hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
283c1d43c3 C++: Restore previous test expectations 2018-12-11 17:07:25 -08:00
Robert Marsh
59c0e5d39e C++: update test expectations 2018-12-11 15:07:09 -08:00
Esben Sparre Andreasen
fac638ffab JS: improve alert location of js/angular/unused-dependency 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
b5bbf990b0 JS: improve alert location of js/angular/repeated-dependency-injection 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
5acd1ca26d JS: improve alert location of js/angular/duplicate-dependency 2018-12-11 21:47:08 +01:00
Robert Marsh
98005edd9d Merge pull request #641 from geoffw0/exprnoeffect2 
CPP: More tests of isSideEffectFree() / ExprHasNoEffect.ql
 2018-12-11 12:17:30 -08:00
Tom Hvitved
7422947e78 C#: Improve performance of cs/useless-upcast 2018-12-11 17:48:04 +01:00
Asger F
a01a9dc5cc JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql 2018-12-11 16:06:22 +00:00
Tom Hvitved
9707b34124 Merge pull request #663 from adityasharad/merge/1.19-next-111218 
Merge rc/1.19 into next.
 2018-12-11 16:06:55 +01:00
Aditya Sharad
ce905e7a0a Merge pull request #597 from dave-bartolomeo/dave/IRDataflow 
C++: Initial IR-based dataflow implementation
 2018-12-11 15:05:58 +00:00
Tom Hvitved
e80837681f C#: Refactor LINQ logic 
Factor `ClauseCall` out into three classes to make it clear when the fields
`operand` and `declaration` can be `null`.
 2018-12-11 16:04:25 +01:00
Aditya Sharad
dde42a5723 Merge rc/1.19 into next. 2018-12-11 14:38:58 +00:00
Esben Sparre Andreasen
376ed7a4d2 JS: generalize js/command-line-injection to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
a1d92bfa50 JS: generalize js/incomplete-sanitization to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
1bc73ab592 JS: address review comments 2018-12-11 13:03:17 +01:00
calum
f0fb47cde0 C#: Update change notes. 2018-12-11 10:31:45 +00:00
calum
8d072863df C#: Reorder for statements to ensure variables declared in the condition are declared before they are used. 2018-12-11 10:31:45 +00:00
Esben Sparre Andreasen
7cc6f2f4d8 JS: add test case 2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen
36e36a414e JS: change notes for improve file classification 2018-12-11 10:01:54 +01:00
Esben Sparre Andreasen
73aa223b08 JS: handle additional multi-license file patterns 2018-12-11 09:55:38 +01:00
Max Schaefer
4d186e0edc JavaScript: Teach Unused{Variable,Parameter} to ignore variables with leading underscore. 2018-12-11 08:50:50 +00:00
Dave Bartolomeo
8a73bea72f C++: Avoid bad join ordering in getOperandMemoryAccess 2018-12-11 00:47:53 -08:00
Esben Sparre Andreasen
edbef289a7 JS: improve whitespace handling for multi-license file recognition 2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen
e016098f86 JS: support purs classification 2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen
3879e57f18 JS: support <meta name="generator"/> classification 2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen
a295dfd2c5 JS: support AutoRest classification 2018-12-11 08:54:19 +01:00
Dave Bartolomeo
4170d4fadd C++: Handle relational operators in constant analysis 2018-12-10 23:03:02 -08:00
Dave Bartolomeo
5ba51e32f0 C++: Remove aliased_ssa instantiation of IR reachability 
We never actually consumed this iteration, since SSA construction only depends on the reachability instantiation of the previous IR layer.
 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
a81ba84c0e C++: Update test expectations after unreachable IR removal 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
b2e596fcc2 C++: Improve join order in IR reachability 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
99d33f9623 C++: Remove unreachable IR 
This change removes any IR instructions that can be statically proven unreachable. To detect unreachable IR, we first run a simple constant value analysis on the IR. Then, any `ConditionalBranch` with a constant condition has the appropriate edge marked as "infeasible". We define a class `ReachableBlock` as any `IRBlock` with a path from the entry block of the function. SSA construction has been modified to operate only on `ReachableBlock` and `ReachableInstruction`, which ensures that only reachable IR gets translated into SSA form. For any infeasible edge where its predecessor block is reachable, we replace the original target of the branch with an `Unreached` instruction, which lets us preserve the invariant that all `ConditionalBranch` instructions have both a true and a false edge, and allows guard inference to still work.

The changes to `SSAConstruction.qll` are not as scary as they look. They are almost entirely a mechanical replacement of `OldIR::IRBlock` with `OldBlock`, which is just an alias for `ReachableBlock`.

Note that the `constant_func.ql` test can determine that the two new test functions always return 0.

Removing unreachable code helps get rid of some common FPs in IR-based dataflow analysis, especially for constructs like `while(true)`.
 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
59fc77f066 C++: Simple constant analysis 
This change moves the simple constant analysis that was used by the const_func test into a pyrameterized module for use on any stage of the IR. This will be used to detect unreachable code.
 2018-12-10 21:22:54 -08:00
Dave Bartolomeo
6a11ef5c18 C++: Add a couple test cases for unreachable code in IR 2018-12-10 21:22:54 -08:00
Dave Bartolomeo
78e5b3ad63 C++: Add IR dataflow to ImportAdditionalQueries.ql 2018-12-10 15:09:49 -08:00
Dave Bartolomeo
23993710d1 Revert "C++: Avoid creating ExprNodes for Conversions" 
This reverts commit df882a9e72.
 2018-12-10 15:06:29 -08:00
Esben Sparre Andreasen
09e7124bb1 JS: update change notes for renamed query 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
ab519d4abf JS: rename query 
"Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".
 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
7c6e28d917 JS: introduce near-empty RegularExpressions.qll 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
994fe1bea5 JS: address non-semantic review comments 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
d4e4bc6a0b JS: sharpen js/incomplete-url-regexp by not matching .* or .+ 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
c65c7e700e JS: change notes for js/incomplete-url-regexp 2018-12-10 22:21:01 +01:00
Esben Sparre Andreasen
52ca696ff4 JS: add query js/incomplete-url-regexp 2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen
6d6379fc09 JS: address review comments 2018-12-10 22:03:52 +01:00
Sebastian Bauersfeld
6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Dave Bartolomeo
df882a9e72 C++: Avoid creating ExprNodes for Conversions 2018-12-10 10:09:42 -08:00
Aditya Sharad
d94e14d54b Merge pull request #609 from hvitved/csharp/autobuilder/fixes 
C#: Autobuilder fixes
 2018-12-10 18:07:31 +00:00
Jonas Jensen
a4b3b1e8c8 Merge pull request #653 from geoffw0/ex-ch-notes 
CPP: Additional change notes (for 1.20)
 2018-12-10 16:59:12 +01:00
Tom Hvitved
1e9fe0046a C#: Address review comments 2018-12-10 15:31:23 +01:00
semmle-qlci
57de628ab8 Merge pull request #650 from xiemaisi/js/nomagic-isDOMProperty 
Approved by asger-semmle
 2018-12-10 13:52:47 +00:00
Geoffrey White
709fd6382a CPP: Change note for #562. 2018-12-10 13:51:15 +00:00