hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
28,460 Commits 1,742 Branches 166 Tags
8e8a324fa6af33cd046ceed93ea6681e340c3b54
Commit Graph

28460 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
dde054d5a7 Merge pull request #357 from github/erik-krogh/fix-implicit-this 
Add explicit `this` qualifiers
 2021-10-14 12:00:58 +02:00
Tom Hvitved
f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Tom Hvitved
3dc09a3cda Revert changes to shared/generated files 2021-10-14 11:42:05 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Erik Krogh Kristensen
a358a192c4 add explicit this to all calls to class predicates 2021-10-14 10:11:55 +02:00
Erik Krogh Kristensen
cbd55f2299 add explicit this to all calls to class predicates 2021-10-14 10:10:00 +02:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen
4991301f36 JS: Fix incorrect fix. 2021-10-13 19:45:02 +01:00
Tom Hvitved
c14dcfbfe4 Data flow: Sync 2021-10-13 20:13:28 +02:00
CodeQL CI
2b0415e238 Merge pull request #6741 from yoff/python/model-os-path-file-accesses 
Approved by RasmusWL
 2021-10-13 11:11:41 -07:00
Tom Hvitved
5be7a97a16 Data flow: Avoid unnecessary non-linear recursion via getConfiguration() 2021-10-13 20:10:26 +02:00
Tom Hvitved
ee44e742f6 Data flow: Avoid bad join-order in pathIntoCallable0 2021-10-13 20:09:43 +02:00
Arthur Baars
236643fc43 Merge pull request #356 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-13 19:21:36 +02:00
Arthur Baars
240b33f119 Merge pull request #355 from github/aeisenberg/bump-submodule 
Bump codeql submodule
 2021-10-13 18:50:25 +02:00
Andrew Eisenberg
ef8eff8c29 Bump codeql submodule 2021-10-13 09:30:52 -07:00
Andrew Eisenberg
878203f1d0 Merge pull request #6862 from github/aeisenberg/tutorial 
Move tutorial directly into each qlpack
 2021-10-13 09:29:37 -07:00
Tom Hvitved
1cf90858cc Merge pull request #350 from github/hvitved/erb-get-a-child-stmt-perf 
Speedup `ErbDirective::containsStmtStart`
 2021-10-13 18:14:43 +02:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Arthur Baars
5df728dd7d Merge pull request #354 from github/hvitved/identical-files-fix 
Remove "DataFlow2" section from `identical-files.json`
 2021-10-13 17:20:40 +02:00
Geoffrey White
2e61ae244a C++: Set literals. 2021-10-13 16:12:36 +01:00
Tom Hvitved
6b46aaaefb Remove "DataFlow2" section from identical-files.json 2021-10-13 17:03:48 +02:00
Arthur Baars
893ca5a250 Merge pull request #353 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-13 16:33:42 +02:00
Arthur Baars
dc8399f13c Merge pull request #352 from github/hvitved/dataflowimpl2-sync 
Add missing `DataFlowImpl2.qll` entry to `identical-files.json`
 2021-10-13 16:08:24 +02:00
Anders Schack-Mulligen
169cc75c88 Merge pull request #6840 from aschackmull/java/misc-perf 
Java: Fix some performance issues.
 2021-10-13 15:53:49 +02:00
Tom Hvitved
11792e17a9 Add missing DataFlowImpl2.qll entry to identical-files.json 2021-10-13 15:50:29 +02:00
Andrew Eisenberg
01819cdbde Merge pull request #344 from github/aeisenberg/tutorial 2021-10-13 06:48:55 -07:00
Taus
a6115687aa Python: More implicit this 2021-10-13 13:43:37 +00:00
Taus
a9c8163ab3 Python: Fix uses of implicit this 
Quoting the style guide:

"14. _Always_ qualify _calls_ to predicates of the same class with
`this`."
 2021-10-13 13:43:36 +00:00
Andrew Eisenberg
0e0441743b Move tutorial directly into each qlpack 
See also https://github.com/github/codeql/pull/6862
 2021-10-13 15:28:17 +02:00
Arthur Baars
aa4d0021a8 Merge pull request #349 from github/aibaars/bump-codeql-main 
Bump codeql submodule on main
 2021-10-13 15:26:59 +02:00
Arthur Baars
078cebe822 Merge pull request #351 from github/aibaars/fix-broken-links 
Update broken links
 2021-10-13 15:25:23 +02:00
Philip Ginsbach
a204b7f3e7 Merge pull request #6866 from github/ginsbach/MoreInstanceofExtensions 
more instanceof extensions
 2021-10-13 14:21:50 +01:00
Jonas Jensen
c215838531 Merge pull request #6867 from nickrolfe/mergeback 
Merge rc/3.3 into main
 2021-10-13 15:19:18 +02:00
Mathias Vorreiter Pedersen
6ece3c2b46 Merge pull request #6870 from jbj/cp-fixes 
C++: Fix potential Cartesian products
 2021-10-13 14:15:33 +01:00
Arthur Baars
f4003406cf Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2021-10-13 15:11:04 +02:00
Arthur Baars
112b7a8e27 Update broken links 2021-10-13 15:03:19 +02:00
Tom Hvitved
436f678c94 Speedup ErbDirective::containsStmtStart 2021-10-13 14:41:04 +02:00
Jonas Jensen
e80c1ad91f C++: Fix resource-not-released-in-destructor CP 
By moving a disjunct outside the scope of an `exists(Function f`
variable it doens't use, the code becomes clearer and can be optimized
better.

The CP in the QL code did not lead to a CP at evaluation time since the
optimizer was smart enough to compensate for it:

    376161  ~37597630%     {0} r1 = SCAN functions OUTPUT {}
    1       ~0%            {0} r2 = STREAM DEDUP r1

Before this change, the largest tuple count in `leakedInSameMethod` on
bitcoin/bitcoin was 2M. Now it's 400k.
 2021-10-13 14:24:26 +02:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
Mathias Vorreiter Pedersen
f3bb0a676e JS: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:07 +01:00
Mathias Vorreiter Pedersen
d85d009a54 Java: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:19:06 +01:00
Jonas Jensen
955344e175 C++: Inline a predicate that contains CPs 
The `overflows` predicate had quite severe Cartesian products. We didn't
see them in practice because magic saved us, but we can't rely on magic
in the future, so it seems better to inline this predicate.

Tuple counts and speed look good both before and after.
 2021-10-13 14:11:47 +02:00
Philip Ginsbach
c9c0c7f24f fix formatting 2021-10-13 13:10:37 +01:00
Arthur Baars
bf3d291a1c Updates after codeql file sync 2021-10-13 13:24:20 +02:00
Arthur Baars
80ac05d5c6 Bump codeql submodule to 'main' 2021-10-13 13:24:08 +02:00
Alex Ford
0d72a51334 Merge pull request #342 from github/improve-xss-isAdditionalFlowStep 
Improve `XSS::Shared::isAdditionalFlowStep` performance
 2021-10-13 12:15:52 +01:00
Mathias Vorreiter Pedersen
bdc54bcda7 Python: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Mathias Vorreiter Pedersen
887849857d JS: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Mathias Vorreiter Pedersen
7690625114 C#: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:50 +01:00
Mathias Vorreiter Pedersen
ba981c525b C++: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:42 +01:00