hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-29 19:58:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,031 Commits 1,723 Branches 164 Tags
3caf4e52a7d73bf050bb31fd36f8b49a97039fc1
Commit Graph

2031 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
3caf4e52a7 Merge rc/1.19 into next. 2018-12-04 12:39:41 +00:00
Taus
a23f7a6b0e Merge pull request #592 from markshannon/python-windows-import-root 
Python: Fix up computation of import root path
 2018-12-04 11:11:59 +01:00
Mark Shannon
8cd497890a Merge pull request #546 from adityasharad/python/vs-workspace-settings 
Python: Add QL for VS workspace settings file.
 2018-12-04 10:00:09 +00:00
ian-semmle
47e15a6f75 Merge pull request #605 from nickrolfe/agg_init 
C++: fix expected test output for improved extraction of aggregate initialisers
 2018-12-03 23:30:00 +00:00
semmle-qlci
3d058a2895 Merge pull request #603 from xiemaisi/js/fix-inconsistent-new 
Approved by asger-semmle, esben-semmle
 2018-12-03 16:48:55 +00:00
Nick Rolfe
a637eb651f C++: fix expected test output for improved extraction of agg. inits. 2018-12-03 16:45:53 +00:00
ian-semmle
a43125c3e0 Merge pull request #591 from nickrolfe/CPP-298 
C++: we now process operands for vacuous destructor calls through pointers
 2018-12-03 16:42:00 +00:00
Geoffrey White
436ee553a6 Merge pull request #589 from jbj/1.19-change-notes 
C++: add missing 1.19 change notes
 2018-12-03 15:56:18 +00:00
Taus
76b1bbc56a Merge pull request #565 from markshannon/python-analysis-queries-qhelp 
Python: Delete some misleading qhelp and rename a couple of queries.
 2018-12-03 14:42:03 +01:00
Max Schaefer
8627ddbe4b JavaScript: Adjust alert message. 2018-12-03 12:38:00 +00:00
Nick Rolfe
fc91ff1a69 C++: we now process operands for vacuous destructor calls thru pointers 2018-12-03 12:16:35 +00:00
Jonas Jensen
8f60c09804 C++: Clarify cpp/virtual-destructor changelog 2018-12-03 13:04:24 +01:00
Mark Shannon
d32e6b8501 Python tests: Make sure stdlib can be found. 2018-12-03 11:55:57 +00:00
Geoffrey White
a3a5829fd0 Merge pull request #598 from jbj/AlwaysTrueUponEntryLoop-perf 
C++: data flow AlwaysTrueUponEntryLoop perf fix
 2018-12-03 10:59:50 +00:00
Max Schaefer
1a3e3baf80 JavaScript: Add change note. 2018-12-03 09:06:48 +00:00
Mark Shannon
8e6c16d59f Python: Fix import root computation for windows and 3.7 2018-12-01 16:53:41 +00:00
Jonas Jensen
d14cf34cc6 C++: data flow AlwaysTrueUponEntryLoop perf fix 
The predicate `AlwaysTrueUponEntryLoop.getARelevantVariable` was very
sensitive to join ordering, and with the 1.19 QL engine it got an
unfortunate join order that made it explode on certain snapshots. With
this change, it goes from taking minutes to taking less than a second on
a libretro-uae snapshot.
 2018-12-01 10:07:08 +01:00
Aditya Sharad
ec0663e587 Merge pull request #584 from jbj/mergeback-20181130 
Mergeback master -> next
 2018-11-30 16:15:21 +00:00
Max Schaefer
3351650895 JavaScript: Make InconsistentNew give fewer results. 2018-11-30 16:13:46 +00:00
Max Schaefer
b17518a5eb JavaScript: Refactor InconsistentNew to improve performance. 
All the filtering is now done in `getALikelyCallee`, to which I have also added an additional parameter that improves the join in the `select` clause.

I've also simplified the alert message to no longer use `toString`, which isn't meant for alert messages anyway. (This is an old query.)
 2018-11-30 15:40:45 +00:00
Jonas Jensen
148c79a0e6 C++: Deprecate RecursionPrevention 2018-11-30 15:41:43 +01:00
Jonas Jensen
9532ee5177 C++: Add more detail to change notes for libraries 2018-11-30 14:29:08 +01:00
Jonas Jensen
b793807af5 C++: Complete change notes for Dave's PRs 2018-11-30 13:44:40 +01:00
Mark Shannon
d933152a54 Merge pull request #573 from felicity-semmle/1.19/python-change-notes 
Python: finalize change notes for 1.19
 2018-11-30 12:30:57 +00:00
Jonas Jensen
9daefa3613 C++: Complete change notes for my own PRs 2018-11-30 13:09:27 +01:00
semmle-qlci
608d84cfa3 Merge pull request #561 from asger-semmle/useless-conditional-change-note 
Approved by esben-semmle
 2018-11-30 11:37:51 +00:00
Geoffrey White
453529e3bf Merge pull request #575 from jbj/UnsafeCreateProcessCall-nullValue 
C++: Avoid using nullValue predicate (rc/1.19)
 2018-11-30 09:54:17 +00:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
semmle-qlci
adc15cad07 Merge pull request #574 from xiemaisi/js/avoid-materialisation 
Approved by esben-semmle
 2018-11-30 08:30:14 +00:00
Jonas Jensen
dd3791490a Merge pull request #580 from geoffw0/av-79-perf 
CPP: Fix performance issue with AV Rule 79.ql.
 2018-11-30 08:39:38 +01:00
Felicity Chapman
586eaef270 Update for feedback 2018-11-29 18:20:34 +00:00
Mark Shannon
9aa59fd419 Fix spelling. 2018-11-29 18:11:57 +00:00
Tom Hvitved
8bd8975795 Merge pull request #568 from calumgrant/cs/index-out-of-bounds 
C#: Fix false-positives in cs/index-out-of-bounds
 2018-11-29 18:40:05 +01:00
Jonas Jensen
b98452ddb1 Merge pull request #474 from rdmarsh2/rdmarsh/cpp/call-side-effect 
C++: Initital aliased SSA with Chi nodes and function side effects
 2018-11-29 18:31:29 +01:00
Geoffrey White
4744cece7b Merge pull request #576 from jbj/bbEntryReachesLocally-perf 
C++: Fix performance of bbEntryReachesLocally (1.19)
 2018-11-29 17:12:47 +00:00
Asger F
f85e30aa6c Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code 
JavaScript: Add new query `HardcodedDataInterpretedAsCode`.
 2018-11-29 17:07:48 +00:00
Taus
1956cd802f Merge pull request #577 from markshannon/python-fix-performance-regression-dependencies 
Python: Fix performance regression in dependency analysis
 2018-11-29 16:41:58 +01:00
Geoffrey White
e09ce77678 CPP: Fix performance issue with AV Rule 79.ql. 2018-11-29 15:16:01 +00:00
Mark Shannon
11ca7b74a3 Merge pull request #572 from geoffw0/deprecate-cpython 
CPP: Delete CPython queries
 2018-11-29 14:50:06 +00:00
Jonas Jensen
90ad5cfac5 Merge pull request #569 from geoffw0/deprecate-pointsto-debug 
CPP: Deprecate the PointsTo debug queries.
 2018-11-29 15:28:07 +01:00
Mark Shannon
8414d46a87 Python: Fix accidentally introduced cartesian product. 2018-11-29 14:19:47 +00:00
Jonas Jensen
62d478eab3 C++: Fix performance of bbEntryReachesLocally 
This predicate was fast with the queries and engine from 1.18. With the
queries from `master` it got a bad join order in the
`UninitializedLocal.ql` query, which made it take 2m34s on Wireshark.
This commit decomposes `bbEntryReachesLocally` into two predicates that
together take only 4s.
 2018-11-29 15:11:32 +01:00
Jonas Jensen
8654ebcbbd C++: Avoid using nullValue predicate 
The `nullValue` predicate performs a slow custom data-flow analysis to
find possible null values. It's so slow that it timed out after 1200s on
Wireshark.

In `UnsafeCreateProcessCall.ql`, the values found with `nullValue` were
used as sources in another data-flow analysis. By using the `NullValue`
class as sink instead of `nullValue`, we avoid the slow-down of doing
data flow twice. The `NullValue` class is essentially the base case of
`nullValue`. Confusing names, yes.
 2018-11-29 13:33:45 +01:00
calum
6a1ab51d66 C#: Address review comments. 2018-11-29 11:39:10 +00:00
Max Schaefer
73ce0f17d6 JavaScript: Americanise change note spelling. 2018-11-29 11:23:47 +00:00
Max Schaefer
8637eaf100 JavaScript: Address review comments. 2018-11-29 10:48:44 +00:00
Felicity Chapman
f6fe8d5a28 Text updates for consistency and clarity 2018-11-29 10:20:13 +00:00
mc
83d4fb6711 Merge pull request #559 from xiemaisi/js/invalid-dynamic-method-call 
JavaScript: Documentation review for new query `UnvalidatedDynamicMethodCall`.
 2018-11-29 09:59:53 +00:00
Max Schaefer
5f16406ad7 JavaScript: Add new query HardcodedDataInterpretedAsCode. 2018-11-29 09:52:31 +00:00
Max Schaefer
94a5722c2a JavaScript: Model taint propagation through new Buffer and Buffer.from. 2018-11-29 09:52:31 +00:00