hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,841 Commits 1,671 Branches 157 Tags
merge-rc/1.24
Commit Graph

1615 Commits

Author SHA1 Message Date
Tom Hvitved
922e52f061 Merge pull request #3257 from hvitved/csharp/dataflow/tests 
C#: Update data flow tests
 2020-04-16 11:47:45 +02:00
Chris Gavin
4e981d8e70 Merge rc/1.24 into master. 2020-04-14 21:30:29 +01:00
Dave Bartolomeo
95a6dd01c6 C#: Accept test output 2020-04-14 11:11:36 -04:00
Tom Hvitved
a9b88b6eaa C#: Update data flow tests 2020-04-14 09:31:10 +02:00
Dave Bartolomeo
1bde11706e C++: Connect InitializeIndirection to UnmodeledDefinition 
The IR generation for `InitializeIndirection` currently connects its load operand to the result of the corresponding `InitializeParameter` instruction. This isn't exactly wrong, but it doesn't fit the IR invariant of "All unmodeled uses consume `UnmodeledDefinition`". Our current code doesn't care, because we just throw away all of the existing def-use information, modeled or otherwise, when we build unaliased SSA. However, some upcoming SSA changes don't work correctly if this invariant is broken.

I've added the trivial IR generation change, along with a new sanity query.
 2020-04-13 18:37:47 -04:00
Robert Marsh
a5e7db73b2 Merge branch 'rc/1.24' into rdmarsh/cpp/ir-flow-through-outparams 
For submodule consistency
 2020-04-13 12:02:59 -07:00
Pavel Avgustinov
6737e99d65 Merge pull request #3209 from hmakholm/baselib-extractor 
Add extractor field in base language QL packs
 2020-04-09 15:24:49 +01:00
Robert Marsh
7e299e7494 C++/C#: Document ReturnIndirectionInstruction::getParameter 2020-04-08 16:41:07 -07:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Tom Hvitved
6685a5ed4d Merge pull request #3136 from calumgrant/cs/buildless-extraction 
C#: Improvements to buildless extraction
 2020-04-07 08:52:00 +02:00
Tom Hvitved
bacb11a563 Merge pull request #3150 from calumgrant/cs/enable-nullability 
C#: Enable nullability for Autobuilder and Utils projects
 2020-04-07 08:51:43 +02:00
Henning Makholm
d1ff3211ef Add extractor fields to test qlpack.yml files. 2020-04-06 19:21:41 +02:00
Henning Makholm
bf579dedd4 Add extractor field in base language QL packs 2020-04-06 18:48:01 +02:00
Calum Grant
0d86866ba3 Merge pull request #3160 from hvitved/csharp/null-maybe-fp 
C#: Add false-positive test for NullMaybe.ql
 2020-04-06 14:30:31 +01:00
Calum Grant
6cce0de9b2 Merge pull request #3124 from hvitved/csharp/dataflow/sources-and-sinks 
C#: Introduce `RemoteFlowSink` class
 2020-04-06 12:36:14 +01:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Tom Hvitved
4e2d6c0250 C#: Add missing QL doc 2020-04-03 12:45:56 +02:00
Calum Grant
adde52d33c C#: Add missing files 2020-04-03 11:22:50 +01:00
Calum Grant
6a26a6542a C#: Remove a function. 2020-04-03 09:42:25 +01:00
Mathias Vorreiter Pedersen
0b12c1519b C++/C#: Sync identical files 2020-04-03 10:06:37 +02:00
Calum Grant
9481fada51 C#: Address review comments. 2020-04-02 20:29:45 +01:00
Robert Marsh
a061811939 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Pick up new test for user-defined swap functions
 2020-04-01 17:32:55 -07:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00
Robert Marsh
25f3f67c4a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Fixes test conflicts and reveals a bug in parameter handling
 2020-03-31 12:54:00 -07:00
Calum Grant
9a5e80667e C#: Address review comments. 2020-03-31 15:21:51 +01:00
Tom Hvitved
4ca5e3755f C#: Add false-positive test for NullMaybe.ql 2020-03-31 14:06:16 +02:00
Tom Hvitved
9fa9c10361 Merge pull request #2921 from aschackmull/dataflow/consistency-checks 
Java: Add data-flow consistency checks.
 2020-03-30 12:47:41 +02:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Calum Grant
69041bc959 C#: Enable nullability in Autobuilder. 2020-03-27 20:26:38 +00:00
Robert Brignull
90fad6f762 add code scanning suites 2020-03-27 17:03:23 +00:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Calum Grant
8a968dac81 C#: Enable nullability in Semmle.Util 2020-03-26 20:10:21 +00:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Dave Bartolomeo
7879dde8b8 Merge pull request #3097 from jbj/detect-conflated-memory 
C++: Implement Instruction.isResultConflated
 2020-03-26 14:52:47 -04:00
Calum Grant
71e0dc087b C#: General code tidy. 2020-03-26 15:35:31 +00:00
Tom Hvitved
a8660d446e C#: Fix typo 2020-03-26 14:54:03 +01:00
Tom Hvitved
db8d61c3be C#: Remove compiler warning in Remote.qll 2020-03-26 12:26:17 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Calum Grant
87970337ae C#: Improvements to buildless extraction, particularly for .NET Core. 2020-03-25 15:27:48 +00:00
Dave Bartolomeo
1edd492abf C++: Late fix for PR feedback 
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
 2020-03-25 10:10:30 -04:00
Dave Bartolomeo
376779421d Merge pull request #2975 from rdmarsh2/printir-generate-all 
C++/C#: generate IR for funcs excluded in PrintIR
 2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Dave Bartolomeo
2b69cc9738 C#: Make IRConfiguration.qll just forward to the implementation 
Just like C++ already does.
 2020-03-24 13:33:50 -04:00
Jonas Jensen
8f419d1676 C++: Fix conflated-memory sanity query 
I had included `InitializeNonLocal` in the recursion because it made
everything look better in the presence of a bug that's since been fixed.
Taking it out means the sanity test is again aligned with the old
`isChiForAllAliasedMemory`.
 2020-03-24 16:46:59 +01:00