codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Tom Hvitved	1a93090778	C#: Improve guards SSA logic in the context of control-flow splitting	2020-10-02 18:00:34 +02:00
Tom Hvitved	f1d6f7cd0c	C#: Model assertions in the CFG	2020-10-02 17:56:41 +02:00
Arthur Baars	daa1bcc06e	Also mark 'tech inventory' queries as deprecated	2020-10-02 17:23:11 +02:00
Arthur Baars	fc45b6cd3c	Drop 'tech-inventory' and 'code duplication' queries from the standard query suites	2020-10-02 17:22:04 +02:00
Tom Hvitved	55d25d90fa	Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries C#: Remove deprecated external queries	2020-10-02 15:12:33 +02:00
Chris Smowton	aa707e9370	Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links Fix OWASP broken links	2020-10-02 08:51:36 +01:00
Tamas Vajk	1cf3196b61	Fix additional PR review findings	2020-10-02 09:12:13 +02:00
Tamas Vajk	01de550ef8	Make predicates private	2020-10-02 09:12:13 +02:00
Tamas Vajk	f52cf264ec	Refactor specificSubExprSign	2020-10-02 09:12:13 +02:00
Tamas Vajk	f03146d12f	Refactor fieldSign	2020-10-02 09:12:13 +02:00
Tamas Vajk	21ff1a0445	Address some of the PR review findings	2020-10-02 09:12:13 +02:00
Tamas Vajk	638d0399a8	Java, C#: Refactor explicitSsaDefSign in sign analysis	2020-10-02 09:09:23 +02:00
Tamas Vajk	7545fe74e3	Java, C#: Refactor implicitSsaDefSign in sign analysis	2020-10-02 09:09:23 +02:00
Tamas Vajk	37fc1d6f0f	Java, C#: cleanup sign analysis Add missing QL doc, improve readability	2020-10-02 09:09:23 +02:00
Tom Hvitved	bc68578c8b	C#: Remove deprecated external queries	2020-10-01 21:11:47 +02:00
Anders Schack-Mulligen	c027f3bd2b	Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis Handle unsigned types in sign analysis (C# and Java)	2020-10-01 15:11:49 +02:00
Chris Smowton	578ea1ae43	Fix OWASP broken links	2020-10-01 13:09:52 +01:00
Tom Hvitved	93edaa75eb	Merge pull request #4309 from tamasvajk/feature/enum-value-init Extract constant value of enum member equal clauses	2020-09-28 16:18:10 +02:00
Tamas Vajk	2bbaa4e173	Handle unsigned types in sign analysis (C# and Java)	2020-09-28 14:46:32 +02:00
Tamas Vajk	3577b27f49	Fix to not report on enum member initialization	2020-09-28 11:04:22 +02:00
Robert Marsh	713bdae77a	C++: sync identical files	2020-09-25 13:54:58 -07:00
Anders Schack-Mulligen	3ef3e6e140	Merge pull request #4319 from hvitved/python-java-block-precedes-var Java/Python: Reduce size of `blockPrecedesVar`	2020-09-24 16:07:49 +02:00
Tamás Vajk	5ab5e75b85	Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue Increase insufficient key size value from 1024 to 2048	2020-09-22 23:06:12 +02:00
Faten Healy	c35a5d120a	C#: Increasing required size of RSA key to 2048	2020-09-22 11:09:49 +02:00
Tom Hvitved	71da9045e5	Java/Python: Reduce size of `blockPrecedesVar`	2020-09-22 11:00:26 +02:00
Tom Hvitved	06dbec78f7	C#: Add `Guard::controlsBasicBlock()` and simplify `Guard::isEquality()`	2020-09-21 16:15:12 +02:00
Tamas Vajk	8bf4a4209c	C#: Sign analysis Synced between Java and C# through `identical-files.json`.	2020-09-21 16:15:12 +02:00
Tom Hvitved	d867172d27	Merge pull request #4300 from hvitved/csharp/runtime-checks-bypass-bad-magic C#: Avoid bad magic in `RuntimeChecksBypass.ql`	2020-09-18 19:40:34 +02:00
Tom Hvitved	aac2e0ebfb	C#: Avoid bad magic in `RuntimeChecksBypass.ql` Before: ``` [2020-09-18 14:03:57] (2587s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#bbf#antijoin_rhs#1: 1270 ~8% {2} r1 = SCAN RuntimeChecksBypass::uncheckedWrite#bbf#shared AS I OUTPUT I.<1>, I.<0> 188197390 ~0% {3} r2 = JOIN r1 WITH #Callable::Callable::calls_dispred#bfPlus AS R ON FIRST 1 OUTPUT R.<1>, r1.<1>, r1.<0> 2425784042 ~1% {3} r3 = JOIN r2 WITH Expr::Expr::getEnclosingCallable_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, r2.<2> 58 ~9% {2} r4 = JOIN r3 WITH project#RuntimeChecksBypass::checkedWrite#bfff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2> return r4 ``` After: ``` [2020-09-18 14:08:48] (5s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#fff#antijoin_rhs: 24704473 ~2% {2} r1 = SCAN DataFlowPublic::localExprFlow#ff AS I OUTPUT I.<1>, I.<0> 23784154 ~6% {4} r2 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, 28, R.<0>, R.<1> 201391 ~2% {2} r3 = JOIN r2 WITH expressions AS R ON FIRST 2 OUTPUT r2.<2>, r2.<3> 23784154 ~0% {3} r4 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<0>, R.<1> 1065242 ~20% {2} r5 = JOIN r4 WITH expr_value AS R ON FIRST 1 OUTPUT r4.<1>, r4.<2> 1266633 ~16% {2} r6 = r3 \/ r5 return r6 ```	2020-09-18 14:15:30 +02:00
Tom Hvitved	4090859207	C#: Avoid bad magic in `UselessUpcast.ql`	2020-09-18 12:14:52 +02:00
Tom Hvitved	d095d6b56b	Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty	2020-09-15 09:30:29 +02:00
Tamás Vajk	d21c101c0d	Merge pull request #4041 from tamasvajk/feature/update-roslyn C#: upgrade Roslyn dependencies to version 3.7	2020-09-14 13:57:36 +02:00
Mathias Vorreiter Pedersen	2d57abdcbe	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-11 12:47:29 +02:00
Tamas Vajk	d60b7c7297	C#: Improve empty collection check to not report on collections with property writes	2020-09-11 10:46:34 +02:00
Tom Hvitved	01e766c745	C#: Disable uniqueness constraint from `explicitly_implements` The documentation on `ExplicitInterfaceImplementations` says "Properties imported from metadata can explicitly implement more than one property", so the constraint appears to be invalid.	2020-09-10 14:05:37 +02:00
Tamas Vajk	643a8b57c3	C#: Explicitly handle underlying tuple types	2020-09-10 14:05:37 +02:00
Mathias Vorreiter Pedersen	ad602b892b	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-09 16:17:23 +02:00
Rasmus Wriedt Larsen	2172fb6e65	Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers	2020-09-09 14:30:33 +02:00
Rasmus Wriedt Larsen	d90f0be2c4	Dataflow: defaultTaintBarrier => defaultTaintSanitizer Just keeping things a bit more consistent :)	2020-09-09 14:11:56 +02:00
Tom Hvitved	6c716331d9	C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty	2020-09-07 15:26:28 +02:00
Mathias Vorreiter Pedersen	ed7e499b02	Merge branch 'main' into mathiasvp/read-step-without-memory-operands	2020-09-04 17:25:36 +02:00
Tamas Vajk	e2c205deb4	C#: Add stable order for generated accessors in printed AST	2020-09-04 10:39:01 +02:00
Tom Hvitved	7f18c3377e	Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 C#: Remove assembly prefixes from TRAP labels	2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen	0fed7c0745	C++/C#: Sync identical files	2020-09-02 22:53:45 +02:00
Arthur Baars	90f013d74f	Merge pull request #4176 from aibaars/missing-qhelp Add missing QHelp files	2020-09-02 16:12:42 +02:00
Tom Hvitved	1b769ebac9	C#: Address more review comments	2020-09-02 10:52:05 +02:00
Tom Hvitved	92bf830a8a	C#: Avoid bad magic in `UselessUpcast.ql`	2020-09-02 10:52:05 +02:00
Tom Hvitved	8a0355720a	C#: Make `Callable::get[Expression\|Statement]Body()` return all possible implementations Previosly, we returned only the body belonging to "the most likely" implementation, based on a CFG size heuristics. However, now that more callables are mapped to the same entity, it makes more sense to treat such callables (to some extent) like partial methods. This means, for instance, that data flow will branch out to all possible implementations, much like we do for virtual dispatch.	2020-09-02 10:52:05 +02:00
Tom Hvitved	afbbafe132	C#: Simplify `TypeRef.qll`	2020-09-02 10:52:05 +02:00
Tom Hvitved	d17f88bbcd	C#: Remove assembly prefix from all extractor IDs	2020-09-02 10:52:04 +02:00

... 38 39 40 41 42 ...

3471 Commits