Граф коммитов

206 Коммитов

Автор SHA1 Сообщение Дата
yoff dd525a4f9b
Merge pull request #11061 from erik-krogh/shared-redosMod
ReDoS: add a shared regex pack
2022-11-14 10:53:05 +01:00
Michael Nebel d6ae1ef6f2 Java/C#: Move C# internal implementation for model generation. 2022-11-10 13:57:43 +01:00
erik-krogh 09275a56c1
remove files from identical files that soon won't be identical 2022-11-07 14:22:46 +01:00
Paolo Tranquilli 4702271102 Swift: add `cfg.swift` to AST tests 2022-11-03 18:16:53 +01:00
Jean Helie ce1092c33d add test repo 2022-11-01 20:57:58 +01:00
Tom Hvitved 2b75562037 Ruby: Use `DataFlow::Configuration` in `RegExpConfiguration.qll` 2022-10-11 11:39:45 +02:00
Tom Hvitved 6e61ef10b8 Ruby: Add another dataflow copy 2022-10-04 12:58:50 +02:00
Mathias Vorreiter Pedersen 9d50fc6aa3
Merge pull request #10487 from MathiasVP/fix-identical-files-for-cpp
C++: Add shared files in `experimental` to `identical-files.json`.
2022-09-20 15:43:43 +01:00
Mathias Vorreiter Pedersen 351e517786
Update config/identical-files.json
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2022-09-20 13:34:31 +01:00
Mathias Vorreiter Pedersen e661c981e4 C++: Add shared files in experimental to 'identical-files.json'. 2022-09-20 12:53:43 +01:00
Rasmus Lerchedahl Petersen efc5cfb852 Merge branch 'main' of github.com:github/codeql into python-dataflow/flow-summaries-from-scratch 2022-09-12 19:56:16 +02:00
Tom Hvitved b3653cc3d0
Merge pull request #10216 from hvitved/ssa/shared-lib
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
2022-09-08 15:39:29 +02:00
Rasmus Wriedt Larsen a9e1e72196
Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Rasmus Wriedt Larsen 528ef0eeaa
Ruby: Use separate dataflow copy for HTTP client libs
As discussed with @hvitved offline. This helps out to ensrue we don't
needlessly evaluate dataflow for configurations that are not needed
anyway. That is, if other library modeling also used the same dataflow
configuration, which ends up being used in query A, then dataflow for
all the `DataFlowImplForLibraries` configurations would be computeted at
once. When we get to evaluate the query `RequestWithoutValidation.ql`
these results mgith have been forgotten since the predicates are not
cached, and everything will have to be computeted again.

In principle we could be added a dataflow copy for each framework.
However, since we know that the `disablesCertificateValidation`
member-predicates for all the HTTP client libraries will all be used at
the same time, and only for the one query, we only add ONE additional
copy.

Note that the only use of `DataFlowImplForLibraries` before this PR is
using `tainttrackingforlibraries.TaintTrackingImpl` (based on
DataFlowImplForLibraries) for regex computation.
c904ba1d16/ruby/ql/lib/codeql/ruby/Regexp.qll (L153)
Since this is currently transitively imported from Frameworks.qll
(through Core.qll, and core/String.qll), the previous approach didn't
actually violate the assumption about all configurations always being in
scope, but it might have been more by accident, than by purpose.
2022-09-06 10:43:36 +02:00
Tom Hvitved 8e5d6ba4f9 SSA: Create a new `shared` library pack and move implementation there 2022-09-01 09:36:49 +02:00
Tom Hvitved 2681b88035 C#: Update Pre SSA library to use parameterized module 2022-08-31 11:45:15 +02:00
Tom Hvitved 8725bf0620 C#: Update Base SSA library to use parameterized module 2022-08-31 11:45:15 +02:00
Tom Hvitved f553001217 C#: Update CIL SSA library to use parameterized module 2022-08-31 11:45:14 +02:00
Paolo Tranquilli 47b905bfaf Swift: add PrintAst 2022-08-30 18:04:55 +02:00
yoff d9444d8b08 Python: update synced file `FlowSummaryImpl.qll` 2022-08-25 09:31:45 +00:00
yoff 0b5d4c59dd Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch
synced files have changed
2022-08-25 09:24:05 +00:00
Harry Maclean f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Harry Maclean b7d9bf4066 Share IncompleteMultiCharacterSanitization JS/Ruby
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
2022-08-17 16:03:46 +12:00
Erik Krogh Kristensen f106e064fa
Merge pull request #9422 from erik-krogh/refacReDoS
Refactorizations of the ReDoS libraries
2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen 0adb588fe8
Merge pull request #9712 from erik-krogh/badRange
JS/RB/PY/Java: add suspicious range query
2022-08-15 13:55:44 +02:00
yoff 75ac24a847
Merge branch 'main' into python-dataflow/flow-summaries-from-scratch 2022-08-10 10:57:59 +02:00
Erik Krogh Kristensen 49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Mathias Vorreiter Pedersen b20b0a091d Update identical-files. 2022-08-05 11:49:36 +01:00
Erik Krogh Kristensen ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
yoff f52d792b36 Merge branch 'main' of https://github.com/github/codeql into python-dataflow/flow-summaries-from-scratch 2022-07-01 12:01:07 +00:00
Andrew Eisenberg a3f4d1bf66 Move contextual queries from src to lib
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen 13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen dbeae9aefb make a parameterized module out of the RegexpMatching implementation 2022-06-23 14:36:25 +02:00
yoff 140dc1a61e merge in main 2022-06-23 09:05:32 +00:00
Mathias Vorreiter Pedersen 693575a7e5 Update sync-identical-files. 2022-06-15 13:00:57 +01:00
Rasmus Wriedt Larsen 86caf747f3 Go: Sync InlineExpectationsTest 2022-06-02 14:54:51 +02:00
Paolo Tranquilli 946e1f498a Swift: generate `getParent` implementation
By explicitly marking children in the `schema.yml` file, an internal
`getAChild` predicate is implemented, that is in turn used in `AstNode`
to implement `getParent`.

This is yet to be used in the control flow library to replace the
hand-rolled implementation.

A further, more complex step is to use the same information to fully
generate the core implementation of `PrintAst` (including the
accessor string). This will be done later.

The `parent` tests use the same swift code as the extractor tests, and
this is currently enforced by `sync-files.py`. Notice that `qltest.sh`
had to be modified to deal with multiple files, which was not working
yet.
2022-06-01 14:32:58 +02:00
Rasmus Wriedt Larsen 7a6646dcaf
Merge pull request #8883 from erik-krogh/pyMaD
Python: add MaD implementation
2022-05-30 13:31:07 +02:00
Robert Marsh 8cc509e5e9
Merge pull request #9275 from MathiasVP/swift-add-dataflow-lib
Swift: Add shared dataflow library
2022-05-24 15:11:42 -04:00
Tom Hvitved 728ccafe2b
Merge pull request #9024 from hvitved/dataflow/content-flow-lib
Data flow: Introduce `ContentDataFlow.qll`
2022-05-24 15:09:16 +02:00
Mathias Vorreiter Pedersen 9b67912da2 Updated sync-identical-files. 2022-05-23 18:04:32 +01:00
Mathias Vorreiter Pedersen 6540e1e8bf Swift: Share 'ControlFlowGraphImplShared.qll' for Swift with Ruby and C#. 2022-05-23 13:12:45 +01:00
Tom Hvitved bd9b6567c7 Data flow: Introduce `ContentDataFlow.qll` 2022-05-19 13:28:56 +02:00
Erik Krogh Kristensen 5d1c41c269 Merge branch 'main' into pyMaD 2022-05-17 12:23:03 +02:00
yoff 2822ed9594 Merge remote-tracking branch 'upstream/main' into python-dataflow/flow-summaries-from-scratch 2022-05-16 08:10:15 +00:00
Nick Rolfe 1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe 4321b5e1fa QL for QL: generalise non-US spelling query
1. Catch common misspelling as well.
2. Also check names of classes, predicates, etc.
2022-05-12 13:17:32 +01:00
Rasmus Lerchedahl Petersen 80175a9af5 Python: Compiles and mostly pass tests
- add flowsummaries shared files
- register in indentical files
- fix initial non-monotonic recursions
  - add DataFlowSourceCall
  - add resolvedCall
  - add SourceParameterNode

failing tests:
- 3/library-tests/with/test.ql
2022-05-10 12:48:42 +00:00
Joe Farebrother f9f7a01f57 Add Java ReDoS libraries to identical-files.json 2022-05-04 15:41:33 +01:00