hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

2812 Commits

Author SHA1 Message Date
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Tom Hvitved
9ebf8d1d58 Data flow: Sync files 2020-08-14 11:04:45 +02:00
Tom Hvitved
2d29fa1d15 Data flow: Use precise call contexts in flowFwd() 2020-08-14 11:04:45 +02:00
Tom Hvitved
46f10fc032 C#: Restrict DataFlowType to types belonging to Nodes 2020-08-13 13:16:10 +02:00
Tom Hvitved
dcccdee227 C#: Speed up Implements.qll and Unification.qll 
Restrict constructed GVN types to those that are complete, and reduce
intermediate string construction in `toString()` computations.
 2020-08-13 13:11:04 +02:00
Tom Hvitved
c20d763490 Merge pull request #3951 from raulgarciamsft/users/raulgarciamsft/dataset_serialization 
C#: DataSet serialization
 2020-08-07 12:54:10 +02:00
Raul Garcia
3682a902de Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qhelp 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-08-06 12:09:02 -07:00
Raul Garcia (MSFT)
aa27eaf7e0 Addrssing the comments from https://github.com/github/codeql/pull/3951#discussion_r464894547 that I missed previously 2020-08-04 15:50:58 -07:00
Tom Hvitved
63115a36f7 Merge pull request #3994 from hvitved/csharp/dataflow/library-aps-adjust 
C#: More type-based adjustment of library-flow access paths
 2020-08-04 14:33:54 +02:00
Raul Garcia (MSFT)
c52064af78 Fixing problems based on CR feedback. 
https://github.com/github/codeql/pull/3951#pullrequestreview-458987208
 2020-08-03 16:39:41 -07:00
Raul Garcia (MSFT)
a5dab4e768 removing a redundant line 2020-07-30 17:05:42 -07:00
Raul Garcia (MSFT)
64f4613a3f Removing the options file as requested 2020-07-30 10:25:15 -07:00
Raul Garcia (MSFT)
9e74c183fe Fixing expected results after adding comments to the unit test .cs file 2020-07-30 10:24:24 -07:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Tom Hvitved
4f4d9d35be C#: Add more nullness tests 2020-07-30 12:15:49 +02:00
Raul Garcia (MSFT)
6f845b0044 Using CodeQL AutoFormat 2020-07-29 18:01:46 -07:00
Raul Garcia (MSFT)
7923c480af Fixing queries based on suggestions/comments. 
TODO: Auto-formatting is still pending (need guidance on how to enable it on my environment). Thanks
 2020-07-29 17:14:37 -07:00
Raul Garcia
83e9d052d9 Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll 
Co-authored-by: Jaroslav Lobačevski <novaisas@gmail.com>
 2020-07-29 16:24:13 -07:00
Arthur Baars
5bad003c0c Add qlpack.yml files for example queries 2020-07-29 16:57:04 +02:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Tom Hvitved
ce2368de96 C#: Add tests for null-coalescing assignment 2020-07-28 11:07:47 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Calum Grant
79f412ff54 C#: Fix tags typo 2020-07-17 15:30:33 +01:00
Raul Garcia (MSFT)
5387294168 Moving to experimental as requested 2020-07-16 09:32:17 -07:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
002f930dba C#: Sync identical files 2020-07-09 15:54:42 +02:00
Henry Mercer
3d711b8cd1 C#: Fix broken link to ECMA-335 2020-07-09 13:15:22 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Tom Hvitved
527a099a26 C#: Fix CFG for conditional method calls with out parameters 2020-07-02 13:12:53 +02:00
Tom Hvitved
090205d9e9 C#: Add CFG test for conditional call to method with out parameter 2020-07-02 13:09:40 +02:00
Jonas Jensen
62a656de0f Merge pull request #3860 from dbartol/codeql-c-analysis-team/40/2 
C++: QLDoc cleanup
 2020-07-02 08:32:44 +02:00
Dave Bartolomeo
f0215d1748 C++: Fix typo 2020-07-01 11:57:56 -04:00
Dave Bartolomeo
566d7fad63 C++: Autoformat some more 2020-07-01 10:14:35 -04:00
Tom Hvitved
9e3a6e8d5e Merge remote-tracking branch 'upstream/master' into csharp/dataflow/arrays 2020-07-01 14:50:26 +02:00
Anders Schack-Mulligen
7d057598d8 Merge pull request #3857 from jbj/flowthrough-bigstep-perf 
C++: Remove big-step relation in flow-through code
 2020-07-01 14:23:23 +02:00
Anders Schack-Mulligen
38b73ff684 Merge pull request #3854 from hvitved/dataflow/node-type-interface 
Data flow: Replace `getErasedRepr()` and `Node::getTypeBound()` with `getNodeType()`
 2020-07-01 11:37:19 +02:00
semmle-qlci
ef109d91ed Merge pull request #3842 from hvitved/csharp/dataflow/remove-viable-impl 
Approved by aschackmull
 2020-07-01 08:14:57 +01:00
Tom Hvitved
ed2077b2f4 Merge pull request #3841 from gavinl/master 
QHELP: Encryption using ECB.qhelp grammar
 2020-07-01 08:45:35 +02:00
Dave Bartolomeo
10bbd566d4 C++: Autoformat 2020-07-01 02:28:53 -04:00
Dave Bartolomeo
6592f8c1bb C++: QLDoc cleanup 
This PR just fixes a few bits of PR feedback from my previous QLDoc PR.
 2020-06-30 17:33:52 -04:00
Jonas Jensen
cff0f48d34 C++: Work around join-order issue in flow-through 
In this non-linear recursion, a `#prev` relation was joined earlier than
the `#prev_delta` relation. As a result, each iteration of the predicate
processes every tuple from previous iterations.

This quadratic behavior caused severe slowdowns on oneapi-src/oneDNN.
 2020-06-30 21:12:57 +02:00
Jonas Jensen
17beb2d867 C++: Remove big-step relation in flow-through code 
This relation was originally introduced to improve performance but may
no longer be necessary. The `localFlowStepPlus` predicate had an
explosion of tuples on oneapi-src/oneDNN for C++.
 2020-06-30 21:06:45 +02:00
Tom Hvitved
1fa58bd82d Data flow: Sync files 2020-06-30 17:37:16 +02:00