hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

2773 Commits

Author SHA1 Message Date
Tom Hvitved
8959d528a1 Merge remote-tracking branch 'upstream/rc/1.20' into csharp/dataflow/performance 2019-03-10 15:07:18 +01:00
Tom Hvitved
548a28ff7d Merge pull request #912 from calumgrant/cs/ef 
C#: Model EntityFrameworkCore
 2019-03-08 22:13:13 +01:00
Tom Hvitved
77185f1fa3 Merge pull request #1055 from calumgrant/cs/lazy-type-mention 
C#: Fix an InvalidOperationException in csharp.log
 2019-03-08 14:17:51 +01:00
calum
fe4cdfdae0 C#: Minimise the test further. 2019-03-07 15:46:36 +00:00
Tom Hvitved
e6f7632d4c C#: Introduce data flow return nodes 
Before this change,

```
flowOutOfCallableStep(CallNode call, ReturnNode ret, OutNode out, CallContext cc)
```

would compute all combinations of call sites `call` and returned expressions `ret`
up front.

Now, we instead introduce explicit return nodes, so each callable has exactly
one return node (as well as one for each `out`/`ref` parameter). There is then
local flow from a returned expression to the relevant return node, and
`flowOutOfCallableStep()` computes combinations of call sites and return nodes.

Not only does this result in better performance, it also makes `flowOutOfCallableStep()`
symmetric to `flowIntoCallableStep()`, where each argument is mapped to a parameter,
and not to all reads of that parameter.
 2019-03-07 12:16:06 +01:00
calum
173fbc806c C#: Fix extractor to avoid the recursive eval of TypeArgumentList and update test results. 2019-03-07 09:44:18 +00:00
Raul Garcia
2e0c337a94 2n part of ICryptoTransform. 
Detecting potential unsafe usage (object shared across multiple threads) on variables captured by Lambda
 2019-03-06 17:12:33 -08:00
Tom Hvitved
440809623b C#: Fix whitespaces 2019-03-06 08:15:46 +01:00
calum
58fdcd8703 C#: Regression test case demonstrating extractor error. 2019-03-05 18:24:01 +00:00
Calum Grant
b17de116f8 Merge pull request #995 from hvitved/csharp/split-guards-performance 
C#: Speedup guards predicates
 2019-03-05 16:42:39 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
semmle-qlci
245b47add7 Merge pull request #1017 from hvitved/csharp/get-label-performance 
Approved by calumgrant
 2019-03-04 20:22:38 +00:00
Tom Hvitved
c70a0a646d C#: Add test for getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
6135b5b7eb C#: Updated expected test output 2019-03-04 13:19:00 +01:00
calum
d77b60bba8 C#: Add preservesValue to NonLocalJumpNode.getAJumpSuccessor. Allow DataFlow::Configuration::isAdditionalFlowStep to jump between callables. 2019-03-04 09:54:28 +00:00
calum
7343e70151 C#: Fix tests 2019-03-04 09:54:12 +00:00
calum
74b30d6071 C#: Model EntityFramework 2019-03-04 09:53:49 +00:00
calum
7010ca8cf3 C#: Fix whitespace in test. 2019-03-04 09:53:37 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Raul Garcia
9bb7816a3c Making changes based on feedback. 2019-02-22 10:10:20 -08:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Tom Hvitved
a382a5876f Merge pull request #808 from calumgrant/cs/double-checked-locks 
C#: Work on cs/unsafe-double-checked-lock
 2019-02-21 11:17:35 +01:00
Raul Garcia
7d197692ac Adding a new rule for detecting usage of static objects that implement ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results. 2019-02-20 17:07:04 -08:00
Tom Hvitved
5ce9b25ec9 C#: Improve CFG for assignments 
Write accesses in assignments, such as the access to `x` in `x = 0` are not
evaluated, so they should not have entries in the control flow graph. However,
qualifiers (and indexer arguments) should still be evaluated, for example in

```
x.Foo.Bar = 0;
```

the CFG should be `x --> x.Foo --> 0 --> x.Foo.Bar = 0` (as opposed to
`x --> x.Foo --> x.Foo.Bar --> 0 --> x.Foo.Bar = 0`, prior to this change).

A special case is assignments via acessors (properties, indexers, and event
adders), where we do want to include the access in the control flow graph,
as it represents the accessor call:

```
x.Prop = 0;
```

But instead of `x --> x.set_Prop --> 0 --> x.Prop = 0` the CFG should be
`x --> 0 --> x.set_Prop --> x.Prop = 0`, as the setter is called *after* the
assigned value has been evaluated.

An even more special case is tuple assignments via accessors:

```
(x.Prop1, y.Prop2) = (0, 1);
```

Here the CFG should be
`x --> y --> 0 --> 1 --> x.set_Prop1 --> y.set_Prop2 --> (x.Prop1, y.Prop2) = (0, 1)`.
 2019-02-16 19:19:24 +01:00
Tom Hvitved
096757dadf C#: Add CFG tests for accessor calls 2019-02-14 20:24:04 +01:00
Anders Schack-Mulligen
fc9c7ea55a CSharp: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
bcaaebfe7e CSharp: Autoformat qlls 2019-02-12 14:38:42 +01:00
calum
33e6b5e55f C#: Fix tests 2019-02-12 10:59:31 +00:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
calum
8bb1af884a C# extractor: Limit string literals to 1MB. This is made more complicated by the fact that we need to limit the number of bytes to output, rather than the number of characters. 2019-02-11 17:36:23 +00:00
Tom Hvitved
8cb8c967d2 C#: Remove some impossible CFG exception edges 2019-02-11 16:17:01 +01:00
Tom Hvitved
6ff4206d53 C#: Add CFG test 2019-02-11 16:03:25 +01:00
Tom Hvitved
14bdea1cf2 Merge pull request #847 from calumgrant/cs/json.net 
C#: Model Json.NET dataflow
 2019-02-11 15:48:01 +01:00
calum
d18bbf6a73 C#: Make query only apply to reftypes, since I believe valuetypes are safe or cannot be fixed trivially using the volatile keyword. 2019-02-08 15:18:29 +00:00
calum
7addd41e38 C#: Fixes to double-checked lock. 2019-02-08 14:57:57 +00:00
calum
7f7a92d092 C#: Model Json.NET dataflow. 2019-02-08 14:37:54 +00:00
Tom Hvitved
e074daee74 C#: Limit number of non-required CFG splits 2019-02-07 20:40:20 +01:00
Tom Hvitved
7d11eb5758 C#: Add CFG test with exponential splitting 
This test times out as it would require constructing 2^40 copies of the same node.
 2019-02-07 20:40:20 +01:00
calum
8afbd2d897 C#: Extend TrivialProperty to also include CIL::TrivialProperty 2019-02-07 12:05:42 +00:00
Calum Grant
383e82a3f3 Merge pull request #886 from hvitved/csharp/cfg/restructure 
C#: Split up `ControlFlowGraph.qll` into multiple files
 2019-02-07 11:06:19 +00:00
Calum Grant
73d56e1bdb Merge pull request #881 from hvitved/csharp/remove-get-url 
C#: Remove `getUrl()` predicate
 2019-02-07 10:47:56 +00:00
semmle-qlci
4b81ffab96 Merge pull request #869 from hvitved/csharp/autoformat 
Approved by calumgrant
 2019-02-05 16:35:10 +00:00
Tom Hvitved
37c55750f7 Merge pull request #873 from calumgrant/cs/format-getresource-strings 
C#: Fix FP in cs/format-argument-unused
 2019-02-05 17:12:04 +01:00
Tom Hvitved
3503e9b57e C#: Move PreSsa module into own file 2019-02-05 14:27:09 +01:00
Tom Hvitved
5306d1ea0d C#: Move PreBasicBlocks module into own file 2019-02-05 13:41:50 +01:00
Tom Hvitved
64539b0263 C#: Move Completion.qll 2019-02-05 11:45:33 +01:00
Tom Hvitved
0211837e24 C#: Remove getUrl() predicate 2019-02-05 11:07:13 +01:00
Tom Hvitved
d829d98165 Merge branch 'master' into csharp/autoformat 2019-02-05 10:37:42 +01:00