Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New CodeQL queries for ML libraries #2

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

New CodeQL queries for ML libraries #2

wants to merge 19 commits into from

Conversation

fegge
Copy link
Collaborator

@fegge fegge commented May 13, 2024
edited
Loading

This PR adds a number of CodeQL queries for the GGML library used by e.g. llama.cpp and whisper.cpp.

@fegge fegge marked this pull request as draft May 13, 2024 08:02
@fegge fegge marked this pull request as draft May 13, 2024 08:02
@fegge fegge requested a review from fcasal May 13, 2024 08:03
@fegge fegge self-assigned this May 13, 2024
@fegge fegge removed the request for review from fcasal May 13, 2024 08:03
fegge added 17 commits May 13, 2024 15:55
@fegge
Optimized LocalMemoryLeak query
ae3f1bf
@fegge
Small optimization of LocalUseAfterFree query
02a1e3a
@fegge
Fixed formatting of ReturnValue.qll
19acb21
@fegge
Updated ContextAllocator with new CustomAllocator API
1879bad
@fegge
Fixed test case
ac31b8a
@fegge
Updated query metadata
4e3da35
@fegge
Added a number of new custom allocators
22cd4a5
@fegge
Added escape analysis
6227e15 
This analysis is used to detect false positives in the `LocalMemoryLeak.ql` query.
@fegge
Added escape analysis to LocalMemoryLeak
d9e4ee4
@fegge
Updated query metadata
493b1f2
@fegge
Added support for custom error messages for MustUse and MustCheck
c60fae4
@fegge
Moved memory modelling libraries to trailofbits/common
b6d0e93
@fegge
Added auto-generated QL libraries for GGML header files
e0ab14b
@fegge
Updated auto-generated QL libraries for GGML header files
4a36e9e
@fegge
Added Depracated to trailofbits.common
3a25608
@fegge
Tweaked descriptions
e56adb1
@fegge
Updated auto-generated QL libraries for GGML header files
94998a3
@fegge fegge marked this pull request as ready for review June 27, 2024 13:51
@fegge fegge changed the title [WIP]: New CodeQL queries for ML libraries New CodeQL queries for ML libraries Jun 27, 2024
@fegge fegge requested review from 0xalpharush and fcasal June 27, 2024 13:52
GrosQuildu
GrosQuildu reviewed Jul 1, 2024
View reviewed changes
Copy link
Contributor

@GrosQuildu GrosQuildu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The queries look to be generic, not ML-focused? So what if we move them from src/ml to src/security?
Then we can keep the queries in the generic security and has ML specific libraries, and in the future can add more libraries (not necessarily ML) for the queries

cpp/src/ml/LocalMemoryLeak.ql
where
leak.reaches(source, var, sink)
select
source.getLocation(), toMessage(source, sink, var)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest making selects like this:

select 
  source, "The variable `" + var + "` is allocated on line $@ and may leak on line $@",
  source, toLine(source), sink, toLine(sink)

first arg doesn't need getLocation (or does it?).
Using $@ makes the line clickable (easier to triage results)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GrosQuildu GrosQuildu GrosQuildu left review comments

@0xalpharush 0xalpharush Awaiting requested review from 0xalpharush

@fcasal fcasal Awaiting requested review from fcasal

At least 1 approving review is required to merge this pull request.

Assignees

@fegge fegge

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fegge @GrosQuildu