codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Tom Hvitved	eabfa31767	Synchronize data flow files	2019-10-07 15:13:48 +02:00
Tom Hvitved	46933ef65e	Java: Autoformat	2019-10-07 15:12:13 +02:00
Cornelius Riemenschneider	d79eaffd3a	Prune unreachable paths in the Java dataflow library based on call context. We now detect patterns like f(bool cond){ if(cond) then A else B and prune branches for calls like f(true) or f(false). This pruning is done both in the local (bigstep) flow graph as well as in the inter-procedural dataflow graph.	2019-10-07 15:10:54 +02:00
Anders Schack-Mulligen	066a2f0d12	Java: Add another overflow check pattern to UselessComparisonTest.	2019-10-04 15:04:40 +02:00
Tom Hvitved	9b58d799cb	Java/C++/C#: Tweak `AccessPathNil::toString()` Move the type annotation outside the brackets, to avoid prefixes such as `[ : T]`.	2019-10-04 11:09:44 +02:00
yh-semmle	3313af5189	Merge pull request #2036 from aschackmull/java/eq-ssa-guard Java: Improve guards for equal ssa variables.	2019-10-02 12:00:59 -04:00
Anders Schack-Mulligen	f87cb4d6ac	Java/C++/C#: Address review comments and fix test.	2019-10-02 14:32:17 +02:00
Anders Schack-Mulligen	f97958296d	Java/C++/C#: Sync.	2019-09-26 17:12:08 +02:00
Anders Schack-Mulligen	0afea80d53	Java: Improve guards for equal ssa variables.	2019-09-26 16:29:13 +02:00
Anders Schack-Mulligen	4221639155	Java: Improve taint/value distinction for flow through with fields.	2019-09-26 16:25:15 +02:00
Anders Schack-Mulligen	7c1594df13	Java: Slight precision improvement for getter/setter detection.	2019-09-25 10:14:49 +02:00
Anders Schack-Mulligen	f8f3a4b25f	Java: Minor additional type pruning.	2019-09-23 11:07:10 +02:00
Anders Schack-Mulligen	42a970b905	Java: Update qldoc.	2019-09-20 16:21:03 +02:00
Anders Schack-Mulligen	d9aa46d3b0	Java: Add missing field pruning.	2019-09-20 16:13:48 +02:00
Anders Schack-Mulligen	648335d46d	Java: Remove two unnecessary unbinds.	2019-09-20 16:12:56 +02:00
Tom Hvitved	d8074ddfa6	Sync files	2019-09-18 13:36:15 +02:00
Anders Schack-Mulligen	95e2f162d9	Java/C++/C#: Adjust toString of empty accesspath.	2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen	0a4b15d40b	Java/C++/C#: Add nodes predicate to PathGraph.	2019-09-12 11:00:49 +02:00
Jonas Jensen	d51e5212fb	Merge remote-tracking branch 'upstream/master' into dataflow-TTwo Conflicts: cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll cpp/ql/test/library-tests/dataflow/fields/flow.expected csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll	2019-09-08 21:08:43 +02:00
Anders Schack-Mulligen	6b85fe087a	Java: Restrict the output of Range Analysis to the best bounds.	2019-09-06 15:39:46 +02:00
Anders Schack-Mulligen	aa07020d9d	Java: Autoformat.	2019-09-06 09:03:45 +02:00
Jonas Jensen	9c9b7ac651	C#/C++/Java: Revert AccessPathNil.toString changes This caused too many `*.expected` files to change, also in our internal repo.	2019-09-02 15:59:36 +02:00
Jonas Jensen	a98992f0f9	C#/C++/Java: distinguish toString of nil from cons	2019-09-02 14:22:03 +02:00
Jonas Jensen	cdede8744f	C#/C++/Java: Prettier PartialAccessPath.toString	2019-09-02 14:05:50 +02:00
Jonas Jensen	c3bc9f8575	C#/C++/Java: Unbreak partial data flow support Partial data flow had a semantic merge conflict with this branch. The problem is that partial data flow doesn't (and shouldn't) cause the initial pruning steps to run, but the length-2 access paths depend on the `consCand` information that comes from that initial pruning. The solution is to restore the old `AccessPath` class, now called `PartialAccessPath` for use only by partial data flow. With this change, partial data flow will in some cases allow more field flow than non-partial data flow.	2019-09-02 14:02:39 +02:00
Jonas Jensen	dec0c3a0ee	C#/C++/Java: Make AccessPath abstract This was requested by @hvitved in code review. There is no difference in the generated DIL.	2019-09-02 13:14:30 +02:00
Jonas Jensen	b1be123e31	C#/C++/Java: Prettier AccessPath.toString The `ppReprType` predicate should now be `none()` instead of `result=""` to signal that there is nothing to print. That seems clearer to me.	2019-09-02 13:14:20 +02:00
Jonas Jensen	b2c94cc6b4	C++/C#/Java: Restore the AccessPathCons class	2019-09-02 13:14:13 +02:00
Jonas Jensen	fbe34015f3	C++/C#/Java: AccessPath class names reflect length One -> ConsNil Two -> ConsCons	2019-09-02 13:13:59 +02:00
Jonas Jensen	e8006bb2cc	C++/C#/Java: data flow AccessPath up to length 2 This commit does not include updates to test results.	2019-09-02 13:13:46 +02:00
yh-semmle	c359675fa9	Merge pull request #1802 from aschackmull/java/taint-step-extension-point Java: Add a global extension point for taint steps.	2019-08-30 17:19:58 -04:00
Anders Schack-Mulligen	5e6326d1d5	Java/C++/C#: Add support for dataflow exploration by partial paths.	2019-08-30 14:32:55 +02:00
Luke Cartey	dfa371c65b	Java: Add missing SQL query APIs. * executeLargeUpdate * prepareCall	2019-08-30 10:40:49 +01:00
Anders Schack-Mulligen	ae98d4fd8e	Java: Change extension point to use a unit type.	2019-08-29 11:05:45 +02:00
Tom Hvitved	853a3aa998	Merge pull request #1799 from aschackmull/java/fieldflow-perf Java/C++/C#: Improve performance of data flow with fields.	2019-08-28 16:30:25 +02:00
Luke Cartey	1669d283fe	Merge pull request #1795 from aschackmull/java/localexprflow Java: Add localExprFlow and localExprTaint.	2019-08-28 14:04:49 +01:00
Anders Schack-Mulligen	2bea0a459a	Java/C++/C#: Sync.	2019-08-23 11:34:17 +02:00
Anders Schack-Mulligen	6e97f22b43	Java/C++/C#: Improve performance of pruning in field flow.	2019-08-23 11:32:45 +02:00
Calum Grant	ff20a2ceb9	Merge pull request #1761 from hvitved/csharp/dataflow/fields C#: Data flow through fields	2019-08-22 20:46:00 +01:00
Anders Schack-Mulligen	ef0c6d01eb	Java: Add a global extension point for taint steps.	2019-08-22 16:38:59 +02:00
Tom Hvitved	0801e51175	Merge pull request #1790 from jbj/tainttracking-cross-language C++/C#/Java: Shared TaintTrackingImpl.qll	2019-08-22 14:17:23 +02:00
Anders Schack-Mulligen	3aedadcb35	Java: Add localExprFlow and localExprTaint.	2019-08-22 11:25:23 +02:00
Jonas Jensen	ad9ee54b65	C++/C#/Java: defaultAdditionalTaintStep	2019-08-22 11:14:06 +02:00
yh-semmle	9012c3240f	Merge pull request #1789 from aschackmull/java/autoformat Java: Autoformat.	2019-08-21 12:36:55 -04:00
Tom Hvitved	a2ffddec5f	Merge pull request #1785 from jbj/dataflow-recursion-prevention-shared C++/C#/Java: Pyrameterize ConfigurationRecursionPrevention	2019-08-21 15:56:50 +02:00
Jonas Jensen	25701f203d	C++/C#/Java: Shared TaintTrackingImpl.qll This file is now identical in all languages. Unifying this file led to the following changes: - The documentation spelling fixes and example from the C++ version were copied to the other versions and updated. - The steps through `NonLocalJumpNode` from C# were abstracted into a `globalAdditionalTaintStep` predicate that's empty for C++ and Java. - The `defaultTaintBarrier` predicate from Java is now present but empty on C++ and C#. - The C++ `isAdditionalFlowStep` predicate on `TaintTracking::Configuration` no longer includes `localFlowStep`. That should avoid some unnecessary tuple copying.	2019-08-21 14:55:54 +02:00
Anders Schack-Mulligen	629c19e719	Java: Autoformat.	2019-08-21 14:38:17 +02:00
Jonas Jensen	863bf523d6	C++/C#/Java: Autoformat	2019-08-21 13:24:01 +02:00
Jonas Jensen	fdd3b901f7	C/C#/Java: Share ConfigurationRecursionPrevention This class was copy-pasted in all `DataFlowN.qll` files without using the identical-files system to keep the copies in sync. The class is now moved to the `DataFlowImplN.qll` files. This also has the effect of preventing recursion through first data flow library copy for C/C++. Such recursion has been deprecated for over a year, and some forms of recursions are already ruled out by the library implementation.	2019-08-21 13:04:10 +02:00
Jonas Jensen	6fc3a62edb	C++/C#/Java: Change another caller of localFlow There was also a use of `localFlowStep` in `DataFlowImplCommon` that should now be `simpleLocalFlowStep`.	2019-08-21 10:20:15 +02:00

... 27 28 29 30 31 ...

1740 Commits