hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,368 Commits 1,688 Branches 158 Tags
2a2e07d2fc13d91c522e4565357595caef908432
Commit Graph

6368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
2a2e07d2fc C#: Avoid recomputation in last data flow stage 
Avoid recomputing the `ControlFlowReachabilityConfiguration` predicates, as well
as `DispatchCall::getStaticTarget()`.
 2019-08-19 17:17:47 +02:00
Tom Hvitved
d1755500e4 C#: Data flow through fields 
Initial implementation of data flow through fields, using the algorithm of the
shared data flow implementation. Fields (and field-like properties) are covered,
and stores can be either
 - ordinary assignments, `Foo = x`,
 - object initializers, `new C() { Foo = x }`, or
 - field initializers, `int Foo = x`.

For field initializers, we need to synthesize calls (`SynthesizedCall`),
callables (`SynthesizedCallable`), parameters (`InstanceParameterNode`), and
arguments (`SynthesizedThisArgumentNode`), as the C# extractor does not (yet)
extract such entities. For example, in

```
class C
{
    int Field1 = 1;
    int Field2 = 2;

    C() { }
}
```

there is a synthesized call from the constructor `C`, with a synthesized `this`
argument, and the targets of that call are two synthesized callables with bodies
`this.Field1 = 1` and `this.Field2 = 2`, respectively.

A consequence of this is that `DataFlowCallable` is no longer an alias for
`DotNet::Callable`, but instead an IPA type.
 2019-08-16 15:49:37 +02:00
Tom Hvitved
b7e732fddb C#: Generalize CFG entry/exit nodes to include field/property initializers 2019-08-16 13:06:51 +02:00
Calum Grant
b28241ac6d Merge pull request #1741 from hvitved/csharp/extract-field-inits 
C#: Extract assignments for field/property initializers
 2019-08-16 11:51:37 +01:00
Taus
a6db9efd0c Merge pull request #1756 from markshannon/python-forward-compatible-taint-api 
Python points-to: add .getAstNode() method to TaintedNode
 2019-08-16 12:34:08 +02:00
Geoffrey White
eb39346d85 Merge pull request #1744 from jbj/ast-field-flow-aggregate-init 
C++: Field flow through ClassAggregateLiteral
 2019-08-16 09:56:11 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
jf205
eead7f6106 Merge pull request #1610 from xiemaisi/js/library-customizations 
JavaScript: Start documenting extension points provided by the standard library.
 2019-08-16 09:49:57 +01:00
Max Schaefer
50b1ddfef8 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-16 08:26:39 +01:00
Jonas Jensen
f3f89ffe3f Merge pull request #1742 from geoffw0/lambdataint 
CPP: Tests for taint through lambdas
 2019-08-16 08:45:14 +02:00
Geoffrey White
a6902bdb37 CPP: Test dataflow through lambdas. 2019-08-15 19:43:24 +01:00
Dave Bartolomeo
f1bbc9bb7e Merge pull request #1745 from jbj/ast-field-flow-ABC 
C++: Annotate field-flow tests in [ABC].cpp
 2019-08-15 09:13:26 -07:00
Dave Bartolomeo
230ff92c03 Merge pull request #1743 from nickrolfe/hmap 
C++: delete headermaps test
 2019-08-15 09:01:23 -07:00
Tom Hvitved
495e5bc628 C#: Extract assignments for field/property initializers 2019-08-15 16:18:23 +02:00
Max Schaefer
e92a1c3169 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-15 14:46:07 +01:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Geoffrey White
b6cf341124 Merge pull request #1715 from jbj/ast-field-flow 
C++: Initial AST-based flow through fields
 2019-08-15 13:38:58 +01:00
Taus
f5bc8b5b5f Merge pull request #1728 from markshannon/python-points-to-support-type-checking 
Python: Enhance points-to to support type-hint analysis.
 2019-08-15 14:17:53 +02:00
Nick Rolfe
c26aef2381 C++: delete headermaps test 2019-08-15 12:39:58 +01:00
Mark Shannon
902871bd48 Python: update tests results after rebase. 2019-08-15 11:37:07 +01:00
Mark Shannon
45f5825b47 Python API: Add ClassValue.getABaseType() 2019-08-15 11:35:14 +01:00
Mark Shannon
6c6e35f541 Python: Enhance points-to to support type-hint analysis. 2019-08-15 11:35:14 +01:00
Jonas Jensen
1b4b352316 C++: Field flow through ClassAggregateLiteral 2019-08-15 12:01:42 +02:00
Jonas Jensen
e419ea0140 C++: Test showing no flow through aggregate init 2019-08-15 11:33:25 +02:00
Jonas Jensen
fdd8de79da C++: Remove redundant toString override 
This time I left a comment to prevent myself from getting confused again
and adding the override in the future.
 2019-08-15 11:32:11 +02:00
Calum Grant
3fab5140a7 Merge pull request #1673 from hvitved/csharp/cfg/split-static-limit 
C#: Apply static CFG splitting limit
 2019-08-15 10:04:38 +01:00
Jonas Jensen
ed1e3ed1ef C++: Annotate field-flow tests in [ABC].cpp 
This brings the annotation style in sync with how we annotate new tests
these days. I also changed a few annotations to have different expected
outcome based on my understanding of the code.
 2019-08-15 10:30:46 +02:00
Jonas Jensen
e94dbe926b C++: Add forgotten toString override 
This makes `PostConstructorCallNode`s show up in the test output.
 2019-08-14 16:26:49 +02:00
semmle-qlci
01fd161c03 Merge pull request #1740 from Semmle/fix/yaml-javad0c 
Approved by xiemaisi
 2019-08-14 15:12:56 +01:00
Jonas Jensen
4662e71d4d Merge pull request #1738 from aschackmull/java/dataflow-joinorder-fix 
Java: Dataflow joinorder fix
 2019-08-14 13:39:01 +02:00
Pavel Avgustinov
356424308b YAMLExtractor: Update javadoc link 
Recent SnakeYAML has removed the linked method; replace the
link with a reference to what it became.
 2019-08-14 12:36:26 +01:00
semmle-qlci
09b87d8957 Merge pull request #1733 from pavgust/imp/yaml-snippets 
Approved by esben-semmle
 2019-08-14 11:09:44 +01:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
Felicity Chapman
24f407c104 Merge pull request #1689 from markshannon/python-modernize-learn-ql 
Python docs: Modernize the learn-ql pages to use the Value API.
 2019-08-14 09:19:24 +01:00
Anders Schack-Mulligen
0c56f955e8 Java: Fix bad join order. 2019-08-14 10:10:19 +02:00
yh-semmle
badfc23ce4 Merge pull request #1718 from aschackmull/java/barrierguard 
Java/C++/C#: Add support for BarrierGuards.
 2019-08-13 14:11:54 -04:00
Anders Schack-Mulligen
c99d0e7bd5 Java: Add change note. 2019-08-13 16:59:59 +02:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
Jonas Jensen
e93598e476 Merge pull request #1716 from geoffw0/qldoceg4 
CPP: Add syntax examples to QLDoc in Function.qll
 2019-08-13 16:27:20 +02:00
yh-semmle
5e910a4808 Merge pull request #1724 from aschackmull/java/google-xmlreader 
Java: Treat SecureJDKXercesXMLReader as a secure XMLReader.
 2019-08-13 09:52:32 -04:00
Pavel Avgustinov
eb77b86b03 YAML extraction: Improve toString computation 2019-08-13 12:59:52 +01:00
Geoffrey White
e4bbfb9a79 CPP: Corrections. 2019-08-13 11:25:39 +01:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
semmle-qlci
e24137324f Merge pull request #1711 from aschackmull/java/arithmetic-barriers 
Approved by yh-semmle
 2019-08-13 10:19:09 +01:00
Jonas Jensen
38ec693ead C++: Improved ConstructorCall field flow 
This commit changes C++ `ConstructorCall` to behave like
`new`-expressions in Java: they are both `ExprNode`s and
`PostUpdateNodes`, and there's a "pre-update node" (here called
`PreConstructorCallNode`) to play the role of the qualifier argument
when calling a constructor.
 2019-08-13 11:05:13 +02:00
Taus
34106ec739 Merge pull request #1730 from markshannon/python-prepare-for-unrolling 
Python prepare for implementing loop unrolling in extractor.
 2019-08-13 10:54:24 +02:00
Taus
ee06c4021f Merge pull request #1727 from markshannon/python-no-rhs-tuple-points-to 
Python points-to: Do not track tuples on lhs of assignment or in deletions.
 2019-08-13 10:53:40 +02:00