hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,672 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

3628 Commits

Author SHA1 Message Date
james
f6029bd55c Merge branch 'rc/1.23' into mergeback-123-ql 2019-12-12 15:05:28 +00:00
Tom Hvitved
374b0c063e C#: Autoformat 2019-12-11 20:36:54 +01:00
Tom Hvitved
b7484e63ee C#: Recognize Code Contract assertions 2019-12-11 16:54:42 +01:00
Tom Hvitved
5429448eeb C#: Add tests for Code Contracts 2019-12-11 16:51:42 +01:00
Jonas Jensen
5a8407749f C#: autoformat fixup 2019-12-11 09:10:23 +01:00
Jonas Jensen
66876d0f63 C++: Compute isInCycle only for raw IR 
On wireshark/wireshark, `isInCycle` ran into a low-memory loop on the
`aliased_ssa` stage. It shouldn't be necessary to detect cycles after
the `raw` stage, so this commit moves cycle detection into the
`Construction` modules and makes it a no-op in `SSAConstruction.qll`.
 2019-12-10 16:03:39 +01:00
Tom Hvitved
abcb6b8aab C#: Type-based pruning for data flow 2019-12-10 15:48:48 +01:00
Tom Hvitved
54088248a1 C#: Use source declarations in field flow 2019-12-10 15:46:31 +01:00
Tom Hvitved
a344707baa C#: Add more data flow tests 
Add tests that exhibit missing type pruning.
 2019-12-10 15:46:31 +01:00
Tom Hvitved
78ddb37a8c C#: Track type information in data flow 
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.

The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
 2019-12-10 15:46:28 +01:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
Tom Hvitved
25265bddc7 Merge pull request #2494 from calumgrant/cs/roslyn-3.4 
C#: Upgrade Roslyn to 3.4
 2019-12-09 12:21:30 +01:00
Shati Patel
f40b1b570c Fix typo 2019-12-06 15:56:01 +00:00
Jonas Jensen
0012fef504 Merge pull request #2497 from hvitved/csharp/remove-cp 
C#: Remove a Cartesian product
 2019-12-06 13:58:33 +00:00
Calum Grant
964f2f25dc Merge pull request #2462 from hvitved/csharp/localvars-refactor 
C#: Handle tuple patterns in `is` expressions
 2019-12-06 12:59:14 +00:00
Calum Grant
4b0a149704 C#: Update qltest output. 2019-12-06 12:41:20 +00:00
Calum Grant
5e6b7be5b8 C#: Update nullability tests. 2019-12-06 12:41:20 +00:00
Calum Grant
5f6527a183 C#: Compare symbols using SymbolEqualityComparer. 2019-12-06 12:41:20 +00:00
Calum Grant
ca195e9340 C#: Update project files to Roslyn 3.4 2019-12-06 12:41:20 +00:00
Tom Hvitved
3a95cd5e9c C#: Remove a Cartesian product 2019-12-06 10:42:59 +00:00
james
67eea44678 Merge branch 'rc/1.23' into jf-mergeback-123 2019-12-06 09:16:39 +00:00
Tom Hvitved
3e93aa9787 C#: Address review comments 
- Undo split of `localvars` relation.
- Properly extract tuple declarations in `is` expressions.
 2019-12-05 22:31:38 +00:00
Robert Marsh
39b400ca69 C++: Add DefinitionByReferenceNode to IR dataflow 2019-12-05 11:56:57 -08:00
Calum Grant
59ce8842bb Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-05 15:58:47 +00:00
Dave Bartolomeo
cbb6797ca8 Merge from master and resolve conflicts 2019-12-04 10:14:52 -07:00
Calum Grant
73c8888361 Merge pull request #2356 from cldrn/ASPNetRequestValidationMode 
Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
 2019-12-04 17:02:08 +00:00
Dave Bartolomeo
50dc5e2ba3 Merge pull request #2438 from rdmarsh2/rdmarsh/ir-line-number-ids 
C++/C#: use line numbers for instruction IDs
 2019-12-03 18:48:28 -08:00
Robert Marsh
722cc91eae C++: make getLineRank private 2019-12-03 10:53:08 -08:00
Jonas Jensen
57917bec17 Merge pull request #2480 from hvitved/dataflow/performance-tweaks 
Data flow: Various performance tweaks
 2019-12-03 18:44:11 +01:00
Calum Grant
8018db3f66 Merge pull request #2474 from hvitved/csharp/dispatch-perf 
C#: Improve performance of dispatch library
 2019-12-03 15:47:43 +00:00
Robert Marsh
1b802c7e18 C#: accept test change 2019-12-02 13:59:19 -08:00
Paulino Calderon
5fd0662264 Update csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.qhelp 
Fixes typo

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-12-02 16:44:39 -05:00
Paulino Calderon
9576e2a698 Update csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.qhelp 
Adds missing code tags

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-12-02 16:43:51 -05:00
Calum Grant
c05263ca98 C#: Fix some IR types that didn't compile. 2019-12-02 13:27:58 +00:00
Tom Hvitved
b3990c5a1d Data flow: Revert reordering changes in flowStore and flowRead 2019-12-02 14:25:59 +01:00
Tom Hvitved
5baa133e6c Data flow: Sync files 2019-12-02 13:41:17 +01:00
Tom Hvitved
b1245eeac8 Data flow: Various performance tweaks 2019-12-02 13:38:10 +01:00
Nick Rolfe
d293418672 Merge pull request #2478 from jbj/mergeback-20191202 
Mergeback from rc/1.23 to master
 2019-12-02 12:28:20 +00:00
Calum Grant
fcd13dc595 Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-02 12:03:11 +00:00
semmle-qlci
dc7a0c1b91 Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator 
Approved by calumgrant
 2019-12-02 11:01:35 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Paulino Calderon
8026925a3a Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql 
Added missing quotes.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:50 -05:00
Paulino Calderon
879d34d24d Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
Missing comma.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:29 -05:00
Paulino Calderon
22964cba74 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
Rephrasing.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:04 -05:00
Paulino Calderon
a2dfd551f6 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
built in to built-in

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:38:42 -05:00
Tom Hvitved
c845a1ba91 C#: Improve performance of dispatch library 2019-11-29 15:32:00 +01:00
Calum Grant
30a2620a8c C#: Tidy up docs, query metadata and add tests. 2019-11-29 10:31:58 +00:00
Tom Hvitved
a062d7d41c C#: Add regression test 2019-11-29 10:10:24 +01:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Tom Hvitved
04cecc04dd C#: Update EntityFrameworkCore test 2019-11-28 15:28:50 +01:00