Skip to content

Commit 0ef83b3

Browse files
author
BD
authored
Merge branch 'main' into enable-gokit-by-default
2 parents 31550b2 + d56a9f0 commit 0ef83b3

File tree

1,068 files changed

+61387
-8638
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,068 files changed

+61387
-8638
lines changed

.github/dependabot.yml

+7
Original file line numberDiff line numberDiff line change
@@ -17,3 +17,10 @@ updates:
1717
ignore:
1818
- dependency-name: '*'
1919
update-types: ['version-update:semver-patch', 'version-update:semver-minor']
20+
21+
- package-ecosystem: "gomod"
22+
directory: "go/extractor"
23+
schedule:
24+
interval: "daily"
25+
reviewers:
26+
- "github/codeql-go"

.github/workflows/compile-queries.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,9 @@ jobs:
2929
# run with --check-only if running in a PR (github.sha != main)
3030
if : ${{ github.event_name == 'pull_request' }}
3131
shell: bash
32-
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
32+
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
3333
- name: compile queries - full
3434
# do full compile if running on main - this populates the cache
3535
if : ${{ github.event_name != 'pull_request' }}
3636
shell: bash
37-
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
37+
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500

config/identical-files.json

-16
Original file line numberDiff line numberDiff line change
@@ -498,22 +498,6 @@
498498
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
499499
"python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
500500
],
501-
"TaintedFormatStringQuery Ruby/JS": [
502-
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
503-
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
504-
],
505-
"TaintedFormatStringCustomizations Ruby/JS": [
506-
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringCustomizations.qll",
507-
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringCustomizations.qll"
508-
],
509-
"HttpToFileAccessQuery JS/Ruby": [
510-
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll",
511-
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll"
512-
],
513-
"HttpToFileAccessCustomizations JS/Ruby": [
514-
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll",
515-
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll"
516-
],
517501
"Typo database": [
518502
"javascript/ql/src/Expressions/TypoDatabase.qll",
519503
"ql/ql/src/codeql_ql/style/TypoDatabase.qll"

cpp/BUILD.bazel

+7-2
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,17 @@
1-
package(default_visibility = ["//visibility:public"])
2-
31
load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
42

3+
package(default_visibility = ["//visibility:public"])
4+
55
alias(
66
name = "dbscheme",
77
actual = "//cpp/ql/lib:dbscheme",
88
)
99

10+
alias(
11+
name = "dbscheme-stats",
12+
actual = "//cpp/ql/lib:dbscheme-stats",
13+
)
14+
1015
pkg_filegroup(
1116
name = "db-files",
1217
srcs = [

cpp/ql/lib/BUILD.bazel

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
package(default_visibility = ["//cpp:__pkg__"])
2-
31
load("@rules_pkg//:mappings.bzl", "pkg_files")
42

3+
package(default_visibility = ["//cpp:__pkg__"])
4+
55
pkg_files(
66
name = "dbscheme",
77
srcs = ["semmlecode.cpp.dbscheme"],

cpp/ql/lib/CHANGELOG.md

+29
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,32 @@
1+
## 0.10.0
2+
3+
### Minor Analysis Improvements
4+
5+
* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
6+
non-returning in the IR and dataflow.
7+
* Treat functions that reach the end of the function as returning in the IR.
8+
They used to be treated as unreachable but it is allowed in C.
9+
* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
10+
11+
## 0.9.3
12+
13+
No user-facing changes.
14+
15+
## 0.9.2
16+
17+
### Deprecated APIs
18+
19+
* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead.
20+
21+
### New Features
22+
23+
* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr`
24+
25+
### Minor Analysis Improvements
26+
27+
* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation.
28+
* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`.
29+
130
## 0.9.1
231

332
No user-facing changes.

cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md

-4
This file was deleted.

cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md

-4
This file was deleted.

cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md

-4
This file was deleted.

cpp/ql/lib/change-notes/2023-08-29-delete-ir.md

-4
This file was deleted.

cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md

-4
This file was deleted.

cpp/ql/lib/change-notes/2023-09-07-return-from-end.md

-5
This file was deleted.

cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md

-5
This file was deleted.

cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`.
5+
* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.

cpp/ql/lib/change-notes/released/0.10.0.md

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
## 0.10.0
2+
3+
### Minor Analysis Improvements
4+
5+
* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
6+
non-returning in the IR and dataflow.
7+
* Treat functions that reach the end of the function as returning in the IR.
8+
They used to be treated as unreachable but it is allowed in C.
9+
* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.

cpp/ql/lib/change-notes/released/0.9.2.md

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
## 0.9.2
2+
3+
### Deprecated APIs
4+
5+
* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead.
6+
7+
### New Features
8+
9+
* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr`
10+
11+
### Minor Analysis Improvements
12+
13+
* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation.
14+
* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`.

cpp/ql/lib/change-notes/released/0.9.3.md

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
## 0.9.3
2+
3+
No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
---
2-
lastReleaseVersion: 0.9.1
2+
lastReleaseVersion: 0.10.0

cpp/ql/lib/experimental/cryptography/Concepts.qll

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
import experimental.cryptography.CryptoArtifact
2+
import experimental.cryptography.CryptoAlgorithmNames
3+
import experimental.cryptography.modules.OpenSSL as OpenSSL

0 commit comments

Comments
 (0)