hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

8876 Commits

Author SHA1 Message Date
calum
3718237acc C#: Implement CFG for ConstCase statements with a condition. 2018-09-05 18:15:47 +01:00
calum
cff00506ba C#: Implementation of case ... when ...: which was not previously handled. Move getCondition to CaseStmt. Implement the CFG and tests. 2018-09-05 17:47:31 +01:00
calum
8c2d773866 C#: Extractor test for join ... into 2018-09-05 17:19:04 +01:00
calum
7a77740979 C#: Extractor tests for 
- While statements
- Object initializers
 2018-09-05 17:19:04 +01:00
Aditya Sharad
f27945216f Merge rc/1.18 into master. 2018-09-05 15:32:30 +01:00
Aditya Sharad
cbdbda3723 Merge rc/1.18 into next. 2018-09-05 14:09:06 +01:00
Tom Hvitved
42faabc552 C#: Rename and restructure control flow graph entities 
Follow a naming structure similar to the data flow library:

- `ControlFlowNode` -> `ControlFlow::Node`.
- `CallableEntryNode` -> `ControlFlow::Nodes::EntryNode`.
- `CallableExitNode` -> `ControlFlow::Nodes::ExitNode`.
- `ControlFlowEdgeType` -> `ControlFlow::SuccessorType`.
- `ControlFlowEdgeSuccessor` -> `ControlFlow::SuccessorTypes::NormalSuccessor`.
- `ControlFlowEdgeConditional -> ControlFlow::SuccessorTypes::ConditionalSuccessor`.
- `ControlFlowEdgeBoolean` -> `ControlFlow::SuccessorTypes::BooleanSuccessor`.
- `ControlFlowEdgeNullness` -> `ControlFlow::SuccessorTypes::NullnessSuccessor`.
- `ControlFlowEdgeMatching` -> `ControlFlow::SuccessorTypes::MatchingSuccessor`.
- `ControlFlowEdgeEmptiness` -> `ControlFlow::SuccessorTypes::EmptinessSuccessor`.
- `ControlFlowEdgeReturn` -> `ControlFlow::SuccessorTypes::ReturnSuccessor`.
- `ControlFlowEdgeBreak` -> `ControlFlow::SuccessorTypes::BreakSuccessor`.
- `ControlFlowEdgeContinue` -> `ControlFlow::SuccessorTypes::ContinueSuccessor`.
- `ControlFlowEdgeGotoLabel` -> `ControlFlow::SuccessorTypes::GotoLabelSuccessor`.
- `ControlFlowEdgeGotoCase` -> `ControlFlow::SuccessorTypes::GotoCaseSuccessor`.
- `ControlFlowEdgeGotoDefault` -> `ControlFlow::SuccessorTypes::GotoDefaultSuccessor`.
- `ControlFlowEdgeException` -> `ControlFlow::SuccessorTypes::ExceptionSuccessor`
 2018-09-05 14:20:26 +02:00
calumgrant
8263b248b7 Merge pull request #152 from hvitved/csharp/base-ssa 
C#: Fix bug in BaseSsa library
 2018-09-05 13:02:56 +01:00
semmle-qlci
6c1098d170 Merge pull request #120 from hvitved/csharp/query/useless-upcast 
Approved by calumgrant
 2018-09-05 08:39:25 +01:00
Tom Hvitved
124a00ba10 C#: Update expected output in SSA tests 2018-09-04 20:15:33 +02:00
Aditya Sharad
ab2bec743a Revert "Version: Bump to 1.19.0 dev." 
The version bump should now go into the `next` branch rather than `master`.
This reverts commit 2363f49e3a.
 2018-09-04 16:01:09 +01:00
Tom Hvitved
6a4dbfce8f Address review comment 2018-09-04 16:07:49 +02:00
Tom Hvitved
919203a071 Address review comment 2018-09-04 16:04:21 +02:00
calumgrant
98aa7f88b2 Merge pull request #121 from hvitved/csharp/sync-test-files 
C#: Synchronize a few test files
 2018-09-04 15:01:19 +01:00
Tom Hvitved
9a7746e9b5 C#: Fix bug in BaseSsa library 2018-09-04 15:16:20 +02:00
Tom Hvitved
81122ca7a4 C#: Add test that reveals bug in BaseSsa implementation 2018-09-04 13:58:59 +02:00
Tom Hvitved
c4c74cd005 C#: Split up DataFlowInternal.qll 
Split up into `internal/BaseSSA.qll` and `internal/Steps.qll`.
 2018-09-04 13:30:54 +02:00
calumgrant
af3f855491 Merge pull request #94 from hvitved/csharp/cfg/minor-fixes 
C#: Minor CFG improvements
 2018-09-03 17:41:18 +01:00
Aditya Sharad
2363f49e3a Version: Bump to 1.19.0 dev. 
This keeps the QL for Eclipse language plugins in sync with internal `master`.
 2018-09-03 16:41:28 +01:00
Tom Hvitved
809da42f00 C#: Synchronize a few test files 
Synchronized test files with the examples used in query help.
 2018-08-30 21:46:37 +02:00
Tom Hvitved
386b89a023 C#: Improvements to cs/useless-upcast 2018-08-30 15:15:40 +02:00
Dave Bartolomeo
2af82d9485 LF for .qhelp files too 2018-08-26 21:12:51 -07:00
Dave Bartolomeo
d920fc7d94 Force LF line endings for .ql, .qll, and .qlref files 2018-08-24 11:58:58 -07:00
Luke Cartey
f9227eeee5 C#: ZipSlip - Module documentation improvements. 2018-08-24 14:34:20 +01:00
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Luke Cartey
fc925d49f4 C#: ZipSlip - Treat the result of Substring as sanitized. 
As with the previous commit, this considers the result of substring as
sanitized, rather than the argument.
 2018-08-24 12:38:01 +01:00
Luke Cartey
43d7e598a5 C#: Treat GetFileName method call as sanitizer 
Use the GetFileName call as a sanitizer, rather than an argument to that
call. It is the _result_ of the GetFileName call which should be
considered sanitized. By using the argument, we can spuriously suppress
use-use flow. Consider:
```
var path = Path.Combine(destDir, entry.GetFullName());
var fileName = Path.GetFileName(path);
log("Extracting " + fileName);
entry.ExtractToFile(path);
```
Previously, the `ExtractToFile(path)` call would not have been flagged,
because the `path` argument to `GetFileName` was considered sanitized,
and that argument formed a use-use pair with the `path` argument to
`ExtractToFile`. Now, this result would be flagged because only the
result of the `GetFileName` call is considered sanitized.
 2018-08-24 12:08:57 +01:00
Tom Hvitved
d4551e5897 Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
calum
41382dd732 C#: A regression test for extractor crash when wrong expression type is used for a literal. 2018-08-23 17:45:40 +01:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Tom Hvitved
1dff900059 C#: Speed up throwMayBeUncaught() by not relying on definitelyHandles() 
The `definitelyHandles()` predicate calculates the relation for all exception
types, not just the ones that can actually be thrown (no automatic magic).
This commit inlines the definition of `definitelyHandles()` to get the proper
context (manual magic).
 2018-08-23 14:39:19 +02:00
Tom Hvitved
4684bc9d15 C#: Add QL doc to startsSplits() 2018-08-23 14:39:19 +02:00
Pavel Avgustinov
3182274ce8 Merge pull request #87 from lukecartey/csharp/ccyclomatic-kind 
C#: Fix @kind property of CCyclomaticComplexity
 2018-08-23 03:50:36 -07:00
Luke Cartey
70abf2d58f C#: CCyclomaticComplexity - Fix @kind property. 
CCyclomaticComplexity is a metric query, so needs a @kind treemap
instead of @kind table.
 2018-08-21 14:42:05 +01:00
Luke Cartey
014c4e8579 C#: Update qlpath to fix metric queries. 
The Metrics folder has a queries.xml file which is required when
building a full distribution, as the Metrics folder gets copied into
odasa-csharp-metrics directory. However, in QL for Eclipse this doesn't
compile because it prevents import lookup at the top level. Modifying
the qlpath file to include the top-level directory on the library path
fixes the problem.
 2018-08-21 14:36:33 +01:00
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6453153393 C#: ZipSlip - Address review comments in module. 2018-08-21 12:18:27 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Tom Hvitved
4560468cb8 C#: Update expected test output 2018-08-21 08:57:03 +02:00
Denis Levin
be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Luke Cartey
d6c58d6bd9 C#: ZipSlip - Add precision tag. 2018-08-20 16:59:57 +01:00
Luke Cartey
fa78d04f18 C#: ZipSlip - Add qhelp file. 
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
 2018-08-20 16:59:56 +01:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Luke Cartey
112d104005 C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name. 2018-08-20 16:18:13 +01:00
Luke Cartey
b6c9f844e8 C#: ZipSlip - refactor to use Source, Sink, Sanitizer 
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
 2018-08-20 16:17:03 +01:00
Luke Cartey
09b23878fd C#: ZipSlip, introduce source, sink, sanitizer classes. 2018-08-20 12:25:51 +01:00
Luke Cartey
3bc035fb5a C#: Reformat ZipSlip module. 
Reformat the ZipSlip module to adhere to the "QL Style Guide".
 2018-08-20 12:11:06 +01:00
Tom Hvitved
b1451b079e C#: Add CFG test that mixes finally splitting and catch splitting 2018-08-20 13:10:09 +02:00
Tom Hvitved
91ed111735 C#: Improve CFG for exception handlers 
Use generic CFG splitting to add a new type of split for exception handlers,
`ExceptionHandlerSplit`, which tags eachs node belonging to a `catch` clause
with the type of exception being caught. This allows for a more accurate CFG
for `try-catch` statements, where exception filters are handled properly.
 2018-08-20 13:08:28 +02:00