hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,238 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.5
Commit Graph

1030 Commits

Author SHA1 Message Date
Calum Grant
84bce9f742 C#: Extract indexed initializers correctly. 2020-05-15 12:50:53 +01:00
Tom Hvitved
2c243ad1cd C#: Add data-flow test 2020-05-14 15:58:50 +02:00
Dave Bartolomeo
5d3f25211d C++/C#: Remove UnmodeledUse instruction 2020-05-13 01:06:40 -04:00
Dave Bartolomeo
09d1da2f7a C++/C#: Rename sanity -> consistency 
I did both of these languages together because they share some of the changed code via `identical-files.json`.
 2020-05-11 13:29:52 -04:00
Tom Hvitved
0466e36985 C#: Teach Implements.qll about nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
f9ece0aefb C#: Add implements test for nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
4c1a9b25c1 C#: Teach unification library about nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
851fc98b01 C#: Add type unification tests for nested types 2020-05-06 09:25:40 +02:00
Tom Hvitved
c324c388d0 C#: Refine UnboundGeneric and ConstructedGeneric 2020-05-05 14:28:13 +02:00
Tom Hvitved
8a01023dee C#: Add more generics tests 2020-05-05 14:28:13 +02:00
Tom Hvitved
4f7743058a C#: Restructure existing generics tests 2020-05-05 14:28:13 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Calum Grant
a01ef83312 Merge pull request #3270 from hvitved/csharp/dataflow/library-field-flow 
C#: Field-sensitive summaries for library code
 2020-05-04 16:11:18 +01:00
Tom Hvitved
32b419229d C#: Address review comments 2020-05-04 09:01:49 +02:00
Tom Hvitved
5b5f9adfc6 C#: Add missing CFG edge from generic catch block to finally block 2020-04-23 08:45:11 +02:00
Tom Hvitved
bd075a7de0 C#: Add CFG test 2020-04-23 08:45:11 +02:00
Tom Hvitved
8c0c283811 Revert "C#: Improve db consistency by removing assembly id" 2020-04-22 16:32:13 +02:00
Tom Hvitved
7d86cce658 Merge pull request #2814 from calumgrant/cs/unqualify-trap-ids 
C#: Improve db consistency by removing assembly id
 2020-04-21 08:58:34 +02:00
Calum Grant
ead916702a C#: Take nullability into account when creating symbol entities. Otherwise, an entity with the wrong (cached) nullability could be created. 2020-04-20 11:29:31 +01:00
Tom Hvitved
e186c9ddd1 C#: Update data-flow collection test method names 2020-04-20 09:29:51 +02:00
Tom Hvitved
161093bd57 C#: Rename arrays data-flow test to collections 2020-04-20 09:20:42 +02:00
Tom Hvitved
f91af7daf3 C#: Add more data-flow tests 2020-04-17 13:49:08 +02:00
Tom Hvitved
c36142f129 C#: Add data-flow test for collections 2020-04-17 11:22:01 +02:00
Tom Hvitved
1959480b78 C#: Field-flow summaries for library code 2020-04-16 15:20:47 +02:00
Tom Hvitved
922e52f061 Merge pull request #3257 from hvitved/csharp/dataflow/tests 
C#: Update data flow tests
 2020-04-16 11:47:45 +02:00
Dave Bartolomeo
95a6dd01c6 C#: Accept test output 2020-04-14 11:11:36 -04:00
Tom Hvitved
a9b88b6eaa C#: Update data flow tests 2020-04-14 09:31:10 +02:00
Calum Grant
abf6be6030 C#: Avoid qualifying explicit interface implementations. 2020-04-07 11:17:35 +01:00
Tom Hvitved
6685a5ed4d Merge pull request #3136 from calumgrant/cs/buildless-extraction 
C#: Improvements to buildless extraction
 2020-04-07 08:52:00 +02:00
Calum Grant
6cce0de9b2 Merge pull request #3124 from hvitved/csharp/dataflow/sources-and-sinks 
C#: Introduce `RemoteFlowSink` class
 2020-04-06 12:36:14 +01:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Jonas Jensen
29c4c8c0b2 C#: Fixup to follow C++ changes 2020-03-23 20:39:43 +01:00
Dave Bartolomeo
a2741da8e2 C++/C#: Add sanity test for invalid overlap from getDefinitionOverlap() 
The result of `getDefinitionOverlap()` should never be `MayPartiallyOverlap`, because if that were the case, we should have inserted as `Chi` instruction and hooked the definition up to that instead.

There are quite a few existing failures.
 2020-03-23 14:37:06 -04:00
Tom Hvitved
17e904f0f6 Data flow: Refactoring + performance improvements 
- Introduce `ReadTaintNode` and `TaintStoreNode` to simplify logic for taint
  getters and taint setters, respectively.
- `nodeCandFwd2`: Restrict `stored` column after a read, based on what it might
  be before a store of the same field.
- `nodeCand2`: Restrict `read` column (renamed from `stored`) after a store, based
  on what it might be after a read of the same field.
- Move big step predicates into a `LocalFlowBigStep` module.
- Define predicates by dispatch in `AccessPath[Front]` class.
- `flowCandFwd0`: Restrict `apf` column after a read, as it should be able to match
  a Boolean `read` column from `nodeCand2`.
- `flowFwd0`: Restrict columns `ap` and `apf` after a read, by introducing a
  `flowConsCandFwd` predicate (similar to what is done in the previous pruning steps).
- `flowFwd0`: Restrict columns `ap` and `apf` after a store, by introducing a
  `flowConsCand` predicate (similar to what is done in the previous pruning steps).
 2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen
fc87f1eb1b C#: Fix tests. 2020-03-10 10:54:48 +01:00
Mathias Vorreiter Pedersen
af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Tom Hvitved
dcdb5299f0 C#: Update expected test output 2020-02-17 10:52:02 +01:00
Tom Hvitved
7eae5f913c C#: Update data-flow test 2020-02-17 10:45:44 +01:00
Tom Hvitved
09b1e8b161 C#: Update expected test output 2020-02-13 20:08:11 +01:00
Tom Hvitved
bbf082b285 C#: Extract stackalloc information 2020-02-10 20:32:52 +01:00
Calum Grant
5fef77bf44 C#: Handle expressions of typeImplicitStackAllocArrayCreationExpressionSyntax 2020-02-10 11:30:12 +00:00
Tom Hvitved
fed6dd5324 C#: Generalize data-flow flow-through summaries 
The predicate

```
argumentValueFlowsThrough(ArgumentNode arg, OutNode out, CallContext cc)
```

has been generalized to

```
argumentValueFlowsThrough(
  DataFlowCall call, ArgumentNode arg, Node out, ContentOption contentIn,
  ContentOption contentOut
)
```

This enables us to summarize normal flow-through (as before), getters, setters,
as well as getter-setters.
 2020-02-04 14:09:12 +01:00
Tom Hvitved
c31f0e955d C#: Add more flow-through data-flow tests 2020-01-31 13:48:08 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Robert Marsh
a91f10fe40 Merge pull request #2629 from dbartol/dbartol/missing-vvars 
C++/C#: Fix missing virtual variables
 2020-01-15 08:32:43 -08:00