hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1422 Commits

Author SHA1 Message Date
Michael Nebel
ec6dab89d8 C#: Update the Summary model generator with better support for IEnumerable typed parameters. 2022-03-16 09:21:02 +01:00
Erik Krogh Kristensen
57db7633c8 C#: make csharp import private 2022-03-15 14:59:06 +01:00
Erik Krogh Kristensen
89af50f6d5 rename all lower-case import-as statements 2022-03-15 14:40:38 +01:00
Jeroen Ketema
157a36bc4f Use node variable in all disjuncts 2022-03-15 11:55:35 +01:00
Jeroen Ketema
9a0e94f389 Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard 2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Tom Hvitved
d3d20c69dd Merge pull request #8425 from hvitved/csharp/structural-comparision-fix 
C#: Avoid combinatorial explosion in structural comparison library
 2022-03-14 20:10:40 +01:00
Michael Nebel
432ac7a824 C#: Deprecate the StructuralComparisonConfig class. 2022-03-14 14:17:56 +01:00
Michael Nebel
5a4a97569f C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Constants. 2022-03-14 14:17:56 +01:00
Michael Nebel
5b5ea140d2 C#: Delete the Internal StructuralComparisonConfiguration class as it is no longer needed. 2022-03-14 14:17:56 +01:00
Michael Nebel
bf4dc0034a C#: Use Gvn comparison instead of StructuralComparisonConfiguration in Guards. 2022-03-14 14:17:56 +01:00
Michael Nebel
6f5b2e8440 C#: Use Gvn comparison instead of StructuralComparisonConfiguration in UseTryGetValue. 2022-03-14 14:17:56 +01:00
Michael Nebel
48dc9d7057 C#/Java: Move containerContent to DataFlowPrivate. 2022-03-14 13:50:55 +01:00
Michael Nebel
665e3c9326 C#: Re-factor containerContent into standalone predicate in DataFlow library. 2022-03-14 13:49:51 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Chris Smowton
aada8d3af9 Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes 
C#/Java: Range analysis: use ranked phi nodes
 2022-03-14 11:55:55 +00:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
Tom Hvitved
06b8f74644 C#: Avoid combinatorial explosion in structural comparison library 
In cases where the target of a call/access has multiple values (which is a DB
inconsistency), the GVN construction underlying the structural comparision library
may run into a combinatorial explosion. This change excludes such expressions from
the GVN construction.
 2022-03-14 09:07:45 +01:00
Chris Smowton
579b57cf67 Range analysis: use ranked phi nodes 
This borrows a technique (and the implementing code) off Modulus analysis.
 2022-03-11 12:32:12 +00:00
Jeroen Ketema
cd28f09ae0 Extend taint tracking interface with flow states 2022-03-11 11:50:35 +01:00
Erik Krogh Kristensen
23191b1f2c C#: rename XmlComment to XmlCommentLine to avoid naming conflict 2022-03-11 11:10:38 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen
122ab6e6d8 C#: fix some ql/non-doc-block warnings 2022-03-11 11:02:58 +01:00
Erik Krogh Kristensen
b9b65005d6 C#: delete leftover comment 2022-03-10 10:02:36 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Tom Hvitved
c51ddd0d35 C#: Code review suggestions 2022-03-09 10:50:53 +01:00
Michael Nebel
23fbfbc3b7 C#: Performance optimization of the GVN implementation. 2022-03-02 13:48:33 +01:00
Michael Nebel
38f04e5585 C#: Flatten the the Gvn type. 2022-03-02 09:44:51 +01:00
Michael Nebel
6b4dea780f C#: Introduce caching of the Gvn related types and the toGvn predicate. 2022-03-02 09:44:51 +01:00
Michael Nebel
4499551ca4 C#: Add a verbatim copy of the structural comparison for internal use only. 2022-03-02 09:44:51 +01:00
Michael Nebel
16270cf57f C#: Add configuration class to allow defining a candidate pairs of control flow predicates, where we want to look for structural equality. 2022-03-02 09:44:51 +01:00
Michael Nebel
87cb92a434 C#: Add predicates for restricting the Gvn type and the relation between control flow elements and global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
8bd12b23e2 C#: Add type(s) for representing global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
cc5d56547c C#: Add type Global value number kinds for control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
8179e247bf C#: Delete the existing structural comparison implementation. 2022-03-02 09:44:51 +01:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
9cff065dca C#: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Asger Feldthaus
7848fcec80 Shared: sync AccessPathSyntax.qll 2022-02-21 08:21:53 +01:00
Asger Feldthaus
55ac5cb012 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
4985fbb526 Shared: update getSummaryCsv and related test output 2022-02-21 08:21:53 +01:00
Asger Feldthaus
dcc523a2b7 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
0af9e8aa58 C#: remove support for legacy syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
6bb15dcc27 C#: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Asger Feldthaus
dffa1d1558 C#: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Tom Hvitved
984e01ecf0 C#: Remove FPs from cs/dereferenced-value-may-be-null 
Apply a conservative approach by filtering out results for accesses to
captured nullable values, when there is an (implicit) call to the capturing
callable which is `null`-guarded. For example:

```
bool M(int? i, IEnumerable<int> @is)
{
    if (i.HasValue)
        return @is.Any(j => j == i.Value); // GOOD
    return false;
}
```
 2022-02-08 14:01:57 +01:00
Michael Nebel
7b3ba3cb96 C#: Modify database schema to allow lambda expression to be attributable and extract the lambda expression attributes. 2022-02-04 16:34:58 +01:00