Java: Track taint through java.io.File constructor and #toURI; URI#toURL #4457
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aibaars
reviewed
Oct 11, 2020
aibaars
approved these changes
Oct 12, 2020
|
Ooooh. Awesome. I'm going to need this for my temp directory taint tracking query. Appreciated! @daniel-beck cool to see that it looks like the CodeQL tech is being adopted by the Jenkins security team! |
thepalbi
added a commit
to garbervetsky/ql
that referenced
this pull request
Oct 16, 2020
commit 1d9b0ce05914baa8c9d213265122f934bf3ab983 Merge: 2b19a4803 4100ab291 Author: CodeQL CI <[email protected]> Date: Fri Oct 16 05:05:29 2020 -0700 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths Approved by asgerf commit 2b19a480307728438d4a7270ebfe49c98a266550 Merge: a92a701c3 27fc610c0 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 16 13:54:35 2020 +0200 Merge pull request #3880 from hvitved/dataflow/precise-aps Data flow: Precise access paths commit 27fc610c0d99dc76e186efc5b9042f7875392021 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 11:26:59 2020 +0200 Python: Update expected test output commit 5f01fda1ef78e5f8b65fd4be94247e61879d34b6 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 10:29:00 2020 +0200 Data flow: Sync files commit 82e56d4ebb26f255055814c92538c59029a07f46 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 10:27:38 2020 +0200 Data flow: Simplify `pathStep` and `pathIntoCallable` commit 94f110f739cae6ef1adf451b1f2c1d4618797837 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:50:14 2020 +0200 Sync. commit b4ecfaeda3b1bb1b45f159e3a558d92aa573c445 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:19:04 2020 +0200 Dataflow: Remove inconsistent AccessPath.getType(). commit d88c551f640dfe6e1b9a82257b8ec5ebe224ff20 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:09:56 2020 +0200 Dataflow: qldoc fix commit 98f10b29b85d007c1943d0f9d16dbfac6ffde927 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Sep 11 10:54:24 2020 +0200 Dataflow: Simplify SCC: remove some apa params. commit 4e2f7860403f270e7633433cd53df367cb75310c Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 10 16:30:24 2020 +0200 Dataflow: Precalculate AccessPath to avoid massive recursion. commit ca534ccb03b3a635bb14266d482a796f84f68d25 Author: Mathias Vorreiter Pedersen <[email protected]> Date: Fri Aug 21 11:24:47 2020 +0200 C++: Update inline expectation comments commit 570b624eb705f9e9c2dd442e5545b2ae69c91f14 Author: Tom Hvitved <[email protected]> Date: Thu Jul 2 15:47:43 2020 +0200 C++: Update expected test output commit d48a6a55552e7f758fa6305ab07ca7f888bcf414 Author: Tom Hvitved <[email protected]> Date: Thu Jul 2 15:47:33 2020 +0200 C#: Update expected test output commit d608138c0c4f43c1c584d7337dd7408bf23abb38 Author: Tom Hvitved <[email protected]> Date: Fri Aug 21 10:28:19 2020 +0200 Data flow: Sync files commit a35a178080d5807f39524039f6bcfd76a5ef00d3 Author: Tom Hvitved <[email protected]> Date: Wed Jul 29 13:17:27 2020 +0200 Data flow: Precise access paths commit 0dc066c5157588dc213da73d4b4f431e8da6f412 Author: Tom Hvitved <[email protected]> Date: Wed Jul 29 13:17:09 2020 +0200 Data flow: Rename `AccessPath` to `AccessPathApprox` commit a92a701c353ef04072c79311371f47e2c1420ce5 Merge: da9e33a72 a10c0138e Author: Aditya Sharad <[email protected]> Date: Thu Oct 15 10:19:25 2020 -0700 Merge pull request #4479 from github/lgtm.com Merge lgtm.com back into main commit da9e33a72ce96db08ea748801bfe9514b87e7f33 Merge: 5142bfaf0 f32a7be87 Author: Mathias Vorreiter Pedersen <[email protected]> Date: Thu Oct 15 17:38:16 2020 +0200 Merge pull request #4477 from dbartol/dbartol/PrintIRLocalFlow C++: Add ability to dump local dataflow info in IR dumps commit 5142bfaf017cfef5c7ca5075af0854014dfa003d Merge: 58baec5b0 89f535232 Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 17:26:31 2020 +0200 Merge pull request #4453 from yoff/python-port-unsafe-deserialization Python: port unsafe deserialization commit 58baec5b067b995f3709d9e4a052f142ff59c291 Merge: 388f60f81 9c8e968cb Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 17:10:59 2020 +0200 Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing Python: Shared dataflow, argument passing commit 388f60f818112b679f82d006d3e28efa081f2581 Merge: b05cc2eaf b2a2412f1 Author: Joe Farebrother <[email protected]> Date: Thu Oct 15 16:05:38 2020 +0100 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor Java: Refactor part of TaintTrackingUtil.qll commit 89f5352324ceb2e4adfdd00e8e1f305d5c9041ac Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 16:41:41 2020 +0200 Python: fix QL format commit f32a7be8747c5466b7ff945687f1e4a7ac99ea79 Author: Dave Bartolomeo <[email protected]> Date: Thu Oct 15 10:16:13 2020 -0400 Fix formatting commit ef32488596d0394d2e9078f823b0827fefbc459b Merge: cc7d32c27 b05cc2eaf Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 15:45:35 2020 +0200 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization commit b05cc2eafd099d56655765803cc664430c739884 Merge: ab7d28b3f fb05f0248 Author: James Fletcher <[email protected]> Date: Thu Oct 15 14:39:52 2020 +0100 Merge pull request #4475 from github/banner-template [CodeQL docs] Update footer in Sphinx template commit fb05f0248982d1c32280975b7999e48f6e878840 Author: James Fletcher <[email protected]> Date: Thu Oct 15 14:24:28 2020 +0100 Apply suggestions from code review Co-authored-by: Shati Patel <[email protected]> commit ab7d28b3fb04027f77cbc07cb9a32d5f0e9a15be Merge: 1b8d14077 43cee8567 Author: CodeQL CI <[email protected]> Date: Thu Oct 15 06:15:55 2020 -0700 Merge pull request #4482 from RasmusWL/promote-script Approved by tausbn commit 1b8d14077a79c35ec56fa4176dfdccce860c5bfa Merge: e62c9b138 7848c5f54 Author: Geoffrey White <[email protected]> Date: Thu Oct 15 13:00:33 2020 +0100 Merge pull request #4481 from rvermeulen/patch-1 C++: Fix qldoc for getIncludeText commit 43cee8567c402a4ac1ad9916b579cb0110154163 Author: Rasmus Wriedt Larsen <[email protected]> Date: Mon Sep 28 11:59:26 2020 +0200 Python: Add script to promote experimental security queries commit cc7d32c27c3765734f50633ad491357339739ebe Merge: 172e05843 c36ad7dd9 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 13:01:38 2020 +0200 Merge branch 'python-port-unsafe-deserialization' of github.com:yoff/codeql into python-port-unsafe-deserialization commit 172e0584387f686285086d14edc967a995e27808 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 12:56:29 2020 +0200 Python: `unsafe` -> `mayExecuteInput` commit 00566f0eee88f7d6682b463672f0cc4150d43b1a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 12:40:16 2020 +0200 Python: Extend DataFlow::CfgNode when appropriate commit c36ad7dd9b345da1431227c6bf04cd22178d452c Author: yoff <[email protected]> Date: Thu Oct 15 12:35:21 2020 +0200 Apply suggestions from code review Co-authored-by: Taus <[email protected]> commit e62c9b1382340d82cc6dfd0277640073b18d30e1 Merge: 36f6e97ca 5a91736b7 Author: Tamás Vajk <[email protected]> Date: Thu Oct 15 12:16:53 2020 +0200 Merge pull request #4472 from tamasvajk/feature/cleanup-3 C#: Change public fields to properties commit 36f6e97cad146f9c2be23bfcdffe5f27fdd28a78 Merge: c8b93148a 872801732 Author: Tom Hvitved <[email protected]> Date: Thu Oct 15 11:56:32 2020 +0200 Merge pull request #4371 from hvitved/csharp/library-flow-refactor C#: Reimplement flow-summary compilation commit 7848c5f54dcea11d1ec31cdbb9c3f8ddf1de6e8f Author: Remco Vermeulen <[email protected]> Date: Thu Oct 15 11:49:18 2020 +0200 Fix qldoc for getIncludeText The '<' was HTML encoded for some reason. commit 9c8e968cba7998af6955c3ea3ba3bfd685948a37 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 11:47:34 2020 +0200 Python: Fix bad merge commit c8b93148a2418f2d632b7978d722555d01db8d2e Merge: 60ce02ac1 ce967e124 Author: Taus <[email protected]> Date: Thu Oct 15 10:52:43 2020 +0200 Merge pull request #4424 from RasmusWL/python-model-python2-specific-command-execution Python: model Python 2 specific command execution commit 60ce02ac188dc387eaf636e22281b8966208594e Merge: c5810d623 fc71ca747 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Oct 15 10:46:35 2020 +0200 Merge pull request #4469 from JLLeitschuh/additional-file-taint Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile commit 872801732869f2618712f4cf19856287c9cd2ad0 Author: Tom Hvitved <[email protected]> Date: Thu Oct 15 10:40:19 2020 +0200 C#: Increase `fieldFlowBranchLimit` in test 68014fd3bf662453f1cd9a44a8b05008e79474e2 means that more accessors are properly extracted, and consequently the calls to `get_Item` in the test have more dispatch targets. Increasing `fieldFlowBranchLimit` makes the test pass again. commit c5810d623b9a3b3d2b261b882bab74fa37865d62 Merge: 466c22f4a f8190feef Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 10:29:33 2020 +0200 Merge pull request #4474 from tausbn/python-fix-tostring-divergence Python: Fix divergence in tuple/subscripted type `toString` commit a10c0138e90e96be3b1309794c7f1ba8250f4365 Merge: 535c8cc87 78c58c241 Author: Arthur Baars <[email protected]> Date: Thu Oct 15 10:00:43 2020 +0200 Merge commit '78c58c24158e3ee4fd78318194d56591af90da69' into lgtm.com commit ce967e124932557f18609c991b09e6676ed99d28 Merge: 680a6eb2a 466c22f4a Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 09:58:20 2020 +0200 Merge branch 'main' into python-model-python2-specific-command-execution commit 0766eef49b10b2fb7b501af2ec5479bb95d87976 Merge: d2b90662a 466c22f4a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 09:49:21 2020 +0200 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing commit dfb687fd47ba8f0145633f790c396c7a7e97026e Author: Dave Bartolomeo <[email protected]> Date: Wed Oct 14 18:02:45 2020 -0400 C++: Add ability to dump local dataflow info in IR dumps This change adds a new module, `PrintIRLocalFlow.qll`, which can be imported into any query that uses both `PrintIR.qll` and the IR dataflow library. The IR dump printed by `PrintIR.qll` will be annotated with information about how each operand and instruction participates in dataflow. For each operand and instruction, the following propeties are displayed: - `flow`: Which local operands/instructions have flow to this node, and which local operands/instruction this node has flow to. - `source`: `true` if this node is a source - `sink`: `true` if this node is a sink - `barrier`: Lists which kinds of barrier this node is. Can be zero or more of `full`, `in`, `out`, and `guard`. If the node is a guard barrier, the IR of the guarding instruction is also printed. We already had a way to print additional properties for instructions and blocks, but not for operands. I added support for operand properties to `IRPropertyProvider`. These are now printed in a curly-brace-enclosed list immediately after the corresponding operand. When printing flow, instructions are identified by their result ID (e.g., `m128`). Operands are identified by both the result ID of their instruction and their kind (e.g., `r145.left`). For flow from an operand to its use instruction, it just prints `result` at the operand, and prints only the operand kind on the instruction. Example output: ``` # 344| m344_34(vector<int, allocator<int>>) = Chi : total:m344_20{flow:def->@, @->result}, partial:m344_33{flow:def->@, @->result} # 344| flow = total->@, partial->@, +m344_33->@, @->+r347_3, @->v347_7.side_effect, @->m347_9.total, @->m344_20.1 ``` The `+` annotations indicate when the flow came from `isAdditionalFlowStep()`, rather than built-in local flow. commit 98d8ec488e43632865b8045f9ee534522310da55 Author: james <[email protected]> Date: Wed Oct 14 15:41:24 2020 +0100 add banner to sphinx template commit d2b90662a3c2bdc9cac1a477e9e2c546168a038b Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 17:31:13 2020 +0200 Python: implement ToString on mappings commit 466c22f4a8d805dc464f76360fbe927002d4996c Merge: 5f6f85c99 5db4f906d Author: Taus <[email protected]> Date: Wed Oct 14 16:41:42 2020 +0200 Merge pull request #4435 from RasmusWL/python-port-code-injection Python: port code injection query commit 6a3aed337f858ab3441bea55ddf72761ef3cbb3c Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 16:35:43 2020 +0200 Python `self` -> `range` commit 352418cb5d20923c9b2b9378c88d41e9ba4ce920 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 16:33:55 2020 +0200 Python: track safe loaders commit f8190feef27dc591d8a6b0806e4c86be0643fa57 Author: Taus Brock-Nannestad <[email protected]> Date: Wed Oct 14 15:21:22 2020 +0200 Python: Fix divergence in tuple/subscripted type `toString` A slightly more complicated version of the situation in https://github.com/github/codeql/pull/2507 could cause the `toString` calculation to diverge. Although the previous PR took tuples nested inside tuples into account (and subscripted types cannot be nested inside each other in our modelling), it did not account for having this nesting be interleaved, and this is what caused the divergence. I have not done the usual "test case first to show the problem exists", since this would also diverge and take forever to fail. The instance observed in `scipy` was likely caused by something akin to ```python x = () while True: x = x[(x,)] ``` Finally, to prevent this from happening with other types, I went through and checked each instance where the string representation of an `ObjectInternal` might potentially contain a reference to itself (and thus explode). I encapsulated this in a `bounded_toString` helper predicate, and used this in all the cases where I was able to determine that the above _could_ happen. commit 5f6f85c9982f4736d978be13765020f30e6882cf Merge: 92ccb795f fdb489fc9 Author: yoff <[email protected]> Date: Wed Oct 14 15:37:39 2020 +0200 Merge pull request #4465 from tausbn/python-remove-essa-flow Python: Remove flow between ESSA variables commit b8cba381cf1ec148ae3b6b920b96a935afa7e51b Merge: 3a281a1bd 92ccb795f Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 15:01:30 2020 +0200 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization commit 5a91736b7aa19baf2c35ea3ae47ccbf108c764f5 Author: Tamas Vajk <[email protected]> Date: Wed Oct 14 14:08:48 2020 +0200 C#: Change public fields to properties commit 3a281a1bd6682815cb6344048f836426f908dd02 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 14:40:11 2020 +0200 Python: Adjust comments and tests commit 5db4f906d015b44cff56b4b2ae4b6092b16b0d9f Merge: 1fde477a8 92ccb795f Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 14:22:02 2020 +0200 Merge branch 'main' into python-port-code-injection commit 91806da2fa696e08993a04e17dfdce9a34875b8e Author: Tom Hvitved <[email protected]> Date: Wed Oct 14 09:38:45 2020 +0200 C#: Address review comments commit 5d1a5920c719e7569ae25ba6fc07eb26d1a5ec38 Author: Tom Hvitved <[email protected]> Date: Fri Sep 25 10:40:09 2020 +0200 C#: Reimplement flow-summary compilation commit 444e607338965f218690dc99577bed68579453f4 Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 11:57:13 2020 +0200 C#: Add missing flow through library code using `params` arguments commit f2dc2d912a93744acfbacb180aa28dca7e81f60b Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 14:00:34 2020 +0200 C#: Add inter-procedural data-flow test for `StringBuilder` commit ffe79f688d67349d1884708d7d9d7200785f9d18 Author: yoff <[email protected]> Date: Wed Oct 14 14:08:16 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 92ccb795fde5decdc60f370c1a4c3350f90f9745 Merge: 61ecec7d1 74bd04548 Author: Taus <[email protected]> Date: Wed Oct 14 13:29:51 2020 +0200 Merge pull request #4415 from RasmusWL/python-flask-routed-parameter Python: Add support for routed parameters in flask commit 1fde477a8fc445e3b310b101c70d9949530d65e6 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:22:35 2020 +0200 Python: Refactor argument matching commit 680a6eb2a61e5006fafd9bf37ae78f7173c1ce4a Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:21:04 2020 +0200 Python: Refactor argument matching (more) commit 61ecec7d1791b8d4e36a75deae3666826aab2aa0 Merge: 27f474f0e f3c07e384 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:08:57 2020 +0200 Merge pull request #4467 from tausbn/python-fix-import-type-tracking Python: Fix unwanted module type tracking commit 27f474f0e999aa582699e0b23deefd11bf564310 Merge: 8127d9b93 4d9d2155f Author: yoff <[email protected]> Date: Wed Oct 14 12:13:35 2020 +0200 Merge pull request #4429 from RasmusWL/python-model-invoke Python: model invoke library commit dc7e7890f09e6f9ea977d41db8e522ebafdc48e4 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 12:03:05 2020 +0200 Python: Clearer naming and comments (I hope) commit f3c07e3849a05d74add9e333f3ebaec646f11ff4 Author: Taus Brock-Nannestad <[email protected]> Date: Wed Oct 14 11:58:14 2020 +0200 Python: Fix up import helper tests commit 4100ab2919cd42874019e20ac4a41701e912c509 Author: Max Schaefer <[email protected]> Date: Wed Oct 14 10:03:27 2020 +0100 JavaScript: Add another test to show that flow through functions still works. commit 1c04c07f07045ec3cfbdcdf729032b385eaa3820 Author: Max Schaefer <[email protected]> Date: Mon Oct 12 14:52:23 2020 +0100 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. commit 8127d9b93e2bab133758577f67bd4326a3de7655 Merge: b49aa677d ce9624e61 Author: Tamás Vajk <[email protected]> Date: Wed Oct 14 11:02:40 2020 +0200 Merge pull request #4404 from tamasvajk/feature/cleanup-2 C# extractor code cleanup commit b0cfa1d92df1d460c4f17e9302323fadf89cf71d Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:53:18 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit bfa5d18476cd55ecbe85a48cf7f5c4967496fc3e Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:49:38 2020 +0200 Python: Use new importNode commit 7d600e4e8e0eb1ead82f263ed4236de62d155d4d Merge: 0b0763953 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:48:38 2020 +0200 Merge branch 'main' into python-port-code-injection commit 4d9d2155fc36eed3e53a71b0d6ec0a79bf0af863 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:44:58 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit b0e79890e688a6f4d69e764052d4ebc3e03f95a4 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:43:22 2020 +0200 Python: Use new importNode commit 4597ba64d07bdf3204519700ef1f542f5ae9f746 Merge: 662235bad 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:41:37 2020 +0200 Merge branch 'main' into python-model-invoke commit eff47457bfbaf68c11501c88a61e14f9371626c4 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:35:37 2020 +0200 Python: Refactor argument matching commit 2ea71f574cfa71e8e2b1cbda49364d0d3d0e2604 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:33:03 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit 2e30f58aa2f16e9447e22ffe4e061a189ad1c224 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:27:56 2020 +0200 Python: Use new importNode commit ecf70c5f303d6c123de118df82c1cd3c2b105aff Merge: dcd103ea7 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:36:43 2020 +0200 Merge branch 'main' into python-model-python2-specific-command-execution commit 74bd045488572fca673e3694f55fa0f747ca6cd9 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:24:46 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit ba158f33171daa3fdac231b0376e02ef5e9d1344 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:17:35 2020 +0200 Python: Use new importNode commit 49d2e68d1202fcebd0c9c1850a08db80354b11d4 Merge: ce85ac3ce 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:16:00 2020 +0200 Merge branch 'main' into python-flask-routed-parameter commit b0ebb5b6d1b1323c7f4aa6f9916fb4489b29dbec Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 09:51:24 2020 +0200 Python: Adjust tag format commit 93383747bd4ef2ea741fd3be04316fc88168040a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 09:28:58 2020 +0200 Python: Use more common name for concept commit a76d276b489c5076cf907dbf33a7a1f27926b8a0 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 08:44:04 2020 +0200 Python: Adjust `getARelevantTag` commit 3b9ea3a958542f3485d9e2335f498c693f714724 Author: yoff <[email protected]> Date: Wed Oct 14 08:24:26 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit fc71ca747d1082cff7371ed279eee5cb9b13b770 Author: Jonathan Leitschuh <[email protected]> Date: Tue Oct 13 21:15:09 2020 -0400 Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile commit 7d86b53b710822be514f0821b3f32d9373b7ff59 Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 22:47:57 2020 +0200 Python: Fix unwanted module type tracking commit 76e5b59dab05aae5e80e30c24c40f8ab1a99e1bf Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 22:47:03 2020 +0200 Python: Add test case for unwanted module type tracking commit b49aa677d0f84512013fd8683d19121cc7b58bf9 Merge: 83937baca 58727cb8a Author: Robert Marsh <[email protected]> Date: Tue Oct 13 15:17:54 2020 -0400 Merge pull request #4459 from geoffw0/setex C++: Additional taint flows through std::set commit 1f2390455c5edc7386e34c0a103d4687e8f997dd Author: yoff <[email protected]> Date: Tue Oct 13 19:15:33 2020 +0200 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus <[email protected]> commit 5d66c485d50e56dbb5e36f3695f7b460769ab6c7 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 19:12:52 2020 +0200 Python: IPA type for arguemnt mappings Not sure how arg2 in line 118 is achieved commit 83937bacae35fdf41f3e0ec761bdeb5f497c6c1a Merge: b895641a8 2c5996f69 Author: Taus <[email protected]> Date: Tue Oct 13 18:08:07 2020 +0200 Merge pull request #4448 from RasmusWL/python-simplify-import-modeling Python: simplify import modeling commit 2c5996f6944a6ecc7f06d1caeea070365c41cbbd Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 17:21:21 2020 +0200 Python: Refactor subprocess_attr type-tracker Co-authored-by: Taus <[email protected]> commit fdb489fc934f161b22f82fe89985fe01bc71ac2d Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 16:35:41 2020 +0200 Python: Remove flow between ESSA variables This required a minor change in the type tracker implementation, but apart from that no other changes appear to be needed. Seems to clean up the test output quite a bit. commit 05b744701e1ccd12cf06514b28278c5358d0a9e2 Author: yoff <[email protected]> Date: Tue Oct 13 15:31:50 2020 +0200 Apply suggestions from code review Co-authored-by: Taus <[email protected]> commit b895641a8398deb9675b33d8001745bba9bae221 Merge: 83d6d6041 182912623 Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 15:08:28 2020 +0200 Merge pull request #4464 from tausbn/python-remove-dataflowcfgnode Python: Get rid of `DataFlowCfgNode` commit 76c9b8c49fcd17e38598e01684527f5b6a98e5b7 Author: Rasmus Wriedt Larsen <[email protected]> Date: Fri Oct 9 14:37:23 2020 +0200 Python: Expose importNode instead of importModule/importMember Since predicate name `import` is not allowed, I adopted `importNode` as it sort of matches what `exprNode` does. --- Due to only using `importMember` in `os_attr` we previously didn't handle `import os.path as alias` :| I did creat a hotfix for this (https://github.com/github/codeql/pull/4446), but in doing so I realized the core of the problem: We're exposing ourselves to making these kinds of mistakes by having BOTH importModule and importMember, and we don't really gain anything from doing this! We do loose the ability to easily only modeling `from mod import val` and not `import mod.val`, but I don't think that will ever be relevant. This change will also make us to recognize some invalid code, for example in import os.system as runtime_error we would now model that `runtime_error` is a reference to the `os.system` function (although the actual import would result in a runtime error). Overall these are tradeoffs I'm willing to make, as it does makes things simpler from a QL modeling point of view, and THAT sounds nice :+1: commit ce9624e61d8aff64168ecd29e894f09905ccffb8 Author: Tamas Vajk <[email protected]> Date: Tue Oct 13 14:50:46 2020 +0200 C#: Remove unneeded vscode settings from settings.json commit 4bfd55f1af6338689bbac86bb3b933bae75f8397 Author: Rasmus Wriedt Larsen <[email protected]> Date: Fri Oct 9 14:00:25 2020 +0200 Python: Show problem with os.path modeling This is not a very good test for showing that we don't handle direct imports, but it was the best I had available without inventing something new. It's very fragile, since any of these would propagate taint (due to handling all `join` calls as if the qualifier was a string): ospath_alias.join(ts) ospath_alias.join(ts, "foo", "bar") But this test DOES serve the purpose of illustrating that my fix works :D commit ce793c357f8bb9f374148cb43b0004cbffa6eff0 Author: Tamas Vajk <[email protected]> Date: Tue Oct 13 14:16:28 2020 +0200 C#: Adjust parameters of DefinitionField ctor commit ea53ea0994ba808221a7e250ac31a138de86fa70 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:04:48 2020 +0200 C#: Prefer keywords over type names commit 8afac251209cf0940d5338993bbc26394a5098ce Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:02:16 2020 +0200 C#: Add params modifier on override commit 63e173198d5ae4605c135911d7bbaad2b5ff142d Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:01:49 2020 +0200 C#: Make static member on generic class private commit 6cf20d569da284a055db538af9c859814a51934b Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:59:32 2020 +0200 C#: Remove overrides that do nothing commit 9b349eb84458a17bfc5247b9746659186fbecd17 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:43:49 2020 +0200 C#: Use Contains instead of IndexOf commit 5b33f43b78edf9498501e5a010747919db06c25b Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:35:52 2020 +0200 C#: Use nameof commit f84669904bd3617ff6cc90fbd7f31b1760a87e55 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 11:05:46 2020 +0200 C#: Fix typo commit 7075c6f8cae59663aca958646d05122c9fdf04d8 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 11:01:33 2020 +0200 C#: Fix public property naming commit a4fec39c110bca9d8982c21a9e019259733af66d Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:52:45 2020 +0200 C#: Move fields to locals where possible commit b07aceff6b30240111db93c6da5d3c3bd5e0d684 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:46:56 2020 +0200 C#: Fix exception throwing commit 6dfe90e479bca519f14c5d49086255265decd16e Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:33:02 2020 +0200 C#: Change array-returning properties commit 7721c7bba7af1e8efb27c286a9abf666ca8009d2 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:23:19 2020 +0200 C#: Remove redundant conditions commit cbdd13127e960d3652caf45d6606aa8f5f4e6ee0 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:21:06 2020 +0200 C#: Convert publicly visible fields to properties commit d5382f2cfdaa1c75a1ffaf7ebd11484504c0e668 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 17:04:37 2020 +0200 C#: Fix modifier orders commit fbc128fcc794a7ecab60dbc9dcf9ffe78fcadce6 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 17:02:49 2020 +0200 C#: Fix type parameter names commit 2e350caf9f4df1eab37f8e87adabc653f06ba8e1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 15:45:48 2020 +0200 C#: Fix private field and local variable naming commit ecb29a267b5a2d58ea6d0bebb4f2b03d77b51f8e Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:33:10 2020 +0200 C#: Add editor config naming rules commit baf6f59bfc7d0cd93d46f03c65d84f4a950f5356 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:27:27 2020 +0200 C#: Add braces to multiline block statements commit 28694513a13c233e02f7731ba58f2d59db75ec61 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:23:04 2020 +0200 C#: Use pattern matching commit 155453d9cb38d1a62f766aa74f8d09b127548501 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:07:01 2020 +0200 C#: Format single line if statements commit aec4481cfb0880b997f77ed2dad038563fbf722b Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:45:38 2020 +0200 C#: Use var everywhere commit 7d544e34afac03d4ef9d819d8dcf26a031b27d05 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:41:22 2020 +0200 C#: Add declaration visibility modifiers commit 466e0cf08543ba2756c71b6a29aed8af1dc9a81d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:40:49 2020 +0200 C#: Remove naming styles from editor config, add IDE diagnostic severities commit ec6ed90c497679864a69a7f86c9df9cbb91a7fe1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:09:25 2020 +0200 C#: Add final new line to files commit 2e215640327973e8f99485640873fdacaab9e8e9 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:06:03 2020 +0200 C#: Fix formatting with 'dotnet format' commit 7f86768a4930de584a6e267586ecd3feb477b000 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 12:46:45 2020 +0200 C#: Reformat LINQ extension method call-chains commit 115a216ea9a61ac0e900ae604f0e9cd938e954b3 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 12:25:54 2020 +0200 C#: Format nested ternary operators commit c38bf5ee5b1f49046b35ddb206df3ec5cc48acd1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:56:50 2020 +0200 C#: Reduce nesting and fix some formatting commit e73ced2275fa8e1f3690f1941ea02906ef685eb1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:49:35 2020 +0200 C#: Add sealed modifier to classes to fix dispose-pattern, remove explicit IDisposable implementations commit 397be7e98ffbd33dc1e15d76693448df3586bdfe Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:42:10 2020 +0200 C#: Change constructor visibility to protected in abstract classes commit 71faa512709e812523c73e2c95cc97c6c06d1b5b Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:36:42 2020 +0200 C#: Dispose IDisposables commit e208f3d21d67e867cc3b4096a564920c0517118d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:29:28 2020 +0200 C#: Simplify null checks with pattern matching, ??, and ?: commit 504f56adeb46219065e77fb81c0afe712da8a45d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:17:12 2020 +0200 C#: Simplify object initialization commit b793af571ee0102bb316a264bfe00bb6b874b74a Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:14:46 2020 +0200 C#: Remove unnecessary usings commit ec63acfb0cbf02167ccb1cf9553ca573f593efbd Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:04:25 2020 +0200 C#: Inline out variable declarations commit f2e6b42aa45c4a2f2ce96d8da78b3ddb21de9471 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:52:13 2020 +0200 C#: Add type parameter in/out commit 33672a4058415bed35c6cdffa88b6abe0506e5fe Author: Tamas Vajk <[email protected]> Date: Tue Oct 6 13:59:19 2020 +0200 C#: Simplify using statements commit 412b87c5c71bdf08c0b1350d51c90372a602fed0 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:37:38 2020 +0200 C#: Fix loop that iterates only once commit 79eff0682863ed98c5f8c418361976f812f2d4d7 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:29:09 2020 +0200 C#: Remove unused out argument commit 921d3eeaec9000cc81902235c349e41b07f0c390 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:24:18 2020 +0200 C#: Mark members static (remove unused members) commit 68a45e7e9dda451335e36f0996c1ce24d8545af4 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:10:50 2020 +0200 C: Remove unused fields commit 0c9aaa3dce5b0d9e3f8b63578664a8a61b701506 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:00:27 2020 +0200 C#: Remove unused parameters commit 93c6d5ea584a6a8870b9087a0b3b728101958246 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 09:52:40 2020 +0200 C#: Fix empty array creation commit 2d3985742fe084d009bb4f337671f302fd097a76 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 09:48:58 2020 +0200 C#: Fix length/emptiness checks commit b7e8b48e9e6e43760da6c1218bb7da98f9fe5239 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 13:06:47 2020 +0200 Python: Move concept tests out These tests should be fleshed out at some point, but currently they test all that we model. commit 1829126230a615ca5ba5950590e2c28be474d6fb Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 13:04:59 2020 +0200 Python: Get rid of `DataFlowCfgNode` Should make modelling data flow nodes that are also specific subclasses of `ControlFlowNode` a bit smoother. commit 83d6d6041ac9930070d3421e0529573c3e1c4c00 Merge: d3f8fb5e5 96db3459d Author: Erik Krogh Kristensen <[email protected]> Date: Tue Oct 13 12:50:00 2020 +0200 Merge pull request #4462 from erik-krogh/strayTodo JS: remove stray todo commit b2a2412f1d9395e92685d415cc570a239372c34e Author: Joe Farebrother <[email protected]> Date: Tue Oct 13 11:30:02 2020 +0100 Java: Clean up the constructor flow steps commit 4685f2d5f2f61d2606c34544fddf2ab751497e52 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 12:03:23 2020 +0200 Python: Address many review comments still need to move concept tests commit 662235bad804c8df85b66f9538e1bd592a2f7092 Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 11:56:21 2020 +0200 Python: Use classRef instead of class_ Discussed offline with Taus commit d3f8fb5e53b5ed64ca76c41efb664ca63eeec046 Merge: e2b0c6062 3288cf1a7 Author: CodeQL CI <[email protected]> Date: Tue Oct 13 02:56:21 2020 -0700 Merge pull request #4423 from tausbn/python-add-attribute-access-interface Approved by RasmusWL commit 96db3459d0257571252d2e5468f7b00ef5454fed Author: Erik Krogh Kristensen <[email protected]> Date: Tue Oct 13 11:48:06 2020 +0200 remove stray todo commit dcd103ea7329a5adaf29d106117397be3f118f9b Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:31:35 2020 +0200 Python: Fix grammar Co-authored-by: Taus <[email protected]> commit ce85ac3ce12fe446ae0ae780d625da6fcbfc2fdb Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:15:03 2020 +0200 Python: Remove solved TODO commit 2e430325be5e9d20fac6a98a1be581455ca3bf2b Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:05:35 2020 +0200 Python: Refactor argument matching to use set literals Co-authored-by: Taus <[email protected]> commit e2b0c60627201f7938d2b5050e634863f361431a Merge: 3b7cf7fd2 9ac70e304 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 11:41:21 2020 -0700 Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements Approved by erik-krogh commit 3b7cf7fd27f1f6caacaa3702947c154969802444 Merge: fc4a3426a c63f7cb40 Author: Robert Marsh <[email protected]> Date: Mon Oct 12 14:17:17 2020 -0400 Merge pull request #4439 from geoffw0/mapex C++: Additional taint flows through std::map commit 9ac70e3044908ba728cd5f1f3123894baf49c2c7 Author: Max Schaefer <[email protected]> Date: Mon Oct 12 16:29:11 2020 +0100 JavaScript: Clarify the relationship between `MkCanonicalName{Def,Use}` with an upper-case `M` and `mkCanonicalName{Def,Use}` with a lower-case `m`. commit aa8bacb72402e061a925ecb919b29c56f0af06d8 Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 15:36:14 2020 +0100 Java: Update test output commit 3416911ac6942fd3a59c531ce1ec5e38bbdd185c Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 15:23:01 2020 +0100 Java: Refector out StringBuilder and Number taint preserving callables commit eafde05a55be693e376fe4831043809ae61791fa Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 14:43:21 2020 +0100 Java: Expand flow step refactoring to Callables Also add some missing flow steps for StringBuilder commit 7e2c49fadd80e50aa4b5d9bf84e5ce6a99739639 Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 14:05:50 2020 +0100 Java: Fix a couple of flow step issues Co-authored-by: Anders Schack-Mulligen <[email protected]> commit 4a8b7f64e860acc84301fdef0c937b07a47e17e6 Author: Joe Farebrother <[email protected]> Date: Fri Oct 9 12:20:09 2020 +0100 Java: Rename returnsTaint to returnsTaintFrom commit ca9038350cff194e0536f5c97889c748fc48c16d Author: Joe Farebrother <[email protected]> Date: Fri Oct 9 11:30:30 2020 +0100 Java: Add `this.` and fix mistake commit 5d487b97da8a7336bed12029a3d790eb03c41ef9 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 17:02:49 2020 +0100 Java: Merge `TaintPreservingMethod` with `TaintTransferringMethod` commit a510f5886528864cc27b1cb052a80132ad0c4df7 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 16:34:04 2020 +0100 Java: Implement code review changes commit 91ce02aad46fba33ba74bc83266984299c51f665 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 11:32:28 2020 +0100 Java: Fix bug involving varadic parameters commit 79209af9c0b2fc1299a9c5e5f83cf71274ce14ed Author: Joe Farebrother <[email protected]> Date: Wed Oct 7 12:58:11 2020 +0100 Java: Refactor out flow steps for more frameworks. commit 92fd8c4128f50667ab8a78de371513b10af9e7be Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 17:37:01 2020 +0100 Java: Move new definitions to new file commit 60a7666105309176686bfbe0742b14036e18ce25 Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 16:50:44 2020 +0100 Java: Refactor Android SQLite flow steps commit ca60f2cc18097f16abdb3dad6332cc1ca870555c Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 13:49:02 2020 +0100 Java: Fix failing tests commit ff6c5c219c84c1a765f48cdbea25c8f0fd94be4b Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 11:11:24 2020 +0100 Java: Start TaintTrackingUtils refactor commit 551d86c6eae8c2ff5e89509a4e449ab058970d98 Author: Joe Farebrother <[email protected]> Date: Mon Oct 5 11:33:12 2020 +0100 Java: Define classes for taint propagation methods commit fc4a3426acee036a5a7ba97b49d2a361324ba78e Merge: 24da4cc34 0c70be145 Author: Arthur Baars <[email protected]> Date: Mon Oct 12 16:42:11 2020 +0200 Merge pull request #4457 from daniel-beck/file-taint Java: Track taint through java.io.File constructor and #toURI; URI#toURL commit 3288cf1a75a1d19817821a02ce9732e580ac68af Author: Taus Brock-Nannestad <[email protected]> Date: Mon Oct 12 16:38:21 2020 +0200 Python: Hopefully final changes to documentation. commit cd33d358aa43a108eac202971a09af4817a6674d Author: Max Schaefer <[email protected]> Date: Mon Oct 12 14:50:47 2020 +0100 JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path. commit 24da4cc34446a7ec1802d1f6ca7c310a1b0ec16e Merge: 8eb84b259 0459248b9 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 15:38:13 2020 +0200 Merge pull request #4421 from jbj/SimpleRangeAnalysis-guard-overflow C++: Demonstrate overflowing guard bounds commit 433a36225b7451e72783c3d88a80a26282757036 Author: yoff <[email protected]> Date: Mon Oct 12 15:26:53 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 0459248b9fb11de4f9c22c7e089a59350af069c0 Merge: 30b9d13a4 6d1634ef8 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 14:29:09 2020 +0200 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-guard-overflow commit 8eb84b25996343939fb9dd191ffb0e87dab699e8 Merge: 6d1634ef8 98ab38a63 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 05:26:53 2020 -0700 Merge pull request #4391 from max-schaefer/js/api-graph-reexport Approved by asgerf commit 6d1634ef8f6a08f54ad6a74995045b1d73b37cc7 Merge: 35985a918 a0cbeb609 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 05:23:29 2020 -0700 Merge pull request #4329 from erik-krogh/DVSA Approved by esbena commit b07c7abacc34b71d4426cd12cb55853d565277da Author: Taus Brock-Nannestad <[email protected]> Date: Mon Oct 12 13:49:08 2020 +0200 Python: Clear up attribute name access QLDoc commit 35985a9189f395cf5595a486f5af930f02bf0a61 Merge: 6440db786 9d1f64d35 Author: Tom Hvitved <[email protected]> Date: Mon Oct 12 13:01:39 2020 +0200 Merge pull request #4452 from hvitved/csharp/ssa/overlapping-captured-defs C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables commit 6440db786dee4af0f295d525c302b9ffceb3c9c0 Merge: 725194a3b 9b12ceae8 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 11:20:09 2020 +0100 Merge pull request #4420 from jbj/SimpleRangeAnalysis-widen-Expr C++: SimpleRangeAnalysis: widen recursive *, +, - commit 58727cb8ad20ec39d77ec751624135f9f9e2b520 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:52:50 2020 +0100 C++: Update change note. commit 4363f08b45df19caf464fa33f4e906cf893bb185 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:47:08 2020 +0100 C++: Model std::set::emplace and emplace_hint. commit 30b9d13a4524c345443df33c32f162b7fd1a43f1 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 11:25:38 2020 +0200 C++: Correct annotation in test commit 5d87117dc792bd16cbf6001f513c273d4a021289 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:10:40 2020 +0100 C++: Model std::set::lower_bound, upper_bound, equal_range. commit 9b12ceae8d69165c1746372af19f4a370240b6c0 Author: Jonas Jensen <[email protected]> Date: Tue Oct 6 13:28:07 2020 +0200 C++: SimpleRangeAnalysis: widen recursive *, +, - The number of candidate bounds during the main `SimpleRangeAnalysis` recursion was in principle always exponential in the size of the program, but in practice it did not get out of hand when only `+` and `-` operations were supported. Now that `*` is also supported, the range analysis started timing out on the SinaMostafanejad/OpenRDM project. The problematic expressions in that project are of the form a*x*x*x + b*x*x + c*x + d where most of the variables involved are recursive definitions and are therefore likely to have a large number of candidate bounds. The fix here is to identify those few binary operations that are most likely to cause an explosion in the number of bounds and apply widening to them. Previously, widening was only applied at definitions. commit bbeea452e1ca5f352553264d86d9ec1a5ca0661f Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 11:06:54 2020 +0200 C++: Add test with widening of binary Expr commit fc19bba0bdbde5f3e693a604a1f722f5f0747759 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:01:57 2020 +0100 C++: Model std::set::merge and correct test annotations. commit 9d1f64d35d27321a4c50976ebd712f04f7d243e4 Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 15:47:05 2020 +0200 C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables commit 725194a3b8c8d09786c2758604b5c31deb021ded Merge: c8cacb9fe 091e3a293 Author: Anders Schack-Mulligen <[email protected]> Date: Mon Oct 12 08:56:19 2020 +0200 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency Dataflow: Introduce consistency check for flow targeting PostUpdateNodes commit 0c70be145f366446fc593b1617268b4bd9728693 Author: Daniel Beck <[email protected]> Date: Sat Oct 10 20:29:01 2020 +0200 Track taint through java.io.File constructor and #toURI; URI#toURL commit c63f7cb409ecc76d157a69093074f082155ddcb1 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 16:33:54 2020 +0100 C++: Taint through emplace from qualifier to return value. commit 270517d3797d1e2e8b58ed8cb3030e93d905447e Author: Geoffrey White <[email protected]> Date: Fri Oct 9 16:05:56 2020 +0100 C++: Revise model of emplace and emplace_hint. Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys. commit 49c121d370007c76eddabbfd07c266b6627e56b0 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 15:56:06 2020 +0100 C++: More test cases covering other std::pair constructors. commit 091e3a2931d43bdcf35f8763f9301193d58ad5c7 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 9 16:25:14 2020 +0200 Dataflow: Adjust test output. commit 4bd56fdbe44bc4d0ae09ee47200c3b1ee94322e8 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Fri Oct 9 16:13:47 2020 +0200 Python: Implement framework sinks commit 0d8bd01e10549c5ee2f4db76d8d74775c02d4b19 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Fri Oct 9 16:11:37 2020 +0200 Python: Port query and add test commit 723699a58422bd61b6fb0bb12733b76acdda01b0 Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 15:38:37 2020 +0200 C#: Add SSA test for overlapping captured variable definitions commit c8cacb9fee0a66c589f0f24406d1f5210842959d Merge: 4c9ffcec2 42ee13630 Author: James Fletcher <[email protected]> Date: Fri Oct 9 14:47:39 2020 +0100 Merge pull request #4451 from github/jf205-patch-2 Fix typo in CodeQL docs template commit 61a78e28acf01617ecd325dd98dd13a792d3fe90 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 14:46:17 2020 +0100 C++: Fix map::merge. commit 42ee136306e3c462768cc6bdef9e31339ceca2d1 Author: James Fletcher <[email protected]> Date: Fri Oct 9 14:33:45 2020 +0100 Update layout.html commit a0cbeb6093536da08f6e18781f44965dcb5ed1b9 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:54:34 2020 +0200 add change note commit 2fb19f0b117b422d1047af50a0cc969175dd25b9 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:50:16 2020 +0200 refactor into a single regular expression with two capture groups commit f6f8bbd1d8657395de8eb65ab0f3704b294ccb01 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:46:31 2020 +0200 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll Co-authored-by: Esben Sparre Andreasen <[email protected]> commit 1c043447e8be5802c3c0b9910e8ce4786125bc49 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 9 14:29:52 2020 +0200 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. commit 4c9ffcec2714424f72569123441b91ac90adc1bf Merge: 2436c5625 493b80c44 Author: Jonas Jensen <[email protected]> Date: Fri Oct 9 13:30:05 2020 +0200 Merge pull request #4396 from geoffw0/stringsets C++: Use [, ...] syntax more widely. commit 2436c5625888e94f30734bdbab7d34ca08dc2c8d Merge: b0d01cfe8 6d78c7b46 Author: James Fletcher <[email protected]> Date: Fri Oct 9 11:40:47 2020 +0100 Merge pull request #4444 from github/codeql-style-updates [CodeQL docs] First pass at style updates for docs microsite commit b0d01cfe8d317fb15839488dc9369079f7e2fa96 Merge: 412524103 3af3d87ec Author: Alexander Eyers-Taylor <[email protected]> Date: Fri Oct 9 10:45:11 2020 +0100 Merge pull request #4370 from jbj/range-analysis-mega-change-note C++: Change note for several range-analysis PRs commit 6d78c7b46e97b023169548f7d212bb06868baa2f Author: james <[email protected]> Date: Fri Oct 9 10:04:39 2020 +0100 fix path to primer.css in template commit 1f1be3bf9a76893179e42e419985ae54f8db2457 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 10:04:22 2020 +0100 C++: Block try_emplace arg 0. commit de429067855224fd9dc18ca99a393362873139a7 Author: james <[email protected]> Date: Fri Oct 9 10:00:41 2020 +0100 hide header text on small screens and fix body width commit 2fe986eb7940022a885e286f996b2c13714f2963 Author: james <[email protected]> Date: Thu Oct 8 14:22:49 2020 +0100 add local primer.css commit 8786fe1ab82c7a74155361f509f615c2166ba17a Author: Geoffrey White <[email protected]> Date: Fri Oct 9 09:55:50 2020 +0100 C++: Add test missing test case involving tainted key. commit 412524103c4f96570b181db5dca015d34d38b09c Merge: 3894ecf77 ca4e5014a Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 10:54:56 2020 +0200 Merge pull request #4437 from hvitved/csharp/cfg/compiler-generated-array-lengths C#: Include compiler-generated array lengths in the CFG commit 3894ecf7792ec8c52fb02711c6232ff4a3ecc6d3 Merge: f42cbcbea 4bf6f6ac7 Author: CodeQL CI <[email protected]> Date: Fri Oct 9 00:37:38 2020 -0700 Merge pull request #4441 from max-schaefer/js/add-negative-api-graphs-test Approved by erik-krogh commit 3b328baaef479e6d34fa2cfbde4cfbf58c6e2906 Author: Erik Krogh Kristensen <[email protected]> Date: Thu Oct 8 21:54:23 2020 +0200 changes based on review commit 65b90c411c88502f694c326c4d314b1ac8173977 Author: Erik Krogh Kristensen <[email protected]> Date: Thu Oct 8 21:28:50 2020 +0200 Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll Co-authored-by: Esben Sparre Andreasen <[email protected]> commit 4bf6f6ac7ca3a899af3bc2a20d4ac9dd5dbd01a0 Author: Max Schaefer <[email protected]> Date: Thu Oct 8 19:53:23 2020 +0100 JavaScript: Add a negative test for API graphs. The test ensures that flow summarization won't label property `f` of the first parameter of `assertNotNull` as a sink, which would be very imprecise. commit 493b80c44d81c4c764a199794dabfab0c59880c3 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 17:46:50 2020 +0100 C++: Fix incorrect translations to hasQualifiedName. commit f42cbcbeae99d8fe309b80205af27331f0d82c7d Merge: b409cf6ce f3f908383 Author: Tamás Vajk <[email protected]> Date: Thu Oct 8 18:23:12 2020 +0200 Merge pull request #4428 from tamasvajk/feature/force-nuget-single-restore C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder commit 60eec7b1363c0182d54c567b4495a48646b993ca Author: Taus <[email protected]> Date: Thu Oct 8 18:14:20 2020 +0200 Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit d46453caaa6dd28ab0ed5a183fa077e4e17f4c61 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 18:08:55 2020 +0200 Python: Support named imports as attribute reads Required a small change in `DataFlow::importModule` to get the desired behaviour (cf. the type trackers defined in `moduleattr.ql`, but this should be harmless. The node that is added doesn't have any flow anywhere. commit c555cfa22af4d03c8479f54509044001720eab9e Author: Geoffrey White <[email protected]> Date: Thu Oct 8 16:55:45 2020 +0100 C++: Replace isParameterDeref(_). commit f3f908383b4fc900d355ee78411f19f707e12dd2 Author: Tamas Vajk <[email protected]> Date: Thu Oct 8 17:07:40 2020 +0200 C#: Adjust autobuilder tests for added nuget.exe flag commit 522f41377ffad825525636d78f577c950bb53c06 Author: Tamas Vajk <[email protected]> Date: Wed Oct 7 12:20:14 2020 +0200 C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder commit e01e4b5bdedee58785c6b02858f542f9e5e8c16c Author: Geoffrey White <[email protected]> Date: Thu Oct 8 14:29:08 2020 +0100 C++: Fix QLDoc comments. commit 5c1a510e4a2b7463b3f73556bb1bd24f32995ae7 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 12:17:13 2020 +0100 C++: Model map::lower_bound, upper_bound and equal_range. commit ef9a7c8cdb05cc3138abe61f9f3a9be667e02b28 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 11:55:46 2020 +0100 C++: Model map::merge. commit b7ab89c892282c7a670cfcb6ea514a06af4554b9 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 11:48:16 2020 +0100 C++: Model map::emplace, emplace_hint and map::try_emplace. commit b409cf6cea7d0e6645e39a97c4ee3e012d315c0c Merge: f179e7ebf 662736eb2 Author: Jonas Jensen <[email protected]> Date: Thu Oct 8 15:18:15 2020 +0200 Merge pull request #4389 from gsingh93/bitwise-and Improve range analysis for bitwise and commit 6394b1b478bca1a51bba47c1cdf96629131fdf60 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 13:46:00 2020 +0100 C++: Additional test cases for emplace. commit df447c0af9ec7d62b428ebdfb5d21efcad2c1203 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 15:01:24 2020 +0200 Python: Remove flow from `getAttributeName` commit ceb249680ec909086ef8e841489315583134cb20 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 15:00:14 2020 +0200 Python: Reuse existing `node` fields Also changes `x = TCfgNode(y)` to `x.asCfgNode() = y` where applicable. commit 31596ef56988d1f97fcc13bf551bc84bde5e0af7 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 14:55:27 2020 +0200 Python: Clean up and extend built-in call node classes commit e9ecc00b370ba137ae550f86ea7483401367e6e5 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 14:53:54 2020 +0200 Python: Implement and use `mayHaveAttributeName` commit 61d5372d077d92959ee6f2f03678baa4556e1a29 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 13:43:49 2020 +0100 C++: Test spacing. commit 4c4dd0c9590e3aefb5533cc3f3afd2e0f7987c67 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 12:06:28 2020 +0100 C++: Fix a bug in the tests. commit f179e7ebf491484b3b7e4bc81f96dfd3668efe5c Merge: ce8567c64 396f35339 Author: CodeQL CI <[email protected]> Date: Thu Oct 8 03:09:38 2020 -0700 Merge pull request #4291 from asgerf/js/lean-dependency-installation-plainjava Approved by erik-krogh commit 0b0763953ea093facbf3d4b88ca9c06c79bd9a62 Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 8 11:15:36 2020 +0200 Python: Update description of CodeInjection Co-authored-by: intrigus-lgtm <[email protected]> commit 7d086b23ffe6f1806368a95783cd5e25a21c308c Author: yoff <[email protected]> Date: Thu Oct 8 10:53:52 2020 +0200 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit ca4e5014ae16b2a50ea2cc358771eb29d31cce64 Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 10:12:17 2020 +0200 C#: Include compiler-generated array lengths in the CFG commit 19796a4c9c93cafb8e8be9d427fd9b3c1e588b3d Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 8 10:35:01 2020 +0200 Python: Improve tests and make `validTest` happy commit ce8567c64a5ebc856352a8891c0ffbe169c1c8db Merge: b70f5bc95 af36718dc Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 10:32:13 2020 +0200 Merge pull request #4293 from hvitved/csharp/cfg/assertions C#: Model assertions in the CFG commit cc0661bce17c28a3ce3ce43f9eda20ae77bcb3db Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 8 10:11:00 2020 +0200 Python: More/better comments commit b70f5bc95435ce9735d010e0bcd1b30ac8eb5147 Merge: cb00f8bcc 31816af11 Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 09:13:43 2020 +0200 Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr C#: Add missing data-flow for switch expressions commit cb00f8bcc4dd0b1c50c2222657847f6af6aaef86 Merge: 06f1c898d 94dc11c45 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Oct 8 09:10:04 2020 +0200 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup Sign analysis cleanup commit 662736eb2d8d522eb384221d29a34268c147cc99 Author: Gulshan Singh <[email protected]> Date: Wed Oct 7 12:45:08 2020 -0700 Fix compiler error after removing getLOp/getROp commit 06f1c898dcd6d1945559d710dceb21c9b30e4041 Merge: a9bb7b526 4df6a4161 Author: Tamás Vajk <[email protected]> Date: Wed Oct 7 21:21:20 2020 +0200 Merge pull request #4349 from tamasvajk/feature/modulus-analysis ModulusAnalysis shared between C# and Java commit 46ec7fbf6e3428b62284aec7b440917a9b860c59 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 21:09:26 2020 +0200 Python: Make builtin `compile` function additional taint step commit c69a61bac544c64c12ef3d57d128a31b4de2f9c7 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 20:37:43 2020 +0200 Python: Model exec and eval calls as CodeExecution commit 73971cff76977151cff08aa7db3d021622af05fe Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 19:11:32 2020 +0200 Python: Model exec statement (Python 2 only) as CodeExecution commit 453c391bb0d779702eb5c3019c1e6f7d422273db Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 18:58:16 2020 +0200 Python: Add CodeExecution tests for stdlib commit a9bb7b526ccf2df5c4717e172bb92cec4e8c4d50 Merge: cec6bbea5 68014fd3b Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 18:49:30 2020 +0200 Merge pull request #4413 from hvitved/csharp/indexer-explicit-interface C#: Fix extraction of library indexers with explicit interface implementations commit 0af86cba508e86f65c75238d3261ddd8a528a741 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 18:47:23 2020 +0200 Python: Port CodeInjection query and the dummy test-case we already have commit 5f6e4d47ca570be71c7f74e843e1c1f37c8904fd Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 18:22:45 2020 +0200 Python: Add CodeExecution concept commit 9fc6ae82d3229399a4500ade5380e3fc8aab1f33 Author: james <[email protected]> Date: Wed Oct 7 16:15:25 2020 +0100 update template for sphinx codeql docs commit b04962b5b929367618aa9d815558ba718b3e5d7a Author: james <[email protected]> Date: Wed Oct 7 16:14:58 2020 +0100 small changes to conf.py commit 439f0a030edce761d6eabbc40d5f0413d7b11565 Author: james <[email protected]> Date: Wed Oct 7 16:14:35 2020 +0100 tidy up custom css commit 31816af11efdbc58c8266cea7e35fc8f8aaa8383 Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 17:02:01 2020 +0200 C#: Add missing data-flow for switch expressions commit 9c503c159159ae40288a1e2b69442a8132dfc908 Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 16:58:55 2020 +0200 C#: Add more data/control-flow tests commit 4df6a4161666c080c3e2bbfb704a4d950d08c7e1 Author: Tamas Vajk <[email protected]> Date: Tue Oct 6 09:36:42 2020 +0200 ModulusAnalysis shared between C# and Java commit cec6bbea57ddbf66eda5037fa146edef53b0601a Merge: 88575799e 36ddbcdd7 Author: Tamás Vajk <[email protected]> Date: Wed Oct 7 16:03:27 2020 +0200 Merge pull request #4418 from tamasvajk/feature/reenable-test C#: Reenable disabled test on OSX commit 8196cfd21af2002fe051bf2f78181490ce44e26d Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 7 15:56:35 2020 +0200 Python: Attempt at clearer naming of parameters commit 35b0b6b4720fe4aa5872709a3b8db709f6ab41ad Author: yoff <[email protected]> Date: Wed Oct 7 15:48:44 2020 +0200 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 27a75c0bd1169f73232012e243b170759637aa93 Merge: 7e6f0b0bc 88575799e Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 7 15:43:31 2020 +0200 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing commit 239ea809755233284493bd6df6f5cd3ed08cdff1 Author: james <[email protected]> Date: Wed Oct 7 14:37:35 2020 +0100 add new css styles commit af36718dc63edabe37d48ee445ee46dd2f454aff Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 15:15:18 2020 +0200 C#: QL doc adjustments commit 7e6f0b0bc32a89ec88609534bf724105ece66362 Author: yoff <[email protected]> Date: Wed Oct 7 15:11:15 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 68014fd3bf662453f1cd9a44a8b05008e79474e2 Author: Tom Hvitved <[email protected]> Date: Tue Oct 6 10:35:09 2020 +0200 C#: Fix extraction of library indexers with explicit interface implementations commit bec33b745e1415f927b8f3e111b0a721ce1c5790 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 14:54:51 2020 +0200 Python: Use `range` instead of `self` for ::Range pattern Following the suggestions from https://github.com/github/codeql/pull/4357 commit a4ce9417bc0b86c9fb072b249e717016d55d0f37 Author: Tom Hvitved <[email protected]> Date: Tue Oct 6 10:34:57 2020 +0200 C#: Add test for missing accessors commit 88575799e95f3d04ccb6a794ed181f90c3c05545 Merge: 6ddda1fa1 e15758ba7 Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 13:26:49 2020 +0200 Merge pull request #4417 from hvitved/csharp/named-tuple-tests C#: Add test for named tuple types commit c09695af7d3c307f68f52debbcf5d986d81f21a1 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 7 12:29:19 2020 +0200 Python: Properly handle invoke.task decorator commit 67c5c590d2c7c98e68489b64c11751438c6b651a Author: Rasmus Wriedt Larsen <[email protected]> Date: Fri Oct 2 18:52:14 2020 +0200 Python: Expose getParameter on P…
garbervetsky
added a commit
to garbervetsky/ql
that referenced
this pull request
Oct 18, 2020
commit 45380ce25e235945819b6da1bb61aff25b6a927b Author: Diego Garbervetsky <[email protected]> Date: Sun Oct 18 14:29:13 2020 +0000 adjustments to run Path queries commit 671614da4b5123e95332bbe98b9a1aa6df68cb6f Merge: 6eafd8bb6 a6c3f6969 Author: garbervetsky <[email protected]> Date: Fri Oct 16 14:50:08 2020 -0300 Merge pull request #5 from garbervetsky/merge_github_main Merge github/codeql:main into dev-msr commit a6c3f69699a826738bcb8ee2ff0de13540a322d7 Author: Pablo Balbi <[email protected]> Date: Fri Oct 16 15:03:02 2020 +0000 Squashed commit of the following: commit 1d9b0ce05914baa8c9d213265122f934bf3ab983 Merge: 2b19a4803 4100ab291 Author: CodeQL CI <[email protected]> Date: Fri Oct 16 05:05:29 2020 -0700 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths Approved by asgerf commit 2b19a480307728438d4a7270ebfe49c98a266550 Merge: a92a701c3 27fc610c0 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 16 13:54:35 2020 +0200 Merge pull request #3880 from hvitved/dataflow/precise-aps Data flow: Precise access paths commit 27fc610c0d99dc76e186efc5b9042f7875392021 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 11:26:59 2020 +0200 Python: Update expected test output commit 5f01fda1ef78e5f8b65fd4be94247e61879d34b6 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 10:29:00 2020 +0200 Data flow: Sync files commit 82e56d4ebb26f255055814c92538c59029a07f46 Author: Tom Hvitved <[email protected]> Date: Mon Sep 21 10:27:38 2020 +0200 Data flow: Simplify `pathStep` and `pathIntoCallable` commit 94f110f739cae6ef1adf451b1f2c1d4618797837 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:50:14 2020 +0200 Sync. commit b4ecfaeda3b1bb1b45f159e3a558d92aa573c445 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:19:04 2020 +0200 Dataflow: Remove inconsistent AccessPath.getType(). commit d88c551f640dfe6e1b9a82257b8ec5ebe224ff20 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 17 10:09:56 2020 +0200 Dataflow: qldoc fix commit 98f10b29b85d007c1943d0f9d16dbfac6ffde927 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Sep 11 10:54:24 2020 +0200 Dataflow: Simplify SCC: remove some apa params. commit 4e2f7860403f270e7633433cd53df367cb75310c Author: Anders Schack-Mulligen <[email protected]> Date: Thu Sep 10 16:30:24 2020 +0200 Dataflow: Precalculate AccessPath to avoid massive recursion. commit ca534ccb03b3a635bb14266d482a796f84f68d25 Author: Mathias Vorreiter Pedersen <[email protected]> Date: Fri Aug 21 11:24:47 2020 +0200 C++: Update inline expectation comments commit 570b624eb705f9e9c2dd442e5545b2ae69c91f14 Author: Tom Hvitved <[email protected]> Date: Thu Jul 2 15:47:43 2020 +0200 C++: Update expected test output commit d48a6a55552e7f758fa6305ab07ca7f888bcf414 Author: Tom Hvitved <[email protected]> Date: Thu Jul 2 15:47:33 2020 +0200 C#: Update expected test output commit d608138c0c4f43c1c584d7337dd7408bf23abb38 Author: Tom Hvitved <[email protected]> Date: Fri Aug 21 10:28:19 2020 +0200 Data flow: Sync files commit a35a178080d5807f39524039f6bcfd76a5ef00d3 Author: Tom Hvitved <[email protected]> Date: Wed Jul 29 13:17:27 2020 +0200 Data flow: Precise access paths commit 0dc066c5157588dc213da73d4b4f431e8da6f412 Author: Tom Hvitved <[email protected]> Date: Wed Jul 29 13:17:09 2020 +0200 Data flow: Rename `AccessPath` to `AccessPathApprox` commit a92a701c353ef04072c79311371f47e2c1420ce5 Merge: da9e33a72 a10c0138e Author: Aditya Sharad <[email protected]> Date: Thu Oct 15 10:19:25 2020 -0700 Merge pull request #4479 from github/lgtm.com Merge lgtm.com back into main commit da9e33a72ce96db08ea748801bfe9514b87e7f33 Merge: 5142bfaf0 f32a7be87 Author: Mathias Vorreiter Pedersen <[email protected]> Date: Thu Oct 15 17:38:16 2020 +0200 Merge pull request #4477 from dbartol/dbartol/PrintIRLocalFlow C++: Add ability to dump local dataflow info in IR dumps commit 5142bfaf017cfef5c7ca5075af0854014dfa003d Merge: 58baec5b0 89f535232 Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 17:26:31 2020 +0200 Merge pull request #4453 from yoff/python-port-unsafe-deserialization Python: port unsafe deserialization commit 58baec5b067b995f3709d9e4a052f142ff59c291 Merge: 388f60f81 9c8e968cb Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 17:10:59 2020 +0200 Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing Python: Shared dataflow, argument passing commit 388f60f818112b679f82d006d3e28efa081f2581 Merge: b05cc2eaf b2a2412f1 Author: Joe Farebrother <[email protected]> Date: Thu Oct 15 16:05:38 2020 +0100 Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor Java: Refactor part of TaintTrackingUtil.qll commit 89f5352324ceb2e4adfdd00e8e1f305d5c9041ac Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 16:41:41 2020 +0200 Python: fix QL format commit f32a7be8747c5466b7ff945687f1e4a7ac99ea79 Author: Dave Bartolomeo <[email protected]> Date: Thu Oct 15 10:16:13 2020 -0400 Fix formatting commit ef32488596d0394d2e9078f823b0827fefbc459b Merge: cc7d32c27 b05cc2eaf Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 15:45:35 2020 +0200 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization commit b05cc2eafd099d56655765803cc664430c739884 Merge: ab7d28b3f fb05f0248 Author: James Fletcher <[email protected]> Date: Thu Oct 15 14:39:52 2020 +0100 Merge pull request #4475 from github/banner-template [CodeQL docs] Update footer in Sphinx template commit fb05f0248982d1c32280975b7999e48f6e878840 Author: James Fletcher <[email protected]> Date: Thu Oct 15 14:24:28 2020 +0100 Apply suggestions from code review Co-authored-by: Shati Patel <[email protected]> commit ab7d28b3fb04027f77cbc07cb9a32d5f0e9a15be Merge: 1b8d14077 43cee8567 Author: CodeQL CI <[email protected]> Date: Thu Oct 15 06:15:55 2020 -0700 Merge pull request #4482 from RasmusWL/promote-script Approved by tausbn commit 1b8d14077a79c35ec56fa4176dfdccce860c5bfa Merge: e62c9b138 7848c5f54 Author: Geoffrey White <[email protected]> Date: Thu Oct 15 13:00:33 2020 +0100 Merge pull request #4481 from rvermeulen/patch-1 C++: Fix qldoc for getIncludeText commit 43cee8567c402a4ac1ad9916b579cb0110154163 Author: Rasmus Wriedt Larsen <[email protected]> Date: Mon Sep 28 11:59:26 2020 +0200 Python: Add script to promote experimental security queries commit cc7d32c27c3765734f50633ad491357339739ebe Merge: 172e05843 c36ad7dd9 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 13:01:38 2020 +0200 Merge branch 'python-port-unsafe-deserialization' of github.com:yoff/codeql into python-port-unsafe-deserialization commit 172e0584387f686285086d14edc967a995e27808 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 12:56:29 2020 +0200 Python: `unsafe` -> `mayExecuteInput` commit 00566f0eee88f7d6682b463672f0cc4150d43b1a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 12:40:16 2020 +0200 Python: Extend DataFlow::CfgNode when appropriate commit c36ad7dd9b345da1431227c6bf04cd22178d452c Author: yoff <[email protected]> Date: Thu Oct 15 12:35:21 2020 +0200 Apply suggestions from code review Co-authored-by: Taus <[email protected]> commit e62c9b1382340d82cc6dfd0277640073b18d30e1 Merge: 36f6e97ca 5a91736b7 Author: Tamás Vajk <[email protected]> Date: Thu Oct 15 12:16:53 2020 +0200 Merge pull request #4472 from tamasvajk/feature/cleanup-3 C#: Change public fields to properties commit 36f6e97cad146f9c2be23bfcdffe5f27fdd28a78 Merge: c8b93148a 872801732 Author: Tom Hvitved <[email protected]> Date: Thu Oct 15 11:56:32 2020 +0200 Merge pull request #4371 from hvitved/csharp/library-flow-refactor C#: Reimplement flow-summary compilation commit 7848c5f54dcea11d1ec31cdbb9c3f8ddf1de6e8f Author: Remco Vermeulen <[email protected]> Date: Thu Oct 15 11:49:18 2020 +0200 Fix qldoc for getIncludeText The '<' was HTML encoded for some reason. commit 9c8e968cba7998af6955c3ea3ba3bfd685948a37 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 11:47:34 2020 +0200 Python: Fix bad merge commit c8b93148a2418f2d632b7978d722555d01db8d2e Merge: 60ce02ac1 ce967e124 Author: Taus <[email protected]> Date: Thu Oct 15 10:52:43 2020 +0200 Merge pull request #4424 from RasmusWL/python-model-python2-specific-command-execution Python: model Python 2 specific command execution commit 60ce02ac188dc387eaf636e22281b8966208594e Merge: c5810d623 fc71ca747 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Oct 15 10:46:35 2020 +0200 Merge pull request #4469 from JLLeitschuh/additional-file-taint Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile commit 872801732869f2618712f4cf19856287c9cd2ad0 Author: Tom Hvitved <[email protected]> Date: Thu Oct 15 10:40:19 2020 +0200 C#: Increase `fieldFlowBranchLimit` in test 68014fd3bf662453f1cd9a44a8b05008e79474e2 means that more accessors are properly extracted, and consequently the calls to `get_Item` in the test have more dispatch targets. Increasing `fieldFlowBranchLimit` makes the test pass again. commit c5810d623b9a3b3d2b261b882bab74fa37865d62 Merge: 466c22f4a f8190feef Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 10:29:33 2020 +0200 Merge pull request #4474 from tausbn/python-fix-tostring-divergence Python: Fix divergence in tuple/subscripted type `toString` commit a10c0138e90e96be3b1309794c7f1ba8250f4365 Merge: 535c8cc87 78c58c241 Author: Arthur Baars <[email protected]> Date: Thu Oct 15 10:00:43 2020 +0200 Merge commit '78c58c24158e3ee4fd78318194d56591af90da69' into lgtm.com commit ce967e124932557f18609c991b09e6676ed99d28 Merge: 680a6eb2a 466c22f4a Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 15 09:58:20 2020 +0200 Merge branch 'main' into python-model-python2-specific-command-execution commit 0766eef49b10b2fb7b501af2ec5479bb95d87976 Merge: d2b90662a 466c22f4a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 15 09:49:21 2020 +0200 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing commit dfb687fd47ba8f0145633f790c396c7a7e97026e Author: Dave Bartolomeo <[email protected]> Date: Wed Oct 14 18:02:45 2020 -0400 C++: Add ability to dump local dataflow info in IR dumps This change adds a new module, `PrintIRLocalFlow.qll`, which can be imported into any query that uses both `PrintIR.qll` and the IR dataflow library. The IR dump printed by `PrintIR.qll` will be annotated with information about how each operand and instruction participates in dataflow. For each operand and instruction, the following propeties are displayed: - `flow`: Which local operands/instructions have flow to this node, and which local operands/instruction this node has flow to. - `source`: `true` if this node is a source - `sink`: `true` if this node is a sink - `barrier`: Lists which kinds of barrier this node is. Can be zero or more of `full`, `in`, `out`, and `guard`. If the node is a guard barrier, the IR of the guarding instruction is also printed. We already had a way to print additional properties for instructions and blocks, but not for operands. I added support for operand properties to `IRPropertyProvider`. These are now printed in a curly-brace-enclosed list immediately after the corresponding operand. When printing flow, instructions are identified by their result ID (e.g., `m128`). Operands are identified by both the result ID of their instruction and their kind (e.g., `r145.left`). For flow from an operand to its use instruction, it just prints `result` at the operand, and prints only the operand kind on the instruction. Example output: ``` ``` The `+` annotations indicate when the flow came from `isAdditionalFlowStep()`, rather than built-in local flow. commit 98d8ec488e43632865b8045f9ee534522310da55 Author: james <[email protected]> Date: Wed Oct 14 15:41:24 2020 +0100 add banner to sphinx template commit d2b90662a3c2bdc9cac1a477e9e2c546168a038b Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 17:31:13 2020 +0200 Python: implement ToString on mappings commit 466c22f4a8d805dc464f76360fbe927002d4996c Merge: 5f6f85c99 5db4f906d Author: Taus <[email protected]> Date: Wed Oct 14 16:41:42 2020 +0200 Merge pull request #4435 from RasmusWL/python-port-code-injection Python: port code injection query commit 6a3aed337f858ab3441bea55ddf72761ef3cbb3c Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 16:35:43 2020 +0200 Python `self` -> `range` commit 352418cb5d20923c9b2b9378c88d41e9ba4ce920 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 16:33:55 2020 +0200 Python: track safe loaders commit f8190feef27dc591d8a6b0806e4c86be0643fa57 Author: Taus Brock-Nannestad <[email protected]> Date: Wed Oct 14 15:21:22 2020 +0200 Python: Fix divergence in tuple/subscripted type `toString` A slightly more complicated version of the situation in https://github.com/github/codeql/pull/2507 could cause the `toString` calculation to diverge. Although the previous PR took tuples nested inside tuples into account (and subscripted types cannot be nested inside each other in our modelling), it did not account for having this nesting be interleaved, and this is what caused the divergence. I have not done the usual "test case first to show the problem exists", since this would also diverge and take forever to fail. The instance observed in `scipy` was likely caused by something akin to ```python x = () while True: x = x[(x,)] ``` Finally, to prevent this from happening with other types, I went through and checked each instance where the string representation of an `ObjectInternal` might potentially contain a reference to itself (and thus explode). I encapsulated this in a `bounded_toString` helper predicate, and used this in all the cases where I was able to determine that the above _could_ happen. commit 5f6f85c9982f4736d978be13765020f30e6882cf Merge: 92ccb795f fdb489fc9 Author: yoff <[email protected]> Date: Wed Oct 14 15:37:39 2020 +0200 Merge pull request #4465 from tausbn/python-remove-essa-flow Python: Remove flow between ESSA variables commit b8cba381cf1ec148ae3b6b920b96a935afa7e51b Merge: 3a281a1bd 92ccb795f Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 15:01:30 2020 +0200 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization commit 5a91736b7aa19baf2c35ea3ae47ccbf108c764f5 Author: Tamas Vajk <[email protected]> Date: Wed Oct 14 14:08:48 2020 +0200 C#: Change public fields to properties commit 3a281a1bd6682815cb6344048f836426f908dd02 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 14:40:11 2020 +0200 Python: Adjust comments and tests commit 5db4f906d015b44cff56b4b2ae4b6092b16b0d9f Merge: 1fde477a8 92ccb795f Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 14:22:02 2020 +0200 Merge branch 'main' into python-port-code-injection commit 91806da2fa696e08993a04e17dfdce9a34875b8e Author: Tom Hvitved <[email protected]> Date: Wed Oct 14 09:38:45 2020 +0200 C#: Address review comments commit 5d1a5920c719e7569ae25ba6fc07eb26d1a5ec38 Author: Tom Hvitved <[email protected]> Date: Fri Sep 25 10:40:09 2020 +0200 C#: Reimplement flow-summary compilation commit 444e607338965f218690dc99577bed68579453f4 Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 11:57:13 2020 +0200 C#: Add missing flow through library code using `params` arguments commit f2dc2d912a93744acfbacb180aa28dca7e81f60b Author: Tom Hvitved <[email protected]> Date: Wed Oct 7 14:00:34 2020 +0200 C#: Add inter-procedural data-flow test for `StringBuilder` commit ffe79f688d67349d1884708d7d9d7200785f9d18 Author: yoff <[email protected]> Date: Wed Oct 14 14:08:16 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 92ccb795fde5decdc60f370c1a4c3350f90f9745 Merge: 61ecec7d1 74bd04548 Author: Taus <[email protected]> Date: Wed Oct 14 13:29:51 2020 +0200 Merge pull request #4415 from RasmusWL/python-flask-routed-parameter Python: Add support for routed parameters in flask commit 1fde477a8fc445e3b310b101c70d9949530d65e6 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:22:35 2020 +0200 Python: Refactor argument matching commit 680a6eb2a61e5006fafd9bf37ae78f7173c1ce4a Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:21:04 2020 +0200 Python: Refactor argument matching (more) commit 61ecec7d1791b8d4e36a75deae3666826aab2aa0 Merge: 27f474f0e f3c07e384 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 13:08:57 2020 +0200 Merge pull request #4467 from tausbn/python-fix-import-type-tracking Python: Fix unwanted module type tracking commit 27f474f0e999aa582699e0b23deefd11bf564310 Merge: 8127d9b93 4d9d2155f Author: yoff <[email protected]> Date: Wed Oct 14 12:13:35 2020 +0200 Merge pull request #4429 from RasmusWL/python-model-invoke Python: model invoke library commit dc7e7890f09e6f9ea977d41db8e522ebafdc48e4 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 12:03:05 2020 +0200 Python: Clearer naming and comments (I hope) commit f3c07e3849a05d74add9e333f3ebaec646f11ff4 Author: Taus Brock-Nannestad <[email protected]> Date: Wed Oct 14 11:58:14 2020 +0200 Python: Fix up import helper tests commit 4100ab2919cd42874019e20ac4a41701e912c509 Author: Max Schaefer <[email protected]> Date: Wed Oct 14 10:03:27 2020 +0100 JavaScript: Add another test to show that flow through functions still works. commit 1c04c07f07045ec3cfbdcdf729032b385eaa3820 Author: Max Schaefer <[email protected]> Date: Mon Oct 12 14:52:23 2020 +0100 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. commit 8127d9b93e2bab133758577f67bd4326a3de7655 Merge: b49aa677d ce9624e61 Author: Tamás Vajk <[email protected]> Date: Wed Oct 14 11:02:40 2020 +0200 Merge pull request #4404 from tamasvajk/feature/cleanup-2 C# extractor code cleanup commit b0cfa1d92df1d460c4f17e9302323fadf89cf71d Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:53:18 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit bfa5d18476cd55ecbe85a48cf7f5c4967496fc3e Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:49:38 2020 +0200 Python: Use new importNode commit 7d600e4e8e0eb1ead82f263ed4236de62d155d4d Merge: 0b0763953 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:48:38 2020 +0200 Merge branch 'main' into python-port-code-injection commit 4d9d2155fc36eed3e53a71b0d6ec0a79bf0af863 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:44:58 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit b0e79890e688a6f4d69e764052d4ebc3e03f95a4 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:43:22 2020 +0200 Python: Use new importNode commit 4597ba64d07bdf3204519700ef1f542f5ae9f746 Merge: 662235bad 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:41:37 2020 +0200 Merge branch 'main' into python-model-invoke commit eff47457bfbaf68c11501c88a61e14f9371626c4 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:35:37 2020 +0200 Python: Refactor argument matching commit 2ea71f574cfa71e8e2b1cbda49364d0d3d0e2604 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:33:03 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit 2e30f58aa2f16e9447e22ffe4e061a189ad1c224 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:27:56 2020 +0200 Python: Use new importNode commit ecf70c5f303d6c123de118df82c1cd3c2b105aff Merge: dcd103ea7 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:36:43 2020 +0200 Merge branch 'main' into python-model-python2-specific-command-execution commit 74bd045488572fca673e3694f55fa0f747ca6cd9 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:24:46 2020 +0200 Python: Make "..Call" modeling classes extend DataFlow::CfgNode commit ba158f33171daa3fdac231b0376e02ef5e9d1344 Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:17:35 2020 +0200 Python: Use new importNode commit 49d2e68d1202fcebd0c9c1850a08db80354b11d4 Merge: ce85ac3ce 83937baca Author: Rasmus Wriedt Larsen <[email protected]> Date: Wed Oct 14 10:16:00 2020 +0200 Merge branch 'main' into python-flask-routed-parameter commit b0ebb5b6d1b1323c7f4aa6f9916fb4489b29dbec Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 09:51:24 2020 +0200 Python: Adjust tag format commit 93383747bd4ef2ea741fd3be04316fc88168040a Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 09:28:58 2020 +0200 Python: Use more common name for concept commit a76d276b489c5076cf907dbf33a7a1f27926b8a0 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Wed Oct 14 08:44:04 2020 +0200 Python: Adjust `getARelevantTag` commit 3b9ea3a958542f3485d9e2335f498c693f714724 Author: yoff <[email protected]> Date: Wed Oct 14 08:24:26 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit fc71ca747d1082cff7371ed279eee5cb9b13b770 Author: Jonathan Leitschuh <[email protected]> Date: Tue Oct 13 21:15:09 2020 -0400 Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile commit 7d86b53b710822be514f0821b3f32d9373b7ff59 Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 22:47:57 2020 +0200 Python: Fix unwanted module type tracking commit 76e5b59dab05aae5e80e30c24c40f8ab1a99e1bf Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 22:47:03 2020 +0200 Python: Add test case for unwanted module type tracking commit b49aa677d0f84512013fd8683d19121cc7b58bf9 Merge: 83937baca 58727cb8a Author: Robert Marsh <[email protected]> Date: Tue Oct 13 15:17:54 2020 -0400 Merge pull request #4459 from geoffw0/setex C++: Additional taint flows through std::set commit 1f2390455c5edc7386e34c0a103d4687e8f997dd Author: yoff <[email protected]> Date: Tue Oct 13 19:15:33 2020 +0200 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus <[email protected]> commit 5d66c485d50e56dbb5e36f3695f7b460769ab6c7 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 19:12:52 2020 +0200 Python: IPA type for arguemnt mappings Not sure how arg2 in line 118 is achieved commit 83937bacae35fdf41f3e0ec761bdeb5f497c6c1a Merge: b895641a8 2c5996f69 Author: Taus <[email protected]> Date: Tue Oct 13 18:08:07 2020 +0200 Merge pull request #4448 from RasmusWL/python-simplify-import-modeling Python: simplify import modeling commit 2c5996f6944a6ecc7f06d1caeea070365c41cbbd Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 17:21:21 2020 +0200 Python: Refactor subprocess_attr type-tracker Co-authored-by: Taus <[email protected]> commit fdb489fc934f161b22f82fe89985fe01bc71ac2d Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 16:35:41 2020 +0200 Python: Remove flow between ESSA variables This required a minor change in the type tracker implementation, but apart from that no other changes appear to be needed. Seems to clean up the test output quite a bit. commit 05b744701e1ccd12cf06514b28278c5358d0a9e2 Author: yoff <[email protected]> Date: Tue Oct 13 15:31:50 2020 +0200 Apply suggestions from code review Co-authored-by: Taus <[email protected]> commit b895641a8398deb9675b33d8001745bba9bae221 Merge: 83d6d6041 182912623 Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 15:08:28 2020 +0200 Merge pull request #4464 from tausbn/python-remove-dataflowcfgnode Python: Get rid of `DataFlowCfgNode` commit 76c9b8c49fcd17e38598e01684527f5b6a98e5b7 Author: Rasmus Wriedt Larsen <[email protected]> Date: Fri Oct 9 14:37:23 2020 +0200 Python: Expose importNode instead of importModule/importMember Since predicate name `import` is not allowed, I adopted `importNode` as it sort of matches what `exprNode` does. --- Due to only using `importMember` in `os_attr` we previously didn't handle `import os.path as alias` :| I did creat a hotfix for this (https://github.com/github/codeql/pull/4446), but in doing so I realized the core of the problem: We're exposing ourselves to making these kinds of mistakes by having BOTH importModule and importMember, and we don't really gain anything from doing this! We do loose the ability to easily only modeling `from mod import val` and not `import mod.val`, but I don't think that will ever be relevant. This change will also make us to recognize some invalid code, for example in import os.system as runtime_error we would now model that `runtime_error` is a reference to the `os.system` function (although the actual import would result in a runtime error). Overall these are tradeoffs I'm willing to make, as it does makes things simpler from a QL modeling point of view, and THAT sounds nice :+1: commit ce9624e61d8aff64168ecd29e894f09905ccffb8 Author: Tamas Vajk <[email protected]> Date: Tue Oct 13 14:50:46 2020 +0200 C#: Remove unneeded vscode settings from settings.json commit 4bfd55f1af6338689bbac86bb3b933bae75f8397 Author: Rasmus Wriedt Larsen <[email protected]> Date: Fri Oct 9 14:00:25 2020 +0200 Python: Show problem with os.path modeling This is not a very good test for showing that we don't handle direct imports, but it was the best I had available without inventing something new. It's very fragile, since any of these would propagate taint (due to handling all `join` calls as if the qualifier was a string): ospath_alias.join(ts) ospath_alias.join(ts, "foo", "bar") But this test DOES serve the purpose of illustrating that my fix works :D commit ce793c357f8bb9f374148cb43b0004cbffa6eff0 Author: Tamas Vajk <[email protected]> Date: Tue Oct 13 14:16:28 2020 +0200 C#: Adjust parameters of DefinitionField ctor commit ea53ea0994ba808221a7e250ac31a138de86fa70 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:04:48 2020 +0200 C#: Prefer keywords over type names commit 8afac251209cf0940d5338993bbc26394a5098ce Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:02:16 2020 +0200 C#: Add params modifier on override commit 63e173198d5ae4605c135911d7bbaad2b5ff142d Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 14:01:49 2020 +0200 C#: Make static member on generic class private commit 6cf20d569da284a055db538af9c859814a51934b Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:59:32 2020 +0200 C#: Remove overrides that do nothing commit 9b349eb84458a17bfc5247b9746659186fbecd17 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:43:49 2020 +0200 C#: Use Contains instead of IndexOf commit 5b33f43b78edf9498501e5a010747919db06c25b Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 13:35:52 2020 +0200 C#: Use nameof commit f84669904bd3617ff6cc90fbd7f31b1760a87e55 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 11:05:46 2020 +0200 C#: Fix typo commit 7075c6f8cae59663aca958646d05122c9fdf04d8 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 11:01:33 2020 +0200 C#: Fix public property naming commit a4fec39c110bca9d8982c21a9e019259733af66d Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:52:45 2020 +0200 C#: Move fields to locals where possible commit b07aceff6b30240111db93c6da5d3c3bd5e0d684 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:46:56 2020 +0200 C#: Fix exception throwing commit 6dfe90e479bca519f14c5d49086255265decd16e Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:33:02 2020 +0200 C#: Change array-returning properties commit 7721c7bba7af1e8efb27c286a9abf666ca8009d2 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:23:19 2020 +0200 C#: Remove redundant conditions commit cbdd13127e960d3652caf45d6606aa8f5f4e6ee0 Author: Tamas Vajk <[email protected]> Date: Mon Oct 5 10:21:06 2020 +0200 C#: Convert publicly visible fields to properties commit d5382f2cfdaa1c75a1ffaf7ebd11484504c0e668 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 17:04:37 2020 +0200 C#: Fix modifier orders commit fbc128fcc794a7ecab60dbc9dcf9ffe78fcadce6 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 17:02:49 2020 +0200 C#: Fix type parameter names commit 2e350caf9f4df1eab37f8e87adabc653f06ba8e1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 15:45:48 2020 +0200 C#: Fix private field and local variable naming commit ecb29a267b5a2d58ea6d0bebb4f2b03d77b51f8e Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:33:10 2020 +0200 C#: Add editor config naming rules commit baf6f59bfc7d0cd93d46f03c65d84f4a950f5356 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:27:27 2020 +0200 C#: Add braces to multiline block statements commit 28694513a13c233e02f7731ba58f2d59db75ec61 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:23:04 2020 +0200 C#: Use pattern matching commit 155453d9cb38d1a62f766aa74f8d09b127548501 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 14:07:01 2020 +0200 C#: Format single line if statements commit aec4481cfb0880b997f77ed2dad038563fbf722b Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:45:38 2020 +0200 C#: Use var everywhere commit 7d544e34afac03d4ef9d819d8dcf26a031b27d05 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:41:22 2020 +0200 C#: Add declaration visibility modifiers commit 466e0cf08543ba2756c71b6a29aed8af1dc9a81d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:40:49 2020 +0200 C#: Remove naming styles from editor config, add IDE diagnostic severities commit ec6ed90c497679864a69a7f86c9df9cbb91a7fe1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:09:25 2020 +0200 C#: Add final new line to files commit 2e215640327973e8f99485640873fdacaab9e8e9 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 13:06:03 2020 +0200 C#: Fix formatting with 'dotnet format' commit 7f86768a4930de584a6e267586ecd3feb477b000 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 12:46:45 2020 +0200 C#: Reformat LINQ extension method call-chains commit 115a216ea9a61ac0e900ae604f0e9cd938e954b3 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 12:25:54 2020 +0200 C#: Format nested ternary operators commit c38bf5ee5b1f49046b35ddb206df3ec5cc48acd1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:56:50 2020 +0200 C#: Reduce nesting and fix some formatting commit e73ced2275fa8e1f3690f1941ea02906ef685eb1 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:49:35 2020 +0200 C#: Add sealed modifier to classes to fix dispose-pattern, remove explicit IDisposable implementations commit 397be7e98ffbd33dc1e15d76693448df3586bdfe Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:42:10 2020 +0200 C#: Change constructor visibility to protected in abstract classes commit 71faa512709e812523c73e2c95cc97c6c06d1b5b Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:36:42 2020 +0200 C#: Dispose IDisposables commit e208f3d21d67e867cc3b4096a564920c0517118d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:29:28 2020 +0200 C#: Simplify null checks with pattern matching, ??, and ?: commit 504f56adeb46219065e77fb81c0afe712da8a45d Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:17:12 2020 +0200 C#: Simplify object initialization commit b793af571ee0102bb316a264bfe00bb6b874b74a Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:14:46 2020 +0200 C#: Remove unnecessary usings commit ec63acfb0cbf02167ccb1cf9553ca573f593efbd Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 11:04:25 2020 +0200 C#: Inline out variable declarations commit f2e6b42aa45c4a2f2ce96d8da78b3ddb21de9471 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:52:13 2020 +0200 C#: Add type parameter in/out commit 33672a4058415bed35c6cdffa88b6abe0506e5fe Author: Tamas Vajk <[email protected]> Date: Tue Oct 6 13:59:19 2020 +0200 C#: Simplify using statements commit 412b87c5c71bdf08c0b1350d51c90372a602fed0 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:37:38 2020 +0200 C#: Fix loop that iterates only once commit 79eff0682863ed98c5f8c418361976f812f2d4d7 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:29:09 2020 +0200 C#: Remove unused out argument commit 921d3eeaec9000cc81902235c349e41b07f0c390 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:24:18 2020 +0200 C#: Mark members static (remove unused members) commit 68a45e7e9dda451335e36f0996c1ce24d8545af4 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:10:50 2020 +0200 C: Remove unused fields commit 0c9aaa3dce5b0d9e3f8b63578664a8a61b701506 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 10:00:27 2020 +0200 C#: Remove unused parameters commit 93c6d5ea584a6a8870b9087a0b3b728101958246 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 09:52:40 2020 +0200 C#: Fix empty array creation commit 2d3985742fe084d009bb4f337671f302fd097a76 Author: Tamas Vajk <[email protected]> Date: Fri Oct 2 09:48:58 2020 +0200 C#: Fix length/emptiness checks commit b7e8b48e9e6e43760da6c1218bb7da98f9fe5239 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 13:06:47 2020 +0200 Python: Move concept tests out These tests should be fleshed out at some point, but currently they test all that we model. commit 1829126230a615ca5ba5950590e2c28be474d6fb Author: Taus Brock-Nannestad <[email protected]> Date: Tue Oct 13 13:04:59 2020 +0200 Python: Get rid of `DataFlowCfgNode` Should make modelling data flow nodes that are also specific subclasses of `ControlFlowNode` a bit smoother. commit 83d6d6041ac9930070d3421e0529573c3e1c4c00 Merge: d3f8fb5e5 96db3459d Author: Erik Krogh Kristensen <[email protected]> Date: Tue Oct 13 12:50:00 2020 +0200 Merge pull request #4462 from erik-krogh/strayTodo JS: remove stray todo commit b2a2412f1d9395e92685d415cc570a239372c34e Author: Joe Farebrother <[email protected]> Date: Tue Oct 13 11:30:02 2020 +0100 Java: Clean up the constructor flow steps commit 4685f2d5f2f61d2606c34544fddf2ab751497e52 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Tue Oct 13 12:03:23 2020 +0200 Python: Address many review comments still need to move concept tests commit 662235bad804c8df85b66f9538e1bd592a2f7092 Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 11:56:21 2020 +0200 Python: Use classRef instead of class_ Discussed offline with Taus commit d3f8fb5e53b5ed64ca76c41efb664ca63eeec046 Merge: e2b0c6062 3288cf1a7 Author: CodeQL CI <[email protected]> Date: Tue Oct 13 02:56:21 2020 -0700 Merge pull request #4423 from tausbn/python-add-attribute-access-interface Approved by RasmusWL commit 96db3459d0257571252d2e5468f7b00ef5454fed Author: Erik Krogh Kristensen <[email protected]> Date: Tue Oct 13 11:48:06 2020 +0200 remove stray todo commit dcd103ea7329a5adaf29d106117397be3f118f9b Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:31:35 2020 +0200 Python: Fix grammar Co-authored-by: Taus <[email protected]> commit ce85ac3ce12fe446ae0ae780d625da6fcbfc2fdb Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:15:03 2020 +0200 Python: Remove solved TODO commit 2e430325be5e9d20fac6a98a1be581455ca3bf2b Author: Rasmus Wriedt Larsen <[email protected]> Date: Tue Oct 13 10:05:35 2020 +0200 Python: Refactor argument matching to use set literals Co-authored-by: Taus <[email protected]> commit e2b0c60627201f7938d2b5050e634863f361431a Merge: 3b7cf7fd2 9ac70e304 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 11:41:21 2020 -0700 Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements Approved by erik-krogh commit 3b7cf7fd27f1f6caacaa3702947c154969802444 Merge: fc4a3426a c63f7cb40 Author: Robert Marsh <[email protected]> Date: Mon Oct 12 14:17:17 2020 -0400 Merge pull request #4439 from geoffw0/mapex C++: Additional taint flows through std::map commit 9ac70e3044908ba728cd5f1f3123894baf49c2c7 Author: Max Schaefer <[email protected]> Date: Mon Oct 12 16:29:11 2020 +0100 JavaScript: Clarify the relationship between `MkCanonicalName{Def,Use}` with an upper-case `M` and `mkCanonicalName{Def,Use}` with a lower-case `m`. commit aa8bacb72402e061a925ecb919b29c56f0af06d8 Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 15:36:14 2020 +0100 Java: Update test output commit 3416911ac6942fd3a59c531ce1ec5e38bbdd185c Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 15:23:01 2020 +0100 Java: Refector out StringBuilder and Number taint preserving callables commit eafde05a55be693e376fe4831043809ae61791fa Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 14:43:21 2020 +0100 Java: Expand flow step refactoring to Callables Also add some missing flow steps for StringBuilder commit 7e2c49fadd80e50aa4b5d9bf84e5ce6a99739639 Author: Joe Farebrother <[email protected]> Date: Mon Oct 12 14:05:50 2020 +0100 Java: Fix a couple of flow step issues Co-authored-by: Anders Schack-Mulligen <[email protected]> commit 4a8b7f64e860acc84301fdef0c937b07a47e17e6 Author: Joe Farebrother <[email protected]> Date: Fri Oct 9 12:20:09 2020 +0100 Java: Rename returnsTaint to returnsTaintFrom commit ca9038350cff194e0536f5c97889c748fc48c16d Author: Joe Farebrother <[email protected]> Date: Fri Oct 9 11:30:30 2020 +0100 Java: Add `this.` and fix mistake commit 5d487b97da8a7336bed12029a3d790eb03c41ef9 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 17:02:49 2020 +0100 Java: Merge `TaintPreservingMethod` with `TaintTransferringMethod` commit a510f5886528864cc27b1cb052a80132ad0c4df7 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 16:34:04 2020 +0100 Java: Implement code review changes commit 91ce02aad46fba33ba74bc83266984299c51f665 Author: Joe Farebrother <[email protected]> Date: Thu Oct 8 11:32:28 2020 +0100 Java: Fix bug involving varadic parameters commit 79209af9c0b2fc1299a9c5e5f83cf71274ce14ed Author: Joe Farebrother <[email protected]> Date: Wed Oct 7 12:58:11 2020 +0100 Java: Refactor out flow steps for more frameworks. commit 92fd8c4128f50667ab8a78de371513b10af9e7be Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 17:37:01 2020 +0100 Java: Move new definitions to new file commit 60a7666105309176686bfbe0742b14036e18ce25 Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 16:50:44 2020 +0100 Java: Refactor Android SQLite flow steps commit ca60f2cc18097f16abdb3dad6332cc1ca870555c Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 13:49:02 2020 +0100 Java: Fix failing tests commit ff6c5c219c84c1a765f48cdbea25c8f0fd94be4b Author: Joe Farebrother <[email protected]> Date: Tue Oct 6 11:11:24 2020 +0100 Java: Start TaintTrackingUtils refactor commit 551d86c6eae8c2ff5e89509a4e449ab058970d98 Author: Joe Farebrother <[email protected]> Date: Mon Oct 5 11:33:12 2020 +0100 Java: Define classes for taint propagation methods commit fc4a3426acee036a5a7ba97b49d2a361324ba78e Merge: 24da4cc34 0c70be145 Author: Arthur Baars <[email protected]> Date: Mon Oct 12 16:42:11 2020 +0200 Merge pull request #4457 from daniel-beck/file-taint Java: Track taint through java.io.File constructor and #toURI; URI#toURL commit 3288cf1a75a1d19817821a02ce9732e580ac68af Author: Taus Brock-Nannestad <[email protected]> Date: Mon Oct 12 16:38:21 2020 +0200 Python: Hopefully final changes to documentation. commit cd33d358aa43a108eac202971a09af4817a6674d Author: Max Schaefer <[email protected]> Date: Mon Oct 12 14:50:47 2020 +0100 JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path. commit 24da4cc34446a7ec1802d1f6ca7c310a1b0ec16e Merge: 8eb84b259 0459248b9 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 15:38:13 2020 +0200 Merge pull request #4421 from jbj/SimpleRangeAnalysis-guard-overflow C++: Demonstrate overflowing guard bounds commit 433a36225b7451e72783c3d88a80a26282757036 Author: yoff <[email protected]> Date: Mon Oct 12 15:26:53 2020 +0200 Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit 0459248b9fb11de4f9c22c7e089a59350af069c0 Merge: 30b9d13a4 6d1634ef8 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 14:29:09 2020 +0200 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-guard-overflow commit 8eb84b25996343939fb9dd191ffb0e87dab699e8 Merge: 6d1634ef8 98ab38a63 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 05:26:53 2020 -0700 Merge pull request #4391 from max-schaefer/js/api-graph-reexport Approved by asgerf commit 6d1634ef8f6a08f54ad6a74995045b1d73b37cc7 Merge: 35985a918 a0cbeb609 Author: CodeQL CI <[email protected]> Date: Mon Oct 12 05:23:29 2020 -0700 Merge pull request #4329 from erik-krogh/DVSA Approved by esbena commit b07c7abacc34b71d4426cd12cb55853d565277da Author: Taus Brock-Nannestad <[email protected]> Date: Mon Oct 12 13:49:08 2020 +0200 Python: Clear up attribute name access QLDoc commit 35985a9189f395cf5595a486f5af930f02bf0a61 Merge: 6440db786 9d1f64d35 Author: Tom Hvitved <[email protected]> Date: Mon Oct 12 13:01:39 2020 +0200 Merge pull request #4452 from hvitved/csharp/ssa/overlapping-captured-defs C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables commit 6440db786dee4af0f295d525c302b9ffceb3c9c0 Merge: 725194a3b 9b12ceae8 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 11:20:09 2020 +0100 Merge pull request #4420 from jbj/SimpleRangeAnalysis-widen-Expr C++: SimpleRangeAnalysis: widen recursive *, +, - commit 58727cb8ad20ec39d77ec751624135f9f9e2b520 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:52:50 2020 +0100 C++: Update change note. commit 4363f08b45df19caf464fa33f4e906cf893bb185 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:47:08 2020 +0100 C++: Model std::set::emplace and emplace_hint. commit 30b9d13a4524c345443df33c32f162b7fd1a43f1 Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 11:25:38 2020 +0200 C++: Correct annotation in test commit 5d87117dc792bd16cbf6001f513c273d4a021289 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:10:40 2020 +0100 C++: Model std::set::lower_bound, upper_bound, equal_range. commit 9b12ceae8d69165c1746372af19f4a370240b6c0 Author: Jonas Jensen <[email protected]> Date: Tue Oct 6 13:28:07 2020 +0200 C++: SimpleRangeAnalysis: widen recursive *, +, - The number of candidate bounds during the main `SimpleRangeAnalysis` recursion was in principle always exponential in the size of the program, but in practice it did not get out of hand when only `+` and `-` operations were supported. Now that `*` is also supported, the range analysis started timing out on the SinaMostafanejad/OpenRDM project. The problematic expressions in that project are of the form a*x*x*x + b*x*x + c*x + d where most of the variables involved are recursive definitions and are therefore likely to have a large number of candidate bounds. The fix here is to identify those few binary operations that are most likely to cause an explosion in the number of bounds and apply widening to them. Previously, widening was only applied at definitions. commit bbeea452e1ca5f352553264d86d9ec1a5ca0661f Author: Jonas Jensen <[email protected]> Date: Mon Oct 12 11:06:54 2020 +0200 C++: Add test with widening of binary Expr commit fc19bba0bdbde5f3e693a604a1f722f5f0747759 Author: Geoffrey White <[email protected]> Date: Mon Oct 12 10:01:57 2020 +0100 C++: Model std::set::merge and correct test annotations. commit 9d1f64d35d27321a4c50976ebd712f04f7d243e4 Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 15:47:05 2020 +0200 C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables commit 725194a3b8c8d09786c2758604b5c31deb021ded Merge: c8cacb9fe 091e3a293 Author: Anders Schack-Mulligen <[email protected]> Date: Mon Oct 12 08:56:19 2020 +0200 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency Dataflow: Introduce consistency check for flow targeting PostUpdateNodes commit 0c70be145f366446fc593b1617268b4bd9728693 Author: Daniel Beck <[email protected]> Date: Sat Oct 10 20:29:01 2020 +0200 Track taint through java.io.File constructor and #toURI; URI#toURL commit c63f7cb409ecc76d157a69093074f082155ddcb1 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 16:33:54 2020 +0100 C++: Taint through emplace from qualifier to return value. commit 270517d3797d1e2e8b58ed8cb3030e93d905447e Author: Geoffrey White <[email protected]> Date: Fri Oct 9 16:05:56 2020 +0100 C++: Revise model of emplace and emplace_hint. Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys. commit 49c121d370007c76eddabbfd07c266b6627e56b0 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 15:56:06 2020 +0100 C++: More test cases covering other std::pair constructors. commit 091e3a2931d43bdcf35f8763f9301193d58ad5c7 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 9 16:25:14 2020 +0200 Dataflow: Adjust test output. commit 4bd56fdbe44bc4d0ae09ee47200c3b1ee94322e8 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Fri Oct 9 16:13:47 2020 +0200 Python: Implement framework sinks commit 0d8bd01e10549c5ee2f4db76d8d74775c02d4b19 Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Fri Oct 9 16:11:37 2020 +0200 Python: Port query and add test commit 723699a58422bd61b6fb0bb12733b76acdda01b0 Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 15:38:37 2020 +0200 C#: Add SSA test for overlapping captured variable definitions commit c8cacb9fee0a66c589f0f24406d1f5210842959d Merge: 4c9ffcec2 42ee13630 Author: James Fletcher <[email protected]> Date: Fri Oct 9 14:47:39 2020 +0100 Merge pull request #4451 from github/jf205-patch-2 Fix typo in CodeQL docs template commit 61a78e28acf01617ecd325dd98dd13a792d3fe90 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 14:46:17 2020 +0100 C++: Fix map::merge. commit 42ee136306e3c462768cc6bdef9e31339ceca2d1 Author: James Fletcher <[email protected]> Date: Fri Oct 9 14:33:45 2020 +0100 Update layout.html commit a0cbeb6093536da08f6e18781f44965dcb5ed1b9 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:54:34 2020 +0200 add change note commit 2fb19f0b117b422d1047af50a0cc969175dd25b9 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:50:16 2020 +0200 refactor into a single regular expression with two capture groups commit f6f8bbd1d8657395de8eb65ab0f3704b294ccb01 Author: Erik Krogh Kristensen <[email protected]> Date: Fri Oct 9 14:46:31 2020 +0200 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll Co-authored-by: Esben Sparre Andreasen <[email protected]> commit 1c043447e8be5802c3c0b9910e8ce4786125bc49 Author: Anders Schack-Mulligen <[email protected]> Date: Fri Oct 9 14:29:52 2020 +0200 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. commit 4c9ffcec2714424f72569123441b91ac90adc1bf Merge: 2436c5625 493b80c44 Author: Jonas Jensen <[email protected]> Date: Fri Oct 9 13:30:05 2020 +0200 Merge pull request #4396 from geoffw0/stringsets C++: Use [, ...] syntax more widely. commit 2436c5625888e94f30734bdbab7d34ca08dc2c8d Merge: b0d01cfe8 6d78c7b46 Author: James Fletcher <[email protected]> Date: Fri Oct 9 11:40:47 2020 +0100 Merge pull request #4444 from github/codeql-style-updates [CodeQL docs] First pass at style updates for docs microsite commit b0d01cfe8d317fb15839488dc9369079f7e2fa96 Merge: 412524103 3af3d87ec Author: Alexander Eyers-Taylor <[email protected]> Date: Fri Oct 9 10:45:11 2020 +0100 Merge pull request #4370 from jbj/range-analysis-mega-change-note C++: Change note for several range-analysis PRs commit 6d78c7b46e97b023169548f7d212bb06868baa2f Author: james <[email protected]> Date: Fri Oct 9 10:04:39 2020 +0100 fix path to primer.css in template commit 1f1be3bf9a76893179e42e419985ae54f8db2457 Author: Geoffrey White <[email protected]> Date: Fri Oct 9 10:04:22 2020 +0100 C++: Block try_emplace arg 0. commit de429067855224fd9dc18ca99a393362873139a7 Author: james <[email protected]> Date: Fri Oct 9 10:00:41 2020 +0100 hide header text on small screens and fix body width commit 2fe986eb7940022a885e286f996b2c13714f2963 Author: james <[email protected]> Date: Thu Oct 8 14:22:49 2020 +0100 add local primer.css commit 8786fe1ab82c7a74155361f509f615c2166ba17a Author: Geoffrey White <[email protected]> Date: Fri Oct 9 09:55:50 2020 +0100 C++: Add test missing test case involving tainted key. commit 412524103c4f96570b181db5dca015d34d38b09c Merge: 3894ecf77 ca4e5014a Author: Tom Hvitved <[email protected]> Date: Fri Oct 9 10:54:56 2020 +0200 Merge pull request #4437 from hvitved/csharp/cfg/compiler-generated-array-lengths C#: Include compiler-generated array lengths in the CFG commit 3894ecf7792ec8c52fb02711c6232ff4a3ecc6d3 Merge: f42cbcbea 4bf6f6ac7 Author: CodeQL CI <[email protected]> Date: Fri Oct 9 00:37:38 2020 -0700 Merge pull request #4441 from max-schaefer/js/add-negative-api-graphs-test Approved by erik-krogh commit 3b328baaef479e6d34fa2cfbde4cfbf58c6e2906 Author: Erik Krogh Kristensen <[email protected]> Date: Thu Oct 8 21:54:23 2020 +0200 changes based on review commit 65b90c411c88502f694c326c4d314b1ac8173977 Author: Erik Krogh Kristensen <[email protected]> Date: Thu Oct 8 21:28:50 2020 +0200 Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll Co-authored-by: Esben Sparre Andreasen <[email protected]> commit 4bf6f6ac7ca3a899af3bc2a20d4ac9dd5dbd01a0 Author: Max Schaefer <[email protected]> Date: Thu Oct 8 19:53:23 2020 +0100 JavaScript: Add a negative test for API graphs. The test ensures that flow summarization won't label property `f` of the first parameter of `assertNotNull` as a sink, which would be very imprecise. commit 493b80c44d81c4c764a199794dabfab0c59880c3 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 17:46:50 2020 +0100 C++: Fix incorrect translations to hasQualifiedName. commit f42cbcbeae99d8fe309b80205af27331f0d82c7d Merge: b409cf6ce f3f908383 Author: Tamás Vajk <[email protected]> Date: Thu Oct 8 18:23:12 2020 +0200 Merge pull request #4428 from tamasvajk/feature/force-nuget-single-restore C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder commit 60eec7b1363c0182d54c567b4495a48646b993ca Author: Taus <[email protected]> Date: Thu Oct 8 18:14:20 2020 +0200 Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit d46453caaa6dd28ab0ed5a183fa077e4e17f4c61 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 18:08:55 2020 +0200 Python: Support named imports as attribute reads Required a small change in `DataFlow::importModule` to get the desired behaviour (cf. the type trackers defined in `moduleattr.ql`, but this should be harmless. The node that is added doesn't have any flow anywhere. commit c555cfa22af4d03c8479f54509044001720eab9e Author: Geoffrey White <[email protected]> Date: Thu Oct 8 16:55:45 2020 +0100 C++: Replace isParameterDeref(_). commit f3f908383b4fc900d355ee78411f19f707e12dd2 Author: Tamas Vajk <[email protected]> Date: Thu Oct 8 17:07:40 2020 +0200 C#: Adjust autobuilder tests for added nuget.exe flag commit 522f41377ffad825525636d78f577c950bb53c06 Author: Tamas Vajk <[email protected]> Date: Wed Oct 7 12:20:14 2020 +0200 C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder commit e01e4b5bdedee58785c6b02858f542f9e5e8c16c Author: Geoffrey White <[email protected]> Date: Thu Oct 8 14:29:08 2020 +0100 C++: Fix QLDoc comments. commit 5c1a510e4a2b7463b3f73556bb1bd24f32995ae7 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 12:17:13 2020 +0100 C++: Model map::lower_bound, upper_bound and equal_range. commit ef9a7c8cdb05cc3138abe61f9f3a9be667e02b28 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 11:55:46 2020 +0100 C++: Model map::merge. commit b7ab89c892282c7a670cfcb6ea514a06af4554b9 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 11:48:16 2020 +0100 C++: Model map::emplace, emplace_hint and map::try_emplace. commit b409cf6cea7d0e6645e39a97c4ee3e012d315c0c Merge: f179e7ebf 662736eb2 Author: Jonas Jensen <[email protected]> Date: Thu Oct 8 15:18:15 2020 +0200 Merge pull request #4389 from gsingh93/bitwise-and Improve range analysis for bitwise and commit 6394b1b478bca1a51bba47c1cdf96629131fdf60 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 13:46:00 2020 +0100 C++: Additional test cases for emplace. commit df447c0af9ec7d62b428ebdfb5d21efcad2c1203 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 15:01:24 2020 +0200 Python: Remove flow from `getAttributeName` commit ceb249680ec909086ef8e841489315583134cb20 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 15:00:14 2020 +0200 Python: Reuse existing `node` fields Also changes `x = TCfgNode(y)` to `x.asCfgNode() = y` where applicable. commit 31596ef56988d1f97fcc13bf551bc84bde5e0af7 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 14:55:27 2020 +0200 Python: Clean up and extend built-in call node classes commit e9ecc00b370ba137ae550f86ea7483401367e6e5 Author: Taus Brock-Nannestad <[email protected]> Date: Thu Oct 8 14:53:54 2020 +0200 Python: Implement and use `mayHaveAttributeName` commit 61d5372d077d92959ee6f2f03678baa4556e1a29 Author: Geoffrey White <[email protected]> Date: Thu Oct 8 13:43:49 2020 +0100 C++: Test spacing. commit 4c4dd0c9590e3aefb5533cc3f3afd2e0f7987c67 Author: Geoffrey White <[email protected]> Date: Wed Oct 7 12:06:28 2020 +0100 C++: Fix a bug in the tests. commit f179e7ebf491484b3b7e4bc81f96dfd3668efe5c Merge: ce8567c64 396f35339 Author: CodeQL CI <[email protected]> Date: Thu Oct 8 03:09:38 2020 -0700 Merge pull request #4291 from asgerf/js/lean-dependency-installation-plainjava Approved by erik-krogh commit 0b0763953ea093facbf3d4b88ca9c06c79bd9a62 Author: Rasmus Wriedt Larsen <[email protected]> Date: Thu Oct 8 11:15:36 2020 +0200 Python: Update description of CodeInjection Co-authored-by: intrigus-lgtm <[email protected]> commit 7d086b23ffe6f1806368a95783cd5e25a21c308c Author: yoff <[email protected]> Date: Thu Oct 8 10:53:52 2020 +0200 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Rasmus Wriedt Larsen <[email protected]> commit ca4e5014ae16b2a50ea2cc358771eb29d31cce64 Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 10:12:17 2020 +0200 C#: Include compiler-generated array lengths in the CFG commit 19796a4c9c93cafb8e8be9d427fd9b3c1e588b3d Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 8 10:35:01 2020 +0200 Python: Improve tests and make `validTest` happy commit ce8567c64a5ebc856352a8891c0ffbe169c1c8db Merge: b70f5bc95 af36718dc Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 10:32:13 2020 +0200 Merge pull request #4293 from hvitved/csharp/cfg/assertions C#: Model assertions in the CFG commit cc0661bce17c28a3ce3ce43f9eda20ae77bcb3db Author: Rasmus Lerchedahl Petersen <[email protected]> Date: Thu Oct 8 10:11:00 2020 +0200 Python: More/better comments commit b70f5bc95435ce9735d010e0bcd1b30ac8eb5147 Merge: cb00f8bcc 31816af11 Author: Tom Hvitved <[email protected]> Date: Thu Oct 8 09:13:43 2020 +0200 Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr C#: Add missing data-flow for switch expressions commit cb00f8bcc4dd0b1c50c2222657847f6af6aaef86 Merge: 06f1c898d 94dc11c45 Author: Anders Schack-Mulligen <[email protected]> Date: Thu Oct 8 09:10:04 2020 +0200 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup Sign analysis cleanup commit 662736eb2d8d522eb384221d29a34268c147cc99 Author: Gulshan Singh <[email protected]> Date: Wed Oct 7 12:45:08 2020 -0700 Fix compiler error after removing getLOp/getROp commit 06f1c898dcd6d1945559d710dceb21c9b30e4041 Merge: a9bb7b526 4df6a4161 Author: Tamás Vajk <[email protected]> Date: Wed Oct 7 21:21:20 2020 +0200 Merge pull request #4349 from tamasvajk/feature/modulus-analysis ModulusAnalysis shared between C# and Java commit 46ec7fbf6e3428b62284aec7b440917a9b860c59 Author: Rasmus Wriedt Larsen <ras…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I was trying to write a query to detect the taint in https://github.com/jenkinsci/persona-plugin/blob/58ea0d9ca16ece310e2002100649aab919a33333/src/main/java/hudson/plugins/persona/ResourceServer.java#L55-L58 from
#getRestOfPathto#serveFileand it didn't work. I looked a bit under the hood and found these missing.I did not find a straightforward way to test the impact of a change like this on existing queries on various projects, so other than a trivial query I have locally that now finds the above tainted data, and the addition to the taint test, this is untested.