hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2824 Commits

Author SHA1 Message Date
Dave Bartolomeo
6dc02c719b C++: Fix typos 2020-06-25 07:19:15 -04:00
Calum Grant
4642bb2767 Merge pull request #3774 from hvitved/csharp/tripleticks 
C#: Enable syntax highlighting in QLDoc snippets
 2020-06-25 10:31:50 +01:00
Calum Grant
6e3609696a C#: Address review comments. 2020-06-25 09:59:59 +01:00
Tom Hvitved
b8ae4b7f64 C#: Move async data-flow tests from local to global 2020-06-25 10:04:18 +02:00
Tom Hvitved
3f91aa3b55 C#: More data-flow collection tests 2020-06-25 09:48:52 +02:00
Dave Bartolomeo
2685aa4b8b C++: Use fewer words 2020-06-24 20:42:02 -04:00
Dave Bartolomeo
8b02f121d6 C++: QLDoc for all of Instruction.qll 
I think I've now documented every class and public predicate in `Instruction.qll` I've tried to include detailed semantics of each instruction where appropriate.
 2020-06-24 20:29:31 -04:00
Calum Grant
d32199cccc C#: QLdoc for CIL instructions. 2020-06-24 22:01:33 +01:00
Calum Grant
262a20cea0 C#: Add qldocs for Concurrency.qll, Documentation.qll, cil.qll and dotnet.qll. 2020-06-24 22:01:33 +01:00
Robert Marsh
38067b5b34 Merge pull request #3777 from rdmarsh2/rdmarsh/csharp/autobuilder-lang-name 
C#/C++: Use CODEQL_EXTRACTOR_<LANG>_* in autobuilder
 2020-06-24 10:18:26 -07:00
Anders Schack-Mulligen
941177ee25 Merge pull request #3762 from hvitved/dataflow/clear-contents 
Data flow: Model field clearing
 2020-06-24 10:19:50 +02:00
Robert Marsh
e24566e313 C#/C++: Use CODEQL_EXTRACTOR_CPP_ROOT in autobuild 
Left this out earlier because I thought it needed to point to the C#
extractor root even in C++ mode, but it looks like it isn't yet used in
C++ mode.
 2020-06-23 15:53:25 -07:00
Robert Marsh
c37c282861 C#/C++: Fix tests with new environment variables 2020-06-23 15:35:22 -07:00
Robert Marsh
da9aa546de C#/C++: Use CODEQL_EXTRACTOR_CPP_* in autobuilder 2020-06-23 14:47:07 -07:00
Tom Hvitved
652de80fa5 C#: Enable syntax highlighting in QLDoc snippets 2020-06-23 16:56:56 +02:00
Tom Hvitved
a3e7fd60f2 Data flow: Enable syntax highlighting in QLDoc snippets 2020-06-23 16:54:34 +02:00
Tom Hvitved
ff751ac0f8 Data flow: Sync files 2020-06-23 10:55:12 +02:00
Tom Hvitved
98ed2a18ac Data flow: Move field-clearing checks from flowCandFwf0 into flowCandFwd 2020-06-23 10:55:12 +02:00
Tom Hvitved
13b4dfa972 Data flow: Rename BigStepBarrierNode to FlowCheckNode 2020-06-23 10:55:12 +02:00
Tom Hvitved
3faca03de6 C#: Introduce ObjectInitializerNode 2020-06-23 10:55:12 +02:00
Tom Hvitved
c057e82efa Data flow: Sync files 2020-06-23 10:55:11 +02:00
Tom Hvitved
a1d5591634 C#: Model field-clearing in data-flow 2020-06-23 10:55:11 +02:00
Tom Hvitved
b5bc15a097 C#: Add more field-flow tests 2020-06-23 10:55:11 +02:00
Jonas Jensen
39137510ba Merge pull request #3736 from rneatherway/exclude-cs-vulnerable-package 
Exclude dependency-based query from C# Code Scanning
 2020-06-22 17:27:23 +02:00
semmle-qlci
e06a54c33d Merge pull request #3494 from hvitved/dataflow/partial-flow-access-path-limit 
Approved by aschackmull
 2020-06-22 12:09:00 +01:00
Calum Grant
f2f020fa51 Merge pull request #3610 from hvitved/csharp/dataflow/call-sensitivity 
C#: Add call-sensitivity to data-flow call resolution
 2020-06-22 10:36:45 +01:00
Tom Hvitved
72e6c9c2b1 Data flow: Use accessPathLimit() in partial flow as well 2020-06-22 10:08:51 +02:00
Jonas Jensen
09d7ed092b Merge pull request #3612 from dbartol/github/codeql-c-analysis-team/69_union 
C++: Share `TInstruction` across IR stages
 2020-06-19 16:03:11 +02:00
Anders Schack-Mulligen
8107fbadc2 Merge pull request #3456 from hvitved/dataflow/precise-field-types 
Data flow: Track precise types during field flow
 2020-06-19 11:50:10 +02:00
Tom Hvitved
ca86bb8603 Address review comments 2020-06-19 10:34:11 +02:00
Robin Neatherway
17d36cf363 Exclude dependency-based query from C# Code Scanning 
This query overlaps with tools such as dependabot.
 2020-06-18 11:29:15 +01:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
Anders Schack-Mulligen
cedfaf6aaf Dataflow: autoformat 2020-06-17 17:09:55 +02:00
Anders Schack-Mulligen
543ab71dfe Dataflow: minor review fixes. 2020-06-17 17:03:22 +02:00
Anders Schack-Mulligen
d28b5ace63 Dataflow: Sync. 2020-06-17 15:40:48 +02:00
Dave Bartolomeo
8e977dc6bf C++/C#: Move overrides of IRType::getByteSize() into leaf classes 
See https://github.com/github/codeql/pull/2272. I've added code comments in all of the places that future me will be tempted to hoist these overrides.
 2020-06-16 16:48:42 -04:00
Dave Bartolomeo
24c3110989 Merge from master 2020-06-16 16:37:38 -04:00
Robert Marsh
1c9b6f0a48 Merge branch 'master' into ir-this-parameter-2 
Accept test changes - dataflow changes are all positive
 2020-06-16 11:28:49 -07:00
Dave Bartolomeo
881b3c8e33 C#: Fix IR consistency errors 
We were creating a `TranslatedFunction` even for functions that were not from source code, but then telling the IR package that those functions didn't have IR. This resulted in having prologue/epilogue instructions (e.g. `EnterFunction`, `ExitFunction`) with no enclosing `IRFunction`.
 2020-06-15 11:33:00 -04:00
Dave Bartolomeo
8cbc7e8654 C++/C#: Improve consistency failure result messages 
Some of our IR consistency failure query predicates already produced results in the schema as an `@kind problem` query, including `$@` replacements for the enclosing `IRFunction` to make it easier to figure out which function to dump when debugging. This change moves the rest of the query predicates in `IRConsistency.qll` to do the same. In addition, it wraps each call to `getEnclosingIRFunction()` to return an `OptionalIRFunction`, which can be either a real `IRFunction` or a placeholder in case `getEnclosingIRFunction()` returned no results. This exposes a couple new consistency failures in `syntax-zoo`, which will be fixed in a subsequent commit.

This change also deals with consistency failures when the enclosing `IRFunction` has more than one `Function` or `Location`. For multiple `Function`s, we concatenate the function names. For multiple `Location`s, we pick the first one in lexicographical order. This changes the number of results produced in the existing tests, but does't change the actual number of problems.
 2020-06-15 10:46:46 -04:00
Calum Grant
0d1fb0f248 Merge pull request #3509 from hvitved/csharp/html-raw 
C#: Recognize more calls to `IHtmlHelper.Raw`
 2020-06-15 09:31:58 +01:00
Dave Bartolomeo
89a1fd4b4a C++/C#: Fix formatting 2020-06-13 08:22:04 -04:00
Dave Bartolomeo
eac3b06c57 C#: Fix up C# IR construction to latest interface 2020-06-12 17:40:27 -04:00
Dave Bartolomeo
73d2e09a8d C++:/C# Remove opcode from TRawInstruction 2020-06-12 17:36:01 -04:00
Dave Bartolomeo
978275cbd4 C++/C#: Move irFunc out of various TInstruction branches 2020-06-12 17:26:45 -04:00
Dave Bartolomeo
07c1520b4d C++/C#: Move ast out of TRawInstruction 2020-06-12 17:03:02 -04:00
Dave Bartolomeo
2aabe431f6 C++/C#: Stop caching getOldInstruction() 2020-06-12 16:22:58 -04:00
Dave Bartolomeo
ac169931b3 C++/C#: More efficient evaluation of SSA::hasInstruction() 2020-06-12 16:09:50 -04:00
Dave Bartolomeo
4331b9b54e C++: Simplify logic to an implication 2020-06-12 09:31:19 -04:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00