hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

4152 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
6582734733 Java: Add test. 2019-08-30 14:32:55 +02:00
Anders Schack-Mulligen
5e6326d1d5 Java/C++/C#: Add support for dataflow exploration by partial paths. 2019-08-30 14:32:55 +02:00
Luke Cartey
dfa371c65b Java: Add missing SQL query APIs. 
* executeLargeUpdate
 * prepareCall
 2019-08-30 10:40:49 +01:00
Anders Schack-Mulligen
ae98d4fd8e Java: Change extension point to use a unit type. 2019-08-29 11:05:45 +02:00
Tom Hvitved
853a3aa998 Merge pull request #1799 from aschackmull/java/fieldflow-perf 
Java/C++/C#: Improve performance of data flow with fields.
 2019-08-28 16:30:25 +02:00
Luke Cartey
1669d283fe Merge pull request #1795 from aschackmull/java/localexprflow 
Java: Add localExprFlow and localExprTaint.
 2019-08-28 14:04:49 +01:00
Anders Schack-Mulligen
2bea0a459a Java/C++/C#: Sync. 2019-08-23 11:34:17 +02:00
Anders Schack-Mulligen
6e97f22b43 Java/C++/C#: Improve performance of pruning in field flow. 2019-08-23 11:32:45 +02:00
Pavel Avgustinov
cc854dd937 Merge branch 'master' of github.com:Semmle/ql into attribute 2019-08-23 09:55:35 +01:00
Calum Grant
ff20a2ceb9 Merge pull request #1761 from hvitved/csharp/dataflow/fields 
C#: Data flow through fields
 2019-08-22 20:46:00 +01:00
Anders Schack-Mulligen
ef0c6d01eb Java: Add a global extension point for taint steps. 2019-08-22 16:38:59 +02:00
Tom Hvitved
0801e51175 Merge pull request #1790 from jbj/tainttracking-cross-language 
C++/C#/Java: Shared TaintTrackingImpl.qll
 2019-08-22 14:17:23 +02:00
Anders Schack-Mulligen
3aedadcb35 Java: Add localExprFlow and localExprTaint. 2019-08-22 11:25:23 +02:00
Jonas Jensen
ad9ee54b65 C++/C#/Java: defaultAdditionalTaintStep 2019-08-22 11:14:06 +02:00
yh-semmle
9012c3240f Merge pull request #1789 from aschackmull/java/autoformat 
Java: Autoformat.
 2019-08-21 12:36:55 -04:00
Tom Hvitved
a2ffddec5f Merge pull request #1785 from jbj/dataflow-recursion-prevention-shared 
C++/C#/Java: Pyrameterize ConfigurationRecursionPrevention
 2019-08-21 15:56:50 +02:00
Jonas Jensen
25701f203d C++/C#/Java: Shared TaintTrackingImpl.qll 
This file is now identical in all languages. Unifying this file led to
the following changes:
- The documentation spelling fixes and example from the C++ version
  were copied to the other versions and updated.
- The steps through `NonLocalJumpNode` from C# were abstracted into a
  `globalAdditionalTaintStep` predicate that's empty for C++ and Java.
- The `defaultTaintBarrier` predicate from Java is now present but empty
  on C++ and C#.
- The C++ `isAdditionalFlowStep` predicate on
  `TaintTracking::Configuration` no longer includes `localFlowStep`.
  That should avoid some unnecessary tuple copying.
 2019-08-21 14:55:54 +02:00
Anders Schack-Mulligen
629c19e719 Java: Autoformat. 2019-08-21 14:38:17 +02:00
Pavel Avgustinov
cb3551b4d6 Merge commit '76982404' into attribute 2019-08-21 12:44:07 +01:00
Jonas Jensen
863bf523d6 C++/C#/Java: Autoformat 2019-08-21 13:24:01 +02:00
Jonas Jensen
fdd3b901f7 C/C#/Java: Share ConfigurationRecursionPrevention 
This class was copy-pasted in all `DataFlowN.qll` files without using
the identical-files system to keep the copies in sync. The class is now
moved to the `DataFlowImplN.qll` files.

This also has the effect of preventing recursion through first data flow
library copy for C/C++. Such recursion has been deprecated for over a
year, and some forms of recursions are already ruled out by the library
implementation.
 2019-08-21 13:04:10 +02:00
Jonas Jensen
6fc3a62edb C++/C#/Java: Change another caller of localFlow 
There was also a use of `localFlowStep` in `DataFlowImplCommon` that
should now be `simpleLocalFlowStep`.
 2019-08-21 10:20:15 +02:00
Jonas Jensen
c9ea5ad9a3 C#/Java: Remove cached from wrapper predicate 2019-08-21 09:43:13 +02:00
Jonas Jensen
4b7813b98e C++/C#/Java: Split localFlowStep predicate in two 
There's now a `localFlowStep` predicate for use directly in queries and
other libraries and a `simpleLocalFlowStep` for use only by the global
data flow library. The former predicate is intended to include field
flow, but the latter may not.

This will let Java and C# (and possibly C++ IR) avoid getting two kinds
of field flow at the same time, both from SSA and from the global data
flow library. It should let C++ AST add some form of field flow to
`localFlowStep` without making it an input to the global data flow
library.
 2019-08-21 09:27:01 +02:00
Pavel Avgustinov
7176b438c4 Merge commit '7bfed6e517cbcabfe06cf614981baee8cbde5342' into attribute 2019-08-20 14:08:57 +01:00
Tom Hvitved
7ab9c8b90d Java/C++/C#: flowCandFwdRead() refactor 2019-08-20 14:44:04 +02:00
Tom Hvitved
14378ee41a Java/C++/C#: Remove some unbind() calls from shared data flow implementation 2019-08-20 13:59:01 +02:00
Jonas Jensen
f1e6e36ce6 Java: Remove wrong definition of taint tracking 
This explanation, taken from C/C++, was not correct for Java.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
9ac0cdd2a2 Java: Don't use the deprecated Configuration2 2019-08-20 13:45:37 +02:00
Jonas Jensen
aeb2323128 Java: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
Tom Hvitved
a0c834c83d Java/C++/C#: Improve data flow join orders for field flow 2019-08-20 10:14:08 +02:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
yh-semmle
73d8e16cd0 Java: remove obsolete VCS.qll and associated queries 2019-08-18 14:53:46 -04:00
Pavel Avgustinov
127c33700c Add Java stubs readme 2019-08-17 18:57:50 +01:00
Pavel Avgustinov
c92eb58300 Add j2objc license 2019-08-17 16:31:18 +01:00
Pavel Avgustinov
b52ea1e21b Add Apache Shiro third-party notice 2019-08-17 16:31:18 +01:00
Anders Schack-Mulligen
9e4f2f8594 Java: Don't use default dataflow in libs imported by default. 2019-08-16 13:27:53 +02:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
Anders Schack-Mulligen
0c56f955e8 Java: Fix bad join order. 2019-08-14 10:10:19 +02:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
yh-semmle
5e910a4808 Merge pull request #1724 from aschackmull/java/google-xmlreader 
Java: Treat SecureJDKXercesXMLReader as a secure XMLReader.
 2019-08-13 09:52:32 -04:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
Max Schaefer
eb8087f4ea Java/C++/C#: Provide path-node locations via hasLocationInfo, not getLocation. 2019-08-12 12:52:30 +01:00
Anders Schack-Mulligen
41763e6025 Java: Treat SecureJDKXercesXMLReader as a secure XMLReader. 2019-08-09 16:00:41 +02:00
Anders Schack-Mulligen
a50ea54ff6 Java: Fix tests. 2019-08-08 12:03:01 +02:00
Anders Schack-Mulligen
b3e56d5b04 Java: Fix copy-paste typo. 2019-08-08 11:44:44 +02:00
Anders Schack-Mulligen
20e6f5594f Java: Improve barriers for the CWE-190 Arithmetic* queries. 2019-08-07 15:22:23 +02:00
yh-semmle
033879f5a6 Merge pull request #1639 from aschackmull/java/in-out-barriers 
Java/C++/C# DataFlow: Add support for in/out barriers on sources and sinks.
 2019-08-07 01:07:19 -04:00