hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

3019 Commits

Author SHA1 Message Date
Tamas Vajk
39a88d2e43 Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 14:02:42 +02:00
Tamas Vajk
648197db35 C#: Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 13:45:43 +02:00
Tamas Vajk
0d88d18781 C#: Add readme to stub folder 2021-09-06 13:42:36 +02:00
Andrew Eisenberg
bb9911e06f Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Tamas Vajk
b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Tamas Vajk
c02a743835 Revert redundant order by 2021-09-03 16:51:32 +02:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tom Hvitved
c3ecae503b Data flow: Sync files 2021-09-01 19:58:47 +02:00
Tom Hvitved
136c8b5192 Data flow: Improve callMayFlowThroughFwd join order 
Before:
```
[2021-08-25 09:56:29] (1395s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@111fb3:
                      15495496   ~5%         {5} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.3, In.4, In.2 'config', In.0 'call', In.1
                      1450611958 ~6335%      {5} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlow#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'call', Lhs.4, Lhs.2 'config', Rhs.3, Rhs.4
                      7043648    ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 5 OUTPUT Lhs.0 'call', Lhs.2 'config'
                                             return r3
```

After:
```
[2021-08-25 10:57:02] (2652s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@d3e27b:
                      15495496 ~0%         {6} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.0 'call', In.1, In.2 'config', In.3, In.4, In.2 'config'
                      9236888  ~22%        {7} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Rhs.4, Lhs.4, Lhs.5, Lhs.0 'call', Lhs.2 'config'
                      7043648  ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlow#fffff ON FIRST 5 OUTPUT Lhs.5 'call', Lhs.6 'config'
                                           return r3
```
 2021-09-01 19:57:29 +02:00
Tom Hvitved
c8a5397085 Merge pull request #6513 from hvitved/csharp/cfg/shared 
C#: Make CFG library shared
 2021-08-31 11:55:43 +02:00
Tom Hvitved
7fc536db15 Data flow: Add precise call contexts to stage 2 2021-08-31 10:44:33 +02:00
Tom Hvitved
789e2e48cf C#: Remove temporary dispatch restriction 2021-08-30 14:49:04 +02:00
Tom Hvitved
05b45da42f Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow 
C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
 2021-08-30 11:31:22 +02:00
Tom Hvitved
7e1efbdd8e C#: Use data flow instead of taint tracking in InsecureSQLConnection.ql 2021-08-26 13:48:57 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Tom Hvitved
ab2bc38789 C#: Use shared logic in NodeGraph.ql test 2021-08-25 11:35:12 +02:00
Tom Hvitved
d405284d36 C#: Make CFG library shared 2021-08-25 11:35:11 +02:00
Tom Hvitved
01f7fdfea5 C#: Update call-context data-flow tests 2021-08-25 10:34:53 +02:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tamas Vajk
d97525e21e Fix minor quality issues in comment and change note 2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Tamás Vajk
166a6b02f6 Merge pull request #6268 from tamasvajk/feature/generic-type-name 
C#: Remove type args/params from generic type names in extractor
 2021-08-16 12:22:16 +02:00
Tamas Vajk
2437546009 Merge branch 'main' into feature/service-stack 2021-08-10 15:16:17 +02:00
Tamas Vajk
243424063a Add pragma inline to getMember/Method/Callable 2021-08-10 13:25:56 +02:00
Tamas Vajk
51661bfa62 Add pragma noinline to fix uselessUpcast check 2021-08-10 13:24:30 +02:00
Tamas Vajk
91bd3d1a11 Cache getName to improve performance 2021-08-09 10:28:31 +02:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Raul Garcia
2708326624 Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 16:33:01 -07:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
Raul Garcia (MSFT)
8544356f90 Adding Membership.GeneratePassword() as a bad source of random data because of the bias. 2021-08-04 17:12:00 -07:00
edvraa
db2f9add53 Post merge 2021-08-04 18:37:17 +03:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tamas Vajk
6405b89443 Add DB upgrade script to change generic type names to undecorated ones 2021-08-04 12:38:16 +02:00
Tamas Vajk
f1a596ee81 Fix code review findings 2021-08-04 12:38:16 +02:00
Tamas Vajk
62f5af9ac8 Fix TupleType::getName 2021-08-04 12:38:16 +02:00
Tamas Vajk
d3803b01e4 Fix nested generic type qualified names 2021-08-04 12:38:16 +02:00
Tamas Vajk
99fe9d8d07 Fix erroneous space in type name 2021-08-04 12:38:16 +02:00
Tamas Vajk
0cfd73c818 Adjust QL getName to the extracted undecorated names 2021-08-04 12:38:15 +02:00
Pavel Avgustinov
2be9f3e41e C#: Guard against virtual dispatch branching too much. 
We have observed databases where dispatch to highly overridden
virtual methots (like Enumerable.GetEnumerator) ends up branching
to many thousands of overrides, if there is not sufficient type
context to prune. This causes performance problems for analyses
that use dataflow.

As an immediate fix, this commit prevents branching to virtual
method overrides if this would result in branching to 1,000 or
more methods.
 2021-08-02 09:40:16 +01:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00