Auto/sync main pr#22153
Closed
chanel-y wants to merge 1557 commits into
Closed
Conversation
…to a more precise ignorable operation analysis. Ignorable operations that flow to a possible source also invalidate that source. Also added a root source finder to get the earliest source if many exist. Modified the leap year checker finder to use a new dataflow mechanic that flows from a YearFieldAccess.
Introduces a new .NET-based Java bytecode extractor using IKVM.ByteCode, including main extraction logic, TRAP file writer, and configuration files. Adds QL library for JVM instructions and test queries for bytecode extraction. Updates the binary DB scheme to support JVM entities.
Updated JvmExtractor.cs to safely handle cases where class, method, or field names may be null by providing default values. Added new dbscheme files and scripts for JVM binary extraction, and updated the binary dbscheme to support new extraction features.
Replaces manual file indexing in the JVM extractor with a call to 'codeql database index-files' for both Windows and Unix scripts. Updates the opcode-to-mnemonic mapping in the dbscheme and QLL files to use decimal values instead of hex, and simplifies the QLL mapping logic. Adds new platform-specific scripts for autobuild and file indexing.
Introduces JVM instruction, type, method, and parameter translation to the IR, including new tags and classes for JVM elements. Updates core IR files to handle JVM instructions and variables, and adds a test model for Java vulnerable calls. Also updates workspace and qlpack configuration to support new data extensions.
Introduces abstract base classes for JVM instructions (e.g., arithmetic, branch, field access, constant load) in JvmInstructions.qll, and updates the IR translation logic to use these new abstractions. Renames and unifies temp variable tags for consistency. Simplifies and generalizes TranslatedElement and TranslatedInstruction logic to leverage the new class hierarchy, improving maintainability and extensibility of JVM bytecode modeling.
Adds extraction of raw JVM method access flags to the database and exposes them in QL via predicates for each flag. Updates the schema, extractor, and QL libraries to support querying method visibility and modifiers. Also improves error logging for constant pool extraction failures.
Adds extraction of ECMA-335 MethodAttributes flags for CIL methods and stores them in a new 'cil_method_access_flags' table. Updates QL libraries to expose these flags and predicates for common access modifiers (public, private, protected, internal, static, final, virtual, abstract). Also updates TranslatedCilMethod to use the new isPublic predicate.
Changed dependency versions from '${workspace}' to '*' in both VulnerableCalls/qlpack.yml and src/qlpack.yml for broader compatibility.
Enhanced the logic in getAVulnerableMethod to include transitive vulnerability detection via static targets for direct calls, in addition to external references. This broadens the coverage for identifying vulnerable methods.
Attempt to fix performance issues with recreating stack behavior in QL querying by precalculating during extraction. Implements abstract interpretation in the extractor to compute stack height and producer mapping for each JVM instruction. Adds new dbscheme predicates and QL accessors for efficient stack slot lookup, replacing recursive CFG traversal in IR translation. Updates test query pack dependencies for compatibility.
Compatible with the latest released version of the CodeQL CLI
Replaces direct calls to getTranslatedJvmInstruction(...).getStackElement(...) with getInputStackVariable(...) in various TranslatedJvmInstruction subclasses. This change to comport with changes to the extractor.
Applied performance optimizations to vulnerable call detection by materializing intermediate predicates, separating static target and external reference matching, and using direct string comparisons. Updated summarization logic to handle both external and static target calls. Improved efficiency and scalability for analyzing CIL and JVM binaries.
Added semmlecode.binary.dbscheme for the binary extractor and updated .gitignore to exclude additional binary and tool directories. Also added a test solution file and removed the codeql-pack.lock.yml from VulnerableCalls.
… constant being a literal, but a known value variable or literal.
Changed extraction logic to write all extracted data to a single TRAP file to ensure globally unique IDs and prevent collisions when importing into CodeQL. Updated extraction loop to use one TrapWriter instance and adjusted output messaging accordingly.
Reverts commits 7256e95 and c2f683b which added unnecessary complexity to precompute stack state during extraction. The actual performance issue was caused by TRAP ID collisions (fixed in 0926f3d), not by QL stack traversal. This simplifies the extractor and removes the jvm_stack_height and jvm_stack_slot tables from the dbscheme.
…ates, isAdditionalFlowStep to fix fp case
…l along) and replace ad-hoc additional steps with flow summaries.
PS: Add a query for CWE-494
PS: Rename PowerShell query pack and move certain query suites to the internal repository
Compatible with the latest released version of the CodeQL CLI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.