Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce shared taint tracking library #13881

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Introduce shared taint tracking library #13881

wants to merge 7 commits into from

Conversation

jketema
Copy link
Contributor

@jketema jketema commented Aug 3, 2023

No description provided.

@github-actions github-actions bot added the C++ label Aug 3, 2023
@aschackmull
Copy link
Contributor

A few stylistic comments, otherwise mostly LGTM.

github-code-scanning[bot]
github-code-scanning bot found potential problems Aug 4, 2023
View reviewed changes
shared/dataflow/codeql/dataflow/TaintTracking.qll
private import DataFlowMake<DataFlowLang> as DataFlow
private import MakeImpl<DataFlowLang> as DataFlowInternal

private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
* Constructs a global taint tracking computation.
*/
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
private module Config0 implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import Config
}

private module C implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
* Constructs a global taint tracking computation using flow state.
*/
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
private module Config0 implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import Config
}

private module C implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
@aschackmull
Copy link
Contributor

aschackmull commented Aug 4, 2023
edited by jketema

LGTM now. Although, preferably we'll switch all languages in one go, so we don't have a mix of shared lib usage and parameterised modules.

@jketema
Copy link
Contributor Author

jketema commented Aug 4, 2023

LGTM now. Although, preferably we'll switch all languages in one go, so we don't have a mix of shared lib usage and parameterised modules.

That is the plan (as part of this PR). I only did C++ first, because I wanted to know if the approach was good.

@aschackmull
Copy link
Contributor

Beware that you have an incoming merge conflict in #13851

@jketema
Copy link
Contributor Author

jketema commented Aug 4, 2023

Beware that you have an incoming merge conflict in #13851

I'll rebase this PR and then kick off all the DCAs.

@jketema
Copy link
Contributor Author

jketema commented Aug 7, 2023

I sightly refactored this to follow #13901

@jketema
Copy link
Contributor Author

jketema commented Aug 7, 2023

@aschackmull I'm slightly confused by the DCA results. I see OOMs in Java (which seem to be sort of expected), C# and C++. I tried the C++ and C# OOM'ing projects on larger runners to see if there are any suspicious tuple counts stage timings. I see slightly slower stage timings, in a few cases but nothing really jumps out to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschackmull aschackmull aschackmull left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C# C++ documentation Go Java Python Ruby Swift
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jketema @aschackmull