hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

8716 Commits

Author SHA1 Message Date
Robert Marsh
7e299e7494 C++/C#: Document ReturnIndirectionInstruction::getParameter 2020-04-08 16:41:07 -07:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Calum Grant
4c7d413fa4 C#: Address review comment. 2020-04-07 19:58:48 +01:00
Calum Grant
abf6be6030 C#: Avoid qualifying explicit interface implementations. 2020-04-07 11:17:35 +01:00
Calum Grant
9ec0c8f3ec C#: Qualify type parameters with the entity that declares them 2020-04-07 11:17:35 +01:00
Calum Grant
39eb1a3825 C#: Remove assembly qualifier from some trap-ids. 2020-04-07 11:17:34 +01:00
Tom Hvitved
6685a5ed4d Merge pull request #3136 from calumgrant/cs/buildless-extraction 
C#: Improvements to buildless extraction
 2020-04-07 08:52:00 +02:00
Tom Hvitved
bacb11a563 Merge pull request #3150 from calumgrant/cs/enable-nullability 
C#: Enable nullability for Autobuilder and Utils projects
 2020-04-07 08:51:43 +02:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Calum Grant
0d86866ba3 Merge pull request #3160 from hvitved/csharp/null-maybe-fp 
C#: Add false-positive test for NullMaybe.ql
 2020-04-06 14:30:31 +01:00
Calum Grant
6cce0de9b2 Merge pull request #3124 from hvitved/csharp/dataflow/sources-and-sinks 
C#: Introduce `RemoteFlowSink` class
 2020-04-06 12:36:14 +01:00
Jonas Jensen
46fc91315b Java/C++/C#: Revert the join order fix from #2872 
This revert brings back the performance problems in
`DataFlowImplLocal.qll` so they can be fixed in a different way. The fix
in #2872 was asymptotically good but had undesired overhead because it
introduced another predicate in the SCC that existed purely for join
ordering.

I did the revert by inlining the helper predicate, eliminating the
`enclosing` variable, and re-ordering the resulting lines to what they
were before #2872.
 2020-04-06 10:04:50 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Tom Hvitved
8d81b885c6 C#: Unset Platform env variable when invoking vcvarsall.bat 2020-04-03 14:47:34 +02:00
Tom Hvitved
4e2d6c0250 C#: Add missing QL doc 2020-04-03 12:45:56 +02:00
Calum Grant
adde52d33c C#: Add missing files 2020-04-03 11:22:50 +01:00
Calum Grant
6a26a6542a C#: Remove a function. 2020-04-03 09:42:25 +01:00
Mathias Vorreiter Pedersen
0b12c1519b C++/C#: Sync identical files 2020-04-03 10:06:37 +02:00
Calum Grant
9481fada51 C#: Address review comments. 2020-04-02 20:29:45 +01:00
Robert Marsh
a061811939 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Pick up new test for user-defined swap functions
 2020-04-01 17:32:55 -07:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00
Robert Marsh
25f3f67c4a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Fixes test conflicts and reveals a bug in parameter handling
 2020-03-31 12:54:00 -07:00
Calum Grant
9a5e80667e C#: Address review comments. 2020-03-31 15:21:51 +01:00
Tom Hvitved
4ca5e3755f C#: Add false-positive test for NullMaybe.ql 2020-03-31 14:06:16 +02:00
Tom Hvitved
9fa9c10361 Merge pull request #2921 from aschackmull/dataflow/consistency-checks 
Java: Add data-flow consistency checks.
 2020-03-30 12:47:41 +02:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Dave Bartolomeo
39dd9b7099 C++/C#: Fix formatting 2020-03-27 19:46:53 -04:00
Dave Bartolomeo
c3a6ca0d9a C++: Better support for complex numbers in IR and AST 
This PR adds better support for differentiating complex and imaginary floating-point types from real floating-point types, in both the AST and in the IR type system.

*AST Changes*
- Introduces the new class `TypeDomain`, which can be either `RealDomain`, `ImaginaryDomain` or `ComplexDomain`. "type domain" is the term used for this concept in the C standard, and I couldn't think of a better one.
- Introduces `FloatingPointType.getDomain()`, to get the type domain of the type.
- Introduces `FloatingPointType.getBase()`, to get the numeric base of the type (either 2 or 10).
- Introduces three new subtypes of `FloatingPointType`: `RealNumberType`, `ComplexNumberType`, and `ImaginaryNumberType`, which differentiate between the types based on their type domain. Note that the decimal types (e.g., `_Decimal32`) are included in `RealNumberType`.
- Introduces two new subtypes of `FloatingPointType`: `BinaryFloatingPointType` and `DecimalFloatingPointType`, which differentiate between the types based on their numeric base, independent of type domain.

*IR Changes*
- `IRFloatingPointType` now has two additional parameters: the base and the type domain.
- New test that ensures that C++ types get mapped to the correct IR types.
- New IR test that verifies the IR for some basic usage of complex FP types.
 2020-03-27 18:08:14 -04:00
Calum Grant
69041bc959 C#: Enable nullability in Autobuilder. 2020-03-27 20:26:38 +00:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Calum Grant
8a968dac81 C#: Enable nullability in Semmle.Util 2020-03-26 20:10:21 +00:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Dave Bartolomeo
7879dde8b8 Merge pull request #3097 from jbj/detect-conflated-memory 
C++: Implement Instruction.isResultConflated
 2020-03-26 14:52:47 -04:00
Calum Grant
71e0dc087b C#: General code tidy. 2020-03-26 15:35:31 +00:00
Tom Hvitved
a8660d446e C#: Fix typo 2020-03-26 14:54:03 +01:00
Tom Hvitved
db8d61c3be C#: Remove compiler warning in Remote.qll 2020-03-26 12:26:17 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Calum Grant
87970337ae C#: Improvements to buildless extraction, particularly for .NET Core. 2020-03-25 15:27:48 +00:00
Dave Bartolomeo
1edd492abf C++: Late fix for PR feedback 
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
 2020-03-25 10:10:30 -04:00
Dave Bartolomeo
376779421d Merge pull request #2975 from rdmarsh2/printir-generate-all 
C++/C#: generate IR for funcs excluded in PrintIR
 2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Dave Bartolomeo
2b69cc9738 C#: Make IRConfiguration.qll just forward to the implementation 
Just like C++ already does.
 2020-03-24 13:33:50 -04:00