Skip to content

Commit

Permalink
Merge branch 'main' into threat-models
Browse files Browse the repository at this point in the history
  • Loading branch information
RasmusWL committed Sep 26, 2024
2 parents 535db98 + 76914c4 commit 431a1af
Show file tree
Hide file tree
Showing 305 changed files with 11,404 additions and 5,842 deletions.
3 changes: 3 additions & 0 deletions MODULE.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ use_repo(
"kotlin-compiler-1.9.20-Beta",
"kotlin-compiler-2.0.0-RC1",
"kotlin-compiler-2.0.20-Beta2",
"kotlin-compiler-2.1.0-Beta1",
"kotlin-compiler-embeddable-1.5.0",
"kotlin-compiler-embeddable-1.5.10",
"kotlin-compiler-embeddable-1.5.20",
Expand All @@ -141,6 +142,7 @@ use_repo(
"kotlin-compiler-embeddable-1.9.20-Beta",
"kotlin-compiler-embeddable-2.0.0-RC1",
"kotlin-compiler-embeddable-2.0.20-Beta2",
"kotlin-compiler-embeddable-2.1.0-Beta1",
"kotlin-stdlib-1.5.0",
"kotlin-stdlib-1.5.10",
"kotlin-stdlib-1.5.20",
Expand All @@ -154,6 +156,7 @@ use_repo(
"kotlin-stdlib-1.9.20-Beta",
"kotlin-stdlib-2.0.0-RC1",
"kotlin-stdlib-2.0.20-Beta2",
"kotlin-stdlib-2.1.0-Beta1",
)

go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
Expand Down
8 changes: 4 additions & 4 deletions config/identical-files.json
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,6 @@
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
],
"Model as Data Generation Java/C# - CaptureModels": [
"java/ql/src/utils/modelgenerator/internal/CaptureModels.qll",
"csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll"
],
"Sign Java/C#": [
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
Expand Down Expand Up @@ -355,5 +351,9 @@
"Python model summaries test extension": [
"python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml",
"python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml"
],
"Diagnostics.qll": [
"ruby/ql/lib/codeql/ruby/Diagnostics.qll",
"rust/ql/lib/codeql/rust/Diagnostics.qll"
]
}
4 changes: 2 additions & 2 deletions cpp/ql/lib/semmle/code/cpp/Type.qll
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ class Type extends Locatable, @type {

/**
* Gets a specifier of this type, recursively looking through `typedef` and
* `decltype`. For example, in the context of `typedef const int *restrict
* t`, the type `volatile t` has specifiers `volatile` and `restrict` but not
* `decltype`. For example, in the context of `typedef const int *restrict t`,
* the type `volatile t` has specifiers `volatile` and `restrict` but not
* `const` since the `const` is attached to the type being pointed to rather
* than the pointer itself.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -546,7 +546,7 @@ module ProductFlow {
Flow1::PathGraph::edges(pred1, succ1, _, _) and
exists(ReturnKindExt returnKind |
succ1.getNode() = returnKind.getAnOutNode(call) and
paramReturnNode(_, pred1.asParameterReturnNode(), _, returnKind)
returnKind = getParamReturnPosition(_, pred1.asParameterReturnNode()).getKind()
)
}

Expand Down Expand Up @@ -574,7 +574,7 @@ module ProductFlow {
Flow2::PathGraph::edges(pred2, succ2, _, _) and
exists(ReturnKindExt returnKind |
succ2.getNode() = returnKind.getAnOutNode(call) and
paramReturnNode(_, pred2.asParameterReturnNode(), _, returnKind)
returnKind = getParamReturnPosition(_, pred2.asParameterReturnNode()).getKind()
)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,26 @@ private module InvalidPointerToDerefBarrier {
}
}

/**
* BEWARE: This configuration uses an unrestricted sink, so accessing its full
* flow computation or any stages beyond the first 2 will likely diverge.
* Stage 1 will still be fast and we use it to restrict the subsequent sink
* computation.
*/
private module InvalidPointerReachesConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { invalidPointerToDerefSource(_, _, source) }

predicate isSink(DataFlow::Node sink) { any() }

predicate isBarrier(DataFlow::Node node) { InvalidPointerToDerefConfig::isBarrier(node) }

int fieldFlowBranchLimit() { result = invalidPointerToDereferenceFieldFlowBranchLimit() }
}

private module InvalidPointerReachesFlow = DataFlow::Global<InvalidPointerReachesConfig>;

private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon

/**
* A configuration to track flow from a pointer-arithmetic operation found
* by `AllocToInvalidPointerConfig` to a dereference of the pointer.
Expand All @@ -173,8 +193,13 @@ private module InvalidPointerToDerefConfig implements DataFlow::StateConfigSig {
invalidPointerToDerefSource(_, pai, source)
}

pragma[inline]
predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _, _, _) }
predicate isSink(DataFlow::Node sink) {
exists(DataFlowImplCommon::NodeEx n |
InvalidPointerReachesFlow::Stages::Stage1::sinkNode(n, _) and
n.asNode() = sink and
isInvalidPointerDerefSink(sink, _, _, _, _)
)
}

predicate isSink(DataFlow::Node sink, FlowState pai) { none() }

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ module FlowFromFree<FlowFromFreeParamSig P> {

predicate isSource(DataFlow::Node node, FlowState state) { isFree(node, _, state, _) }

pragma[inline]
predicate isSink(DataFlow::Node sink, FlowState state) {
exists(Expr e, DataFlow::Node source, DeallocationExpr dealloc |
P::isSink(sink, e) and
Expand Down
5 changes: 0 additions & 5 deletions csharp/ql/consistency-queries/CfgConsistency.ql
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,3 @@ query predicate preBasicBlockConsistency(ControlFlowElement cfe1, ControlFlowEle
bbIntraSuccInconsistency(cfe1, cfe2) and
s = "intra succ inconsistency"
}

query predicate multipleToString(Node n, string s) {
s = strictconcat(n.toString(), ",") and
strictcount(n.toString()) > 1
}
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,9 @@ class HtmlTextWriterSink extends HtmlSink {
}

/**
* An expression that is used as an argument to an HTML sink method on
* `AttributeCollection`.
* DEPRECATED: Attribute collections are no longer considered HTML sinks.
*/
class AttributeCollectionSink extends HtmlSink {
deprecated class AttributeCollectionSink extends DataFlow::ExprNode {
AttributeCollectionSink() {
exists(SystemWebUIAttributeCollectionClass ac, Parameter p |
p = ac.getAddMethod().getParameter(1) or
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C#: The indexer and `Add` method on `System.Web.UI.AttributeCollection` is no longer considered an HTML sink.
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@
import internal.CaptureModels

from DataFlowSummaryTargetApi api, string flow
where flow = captureContentFlow(api)
where flow = ContentSensitive::captureFlow(api)
select flow order by flow
2 changes: 0 additions & 2 deletions csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,7 @@
* @tags modelgenerator
*/

import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import internal.CaptureModels
import internal.CaptureSummaryFlowQuery

from DataFlowSummaryTargetApi api, string noflow
where noflow = captureNoFlow(api)
Expand Down
2 changes: 0 additions & 2 deletions csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,7 @@
* @tags modelgenerator
*/

import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import internal.CaptureModels
import internal.CaptureSummaryFlowQuery

from DataFlowSummaryTargetApi api, string flow
where flow = captureFlow(api)
Expand Down
Loading

0 comments on commit 431a1af

Please sign in to comment.