hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,849 Commits 1,740 Branches 165 Tags
189ac6c2bdfced45923b875bbedbf9e13e529633
Commit Graph

4849 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
189ac6c2bd JS: add js/prototype-pollution to the security suite 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
c143e31fb5 JS: rename getDefaultNode to getImportedModuleNode 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
7d57d1915a JS: introduce DataFlow::DependencyModuleImport 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
f74653be46 JS: extract getDefaultNode from DefaultRange 2019-05-27 22:32:32 +02:00
Jonas Jensen
d2fa7aad1c Merge pull request #1336 from geoffw0/cached2 
CPP: Cache Expr.getType().
 2019-05-27 12:48:56 +01:00
Tom Hvitved
641126a506 Merge pull request #1339 from calumgrant/cs/cs8/ranges 
C#: Implement C#8 features
 2019-05-25 09:28:22 +02:00
yh-semmle
87cbc7e199 Merge pull request #1344 from aschackmull/java/validatedvariable 
Java: Replace ValidatedVariable with guarded accesses.
 2019-05-24 11:23:18 -04:00
Anders Schack-Mulligen
1a9b1d5865 Java: Add change note. 2019-05-24 15:50:45 +02:00
Calum Grant
d2aea635e4 C#: Address review comments 2019-05-24 13:49:05 +01:00
Calum Grant
fe6056b0fc C#: Analysis change notes. 2019-05-24 13:49:05 +01:00
Calum Grant
14147a1abe C#: DB upgrade script and stats 2019-05-24 13:49:05 +01:00
Tom Hvitved
a1e58cedac C#: Refactor recursive patterns implementation 
- Extract names of properties in a propery match, using the `exprorstmt_name` relation.
- Simplify extraction of properties by not distinguishing between top-level patterns
  and nested patterns.
- Introduce `PatternExpr` to capture patterns in `is` expressions, `case` statements,
  and `switch` expression arms.
- Generalize `IsTypeExpr`, `IsPatternExpr`, `IsRecursivePatternExpr`, and `IsConstantExpr`
  to just `IsExpr` with a member predicate `PatternExpr getPattern()`.
- Generalize `TypeCase`, `RecursivePatternCase`, and `ConstCase` to just `CaseStmt` with
  a member predicate `PatternExpr getPattern()`.
- Introduce classes `Switch` and `Case` as base classes of switch statements/expressions
  and case statements/switch expression arms, respectively.
- Simplify CFG logic using the generalized classes.
- Generalize guards library to cover `switch` expressions tests.
- Generalize data flow library to cover `switch` expression assignments.
 2019-05-24 13:49:05 +01:00
Calum Grant
b28ad9066f C#: Change notes 2019-05-24 13:49:05 +01:00
Calum Grant
21203cdf0d C#: Minor code tidy. 2019-05-24 13:49:05 +01:00
Calum Grant
aecc9e2a57 C#: Fix LGTM warnings 2019-05-24 13:49:05 +01:00
Calum Grant
55b41cfaf7 C#: DB Upgrade script 2019-05-24 13:49:05 +01:00
Calum Grant
1a40c29aba C#: DB stats 2019-05-24 13:49:05 +01:00
Calum Grant
fa57017720 C#: Minor edit. 2019-05-24 13:49:05 +01:00
calum
1428d0ba93 C#: Implement recursive patterns 2019-05-24 13:49:05 +01:00
calum
318068b52f C#: Implement range operator 2019-05-24 13:49:04 +01:00
Geoffrey White
15e2248440 Merge pull request #1359 from jbj/definitions-column-order 
C++: definitions.ql performance tweaks
 2019-05-24 12:43:57 +01:00
Max Schaefer
1bf7bcf010 Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
semmle-qlci
fac620d6f3 Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
yh-semmle
64aa111b65 Merge pull request #1342 from aschackmull/java/field-annotation-cu 
Java: Check compilation unit of the same element in both disjuncts.
 2019-05-22 16:36:24 -04:00
Tom Hvitved
8fe2bccbf8 Merge pull request #1361 from calumgrant/cs/roslyn-3.1 
C#: Update to Roslyn 3.1
 2019-05-22 20:31:09 +02:00
Calum Grant
fcfb7b2b8a C#: Fix error caused by Roslyn upgrade. 2019-05-22 16:17:16 +01:00
Calum Grant
e5aa7f3ba7 C#: Upgrade to Roslyn 3.1 2019-05-22 15:54:30 +01:00
Jonas Jensen
dd5a2552c7 C++: Compute locations only for elements in result 
This gains some performance by not computing locations for all
expressions since we are only interested in calls and variable accesses.
The `Top::hasLocationInfo` predicate goes from 2m28s to 1m32s on
Chromium.
 2019-05-22 15:52:49 +01:00
Jonas Jensen
81f627c1c4 C++: pragma[noopt] Top::hasLocationInfo perf tweak 
This predicate was slow, mostly because it's just very large. A manual
join order cuts the run time on Chromium from

    definitions::Top::hasLocationInfo_dispred#ffffff ..................... 3m23s
    definitions::MacroAccessWithHasLocationInfo::hasLocationInfo#ffffff .. 1m56s

to

    definitions::Top::hasLocationInfo#ffffff .... 2m28s

The main slowdown was the two uses of `SCAN` to reorder columns in the
RA.
 2019-05-22 15:52:33 +01:00
Asger F
153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F
deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Nick Rolfe
94e3c676d5 Merge pull request #1352 from ian-semmle/edg 
C++: Follow extractor changes for 0136
 2019-05-22 13:11:59 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F
6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci
dc8123db8e Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
Anders Schack-Mulligen
3e5bbd96b1 Java: Account for non-source annotation on second field in multi-field declarations. 2019-05-22 11:33:10 +02:00
semmle-qlci
c100c70a65 Merge pull request #1348 from xiemaisi/js/add-external-link-cwe 
Approved by esben-semmle
 2019-05-22 08:12:51 +01:00
semmle-qlci
114ba0e722 Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Ian Lynagh
6a77ac8a13 C++: Follow extractor changes for 0136 2019-05-21 17:07:21 +01:00
Edoardo Pirovano
9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer
cf22761ccc JavaScript: Add CWE-1022 to TargetBlank. 2019-05-21 12:16:32 +01:00
semmle-qlci
fe920ecfaa Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00