hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
calum
e1e657c1e8 C#: Address review comments and update tests. 2019-03-18 17:59:56 +00:00
calum
dd64cd2dbe C#: Fix CIL::Method::canReturn() to ignore stubs and only consider the best implementation. 2019-03-18 17:59:56 +00:00
calum
d1ada9594c C#: Implement Type::isRefType() and Type::isValueType() 2019-03-18 17:59:48 +00:00
ian-semmle
3f5c6b0032 Merge pull request #1123 from nickrolfe/tarballs 
C++: accept test output from changes to extractor TRAP ordering
 2019-03-18 17:31:17 +00:00
Felicity Chapman
06fcd8a150 Reword information on parallel extraction 2019-03-18 17:09:23 +00:00
Geoffrey White
73b7b980c8 CPP: Add to UnusedStaticVariables tests. 2019-03-18 16:43:48 +00:00
Felicity Chapman
5031153ba2 Update JavaScript extraction notes and supported versions 2019-03-18 16:17:20 +00:00
Felicity Chapman
4ab8417734 Fix US spelling 2019-03-18 16:10:03 +00:00
Taus Brock-Nannestad
52278b25d9 Python: Add query for insecure SSH host key policies in Paramiko. 2019-03-18 16:45:54 +01:00
Felicity Chapman
e05387f237 Correct information about build support 2019-03-18 15:44:47 +00:00
Felicity Chapman
e1a3fde52a Remove 'change details' for new query 2019-03-18 15:38:58 +00:00
Felicity Chapman
d07b958bcd Finalize text for 1.20 release 2019-03-18 15:25:46 +00:00
Tom Hvitved
6cd87757f6 C#: Fix a few minor performance regressions 2019-03-18 14:36:41 +01:00
Felicity Chapman
95ead47b21 Organization changes and boiler-plate text deletion 2019-03-18 12:57:40 +00:00
Felicity Chapman
975605bfa9 Merge pull request #1125 from markshannon/python-taint-tracking-change-note 
Python: Add change note for new taint-tracking configuration API.
 2019-03-18 12:51:08 +00:00
Mark Shannon
33929ab01f Python: Add change note for new taint-tracking configuration API. Needs links to full documentation added. 2019-03-18 12:43:09 +00:00
Jonas Jensen
76ff250593 C++: Don't repeat work in BrokenCryptoAlgorithm.ql 
The main source of slowness in `BrokenCryptoAlgorithm.ql` was that the
regexp on function (macro) names was evaluated once per call
(invocation) instead of once per name. Factoring out separate predicates
for the problematic functions (macros) fixes this.

On https://github.com/ericniebler/range-v3, this change reduces the run
time of the two slowest predicates from

    BrokenCryptoAlgorithm::InsecureMacroSpec#class#f .... 35.1s
    BrokenCryptoAlgorithm::InsecureFunctionCall#class#f . 12.8s

to

    BrokenCryptoAlgorithm::getAnInsecureFunction#f . 1.2s
    BrokenCryptoAlgorithm::getAnInsecureMacro#f .... 12ms
 2019-03-18 12:01:37 +01:00
Jonas Jensen
f72ff37226 C++: Combine crypto blacklist regexes into one 
Instead of `algorithmBlacklistRegex` having 2 * 5 results, it now has
only one result, which is a single regex that represents the union of
the previous 2 * 5 regexes. This means that `BrokenCryptoAlgorithm.ql`
has much less regex matching to do.

On https://github.com/ericniebler/range-v3, this change reduces the run
time of the two slowest predicates from

    BrokenCryptoAlgorithm::InsecureMacroSpec#class#f .... 2m21s
    BrokenCryptoAlgorithm::InsecureFunctionCall#class#f . 54.5s

to

    BrokenCryptoAlgorithm::InsecureMacroSpec#class#f .... 35.1s
    BrokenCryptoAlgorithm::InsecureFunctionCall#class#f . 12.8s
 2019-03-18 11:51:50 +01:00
Nick Rolfe
8e9aeffdbc C++: accept test output from changes to extractor TRAP ordering 2019-03-18 10:44:18 +00:00
Felicity Chapman
94f525ff72 Be more explicit about Java versions supported 2019-03-18 10:17:56 +00:00
semmle-qlci
285f8b06bd Merge pull request #1118 from jcreedcmu/jcreed/tarslip 
Approved by xiemaisi
 2019-03-18 08:18:13 +00:00
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Calum Grant
5a3cf2c5bb Merge pull request #1054 from raulgarciamsft/users/raulga/ICryptoTransformLambda 
2n part of ICryptoTransform.
 2019-03-15 12:55:09 +00:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
Mark Shannon
7213b72b9b Python: Allow points-to extensions to specify just the object, and infer the class. Allows points-to extensions to more easily compatible across versions. 2019-03-15 11:09:46 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Jonas Jensen
690e2ae514 Merge pull request #1116 from rdmarsh2/rdmarsh/cpp/ir-guards-perf 
C++: fix cartesian product in IRGuards.qll
 2019-03-15 11:35:15 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Pavel Avgustinov
7386ca911b Merge pull request #763 from sjvs/patch-1 
Make licensing text in README.md more generic
 2019-03-15 09:02:08 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Felicity Chapman
ee9e083f2a Minor text changes to analysis notes 2019-03-15 08:03:27 +00:00
Robert Marsh
dfb7076fae C++: fix cartesian product in IRGuards.qll 2019-03-14 13:37:35 -07:00
Robin Neatherway
6453b05a41 Merge pull request #1087 from jf205/update-qhelp-style-guide 
Docs: mention lgtm in qhelp style guide
 2019-03-14 19:28:43 +00:00
Ziemowit Laski
2d5bdc85b0 Add 'restrict' support to the C++ test cases. 2019-03-14 12:12:45 -07:00
Raul Garcia
110c75051c Update .gitignore 2019-03-14 11:04:03 -07:00
Raul Garcia
2521848322 Merging the scenarios. 2019-03-14 10:57:22 -07:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
e648477d14 Merge pull request #1114 from xiemaisi/js/yield-import 
Approved by asger-semmle
 2019-03-14 16:48:04 +00:00
Calum Grant
0471471d46 Merge pull request #1109 from hvitved/csharp/conditional-bypass 
C#: Fix performance regression in `cs/user-controlled-bypass`
 2019-03-14 16:19:47 +00:00
Taus
95eb4cf90d Merge pull request #1089 from markshannon/python-fix-redundant-comparison-complex-test 
Fix false positive for redundant comparison query
 2019-03-14 17:12:44 +01:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
Esben Sparre Andreasen
bfc1c6ec8e JS: change notes 2019-03-14 14:53:26 +01:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00