codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	c027f3bd2b	Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis Handle unsigned types in sign analysis (C# and Java)	2020-10-01 15:11:49 +02:00
Chris Smowton	578ea1ae43	Fix OWASP broken links	2020-10-01 13:09:52 +01:00
Tom Hvitved	93edaa75eb	Merge pull request #4309 from tamasvajk/feature/enum-value-init Extract constant value of enum member equal clauses	2020-09-28 16:18:10 +02:00
Tamas Vajk	2bbaa4e173	Handle unsigned types in sign analysis (C# and Java)	2020-09-28 14:46:32 +02:00
Tamas Vajk	3577b27f49	Fix to not report on enum member initialization	2020-09-28 11:04:22 +02:00
Robert Marsh	713bdae77a	C++: sync identical files	2020-09-25 13:54:58 -07:00
Anders Schack-Mulligen	3ef3e6e140	Merge pull request #4319 from hvitved/python-java-block-precedes-var Java/Python: Reduce size of `blockPrecedesVar`	2020-09-24 16:07:49 +02:00
Tamás Vajk	5ab5e75b85	Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue Increase insufficient key size value from 1024 to 2048	2020-09-22 23:06:12 +02:00
Faten Healy	c35a5d120a	C#: Increasing required size of RSA key to 2048	2020-09-22 11:09:49 +02:00
Tom Hvitved	71da9045e5	Java/Python: Reduce size of `blockPrecedesVar`	2020-09-22 11:00:26 +02:00
Tom Hvitved	06dbec78f7	C#: Add `Guard::controlsBasicBlock()` and simplify `Guard::isEquality()`	2020-09-21 16:15:12 +02:00
Tamas Vajk	8bf4a4209c	C#: Sign analysis Synced between Java and C# through `identical-files.json`.	2020-09-21 16:15:12 +02:00
Tom Hvitved	d867172d27	Merge pull request #4300 from hvitved/csharp/runtime-checks-bypass-bad-magic C#: Avoid bad magic in `RuntimeChecksBypass.ql`	2020-09-18 19:40:34 +02:00
Tom Hvitved	aac2e0ebfb	C#: Avoid bad magic in `RuntimeChecksBypass.ql` Before: ``` [2020-09-18 14:03:57] (2587s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#bbf#antijoin_rhs#1: 1270 ~8% {2} r1 = SCAN RuntimeChecksBypass::uncheckedWrite#bbf#shared AS I OUTPUT I.<1>, I.<0> 188197390 ~0% {3} r2 = JOIN r1 WITH #Callable::Callable::calls_dispred#bfPlus AS R ON FIRST 1 OUTPUT R.<1>, r1.<1>, r1.<0> 2425784042 ~1% {3} r3 = JOIN r2 WITH Expr::Expr::getEnclosingCallable_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, r2.<2> 58 ~9% {2} r4 = JOIN r3 WITH project#RuntimeChecksBypass::checkedWrite#bfff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2> return r4 ``` After: ``` [2020-09-18 14:08:48] (5s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#fff#antijoin_rhs: 24704473 ~2% {2} r1 = SCAN DataFlowPublic::localExprFlow#ff AS I OUTPUT I.<1>, I.<0> 23784154 ~6% {4} r2 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, 28, R.<0>, R.<1> 201391 ~2% {2} r3 = JOIN r2 WITH expressions AS R ON FIRST 2 OUTPUT r2.<2>, r2.<3> 23784154 ~0% {3} r4 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<0>, R.<1> 1065242 ~20% {2} r5 = JOIN r4 WITH expr_value AS R ON FIRST 1 OUTPUT r4.<1>, r4.<2> 1266633 ~16% {2} r6 = r3 \/ r5 return r6 ```	2020-09-18 14:15:30 +02:00
Tom Hvitved	4090859207	C#: Avoid bad magic in `UselessUpcast.ql`	2020-09-18 12:14:52 +02:00
Tom Hvitved	d095d6b56b	Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty	2020-09-15 09:30:29 +02:00
Tamás Vajk	d21c101c0d	Merge pull request #4041 from tamasvajk/feature/update-roslyn C#: upgrade Roslyn dependencies to version 3.7	2020-09-14 13:57:36 +02:00
Mathias Vorreiter Pedersen	2d57abdcbe	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-11 12:47:29 +02:00
Tamas Vajk	d60b7c7297	C#: Improve empty collection check to not report on collections with property writes	2020-09-11 10:46:34 +02:00
Tom Hvitved	01e766c745	C#: Disable uniqueness constraint from `explicitly_implements` The documentation on `ExplicitInterfaceImplementations` says "Properties imported from metadata can explicitly implement more than one property", so the constraint appears to be invalid.	2020-09-10 14:05:37 +02:00
Tamas Vajk	643a8b57c3	C#: Explicitly handle underlying tuple types	2020-09-10 14:05:37 +02:00
Mathias Vorreiter Pedersen	ad602b892b	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-09 16:17:23 +02:00
Rasmus Wriedt Larsen	2172fb6e65	Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers	2020-09-09 14:30:33 +02:00
Rasmus Wriedt Larsen	d90f0be2c4	Dataflow: defaultTaintBarrier => defaultTaintSanitizer Just keeping things a bit more consistent :)	2020-09-09 14:11:56 +02:00
Tom Hvitved	6c716331d9	C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty	2020-09-07 15:26:28 +02:00
Mathias Vorreiter Pedersen	ed7e499b02	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-04 17:25:36 +02:00
Tamas Vajk	e2c205deb4	C#: Add stable order for generated accessors in printed AST	2020-09-04 10:39:01 +02:00
Tom Hvitved	7f18c3377e	Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 C#: Remove assembly prefixes from TRAP labels	2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen	0fed7c0745	C++/C#: Sync identical files	2020-09-02 22:53:45 +02:00
Arthur Baars	90f013d74f	Merge pull request #4176 from aibaars/missing-qhelp Add missing QHelp files	2020-09-02 16:12:42 +02:00
Tom Hvitved	1b769ebac9	C#: Address more review comments	2020-09-02 10:52:05 +02:00
Tom Hvitved	92bf830a8a	C#: Avoid bad magic in `UselessUpcast.ql`	2020-09-02 10:52:05 +02:00
Tom Hvitved	8a0355720a	C#: Make `Callable::get[Expression\|Statement]Body()` return all possible implementations Previosly, we returned only the body belonging to "the most likely" implementation, based on a CFG size heuristics. However, now that more callables are mapped to the same entity, it makes more sense to treat such callables (to some extent) like partial methods. This means, for instance, that data flow will branch out to all possible implementations, much like we do for virtual dispatch.	2020-09-02 10:52:05 +02:00
Tom Hvitved	afbbafe132	C#: Simplify `TypeRef.qll`	2020-09-02 10:52:05 +02:00
Tom Hvitved	d17f88bbcd	C#: Remove assembly prefix from all extractor IDs	2020-09-02 10:52:04 +02:00
Calum Grant	0cfe424fc2	C#: Address review comments.	2020-09-02 10:52:04 +02:00
Calum Grant	9a51192d86	C#: Move TypeRefs into a separate file and import it privately. Reorder imports into alphabetical order.	2020-09-02 10:52:04 +02:00
Calum Grant	4740b47f5d	C#: Minor edits	2020-09-02 10:52:04 +02:00
Calum Grant	f61fdc6891	C#: Only resolve a single, canonical type for each typeref.	2020-09-02 10:52:04 +02:00
Arthur Baars	aedfa47cb4	Add missing QHelp files	2020-09-01 12:46:57 +02:00
Mathias Vorreiter Pedersen	472363b86e	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-01 11:08:52 +02:00
Mathias Vorreiter Pedersen	91a23096bb	C#: Sync identical files	2020-09-01 10:54:54 +02:00
Tom Hvitved	4e963a8a8e	Merge pull request #4165 from hvitved/csharp/foreach-guard C#: Fix bug in guards logic for `foreach` loops	2020-08-31 14:32:09 +02:00
Tom Hvitved	b205702853	C#: Fix bug in guards logic for `foreach` loops	2020-08-28 15:19:11 +02:00
Rasmus Lerchedahl Petersen	6b8d9f2a77	Merge branch 'main' of github.com:github/codeql into SharedDataflow_PostUpdateNodes	2020-08-28 13:01:14 +02:00
Rasmus Lerchedahl Petersen	9503c5d8bb	Python: Add post-update nodes	2020-08-28 12:59:11 +02:00
Tamas Vajk	29eaacdeaf	Fix typos and comment styling	2020-08-28 08:41:46 +02:00
Tamas Vajk	fcd426210f	C#: Add missing QlDoc for code duplication	2020-08-27 14:43:16 +02:00
Tamas Vajk	8a4754f8d7	C#: Add missing QlDoc for frameworks	2020-08-26 11:48:02 +02:00
Tamas Vajk	4be15af06a	C#: Add missing QlDoc for various predicates	2020-08-26 11:34:20 +02:00

... 36 37 38 39 40 ...

3356 Commits