hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

8659 Commits

Author SHA1 Message Date
calum
e8bb7f2139 C#: Fix for performance. 2019-03-04 16:54:59 +00:00
Tom Hvitved
4054dc43e2 C#: Speedup Element::getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
c70a0a646d C#: Add test for getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
6135b5b7eb C#: Updated expected test output 2019-03-04 13:19:00 +01:00
Tom Hvitved
2e1ba7b1f9 C#: Speedup Implements.qll 2019-03-04 13:19:00 +01:00
calum
f7b4985ed1 C#: Fix merge conflict. 2019-03-04 09:54:48 +00:00
calum
741666d561 C#: Address review comment. 2019-03-04 09:54:40 +00:00
calum
d77b60bba8 C#: Add preservesValue to NonLocalJumpNode.getAJumpSuccessor. Allow DataFlow::Configuration::isAdditionalFlowStep to jump between callables. 2019-03-04 09:54:28 +00:00
calum
7343e70151 C#: Fix tests 2019-03-04 09:54:12 +00:00
calum
74b30d6071 C#: Model EntityFramework 2019-03-04 09:53:49 +00:00
calum
7010ca8cf3 C#: Fix whitespace in test. 2019-03-04 09:53:37 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Raul Garcia
1ae18974d8 Fixing bugs found during Code Review. 2019-02-27 18:41:23 -08:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Tom Hvitved
996b0efa47 C#: Address review comments 2019-02-27 13:49:15 +01:00
Tom Hvitved
7027cd36c6 C#: Speedup isGuardedByNode() 2019-02-27 13:29:14 +01:00
Tom Hvitved
72384e57e1 C#: Speedup Assertion::strictlyDominates() 2019-02-27 13:29:14 +01:00
Tom Hvitved
baa596ce6c C#: Speedup ControlFlowElement::controlsBlock() 2019-02-27 13:29:14 +01:00
Raul Garcia
f8ae56a27c Improving documentation 2019-02-26 16:22:39 -08:00
Calum Grant
5c2804d3ac Merge pull request #968 from hvitved/csharp/dataflow-performance 
C#: Improve join orders in `DataFlow` module
 2019-02-26 17:34:16 +00:00
Tom Hvitved
8abf76b618 C#: Reduce size of getAThrownException() 
In the precense of multiple core libraries, `getAThrownException()` would return
multiple copies of the same exception, say `System.OverflowException`, one for each
core library. With this change we try to identify which core library a given control
flow element was compiled against, and only return the corresponding version.
 2019-02-26 15:11:45 +01:00
Raul Garcia
9bb7816a3c Making changes based on feedback. 2019-02-22 10:10:20 -08:00
Tom Hvitved
116997cf85 Merge pull request #961 from calumgrant/cs/cve-2019-0657 
C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657
 2019-02-22 18:01:58 +01:00
Calum Grant
cd721f38b8 Merge pull request #967 from hvitved/csharp/ssa/block-precedes-var 
C#: Use explict recursion in `blockPrecedesVar()`
 2019-02-22 14:08:26 +00:00
Calum Grant
e93140d136 Merge pull request #959 from hvitved/csharp/dispose-not-called-on-exc-performance 
C#: Improve performance of `cs/dispose-not-called-on-throw`
 2019-02-22 14:04:48 +00:00
Tom Hvitved
74377a28c9 C#: Improve join orders in DataFlow module 2019-02-22 09:31:19 +01:00
Tom Hvitved
f02ef51459 C#: Use explict recursion in blockPrecedesVar() 2019-02-21 17:14:23 +01:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Tom Hvitved
f8bb00a81c C#: Cache Call::getArgumentForParameter() 2019-02-21 11:41:40 +01:00
Tom Hvitved
c8eb537591 C#: Improve performance of cs/dispose-not-called-on-throw 2019-02-21 11:20:54 +01:00
Tom Hvitved
c3a62b3656 C#: Always inline ControlFlowElement::[reachableFrom|getAReachableElement]() 2019-02-21 11:20:47 +01:00
Tom Hvitved
a382a5876f Merge pull request #808 from calumgrant/cs/double-checked-locks 
C#: Work on cs/unsafe-double-checked-lock
 2019-02-21 11:17:35 +01:00
Raul Garcia
7d197692ac Adding a new rule for detecting usage of static objects that implement ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results. 2019-02-20 17:07:04 -08:00
calum
40f3b8b439 C#: Address review comments (documentation). 2019-02-20 18:00:30 +00:00
calum
b0e2e436a7 C#: Fix documentation. 2019-02-18 09:37:10 +00:00
Tom Hvitved
5ce9b25ec9 C#: Improve CFG for assignments 
Write accesses in assignments, such as the access to `x` in `x = 0` are not
evaluated, so they should not have entries in the control flow graph. However,
qualifiers (and indexer arguments) should still be evaluated, for example in

```
x.Foo.Bar = 0;
```

the CFG should be `x --> x.Foo --> 0 --> x.Foo.Bar = 0` (as opposed to
`x --> x.Foo --> x.Foo.Bar --> 0 --> x.Foo.Bar = 0`, prior to this change).

A special case is assignments via acessors (properties, indexers, and event
adders), where we do want to include the access in the control flow graph,
as it represents the accessor call:

```
x.Prop = 0;
```

But instead of `x --> x.set_Prop --> 0 --> x.Prop = 0` the CFG should be
`x --> 0 --> x.set_Prop --> x.Prop = 0`, as the setter is called *after* the
assigned value has been evaluated.

An even more special case is tuple assignments via accessors:

```
(x.Prop1, y.Prop2) = (0, 1);
```

Here the CFG should be
`x --> y --> 0 --> 1 --> x.set_Prop1 --> y.set_Prop2 --> (x.Prop1, y.Prop2) = (0, 1)`.
 2019-02-16 19:19:24 +01:00
Tom Hvitved
096757dadf C#: Add CFG tests for accessor calls 2019-02-14 20:24:04 +01:00
Tom Hvitved
0cb2c0994a Merge pull request #930 from calumgrant/cs/suppress-alerts 
C#: Add some alert suppression comments
 2019-02-13 09:34:18 +01:00
Anders Schack-Mulligen
fc9c7ea55a CSharp: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
bcaaebfe7e CSharp: Autoformat qlls 2019-02-12 14:38:42 +01:00
calum
884af9bd7f C#: Fix alert. 2019-02-12 13:34:33 +00:00
calum
e18eeb8d2a C#: Address review comments. 2019-02-12 12:56:58 +00:00
calum
1e1784239c C#: Alert suppression comments for lgtm[cs/catch-of-all-exceptions 2019-02-12 12:45:22 +00:00
calum
33e6b5e55f C#: Fix tests 2019-02-12 10:59:31 +00:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
Calum Grant
e10ea73a07 Merge pull request #901 from hvitved/csharp/conditional-assign-join-order 
C#: Improve join order in `conditionalAssign()`
 2019-02-12 10:39:49 +00:00
Calum Grant
b557b7b438 Merge pull request #895 from hvitved/csharp/get-a-thrown-exception 
C#: Avoid using `ExceptionClass` in deliberate Cartesian products
 2019-02-12 09:49:03 +00:00
calum
b51eb2cb92 C#: Fix tags in documentation. 2019-02-11 17:52:55 +00:00
calum
8bb1af884a C# extractor: Limit string literals to 1MB. This is made more complicated by the fact that we need to limit the number of bytes to output, rather than the number of characters. 2019-02-11 17:36:23 +00:00