Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion actions/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.38
version: 0.4.39-dev
library: true
warnOnImplicitThis: true
dependencies:
Expand Down
2 changes: 1 addition & 1 deletion actions/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.30
version: 0.6.31-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]
Expand Down
2 changes: 1 addition & 1 deletion cpp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 11.0.0
version: 11.0.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
Expand Down
2 changes: 1 addition & 1 deletion cpp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.6.5
version: 1.6.6-dev
groups:
- cpp
- queries
Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.69
version: 1.7.70-dev
groups:
- csharp
- solorigate
Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.69
version: 1.7.70-dev
groups:
- csharp
- solorigate
Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 7.0.0
version: 7.0.1-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.7.5
version: 1.7.6-dev
groups:
- csharp
- queries
Expand Down
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.52
version: 1.0.53-dev
groups:
- go
- queries
Expand Down
2 changes: 1 addition & 1 deletion go/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-all
version: 7.2.0
version: 7.2.1-dev
groups: go
dbscheme: go.dbscheme
extractor: go
Expand Down
2 changes: 1 addition & 1 deletion go/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.6.5
version: 1.6.6-dev
groups:
- go
- queries
Expand Down
2 changes: 1 addition & 1 deletion java/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-all
version: 9.2.0
version: 9.2.1-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java
Expand Down
2 changes: 1 addition & 1 deletion java/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.11.5
version: 1.11.6-dev
groups:
- java
- queries
Expand Down
2 changes: 1 addition & 1 deletion javascript/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 2.8.0
version: 2.8.1-dev
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript
Expand Down
2 changes: 1 addition & 1 deletion javascript/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 2.4.0
version: 2.4.1-dev
groups:
- javascript
- queries
Expand Down
2 changes: 1 addition & 1 deletion misc/suite-helpers/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: codeql/suite-helpers
version: 1.0.52
version: 1.0.53-dev
groups: shared
warnOnImplicitThis: true
22 changes: 11 additions & 11 deletions python/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ No user-facing changes.

### Minor Analysis Improvements

* Added new full SSRF sanitization barrier from the new AntiSSRF library.
* Added new full SSRF sanitization barrier from the new AntiSSRF library.
* When a guard such as `isSafe(x)` is defined, we now also automatically handle `isSafe(x) == true` and `isSafe(x) != false`.

## 6.1.1
Expand Down Expand Up @@ -169,7 +169,7 @@ No user-facing changes.
### Minor Analysis Improvements

- The modelling of Psycopg2 now supports the use of `psycopg2.pool` connection pools for handling database connections.
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.

## 4.0.13

Expand Down Expand Up @@ -262,7 +262,7 @@ No user-facing changes.
### Minor Analysis Improvements

* The sensitive data library has been improved so that `snake_case` style variable names are recognized more reliably. This may result in more sensitive data being identified, and more results from queries that use the sensitive data library.
- Additional taint steps through methods of `lxml.etree.Element` and `lxml.etree.ElementTree` objects from the `lxml` PyPI package have been modeled.
- Additional taint steps through methods of `lxml.etree.Element` and `lxml.etree.ElementTree` objects from the `lxml` PyPI package have been modeled.

## 3.1.0

Expand Down Expand Up @@ -316,7 +316,7 @@ No user-facing changes.

### Minor Analysis Improvements

* The common sanitizer guard `StringConstCompareBarrier` has been renamed to `ConstCompareBarrier` and expanded to cover comparisons with other constant values such as `None`. This may result in fewer false positive results for several queries.
* The common sanitizer guard `StringConstCompareBarrier` has been renamed to `ConstCompareBarrier` and expanded to cover comparisons with other constant values such as `None`. This may result in fewer false positive results for several queries.

## 2.0.0

Expand Down Expand Up @@ -545,7 +545,7 @@ No user-facing changes.

### New Features

* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.

### Minor Analysis Improvements
Expand All @@ -572,7 +572,7 @@ No user-facing changes.
* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead.
* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead.
* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead.
* Deleted many deprecated predicates in `PointsTo.qll`.
* Deleted many deprecated predicates in `PointsTo.qll`.
* Deleted many deprecated files from the `semmle.python.security` package.
* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`.
* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries.
Expand Down Expand Up @@ -729,7 +729,7 @@ No user-facing changes.
### Deprecated APIs

* Some unused predicates in `SsaDefinitions.qll`, `TObject.qll`, `protocols.qll`, and the `pointsto/` folder have been deprecated.
* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

### Minor Analysis Improvements
Expand All @@ -748,9 +748,9 @@ No user-facing changes.

### Deprecated APIs

* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* The utility files previously in the `semmle.python.security.performance` package have been moved to the `semmle.python.security.regexp` package.
* The utility files previously in the `semmle.python.security.performance` package have been moved to the `semmle.python.security.regexp` package.
The previous files still exist as deprecated aliases.

### Minor Analysis Improvements
Expand Down Expand Up @@ -843,9 +843,9 @@ No user-facing changes.

### Deprecated APIs

* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

### New Features
Expand Down
2 changes: 1 addition & 1 deletion python/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/python-all
version: 7.2.0
version: 7.2.1-dev
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1138,7 +1138,9 @@ predicate clearsContent(Node n, ContentSet cs) {
* Holds if the value that is being tracked is expected to be stored inside content `c`
* at node `n`.
*/
predicate expectsContent(Node n, ContentSet c) { none() }
predicate expectsContent(Node n, ContentSet c) {
FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c)
}

/**
* Holds if values stored inside attribute `c` are cleared at node `n`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::PythonDataFlow>
cs.isAnyTupleOrDictionaryElement() and result = "AnyTupleOrDictionaryElement" and arg = ""
}

string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeContent(c, arg) }

bindingset[token]
ParameterPosition decodeUnknownParameterPosition(AccessPath::AccessPathTokenBase token) {
// needed to support `Argument[x..y]` ranges
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,13 @@ module TypeTrackingInput implements Shared::TypeTrackingInput<Location> {

/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */
predicate levelStepCall(Node nodeFrom, LocalSourceNode nodeTo) {
instanceFieldStep(nodeFrom, nodeTo)
// HOTFIX: `instanceFieldStep` is temporarily disabled (via `and none()`).
// It uses `classInstanceTracker(cls)` -- itself a type-tracker run --
// from inside `levelStepCall`, creating a structural mutual recursion
// that causes catastrophic query slowdowns on some OOP-heavy Python
// codebases (e.g. mypy and dask). The `and none()` should be removed
// once that recursion is redesigned.
instanceFieldStep(nodeFrom, nodeTo) and none()
or
inheritedFieldStep(nodeFrom, nodeTo)
}
Expand Down
Loading
Loading