github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
71 686 коммитов 1 533 Ветки 129 Теги 459 MiB
Граф коммитов

2623 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] f107d16b4e Post-release preparation for codeql-cli-2.19.3 2024-11-04 17:20:08 +00:00
github-actions[bot] cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
Tom Hvitved 2b37c6cd32
Merge pull request #17548 from hvitved/shared/inline-test-post-process 
Shared: Post-processing query for inline test expectations
 2024-10-31 11:40:11 +01:00
Tom Hvitved c936468b17
Merge pull request #17739 from hvitved/dataflow/big-step-quadratic 2024-10-31 08:16:16 +01:00
Anders Schack-Mulligen b556590ef8
Merge pull request #17663 from aschackmull/dataflow/speculative-flow 
Dataflow: Add support for speculative taint flow.
 2024-10-31 08:12:43 +01:00
Tom Hvitved 540b433f5a Go: Post-processing query for inline test expectations 2024-10-29 13:35:35 +01:00
Tom Hvitved b111194fbc Shared: Simplify `PrettyPrintModels.ql` 2024-10-29 13:35:28 +01:00
Tom Hvitved 7a2105b1d5 Go: Update expected test output 2024-10-23 10:41:13 +02:00
Cornelius Riemenschneider 1ccadbc3f6 Add comment. 2024-10-22 11:26:02 +02:00
Cornelius Riemenschneider ad1ef65539 Go: Fix makefile to use bash to look up bazel path. 
On Windows, make's path resolution algorithm is incorrect.
It picks up a bazel.exe in PATH that's _after_ a bazel binary.
In particular, on actions, the non-exe binary is a bazelisk
instance, whereas bazel.exe is a bazel (at the current time 7.3.2)
installation.
This means we pick up the wrong bazel version, and
if the differences between the bazel we want and that we actually
get are too big, the build fails.
 2024-10-22 10:51:10 +02:00
Owen Mansel-Chan 23a1ea7191
Merge pull request #17717 from owen-mc/go/update-incorrect-integer-conversion-qhelp 
Go: Update `go/incorrect-integer-conversion` qhelp to explain possible source of FPs
 2024-10-21 21:53:32 +01:00
Owen Mansel-Chan f3abe549f3
Merge pull request #17794 from owen-mc/go/ast-viewer-typeparamdecl 
Go: Fix type param declarations in AST viewer
 2024-10-18 10:14:51 +01:00
Owen Mansel-Chan bacf448388
Add change note 2024-10-17 22:06:49 +01:00
Owen Mansel-Chan 7ed82068ef
Add type param decls to AST viewer hierarchy 2024-10-17 15:39:16 +01:00
Owen Mansel-Chan b8ea8400d1
Add type param decls to PrintAST tests 2024-10-17 15:37:31 +01:00
Owen Mansel-Chan 1318504aa5
Add QLDoc 2024-10-17 12:06:46 +01:00
Owen Mansel-Chan 87992fac88
Revert change to `hasEmbeddedField` 2024-10-17 11:50:17 +01:00
Owen Mansel-Chan 5007666d6e
Add helper predicate `lookThroughPointerType` 2024-10-17 11:26:24 +01:00
Anders Schack-Mulligen c20f12fa6c Add qldoc. 2024-10-16 14:35:23 +02:00
Anders Schack-Mulligen fae71756eb Go: Add tentative support for speculative taint flow. 2024-10-16 14:35:21 +02:00
Anders Schack-Mulligen c80627a3d3 Dataflow: add plumbing for adding provenance to state-steps. 2024-10-16 14:35:18 +02:00
Owen Mansel-Chan 5efb88ed1f
Merge pull request #17737 from owen-mc/go/extractor/objecttypes-consistency-generics-2 
Go: extractor/objecttypes consistency generics (second try)
 2024-10-15 15:50:45 +01:00
github-actions[bot] 079ab77a38 Post-release preparation for codeql-cli-2.19.2 2024-10-15 12:16:59 +00:00
github-actions[bot] 255f55cf1a Release preparation for version 2.19.2 2024-10-15 10:29:25 +00:00
Owen Mansel-Chan 1626af0ae1
Merge pull request #17748 from owen-mc/go/join-order-fix/data-flow-node-gettype 
Go: Fix bad join order in `SummarizedParameterNode.gettype`
 2024-10-15 10:14:38 +01:00
Edward Minnix III ade5686e52
Merge pull request #17335 from egregius313/egregius313/go/dataflow/models/stdin 
Go: Implement `stdin` models
 2024-10-14 10:38:27 -04:00
Owen Mansel-Chan 1456ec2119
Fix bad join order in SummarizedParameterNode.gettype 
Specifically the disjunct for this.getPos() != -1. Running on
uber/aresdb, before we had this:

   2403   ~1%    {3} r6 = JOIN `DataFlowUtil::SummarizedParameterNode.getPos/0#dispred#70a2aab4` WITH `DataFlowPrivate::FlowSummaryNode.getSummarizedCallable/0#dispred#e79ea9be` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
9149774   ~5%    {4}    | JOIN WITH `Types::SignatureType.getParameterType/1#dispred#2c11bb7b_102#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1, Rhs.2
    923   ~9%    {2}    | JOIN WITH `Scopes::Callable.getType/0#dispred#55a0e6a2` ON FIRST 2 OUTPUT Lhs.2, Lhs.3

We add a binding pragma to make it not bind on this.getPos() until
necessary. After we have this:

   2403   ~0%    {3} r6 = JOIN `DataFlowUtil::SummarizedParameterNode.getPos/0#dispred#70a2aab4` WITH `DataFlowPrivate::FlowSummaryNode.getSummarizedCallable/0#dispred#e79ea9be` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
   2373   ~0%    {3}    | JOIN WITH `Scopes::Callable.getType/0#dispred#55a0e6a2` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1
    923   ~9%    {2}    | JOIN WITH `Types::SignatureType.getParameterType/1#dispred#2c11bb7b` ON FIRST 2 OUTPUT Lhs.2, Rhs.2
 2024-10-13 14:27:51 +01:00
Owen Mansel-Chan 9381dda4a9
Use un-specialized field when extracting struct types 2024-10-11 11:30:02 +01:00
Owen Mansel-Chan 6bf6ed6f48
Add check for object for specialized named type 2024-10-11 11:30:00 +01:00
Owen Mansel-Chan a810309160
Add check for specialized objects 2024-10-11 11:29:58 +01:00
Owen Mansel-Chan 45710e23c6
Always use generic method object 2024-10-11 11:29:57 +01:00
Owen Mansel-Chan d013c8940d
Revert "Go: extractor/objecttypes consistency generics" 2024-10-10 21:37:44 +01:00
Owen Mansel-Chan 513efe222d
Add check for object for specialized named type 2024-10-10 13:59:51 +01:00
Owen Mansel-Chan 6f6b4a0bfe
Add check for specialized objects 2024-10-10 13:59:49 +01:00
Owen Mansel-Chan d295cac697
Always use generic method object 2024-10-10 13:59:47 +01:00
Edward Minnix III 0abc0d1a67
Fix: ActiveThreatModelSource 2024-10-09 11:35:07 -04:00
Owen Mansel-Chan 500992c499
Update qhelp to explain possible source of FPs 2024-10-09 15:08:48 +01:00
Chris Smowton 58fd1a2241
Merge pull request #17357 from smowton/smowton/feature/go-indistinguishable-types 
Go: extract and expose struct tags, interface method IDs
 2024-10-09 11:06:02 +01:00
Chris Smowton 837387aeae Re-optimise isSensitive routine 2024-10-08 19:23:31 +01:00
Chris Smowton 629a7a601d Further optimise guardingFunction: remove redundant condition, and order guard -> guardFunction case to work backwards from interesting return sites, allowing us to go backwards not forwards through BasicBlock::dominates 2024-10-08 19:23:30 +01:00
Chris Smowton d401891d30 copyedit 2024-10-08 19:23:29 +01:00
Chris Smowton c79da8b2b5 Avoid pathological case where getExampleMethodName picks a very common method name 2024-10-08 19:23:28 +01:00
Chris Smowton ed9a6bd820 Further join order optimisations 2024-10-08 19:23:27 +01:00
Chris Smowton bf5ba33c2e Improve join orders for top 5 perf regressions in QA 2024-10-08 19:23:26 +01:00
Chris Smowton 365ccf4903 autoformat 2024-10-08 19:23:25 +01:00
Chris Smowton 36a031833f Further optimisation 2024-10-08 19:23:24 +01:00
Chris Smowton ab99509a11 Rework interface for querying private interface method ids 2024-10-08 19:23:22 +01:00
Chris Smowton 0f95a8d724 Clarify doc 2024-10-08 19:23:21 +01:00
Chris Smowton 288e0ec565 component_tags -> struct_tags 2024-10-08 19:23:20 +01:00
Chris Smowton c1a1edf24e Autoformat 2024-10-08 19:23:19 +01:00