hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

2863 Commits

Author SHA1 Message Date
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
semmle-qlci
245b47add7 Merge pull request #1017 from hvitved/csharp/get-label-performance 
Approved by calumgrant
 2019-03-04 20:22:38 +00:00
Tom Hvitved
c70a0a646d C#: Add test for getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
6135b5b7eb C#: Updated expected test output 2019-03-04 13:19:00 +01:00
calum
d77b60bba8 C#: Add preservesValue to NonLocalJumpNode.getAJumpSuccessor. Allow DataFlow::Configuration::isAdditionalFlowStep to jump between callables. 2019-03-04 09:54:28 +00:00
calum
7343e70151 C#: Fix tests 2019-03-04 09:54:12 +00:00
calum
74b30d6071 C#: Model EntityFramework 2019-03-04 09:53:49 +00:00
calum
7010ca8cf3 C#: Fix whitespace in test. 2019-03-04 09:53:37 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Raul Garcia
9bb7816a3c Making changes based on feedback. 2019-02-22 10:10:20 -08:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Tom Hvitved
a382a5876f Merge pull request #808 from calumgrant/cs/double-checked-locks 
C#: Work on cs/unsafe-double-checked-lock
 2019-02-21 11:17:35 +01:00
Raul Garcia
7d197692ac Adding a new rule for detecting usage of static objects that implement ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results. 2019-02-20 17:07:04 -08:00
Tom Hvitved
5ce9b25ec9 C#: Improve CFG for assignments 
Write accesses in assignments, such as the access to `x` in `x = 0` are not
evaluated, so they should not have entries in the control flow graph. However,
qualifiers (and indexer arguments) should still be evaluated, for example in

```
x.Foo.Bar = 0;
```

the CFG should be `x --> x.Foo --> 0 --> x.Foo.Bar = 0` (as opposed to
`x --> x.Foo --> x.Foo.Bar --> 0 --> x.Foo.Bar = 0`, prior to this change).

A special case is assignments via acessors (properties, indexers, and event
adders), where we do want to include the access in the control flow graph,
as it represents the accessor call:

```
x.Prop = 0;
```

But instead of `x --> x.set_Prop --> 0 --> x.Prop = 0` the CFG should be
`x --> 0 --> x.set_Prop --> x.Prop = 0`, as the setter is called *after* the
assigned value has been evaluated.

An even more special case is tuple assignments via accessors:

```
(x.Prop1, y.Prop2) = (0, 1);
```

Here the CFG should be
`x --> y --> 0 --> 1 --> x.set_Prop1 --> y.set_Prop2 --> (x.Prop1, y.Prop2) = (0, 1)`.
 2019-02-16 19:19:24 +01:00
Tom Hvitved
096757dadf C#: Add CFG tests for accessor calls 2019-02-14 20:24:04 +01:00
Anders Schack-Mulligen
fc9c7ea55a CSharp: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
bcaaebfe7e CSharp: Autoformat qlls 2019-02-12 14:38:42 +01:00
calum
33e6b5e55f C#: Fix tests 2019-02-12 10:59:31 +00:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
calum
8bb1af884a C# extractor: Limit string literals to 1MB. This is made more complicated by the fact that we need to limit the number of bytes to output, rather than the number of characters. 2019-02-11 17:36:23 +00:00
Tom Hvitved
8cb8c967d2 C#: Remove some impossible CFG exception edges 2019-02-11 16:17:01 +01:00
Tom Hvitved
6ff4206d53 C#: Add CFG test 2019-02-11 16:03:25 +01:00
Tom Hvitved
14bdea1cf2 Merge pull request #847 from calumgrant/cs/json.net 
C#: Model Json.NET dataflow
 2019-02-11 15:48:01 +01:00
calum
d18bbf6a73 C#: Make query only apply to reftypes, since I believe valuetypes are safe or cannot be fixed trivially using the volatile keyword. 2019-02-08 15:18:29 +00:00
calum
7addd41e38 C#: Fixes to double-checked lock. 2019-02-08 14:57:57 +00:00
calum
7f7a92d092 C#: Model Json.NET dataflow. 2019-02-08 14:37:54 +00:00
Tom Hvitved
e074daee74 C#: Limit number of non-required CFG splits 2019-02-07 20:40:20 +01:00
Tom Hvitved
7d11eb5758 C#: Add CFG test with exponential splitting 
This test times out as it would require constructing 2^40 copies of the same node.
 2019-02-07 20:40:20 +01:00
calum
8afbd2d897 C#: Extend TrivialProperty to also include CIL::TrivialProperty 2019-02-07 12:05:42 +00:00
Calum Grant
383e82a3f3 Merge pull request #886 from hvitved/csharp/cfg/restructure 
C#: Split up `ControlFlowGraph.qll` into multiple files
 2019-02-07 11:06:19 +00:00
Calum Grant
73d56e1bdb Merge pull request #881 from hvitved/csharp/remove-get-url 
C#: Remove `getUrl()` predicate
 2019-02-07 10:47:56 +00:00
semmle-qlci
4b81ffab96 Merge pull request #869 from hvitved/csharp/autoformat 
Approved by calumgrant
 2019-02-05 16:35:10 +00:00
Tom Hvitved
37c55750f7 Merge pull request #873 from calumgrant/cs/format-getresource-strings 
C#: Fix FP in cs/format-argument-unused
 2019-02-05 17:12:04 +01:00
Tom Hvitved
3503e9b57e C#: Move PreSsa module into own file 2019-02-05 14:27:09 +01:00
Tom Hvitved
5306d1ea0d C#: Move PreBasicBlocks module into own file 2019-02-05 13:41:50 +01:00
Tom Hvitved
64539b0263 C#: Move Completion.qll 2019-02-05 11:45:33 +01:00
Tom Hvitved
0211837e24 C#: Remove getUrl() predicate 2019-02-05 11:07:13 +01:00
Tom Hvitved
d829d98165 Merge branch 'master' into csharp/autoformat 2019-02-05 10:37:42 +01:00
Tom Hvitved
b4b6fdd12b C#: Revert recent change to AccessorCall 
The recent change to `AccessorCall` on dd99525566 resulted
in some bad join-orders, so I have (partly) reverted them. This means that the issues
orignally addressed by that change are now reintroduced, and I plan to instead apply a
fix to the CFG, which--unlike the original fix--should be able to handle multi-property-tuple
assignments.
 2019-02-04 15:14:18 +01:00
calum
7d17724cae C#: The empty string is not considered a format string for this query. 2019-02-04 12:53:12 +00:00
calum
eb0036172e C#: Add test for false-positive. 2019-02-04 12:30:43 +00:00
Tom Hvitved
910995af90 C#: Autoformat QL code 2019-02-04 10:32:30 +01:00
Robert Marsh
e1d289ffb4 Merge pull request #759 from calumgrant/cs/interface-tostring 
C#: Remove FPs from cs/call-to-object-tostring
 2019-01-31 12:03:49 -08:00
Calum Grant
9b7f4a8ce5 Merge pull request #845 from hvitved/csharp/get-type-non-null 
C#: Teach guards library about `object.GetType()`
 2019-01-30 10:08:05 +00:00
Calum Grant
722402fc89 Merge pull request #825 from hvitved/csharp/cfg/splitting-performance 
C#: Improve performance of CFG split set computation
 2019-01-30 10:05:25 +00:00
calum
d63df71a8a C#: Fix merge conflict. 2019-01-29 18:15:33 +00:00
calum
423513169f C#: Address review comments. Introduce Member::isEffectivelyPublic() because isEffectivelyPrivate and isEffectivelyInternal are almost always used together. 2019-01-29 18:05:29 +00:00
calum
931b6b4ee5 C#: Exclude interfaces and abstract classes from cs/call-to-object-tostring 2019-01-29 18:04:26 +00:00