hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

3366 Commits

Author SHA1 Message Date
Tom Hvitved
0afb85cb91 C#: Address review comments 2019-03-05 19:27:36 +01:00
Calum Grant
926ee7425a Merge pull request #1014 from hvitved/csharp/same-children-modulo-type-params 
C#: Speedup `sameChildrenModuloTypeParameters()`
 2019-03-05 16:43:33 +00:00
Calum Grant
b17de116f8 Merge pull request #995 from hvitved/csharp/split-guards-performance 
C#: Speedup guards predicates
 2019-03-05 16:42:39 +00:00
Tom Hvitved
b2ede5e2a1 Revise logic for reducing size of getAThrownException() 
When determining which core library a "tried control flow element" is compiled against,
first look at exceptions caught by the surrounding `try` block, then look at assembly
attributes, and finally choose (randomly) the core library with the highest lexicographic
order.
 2019-03-05 14:57:46 +01:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Tom Hvitved
1434b10b7a C#: Speedup structural comparison library 2019-03-04 21:23:34 +01:00
semmle-qlci
245b47add7 Merge pull request #1017 from hvitved/csharp/get-label-performance 
Approved by calumgrant
 2019-03-04 20:22:38 +00:00
Tom Hvitved
8ec0573915 C#: Speedup sameChildrenModuloTypeParameters() 2019-03-04 21:06:13 +01:00
calum
e8bb7f2139 C#: Fix for performance. 2019-03-04 16:54:59 +00:00
Tom Hvitved
4054dc43e2 C#: Speedup Element::getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
2e1ba7b1f9 C#: Speedup Implements.qll 2019-03-04 13:19:00 +01:00
calum
f7b4985ed1 C#: Fix merge conflict. 2019-03-04 09:54:48 +00:00
calum
741666d561 C#: Address review comment. 2019-03-04 09:54:40 +00:00
calum
d77b60bba8 C#: Add preservesValue to NonLocalJumpNode.getAJumpSuccessor. Allow DataFlow::Configuration::isAdditionalFlowStep to jump between callables. 2019-03-04 09:54:28 +00:00
calum
74b30d6071 C#: Model EntityFramework 2019-03-04 09:53:49 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Raul Garcia
1ae18974d8 Fixing bugs found during Code Review. 2019-02-27 18:41:23 -08:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Tom Hvitved
996b0efa47 C#: Address review comments 2019-02-27 13:49:15 +01:00
Tom Hvitved
7027cd36c6 C#: Speedup isGuardedByNode() 2019-02-27 13:29:14 +01:00
Tom Hvitved
72384e57e1 C#: Speedup Assertion::strictlyDominates() 2019-02-27 13:29:14 +01:00
Tom Hvitved
baa596ce6c C#: Speedup ControlFlowElement::controlsBlock() 2019-02-27 13:29:14 +01:00
Raul Garcia
f8ae56a27c Improving documentation 2019-02-26 16:22:39 -08:00
Calum Grant
5c2804d3ac Merge pull request #968 from hvitved/csharp/dataflow-performance 
C#: Improve join orders in `DataFlow` module
 2019-02-26 17:34:16 +00:00
Tom Hvitved
8abf76b618 C#: Reduce size of getAThrownException() 
In the precense of multiple core libraries, `getAThrownException()` would return
multiple copies of the same exception, say `System.OverflowException`, one for each
core library. With this change we try to identify which core library a given control
flow element was compiled against, and only return the corresponding version.
 2019-02-26 15:11:45 +01:00
Raul Garcia
9bb7816a3c Making changes based on feedback. 2019-02-22 10:10:20 -08:00
Tom Hvitved
116997cf85 Merge pull request #961 from calumgrant/cs/cve-2019-0657 
C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657
 2019-02-22 18:01:58 +01:00
Calum Grant
cd721f38b8 Merge pull request #967 from hvitved/csharp/ssa/block-precedes-var 
C#: Use explict recursion in `blockPrecedesVar()`
 2019-02-22 14:08:26 +00:00
Calum Grant
e93140d136 Merge pull request #959 from hvitved/csharp/dispose-not-called-on-exc-performance 
C#: Improve performance of `cs/dispose-not-called-on-throw`
 2019-02-22 14:04:48 +00:00
Tom Hvitved
74377a28c9 C#: Improve join orders in DataFlow module 2019-02-22 09:31:19 +01:00
Tom Hvitved
f02ef51459 C#: Use explict recursion in blockPrecedesVar() 2019-02-21 17:14:23 +01:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Tom Hvitved
f8bb00a81c C#: Cache Call::getArgumentForParameter() 2019-02-21 11:41:40 +01:00
Tom Hvitved
c8eb537591 C#: Improve performance of cs/dispose-not-called-on-throw 2019-02-21 11:20:54 +01:00
Tom Hvitved
c3a62b3656 C#: Always inline ControlFlowElement::[reachableFrom|getAReachableElement]() 2019-02-21 11:20:47 +01:00
Tom Hvitved
a382a5876f Merge pull request #808 from calumgrant/cs/double-checked-locks 
C#: Work on cs/unsafe-double-checked-lock
 2019-02-21 11:17:35 +01:00
Raul Garcia
7d197692ac Adding a new rule for detecting usage of static objects that implement ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results. 2019-02-20 17:07:04 -08:00
calum
40f3b8b439 C#: Address review comments (documentation). 2019-02-20 18:00:30 +00:00
calum
b0e2e436a7 C#: Fix documentation. 2019-02-18 09:37:10 +00:00
Tom Hvitved
5ce9b25ec9 C#: Improve CFG for assignments 
Write accesses in assignments, such as the access to `x` in `x = 0` are not
evaluated, so they should not have entries in the control flow graph. However,
qualifiers (and indexer arguments) should still be evaluated, for example in

```
x.Foo.Bar = 0;
```

the CFG should be `x --> x.Foo --> 0 --> x.Foo.Bar = 0` (as opposed to
`x --> x.Foo --> x.Foo.Bar --> 0 --> x.Foo.Bar = 0`, prior to this change).

A special case is assignments via acessors (properties, indexers, and event
adders), where we do want to include the access in the control flow graph,
as it represents the accessor call:

```
x.Prop = 0;
```

But instead of `x --> x.set_Prop --> 0 --> x.Prop = 0` the CFG should be
`x --> 0 --> x.set_Prop --> x.Prop = 0`, as the setter is called *after* the
assigned value has been evaluated.

An even more special case is tuple assignments via accessors:

```
(x.Prop1, y.Prop2) = (0, 1);
```

Here the CFG should be
`x --> y --> 0 --> 1 --> x.set_Prop1 --> y.set_Prop2 --> (x.Prop1, y.Prop2) = (0, 1)`.
 2019-02-16 19:19:24 +01:00
Anders Schack-Mulligen
fc9c7ea55a CSharp: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
bcaaebfe7e CSharp: Autoformat qlls 2019-02-12 14:38:42 +01:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
Calum Grant
e10ea73a07 Merge pull request #901 from hvitved/csharp/conditional-assign-join-order 
C#: Improve join order in `conditionalAssign()`
 2019-02-12 10:39:49 +00:00
Calum Grant
b557b7b438 Merge pull request #895 from hvitved/csharp/get-a-thrown-exception 
C#: Avoid using `ExceptionClass` in deliberate Cartesian products
 2019-02-12 09:49:03 +00:00
calum
b51eb2cb92 C#: Fix tags in documentation. 2019-02-11 17:52:55 +00:00
Tom Hvitved
8cb8c967d2 C#: Remove some impossible CFG exception edges 2019-02-11 16:17:01 +01:00
Tom Hvitved
14bdea1cf2 Merge pull request #847 from calumgrant/cs/json.net 
C#: Model Json.NET dataflow
 2019-02-11 15:48:01 +01:00
calum
d18bbf6a73 C#: Make query only apply to reftypes, since I believe valuetypes are safe or cannot be fixed trivially using the volatile keyword. 2019-02-08 15:18:29 +00:00