-artifact@v3
with:
name: codeql-ql-pack
path: ${{ runner.temp }}/codeql-ql-pack-artifact
@@ -159,34 +160,44 @@ jobs:
PACK: ${{ runner.temp }}/pack
- name: Hack codeql-action options
run: |
JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
JSON=$(jq -nc --arg pack "${PACK}" '.database."run-queries"=["--search-path", $pack] | .resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
env:
PACK: ${{ runner.temp }}/pack
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Create CodeQL config file
run: |
echo "paths:" > ${CONF}
echo " - ${FOLDER}" >> ${CONF}
echo "paths-ignore:" >> ${CONF}
echo " - ql/ql/test" >> ${CONF}
echo " - ql/ql/test" >> ${CONF}
echo "disable-default-queries: true" >> ${CONF}
echo "packs:" >> ${CONF}
echo " - codeql/ql" >> ${CONF}
echo "Config file: "
cat ${CONF}
env:
CONF: ./ql-for-ql-config.yml
FOLDER: ${{ matrix.folder }}
- name: Initialize CodeQL
uses: github/codeql-action/init@erik-krogh/ql
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with:
languages: ql
db-location: ${{ runner.temp }}/db
config-file: ./ql-for-ql-config.yml
tools: latest
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@erik-krogh/ql
uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with:
category: "ql-for-ql-${{ matrix.folder }}"
- name: Copy sarif file to CWD
run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif
- name: Sarif as artifact
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.folder }}.sarif
path: ${{ matrix.folder }}.sarif

View File

@@ -17,31 +17,30 @@ jobs:
CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
strategy:
matrix:
repo:
repo:
- github/codeql
- github/codeql-go
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Find codeql
id: find-codeql
uses: github/codeql-action/init@erik-krogh/ql
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with:
languages: javascript # does not matter
- uses: actions/cache@v2
- uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
ql/target
key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
- name: Build Extractor
run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- name: Checkout ${{ matrix.repo }}
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
repository: ${{ matrix.repo }}
path: ${{ github.workspace }}/repo
@@ -60,7 +59,7 @@ jobs:
"${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: measurements
path: stats
@@ -70,15 +69,15 @@ jobs:
runs-on: ubuntu-latest
needs: measure
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: measurements
path: stats
- run: |
python -m pip install --user lxml
find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ql/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
- uses: actions/upload-artifact@v2
find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ruby/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
- uses: actions/upload-artifact@v3
with:
name: ql.dbscheme.stats
path: ql/ql/src/ql.dbscheme.stats

View File

@@ -17,36 +17,36 @@ jobs:
qltest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Find codeql
id: find-codeql
uses: github/codeql-action/init@erik-krogh/ql
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with:
languages: javascript # does not matter
- uses: actions/cache@v2
- uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
ql/target
key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
- name: Build extractor
run: |
cd ql;
codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
- name: Run QL tests
run: |
run: |
"${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- name: Check QL formatting
run: |
run: |
find ql/ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
- name: Check QL compilation
run: |
run: |
"${CODEQL}" query compile --check-only --threads=4 --warnings=error --search-path "${{ github.workspace }}/ql/extractor-pack" "ql/ql/src" "ql/ql/examples"
env:
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}

View File

@@ -17,33 +17,23 @@ jobs:
steps:
- name: Clone self (github/codeql)
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
path: codeql
- name: Clone github/codeql-go
uses: actions/checkout@v2
with:
repository: 'github/codeql-go'
path: codeql-go
- name: Set up Python 3.8
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Download CodeQL CLI
uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
with:
repo: "github/codeql-cli-binaries"
version: "latest"
file: "codeql-linux64.zip"
token: ${{ secrets.GITHUB_TOKEN }}
# Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
uses: ./codeql/.github/actions/fetch-codeql
- name: Unzip CodeQL CLI
run: unzip -d codeql-cli codeql-linux64.zip
- name: Build code scanning query list
run: |
PATH="$PATH:codeql-cli/codeql" python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
- name: Upload code scanning query list
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: code-scanning-query-list
path: code-scanning-query-list.csv

View File

@@ -38,19 +38,19 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Install GNU tar
if: runner.os == 'macOS'
run: |
brew install gnu-tar
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
- uses: actions/cache@v2
- uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
ruby/target
key: ${{ runner.os }}-rust-cargo-${{ hashFiles('**/Cargo.lock') }}
key: ${{ runner.os }}-ruby-rust-cargo-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}
- name: Check formatting
run: cargo fmt --all -- --check
- name: Build
@@ -62,17 +62,17 @@ jobs:
- name: Generate dbscheme
if: ${{ matrix.os == 'ubuntu-latest' }}
run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
if: ${{ matrix.os == 'ubuntu-latest' }}
with:
name: ruby.dbscheme
path: ruby/ql/lib/ruby.dbscheme
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
if: ${{ matrix.os == 'ubuntu-latest' }}
with:
name: TreeSitter.qll
path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: extractor-${{ matrix.os }}
path: |
@@ -86,7 +86,7 @@ jobs:
env:
CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Fetch CodeQL
run: |
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
@@ -102,7 +102,7 @@ jobs:
PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
codeql/codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
(cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: codeql-ruby-queries
path: |
@@ -113,20 +113,20 @@ jobs:
runs-on: ubuntu-latest
needs: [build, compile-queries]
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ruby.dbscheme
path: ruby/ruby
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: extractor-ubuntu-latest
path: ruby/linux64
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: extractor-windows-latest
path: ruby/win64
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: extractor-macos-latest
path: ruby/osx64
@@ -142,12 +142,12 @@ jobs:
cp win64/ruby-extractor.exe ruby/tools/win64/extractor.exe
chmod +x ruby/tools/{linux64,osx64}/{autobuilder,extractor}
zip -rq codeql-ruby.zip ruby
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: codeql-ruby-pack
path: ruby/codeql-ruby.zip
retention-days: 1
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: codeql-ruby-queries
path: ruby/qlpacks
@@ -159,7 +159,7 @@ jobs:
]
}' > .codeqlmanifest.json
zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: codeql-ruby-bundle
path: ruby/codeql-ruby-bundle.zip
@@ -177,7 +177,7 @@ jobs:
runs-on: ${{ matrix.os }}
needs: [package]
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
repository: Shopify/example-ruby-app
ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
@@ -191,7 +191,7 @@ jobs:
GITHUB_TOKEN: ${{ github.token }}
working-directory: ${{ runner.temp }}
- name: Download Ruby bundle
uses: actions/download-artifact@v2
uses: actions/download-artifact@v3
with:
name: codeql-ruby-bundle
path: ${{ runner.temp }}

View File

@@ -27,14 +27,14 @@ jobs:
repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- uses: ./ruby/actions/create-extractor-pack
- name: Checkout ${{ matrix.repo }}
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
repository: ${{ matrix.repo }}
path: ${{ github.workspace }}/repo
@@ -49,7 +49,7 @@ jobs:
run: |
mkdir -p "stats/${{ matrix.repo }}"
codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: measurements
path: stats
@@ -59,15 +59,15 @@ jobs:
runs-on: ubuntu-latest
needs: measure
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: measurements
path: stats
- run: |
python -m pip install --user lxml
find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: ruby.dbscheme.stats
path: ruby/ql/lib/ruby.dbscheme.stats

View File

@@ -24,27 +24,54 @@ defaults:
working-directory: ruby
jobs:
qltest:
qlformat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- uses: ./ruby/actions/create-extractor-pack
- name: Run QL tests
run: |
codeql test run --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Check QL formatting
run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
qlcompile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Check QL compilation
run: |
codeql query compile --check-only --threads=4 --warnings=error "ql/src" "ql/examples"
codeql query compile --check-only --threads=0 --ram 5000 --warnings=error "ql/src" "ql/examples"
env:
GITHUB_TOKEN: ${{ github.token }}
qlupgrade:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Check DB upgrade scripts
run: |
echo >empty.trap
codeql dataset import -S ql/lib/upgrades/initial/ruby.dbscheme testdb empty.trap
codeql dataset upgrade testdb --additional-packs ql/lib
diff -q testdb/ruby.dbscheme ql/lib/ruby.dbscheme
- name: Check DB downgrade scripts
run: |
echo >empty.trap
rm -rf testdb; codeql dataset import -S ql/lib/ruby.dbscheme testdb empty.trap
codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
--dbscheme=ql/lib/ruby.dbscheme --target-dbscheme=downgrades/initial/ruby.dbscheme |
xargs codeql execute upgrades testdb
diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
qltest:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
slice: ["1/2", "2/2"]
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- uses: ./ruby/actions/create-extractor-pack
- name: Run QL tests
run: |
codeql test run --threads=0 --ram 5000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
env:
GITHUB_TOKEN: ${{ github.token }}

32
.github/workflows/swift-codegen.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
name: "Swift: Check code generation"
on:
pull_request:
paths:
- "swift/**"
- .github/workflows/swift-codegen.yml
branches:
- main
jobs:
codegen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- uses: bazelbuild/setup-bazelisk@v2
- name: Run unit tests
run: |
bazel test //swift/codegen/test --test_output=errors
- name: Check that QL generated code was checked in
run: |
bazel run //swift/codegen
git add swift
git diff --exit-code --stat HEAD
- name: Generate C++ files
run: |
bazel run //swift/codegen:cppcodegen -- --cpp-output=$PWD/swift-generated-headers
- uses: actions/upload-artifact@v3
with:
name: swift-generated-headers
path: swift-generated-headers/*.h

39
.github/workflows/swift-qltest.yml vendored Normal file
View File

@@ -0,0 +1,39 @@
name: "Swift: Run QL Tests"
on:
pull_request:
paths:
- "swift/**"
- .github/workflows/swift-qltest.yml
branches:
- main
defaults:
run:
working-directory: swift
jobs:
qlformat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- name: Check QL formatting
run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
qltest:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os : [ubuntu-20.04, macos-latest]
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/fetch-codeql
- uses: bazelbuild/setup-bazelisk@v2
- name: Build Swift extractor
run: |
bazel run //swift:create-extractor-pack
- name: Run QL tests
run: |
codeql test run --threads=0 --ram 5000 --search-path "${{ github.workspace }}/swift/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition ql/test
env:
GITHUB_TOKEN: ${{ github.token }}

View File

@@ -14,7 +14,7 @@ jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Check synchronized files
run: python config/sync-files.py

View File

@@ -0,0 +1,29 @@
name: Validate change notes
on:
push:
paths:
- "*/ql/*/change-notes/**/*"
- ".github/workflows/validate-change-notes.yml"
branches:
- main
- "rc/*"
pull_request:
paths:
- "*/ql/*/change-notes/**/*"
- ".github/workflows/validate-change-notes.yml"
jobs:
check-change-note:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup CodeQL
uses: ./.github/actions/fetch-codeql
- name: Fail if there are any errors with existing change notes
run: |
codeql pack release --groups cpp,csharp,java,javascript,python,ruby,-examples,-test,-experimental

29
.gitignore vendored
View File

@@ -9,6 +9,7 @@
# qltest projects and artifacts
*/ql/test/**/*.testproj
*/ql/test/**/*.actual
*/ql/test/**/go.sum
# Visual studio temporaries, except a file used by QL4VS
.vs/*
@@ -17,9 +18,12 @@
# Byte-compiled python files
*.pyc
# python virtual environment folder
# python virtual environment folder
.venv/
# binary files created by pytest-cov
.coverage
# It's useful (though not required) to be able to unpack codeql in the ql checkout itself
/codeql/
@@ -29,4 +33,25 @@ csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
.codeql
# Compiled class file
*.class
*.class
# links created by bazel
/bazel-*
# local bazel options
/local.bazelrc
# CLion project files
/.clwb
# Go build artifacts
go/build/*
# Go binaries
go/tools/bin
go/tools/linux64
go/tools/osx64
go/tools/win64
go/tools/tokenizer.jar
go/main

View File

@@ -6,6 +6,7 @@ path_classifiers:
test:
- csharp/ql/src
- csharp/ql/test
- go/ql/test
- javascript/extractor/parser-tests
- javascript/extractor/tests
- javascript/ql/src
@@ -13,6 +14,9 @@ path_classifiers:
- python/ql/src
- python/ql/test
example:
- go/ql/src
queries:
- include: "*"

51
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,51 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0
hooks:
- id: trailing-whitespace
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
- id: end-of-file-fixer
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: v13.0.1
hooks:
- id: clang-format
files: ^swift/.*\.(h|c|cpp)$
- repo: local
hooks:
- id: codeql-format
name: Fix QL file formatting
files: \.qll?$
language: system
entry: codeql query format --in-place
- id: sync-files
name: Fix files required to be identical
files: \.(qll?|qhelp)$
language: system
entry: python3 config/sync-files.py --latest
pass_filenames: false
- id: qhelp
name: Check query help generation
files: \.qhelp$
language: system
entry: python3 misc/scripts/check-qhelp.py
- id: swift-codegen
name: Run Swift checked in code generation
files: ^swift/(codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements))
language: system
entry: bazel run //swift/codegen
pass_filenames: false
- id: swift-codegen-unit-tests
name: Run Swift code generation unit tests
files: ^swift/codegen/.*\.py$
language: system
entry: bazel test //swift/codegen/test
pass_filenames: false

View File

@@ -1,17 +1,16 @@
/cpp/ @github/codeql-c-analysis
/csharp/ @github/codeql-csharp
/go/ @github/codeql-go
/java/ @github/codeql-java
/javascript/ @github/codeql-javascript
/python/ @github/codeql-python
/ruby/ @github/codeql-ruby
/swift/ @github/codeql-c
/java/kotlin-extractor/ @github/codeql-kotlin
/java/kotlin-explorer/ @github/codeql-kotlin
# Make @xcorail (GitHub Security Lab) a code owner for experimental queries so he gets pinged when we promote a query out of experimental
/cpp/**/experimental/**/* @github/codeql-c-analysis @xcorail
/csharp/**/experimental/**/* @github/codeql-csharp @xcorail
/java/**/experimental/**/* @github/codeql-java @xcorail
/javascript/**/experimental/**/* @github/codeql-javascript @xcorail
/python/**/experimental/**/* @github/codeql-python @xcorail
/ruby/**/experimental/**/* @github/codeql-ruby @xcorail
# ML-powered queries
/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
# Notify members of codeql-go about PRs to the shared data-flow library files
/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
@@ -27,4 +26,19 @@
/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
# QL for QL reviewers
/ql/ @erik-krogh @tausbn
/ql/ @github/codeql-ql-for-ql-reviewers
# Bazel
**/*.bazel @github/codeql-ci-reviewers
**/*.bzl @github/codeql-ci-reviewers
# Documentation etc
/*.md @github/code-scanning-product
/LICENSE @github/code-scanning-product
# Workflows
/.github/workflows/ @github/codeql-ci-reviewers
/.github/workflows/go-* @github/codeql-go
/.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
/.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
/.github/workflows/ruby-* @github/codeql-ruby

View File

@@ -2,8 +2,11 @@
We welcome contributions to our CodeQL libraries and queries. Got an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE).
There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries) on [codeql.github.com](https://codeql.github.com).
## Change notes
Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
## Submitting a new experimental query
@@ -33,13 +36,17 @@ If you have an idea for a query that you would like to share with other CodeQL u
For details, see the [guide on query metadata](docs/query-metadata-style-guide.md).
Make sure the `select` statement is compatible with the query `@kind`. See [About CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/introduction-to-queries.html#select-clause) on help.semmle.com.
Make sure the `select` statement is compatible with the query `@kind`. See [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com.
3. **Formatting**
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code).
If you prefer, you can use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted. See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on how to install the hook.
If you prefer, you can either:
1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or
2. use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted.
See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on the two approaches.
4. **Compilation**
@@ -60,6 +67,10 @@ After the experimental query is merged, we welcome pull requests to improve it.
## Using your personal data
If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product.
If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product.
Please do get in touch (privacy@github.com) if you have any questions about this or our data protection policies.
## Bazel
Please notice that any bazel targets and definitions in this repository are currently experimental
and for internal use only.

View File

@@ -1,11 +1,11 @@
# CodeQL
This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide.
## How do I learn CodeQL and run queries?
There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL.
You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension to try out your queries on any open source project that's currently being analyzed.
You can use the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension or the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com (Semmle Legacy product) to try out your queries on any open source project that's currently being analyzed.
## Contributing
@@ -15,6 +15,8 @@ We welcome contributions to our standard library and standard checks. Do you hav
The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).
The CodeQL CLI (including the CodeQL engine) is hosted in a [different repository](https://github.com/github/codeql-cli-binaries) and is [licensed separately](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md). If you'd like to use the CodeQL CLI to analyze closed-source code, you will need a separate commercial license; please [contact us](https://github.com/enterprise/contact) for further help.
## Visual Studio Code integration
If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

12
WORKSPACE.bazel Normal file
View File

@@ -0,0 +1,12 @@
# Please notice that any bazel targets and definitions in this repository are currently experimental
# and for internal use only.
workspace(name = "codeql")
load("//misc/bazel:workspace.bzl", "codeql_workspace")
codeql_workspace()
load("//misc/bazel:workspace_deps.bzl", "codeql_workspace_deps")
codeql_workspace_deps()

View File

@@ -0,0 +1,58 @@
import fs from "fs";
import path from "path";
import cp from "child_process";
function* walk(dir) {
for (const file of fs.readdirSync(dir)) {
const filePath = path.join(dir, file);
if (fs.statSync(filePath).isDirectory()) {
yield* walk(filePath);
} else {
yield filePath;
}
}
}
function* deprecatedFiles(dir) {
for (const file of walk(dir)) {
if (file.endsWith(".ql") || file.endsWith(".qll")) {
const contents = fs.readFileSync(file, "utf8");
if (/\sdeprecated\s/.test(contents)) {
yield file;
}
}
}
}
const blameRegExp =
/^(\^?\w+)\s.+\s+(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} (?:\+|-)\d{4})\s+(\d+)\).*$/;
function* deprecationMessages(dir) {
for (const file of deprecatedFiles(dir)) {
const blame = cp.execFileSync("git", ["blame", "--", file]);
const lines = blame.toString().split("\n");
for (let i = 0; i < lines.length; i++) {
const line = lines[i];
if (line.includes(" deprecated ")) {
try {
const [_, sha, time, lineNumber] = line.match(blameRegExp);
const date = new Date(time);
// check if it's within the last 14 months (a year, plus 2 months for safety, in case a PR was delayed)
if (date.getTime() >= Date.now() - 14 * 31 * 24 * 60 * 60 * 1000) {
continue;
}
const message = `${file}:${lineNumber} was last updated on ${date.getFullYear()}-${date.getMonth()}-${date.getDate()}`;
yield [message, date];
} catch (e) {
console.log(e);
console.log("----");
console.log(line);
console.log("----");
process.exit(0);
}
}
}
}
}
[...deprecationMessages(".")]
.sort((a, b) => a[1].getTime() - b[1].getTime())
.forEach((msg) => console.log(msg[0]));

View File

@@ -7,6 +7,7 @@
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll",
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
@@ -21,12 +22,15 @@
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll"
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForLibraries.qll",
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll"
],
"DataFlow Java/C++/C#/Python Common": [
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
@@ -34,7 +38,8 @@
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll"
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll",
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll"
],
"TaintTracking::Configuration Java/C++/C#/Python": [
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -49,11 +54,14 @@
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforlibraries/TaintTrackingImpl.qll",
"swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
],
"DataFlow Java/C++/C#/Python Consistency checks": [
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
@@ -61,7 +69,8 @@
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll"
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll",
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll"
],
"DataFlow Java/C# Flow Summaries": [
"java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
@@ -72,6 +81,10 @@
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
],
"Model as Data Generation Java/C# - CaptureModels": [
"java/ql/src/utils/model-generator/internal/CaptureModels.qll",
"csharp/ql/src/utils/model-generator/internal/CaptureModels.qll"
],
"Sign Java/C#": [
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
@@ -376,7 +389,8 @@
"csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
"java/ql/test/TestUtilities/InlineExpectationsTest.qll",
"python/ql/test/TestUtilities/InlineExpectationsTest.qll",
"ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
"ruby/ql/test/TestUtilities/InlineExpectationsTest.qll",
"ql/ql/test/TestUtilities/InlineExpectationsTest.qll"
],
"C++ ExternalAPIs": [
"cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
@@ -425,7 +439,6 @@
"python/ql/src/Lexical/CommentedOutCodeMetricOverview.inc.qhelp"
],
"FLinesOfDuplicatedCodeCommon.inc.qhelp": [
"cpp/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.inc.qhelp",
"java/ql/src/Metrics/Files/FLinesOfDuplicatedCodeCommon.inc.qhelp",
"javascript/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.inc.qhelp",
"python/ql/src/Metrics/FLinesOfDuplicatedCodeCommon.inc.qhelp"
@@ -450,7 +463,8 @@
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
"csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll",
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll"
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll",
"swift/ql/lib/codeql/swift/dataflow/internal/SsaImplCommon.qll"
],
"CryptoAlgorithms Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
@@ -464,21 +478,26 @@
],
"SensitiveDataHeuristics Python/JS": [
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
],
"ReDoS Util Python/JS/Ruby": [
"ReDoS Util Python/JS/Ruby/Java": [
"javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
"python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
"ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll"
"ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll",
"java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll"
],
"ReDoS Exponential Python/JS": [
"ReDoS Exponential Python/JS/Ruby/Java": [
"javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
"python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll"
"python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll",
"ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll",
"java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll"
],
"ReDoS Polynomial Python/JS": [
"ReDoS Polynomial Python/JS/Ruby/Java": [
"javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
"python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
"ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll"
"ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll",
"java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll"
],
"BadTagFilterQuery Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
@@ -487,7 +506,8 @@
],
"CFG": [
"csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
"ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll"
"ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll",
"swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll"
],
"TypeTracker": [
"python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
@@ -500,5 +520,49 @@
"javascript/ql/lib/tutorial.qll",
"python/ql/lib/tutorial.qll",
"ruby/ql/lib/tutorial.qll"
],
"AccessPathSyntax": [
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
"java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
"ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll"
],
"IncompleteUrlSubstringSanitization": [
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
"ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll"
],
"Concepts Python/Ruby/JS": [
"python/ql/lib/semmle/python/internal/ConceptsShared.qll",
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
],
"Hostname Regexp queries": [
"javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
"python/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
"ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll"
],
"ApiGraphModels": [
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll"
],
"TaintedFormatStringQuery Ruby/JS": [
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
],
"TaintedFormatStringCustomizations Ruby/JS": [
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringCustomizations.qll",
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringCustomizations.qll"
],
"HttpToFileAccessQuery JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll",
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll"
],
"HttpToFileAccessCustomizations JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll",
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll"
],
"Typo database": [
"javascript/ql/src/Expressions/TypoDatabase.qll",
"ql/ql/src/codeql_ql/style/TypoDatabase.qll"
]
}
}

1
conftest.py Normal file
View File

@@ -0,0 +1 @@
# this empty file adds the repo root to PYTHON_PATH when running pytest

17
cpp/BUILD.bazel Normal file
View File

@@ -0,0 +1,17 @@
package(default_visibility = ["//visibility:public"])
load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
alias(
name = "dbscheme",
actual = "//cpp/ql/lib:dbscheme",
)
pkg_filegroup(
name = "db-files",
srcs = [
":dbscheme",
"//cpp/downgrades",
"//cpp/ql/lib:dbscheme-stats",
],
)

View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net5.0</TargetFramework>
<TargetFramework>net6.0</TargetFramework>
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
<Nullable>enable</Nullable>

View File

@@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<TargetFramework>net6.0</TargetFramework>
<AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
<RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
<ApplicationIcon />

View File

@@ -31,6 +31,7 @@
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql: /Correctness/Common Errors
# Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries

View File

@@ -34,6 +34,7 @@
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql: /Correctness/Common Errors
# Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Correctness/Exceptions

View File

@@ -5,9 +5,11 @@
@name Badly bounded write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
@name Potentially overrunning write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql: /CWE/CWE-120
@name Likely overrunning write
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
@name Potentially overrunning write with float to string conversion (CWE-120)
+ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
@name Array offset used before range check (CWE-120)
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
@name Potentially unsafe use of strcat (CWE-120)
@name Potentially unsafe use of strcat (CWE-120)

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: Remove unused legacy relations
compatibility: backwards

View File

@@ -0,0 +1,12 @@
load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
pkg_files(
name = "downgrades",
srcs = glob(
["**"],
exclude = ["BUILD.bazel"],
),
prefix = "cpp/downgrades",
strip_prefix = strip_prefix.from_pkg(),
visibility = ["//cpp:__pkg__"],
)

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,3 @@
description: Add relation for tracking variables from structured binding declarations
compatibility: full
is_structured_binding.rel: delete

View File

@@ -0,0 +1,21 @@
class Element extends @element {
string toString() { none() }
}
class Expr extends @expr {
string toString() { none() }
}
class Stmt extends @stmt {
string toString() { none() }
}
predicate isStmtWithInitializer(Stmt stmt) {
exists(int kind | stmts(stmt, kind, _) | kind = 2 or kind = 11 or kind = 35)
}
from Expr child, int index, int index_new, Element parent
where
exprparents(child, index, parent) and
if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
select child, index_new, parent

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,22 @@
class Element extends @element {
string toString() { none() }
}
class Stmt extends @stmt {
string toString() { none() }
}
predicate isStmtWithInitializer(Stmt stmt) {
exists(int kind | stmts(stmt, kind, _) | kind = 2 or kind = 11 or kind = 35)
}
from Stmt child, int index, int index_new, Element parent
where
stmtparents(child, index, parent) and
(
not isStmtWithInitializer(parent)
or
index > 0
) and
if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
select child, index_new, parent

View File

@@ -0,0 +1,6 @@
description: Support C++17 if and switch initializers
compatibility: partial
if_initialization.rel: delete
switch_initialization.rel: delete
exprparents.rel: run exprparents.qlo
stmtparents.rel: run stmtparents.qlo

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: Remove uniqueness constraint from the uuid property
compatibility: full

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,4 @@
name: codeql/cpp-downgrades
groups: cpp
downgrades: .
library: true

View File

@@ -1,4 +1,6 @@
name: codeql/cpp-examples
version: 0.0.2
groups:
- cpp
- examples
dependencies:
codeql/cpp-all: "*"

15
cpp/ql/lib/BUILD.bazel Normal file
View File

@@ -0,0 +1,15 @@
package(default_visibility = ["//cpp:__pkg__"])
load("@rules_pkg//:mappings.bzl", "pkg_files")
pkg_files(
name = "dbscheme",
srcs = ["semmlecode.cpp.dbscheme"],
prefix = "cpp",
)
pkg_files(
name = "dbscheme-stats",
srcs = ["semmlecode.cpp.dbscheme.stats"],
prefix = "cpp",
)

View File

@@ -1,3 +1,79 @@
## 0.2.1
## 0.2.0
### Breaking Changes
* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
### Minor Analysis Improvements
* More Windows pool allocation functions are now detected as `AllocationFunction`s.
* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
## 0.1.0
### Breaking Changes
* The recently added flow-state versions of `isBarrierIn`, `isBarrierOut`, `isSanitizerIn`, and `isSanitizerOut` in the data flow and taint tracking libraries have been removed.
### New Features
* A new library `semmle.code.cpp.security.PrivateData` has been added. The new library heuristically detects variables and functions dealing with sensitive private data, such as e-mail addresses and credit card numbers.
### Minor Analysis Improvements
* The `semmle.code.cpp.security.SensitiveExprs` library has been enhanced with some additional rules for detecting credentials.
## 0.0.13
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.11
### Minor Analysis Improvements
* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.
## 0.0.10
### New Features
* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.
## 0.0.9
## 0.0.8
### Deprecated APIs
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
### Minor Analysis Improvements
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
more accurate length for integers formatted with `%x`
## 0.0.7
## 0.0.6

View File

@@ -54,11 +54,13 @@ class Options extends string {
*
* By default, this holds for `exit`, `_exit`, `abort`, `__assert_fail`,
* `longjmp`, `__builtin_unreachable` and any function with a
* `noreturn` attribute.
* `noreturn` attribute or specifier.
*/
predicate exits(Function f) {
f.getAnAttribute().hasName("noreturn")
or
f.getASpecifier().hasName("noreturn")
or
f.hasGlobalOrStdName([
"exit", "_exit", "abort", "__assert_fail", "longjmp", "__builtin_unreachable"
])

View File

@@ -39,7 +39,7 @@ class CustomOptions extends Options {
*
* By default, this holds for `exit`, `_exit`, `abort`, `__assert_fail`,
* `longjmp`, `error`, `__builtin_unreachable` and any function with a
* `noreturn` attribute.
* `noreturn` attribute or specifier.
*/
override predicate exits(Function f) { Options.super.exits(f) }

View File

@@ -0,0 +1,4 @@
---
category: feature
---
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.

View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.

View File

@@ -0,0 +1,5 @@
## 0.0.10
### New Features
* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.

View File

@@ -0,0 +1,5 @@
## 0.0.11
### Minor Analysis Improvements
* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.

View File

@@ -0,0 +1,20 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

View File

@@ -0,0 +1 @@
## 0.0.13

View File

@@ -0,0 +1,10 @@
## 0.0.8
### Deprecated APIs
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
### Minor Analysis Improvements
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
more accurate length for integers formatted with `%x`

View File

@@ -0,0 +1,2 @@
## 0.0.9

View File

@@ -0,0 +1,13 @@
## 0.1.0
### Breaking Changes
* The recently added flow-state versions of `isBarrierIn`, `isBarrierOut`, `isSanitizerIn`, and `isSanitizerOut` in the data flow and taint tracking libraries have been removed.
### New Features
* A new library `semmle.code.cpp.security.PrivateData` has been added. The new library heuristically detects variables and functions dealing with sensitive private data, such as e-mail addresses and credit card numbers.
### Minor Analysis Improvements
* The `semmle.code.cpp.security.SensitiveExprs` library has been enhanced with some additional rules for detecting credentials.

View File

@@ -0,0 +1,10 @@
## 0.2.0
### Breaking Changes
* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
### Minor Analysis Improvements
* More Windows pool allocation functions are now detected as `AllocationFunction`s.
* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.

View File

@@ -0,0 +1 @@
## 0.2.1

View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.7
lastReleaseVersion: 0.2.1

View File

@@ -69,6 +69,4 @@ import semmle.code.cpp.Comments
import semmle.code.cpp.Preprocessor
import semmle.code.cpp.Iteration
import semmle.code.cpp.NameQualifiers
import semmle.code.cpp.ObjectiveC
import semmle.code.cpp.exprs.ObjectiveC
import DefaultOptions

View File

@@ -4,7 +4,7 @@
import cpp
import semmle.code.cpp.dataflow.TaintTracking
import experimental.semmle.code.cpp.security.PrivateData
import semmle.code.cpp.security.PrivateData
import semmle.code.cpp.security.FileWrite
import semmle.code.cpp.security.BufferWrite

View File

@@ -1,52 +0,0 @@
/**
* Provides classes and predicates for identifying private data and functions for security.
*
* 'Private' data in general is anything that would compromise user privacy if exposed. This
* library tries to guess where private data may either be stored in a variable or produced by a
* function.
*
* This library is not concerned with credentials. See `SensitiveActions` for expressions related
* to credentials.
*/
import cpp
/** A string for `match` that identifies strings that look like they represent private data. */
private string privateNames() {
result =
[
// Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
// Government identifiers, such as Social Security Numbers
"%social%security%number%",
// Contact information, such as home addresses and telephone numbers
"%postcode%", "%zipcode%",
// result = "%telephone%" or
// Geographic location - where the user is (or was)
"%latitude%", "%longitude%",
// Financial data - such as credit card numbers, salary, bank accounts, and debts
"%creditcard%", "%salary%", "%bankaccount%",
// Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
// result = "%email%" or
// result = "%mobile%" or
"%employer%",
// Health - medical conditions, insurance status, prescription records
"%medical%"
]
}
/** An expression that might contain private data. */
abstract class PrivateDataExpr extends Expr { }
/** A functiond call that might produce private data. */
class PrivateFunctionCall extends PrivateDataExpr, FunctionCall {
PrivateFunctionCall() {
exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
}
}
/** An access to a variable that might contain private data. */
class PrivateVariableAccess extends PrivateDataExpr, VariableAccess {
PrivateVariableAccess() {
exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
}
}

View File

@@ -0,0 +1,7 @@
import SemanticExpr
import SemanticBound
import SemanticSSA
import SemanticGuard
import SemanticCFG
import SemanticType
import SemanticOpcode

View File

@@ -0,0 +1,42 @@
/**
* Semantic wrapper around the language-specific bounds library.
*/
private import SemanticExpr
private import SemanticExprSpecific::SemanticExprConfig as Specific
private import SemanticSSA
/**
* A valid base for an expression bound.
*
* Can be either a variable (`SemSsaBound`) or zero (`SemZeroBound`).
*/
class SemBound instanceof Specific::Bound {
final string toString() { result = super.toString() }
final SemExpr getExpr(int delta) { result = Specific::getBoundExpr(this, delta) }
}
/**
* A bound that is a constant zero.
*/
class SemZeroBound extends SemBound {
SemZeroBound() { Specific::zeroBound(this) }
}
/**
* A bound that is an SSA definition.
*/
class SemSsaBound extends SemBound {
/**
* The variables whose value is used as the bound.
*
* Can be multi-valued in some implementations. If so, all variables will be equivalent.
*/
SemSsaVariable var;
SemSsaBound() { Specific::ssaBound(this, var) }
/** Gets a variable whose value is used as the bound. */
final SemSsaVariable getAVariable() { result = var }
}

View File

@@ -0,0 +1,22 @@
/**
* Semantic interface to the control flow graph.
*/
private import Semantic
private import SemanticExprSpecific::SemanticExprConfig as Specific
/**
* A basic block in the control-flow graph.
*/
class SemBasicBlock extends Specific::BasicBlock {
/** Holds if this block (transitively) dominates `otherblock`. */
final predicate bbDominates(SemBasicBlock otherBlock) { Specific::bbDominates(this, otherBlock) }
/** Holds if this block has dominance information. */
final predicate hasDominanceInformation() { Specific::hasDominanceInformation(this) }
/** Gets an expression that is evaluated in this basic block. */
final SemExpr getAnExpr() { result.getBasicBlock() = this }
final int getUniqueId() { result = Specific::getBasicBlockUniqueId(this) }
}

View File

@@ -0,0 +1,309 @@
/**
* Semantic interface for expressions.
*/
private import Semantic
private import SemanticExprSpecific::SemanticExprConfig as Specific
/**
* An language-neutral expression.
*
* The expression computes a value of type `getSemType()`. The actual computation is determined by
* the expression's opcode (`getOpcode()`).
*/
class SemExpr instanceof Specific::Expr {
final string toString() { result = super.toString() }
final Specific::Location getLocation() { result = super.getLocation() }
Opcode getOpcode() { result instanceof Opcode::Unknown }
SemType getSemType() { result = Specific::getUnknownExprType(this) }
final SemBasicBlock getBasicBlock() { result = Specific::getExprBasicBlock(this) }
}
/** An expression with an opcode other than `Unknown`. */
abstract private class SemKnownExpr extends SemExpr {
Opcode opcode;
SemType type;
final override Opcode getOpcode() { result = opcode }
final override SemType getSemType() { result = type }
}
/** An expression that returns a literal value. */
class SemLiteralExpr extends SemKnownExpr {
SemLiteralExpr() {
Specific::integerLiteral(this, type, _) and opcode instanceof Opcode::Constant
or
Specific::largeIntegerLiteral(this, type, _) and opcode instanceof Opcode::Constant
or
Specific::booleanLiteral(this, type, _) and opcode instanceof Opcode::Constant
or
Specific::floatingPointLiteral(this, type, _) and opcode instanceof Opcode::Constant
or
Specific::nullLiteral(this, type) and opcode instanceof Opcode::Constant
or
Specific::stringLiteral(this, type, _) and opcode instanceof Opcode::StringConstant
}
}
/** An expression that returns a numeric literal value. */
class SemNumericLiteralExpr extends SemLiteralExpr {
SemNumericLiteralExpr() {
Specific::integerLiteral(this, _, _)
or
Specific::largeIntegerLiteral(this, _, _)
or
Specific::floatingPointLiteral(this, _, _)
}
/**
* Gets an approximation of the value of the literal, as a `float`.
*
* If the value can be precisely represented as a `float`, the result will be exact. If the actual
* value cannot be precisely represented (for example, it is an integer with more than 53
* significant bits), then the result is an approximation.
*/
float getApproximateFloatValue() { none() }
}
/** An expression that returns an integer literal value. */
class SemIntegerLiteralExpr extends SemNumericLiteralExpr {
SemIntegerLiteralExpr() {
Specific::integerLiteral(this, _, _)
or
Specific::largeIntegerLiteral(this, _, _)
}
/**
* Gets the value of the literal, if it can be represented as an `int`.
*
* If the value is outside the range of an `int`, use `getApproximateFloatValue()` to get a value
* that is equal to the actual integer value, within rounding error.
*/
final int getIntValue() { Specific::integerLiteral(this, _, result) }
final override float getApproximateFloatValue() {
result = getIntValue()
or
Specific::largeIntegerLiteral(this, _, result)
}
}
/**
* An expression that returns a floating-point literal value.
*/
class SemFloatingPointLiteralExpr extends SemNumericLiteralExpr {
float value;
SemFloatingPointLiteralExpr() { Specific::floatingPointLiteral(this, _, value) }
final override float getApproximateFloatValue() { result = value }
/** Gets the value of the literal. */
final float getFloatValue() { result = value }
}
/**
* An expression that consumes two operands.
*/
class SemBinaryExpr extends SemKnownExpr {
SemExpr leftOperand;
SemExpr rightOperand;
SemBinaryExpr() { Specific::binaryExpr(this, opcode, type, leftOperand, rightOperand) }
/** Gets the left operand. */
final SemExpr getLeftOperand() { result = leftOperand }
/** Gets the right operand. */
final SemExpr getRightOperand() { result = rightOperand }
/** Holds if `a` and `b` are the two operands, in either order. */
final predicate hasOperands(SemExpr a, SemExpr b) {
a = getLeftOperand() and b = getRightOperand()
or
a = getRightOperand() and b = getLeftOperand()
}
/** Gets the two operands. */
final SemExpr getAnOperand() { result = getLeftOperand() or result = getRightOperand() }
}
/** An expression that performs and ordered comparison of two operands. */
class SemRelationalExpr extends SemBinaryExpr {
SemRelationalExpr() {
opcode instanceof Opcode::CompareLT
or
opcode instanceof Opcode::CompareLE
or
opcode instanceof Opcode::CompareGT
or
opcode instanceof Opcode::CompareGE
}
/**
* Get the operand that will be less than the other operand if the result of the comparison is
* `true`.
*
* For `x < y` or `x <= y`, this will return `x`.
* For `x > y` or `x >= y`, this will return `y`.`
*/
final SemExpr getLesserOperand() {
if opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareLE
then result = getLeftOperand()
else result = getRightOperand()
}
/**
* Get the operand that will be greater than the other operand if the result of the comparison is
* `true`.
*
* For `x < y` or `x <= y`, this will return `y`.
* For `x > y` or `x >= y`, this will return `x`.`
*/
final SemExpr getGreaterOperand() {
if opcode instanceof Opcode::CompareGT or opcode instanceof Opcode::CompareGE
then result = getLeftOperand()
else result = getRightOperand()
}
/** Holds if this comparison returns `false` if the two operands are equal. */
final predicate isStrict() {
opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareGT
}
}
class SemAddExpr extends SemBinaryExpr {
SemAddExpr() { opcode instanceof Opcode::Add }
}
class SemSubExpr extends SemBinaryExpr {
SemSubExpr() { opcode instanceof Opcode::Sub }
}
class SemMulExpr extends SemBinaryExpr {
SemMulExpr() { opcode instanceof Opcode::Mul }
}
class SemDivExpr extends SemBinaryExpr {
SemDivExpr() { opcode instanceof Opcode::Div }
}
class SemRemExpr extends SemBinaryExpr {
SemRemExpr() { opcode instanceof Opcode::Rem }
}
class SemShiftLeftExpr extends SemBinaryExpr {
SemShiftLeftExpr() { opcode instanceof Opcode::ShiftLeft }
}
class SemShiftRightExpr extends SemBinaryExpr {
SemShiftRightExpr() { opcode instanceof Opcode::ShiftRight }
}
class SemShiftRightUnsignedExpr extends SemBinaryExpr {
SemShiftRightUnsignedExpr() { opcode instanceof Opcode::ShiftRightUnsigned }
}
class SemBitAndExpr extends SemBinaryExpr {
SemBitAndExpr() { opcode instanceof Opcode::BitAnd }
}
class SemBitOrExpr extends SemBinaryExpr {
SemBitOrExpr() { opcode instanceof Opcode::BitOr }
}
class SemBitXorExpr extends SemBinaryExpr {
SemBitXorExpr() { opcode instanceof Opcode::BitXor }
}
class SemUnaryExpr extends SemKnownExpr {
SemExpr operand;
SemUnaryExpr() { Specific::unaryExpr(this, opcode, type, operand) }
final SemExpr getOperand() { result = operand }
}
class SemBoxExpr extends SemUnaryExpr {
SemBoxExpr() { opcode instanceof Opcode::Box }
}
class SemUnboxExpr extends SemUnaryExpr {
SemUnboxExpr() { opcode instanceof Opcode::Unbox }
}
class SemConvertExpr extends SemUnaryExpr {
SemConvertExpr() { opcode instanceof Opcode::Convert }
}
class SemCopyValueExpr extends SemUnaryExpr {
SemCopyValueExpr() { opcode instanceof Opcode::CopyValue }
}
class SemNegateExpr extends SemUnaryExpr {
SemNegateExpr() { opcode instanceof Opcode::Negate }
}
class SemBitComplementExpr extends SemUnaryExpr {
SemBitComplementExpr() { opcode instanceof Opcode::BitComplement }
}
class SemLogicalNotExpr extends SemUnaryExpr {
SemLogicalNotExpr() { opcode instanceof Opcode::LogicalNot }
}
class SemAddOneExpr extends SemUnaryExpr {
SemAddOneExpr() { opcode instanceof Opcode::AddOne }
}
class SemSubOneExpr extends SemUnaryExpr {
SemSubOneExpr() { opcode instanceof Opcode::SubOne }
}
private class SemNullaryExpr extends SemKnownExpr {
SemNullaryExpr() { Specific::nullaryExpr(this, opcode, type) }
}
class SemInitializeParameterExpr extends SemNullaryExpr {
SemInitializeParameterExpr() { opcode instanceof Opcode::InitializeParameter }
}
class SemLoadExpr extends SemNullaryExpr {
SemLoadExpr() { opcode instanceof Opcode::Load }
final SemSsaVariable getDef() { result.getAUse() = this }
}
class SemSsaLoadExpr extends SemLoadExpr {
SemSsaLoadExpr() { exists(getDef()) }
}
class SemNonSsaLoadExpr extends SemLoadExpr {
SemNonSsaLoadExpr() { not exists(getDef()) }
}
class SemStoreExpr extends SemUnaryExpr {
SemStoreExpr() { opcode instanceof Opcode::Store }
}
class SemConditionalExpr extends SemKnownExpr {
SemExpr condition;
SemExpr trueResult;
SemExpr falseResult;
SemConditionalExpr() {
opcode instanceof Opcode::Conditional and
Specific::conditionalExpr(this, type, condition, trueResult, falseResult)
}
final SemExpr getBranchExpr(boolean branch) {
branch = true and result = trueResult
or
branch = false and result = falseResult
}
}

View File

@@ -0,0 +1,297 @@
/**
* C++-specific implementation of the semantic interface.
*/
private import cpp as Cpp
private import semmle.code.cpp.ir.IR as IR
private import Semantic
private import experimental.semmle.code.cpp.rangeanalysis.Bound as IRBound
private import semmle.code.cpp.controlflow.IRGuards as IRGuards
module SemanticExprConfig {
class Location = Cpp::Location;
class Expr = IR::Instruction;
SemBasicBlock getExprBasicBlock(Expr e) { result = getSemanticBasicBlock(e.getBlock()) }
private predicate anyConstantExpr(Expr expr, SemType type, string value) {
exists(IR::ConstantInstruction instr | instr = expr |
type = getSemanticType(instr.getResultIRType()) and
value = instr.getValue()
)
}
predicate integerLiteral(Expr expr, SemIntegerType type, int value) {
exists(string valueString |
anyConstantExpr(expr, type, valueString) and
value = valueString.toInt()
)
}
predicate largeIntegerLiteral(Expr expr, SemIntegerType type, float approximateFloatValue) {
exists(string valueString |
anyConstantExpr(expr, type, valueString) and
not exists(valueString.toInt()) and
approximateFloatValue = valueString.toFloat()
)
}
predicate floatingPointLiteral(Expr expr, SemFloatingPointType type, float value) {
exists(string valueString |
anyConstantExpr(expr, type, valueString) and value = valueString.toFloat()
)
}
predicate booleanLiteral(Expr expr, SemBooleanType type, boolean value) {
exists(string valueString |
anyConstantExpr(expr, type, valueString) and
(
valueString = "true" and value = true
or
valueString = "false" and value = false
)
)
}
predicate nullLiteral(Expr expr, SemAddressType type) { anyConstantExpr(expr, type, _) }
predicate stringLiteral(Expr expr, SemType type, string value) {
anyConstantExpr(expr, type, value) and expr instanceof IR::StringConstantInstruction
}
predicate binaryExpr(Expr expr, Opcode opcode, SemType type, Expr leftOperand, Expr rightOperand) {
exists(IR::BinaryInstruction instr | instr = expr |
type = getSemanticType(instr.getResultIRType()) and
leftOperand = instr.getLeft() and
rightOperand = instr.getRight() and
// REVIEW: Merge the two `Opcode` types.
opcode.toString() = instr.getOpcode().toString()
)
}
predicate unaryExpr(Expr expr, Opcode opcode, SemType type, Expr operand) {
type = getSemanticType(expr.getResultIRType()) and
(
exists(IR::UnaryInstruction instr | instr = expr |
operand = instr.getUnary() and
// REVIEW: Merge the two operand types.
opcode.toString() = instr.getOpcode().toString()
)
or
exists(IR::StoreInstruction instr | instr = expr |
operand = instr.getSourceValue() and
opcode instanceof Opcode::Store
)
)
}
predicate nullaryExpr(Expr expr, Opcode opcode, SemType type) {
type = getSemanticType(expr.getResultIRType()) and
(
expr instanceof IR::LoadInstruction and opcode instanceof Opcode::Load
or
expr instanceof IR::InitializeParameterInstruction and
opcode instanceof Opcode::InitializeParameter
)
}
predicate conditionalExpr(
Expr expr, SemType type, Expr condition, Expr trueResult, Expr falseResult
) {
none()
}
SemType getUnknownExprType(Expr expr) { result = getSemanticType(expr.getResultIRType()) }
class BasicBlock = IR::IRBlock;
predicate bbDominates(BasicBlock dominator, BasicBlock dominated) {
dominator.dominates(dominated)
}
predicate hasDominanceInformation(BasicBlock block) { any() }
int getBasicBlockUniqueId(BasicBlock block) {
// REVIEW: `getDisplayIndex()` is not intended for use in real queries, but for now it's the
// best we can do because `equivalentRelation` won't accept a predicate whose parameters are IPA
// types.
result = block.getDisplayIndex()
}
class SsaVariable instanceof IR::Instruction {
SsaVariable() { super.hasMemoryResult() }
final string toString() { result = super.toString() }
final Location getLocation() { result = super.getLocation() }
}
predicate explicitUpdate(SsaVariable v, Expr sourceExpr) { v = sourceExpr }
predicate phi(SsaVariable v) { v instanceof IR::PhiInstruction }
SsaVariable getAPhiInput(SsaVariable v) { result = v.(IR::PhiInstruction).getAnInput() }
Expr getAUse(SsaVariable v) { result.(IR::LoadInstruction).getSourceValue() = v }
SemType getSsaVariableType(SsaVariable v) {
result = getSemanticType(v.(IR::Instruction).getResultIRType())
}
BasicBlock getSsaVariableBasicBlock(SsaVariable v) { result = v.(IR::Instruction).getBlock() }
private newtype TReadPosition =
TReadPositionBlock(IR::IRBlock block) or
TReadPositionPhiInputEdge(IR::IRBlock pred, IR::IRBlock succ) {
exists(IR::PhiInputOperand input |
pred = input.getPredecessorBlock() and
succ = input.getUse().getBlock()
)
}
class SsaReadPosition extends TReadPosition {
string toString() { none() }
Location getLocation() { none() }
predicate hasRead(SsaVariable v) { none() }
}
private class SsaReadPositionBlock extends SsaReadPosition, TReadPositionBlock {
IR::IRBlock block;
SsaReadPositionBlock() { this = TReadPositionBlock(block) }
final override string toString() { result = block.toString() }
final override Location getLocation() { result = block.getLocation() }
final override predicate hasRead(SsaVariable v) {
exists(IR::Operand operand |
operand.getDef() = v and not operand instanceof IR::PhiInputOperand
)
}
}
private class SsaReadPositionPhiInputEdge extends SsaReadPosition, TReadPositionPhiInputEdge {
IR::IRBlock pred;
IR::IRBlock succ;
SsaReadPositionPhiInputEdge() { this = TReadPositionPhiInputEdge(pred, succ) }
final override string toString() { result = pred.toString() + "->" + succ.toString() }
final override Location getLocation() { result = succ.getLocation() }
final override predicate hasRead(SsaVariable v) {
exists(IR::PhiInputOperand operand |
operand.getDef() = v and
operand.getPredecessorBlock() = pred and
operand.getUse().getBlock() = succ
)
}
}
predicate hasReadOfSsaVariable(SsaReadPosition pos, SsaVariable v) { pos.hasRead(v) }
predicate readBlock(SsaReadPosition pos, BasicBlock block) { pos = TReadPositionBlock(block) }
predicate phiInputEdge(SsaReadPosition pos, BasicBlock origBlock, BasicBlock phiBlock) {
pos = TReadPositionPhiInputEdge(origBlock, phiBlock)
}
predicate phiInput(SsaReadPosition pos, SsaVariable phi, SsaVariable input) {
exists(IR::PhiInputOperand operand |
pos = TReadPositionPhiInputEdge(operand.getPredecessorBlock(), operand.getUse().getBlock())
|
phi = operand.getUse() and input = operand.getDef()
)
}
class Bound instanceof IRBound::Bound {
Bound() {
this instanceof IRBound::ZeroBound
or
this.(IRBound::ValueNumberBound).getValueNumber().getAnInstruction() instanceof SsaVariable
}
string toString() { result = super.toString() }
final Location getLocation() { result = super.getLocation() }
}
private class ValueNumberBound extends Bound {
IRBound::ValueNumberBound bound;
ValueNumberBound() { bound = this }
override string toString() {
result =
min(SsaVariable instr |
instr = bound.getValueNumber().getAnInstruction()
|
instr
order by
instr.(IR::Instruction).getBlock().getDisplayIndex(),
instr.(IR::Instruction).getDisplayIndexInBlock()
).toString()
}
}
predicate zeroBound(Bound bound) { bound instanceof IRBound::ZeroBound }
predicate ssaBound(Bound bound, SsaVariable v) {
v = bound.(IRBound::ValueNumberBound).getValueNumber().getAnInstruction()
}
Expr getBoundExpr(Bound bound, int delta) {
result = bound.(IRBound::Bound).getInstruction(delta)
}
class Guard = IRGuards::IRGuardCondition;
predicate guard(Guard guard, BasicBlock block) {
block = guard.(IRGuards::IRGuardCondition).getBlock()
}
Expr getGuardAsExpr(Guard guard) { result = guard }
predicate equalityGuard(Guard guard, Expr e1, Expr e2, boolean polarity) {
guard.(IRGuards::IRGuardCondition).comparesEq(e1.getAUse(), e2.getAUse(), 0, true, polarity)
}
predicate guardDirectlyControlsBlock(Guard guard, BasicBlock controlled, boolean branch) {
guard.(IRGuards::IRGuardCondition).controls(controlled, branch)
}
predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) {
guard.(IRGuards::IRGuardCondition).controlsEdge(bb1, bb2, branch)
}
Guard comparisonGuard(Expr e) { result = e }
predicate implies_v2(Guard g1, boolean b1, Guard g2, boolean b2) {
none() // TODO
}
}
SemExpr getSemanticExpr(IR::Instruction instr) { result = instr }
IR::Instruction getCppInstruction(SemExpr e) { e = result }
SemBasicBlock getSemanticBasicBlock(IR::IRBlock block) { result = block }
IR::IRBlock getCppBasicBlock(SemBasicBlock block) { block = result }
SemSsaVariable getSemanticSsaVariable(IR::Instruction instr) { result = instr }
IR::Instruction getCppSsaVariableInstruction(SemSsaVariable v) { v = result }
SemBound getSemanticBound(IRBound::Bound bound) { result = bound }
IRBound::Bound getCppBound(SemBound bound) { bound = result }
SemGuard getSemanticGuard(IRGuards::IRGuardCondition guard) { result = guard }
IRGuards::IRGuardCondition getCppGuard(SemGuard guard) { guard = result }

View File

@@ -0,0 +1,65 @@
/**
* Semantic interface to the guards library.
*/
private import Semantic
private import SemanticExprSpecific::SemanticExprConfig as Specific
class SemGuard instanceof Specific::Guard {
SemBasicBlock block;
SemGuard() { Specific::guard(this, block) }
final string toString() { result = super.toString() }
final Specific::Location getLocation() { result = super.getLocation() }
final predicate isEquality(SemExpr e1, SemExpr e2, boolean polarity) {
Specific::equalityGuard(this, e1, e2, polarity)
}
final predicate directlyControls(SemBasicBlock controlled, boolean branch) {
Specific::guardDirectlyControlsBlock(this, controlled, branch)
}
final predicate hasBranchEdge(SemBasicBlock bb1, SemBasicBlock bb2, boolean branch) {
Specific::guardHasBranchEdge(this, bb1, bb2, branch)
}
final SemBasicBlock getBasicBlock() { result = block }
final SemExpr asExpr() { result = Specific::getGuardAsExpr(this) }
}
predicate semImplies_v2(SemGuard g1, boolean b1, SemGuard g2, boolean b2) {
Specific::implies_v2(g1, b1, g2, b2)
}
/**
* Holds if `guard` directly controls the position `controlled` with the
* value `testIsTrue`.
*/
predicate semGuardDirectlyControlsSsaRead(
SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue
) {
guard.directlyControls(controlled.(SemSsaReadPositionBlock).getBlock(), testIsTrue)
or
exists(SemSsaReadPositionPhiInputEdge controlledEdge | controlledEdge = controlled |
guard.directlyControls(controlledEdge.getOrigBlock(), testIsTrue) or
guard.hasBranchEdge(controlledEdge.getOrigBlock(), controlledEdge.getPhiBlock(), testIsTrue)
)
}
/**
* Holds if `guard` controls the position `controlled` with the value `testIsTrue`.
*/
predicate semGuardControlsSsaRead(SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue) {
semGuardDirectlyControlsSsaRead(guard, controlled, testIsTrue)
or
exists(SemGuard guard0, boolean testIsTrue0 |
semImplies_v2(guard0, testIsTrue0, guard, testIsTrue) and
semGuardControlsSsaRead(guard0, controlled, testIsTrue0)
)
}
SemGuard semGetComparisonGuard(SemRelationalExpr e) { result = Specific::comparisonGuard(e) }

Some files were not shown because too many files have changed in this diff Show More