hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

8535 Commits

Author SHA1 Message Date
Tom Hvitved
2caf724826 C#: Add more tests 2019-01-18 12:07:22 +01:00
Tom Hvitved
9031e19c88 C#: Recognize ref assignments through delegate calls 2019-01-16 15:53:31 +01:00
Tom Hvitved
fc5076b466 C#: Add test for assignment through delegate ref argument 2019-01-16 15:22:45 +01:00
Tom Hvitved
b2f99dbbc7 C#: Teach data flow library about CFG splitting 
Data flow nodes for expressions do not take CFG splitting into account. Example:

```
if (b)
    x = tainted;
x = x.ToLower();
if (!b)
    Use(x);
```

Flow is incorrectly reported from `tainted` to `x` in `Use(x)`, because the step
from `tainted` to `x.ToLower()` throws away the information that `b = true`.

The solution is to remember the splitting in data flow expression nodes, that is,
to represent the exact control flow node instead of just the expression. With that
we get flow from `tainted` to `[b = true] x.ToLower()`, but not from `tainted` to
`[b = false] x.ToLower()`.

The data flow API remains unchanged, but in order for analyses to fully benefit from
CFG splitting, sanitizers in particular should be CFG-based instead of expression-based:

```
if (b)
   x = tainted;
   if (IsInvalid(x))
       return;
Use(x);
```

If the call to `IsInvalid()` is a sanitizer, then defining an expression node to be
a sanitizer using `GuardedExpr` will be too conservative (`x` in `Use(x)` is in fact
not guarded). However, `[b = true] x` in `[b = true] Use(x)` is guarded, and to help
defining guard-based sanitizers, the class `GuardedDataFlowNode` has been introduced.
 2019-01-16 10:39:27 +01:00
Tom Hvitved
f768abb0e6 C#: Add data flow test with CFG splitting 2019-01-16 10:29:26 +01:00
Tom Hvitved
abb3f71ec8 C#: Add GuardedControlFlowNode 2019-01-16 10:29:26 +01:00
Tom Hvitved
f323049b9d C#: CFG for expressions without enclosing callables, e.g. field initializers 2019-01-16 10:29:26 +01:00
Tom Hvitved
901f389a7d C#: Add CFG tests for field/property initializers 2019-01-16 10:29:26 +01:00
Calum Grant
6cc4c2d31f Merge pull request #762 from hvitved/csharp/autoformat/libraries 
C#: Autoformat QLL files
 2019-01-15 12:19:50 +00:00
Calum Grant
d4d5c47adb Merge pull request #749 from hvitved/csharp/remove-def-use 
C#: Remove `DefUse.qll`
 2019-01-15 10:52:39 +00:00
Tom Hvitved
f90b0fd16f C#: Convert some multi-line comments 2019-01-14 14:08:54 +01:00
Tom Hvitved
b81d2ca8fa C#: Autoformat QLL files 2019-01-14 14:08:54 +01:00
Tom Hvitved
bbc49dce40 Merge pull request #755 from calumgrant/cs/extractor-alerts 
C#: Fix some LGTM alerts on the extractor
 2019-01-14 10:47:44 +01:00
semmle-qlci
b78fcd39be Merge pull request #745 from hvitved/csharp/query/missed-readonly-modifier 
Approved by calumgrant
 2019-01-14 08:43:59 +00:00
semmle-qlci
3fe9f92817 Merge pull request #746 from hvitved/csharp/is-valid-explicit-params-type 
Approved by calumgrant
 2019-01-14 08:43:30 +00:00
calum
e76eb1641a C#: Address review comment. 2019-01-11 16:13:04 +00:00
Tom Hvitved
36e4b879e9 C#: Remove comment 2019-01-11 14:32:34 +01:00
Tom Hvitved
390ebc96ae C#: Autoformat QL files 2019-01-11 13:55:28 +01:00
calum
de4f592bba C#: Add alert suppression comments for cs/similar-file 2019-01-11 12:36:20 +00:00
calum
a44a86bf6f C#: Add alert suppression comments. Rename e to ex in catch clauses for consistency. 2019-01-11 12:32:24 +00:00
calum
fb0cae87a8 C#: Fix some alerts, and fix a potential NullReferenceException. 2019-01-11 12:12:11 +00:00
Tom Hvitved
c06fc2af09 C#: Remove DefUse.qll 2019-01-11 09:35:38 +01:00
Tom Hvitved
0f7dc51e89 C#: Fix performance issue in isValidExplicitParamsType() 2019-01-10 21:19:23 +01:00
Tom Hvitved
2197736128 C#: Speedup cs/missed-readonly-modifier 2019-01-10 20:57:36 +01:00
Calum Grant
89becbce9a Merge pull request #726 from hvitved/csharp/cfg/foreach-multi-variables 
C#: Fix CFG for `foreach` statements with tuple declarations
 2019-01-09 14:47:01 +00:00
Calum Grant
bd9a2d71ba Merge pull request #719 from hvitved/csharp/autoformat/queries 
C#: Autoformat QL queries
 2019-01-09 10:48:22 +00:00
Calum Grant
6f827140d7 Merge pull request #710 from hvitved/csharp/extractor/standalone-runtimes 
C#: Improve logic for looking up .NET runtime in standalone mode
 2019-01-07 10:22:17 +00:00
Pavel Avgustinov
42cf76027a Merge branch 'cs/assembly-labels' of https://github.com/calumgrant/ql into HEAD 2019-01-04 18:23:49 +00:00
Tom Hvitved
6fccfa3b0a C#: Fix CFG for foreach statements with tuple declarations 2019-01-04 18:51:55 +01:00
Tom Hvitved
72b3514970 C#: Add CFG tests for foreach statements with multipe variable declarations 2019-01-04 18:17:48 +01:00
calum
651d207d0d C#: Fix assembly labels. 2019-01-04 16:19:43 +00:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Tom Hvitved
c962f55cd0 C#: Address review comments 2019-01-04 11:32:23 +01:00
semmle-qlci
c0868bcb9e Merge pull request #708 from hvitved/csharp/ssa-read-splitting 
Approved by calumgrant
 2019-01-03 17:59:55 +00:00
Tom Hvitved
f187e7444c C#: Autoformat follow-up changes 2019-01-02 13:51:30 +01:00
Tom Hvitved
daa45322b1 C#: Autoformat QL queries 2019-01-02 12:59:07 +01:00
Tom Hvitved
412248c77f C#: Address review comments 2019-01-02 10:42:08 +01:00
Tom Hvitved
2427f0ada9 C#: Remove redundant cast 2019-01-02 10:09:24 +01:00
Tom Hvitved
5879e58741 C#: Account for CFG splitting in AssignableDefinition::getAFirstRead() and AssignableRead::getANextRead() 2019-01-02 09:50:13 +01:00
Tom Hvitved
f06a20f666 C#: Add SSA tests with CFG splitting 2019-01-02 09:48:04 +01:00
calum
0fe0544769 C#: Fix extraction error when Event accessors are ordinary methods. 2018-12-31 14:20:47 +00:00
calum
6267946768 C#: Revert breaking change 2018-12-21 14:39:01 +00:00
calumgrant
1b11abfec7 Merge pull request #709 from hvitved/csharp/autoformat/tests 
C#: Autoformat QL tests
 2018-12-21 11:12:31 +00:00
Tom Hvitved
5478155155 Merge pull request #615 from calumgrant/cs/extractor-caching 
C# extractor: Improve performance by changing the caching
 2018-12-21 09:36:43 +01:00
calum
d73b28efe4 C#: Address review comments. 
Add more tests for duplicated entities, and fix some duplicated entities.
    Update the TupleTypes output - some extraneous results gone so it's probably better.
 2018-12-20 20:23:12 +00:00
Tom Hvitved
af38a2b9c5 Merge branch 'master' into csharp/autoformat/tests 2018-12-20 20:59:10 +01:00
calumgrant
a6003533a4 Merge pull request #692 from hvitved/csharp/maybe-null-as-expression 
C#: Consider `as` expressions as maybe-`null` in `cs/dereferenced-value-may-be-null`
 2018-12-20 18:49:33 +00:00
calumgrant
7dd263b413 Merge pull request #689 from hvitved/csharp/remove-get-url 
C#: Remove `getUrl()` predicates
 2018-12-20 18:49:15 +00:00
calum
f5cfd93d8d C#: Use pattern matching. 2018-12-20 14:38:49 +00:00
Tom Hvitved
9f375de716 C#: Improve logic for looking up .NET runtime in standalone mode 
Instead of only considering a fixed set of paths for `dotnet` and `mono`,
first attempt to lookup the paths based on the `PATH` environment variable.
This change also fixes a potential `System.IO.DirectoryNotFoundException` exception,
which could be thrown when the `shared/Microsoft.NETCore.App` folder was not
present.
 2018-12-20 15:34:15 +01:00