hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

8143 Commits

Author SHA1 Message Date
Aditya Sharad
51697f077c Version: Bump to 1.18.0 release. 2018-09-26 18:18:20 +01:00
Anders Schack-Mulligen
9198f5b9bd CPP/CSharp/Java/Javascript: Use concat in XMLParent.allCharactersString(). 2018-09-26 15:47:21 +02:00
Anders Schack-Mulligen
26c1397216 CPP/CSharp/Javascript: Clean up QLDoc and bring the different XML.qll files closer. 2018-09-26 15:36:20 +02:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Dave Bartolomeo
1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00
Dave Bartolomeo
26abf5d4a2 Force LF for basically everything. 2018-09-23 16:24:31 -07:00
calum
abe5d0dd72 C#: Fixes to stub generation. 2018-09-21 13:06:33 +01:00
calum
593f0a9d71 C#: Implement query and script for generating C# qltest stubs. 2018-09-20 15:01:26 +01:00
Jonas Jensen
9886e4a056 Merge remote-tracking branch 'upstream/master' into merge-master-next-20180913 2018-09-13 20:28:17 +02:00
Aditya Sharad
767045b55d Merge rc/1.18 into next. 2018-09-12 14:59:54 +01:00
Tom Hvitved
70e713122f Merge branch 'rc/1.18' into merge-rc 2018-09-11 09:11:03 +02:00
calum
ecb3efba34 C#: Fix merge conflicts. 2018-09-07 18:12:28 +01:00
calum
9ec2172dca C#: Fix CFG for unknown expressions, and add a test that also covers object initializer lists fixed by the extractor. 2018-09-07 17:56:44 +01:00
calum
58cf95b155 C#: Rewrite not using if. 2018-09-07 11:37:05 +01:00
calum
0cd4340ac3 C#: Address review comment: refactor last() predicate for ConstCase and TypeCase. 2018-09-07 10:15:16 +01:00
Tom Hvitved
04f29951a5 Merge pull request #98 from calumgrant/cs/literal-conversion-fix 
C#: Regression test for extractor
 2018-09-07 08:42:00 +02:00
calum
d5eacf8c13 C#: Change expected output. Address review comments. 2018-09-06 18:20:01 +01:00
calum
3718237acc C#: Implement CFG for ConstCase statements with a condition. 2018-09-05 18:15:47 +01:00
calum
cff00506ba C#: Implementation of case ... when ...: which was not previously handled. Move getCondition to CaseStmt. Implement the CFG and tests. 2018-09-05 17:47:31 +01:00
calum
8c2d773866 C#: Extractor test for join ... into 2018-09-05 17:19:04 +01:00
calum
7a77740979 C#: Extractor tests for 
- While statements
- Object initializers
 2018-09-05 17:19:04 +01:00
Aditya Sharad
f27945216f Merge rc/1.18 into master. 2018-09-05 15:32:30 +01:00
Aditya Sharad
cbdbda3723 Merge rc/1.18 into next. 2018-09-05 14:09:06 +01:00
Tom Hvitved
42faabc552 C#: Rename and restructure control flow graph entities 
Follow a naming structure similar to the data flow library:

- `ControlFlowNode` -> `ControlFlow::Node`.
- `CallableEntryNode` -> `ControlFlow::Nodes::EntryNode`.
- `CallableExitNode` -> `ControlFlow::Nodes::ExitNode`.
- `ControlFlowEdgeType` -> `ControlFlow::SuccessorType`.
- `ControlFlowEdgeSuccessor` -> `ControlFlow::SuccessorTypes::NormalSuccessor`.
- `ControlFlowEdgeConditional -> ControlFlow::SuccessorTypes::ConditionalSuccessor`.
- `ControlFlowEdgeBoolean` -> `ControlFlow::SuccessorTypes::BooleanSuccessor`.
- `ControlFlowEdgeNullness` -> `ControlFlow::SuccessorTypes::NullnessSuccessor`.
- `ControlFlowEdgeMatching` -> `ControlFlow::SuccessorTypes::MatchingSuccessor`.
- `ControlFlowEdgeEmptiness` -> `ControlFlow::SuccessorTypes::EmptinessSuccessor`.
- `ControlFlowEdgeReturn` -> `ControlFlow::SuccessorTypes::ReturnSuccessor`.
- `ControlFlowEdgeBreak` -> `ControlFlow::SuccessorTypes::BreakSuccessor`.
- `ControlFlowEdgeContinue` -> `ControlFlow::SuccessorTypes::ContinueSuccessor`.
- `ControlFlowEdgeGotoLabel` -> `ControlFlow::SuccessorTypes::GotoLabelSuccessor`.
- `ControlFlowEdgeGotoCase` -> `ControlFlow::SuccessorTypes::GotoCaseSuccessor`.
- `ControlFlowEdgeGotoDefault` -> `ControlFlow::SuccessorTypes::GotoDefaultSuccessor`.
- `ControlFlowEdgeException` -> `ControlFlow::SuccessorTypes::ExceptionSuccessor`
 2018-09-05 14:20:26 +02:00
calumgrant
8263b248b7 Merge pull request #152 from hvitved/csharp/base-ssa 
C#: Fix bug in BaseSsa library
 2018-09-05 13:02:56 +01:00
semmle-qlci
6c1098d170 Merge pull request #120 from hvitved/csharp/query/useless-upcast 
Approved by calumgrant
 2018-09-05 08:39:25 +01:00
Tom Hvitved
124a00ba10 C#: Update expected output in SSA tests 2018-09-04 20:15:33 +02:00
Aditya Sharad
ab2bec743a Revert "Version: Bump to 1.19.0 dev." 
The version bump should now go into the `next` branch rather than `master`.
This reverts commit 2363f49e3a.
 2018-09-04 16:01:09 +01:00
Tom Hvitved
6a4dbfce8f Address review comment 2018-09-04 16:07:49 +02:00
Tom Hvitved
919203a071 Address review comment 2018-09-04 16:04:21 +02:00
calumgrant
98aa7f88b2 Merge pull request #121 from hvitved/csharp/sync-test-files 
C#: Synchronize a few test files
 2018-09-04 15:01:19 +01:00
Tom Hvitved
9a7746e9b5 C#: Fix bug in BaseSsa library 2018-09-04 15:16:20 +02:00
Tom Hvitved
81122ca7a4 C#: Add test that reveals bug in BaseSsa implementation 2018-09-04 13:58:59 +02:00
Tom Hvitved
c4c74cd005 C#: Split up DataFlowInternal.qll 
Split up into `internal/BaseSSA.qll` and `internal/Steps.qll`.
 2018-09-04 13:30:54 +02:00
calumgrant
af3f855491 Merge pull request #94 from hvitved/csharp/cfg/minor-fixes 
C#: Minor CFG improvements
 2018-09-03 17:41:18 +01:00
Aditya Sharad
2363f49e3a Version: Bump to 1.19.0 dev. 
This keeps the QL for Eclipse language plugins in sync with internal `master`.
 2018-09-03 16:41:28 +01:00
Tom Hvitved
809da42f00 C#: Synchronize a few test files 
Synchronized test files with the examples used in query help.
 2018-08-30 21:46:37 +02:00
Tom Hvitved
386b89a023 C#: Improvements to cs/useless-upcast 2018-08-30 15:15:40 +02:00
Dave Bartolomeo
2af82d9485 LF for .qhelp files too 2018-08-26 21:12:51 -07:00
Dave Bartolomeo
d920fc7d94 Force LF line endings for .ql, .qll, and .qlref files 2018-08-24 11:58:58 -07:00
Luke Cartey
f9227eeee5 C#: ZipSlip - Module documentation improvements. 2018-08-24 14:34:20 +01:00
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Luke Cartey
fc925d49f4 C#: ZipSlip - Treat the result of Substring as sanitized. 
As with the previous commit, this considers the result of substring as
sanitized, rather than the argument.
 2018-08-24 12:38:01 +01:00
Luke Cartey
43d7e598a5 C#: Treat GetFileName method call as sanitizer 
Use the GetFileName call as a sanitizer, rather than an argument to that
call. It is the _result_ of the GetFileName call which should be
considered sanitized. By using the argument, we can spuriously suppress
use-use flow. Consider:
```
var path = Path.Combine(destDir, entry.GetFullName());
var fileName = Path.GetFileName(path);
log("Extracting " + fileName);
entry.ExtractToFile(path);
```
Previously, the `ExtractToFile(path)` call would not have been flagged,
because the `path` argument to `GetFileName` was considered sanitized,
and that argument formed a use-use pair with the `path` argument to
`ExtractToFile`. Now, this result would be flagged because only the
result of the `GetFileName` call is considered sanitized.
 2018-08-24 12:08:57 +01:00
Tom Hvitved
d4551e5897 Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
calum
41382dd732 C#: A regression test for extractor crash when wrong expression type is used for a literal. 2018-08-23 17:45:40 +01:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Tom Hvitved
1dff900059 C#: Speed up throwMayBeUncaught() by not relying on definitelyHandles() 
The `definitelyHandles()` predicate calculates the relation for all exception
types, not just the ones that can actually be thrown (no automatic magic).
This commit inlines the definition of `definitelyHandles()` to get the proper
context (manual magic).
 2018-08-23 14:39:19 +02:00
Tom Hvitved
4684bc9d15 C#: Add QL doc to startsSplits() 2018-08-23 14:39:19 +02:00