hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,869 Commits 1,740 Branches 165 Tags
8a4fa0a7e2259bcac75fed23637b9c8b09af2a12
Commit Graph

26869 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
0b82289950 Merge pull request #6828 from zbazztian/adjust-jsp-locations 
Adjust locations of results in JSP files
 2021-10-15 08:28:11 +02:00
Taus
a9c5fd2cc0 Java: Fix import order in SignAnalysisSpecific 2021-10-14 15:51:56 +00:00
Geoffrey White
8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Anders Schack-Mulligen
eb0a88d39c Merge pull request #6885 from aschackmull/java/perffix-transitve-step 
Java: Fix performance problem due to transitive step.
 2021-10-14 16:51:51 +02:00
Anders Schack-Mulligen
f6a517c998 Merge pull request #6882 from MathiasVP/fix-unnecessary-exists 
C++/Python: Remove unnecessary `exists`
 2021-10-14 16:44:05 +02:00
Anders Schack-Mulligen
310eec07c1 Java/Python: Fix some potential performance problems due to transitive deltas. 2021-10-14 16:10:00 +02:00
Anders Schack-Mulligen
cb5f2559ea Java: Fix performance problem due to transitive step. 2021-10-14 15:54:54 +02:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White
9d63efe495 Python: Set literals. 2021-10-14 14:22:44 +01:00
Geoffrey White
b9cce57db4 JS: Fix mistake. 2021-10-14 14:22:43 +01:00
Geoffrey White
882adc8e50 JS: Set literals. 2021-10-14 14:22:42 +01:00
Geoffrey White
a82c76d2f9 Java: Set literals. 2021-10-14 14:22:40 +01:00
Geoffrey White
3983587682 C#: Set literals. 2021-10-14 14:22:39 +01:00
Tom Hvitved
083214f85a C#: Use inline test expectations for FieldFlow.ql 2021-10-14 15:22:21 +02:00
Tom Hvitved
ed6a182cd1 C#: Adopt inline test expectations framework 2021-10-14 15:22:21 +02:00
Anders Schack-Mulligen
8b6baa250c Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen
7cd5e681dd Merge pull request #6693 from yoff/python/promote-regex-injection 
Python: Promote `py/regex-injection`
 2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Rasmus Wriedt Larsen
a5ab0b9100 Merge pull request #6871 from tausbn/python-fix-uses-of-implicit-this 
Python: Fix uses of "implicit `this`"
 2021-10-14 14:38:13 +02:00
Anders Schack-Mulligen
10d6803b05 Merge pull request #6880 from hvitved/csharp/explicit-this 
C#: Add explicit `this` qualifiers
 2021-10-14 13:31:04 +02:00
Mathias Vorreiter Pedersen
8049d3f738 Python: Remove unnecessary 'exists'. 2021-10-14 12:02:57 +01:00
Mathias Vorreiter Pedersen
69ed7c543f C++: Remove unnecessary 'exists'. 2021-10-14 11:59:59 +01:00
Tom Hvitved
f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Erik Krogh Kristensen
a358a192c4 add explicit this to all calls to class predicates 2021-10-14 10:11:55 +02:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen
4991301f36 JS: Fix incorrect fix. 2021-10-13 19:45:02 +01:00
Tom Hvitved
c14dcfbfe4 Data flow: Sync 2021-10-13 20:13:28 +02:00
CodeQL CI
2b0415e238 Merge pull request #6741 from yoff/python/model-os-path-file-accesses 
Approved by RasmusWL
 2021-10-13 11:11:41 -07:00
Tom Hvitved
5be7a97a16 Data flow: Avoid unnecessary non-linear recursion via getConfiguration() 2021-10-13 20:10:26 +02:00
Tom Hvitved
ee44e742f6 Data flow: Avoid bad join-order in pathIntoCallable0 2021-10-13 20:09:43 +02:00
Andrew Eisenberg
878203f1d0 Merge pull request #6862 from github/aeisenberg/tutorial 
Move tutorial directly into each qlpack
 2021-10-13 09:29:37 -07:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Geoffrey White
2e61ae244a C++: Set literals. 2021-10-13 16:12:36 +01:00
Anders Schack-Mulligen
169cc75c88 Merge pull request #6840 from aschackmull/java/misc-perf 
Java: Fix some performance issues.
 2021-10-13 15:53:49 +02:00
Taus
a6115687aa Python: More implicit this 2021-10-13 13:43:37 +00:00
Taus
a9c8163ab3 Python: Fix uses of implicit this 
Quoting the style guide:

"14. _Always_ qualify _calls_ to predicates of the same class with
`this`."
 2021-10-13 13:43:36 +00:00
Philip Ginsbach
a204b7f3e7 Merge pull request #6866 from github/ginsbach/MoreInstanceofExtensions 
more instanceof extensions
 2021-10-13 14:21:50 +01:00
Jonas Jensen
c215838531 Merge pull request #6867 from nickrolfe/mergeback 
Merge rc/3.3 into main
 2021-10-13 15:19:18 +02:00
Mathias Vorreiter Pedersen
6ece3c2b46 Merge pull request #6870 from jbj/cp-fixes 
C++: Fix potential Cartesian products
 2021-10-13 14:15:33 +01:00
Jonas Jensen
e80c1ad91f C++: Fix resource-not-released-in-destructor CP 
By moving a disjunct outside the scope of an `exists(Function f`
variable it doens't use, the code becomes clearer and can be optimized
better.

The CP in the QL code did not lead to a CP at evaluation time since the
optimizer was smart enough to compensate for it:

    376161  ~37597630%     {0} r1 = SCAN functions OUTPUT {}
    1       ~0%            {0} r2 = STREAM DEDUP r1

Before this change, the largest tuple count in `leakedInSameMethod` on
bitcoin/bitcoin was 2M. Now it's 400k.
 2021-10-13 14:24:26 +02:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
Mathias Vorreiter Pedersen
f3bb0a676e JS: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:07 +01:00
Mathias Vorreiter Pedersen
d85d009a54 Java: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:19:06 +01:00
Jonas Jensen
955344e175 C++: Inline a predicate that contains CPs 
The `overflows` predicate had quite severe Cartesian products. We didn't
see them in practice because magic saved us, but we can't rely on magic
in the future, so it seems better to inline this predicate.

Tuple counts and speed look good both before and after.
 2021-10-13 14:11:47 +02:00
Philip Ginsbach
c9c0c7f24f fix formatting 2021-10-13 13:10:37 +01:00
Mathias Vorreiter Pedersen
bdc54bcda7 Python: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Mathias Vorreiter Pedersen
887849857d JS: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Mathias Vorreiter Pedersen
7690625114 C#: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:50 +01:00
Mathias Vorreiter Pedersen
ba981c525b C++: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:42 +01:00