hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,374 Commits 1,741 Branches 166 Tags
7b2192d2e376ecd687bb851ffc85ff52ea86de99
Commit Graph

9374 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
bcf1533e71 TS: Blacklist cyclic property fallthroughFlowNode 2020-01-02 14:13:48 +00:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Shati Patel
b68f9f7e00 QL HB: Add bindingset example 2020-01-02 13:06:17 +00:00
Max Schaefer
8d1ad5c5f3 JavaScript: Alert suppression through single-line /* */ style comments. 2020-01-02 10:45:20 +00:00
Erik Krogh Kristensen
d1a77d6993 refactor isInterpretedAsRegExp to directly work on a DataFlow node 2020-01-02 11:18:14 +01:00
Max Schaefer
de02bb4a0d JavaScript: Prevent joining on configuration in onPath. 2020-01-02 09:49:09 +00:00
Max Schaefer
2a55ba5d4f JavaScript: Fix join order in PathNode.getASuccessor. 2020-01-02 09:48:57 +00:00
Jonas Jensen
4830e43b3e C++: Fix overlappingVariableMemoryLocations perf 
The `overlappingVariableMemoryLocations` predicate was a helper
predicate introduced to fix a join-order issue in
`overlappingIRVariableMemoryLocations`. Unfortunately it caused a
performance issue of its own because it could grow too large. On the
small project (38MB zip) awslabs/s2n there were 181M rows in
`overlappingVariableMemoryLocations`, and it took 134s to evaluate.

The fix is to collapse the two predicates into one and fix join ordering
by including an extra column in the predicates being joined.

In addition, some parameters were reordered to avoid the overhead of
auto-generated `join_rhs` predicates.

Tuple counts of `overlappingVariableMemoryLocations` before:

    623285    ~176%     {2} r1 = JOIN AliasedSSA::isCoveredOffset#fff_120#join_rhs AS L WITH AliasedSSA::isCoveredOffset#fff_120#join_rhs AS R ON FIRST 2 OUTPUT L.<2>, R.<2>
    119138    ~3%       {2} r2 = SCAN AliasedSSA::VariableMemoryLocation::getVirtualVariable_dispred#ff AS I OUTPUT I.<1>, I.<0>
    172192346 ~0%       {2} r3 = JOIN r2 WITH AliasedSSA::hasUnknownOffset#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>
    172815631 ~0%       {2} r4 = r1 \/ r3
    172192346 ~0%       {2} r5 = JOIN r2 WITH AliasedSSA::hasUnknownOffset#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>
    345007977 ~87%      {2} r6 = r4 \/ r5
                        return r6

Tuple counts of `overlappingIRVariableMemoryLocations` after:

    117021 ~134%     {2} r1 = JOIN AliasedSSA::isCoveredOffset#ffff AS L WITH AliasedSSA::isCoveredOffset#ffff AS R ON FIRST 3 OUTPUT L.<3>, R.<3>
    201486 ~1%       {2} r2 = JOIN AliasedSSA::hasUnknownOffset#fff AS L WITH AliasedSSA::hasVariableAndVirtualVariable#fff AS R ON FIRST 2 OUTPUT L.<2>, R.<2>
    318507 ~26%      {2} r3 = r1 \/ r2
    201486 ~3%       {2} r4 = JOIN AliasedSSA::hasUnknownOffset#fff AS L WITH AliasedSSA::hasVariableAndVirtualVariable#fff AS R ON FIRST 2 OUTPUT R.<2>, L.<2>
    519993 ~92%      {2} r5 = r3 \/ r4
                     return r5
 2019-12-27 16:06:24 +01:00
Calum Grant
68f42a6f47 C#: Analysis change notes 2019-12-27 12:07:26 +00:00
Calum Grant
3db900b183 C#: Remove false positive and update test output 
C#: Mark results as GOOD
 2019-12-27 12:07:19 +00:00
Calum Grant
fd0225ca59 C#: Add test 2019-12-27 11:44:39 +00:00
Jonas Jensen
7e84453ec9 Merge pull request #2542 from geoffw0/datetime 
C++: Sort through the leap year and japanese era queries
 2019-12-23 10:13:12 +01:00
semmle-qlci
f921cf7d01 Merge pull request #2512 from erik-krogh/moarExceptions 
Approved by esbena, max-schaefer
 2019-12-20 20:31:50 +00:00
Dave Bartolomeo
5b5d2f2b67 Merge pull request #2154 from rdmarsh2/rdmarsh/cpp/ir-callee-side-effects 
C++: add InitializeIndirection for pointer params
 2019-12-20 13:13:54 -07:00
yo-h
cc7f98e0f6 Merge pull request #2555 from hvitved/csharp/xml-sync 
C#: Sync `XML.qll` with other languages
 2019-12-20 09:03:55 -05:00
Jonas Jensen
de55a6846f Merge pull request #2204 from alexet/cache-to-string 
Cache the computation of core toString predicates for cpp c# and java.
 2019-12-20 14:54:46 +01:00
Tom Hvitved
665d38647d Merge pull request #2557 from calumgrant/cs/extractor-label-catch 
C# extractor: Catch exceptions when generating trap
 2019-12-20 13:09:21 +01:00
Erik Krogh Kristensen
a0b5aa5ae4 more precise heuristic to identify allowed call targets 2019-12-20 10:51:39 +01:00
Jonas Jensen
18d4772508 Merge pull request #2463 from geoffw0/overflowcalc 
CPP: Allocation and Deallocation libraries
 2019-12-19 21:27:42 +01:00
Jonas Jensen
939979ddef Merge branch 'master' into overflowcalc 2019-12-19 14:12:00 +01:00
Jonas Jensen
a13748f484 Merge pull request #2259 from rdmarsh2/rdmarsh/cpp/default-taint-tracking-sources 
C++: move sources into DefaultTaintTracking.qll
 2019-12-19 14:09:41 +01:00
Jonas Jensen
4fffaabab9 Merge pull request #2551 from MathiasVP/argument-suppresion-c89-style 
C++: Alert suppression through single-line /* */ style comments
 2019-12-19 13:19:49 +01:00
Calum Grant
3c76346635 C#: WIP Adding exception handlers. 
C#: Improve robustness by catching and logging exceptions when generating trap IDs.
 2019-12-19 11:28:05 +00:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Tom Hvitved
1b6bd7a0fa C#: Update XML.qll for backwards compatibility 2019-12-19 10:27:59 +01:00
Tom Hvitved
82c368e13e C#: Sync XML.qll with other languages 2019-12-19 10:26:08 +01:00
James Fletcher
5a6a2e8a68 Merge pull request #2547 from shati-patel/ql/tutorial 
QL tutorials: Update formatting and style
 2019-12-19 09:06:08 +00:00
Mathias Vorreiter Pedersen
30822f1d98 C++: Alert suppresion through single-line /* */ style comments 2019-12-19 09:10:09 +01:00
Robert Marsh
33067c8e31 Merge pull request #2519 from jbj/ir-backedge-notc 
C++: Get rid of a fastTC and noopt in IR
 2019-12-18 14:20:43 -08:00
Jonas Jensen
e7283afa3e Merge pull request #2531 from dbartol/dbartol/MissingToString 
C++: Fix `toString()` predicates that don't hold
 2019-12-18 19:09:48 +01:00
semmle-qlci
339066ce04 Merge pull request #2552 from erik-krogh/ImportMeta 
Approved by max-schaefer
 2019-12-18 15:38:58 +00:00
Jonathan Leitschuh
75939afe9c Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.qhelp 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-12-18 09:53:36 -05:00
Erik Krogh Kristensen
0611dc3f60 move change notes to extractor-javascript.md 2019-12-18 14:21:43 +01:00
Taus
52d231c219 Merge pull request #2469 from RasmusWL/python-modernise-twisted-library 
Python: modernise twisted library
 2019-12-18 13:55:50 +01:00
Taus
eb6feeeaf8 Merge pull request #2482 from RasmusWL/python-include-zope-web-tests 
Python: include zope web tests from internal repo
 2019-12-18 13:55:23 +01:00
Rasmus Wriedt Larsen
48f873e3d9 Python: Add getAReturnedNode to PythonFunctionValue 2019-12-18 12:00:43 +01:00
Erik Krogh Kristensen
43e9d11f75 inline definition of importIdentifier 2019-12-18 11:43:10 +01:00
Erik Krogh Kristensen
76d4db2552 changes based on review 2019-12-18 11:39:46 +01:00
Erik Krogh Kristensen
807664e545 add change note 2019-12-18 11:35:16 +01:00
Erik Krogh Kristensen
4fdfa51e44 add support for import.meta expressions in JavaScript 2019-12-18 10:45:54 +01:00
Rasmus Wriedt Larsen
582ef6cec9 Python: Restructure logic in Twisted.qll 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
9942c3fd8b Python: Autoformat twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
ac55e6aba6 Python: Modernise twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
4e3c183676 Python: Adapt twisted tests so they pass 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
6011cb74f8 Python: Add twisted tests from internal repo 2019-12-18 10:42:39 +01:00
Jonas Jensen
367827a2ef Merge pull request #2541 from max-schaefer/unify-xml-qlls 
C++/Java/JavaScript/Python: Unify XML libraries.
 2019-12-18 10:35:34 +01:00
Jonas Jensen
66d49a4a8a Merge pull request #2546 from MathiasVP/arguments-source-qltest 
C++: Added test for 333d0a69
 2019-12-18 09:11:11 +01:00
Robert Marsh
e209ed961a Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-12-17 15:11:02 -08:00
Robert Marsh
93ace5be35 C++: remove Chi node flow in DefaultTaintTracking 2019-12-17 14:23:11 -08:00