hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,280 Commits 1,672 Branches 157 Tags
oscarsj/test-cpp-internal-checks
Commit Graph

8538 Commits

Author SHA1 Message Date
Tamas Vajk
c02a743835 Revert redundant order by 2021-09-03 16:51:32 +02:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tamás Vajk
82f61ca015 Merge pull request #6577 from tamasvajk/fix/cil-modified-pointer 
C#: Temporarily extract modified pointers as unmodified during CIL ex…
 2021-09-02 10:48:51 +02:00
Tom Hvitved
c3ecae503b Data flow: Sync files 2021-09-01 19:58:47 +02:00
Tom Hvitved
136c8b5192 Data flow: Improve callMayFlowThroughFwd join order 
Before:
```
[2021-08-25 09:56:29] (1395s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@111fb3:
                      15495496   ~5%         {5} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.3, In.4, In.2 'config', In.0 'call', In.1
                      1450611958 ~6335%      {5} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlow#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'call', Lhs.4, Lhs.2 'config', Rhs.3, Rhs.4
                      7043648    ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 5 OUTPUT Lhs.0 'call', Lhs.2 'config'
                                             return r3
```

After:
```
[2021-08-25 10:57:02] (2652s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@d3e27b:
                      15495496 ~0%         {6} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.0 'call', In.1, In.2 'config', In.3, In.4, In.2 'config'
                      9236888  ~22%        {7} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Rhs.4, Lhs.4, Lhs.5, Lhs.0 'call', Lhs.2 'config'
                      7043648  ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlow#fffff ON FIRST 5 OUTPUT Lhs.5 'call', Lhs.6 'config'
                                           return r3
```
 2021-09-01 19:57:29 +02:00
Tamás Vajk
e9ff6e8755 Merge pull request #6578 from tamasvajk/fix/cil-local-decoding 
C#: Handle non-critical exception in CIL local variable extraction
 2021-09-01 12:52:53 +02:00
Tamas Vajk
b267d26ff8 C#: Fix completely broken type argument extraction in NoMetadataHandleType 2021-08-31 14:34:27 +02:00
Tamas Vajk
d6ae19c87d C#: Handle non-critical exception in CIL local variable extraction 2021-08-31 14:29:53 +02:00
Tamas Vajk
0ba334bb22 C#: Temporarily extract modified pointers as unmodified during CIL extraction 2021-08-31 14:26:36 +02:00
Tom Hvitved
c8a5397085 Merge pull request #6513 from hvitved/csharp/cfg/shared 
C#: Make CFG library shared
 2021-08-31 11:55:43 +02:00
Tom Hvitved
7fc536db15 Data flow: Add precise call contexts to stage 2 2021-08-31 10:44:33 +02:00
Tom Hvitved
789e2e48cf C#: Remove temporary dispatch restriction 2021-08-30 14:49:04 +02:00
Tom Hvitved
05b45da42f Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow 
C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
 2021-08-30 11:31:22 +02:00
Tom Hvitved
7e1efbdd8e C#: Use data flow instead of taint tracking in InsecureSQLConnection.ql 2021-08-26 13:48:57 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Tom Hvitved
ab2bc38789 C#: Use shared logic in NodeGraph.ql test 2021-08-25 11:35:12 +02:00
Tom Hvitved
d405284d36 C#: Make CFG library shared 2021-08-25 11:35:11 +02:00
Tom Hvitved
01f7fdfea5 C#: Update call-context data-flow tests 2021-08-25 10:34:53 +02:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tamas Vajk
d97525e21e Fix minor quality issues in comment and change note 2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Tamás Vajk
166a6b02f6 Merge pull request #6268 from tamasvajk/feature/generic-type-name 
C#: Remove type args/params from generic type names in extractor
 2021-08-16 12:22:16 +02:00
Tamas Vajk
2437546009 Merge branch 'main' into feature/service-stack 2021-08-10 15:16:17 +02:00
Tamas Vajk
243424063a Add pragma inline to getMember/Method/Callable 2021-08-10 13:25:56 +02:00
Tamas Vajk
51661bfa62 Add pragma noinline to fix uselessUpcast check 2021-08-10 13:24:30 +02:00
Tamas Vajk
91bd3d1a11 Cache getName to improve performance 2021-08-09 10:28:31 +02:00
Tom Hvitved
15db6dfb10 Merge pull request #6431 from hvitved/csharp/silence-xml-extraction 
C#: Silence XML extraction commands
 2021-08-09 09:36:23 +02:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Raul Garcia
2708326624 Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 16:33:01 -07:00
Raul Garcia (MSFT)
e117077761 Adding change-note 2021-08-05 15:29:18 -07:00
Tom Hvitved
5b5ed97421 C#: Silence XML extraction commands 2021-08-05 15:24:01 +02:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
Raul Garcia (MSFT)
8544356f90 Adding Membership.GeneratePassword() as a bad source of random data because of the bias. 2021-08-04 17:12:00 -07:00
edvraa
db2f9add53 Post merge 2021-08-04 18:37:17 +03:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tamas Vajk
6405b89443 Add DB upgrade script to change generic type names to undecorated ones 2021-08-04 12:38:16 +02:00
Tamas Vajk
f1a596ee81 Fix code review findings 2021-08-04 12:38:16 +02:00
Tamas Vajk
62f5af9ac8 Fix TupleType::getName 2021-08-04 12:38:16 +02:00
Tamas Vajk
d3803b01e4 Fix nested generic type qualified names 2021-08-04 12:38:16 +02:00
Tamas Vajk
99fe9d8d07 Fix erroneous space in type name 2021-08-04 12:38:16 +02:00
Tamas Vajk
0cfd73c818 Adjust QL getName to the extracted undecorated names 2021-08-04 12:38:15 +02:00
Tamas Vajk
8df77060ba C#: Remove type args/params from generic type names in extractor 2021-08-04 12:38:15 +02:00