hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3674 Commits

Author SHA1 Message Date
calum
8c2d773866 C#: Extractor test for join ... into 2018-09-05 17:19:04 +01:00
calum
7a77740979 C#: Extractor tests for 
- While statements
- Object initializers
 2018-09-05 17:19:04 +01:00
Aditya Sharad
f27945216f Merge rc/1.18 into master. 2018-09-05 15:32:30 +01:00
Aditya Sharad
cbdbda3723 Merge rc/1.18 into next. 2018-09-05 14:09:06 +01:00
Tom Hvitved
42faabc552 C#: Rename and restructure control flow graph entities 
Follow a naming structure similar to the data flow library:

- `ControlFlowNode` -> `ControlFlow::Node`.
- `CallableEntryNode` -> `ControlFlow::Nodes::EntryNode`.
- `CallableExitNode` -> `ControlFlow::Nodes::ExitNode`.
- `ControlFlowEdgeType` -> `ControlFlow::SuccessorType`.
- `ControlFlowEdgeSuccessor` -> `ControlFlow::SuccessorTypes::NormalSuccessor`.
- `ControlFlowEdgeConditional -> ControlFlow::SuccessorTypes::ConditionalSuccessor`.
- `ControlFlowEdgeBoolean` -> `ControlFlow::SuccessorTypes::BooleanSuccessor`.
- `ControlFlowEdgeNullness` -> `ControlFlow::SuccessorTypes::NullnessSuccessor`.
- `ControlFlowEdgeMatching` -> `ControlFlow::SuccessorTypes::MatchingSuccessor`.
- `ControlFlowEdgeEmptiness` -> `ControlFlow::SuccessorTypes::EmptinessSuccessor`.
- `ControlFlowEdgeReturn` -> `ControlFlow::SuccessorTypes::ReturnSuccessor`.
- `ControlFlowEdgeBreak` -> `ControlFlow::SuccessorTypes::BreakSuccessor`.
- `ControlFlowEdgeContinue` -> `ControlFlow::SuccessorTypes::ContinueSuccessor`.
- `ControlFlowEdgeGotoLabel` -> `ControlFlow::SuccessorTypes::GotoLabelSuccessor`.
- `ControlFlowEdgeGotoCase` -> `ControlFlow::SuccessorTypes::GotoCaseSuccessor`.
- `ControlFlowEdgeGotoDefault` -> `ControlFlow::SuccessorTypes::GotoDefaultSuccessor`.
- `ControlFlowEdgeException` -> `ControlFlow::SuccessorTypes::ExceptionSuccessor`
 2018-09-05 14:20:26 +02:00
calumgrant
8263b248b7 Merge pull request #152 from hvitved/csharp/base-ssa 
C#: Fix bug in BaseSsa library
 2018-09-05 13:02:56 +01:00
semmle-qlci
6c1098d170 Merge pull request #120 from hvitved/csharp/query/useless-upcast 
Approved by calumgrant
 2018-09-05 08:39:25 +01:00
Tom Hvitved
124a00ba10 C#: Update expected output in SSA tests 2018-09-04 20:15:33 +02:00
Aditya Sharad
ab2bec743a Revert "Version: Bump to 1.19.0 dev." 
The version bump should now go into the `next` branch rather than `master`.
This reverts commit 2363f49e3a.
 2018-09-04 16:01:09 +01:00
Tom Hvitved
6a4dbfce8f Address review comment 2018-09-04 16:07:49 +02:00
Tom Hvitved
919203a071 Address review comment 2018-09-04 16:04:21 +02:00
calumgrant
98aa7f88b2 Merge pull request #121 from hvitved/csharp/sync-test-files 
C#: Synchronize a few test files
 2018-09-04 15:01:19 +01:00
Tom Hvitved
9a7746e9b5 C#: Fix bug in BaseSsa library 2018-09-04 15:16:20 +02:00
Tom Hvitved
81122ca7a4 C#: Add test that reveals bug in BaseSsa implementation 2018-09-04 13:58:59 +02:00
Tom Hvitved
c4c74cd005 C#: Split up DataFlowInternal.qll 
Split up into `internal/BaseSSA.qll` and `internal/Steps.qll`.
 2018-09-04 13:30:54 +02:00
calumgrant
af3f855491 Merge pull request #94 from hvitved/csharp/cfg/minor-fixes 
C#: Minor CFG improvements
 2018-09-03 17:41:18 +01:00
Aditya Sharad
2363f49e3a Version: Bump to 1.19.0 dev. 
This keeps the QL for Eclipse language plugins in sync with internal `master`.
 2018-09-03 16:41:28 +01:00
Tom Hvitved
809da42f00 C#: Synchronize a few test files 
Synchronized test files with the examples used in query help.
 2018-08-30 21:46:37 +02:00
Tom Hvitved
386b89a023 C#: Improvements to cs/useless-upcast 2018-08-30 15:15:40 +02:00
Dave Bartolomeo
2af82d9485 LF for .qhelp files too 2018-08-26 21:12:51 -07:00
Dave Bartolomeo
d920fc7d94 Force LF line endings for .ql, .qll, and .qlref files 2018-08-24 11:58:58 -07:00
Luke Cartey
f9227eeee5 C#: ZipSlip - Module documentation improvements. 2018-08-24 14:34:20 +01:00
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Luke Cartey
fc925d49f4 C#: ZipSlip - Treat the result of Substring as sanitized. 
As with the previous commit, this considers the result of substring as
sanitized, rather than the argument.
 2018-08-24 12:38:01 +01:00
Luke Cartey
43d7e598a5 C#: Treat GetFileName method call as sanitizer 
Use the GetFileName call as a sanitizer, rather than an argument to that
call. It is the _result_ of the GetFileName call which should be
considered sanitized. By using the argument, we can spuriously suppress
use-use flow. Consider:
```
var path = Path.Combine(destDir, entry.GetFullName());
var fileName = Path.GetFileName(path);
log("Extracting " + fileName);
entry.ExtractToFile(path);
```
Previously, the `ExtractToFile(path)` call would not have been flagged,
because the `path` argument to `GetFileName` was considered sanitized,
and that argument formed a use-use pair with the `path` argument to
`ExtractToFile`. Now, this result would be flagged because only the
result of the `GetFileName` call is considered sanitized.
 2018-08-24 12:08:57 +01:00
Tom Hvitved
d4551e5897 Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
calum
41382dd732 C#: A regression test for extractor crash when wrong expression type is used for a literal. 2018-08-23 17:45:40 +01:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Tom Hvitved
1dff900059 C#: Speed up throwMayBeUncaught() by not relying on definitelyHandles() 
The `definitelyHandles()` predicate calculates the relation for all exception
types, not just the ones that can actually be thrown (no automatic magic).
This commit inlines the definition of `definitelyHandles()` to get the proper
context (manual magic).
 2018-08-23 14:39:19 +02:00
Tom Hvitved
4684bc9d15 C#: Add QL doc to startsSplits() 2018-08-23 14:39:19 +02:00
Pavel Avgustinov
3182274ce8 Merge pull request #87 from lukecartey/csharp/ccyclomatic-kind 
C#: Fix @kind property of CCyclomaticComplexity
 2018-08-23 03:50:36 -07:00
Luke Cartey
70abf2d58f C#: CCyclomaticComplexity - Fix @kind property. 
CCyclomaticComplexity is a metric query, so needs a @kind treemap
instead of @kind table.
 2018-08-21 14:42:05 +01:00
Luke Cartey
014c4e8579 C#: Update qlpath to fix metric queries. 
The Metrics folder has a queries.xml file which is required when
building a full distribution, as the Metrics folder gets copied into
odasa-csharp-metrics directory. However, in QL for Eclipse this doesn't
compile because it prevents import lookup at the top level. Modifying
the qlpath file to include the top-level directory on the library path
fixes the problem.
 2018-08-21 14:36:33 +01:00
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6453153393 C#: ZipSlip - Address review comments in module. 2018-08-21 12:18:27 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Tom Hvitved
4560468cb8 C#: Update expected test output 2018-08-21 08:57:03 +02:00
Denis Levin
be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Luke Cartey
d6c58d6bd9 C#: ZipSlip - Add precision tag. 2018-08-20 16:59:57 +01:00
Luke Cartey
fa78d04f18 C#: ZipSlip - Add qhelp file. 
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
 2018-08-20 16:59:56 +01:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Luke Cartey
112d104005 C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name. 2018-08-20 16:18:13 +01:00
Luke Cartey
b6c9f844e8 C#: ZipSlip - refactor to use Source, Sink, Sanitizer 
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
 2018-08-20 16:17:03 +01:00
Luke Cartey
09b23878fd C#: ZipSlip, introduce source, sink, sanitizer classes. 2018-08-20 12:25:51 +01:00
Luke Cartey
3bc035fb5a C#: Reformat ZipSlip module. 
Reformat the ZipSlip module to adhere to the "QL Style Guide".
 2018-08-20 12:11:06 +01:00
Tom Hvitved
b1451b079e C#: Add CFG test that mixes finally splitting and catch splitting 2018-08-20 13:10:09 +02:00
Tom Hvitved
91ed111735 C#: Improve CFG for exception handlers 
Use generic CFG splitting to add a new type of split for exception handlers,
`ExceptionHandlerSplit`, which tags eachs node belonging to a `catch` clause
with the type of exception being caught. This allows for a more accurate CFG
for `try-catch` statements, where exception filters are handled properly.
 2018-08-20 13:08:28 +02:00
Tom Hvitved
a705b3afa5 C#: Generic control flow graph splitting 
Refactor existing logic for splitting control flow nodes belonging to a `finally`
block. A `Split` defines (1) when to enter the split, (2) when to stay in the split,
and (3) when to leave the split. With only these definitions, control flow splitting
is achieved by tagging each control flow element with the set of splits that apply
to it.
 2018-08-20 13:04:29 +02:00
Luke Cartey
80e4815125 C#: Extract ZipSlip library 2018-08-20 12:03:33 +01:00